jodit-pro 4.12.36 → 4.12.38
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/es2015/jodit.css +1 -1
- package/es2015/jodit.fat.min.js +2 -2
- package/es2015/jodit.js +25 -7
- package/es2015/jodit.min.js +2 -2
- package/es2015/plugins/ai-assistant-pro/ai-assistant-pro.css +1 -1
- package/es2015/plugins/ai-assistant-pro/ai-assistant-pro.js +1 -1
- package/es2015/plugins/ai-assistant-pro/ai-assistant-pro.min.js +1 -1
- package/es2015/plugins/autocomplete/autocomplete.css +1 -1
- package/es2015/plugins/autocomplete/autocomplete.js +1 -1
- package/es2015/plugins/autocomplete/autocomplete.min.js +1 -1
- package/es2015/plugins/backup/backup.css +1 -1
- package/es2015/plugins/backup/backup.js +1 -1
- package/es2015/plugins/backup/backup.min.js +1 -1
- package/es2015/plugins/button-generator/button-generator.css +1 -1
- package/es2015/plugins/button-generator/button-generator.js +1 -1
- package/es2015/plugins/button-generator/button-generator.min.js +1 -1
- package/es2015/plugins/change-case/change-case.js +1 -1
- package/es2015/plugins/change-case/change-case.min.js +1 -1
- package/es2015/plugins/color-picker/color-picker.css +1 -1
- package/es2015/plugins/color-picker/color-picker.js +1 -1
- package/es2015/plugins/color-picker/color-picker.min.js +1 -1
- package/es2015/plugins/emoji/emoji.css +1 -1
- package/es2015/plugins/emoji/emoji.js +1 -1
- package/es2015/plugins/emoji/emoji.min.js +1 -1
- package/es2015/plugins/export-docs/export-docs.js +1 -1
- package/es2015/plugins/export-docs/export-docs.min.js +1 -1
- package/es2015/plugins/finder/finder.css +1 -1
- package/es2015/plugins/finder/finder.js +1 -1
- package/es2015/plugins/finder/finder.min.js +1 -1
- package/es2015/plugins/google-maps/google-maps.css +1 -1
- package/es2015/plugins/google-maps/google-maps.js +1 -1
- package/es2015/plugins/google-maps/google-maps.min.js +1 -1
- package/es2015/plugins/google-search/google-search.js +1 -1
- package/es2015/plugins/google-search/google-search.min.js +1 -1
- package/es2015/plugins/highlight-signature/highlight-signature.js +1 -1
- package/es2015/plugins/highlight-signature/highlight-signature.min.js +1 -1
- package/es2015/plugins/iframe-editor/iframe-editor.css +1 -1
- package/es2015/plugins/iframe-editor/iframe-editor.js +1 -1
- package/es2015/plugins/iframe-editor/iframe-editor.min.js +1 -1
- package/es2015/plugins/keyboard/keyboard.css +1 -1
- package/es2015/plugins/keyboard/keyboard.js +1 -1
- package/es2015/plugins/keyboard/keyboard.min.js +1 -1
- package/es2015/plugins/mobile-view/mobile-view.js +1 -1
- package/es2015/plugins/mobile-view/mobile-view.min.js +1 -1
- package/es2015/plugins/page-break/page-break.js +1 -1
- package/es2015/plugins/page-break/page-break.min.js +1 -1
- package/es2015/plugins/paste-code/paste-code.css +1 -1
- package/es2015/plugins/paste-code/paste-code.js +1 -1
- package/es2015/plugins/paste-code/paste-code.min.js +1 -1
- package/es2015/plugins/paste-from-word/paste-from-word.js +1 -1
- package/es2015/plugins/paste-from-word/paste-from-word.min.js +1 -1
- package/es2015/plugins/show-blocks/show-blocks.js +1 -1
- package/es2015/plugins/show-blocks/show-blocks.min.js +1 -1
- package/es2015/plugins/style/style.css +1 -1
- package/es2015/plugins/style/style.js +1 -1
- package/es2015/plugins/style/style.min.js +1 -1
- package/es2015/plugins/templates/templates.css +1 -1
- package/es2015/plugins/templates/templates.js +1 -1
- package/es2015/plugins/templates/templates.min.js +1 -1
- package/es2015/plugins/todo-list/todo-list.css +1 -1
- package/es2015/plugins/todo-list/todo-list.js +1 -1
