dompurify 3.0.9 → 3.0.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/purify.cjs.js +15 -6
- package/dist/purify.cjs.js.map +1 -1
- package/dist/purify.es.mjs +15 -6
- package/dist/purify.es.mjs.map +1 -1
- package/dist/purify.js +15 -6
- package/dist/purify.js.map +1 -1
- package/dist/purify.min.js +2 -2
- package/dist/purify.min.js.map +1 -1
- package/package.json +1 -1
package/dist/purify.es.mjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @license DOMPurify 3.0.
|
|
1
|
+
/*! @license DOMPurify 3.0.11 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.0.11/LICENSE */
|
|
2
2
|
|
|
3
3
|
const {
|
|
4
4
|
entries,
|
|
@@ -215,6 +215,7 @@ const ATTR_WHITESPACE = seal(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205
|
|
|
215
215
|
);
|
|
216
216
|
|
|
217
217
|
const DOCTYPE_NAME = seal(/^html$/i);
|
|
218
|
+
const CUSTOM_ELEMENT = seal(/^[a-z][.\w]*(-[.\w]+)+$/i);
|
|
218
219
|
|
|
219
220
|
var EXPRESSIONS = /*#__PURE__*/Object.freeze({
|
|
220
221
|
__proto__: null,
|
|
@@ -226,7 +227,8 @@ var EXPRESSIONS = /*#__PURE__*/Object.freeze({
|
|
|
226
227
|
IS_ALLOWED_URI: IS_ALLOWED_URI,
|
|
227
228
|
IS_SCRIPT_OR_DATA: IS_SCRIPT_OR_DATA,
|
|
228
229
|
ATTR_WHITESPACE: ATTR_WHITESPACE,
|
|
229
|
-
DOCTYPE_NAME: DOCTYPE_NAME
|
|
230
|
+
DOCTYPE_NAME: DOCTYPE_NAME,
|
|
231
|
+
CUSTOM_ELEMENT: CUSTOM_ELEMENT
|
|
230
232
|
});
|
|
231
233
|
|
|
232
234
|
const getGlobal = function getGlobal() {
|
|
@@ -280,7 +282,7 @@ function createDOMPurify() {
|
|
|
280
282
|
* Version label, exposed for easier checks
|
|
281
283
|
* if DOMPurify is up to date or not
|
|
282
284
|
*/
|
|
283
|
-
DOMPurify.version = '3.0.
|
|
285
|
+
DOMPurify.version = '3.0.11';
|
|
284
286
|
|
|
285
287
|
/**
|
|
286
288
|
* Array of elements that DOMPurify removed during sanitation.
|
|
@@ -351,7 +353,8 @@ function createDOMPurify() {
|
|
|
351
353
|
DATA_ATTR,
|
|
352
354
|
ARIA_ATTR,
|
|
353
355
|
IS_SCRIPT_OR_DATA,
|
|
354
|
-
ATTR_WHITESPACE
|
|
356
|
+
ATTR_WHITESPACE,
|
|
357
|
+
CUSTOM_ELEMENT
|
|
355
358
|
} = EXPRESSIONS;
|
|
356
359
|
let {
|
|
357
360
|
IS_ALLOWED_URI: IS_ALLOWED_URI$1
|
|
@@ -906,7 +909,7 @@ function createDOMPurify() {
|
|
|
906
909
|
const _createNodeIterator = function _createNodeIterator(root) {
|
|
907
910
|
return createNodeIterator.call(root.ownerDocument || root, root,
|
|
908
911
|
// eslint-disable-next-line no-bitwise
|
|
909
|
-
NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT, null);
|
|
912
|
+
NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT | NodeFilter.SHOW_PROCESSING_INSTRUCTION | NodeFilter.SHOW_CDATA_SECTION, null);
|
|
910
913
|
};
|
|
911
914
|
|
|
912
915
|
/**
|
|
@@ -983,6 +986,12 @@ function createDOMPurify() {
|
|
|
983
986
|
return true;
|
|
984
987
|
}
|
|
985
988
|
|
|
989
|
+
/* Remove any ocurrence of processing instructions */
|
|
990
|
+
if (currentNode.nodeType === 7) {
|
|
991
|
+
_forceRemove(currentNode);
|
|
992
|
+
return true;
|
|
993
|
+
}
|
|
994
|
+
|
|
986
995
|
/* Remove element if anything forbids its presence */
|
|
987
996
|
if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {
|
|
988
997
|
/* Check if we have a custom element to handle */
|
|
@@ -1088,7 +1097,7 @@ function createDOMPurify() {
|
|
|
1088
1097
|
* @returns {boolean} Returns true if the tag name meets the basic criteria for a custom element, otherwise false.
|
|
1089
1098
|
*/
|
|
1090
1099
|
const _isBasicCustomElement = function _isBasicCustomElement(tagName) {
|
|
1091
|
-
return tagName !== 'annotation-xml' && tagName
|
|
1100
|
+
return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT);
|
|
1092
1101
|
};
|
|
1093
1102
|
|
|
1094
1103
|
/**
|