fl-web-component 1.2.4 → 1.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -0
- package/dist/fl-web-component.common.1.js +137 -191
- package/dist/fl-web-component.common.2.js +21 -26
- package/dist/fl-web-component.common.js +134 -118
- package/dist/fl-web-component.css +1 -1
- package/package.json +1 -1
- package/packages/components/com-graphics/index.vue +26 -12
|
@@ -18,7 +18,7 @@ function _iterableToArray(r) { if ("undefined" != typeof Symbol && null != r[Sym
|
|
|
18
18
|
function _arrayWithoutHoles(r) { if (Array.isArray(r)) return _arrayLikeToArray(r); }
|
|
19
19
|
function _arrayLikeToArray(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; }
|
|
20
20
|
function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (o) { return typeof o; } : function (o) { return o && "function" == typeof Symbol && o.constructor === Symbol && o !== Symbol.prototype ? "symbol" : typeof o; }, _typeof(o); }
|
|
21
|
-
/*! @license DOMPurify 3.2.
|
|
21
|
+
/*! @license DOMPurify 3.2.5 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.5/LICENSE */
|
|
22
22
|
|
|
23
23
|
(function (global, factory) {
|
|
24
24
|
( false ? undefined : _typeof(exports)) === 'object' && typeof module !== 'undefined' ? module.exports = factory() : true ? !(__WEBPACK_AMD_DEFINE_FACTORY__ = (factory),
|
|
@@ -235,7 +235,7 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
235
235
|
var TMPLIT_EXPR = seal(/\$\{[\w\W]*/gm); // eslint-disable-line unicorn/better-regex
|
|
236
236
|
var DATA_ATTR = seal(/^data-[\-\w.\u00B7-\uFFFF]+$/); // eslint-disable-line no-useless-escape
|
|
237
237
|
var ARIA_ATTR = seal(/^aria-[\-\w]+$/); // eslint-disable-line no-useless-escape
|
|
238
|
-
var IS_ALLOWED_URI = seal(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp
|
|
238
|
+
var IS_ALLOWED_URI = seal(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i // eslint-disable-line no-useless-escape
|
|
239
239
|
);
|
|
240
240
|
var IS_SCRIPT_OR_DATA = seal(/^(?:\w+script|data):/i);
|
|
241
241
|
var ATTR_WHITESPACE = seal(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g // eslint-disable-line no-control-regex
|
|
@@ -333,7 +333,7 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
333
333
|
var DOMPurify = function DOMPurify(root) {
|
|
334
334
|
return createDOMPurify(root);
|
|
335
335
|
};
|
|
336
|
-
DOMPurify.version = '3.2.
|
|
336
|
+
DOMPurify.version = '3.2.5';
|
|
337
337
|
DOMPurify.removed = [];
|
|
338
338
|
if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document || !window.Element) {
|
|
339
339
|
// Not running in a browser, provide a factory function
|
|
@@ -562,8 +562,8 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
562
562
|
URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR') ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), cfg.ADD_URI_SAFE_ATTR, transformCaseFunc) : DEFAULT_URI_SAFE_ATTRIBUTES;
|
|
563
563
|
DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS') ? addToSet(clone(DEFAULT_DATA_URI_TAGS), cfg.ADD_DATA_URI_TAGS, transformCaseFunc) : DEFAULT_DATA_URI_TAGS;
|
|
564
564
|
FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS') ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc) : DEFAULT_FORBID_CONTENTS;
|
|
565
|
-
FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS') ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) :
|
|
566
|
-
FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR') ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) :
|
|
565
|
+
FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS') ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) : {};