- package/es2015/plugins/todo-list/todo-list.min.js +1 -1
- package/es2015/plugins/translate/translate.css +1 -1
- package/es2015/plugins/translate/translate.js +1 -1
- package/es2015/plugins/translate/translate.min.js +1 -1
- package/es2015/plugins/tune-block/tune-block.css +1 -1
- package/es2015/plugins/tune-block/tune-block.js +1 -1
- package/es2015/plugins/tune-block/tune-block.min.js +1 -1
- package/es2018/jodit.fat.min.js +2 -2
- package/es2018/jodit.min.js +2 -2
- package/es2018/plugins/ai-assistant-pro/ai-assistant-pro.min.js +1 -1
- package/es2018/plugins/autocomplete/autocomplete.min.js +1 -1
- package/es2018/plugins/backup/backup.min.js +1 -1
- package/es2018/plugins/button-generator/button-generator.min.js +1 -1
- package/es2018/plugins/change-case/change-case.min.js +1 -1
- package/es2018/plugins/color-picker/color-picker.min.js +1 -1
- package/es2018/plugins/emoji/emoji.min.js +1 -1
- package/es2018/plugins/export-docs/export-docs.min.js +1 -1
- package/es2018/plugins/finder/finder.min.js +1 -1
- package/es2018/plugins/google-maps/google-maps.min.js +1 -1
- package/es2018/plugins/google-search/google-search.min.js +1 -1
- package/es2018/plugins/highlight-signature/highlight-signature.min.js +1 -1
- package/es2018/plugins/iframe-editor/iframe-editor.min.js +1 -1
- package/es2018/plugins/keyboard/keyboard.min.js +1 -1
- package/es2018/plugins/mobile-view/mobile-view.min.js +1 -1
- package/es2018/plugins/page-break/page-break.min.js +1 -1
- package/es2018/plugins/paste-code/paste-code.min.js +1 -1
- package/es2018/plugins/paste-from-word/paste-from-word.min.js +1 -1
- package/es2018/plugins/show-blocks/show-blocks.min.js +1 -1
- package/es2018/plugins/style/style.min.js +1 -1
- package/es2018/plugins/templates/templates.min.js +1 -1
- package/es2018/plugins/todo-list/todo-list.min.js +1 -1
- package/es2018/plugins/translate/translate.min.js +1 -1
- package/es2018/plugins/tune-block/tune-block.min.js +1 -1
- package/es2021/jodit.css +1 -1
- package/es2021/jodit.fat.min.js +3 -3
- package/es2021/jodit.js +25 -7
- package/es2021/jodit.min.js +3 -3
- package/es2021/plugins/ai-assistant-pro/ai-assistant-pro.css +1 -1
- package/es2021/plugins/ai-assistant-pro/ai-assistant-pro.js +1 -1
- package/es2021/plugins/ai-assistant-pro/ai-assistant-pro.min.js +1 -1
- package/es2021/plugins/autocomplete/autocomplete.css +1 -1
- package/es2021/plugins/autocomplete/autocomplete.js +1 -1
- package/es2021/plugins/autocomplete/autocomplete.min.js +1 -1
- package/es2021/plugins/backup/backup.css +1 -1
- package/es2021/plugins/backup/backup.js +1 -1
- package/es2021/plugins/backup/backup.min.js +1 -1
- package/es2021/plugins/button-generator/button-generator.css +1 -1
- package/es2021/plugins/button-generator/button-generator.js +1 -1
- package/es2021/plugins/button-generator/button-generator.min.js +1 -1
- package/es2021/plugins/change-case/change-case.js +1 -1
- package/es2021/plugins/change-case/change-case.min.js +1 -1
- package/es2021/plugins/color-picker/color-picker.css +1 -1
- package/es2021/plugins/color-picker/color-picker.js +1 -1
- package/es2021/plugins/color-picker/color-picker.min.js +1 -1
- package/es2021/plugins/emoji/emoji.css +1 -1
- package/es2021/plugins/emoji/emoji.js +1 -1
- package/es2021/plugins/emoji/emoji.min.js +1 -1
- package/es2021/plugins/export-docs/export-docs.js +1 -1
- package/es2021/plugins/export-docs/export-docs.min.js +1 -1
- package/es2021/plugins/finder/finder.css +1 -1
- package/es2021/plugins/finder/finder.js +1 -1
- package/es2021/plugins/finder/finder.min.js +1 -1
- package/es2021/plugins/google-maps/google-maps.css +1 -1
