dompurify 2.4.7 → 2.4.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/purify.cjs.js +15 -5
- package/dist/purify.cjs.js.map +1 -1
- package/dist/purify.es.js +15 -5
- package/dist/purify.es.js.map +1 -1
- package/dist/purify.js +15 -5
- package/dist/purify.js.map +1 -1
- package/dist/purify.min.js +2 -2
- package/dist/purify.min.js.map +1 -1
- package/package.json +1 -1
package/dist/purify.es.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @license DOMPurify 2.4.
|
|
1
|
+
/*! @license DOMPurify 2.4.9 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.4.9/LICENSE */
|
|
2
2
|
|
|
3
3
|
function _typeof(obj) {
|
|
4
4
|
"@babel/helpers - typeof";
|
|
@@ -263,6 +263,7 @@ var IS_SCRIPT_OR_DATA = seal(/^(?:\w+script|data):/i);
|
|
|
263
263
|
var ATTR_WHITESPACE = seal(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g // eslint-disable-line no-control-regex
|
|
264
264
|
);
|
|
265
265
|
var DOCTYPE_NAME = seal(/^html$/i);
|
|
266
|
+
var CUSTOM_ELEMENT = seal(/^[a-z][.\w]*(-[.\w]+)+$/i);
|
|
266
267
|
|
|
267
268
|
var getGlobal = function getGlobal() {
|
|
268
269
|
return typeof window === 'undefined' ? null : window;
|
|
@@ -324,7 +325,7 @@ function createDOMPurify() {
|
|
|
324
325
|
*/
|
|
325
326
|
|
|
326
327
|
|
|
327
|
-
DOMPurify.version = '2.4.
|
|
328
|
+
DOMPurify.version = '2.4.9';
|
|
328
329
|
/**
|
|
329
330
|
* Array of elements that DOMPurify removed during sanitation.
|
|
330
331
|
* Empty if nothing was removed.
|
|
@@ -397,7 +398,8 @@ function createDOMPurify() {
|
|
|
397
398
|
DATA_ATTR$1 = DATA_ATTR,
|
|
398
399
|
ARIA_ATTR$1 = ARIA_ATTR,
|
|
399
400
|
IS_SCRIPT_OR_DATA$1 = IS_SCRIPT_OR_DATA,
|
|
400
|
-
ATTR_WHITESPACE$1 = ATTR_WHITESPACE
|
|
401
|
+
ATTR_WHITESPACE$1 = ATTR_WHITESPACE,
|
|
402
|
+
CUSTOM_ELEMENT$1 = CUSTOM_ELEMENT;
|
|
401
403
|
var IS_ALLOWED_URI$1 = IS_ALLOWED_URI;
|
|
402
404
|
/**
|
|
403
405
|
* We consider the elements and attributes below to be safe. Ideally
|
|
@@ -985,7 +987,7 @@ function createDOMPurify() {
|
|
|
985
987
|
|
|
986
988
|
var _createIterator = function _createIterator(root) {
|
|
987
989
|
return createNodeIterator.call(root.ownerDocument || root, root, // eslint-disable-next-line no-bitwise
|
|
988
|
-
NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT, null, false);
|
|
990
|
+
NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT | NodeFilter.SHOW_PROCESSING_INSTRUCTION | NodeFilter.SHOW_CDATA_SECTION, null, false);
|
|
989
991
|
};
|
|
990
992
|
/**
|
|
991
993
|
* _isClobbered
|
|
@@ -1087,6 +1089,14 @@ function createDOMPurify() {
|
|
|
1087
1089
|
|
|
1088
1090
|
return true;
|
|
1089
1091
|
}
|
|
1092
|
+
/* Remove any ocurrence of processing instructions */
|
|
1093
|
+
|
|
1094
|
+
|
|
1095
|
+
if (currentNode.nodeType === 7) {
|
|
1096
|
+
_forceRemove(currentNode);
|
|
1097
|
+
|
|
1098
|
+
return true;
|
|
1099
|
+
}
|
|
1090
1100
|
/* Remove element if anything forbids its presence */
|
|
1091
1101
|
|
|
1092
1102
|
|
|
@@ -1204,7 +1214,7 @@ function createDOMPurify() {
|
|
|
1204
1214
|
|
|
1205
1215
|
|
|
1206
1216
|
var _basicCustomElementTest = function _basicCustomElementTest(tagName) {
|
|
1207
|
-
return tagName
|
|
1217
|
+
return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT$1);
|
|
1208
1218
|
};
|
|
1209
1219
|
/**
|
|
1210
1220
|
* _sanitizeAttributes
|