dompurify 2.5.6 → 2.5.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/purify.cjs.js +9 -9
- package/dist/purify.cjs.js.map +1 -1
- package/dist/purify.es.js +9 -9
- package/dist/purify.es.js.map +1 -1
- package/dist/purify.js +9 -9
- package/dist/purify.js.map +1 -1
- package/dist/purify.min.js +2 -2
- package/dist/purify.min.js.map +1 -1
- package/package.json +1 -1
package/dist/purify.es.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @license DOMPurify 2.5.
|
|
1
|
+
/*! @license DOMPurify 2.5.7 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.5.7/LICENSE */
|
|
2
2
|
|
|
3
3
|
function _typeof(obj) {
|
|
4
4
|
"@babel/helpers - typeof";
|
|
@@ -281,7 +281,7 @@ function createDOMPurify() {
|
|
|
281
281
|
* Version label, exposed for easier checks
|
|
282
282
|
* if DOMPurify is up to date or not
|
|
283
283
|
*/
|
|
284
|
-
DOMPurify.version = '2.5.
|
|
284
|
+
DOMPurify.version = '2.5.7';
|
|
285
285
|
|
|
286
286
|
/**
|
|
287
287
|
* Array of elements that DOMPurify removed during sanitation.
|
|
@@ -668,7 +668,7 @@ function createDOMPurify() {
|
|
|
668
668
|
CONFIG = cfg;
|
|
669
669
|
};
|
|
670
670
|
var MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, ['mi', 'mo', 'mn', 'ms', 'mtext']);
|
|
671
|
-
var HTML_INTEGRATION_POINTS = addToSet({}, ['
|
|
671
|
+
var HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']);
|
|
672
672
|
|
|
673
673
|
// Certain elements are allowed in both SVG and HTML
|
|
674
674
|
// namespace. We need to specify them explicitly
|
|
@@ -1144,12 +1144,6 @@ function createDOMPurify() {
|
|
|
1144
1144
|
_executeHook('uponSanitizeAttribute', currentNode, hookEvent);
|
|
1145
1145
|
value = hookEvent.attrValue;
|
|
1146
1146
|
|
|
1147
|
-
/* Work around a security issue with comments inside attributes */
|
|
1148
|
-
if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title)/i, value)) {
|
|
1149
|
-
_removeAttribute(name, currentNode);
|
|
1150
|
-
continue;
|
|
1151
|
-
}
|
|
1152
|
-
|
|
1153
1147
|
/* Did the hooks approve of the attribute? */
|
|
1154
1148
|
if (hookEvent.forceKeepAttr) {
|
|
1155
1149
|
continue;
|
|
@@ -1193,6 +1187,12 @@ function createDOMPurify() {
|
|
|
1193
1187
|
value = SANITIZE_NAMED_PROPS_PREFIX + value;
|
|
1194
1188
|
}
|
|
1195
1189
|
|
|
1190
|
+
/* Work around a security issue with comments inside attributes */
|
|
1191
|
+
if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title)/i, value)) {
|
|
1192
|
+
_removeAttribute(name, currentNode);
|
|
1193
|
+
continue;
|
|
1194
|
+
}
|
|
1195
|
+
|
|
1196
1196
|
/* Handle attributes that require Trusted Types */
|
|
1197
1197
|
if (trustedTypesPolicy && _typeof(trustedTypes) === 'object' && typeof trustedTypes.getAttributeType === 'function') {
|
|
1198
1198
|
if (namespaceURI) ; else {
|