- package/es2021/plugins/google-maps/google-maps.js +1 -1
- package/es2021/plugins/google-maps/google-maps.min.js +1 -1
- package/es2021/plugins/google-search/google-search.js +1 -1
- package/es2021/plugins/google-search/google-search.min.js +1 -1
- package/es2021/plugins/highlight-signature/highlight-signature.js +1 -1
- package/es2021/plugins/highlight-signature/highlight-signature.min.js +1 -1
- package/es2021/plugins/iframe-editor/iframe-editor.css +1 -1
- package/es2021/plugins/iframe-editor/iframe-editor.js +1 -1
- package/es2021/plugins/iframe-editor/iframe-editor.min.js +1 -1
- package/es2021/plugins/keyboard/keyboard.css +1 -1
- package/es2021/plugins/keyboard/keyboard.js +1 -1
- package/es2021/plugins/keyboard/keyboard.min.js +1 -1
- package/es2021/plugins/mobile-view/mobile-view.js +1 -1
- package/es2021/plugins/mobile-view/mobile-view.min.js +1 -1
- package/es2021/plugins/page-break/page-break.js +1 -1
- package/es2021/plugins/page-break/page-break.min.js +1 -1
- package/es2021/plugins/paste-code/paste-code.css +1 -1
- package/es2021/plugins/paste-code/paste-code.js +1 -1
- package/es2021/plugins/paste-code/paste-code.min.js +1 -1
- package/es2021/plugins/paste-from-word/paste-from-word.js +1 -1
- package/es2021/plugins/paste-from-word/paste-from-word.min.js +1 -1
- package/es2021/plugins/show-blocks/show-blocks.js +1 -1
- package/es2021/plugins/show-blocks/show-blocks.min.js +1 -1
- package/es2021/plugins/style/style.css +1 -1
- package/es2021/plugins/style/style.js +1 -1
- package/es2021/plugins/style/style.min.js +1 -1
- package/es2021/plugins/templates/templates.css +1 -1
- package/es2021/plugins/templates/templates.js +1 -1
- package/es2021/plugins/templates/templates.min.js +1 -1
- package/es2021/plugins/todo-list/todo-list.css +1 -1
- package/es2021/plugins/todo-list/todo-list.js +1 -1
- package/es2021/plugins/todo-list/todo-list.min.js +1 -1
- package/es2021/plugins/translate/translate.css +1 -1
- package/es2021/plugins/translate/translate.js +1 -1
- package/es2021/plugins/translate/translate.min.js +1 -1
- package/es2021/plugins/tune-block/tune-block.css +1 -1
- package/es2021/plugins/tune-block/tune-block.js +1 -1
- package/es2021/plugins/tune-block/tune-block.min.js +1 -1
- package/es2021.en/jodit.css +1 -1
- package/es2021.en/jodit.fat.min.js +3 -3
- package/es2021.en/jodit.js +25 -7
- package/es2021.en/jodit.min.js +3 -3
- package/es2021.en/plugins/ai-assistant-pro/ai-assistant-pro.css +1 -1
- package/es2021.en/plugins/ai-assistant-pro/ai-assistant-pro.js +1 -1
- package/es2021.en/plugins/ai-assistant-pro/ai-assistant-pro.min.js +1 -1
- package/es2021.en/plugins/autocomplete/autocomplete.css +1 -1
- package/es2021.en/plugins/autocomplete/autocomplete.js +1 -1
- package/es2021.en/plugins/autocomplete/autocomplete.min.js +1 -1
- package/es2021.en/plugins/backup/backup.css +1 -1
- package/es2021.en/plugins/backup/backup.js +1 -1
- package/es2021.en/plugins/backup/backup.min.js +1 -1
- package/es2021.en/plugins/button-generator/button-generator.css +1 -1
- package/es2021.en/plugins/button-generator/button-generator.js +1 -1
- package/es2021.en/plugins/button-generator/button-generator.min.js +1 -1
- package/es2021.en/plugins/change-case/change-case.js +1 -1
- package/es2021.en/plugins/change-case/change-case.min.js +1 -1
- package/es2021.en/plugins/color-picker/color-picker.css +1 -1
- package/es2021.en/plugins/color-picker/color-picker.js +1 -1
- package/es2021.en/plugins/color-picker/color-picker.min.js +1 -1
- package/es2021.en/plugins/emoji/emoji.css +1 -1
- package/es2021.en/plugins/emoji/emoji.js +1 -1
