jodit 4.12.25 → 4.12.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/es2015/jodit.css +1 -1
  3. package/es2015/jodit.fat.min.js +3 -3
  4. package/es2015/jodit.js +82 -51
  5. package/es2015/jodit.min.js +3 -3
  6. package/es2015/plugins/debug/debug.css +1 -1
  7. package/es2015/plugins/debug/debug.js +1 -1
  8. package/es2015/plugins/debug/debug.min.js +1 -1
  9. package/es2015/plugins/speech-recognize/speech-recognize.css +1 -1
  10. package/es2015/plugins/speech-recognize/speech-recognize.js +1 -1
  11. package/es2015/plugins/speech-recognize/speech-recognize.min.js +1 -1
  12. package/es2018/jodit.fat.min.js +3 -3
  13. package/es2018/jodit.min.js +3 -3
  14. package/es2018/plugins/debug/debug.min.js +1 -1
  15. package/es2018/plugins/speech-recognize/speech-recognize.min.js +1 -1
  16. package/es2021/jodit.css +1 -1
  17. package/es2021/jodit.fat.min.js +4 -4
  18. package/es2021/jodit.js +82 -51
  19. package/es2021/jodit.min.js +4 -4
  20. package/es2021/plugins/debug/debug.css +1 -1
  21. package/es2021/plugins/debug/debug.js +1 -1
  22. package/es2021/plugins/debug/debug.min.js +1 -1
  23. package/es2021/plugins/speech-recognize/speech-recognize.css +1 -1
  24. package/es2021/plugins/speech-recognize/speech-recognize.js +1 -1
  25. package/es2021/plugins/speech-recognize/speech-recognize.min.js +1 -1
  26. package/es2021.en/jodit.css +1 -1
  27. package/es2021.en/jodit.fat.min.js +3 -3
  28. package/es2021.en/jodit.js +82 -51
  29. package/es2021.en/jodit.min.js +3 -3
  30. package/es2021.en/plugins/debug/debug.css +1 -1
  31. package/es2021.en/plugins/debug/debug.js +1 -1
  32. package/es2021.en/plugins/debug/debug.min.js +1 -1
  33. package/es2021.en/plugins/speech-recognize/speech-recognize.css +1 -1
  34. package/es2021.en/plugins/speech-recognize/speech-recognize.js +1 -1
  35. package/es2021.en/plugins/speech-recognize/speech-recognize.min.js +1 -1
  36. package/es5/jodit.css +2 -2
  37. package/es5/jodit.fat.min.js +2 -2
  38. package/es5/jodit.js +82 -51
  39. package/es5/jodit.min.css +2 -2
  40. package/es5/jodit.min.js +2 -2
  41. package/es5/plugins/debug/debug.css +1 -1
  42. package/es5/plugins/debug/debug.js +1 -1
  43. package/es5/plugins/debug/debug.min.js +1 -1
  44. package/es5/plugins/speech-recognize/speech-recognize.css +1 -1
  45. package/es5/plugins/speech-recognize/speech-recognize.js +1 -1
  46. package/es5/plugins/speech-recognize/speech-recognize.min.js +1 -1
  47. package/es5/polyfills.fat.min.js +1 -1
  48. package/es5/polyfills.js +1 -1
  49. package/es5/polyfills.min.js +1 -1
  50. package/esm/core/constants.js +1 -1
  51. package/esm/core/helpers/utils/config-proto.js +1 -9
  52. package/esm/core/helpers/utils/index.d.ts +1 -0
  53. package/esm/core/helpers/utils/index.js +1 -0
  54. package/esm/core/helpers/utils/is-unsafe-proto-key.d.ts +18 -0
  55. package/esm/core/helpers/utils/is-unsafe-proto-key.js +20 -0
  56. package/esm/core/helpers/utils/set.js +4 -0
  57. package/package.json +1 -1
  58. package/types/core/helpers/utils/index.d.ts +1 -0
  59. package/types/core/helpers/utils/is-unsafe-proto-key.d.ts +18 -0
package/es5/plugins/debug/debug.css CHANGED
@@ -1,7 +1,7 @@
1
1
  /*!
