dompurify 2.4.6 → 2.4.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/LICENSE +202 -12
  2. package/README.md +1 -1
  3. package/dist/purify.cjs.js +7 -5
  4. package/dist/purify.cjs.js.map +1 -1
  5. package/dist/purify.es.js +7 -5
  6. package/dist/purify.es.js.map +1 -1
  7. package/dist/purify.js +7 -5
  8. package/dist/purify.js.map +1 -1
  9. package/dist/purify.min.js +2 -2
  10. package/dist/purify.min.js.map +1 -1
  11. package/package.json +1 -1
package/dist/purify.js CHANGED
@@ -1,4 +1,4 @@
1
- /*! @license DOMPurify 2.4.6 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.4.6/LICENSE */
1
+ /*! @license DOMPurify 2.4.8 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.4.8/LICENSE */
2
2
 
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :
@@ -269,6 +269,7 @@
269
269
  var ATTR_WHITESPACE = seal(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g // eslint-disable-line no-control-regex
270
270
  );
271
271
  var DOCTYPE_NAME = seal(/^html$/i);
272
+ var CUSTOM_ELEMENT = seal(/^[a-z][a-z\d]*(-[a-z\d]+)+$/i);
272
273
 
273
274
  var getGlobal = function getGlobal() {
274
275
  return typeof window === 'undefined' ? null : window;
@@ -330,7 +331,7 @@
330
331
  */
331
332
 
332
333
 
333
- DOMPurify.version = '2.4.6';
334
+ DOMPurify.version = '2.4.8';
334
335
  /**
335
336
  * Array of elements that DOMPurify removed during sanitation.
336
337
  * Empty if nothing was removed.
@@ -403,7 +404,8 @@
403
404
  DATA_ATTR$1 = DATA_ATTR,
404
405
  ARIA_ATTR$1 = ARIA_ATTR,
405
406
  IS_SCRIPT_OR_DATA$1 = IS_SCRIPT_OR_DATA,
406
- ATTR_WHITESPACE$1 = ATTR_WHITESPACE;
407
+ ATTR_WHITESPACE$1 = ATTR_WHITESPACE,
408
+ CUSTOM_ELEMENT$1 = CUSTOM_ELEMENT;
407
409
  var IS_ALLOWED_URI$1 = IS_ALLOWED_URI;
408
410
  /**
409
411
  * We consider the elements and attributes below to be safe. Ideally
@@ -991,7 +993,7 @@
991
993
 
992
994
  var _createIterator = function _createIterator(root) {
993
995
  return createNodeIterator.call(root.ownerDocument || root, root, // eslint-disable-next-line no-bitwise
994
- NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT, null, false);
996
+ NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT | NodeFilter.SHOW_PROCESSING_INSTRUCTION, null, false);
995
997
  };
996
998
  /**
997
999
  * _isClobbered
@@ -1210,7 +1212,7 @@
1210
1212
 
1211
1213
 
1212
1214
  var _basicCustomElementTest = function _basicCustomElementTest(tagName) {
1213
- return tagName.indexOf('-') > 0;
1215
+ return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT$1);
1214
1216
  };
1215
1217
  /**
1216
1218
  * _sanitizeAttributes