- package/es2021.en/plugins/emoji/emoji.min.js +1 -1
- package/es2021.en/plugins/export-docs/export-docs.js +1 -1
- package/es2021.en/plugins/export-docs/export-docs.min.js +1 -1
- package/es2021.en/plugins/finder/finder.css +1 -1
- package/es2021.en/plugins/finder/finder.js +1 -1
- package/es2021.en/plugins/finder/finder.min.js +1 -1
- package/es2021.en/plugins/google-maps/google-maps.css +1 -1
- package/es2021.en/plugins/google-maps/google-maps.js +1 -1
- package/es2021.en/plugins/google-maps/google-maps.min.js +1 -1
- package/es2021.en/plugins/google-search/google-search.js +1 -1
- package/es2021.en/plugins/google-search/google-search.min.js +1 -1
- package/es2021.en/plugins/highlight-signature/highlight-signature.js +1 -1
- package/es2021.en/plugins/highlight-signature/highlight-signature.min.js +1 -1
- package/es2021.en/plugins/iframe-editor/iframe-editor.css +1 -1
- package/es2021.en/plugins/iframe-editor/iframe-editor.js +1 -1
- package/es2021.en/plugins/iframe-editor/iframe-editor.min.js +1 -1
- package/es2021.en/plugins/keyboard/keyboard.css +1 -1
- package/es2021.en/plugins/keyboard/keyboard.js +1 -1
- package/es2021.en/plugins/keyboard/keyboard.min.js +1 -1
- package/es2021.en/plugins/mobile-view/mobile-view.js +1 -1
- package/es2021.en/plugins/mobile-view/mobile-view.min.js +1 -1
- package/es2021.en/plugins/page-break/page-break.js +1 -1
- package/es2021.en/plugins/page-break/page-break.min.js +1 -1
- package/es2021.en/plugins/paste-code/paste-code.css +1 -1
- package/es2021.en/plugins/paste-code/paste-code.js +1 -1
- package/es2021.en/plugins/paste-code/paste-code.min.js +1 -1
- package/es2021.en/plugins/paste-from-word/paste-from-word.js +1 -1
- package/es2021.en/plugins/paste-from-word/paste-from-word.min.js +1 -1
- package/es2021.en/plugins/show-blocks/show-blocks.js +1 -1
- package/es2021.en/plugins/show-blocks/show-blocks.min.js +1 -1
- package/es2021.en/plugins/style/style.css +1 -1
- package/es2021.en/plugins/style/style.js +1 -1
- package/es2021.en/plugins/style/style.min.js +1 -1
- package/es2021.en/plugins/templates/templates.css +1 -1
- package/es2021.en/plugins/templates/templates.js +1 -1
- package/es2021.en/plugins/templates/templates.min.js +1 -1
- package/es2021.en/plugins/todo-list/todo-list.css +1 -1
- package/es2021.en/plugins/todo-list/todo-list.js +1 -1
- package/es2021.en/plugins/todo-list/todo-list.min.js +1 -1
- package/es2021.en/plugins/translate/translate.css +1 -1
- package/es2021.en/plugins/translate/translate.js +1 -1
- package/es2021.en/plugins/translate/translate.min.js +1 -1
- package/es2021.en/plugins/tune-block/tune-block.css +1 -1
- package/es2021.en/plugins/tune-block/tune-block.js +1 -1
- package/es2021.en/plugins/tune-block/tune-block.min.js +1 -1
- package/es5/jodit.css +2 -2
- package/es5/jodit.fat.min.js +2 -2
- package/es5/jodit.js +26 -8
- package/es5/jodit.min.css +2 -2
- package/es5/jodit.min.js +2 -2
- package/es5/plugins/ai-assistant-pro/ai-assistant-pro.css +1 -1
- package/es5/plugins/ai-assistant-pro/ai-assistant-pro.js +1 -1
- package/es5/plugins/ai-assistant-pro/ai-assistant-pro.min.js +1 -1
- package/es5/plugins/autocomplete/autocomplete.css +1 -1
- package/es5/plugins/autocomplete/autocomplete.js +1 -1
- package/es5/plugins/autocomplete/autocomplete.min.js +1 -1
- package/es5/plugins/backup/backup.css +1 -1
- package/es5/plugins/backup/backup.js +1 -1
- package/es5/plugins/backup/backup.min.js +1 -1
- package/es5/plugins/button-generator/button-generator.css +1 -1
- package/es5/plugins/button-generator/button-generator.js +1 -1
- package/es5/plugins/button-generator/button-generator.min.js +1 -1