2
2
  * jodit - Jodit is an awesome and useful wysiwyg editor with filebrowser
3
3
  * Author: Chupurnov <chupurnov@gmail.com> (https://xdsoft.net/jodit/)
4
- * Version: v4.12.25
4
+ * Version: v4.12.26
5
5
  * Url: https://xdsoft.net/jodit/
6
6
  * License(s): MIT
7
7
  */
package/es5/plugins/debug/debug.js CHANGED
@@ -1,7 +1,7 @@
1
1
  /*!
2
2
  * jodit - Jodit is an awesome and useful wysiwyg editor with filebrowser
3
3
  * Author: Chupurnov <chupurnov@gmail.com> (https://xdsoft.net/jodit/)
4
- * Version: v4.12.25
4
+ * Version: v4.12.26
5
5
  * Url: https://xdsoft.net/jodit/
6
6
  * License(s): MIT
7
7
  */
package/es5/plugins/debug/debug.min.js CHANGED
@@ -1,7 +1,7 @@
1
1
  /*!
2
2
  * jodit - Jodit is an awesome and useful wysiwyg editor with filebrowser
3
3
  * Author: Chupurnov <chupurnov@gmail.com> (https://xdsoft.net/jodit/)
4
- * Version: v4.12.25
4
+ * Version: v4.12.26
5
5
  * Url: https://xdsoft.net/jodit/
6
6
  * License(s): MIT
7
7
  */
package/es5/plugins/speech-recognize/speech-recognize.css CHANGED
@@ -1,7 +1,7 @@
1
1
  /*!
2
2
  * jodit - Jodit is an awesome and useful wysiwyg editor with filebrowser
3
3
  * Author: Chupurnov <chupurnov@gmail.com> (https://xdsoft.net/jodit/)
4
- * Version: v4.12.25
4
+ * Version: v4.12.26
5
5
  * Url: https://xdsoft.net/jodit/
6
6
  * License(s): MIT
7
7
  */
package/es5/plugins/speech-recognize/speech-recognize.js CHANGED
@@ -1,7 +1,7 @@
1
1
  /*!
2
2
  * jodit - Jodit is an awesome and useful wysiwyg editor with filebrowser
3
3
  * Author: Chupurnov <chupurnov@gmail.com> (https://xdsoft.net/jodit/)
4
- * Version: v4.12.25
4
+ * Version: v4.12.26
5
5
  * Url: https://xdsoft.net/jodit/
6
6
  * License(s): MIT
7
7
  */
package/es5/plugins/speech-recognize/speech-recognize.min.js CHANGED
@@ -1,7 +1,7 @@
1
1
  /*!
2
2
  * jodit - Jodit is an awesome and useful wysiwyg editor with filebrowser
3
3
  * Author: Chupurnov <chupurnov@gmail.com> (https://xdsoft.net/jodit/)
4
- * Version: v4.12.25
4
+ * Version: v4.12.26
5
5
  * Url: https://xdsoft.net/jodit/
6
6
  * License(s): MIT
7
7
  */
package/es5/polyfills.fat.min.js CHANGED
@@ -1,7 +1,7 @@
1
1
  /*!
2
2
  * jodit - Jodit is an awesome and useful wysiwyg editor with filebrowser
3
3
  * Author: Chupurnov <chupurnov@gmail.com> (https://xdsoft.net/jodit/)
4
- * Version: v4.12.25
4
+ * Version: v4.12.26
5
5
  * Url: https://xdsoft.net/jodit/
6
6
  * License(s): MIT
7
7
  */
package/es5/polyfills.js CHANGED
@@ -1,7 +1,7 @@
1
1
  /*!
