dompurify 3.2.0 → 3.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/purify.cjs.d.ts +46 -10
- package/dist/purify.cjs.js +32 -27
- package/dist/purify.cjs.js.map +1 -1
- package/dist/purify.es.d.mts +45 -10
- package/dist/purify.es.mjs +32 -27
- package/dist/purify.es.mjs.map +1 -1
- package/dist/purify.js +32 -27
- package/dist/purify.js.map +1 -1
- package/dist/purify.min.js +2 -1339
- package/dist/purify.min.js.map +1 -1
- package/package.json +11 -8
package/dist/purify.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @license DOMPurify 3.2.
|
|
1
|
+
/*! @license DOMPurify 3.2.2 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.2/LICENSE */
|
|
2
2
|
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :
|
|
@@ -285,10 +285,23 @@
|
|
|
285
285
|
return null;
|
|
286
286
|
}
|
|
287
287
|
};
|
|
288
|
+
const _createHooksMap = function _createHooksMap() {
|
|
289
|
+
return {
|
|
290
|
+
afterSanitizeAttributes: [],
|
|
291
|
+
afterSanitizeElements: [],
|
|
292
|
+
afterSanitizeShadowDOM: [],
|
|
293
|
+
beforeSanitizeAttributes: [],
|
|
294
|
+
beforeSanitizeElements: [],
|
|
295
|
+
beforeSanitizeShadowDOM: [],
|
|
296
|
+
uponSanitizeAttribute: [],
|
|
297
|
+
uponSanitizeElement: [],
|
|
298
|
+
uponSanitizeShadowNode: []
|
|
299
|
+
};
|
|
300
|
+
};
|
|
288
301
|
function createDOMPurify() {
|
|
289
302
|
let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal();
|
|
290
303
|
const DOMPurify = root => createDOMPurify(root);
|
|
291
|
-
DOMPurify.version = '3.2.
|
|
304
|
+
DOMPurify.version = '3.2.2';
|
|
292
305
|
DOMPurify.removed = [];
|
|
293
306
|
if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document) {
|
|
294
307
|
// Not running in a browser, provide a factory function
|
|
@@ -341,7 +354,7 @@
|
|
|
341
354
|
const {
|
|
342
355
|
importNode
|
|
343
356
|
} = originalDocument;
|
|
344
|
-
let hooks =
|
|
357
|
+
let hooks = _createHooksMap();
|
|
345
358
|
/**
|
|
346
359
|
* Expose whether this browser supports running the full DOMPurify.
|
|
347
360
|
*/
|
|
@@ -770,8 +783,8 @@
|
|
|
770
783
|
});
|
|
771
784
|
}
|
|
772
785
|
element.removeAttribute(name);
|
|
773
|
-
// We void attribute values for unremovable "is"
|
|
774
|
-
if (name === 'is'
|
|
786
|
+
// We void attribute values for unremovable "is" attributes
|
|
787
|
+
if (name === 'is') {
|
|
775
788
|
if (RETURN_DOM || RETURN_DOM_FRAGMENT) {
|
|
776
789
|
try {
|
|
777
790
|
_forceRemove(element);
|
|
@@ -862,11 +875,8 @@
|
|
|
862
875
|
const _isNode = function _isNode(value) {
|
|
863
876
|
return typeof Node === 'function' && value instanceof Node;
|
|
864
877
|
};
|
|
865
|
-
function
|
|
866
|
-
|
|
867
|
-
return;
|
|
868
|
-
}
|
|
869
|
-
arrayForEach(hooks[entryPoint], hook => {
|
|
878
|
+
function _executeHooks(hooks, currentNode, data) {
|
|
879
|
+
arrayForEach(hooks, hook => {
|
|
870
880
|
hook.call(DOMPurify, currentNode, data, CONFIG);
|
|
871
881
|
});
|
|
872
882
|
}
|
|
@@ -882,7 +892,7 @@
|
|
|
882
892
|
const _sanitizeElements = function _sanitizeElements(currentNode) {
|
|
883
893
|
let content = null;
|
|
884
894
|
/* Execute a hook if present */
|
|
885
|
-
|
|
895
|
+
_executeHooks(hooks.beforeSanitizeElements, currentNode, null);
|
|
886
896
|
/* Check if element is clobbered or can clobber */
|
|
887
897
|
if (_isClobbered(currentNode)) {
|
|
888
898
|
_forceRemove(currentNode);
|
|
@@ -891,7 +901,7 @@
|
|
|
891
901
|
/* Now let's check the element's type and name */
|
|
892
902
|
const tagName = transformCaseFunc(currentNode.nodeName);
|
|
893
903
|
/* Execute a hook if present */
|
|