- package/es5/plugins/change-case/change-case.js +1 -1
- package/es5/plugins/change-case/change-case.min.js +1 -1
- package/es5/plugins/color-picker/color-picker.css +1 -1
- package/es5/plugins/color-picker/color-picker.js +1 -1
- package/es5/plugins/color-picker/color-picker.min.js +1 -1
- package/es5/plugins/emoji/emoji.css +1 -1
- package/es5/plugins/emoji/emoji.js +1 -1
- package/es5/plugins/emoji/emoji.min.js +1 -1
- package/es5/plugins/export-docs/export-docs.js +1 -1
- package/es5/plugins/export-docs/export-docs.min.js +1 -1
- package/es5/plugins/finder/finder.css +1 -1
- package/es5/plugins/finder/finder.js +1 -1
- package/es5/plugins/finder/finder.min.js +1 -1
- package/es5/plugins/google-maps/google-maps.css +1 -1
- package/es5/plugins/google-maps/google-maps.js +1 -1
- package/es5/plugins/google-maps/google-maps.min.js +1 -1
- package/es5/plugins/google-search/google-search.js +1 -1
- package/es5/plugins/google-search/google-search.min.js +1 -1
- package/es5/plugins/highlight-signature/highlight-signature.js +1 -1
- package/es5/plugins/highlight-signature/highlight-signature.min.js +1 -1
- package/es5/plugins/iframe-editor/iframe-editor.css +1 -1
- package/es5/plugins/iframe-editor/iframe-editor.js +1 -1
- package/es5/plugins/iframe-editor/iframe-editor.min.js +1 -1
- package/es5/plugins/keyboard/keyboard.css +1 -1
- package/es5/plugins/keyboard/keyboard.js +1 -1
- package/es5/plugins/keyboard/keyboard.min.js +1 -1
- package/es5/plugins/mobile-view/mobile-view.js +1 -1
- package/es5/plugins/mobile-view/mobile-view.min.js +1 -1
- package/es5/plugins/page-break/page-break.js +1 -1
- package/es5/plugins/page-break/page-break.min.js +1 -1
- package/es5/plugins/paste-code/paste-code.css +1 -1
- package/es5/plugins/paste-code/paste-code.js +1 -1
- package/es5/plugins/paste-code/paste-code.min.js +1 -1
- package/es5/plugins/paste-from-word/paste-from-word.js +1 -1
- package/es5/plugins/paste-from-word/paste-from-word.min.js +1 -1
- package/es5/plugins/show-blocks/show-blocks.js +1 -1
- package/es5/plugins/show-blocks/show-blocks.min.js +1 -1
- package/es5/plugins/style/style.css +1 -1
- package/es5/plugins/style/style.js +1 -1
- package/es5/plugins/style/style.min.js +1 -1
- package/es5/plugins/templates/templates.css +1 -1
- package/es5/plugins/templates/templates.js +1 -1
- package/es5/plugins/templates/templates.min.js +1 -1
- package/es5/plugins/todo-list/todo-list.css +1 -1
- package/es5/plugins/todo-list/todo-list.js +1 -1
- package/es5/plugins/todo-list/todo-list.min.js +1 -1
- package/es5/plugins/translate/translate.css +1 -1
- package/es5/plugins/translate/translate.js +1 -1
- package/es5/plugins/translate/translate.min.js +1 -1
- package/es5/plugins/tune-block/tune-block.css +1 -1
- package/es5/plugins/tune-block/tune-block.js +1 -1
- package/es5/plugins/tune-block/tune-block.min.js +1 -1
- package/es5/polyfills.fat.min.js +1 -1
- package/es5/polyfills.js +1 -1
- package/es5/polyfills.min.js +1 -1
- package/package.json +1 -1
package/es2015/jodit.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/*!
|
|
2
2
|
* jodit-pro - PRO Version of Jodit Editor
|
|
3
3
|
* Author: Chupurnov Valerii <chupurnov@gmail.com>
|
|
4
|
-
* Version: v4.12.
|
|
4
|
+
* Version: v4.12.38
|
|
5
5
|
* Url: https://xdsoft.net/jodit/pro/
|
|
6
6
|
* License(s): SEE LICENSE IN LICENSE.md
|
|
7
7
|
*/
|
|
@@ -1805,7 +1805,7 @@ __webpack_require__.r(__webpack_exports__);
|
|
|
1805
1805
|
* ```
|
|
1806
1806
|
* @packageDocumentation
|
|
1807
1807
|
* @module constants
|
|
1808
|
-
*/ const APP_VERSION = "4.12.