2
2
  * jodit - Jodit is an awesome and useful wysiwyg editor with filebrowser
3
3
  * Author: Chupurnov <chupurnov@gmail.com> (https://xdsoft.net/jodit/)
4
- * Version: v4.12.25
4
+ * Version: v4.12.26
5
5
  * Url: https://xdsoft.net/jodit/
6
6
  * License(s): MIT
7
7
  */
package/es5/polyfills.min.js CHANGED
@@ -1,7 +1,7 @@
1
1
  /*!
2
2
  * jodit - Jodit is an awesome and useful wysiwyg editor with filebrowser
3
3
  * Author: Chupurnov <chupurnov@gmail.com> (https://xdsoft.net/jodit/)
4
- * Version: v4.12.25
4
+ * Version: v4.12.26
5
5
  * Url: https://xdsoft.net/jodit/
6
6
  * License(s): MIT
7
7
  */
package/esm/core/constants.js CHANGED
@@ -3,7 +3,7 @@
3
3
  * Released under MIT see LICENSE.txt in the project root for license information.
4
4
  * Copyright (c) 2013-2026 Valerii Chupurnov. All rights reserved. https://xdsoft.net
5
5
  */
6
- export const APP_VERSION = "4.12.25";
6
+ export const APP_VERSION = "4.12.26";
7
7
  // prettier-ignore
8
8
  export const ES = "es2020";
9
9
  export const IS_ES_MODERN = true;
package/esm/core/helpers/utils/config-proto.js CHANGED
@@ -9,16 +9,8 @@ import { isString } from "../checker/is-string.js";
9
9
  import { isVoid } from "../checker/is-void.js";
10
10
  import { Config } from "../../../config.js";
11
11
  import { isAtom } from "./extend.js";
12
+ import { isUnsafeProtoKey } from "./is-unsafe-proto-key.js";
12
13
  import { keys } from "./utils.js";
13
- /**
14
- * Keys that must never be copied from a (potentially untrusted) config object —
15
- * assigning them during a recursive merge can reach and mutate
16
- * `Object.prototype` (prototype pollution, CWE-1321).
17
- */
18
- const UNSAFE_PROTO_KEYS = ['__proto__', 'constructor', 'prototype'];
19
- function isUnsafeProtoKey(key) {
20
- return UNSAFE_PROTO_KEYS.indexOf(key) !== -1;
21
- }
22
14
  /**
23
15
  * @example
24
16
  * ```js
package/esm/core/helpers/utils/index.d.ts CHANGED
@@ -24,6 +24,7 @@ export * from "./extend";
24
24
  export * from "./get";
25
25
  export * from "./get-class-name";
26
26
  export * from "./human-size-to-bytes";
27
+ export * from "./is-unsafe-proto-key";
27
28
  export * from "./mark-deprecated";
28
29
  export * from "./parse-query";
29
30
  export * from "./print";
package/esm/core/helpers/utils/index.js CHANGED
@@ -24,6 +24,7 @@ export * from "./extend.js";
24
24
  export * from "./get.js";
25
25
  export * from "./get-class-name.js";
26
26
  export * from "./human-size-to-bytes.js";
27
+ export * from "./is-unsafe-proto-key.js";
27
28
  export * from "./mark-deprecated.js";
28
29
  export * from "./parse-query.js";
29
30
  export * from "./print.js";
package/esm/core/helpers/utils/is-unsafe-proto-key.d.ts ADDED
@@ -0,0 +1,18 @@
1
+ /*!
2
+ * Jodit Editor (https://xdsoft.net/jodit/)
3
+ * Released under MIT see LICENSE.txt in the project root for license information.
4
+ * Copyright (c) 2013-2026 Valerii Chupurnov. All rights reserved. https://xdsoft.net
5
+ */
6
+ /**
7
+ * @module helpers/utils
8
+ */
9
+ /**
10
+ * Keys that must never be written from a (potentially untrusted) source —
11
+ * assigning them while walking/merging an object can reach and mutate
12
+ * `Object.prototype` (prototype pollution, CWE-1321).
