dompurify 2.4.7 → 2.4.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/README.md +1 -1
  2. package/dist/purify.cjs.js +15 -5
  3. package/dist/purify.cjs.js.map +1 -1
  4. package/dist/purify.es.js +15 -5
  5. package/dist/purify.es.js.map +1 -1
  6. package/dist/purify.js +15 -5
  7. package/dist/purify.js.map +1 -1
  8. package/dist/purify.min.js +2 -2
  9. package/dist/purify.min.js.map +1 -1
  10. package/package.json +1 -1
package/dist/purify.js CHANGED
@@ -1,4 +1,4 @@
1
- /*! @license DOMPurify 2.4.7 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.4.7/LICENSE */
1
+ /*! @license DOMPurify 2.4.9 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.4.9/LICENSE */
2
2
 
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :
@@ -269,6 +269,7 @@
269
269
  var ATTR_WHITESPACE = seal(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g // eslint-disable-line no-control-regex
270
270
  );
271
271
  var DOCTYPE_NAME = seal(/^html$/i);
272
+ var CUSTOM_ELEMENT = seal(/^[a-z][.\w]*(-[.\w]+)+$/i);
272
273
 
273
274
  var getGlobal = function getGlobal() {
274
275
  return typeof window === 'undefined' ? null : window;
@@ -330,7 +331,7 @@
330
331
  */
331
332
 
332
333
 
333
- DOMPurify.version = '2.4.7';
334
+ DOMPurify.version = '2.4.9';
334
335
  /**
335
336
  * Array of elements that DOMPurify removed during sanitation.
336
337
  * Empty if nothing was removed.
@@ -403,7 +404,8 @@
403
404
  DATA_ATTR$1 = DATA_ATTR,
404
405
  ARIA_ATTR$1 = ARIA_ATTR,
405
406
  IS_SCRIPT_OR_DATA$1 = IS_SCRIPT_OR_DATA,
406
- ATTR_WHITESPACE$1 = ATTR_WHITESPACE;
407
+ ATTR_WHITESPACE$1 = ATTR_WHITESPACE,
408
+ CUSTOM_ELEMENT$1 = CUSTOM_ELEMENT;
407
409
  var IS_ALLOWED_URI$1 = IS_ALLOWED_URI;
408
410
  /**
409
411
  * We consider the elements and attributes below to be safe. Ideally
@@ -991,7 +993,7 @@
991
993
 
992
994
  var _createIterator = function _createIterator(root) {
993
995
  return createNodeIterator.call(root.ownerDocument || root, root, // eslint-disable-next-line no-bitwise
994
- NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT, null, false);
996
+ NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT | NodeFilter.SHOW_PROCESSING_INSTRUCTION | NodeFilter.SHOW_CDATA_SECTION, null, false);
995
997
  };
996
998
  /**
997
999
  * _isClobbered
@@ -1093,6 +1095,14 @@
1093
1095
 
1094
1096
  return true;
1095
1097
  }
1098
+ /* Remove any ocurrence of processing instructions */
1099
+
1100
+
1101
+ if (currentNode.nodeType === 7) {
1102
+ _forceRemove(currentNode);
1103
+
1104
+ return true;
1105
+ }
1096
1106
  /* Remove element if anything forbids its presence */
1097
1107
 
1098
1108
 
@@ -1210,7 +1220,7 @@
1210
1220
 
1211
1221
 
1212
1222
  var _basicCustomElementTest = function _basicCustomElementTest(tagName) {
1213
- return tagName.indexOf('-') > 0;
1223
+ return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT$1);
1214
1224
  };
1215
1225
  /**
1216
1226
  * _sanitizeAttributes