|
|
1808
|
+
*/ const APP_VERSION = "4.12.38";
|
|
1809
1809
|
// prettier-ignore
|
|
1810
1810
|
const ES = "es2015";
|
|
1811
1811
|
const IS_ES_MODERN = true;
|
|
@@ -5649,11 +5649,22 @@ function normalizeCSS(s) {
|
|
|
5649
5649
|
* it applies them to the selectors in the HTML itself
|
|
5650
5650
|
* and then removes the selector styles, leaving only the inline ones.
|
|
5651
5651
|
*/ function applyStyles(html) {
|
|
5652
|
-
|
|
5652
|
+
// Match the opening <html> tag whether or not it carries attributes. MS
|
|
5653
|
+
// Word emits `<html xmlns:o=…>` (note the trailing space), but Excel/Calc
|
|
5654
|
+
// wrap the copied table in a bare `<html>`. The old `'<html '` check missed
|
|
5655
|
+
// the bare tag, so for Excel clipboards the `<style>` rules (class-based
|
|
5656
|
+
// cell backgrounds/borders, e.g. `.xl31 { background:#FCE4D6 }`) were never
|
|
5657
|
+
// inlined and all styling was lost once the `<style>` block got stripped.
|
|
5658
|
+
// See https://github.com/xdan/jodit/issues/1362
|
|
5659
|
+
const openMatch = /<html(?:\s[^>]*)?>/i.exec(html);
|
|
5660
|
+
if (!openMatch) {
|
|
5653
5661
|
return html;
|
|
5654
5662
|
}
|
|
5655
|
-
html = html.substring(
|
|
5656
|
-
|
|
5663
|
+
html = html.substring(openMatch.index);
|
|
5664
|
+
const closeIndex = html.toLowerCase().lastIndexOf('</html>');
|
|
5665
|
+
if (closeIndex !== -1) {
|
|
5666
|
+
html = html.substring(0, closeIndex + '</html>'.length);
|
|
5667
|
+
}
|
|
5657
5668
|
const iframe = _constants_js__WEBPACK_IMPORTED_MODULE_0__.globalDocument.createElement('iframe');
|
|
5658
5669
|
iframe.style.display = 'none';
|
|
5659
5670
|
_constants_js__WEBPACK_IMPORTED_MODULE_0__.globalDocument.body.appendChild(iframe);
|
|
@@ -6045,8 +6056,16 @@ function sanitizeHTMLElement(elm, { safeJavaScriptLink, removeOnError } = {
|
|
|
6045
6056
|
(0,_utils_index_js__WEBPACK_IMPORTED_MODULE_1__.attr)(elm, 'onerror', null);
|
|
6046
6057
|
effected = true;
|
|
6047
6058
|
}
|
|
6059
|
+
const tagName = elm.nodeName.toLowerCase();
|
|
6048
6060
|
const href = elm.getAttribute('href');
|
|
6049
|
-
|
|
6061
|
+
// Neutralize executable-scheme `href`s with the same normalization used for
|
|
6062
|
+
// every other URL attribute (`isDangerousUrl`), which strips control bytes,
|
|
6063
|
+
// tabs and newlines and lowercases before matching the scheme. The previous
|
|
6064
|
+
// bare `href.trim().indexOf('javascript') === 0` was case-sensitive and
|
|
6065
|
+
// missed `JAVASCRIPT:`, a leading control byte, or a tab/newline inside the
|
|
6066
|
+
// scheme (e.g. `java\tscript:`) — all of which the browser still resolves to
|
|
6067
|
+
// `javascript:` on click. See GHSA-j839-gqq4-gf9j.
|
|
6068
|
+
if (safeJavaScriptLink && href && isDangerousUrl(href, tagName)) {
|
|
6050
6069
|
(0,_utils_index_js__WEBPACK_IMPORTED_MODULE_1__.attr)(elm, 'href', location.protocol + '//' + href);
|
|
6051
6070
|
effected = true;
|
|
6052
6071
|
}
|
|
@@ -6057,7 +6076,6 @@ function sanitizeHTMLElement(elm, { safeJavaScriptLink, removeOnError } = {
|
|
|
6057
6076
|
effected = true;
|
|
6058
6077
|
}
|
|
6059
6078
|
// Strip executable schemes from any other URL-bearing attribute.
|
|
6060
|
-
const tagName = elm.nodeName.toLowerCase();
|
|
6061
6079
|
for (const name of URL_ATTRIBUTES){
|
|
6062
6080
|
const value = elm.getAttribute(name);
|
|
6063
6081
|
if (value && isDangerousUrl(value, tagName)) {
|