fl-web-component 1.2.3 → 1.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -12
- package/dist/fl-web-component.common.1.js +191 -137
- package/dist/fl-web-component.common.2.js +26 -21
- package/dist/fl-web-component.common.js +73 -67
- package/package.json +1 -1
- package/src/utils/flgltf-parser.js +5 -1
- package/src/utils/instance-parser.js +11 -5
|
@@ -18,7 +18,7 @@ function _iterableToArray(r) { if ("undefined" != typeof Symbol && null != r[Sym
|
|
|
18
18
|
function _arrayWithoutHoles(r) { if (Array.isArray(r)) return _arrayLikeToArray(r); }
|
|
19
19
|
function _arrayLikeToArray(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; }
|
|
20
20
|
function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) { return typeof o; } : function (o) { return o && "function" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? "symbol" : typeof o; }, _typeof(o); }
|
|
21
|
-
/*! @license DOMPurify 3.2.
|
|
21
|
+
/*! @license DOMPurify 3.2.6 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.6/LICENSE */
|
|
22
22
|
|
|
23
23
|
(function (global, factory) {
|
|
24
24
|
( false ? undefined : _typeof(exports)) === 'object' && typeof module !== 'undefined' ? module.exports = factory() : true ? !(__WEBPACK_AMD_DEFINE_FACTORY__ = (factory),
|
|
@@ -235,7 +235,7 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
235
235
|
var TMPLIT_EXPR = seal(/\$\{[\w\W]*/gm); // eslint-disable-line unicorn/better-regex
|
|
236
236
|
var DATA_ATTR = seal(/^data-[\-\w.\u00B7-\uFFFF]+$/); // eslint-disable-line no-useless-escape
|
|
237
237
|
var ARIA_ATTR = seal(/^aria-[\-\w]+$/); // eslint-disable-line no-useless-escape
|
|
238
|
-
var IS_ALLOWED_URI = seal(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i // eslint-disable-line no-useless-escape
|
|
238
|
+
var IS_ALLOWED_URI = seal(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp|matrix):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i // eslint-disable-line no-useless-escape
|
|
239
239
|
);
|
|
240
240
|
var IS_SCRIPT_OR_DATA = seal(/^(?:\w+script|data):/i);
|
|
241
241
|
var ATTR_WHITESPACE = seal(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g // eslint-disable-line no-control-regex
|
|
@@ -333,7 +333,7 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
333
333
|
var DOMPurify = function DOMPurify(root) {
|
|
334
334
|
return createDOMPurify(root);
|
|
335
335
|
};
|
|
336
|
-
DOMPurify.version = '3.2.
|
|
336
|
+
DOMPurify.version = '3.2.6';
|
|
337
337
|
DOMPurify.removed = [];
|
|
338
338
|
if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document || !window.Element) {
|
|
339
339
|
// Not running in a browser, provide a factory function
|
|
@@ -562,8 +562,8 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
562
562
|
URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR') ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), cfg.ADD_URI_SAFE_ATTR, transformCaseFunc) : DEFAULT_URI_SAFE_ATTRIBUTES;
|
|
563
563
|
DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS') ? addToSet(clone(DEFAULT_DATA_URI_TAGS), cfg.ADD_DATA_URI_TAGS, transformCaseFunc) : DEFAULT_DATA_URI_TAGS;
|
|
564
564
|
FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS') ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc) : DEFAULT_FORBID_CONTENTS;
|
|
565
|
-
FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS') ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) : {};
|
|
566
|
-
FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR') ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) : {};
|
|
565
|
+
FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS') ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) : clone({});
|
|
566
|
+
FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR') ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) : clone({});
|
|
567
567
|
USE_PROFILES = objectHasOwnProperty(cfg, 'USE_PROFILES') ? cfg.USE_PROFILES : false;
|
|
568
568
|
ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true
|
|
569
569
|
ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true
|
|
@@ -928,7 +928,7 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
928
928
|
allowedTags: ALLOWED_TAGS
|
|
929
929
|
});
|
|
930
930
|
/* Detect mXSS attempts abusing namespace confusion */
|
|
931
|
-
if (currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w!]/g, currentNode.innerHTML) && regExpTest(/<[/\w!]/g, currentNode.textContent)) {
|
|
931
|
+
if (SAFE_FOR_XML && currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w!]/g, currentNode.innerHTML) && regExpTest(/<[/\w!]/g, currentNode.textContent)) {
|
|
932
932
|
_forceRemove(currentNode);
|
|
933
933
|
return true;
|
|
934
934
|
}
|
|
@@ -1076,7 +1076,8 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
1076
1076
|
namespaceURI = attr.namespaceURI,
|
|
1077
1077
|
attrValue = attr.value;
|
|
1078
1078
|
var lcName = transformCaseFunc(name);
|
|
1079
|
-
var
|
|
1079
|
+
var initValue = attrValue;
|
|
1080
|
+
var value = name === 'value' ? initValue : stringTrim(initValue);
|
|
1080
1081
|
/* Execute a hook if present */
|
|
1081
1082
|
hookEvent.attrName = lcName;
|
|
1082
1083
|
hookEvent.attrValue = value;
|
|
@@ -1102,10 +1103,9 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
1102
1103
|
if (hookEvent.forceKeepAttr) {
|
|
1103
1104
|
return 0; // continue
|
|
1104
1105
|
}
|
|
1105
|
-
/* Remove attribute */
|
|
1106
|
-
_removeAttribute(name, currentNode);
|
|
1107
1106
|
/* Did the hooks approve of the attribute? */
|
|
1108
1107
|
if (!hookEvent.keepAttr) {
|
|
1108
|
+
_removeAttribute(name, currentNode);
|
|
1109
1109
|
return 0; // continue
|
|
1110
1110
|
}
|
|
1111
1111
|
/* Work around a security issue in jQuery 3.0 */
|
|
@@ -1122,6 +1122,7 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
1122
1122
|
/* Is `value` valid for this attribute? */
|
|
1123
1123
|
var lcTag = transformCaseFunc(currentNode.nodeName);
|
|
1124
1124
|
if (!_isValidAttribute(lcTag, lcName, value)) {
|
|
1125
|
+
_removeAttribute(name, currentNode);
|
|
1125
1126
|
return 0; // continue
|
|
1126
1127
|
}
|
|
1127
1128
|
/* Handle attributes that require Trusted Types */
|
|
@@ -1142,19 +1143,23 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
1142
1143
|
}
|
|
1143
1144
|
}
|
|
1144
1145
|
/* Handle invalid data-* attribute set by try-catching it */
|
|
1145
|
-
|
|
1146
|
-
|
|
1147
|
-
|
|
1148
|
-
|
|
1149
|
-
|
|
1150
|
-
|
|
1151
|
-
|
|
1152
|
-
|
|
1153
|
-
|
|
1154
|
-
|
|
1155
|
-
|
|
1146
|
+
if (value !== initValue) {
|
|
1147
|
+
try {
|
|
1148
|
+
if (namespaceURI) {
|
|
1149
|
+
currentNode.setAttributeNS(namespaceURI, name, value);
|
|
1150
|
+
} else {
|
|
1151
|
+
/* Fallback to setAttribute() for browser-unrecognized namespaces e.g. "x-schema". */
|
|
1152
|
+
currentNode.setAttribute(name, value);
|
|
1153
|
+
}
|
|
1154
|
+
if (_isClobbered(currentNode)) {
|
|
1155
|
+
_forceRemove(currentNode);
|
|
1156
|
+
} else {
|
|
1157
|
+
arrayPop(DOMPurify.removed);
|
|
1158
|
+
}
|
|
1159
|
+
} catch (_) {
|
|
1160
|
+
_removeAttribute(name, currentNode);
|
|
1156
1161
|
}
|
|
1157
|
-
}
|
|
1162
|
+
}
|
|
1158
1163
|
},
|
|
1159
1164
|
_ret;
|
|
1160
1165
|
while (l--) {
|