894
|
-
|
|
904
|
+
_executeHooks(hooks.uponSanitizeElement, currentNode, {
|
|
895
905
|
tagName,
|
|
896
906
|
allowedTags: ALLOWED_TAGS
|
|
897
907
|
});
|
|
@@ -962,7 +972,7 @@
|
|
|
962
972
|
}
|
|
963
973
|
}
|
|
964
974
|
/* Execute a hook if present */
|
|
965
|
-
|
|
975
|
+
_executeHooks(hooks.afterSanitizeElements, currentNode, null);
|
|
966
976
|
return false;
|
|
967
977
|
};
|
|
968
978
|
/**
|
|
@@ -1023,7 +1033,7 @@
|
|
|
1023
1033
|
*/
|
|
1024
1034
|
const _sanitizeAttributes = function _sanitizeAttributes(currentNode) {
|
|
1025
1035
|
/* Execute a hook if present */
|
|
1026
|
-
|
|
1036
|
+
_executeHooks(hooks.beforeSanitizeAttributes, currentNode, null);
|
|
1027
1037
|
const {
|
|
1028
1038
|
attributes
|
|
1029
1039
|
} = currentNode;
|
|
@@ -1054,7 +1064,7 @@
|
|
|
1054
1064
|
hookEvent.attrValue = value;
|
|
1055
1065
|
hookEvent.keepAttr = true;
|
|
1056
1066
|
hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set
|
|
1057
|
-
|
|
1067
|
+
_executeHooks(hooks.uponSanitizeAttribute, currentNode, hookEvent);
|
|
1058
1068
|
value = hookEvent.attrValue;
|
|
1059
1069
|
/* Full DOM Clobbering protection via namespace isolation,
|
|
1060
1070
|
* Prefix id and name attributes with `user-content-`
|
|
@@ -1129,7 +1139,7 @@
|
|
|
1129
1139
|
} catch (_) {}
|
|
1130
1140
|
}
|
|
1131
1141
|
/* Execute a hook if present */
|
|
1132
|
-
|
|
1142
|
+
_executeHooks(hooks.afterSanitizeAttributes, currentNode, null);
|
|
1133
1143
|
};
|
|
1134
1144
|
/**
|
|
1135
1145
|
* _sanitizeShadowDOM
|
|
@@ -1140,10 +1150,10 @@
|
|
|
1140
1150
|
let shadowNode = null;
|
|
1141
1151
|
const shadowIterator = _createNodeIterator(fragment);
|
|
1142
1152
|
/* Execute a hook if present */
|
|
1143
|
-
|
|
1153
|
+
_executeHooks(hooks.beforeSanitizeShadowDOM, fragment, null);
|
|
1144
1154
|
while (shadowNode = shadowIterator.nextNode()) {
|
|
1145
1155
|
/* Execute a hook if present */
|
|
1146
|
-
|
|
1156
|
+
_executeHooks(hooks.uponSanitizeShadowNode, shadowNode, null);
|
|
1147
1157
|
/* Sanitize tags and elements */
|
|
1148
1158
|
if (_sanitizeElements(shadowNode)) {
|
|
1149
1159
|
continue;
|
|
@@ -1156,7 +1166,7 @@
|
|
|
1156
1166
|
_sanitizeAttributes(shadowNode);
|
|
1157
1167
|
}
|
|
1158
1168
|
/* Execute a hook if present */
|
|
1159
|
-
|
|
1169
|
+
_executeHooks(hooks.afterSanitizeShadowDOM, fragment, null);
|
|
1160
1170
|
};
|
|
1161
1171
|
// eslint-disable-next-line complexity
|
|
1162
1172
|
DOMPurify.sanitize = function (dirty) {
|
|
@@ -1314,21 +1324,16 @@
|
|
|
1314
1324
|
if (typeof hookFunction !== 'function') {
|
|
1315
1325
|
return;
|
|
1316
1326
|
}
|
|
1317
|
-
hooks[entryPoint] = hooks[entryPoint] || [];
|
|
1318
1327
|
arrayPush(hooks[entryPoint], hookFunction);
|
|
1319
1328
|
};
|
|
1320
1329
|
DOMPurify.removeHook = function (entryPoint) {
|
|
1321
|
-
|
|
1322
|
-
return arrayPop(hooks[entryPoint]);
|
|
1323
|
-
}
|
|
1330
|
+
return arrayPop(hooks[entryPoint]);
|
|
1324
1331
|
};
|
|
1325
1332
|
DOMPurify.removeHooks = function (entryPoint) {
|
|
1326
|
-
|
|
1327
|
-
hooks[entryPoint] = [];
|
|
1328
|
-
}
|
|
1333
|
+
hooks[entryPoint] = [];
|
|
1329
1334
|
};
|
|
1330
1335
|
DOMPurify.removeAllHooks = function () {
|
|
1331
|
-
hooks =
|
|
1336
|
+
hooks = _createHooksMap();
|
|
1332
1337
|
};
|
|
1333
1338
|
return DOMPurify;
|
|
1334
1339
|
}
|
package/dist/purify.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"purify.js","sources":[],"sourcesContent":[],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"purify.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
|