dompurify 2.5.6 → 2.5.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/purify.cjs.js +9 -9
- package/dist/purify.cjs.js.map +1 -1
- package/dist/purify.es.js +9 -9
- package/dist/purify.es.js.map +1 -1
- package/dist/purify.js +9 -9
- package/dist/purify.js.map +1 -1
- package/dist/purify.min.js +2 -2
- package/dist/purify.min.js.map +1 -1
- package/package.json +1 -1
package/dist/purify.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @license DOMPurify 2.5.
|
|
1
|
+
/*! @license DOMPurify 2.5.7 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.5.7/LICENSE */
|
|
2
2
|
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :
|
|
@@ -287,7 +287,7 @@
|
|
|
287
287
|
* Version label, exposed for easier checks
|
|
288
288
|
* if DOMPurify is up to date or not
|
|
289
289
|
*/
|
|
290
|
-
DOMPurify.version = '2.5.
|
|
290
|
+
DOMPurify.version = '2.5.7';
|
|
291
291
|
|
|
292
292
|
/**
|
|
293
293
|
* Array of elements that DOMPurify removed during sanitation.
|
|
@@ -674,7 +674,7 @@
|
|
|
674
674
|
CONFIG = cfg;
|
|
675
675
|
};
|
|
676
676
|
var MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, ['mi', 'mo', 'mn', 'ms', 'mtext']);
|
|
677
|
-
var HTML_INTEGRATION_POINTS = addToSet({}, ['
|
|
677
|
+
var HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']);
|
|
678
678
|
|
|
679
679
|
// Certain elements are allowed in both SVG and HTML
|
|
680
680
|
// namespace. We need to specify them explicitly
|
|
@@ -1150,12 +1150,6 @@
|
|
|
1150
1150
|
_executeHook('uponSanitizeAttribute', currentNode, hookEvent);
|
|
1151
1151
|
value = hookEvent.attrValue;
|
|
1152
1152
|
|
|
1153
|
-
/* Work around a security issue with comments inside attributes */
|
|
1154
|
-
if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title)/i, value)) {
|
|
1155
|
-
_removeAttribute(name, currentNode);
|
|
1156
|
-
continue;
|
|
1157
|
-
}
|
|
1158
|
-
|
|
1159
1153
|
/* Did the hooks approve of the attribute? */
|
|
1160
1154
|
if (hookEvent.forceKeepAttr) {
|
|
1161
1155
|
continue;
|
|
@@ -1199,6 +1193,12 @@
|
|
|
1199
1193
|
value = SANITIZE_NAMED_PROPS_PREFIX + value;
|
|
1200
1194
|
}
|
|
1201
1195
|
|
|
1196
|
+
/* Work around a security issue with comments inside attributes */
|
|
1197
|
+
if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title)/i, value)) {
|
|
1198
|
+
_removeAttribute(name, currentNode);
|
|
1199
|
+
continue;
|
|
1200
|
+
}
|
|
1201
|
+
|
|
1202
1202
|
/* Handle attributes that require Trusted Types */
|
|
1203
1203
|
if (trustedTypesPolicy && _typeof(trustedTypes) === 'object' && typeof trustedTypes.getAttributeType === 'function') {
|
|
1204
1204
|
if (namespaceURI) ; else {
|