npm - @whitesev/pops - Versions diffs - 2.0.0 → 2.0.2 - Mend

@whitesev/pops 2.0.0 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/dist/index.amd.js +27 -21
package/dist/index.amd.js.map +1 -1
package/dist/index.cjs.js +27 -21
package/dist/index.cjs.js.map +1 -1
package/dist/index.esm.js +27 -21
package/dist/index.esm.js.map +1 -1
package/dist/index.iife.js +27 -21
package/dist/index.iife.js.map +1 -1
package/dist/index.system.js +27 -21
package/dist/index.system.js.map +1 -1
package/dist/index.umd.js +27 -21
package/dist/index.umd.js.map +1 -1
package/dist/types/src/utils/PopsSafeUtils.d.ts +4 -0
package/package.json +1 -1
package/src/components/panel/PanelHandleContentDetails.ts +6 -1
package/src/components/rightClickMenu/index.ts +2 -1
package/src/utils/PopsDOMUtils.ts +12 -3
package/src/utils/PopsSafeUtils.ts +16 -14

package/dist/index.system.js CHANGED Viewed

@@ -316,27 +316,28 @@ System.register('pops', [], (function (exports) {
             const popsUtils = new PopsUtils();
             const PopsSafeUtils = {
+                /**
+                 * 获取安全的html
+                 */
+                getSafeHTML(text) {
+                    // @ts-ignore
+                    if (globalThis.trustedTypes) {
+                        // @ts-ignore
+                        const policy = globalThis.trustedTypes.createPolicy("safe-innerHTML", {
+                            createHTML: (html) => html,
+                        });
+                        return policy.createHTML(text);
+                    }
+                    else {
+                        return text;
+                    }
+                },
                 /**
                  * 设置安全的html
                  */
                 setSafeHTML($el, text) {
                     // 创建 TrustedHTML 策略（需 CSP 允许）
-                    try {
-                        $el.innerHTML = text;
-                    }
-                    catch (error) {
-                        // @ts-ignore
-                        if (globalThis.trustedTypes) {
-                            // @ts-ignore
-                            const policy = globalThis.trustedTypes.createPolicy("safe-innerHTML", {
-                                createHTML: (html) => html,
-                            });
-                            $el.innerHTML = policy.createHTML(text);
-                        }
-                        else {
-                            throw new Error("trustedTypes is not defined");
-                        }
-                    }
+                    $el.innerHTML = this.getSafeHTML(text);
                 },
             };
@@ -1528,7 +1529,7 @@ System.register('pops', [], (function (exports) {
                     }
                     function elementAppendChild(ele, text) {
                         if (typeof content === "string") {
-                            ele.insertAdjacentHTML("beforeend", text);
+                            ele.insertAdjacentHTML("beforeend", PopsSafeUtils.getSafeHTML(text));
                         }
                         else {
                             ele.appendChild(text);
@@ -1663,7 +1664,7 @@ System.register('pops', [], (function (exports) {
                         return;
                     }
                     if (typeof content === "string") {
-                        element.insertAdjacentHTML("beforebegin", content);
+                        element.insertAdjacentHTML("beforebegin", PopsSafeUtils.getSafeHTML(content));
                     }
                     else {
                         element.parentElement.insertBefore(content, element);
@@ -1686,7 +1687,7 @@ System.register('pops', [], (function (exports) {
                         return;
                     }
                     if (typeof content === "string") {
-                        element.insertAdjacentHTML("afterend", content);
+                        element.insertAdjacentHTML("afterend", PopsSafeUtils.getSafeHTML(content));
                     }
                     else {
                         element.parentElement.insertBefore(content, element.nextSibling);
@@ -6057,7 +6058,12 @@ System.register('pops', [], (function (exports) {
                             return;
                         }
                         Object.keys(props).forEach((propName) => {
-                            Reflect.set(element, propName, props[propName]);
+                            let value = props[propName];
+                            if (propName === "innerHTML") {
+                                PopsSafeUtils.setSafeHTML(element, value);
+                                return;
+                            }
+                            Reflect.set(element, propName, value);
                         });
                     },
                     /**
@@ -8989,7 +8995,7 @@ System.register('pops', [], (function (exports) {
                                     menuLiElement.appendChild(iconElement);
                                 }
                                 /* 插入文字 */
-                                menuLiElement.insertAdjacentHTML("beforeend", `<span>${item.text}</span>`);
+                                menuLiElement.insertAdjacentHTML("beforeend", PopsSafeUtils.getSafeHTML(`<span>${item.text}</span>`));
                                 /* 如果存在子数据，显示 */
                                 if (item.item && Array.isArray(item.item)) {
                                     popsDOMUtils.addClassName(menuLiElement, `pops-${PopsType}-item`);