dompurify 2.4.6 → 2.4.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/LICENSE +202 -12
  2. package/README.md +1 -1
  3. package/dist/purify.cjs.js +7 -5
  4. package/dist/purify.cjs.js.map +1 -1
  5. package/dist/purify.es.js +7 -5
  6. package/dist/purify.es.js.map +1 -1
  7. package/dist/purify.js +7 -5
  8. package/dist/purify.js.map +1 -1
  9. package/dist/purify.min.js +2 -2
  10. package/dist/purify.min.js.map +1 -1
  11. package/package.json +1 -1
package/dist/purify.es.js CHANGED
@@ -1,4 +1,4 @@
1
- /*! @license DOMPurify 2.4.6 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.4.6/LICENSE */
1
+ /*! @license DOMPurify 2.4.8 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.4.8/LICENSE */
2
2
 
3
3
  function _typeof(obj) {
4
4
  "@babel/helpers - typeof";
@@ -263,6 +263,7 @@ var IS_SCRIPT_OR_DATA = seal(/^(?:\w+script|data):/i);
263
263
  var ATTR_WHITESPACE = seal(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g // eslint-disable-line no-control-regex
264
264
  );
265
265
  var DOCTYPE_NAME = seal(/^html$/i);
266
+ var CUSTOM_ELEMENT = seal(/^[a-z][a-z\d]*(-[a-z\d]+)+$/i);
266
267
 
267
268
  var getGlobal = function getGlobal() {
268
269
  return typeof window === 'undefined' ? null : window;
@@ -324,7 +325,7 @@ function createDOMPurify() {
324
325
  */
325
326
 
326
327
 
327
- DOMPurify.version = '2.4.6';
328
+ DOMPurify.version = '2.4.8';
328
329
  /**
329
330
  * Array of elements that DOMPurify removed during sanitation.
330
331
  * Empty if nothing was removed.
@@ -397,7 +398,8 @@ function createDOMPurify() {
397
398
  DATA_ATTR$1 = DATA_ATTR,
398
399
  ARIA_ATTR$1 = ARIA_ATTR,
399
400
  IS_SCRIPT_OR_DATA$1 = IS_SCRIPT_OR_DATA,
400
- ATTR_WHITESPACE$1 = ATTR_WHITESPACE;
401
+ ATTR_WHITESPACE$1 = ATTR_WHITESPACE,
402
+ CUSTOM_ELEMENT$1 = CUSTOM_ELEMENT;
401
403
  var IS_ALLOWED_URI$1 = IS_ALLOWED_URI;
402
404
  /**
403
405
  * We consider the elements and attributes below to be safe. Ideally
@@ -985,7 +987,7 @@ function createDOMPurify() {
985
987
 
986
988
  var _createIterator = function _createIterator(root) {
987
989
  return createNodeIterator.call(root.ownerDocument || root, root, // eslint-disable-next-line no-bitwise
988
- NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT, null, false);
990
+ NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT | NodeFilter.SHOW_PROCESSING_INSTRUCTION, null, false);
989
991
  };
990
992
  /**
991
993
  * _isClobbered
@@ -1204,7 +1206,7 @@ function createDOMPurify() {
1204
1206
 
1205
1207
 
1206
1208
  var _basicCustomElementTest = function _basicCustomElementTest(tagName) {
1207
- return tagName.indexOf('-') > 0;
1209
+ return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT$1);
1208
1210
  };
1209
1211
  /**
1210
1212
  * _sanitizeAttributes