13
+ */
14
+ export declare const UNSAFE_PROTO_KEYS: string[];
15
+ /**
16
+ * Check whether a key can be used to pollute the prototype chain.
17
+ */
18
+ export declare function isUnsafeProtoKey(key: string): boolean;
package/esm/core/helpers/utils/is-unsafe-proto-key.js ADDED
@@ -0,0 +1,20 @@
1
+ /*!
2
+ * Jodit Editor (https://xdsoft.net/jodit/)
3
+ * Released under MIT see LICENSE.txt in the project root for license information.
4
+ * Copyright (c) 2013-2026 Valerii Chupurnov. All rights reserved. https://xdsoft.net
5
+ */
6
+ /**
7
+ * @module helpers/utils
8
+ */
9
+ /**
10
+ * Keys that must never be written from a (potentially untrusted) source —
11
+ * assigning them while walking/merging an object can reach and mutate
12
+ * `Object.prototype` (prototype pollution, CWE-1321).
13
+ */
14
+ export const UNSAFE_PROTO_KEYS = ['__proto__', 'constructor', 'prototype'];
15
+ /**
16
+ * Check whether a key can be used to pollute the prototype chain.
17
+ */
18
+ export function isUnsafeProtoKey(key) {
19
+ return UNSAFE_PROTO_KEYS.indexOf(key) !== -1;
20
+ }
package/esm/core/helpers/utils/set.js CHANGED
@@ -7,6 +7,7 @@ import { isArray } from "../checker/is-array.js";
7
7
  import { isNumeric } from "../checker/is-numeric.js";
8
8
  import { isPlainObject } from "../checker/is-plain-object.js";
9
9
  import { isString } from "../checker/is-string.js";
10
+ import { isUnsafeProtoKey } from "./is-unsafe-proto-key.js";
10
11
  /**
11
12
  * Safe access in tree object
12
13
  *
@@ -25,6 +26,9 @@ export function set(chain, value, obj) {
25
26
  return;
26
27
  }
27
28
  const parts = chain.split('.');
29
+ if (parts.some(isUnsafeProtoKey)) {
30
+ return;
31
+ }
28
32
  let result = obj, key = parts[0];
29
33
  for (let i = 0; i < parts.length - 1; i += 1) {
30
34
  key = parts[i];
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "jodit",
3
- "version": "4.12.25",
3
+ "version": "4.12.26",
4
4
  "description": "Jodit is an awesome and useful wysiwyg editor with filebrowser",
5
5
  "main": "esm/index.js",
6
6
  "types": "types/index.d.ts",
package/types/core/helpers/utils/index.d.ts CHANGED
@@ -24,6 +24,7 @@ export * from "./extend";
24
24
  export * from "./get";
25
25
  export * from "./get-class-name";
26
26
  export * from "./human-size-to-bytes";
27
+ export * from "./is-unsafe-proto-key";
27
28
  export * from "./mark-deprecated";
28
29
  export * from "./parse-query";
29
30
  export * from "./print";
package/types/core/helpers/utils/is-unsafe-proto-key.d.ts ADDED
@@ -0,0 +1,18 @@
1
+ /*!
2
+ * Jodit Editor (https://xdsoft.net/jodit/)
3
+ * Released under MIT see LICENSE.txt in the project root for license information.
4
+ * Copyright (c) 2013-2026 Valerii Chupurnov. All rights reserved. https://xdsoft.net
5
+ */
6
+ /**
7
+ * @module helpers/utils
8
+ */
9
+ /**
10
+ * Keys that must never be written from a (potentially untrusted) source —
11
+ * assigning them while walking/merging an object can reach and mutate
12
+ * `Object.prototype` (prototype pollution, CWE-1321).
13
+ */
14
+ export declare const UNSAFE_PROTO_KEYS: string[];
15
+ /**
16
+ * Check whether a key can be used to pollute the prototype chain.
17
+ */
18
+ export declare function isUnsafeProtoKey(key: string): boolean;