|
|
566
|
+
FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR') ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) : {};
|
|
567
567
|
USE_PROFILES = objectHasOwnProperty(cfg, 'USE_PROFILES') ? cfg.USE_PROFILES : false;
|
|
568
568
|
ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true
|
|
569
569
|
ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true
|
|
@@ -928,7 +928,7 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
928
928
|
allowedTags: ALLOWED_TAGS
|
|
929
929
|
});
|
|
930
930
|
/* Detect mXSS attempts abusing namespace confusion */
|
|
931
|
-
if (
|
|
931
|
+
if (currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w!]/g, currentNode.innerHTML) && regExpTest(/<[/\w!]/g, currentNode.textContent)) {
|
|
932
932
|
_forceRemove(currentNode);
|
|
933
933
|
return true;
|
|
934
934
|
}
|
|
@@ -1076,8 +1076,7 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
1076
1076
|
namespaceURI = attr.namespaceURI,
|
|
1077
1077
|
attrValue = attr.value;
|
|
1078
1078
|
var lcName = transformCaseFunc(name);
|
|
1079
|
-
var
|
|
1080
|
-
var value = name === 'value' ? initValue : stringTrim(initValue);
|
|
1079
|
+
var value = name === 'value' ? attrValue : stringTrim(attrValue);
|
|
1081
1080
|
/* Execute a hook if present */
|
|
1082
1081
|
hookEvent.attrName = lcName;
|
|
1083
1082
|
hookEvent.attrValue = value;
|
|
@@ -1103,9 +1102,10 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
1103
1102
|
if (hookEvent.forceKeepAttr) {
|
|
1104
1103
|
return 0; // continue
|
|
1105
1104
|
}
|
|
1105
|
+
/* Remove attribute */
|
|
1106
|
+
_removeAttribute(name, currentNode);
|
|
1106
1107
|
/* Did the hooks approve of the attribute? */
|
|
1107
1108
|
if (!hookEvent.keepAttr) {
|
|
1108
|
-
_removeAttribute(name, currentNode);
|
|
1109
1109
|
return 0; // continue
|
|
1110
1110
|
}
|
|
1111
1111
|
/* Work around a security issue in jQuery 3.0 */
|
|
@@ -1122,7 +1122,6 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
1122
1122
|
/* Is `value` valid for this attribute? */
|
|
1123
1123
|
var lcTag = transformCaseFunc(currentNode.nodeName);
|
|
1124
1124
|
if (!_isValidAttribute(lcTag, lcName, value)) {
|
|
1125
|
-
_removeAttribute(name, currentNode);
|
|
1126
1125
|
return 0; // continue
|
|
1127
1126
|
}
|
|
1128
1127
|
/* Handle attributes that require Trusted Types */
|
|
@@ -1143,23 +1142,19 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
|
|
|
1143
1142
|
}
|
|
1144
1143
|
}
|
|
1145
1144
|
/* Handle invalid data-* attribute set by try-catching it */
|
|
1146
|
-
|
|
1147
|
-
|
|
1148
|
-
|
|
1149
|
-
|
|
1150
|
-
|
|
1151
|
-
|
|
1152
|
-
currentNode.setAttribute(name, value);
|
|
1153
|
-
}
|
|
1154
|
-
if (_isClobbered(currentNode)) {
|
|
1155
|
-
_forceRemove(currentNode);
|
|
1156
|
-
} else {
|
|
1157
|
-
arrayPop(DOMPurify.removed);
|
|
1158
|
-
}
|
|
1159
|
-
} catch (_) {
|
|
1160
|
-
_removeAttribute(name, currentNode);
|
|
1145
|
+
try {
|
|
1146
|
+
if (namespaceURI) {
|
|
1147
|
+
currentNode.setAttributeNS(namespaceURI, name, value);
|
|
1148
|
+
} else {
|
|
1149
|
+
/* Fallback to setAttribute() for browser-unrecognized namespaces e.g. "x-schema". */
|
|
1150
|
+
currentNode.setAttribute(name, value);
|
|
1161
1151
|
}
|
|
1162
|
-
|
|
1152
|
+
if (_isClobbered(currentNode)) {
|
|
1153
|
+
_forceRemove(currentNode);
|
|
1154
|
+
} else {
|
|
1155
|
+
arrayPop(DOMPurify.removed);
|
|
1156
|
+
}
|
|
1157
|
+
} catch (_) {}
|
|
1163
1158
|
},
|
|
1164
1159
|
_ret;
|
|
1165
1160
|
while (l--) {
|