@whitesev/pops 2.0.0 → 2.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.amd.js +27 -21
- package/dist/index.amd.js.map +1 -1
- package/dist/index.cjs.js +27 -21
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.esm.js +27 -21
- package/dist/index.esm.js.map +1 -1
- package/dist/index.iife.js +27 -21
- package/dist/index.iife.js.map +1 -1
- package/dist/index.system.js +27 -21
- package/dist/index.system.js.map +1 -1
- package/dist/index.umd.js +27 -21
- package/dist/index.umd.js.map +1 -1
- package/dist/types/src/utils/PopsSafeUtils.d.ts +4 -0
- package/package.json +1 -1
- package/src/components/panel/PanelHandleContentDetails.ts +6 -1
- package/src/components/rightClickMenu/index.ts +2 -1
- package/src/utils/PopsDOMUtils.ts +12 -3
- package/src/utils/PopsSafeUtils.ts +16 -14
package/dist/index.esm.js
CHANGED
|
@@ -311,27 +311,28 @@ class PopsUtils {
|
|
|
311
311
|
const popsUtils = new PopsUtils();
|
|
312
312
|
|
|
313
313
|
const PopsSafeUtils = {
|
|
314
|
+
/**
|
|
315
|
+
* 获取安全的html
|
|
316
|
+
*/
|
|
317
|
+
getSafeHTML(text) {
|
|
318
|
+
// @ts-ignore
|
|
319
|
+
if (globalThis.trustedTypes) {
|
|
320
|
+
// @ts-ignore
|
|
321
|
+
const policy = globalThis.trustedTypes.createPolicy("safe-innerHTML", {
|
|
322
|
+
createHTML: (html) => html,
|
|
323
|
+
});
|
|
324
|
+
return policy.createHTML(text);
|
|
325
|
+
}
|
|
326
|
+
else {
|
|
327
|
+
return text;
|
|
328
|
+
}
|
|
329
|
+
},
|
|
314
330
|
/**
|
|
315
331
|
* 设置安全的html
|
|
316
332
|
*/
|
|
317
333
|
setSafeHTML($el, text) {
|
|
318
334
|
// 创建 TrustedHTML 策略(需 CSP 允许)
|
|
319
|
-
|
|
320
|
-
$el.innerHTML = text;
|
|
321
|
-
}
|
|
322
|
-
catch (error) {
|
|
323
|
-
// @ts-ignore
|
|
324
|
-
if (globalThis.trustedTypes) {
|
|
325
|
-
// @ts-ignore
|
|
326
|
-
const policy = globalThis.trustedTypes.createPolicy("safe-innerHTML", {
|
|
327
|
-
createHTML: (html) => html,
|
|
328
|
-
});
|
|
329
|
-
$el.innerHTML = policy.createHTML(text);
|
|
330
|
-
}
|
|
331
|
-
else {
|
|
332
|
-
throw new Error("trustedTypes is not defined");
|
|
333
|
-
}
|
|
334
|
-
}
|
|
335
|
+
$el.innerHTML = this.getSafeHTML(text);
|
|
335
336
|
},
|
|
336
337
|
};
|
|
337
338
|
|
|
@@ -1523,7 +1524,7 @@ class PopsDOMUtils extends PopsDOMUtilsEvent {
|
|
|
1523
1524
|
}
|
|
1524
1525
|
function elementAppendChild(ele, text) {
|
|
1525
1526
|
if (typeof content === "string") {
|
|
1526
|
-
ele.insertAdjacentHTML("beforeend", text);
|
|
1527
|
+
ele.insertAdjacentHTML("beforeend", PopsSafeUtils.getSafeHTML(text));
|
|
1527
1528
|
}
|
|
1528
1529
|
else {
|
|
1529
1530
|
ele.appendChild(text);
|
|
@@ -1658,7 +1659,7 @@ class PopsDOMUtils extends PopsDOMUtilsEvent {
|
|
|
1658
1659
|
return;
|
|
1659
1660
|
}
|
|
1660
1661
|
if (typeof content === "string") {
|
|
1661
|
-
element.insertAdjacentHTML("beforebegin", content);
|
|
1662
|
+
element.insertAdjacentHTML("beforebegin", PopsSafeUtils.getSafeHTML(content));
|
|
1662
1663
|
}
|
|
1663
1664
|
else {
|
|
1664
1665
|
element.parentElement.insertBefore(content, element);
|
|
@@ -1681,7 +1682,7 @@ class PopsDOMUtils extends PopsDOMUtilsEvent {
|
|
|
1681
1682
|
return;
|
|
1682
1683
|
}
|
|
1683
1684
|
if (typeof content === "string") {
|
|
1684
|
-
element.insertAdjacentHTML("afterend", content);
|
|
1685
|
+
element.insertAdjacentHTML("afterend", PopsSafeUtils.getSafeHTML(content));
|
|
1685
1686
|
}
|
|
1686
1687
|
else {
|
|
1687
1688
|
element.parentElement.insertBefore(content, element.nextSibling);
|
|
@@ -6052,7 +6053,12 @@ const PanelHandleContentDetails = () => {
|
|
|
6052
6053
|
return;
|
|
6053
6054
|
}
|
|
6054
6055
|
Object.keys(props).forEach((propName) => {
|
|
6055
|
-
|
|
6056
|
+
let value = props[propName];
|
|
6057
|
+
if (propName === "innerHTML") {
|
|
6058
|
+
PopsSafeUtils.setSafeHTML(element, value);
|
|
6059
|
+
return;
|
|
6060
|
+
}
|
|
6061
|
+
Reflect.set(element, propName, value);
|
|
6056
6062
|
});
|
|
6057
6063
|
},
|
|
6058
6064
|
/**
|
|
@@ -8984,7 +8990,7 @@ class PopsRightClickMenu {
|
|
|
8984
8990
|
menuLiElement.appendChild(iconElement);
|
|
8985
8991
|
}
|
|
8986
8992
|
/* 插入文字 */
|
|
8987
|
-
menuLiElement.insertAdjacentHTML("beforeend", `<span>${item.text}</span>`);
|
|
8993
|
+
menuLiElement.insertAdjacentHTML("beforeend", PopsSafeUtils.getSafeHTML(`<span>${item.text}</span>`));
|
|
8988
8994
|
/* 如果存在子数据,显示 */
|
|
8989
8995
|
if (item.item && Array.isArray(item.item)) {
|
|
8990
8996
|
popsDOMUtils.addClassName(menuLiElement, `pops-${PopsType}-item`);
|