jodit 4.12.27 → 4.12.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/CHANGELOG.md +12 -0
  2. package/es2015/jodit.css +1 -1
  3. package/es2015/jodit.fat.min.js +2 -2
  4. package/es2015/jodit.js +44 -8
  5. package/es2015/jodit.min.js +2 -2
  6. package/es2015/plugins/debug/debug.css +1 -1
  7. package/es2015/plugins/debug/debug.js +1 -1
  8. package/es2015/plugins/debug/debug.min.js +1 -1
  9. package/es2015/plugins/speech-recognize/speech-recognize.css +1 -1
  10. package/es2015/plugins/speech-recognize/speech-recognize.js +1 -1
  11. package/es2015/plugins/speech-recognize/speech-recognize.min.js +1 -1
  12. package/es2018/jodit.fat.min.js +2 -2
  13. package/es2018/jodit.min.js +2 -2
  14. package/es2018/plugins/debug/debug.min.js +1 -1
  15. package/es2018/plugins/speech-recognize/speech-recognize.min.js +1 -1
  16. package/es2021/jodit.css +1 -1
  17. package/es2021/jodit.fat.min.js +3 -3
  18. package/es2021/jodit.js +44 -8
  19. package/es2021/jodit.min.js +3 -3
  20. package/es2021/plugins/debug/debug.css +1 -1
  21. package/es2021/plugins/debug/debug.js +1 -1
  22. package/es2021/plugins/debug/debug.min.js +1 -1
  23. package/es2021/plugins/speech-recognize/speech-recognize.css +1 -1
  24. package/es2021/plugins/speech-recognize/speech-recognize.js +1 -1
  25. package/es2021/plugins/speech-recognize/speech-recognize.min.js +1 -1
  26. package/es2021.en/jodit.css +1 -1
  27. package/es2021.en/jodit.fat.min.js +3 -3
  28. package/es2021.en/jodit.js +44 -8
  29. package/es2021.en/jodit.min.js +3 -3
  30. package/es2021.en/plugins/debug/debug.css +1 -1
  31. package/es2021.en/plugins/debug/debug.js +1 -1
  32. package/es2021.en/plugins/debug/debug.min.js +1 -1
  33. package/es2021.en/plugins/speech-recognize/speech-recognize.css +1 -1
  34. package/es2021.en/plugins/speech-recognize/speech-recognize.js +1 -1
  35. package/es2021.en/plugins/speech-recognize/speech-recognize.min.js +1 -1
  36. package/es5/jodit.css +2 -2
  37. package/es5/jodit.fat.min.js +2 -2
  38. package/es5/jodit.js +44 -8
  39. package/es5/jodit.min.css +2 -2
  40. package/es5/jodit.min.js +2 -2
  41. package/es5/plugins/debug/debug.css +1 -1
  42. package/es5/plugins/debug/debug.js +1 -1
  43. package/es5/plugins/debug/debug.min.js +1 -1
  44. package/es5/plugins/speech-recognize/speech-recognize.css +1 -1
  45. package/es5/plugins/speech-recognize/speech-recognize.js +1 -1
  46. package/es5/plugins/speech-recognize/speech-recognize.min.js +1 -1
  47. package/es5/polyfills.fat.min.js +1 -1
  48. package/es5/polyfills.js +1 -1
  49. package/es5/polyfills.min.js +1 -1
  50. package/esm/core/constants.js +1 -1
  51. package/esm/core/event-emitter/event-emitter.js +6 -6
  52. package/esm/core/helpers/html/safe-html.js +39 -0
  53. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -9,6 +9,18 @@
9
9
  > - :house: [Internal]
10
10
  > - :nail_care: [Polish]
11
11
 
12
+ ## 4.12.29
13
+
14
+ #### :bug: Bug Fix
15
+
16
+ - **Event emitter (memory hygiene in SPA / Shadow DOM)**: `EventEmitter` stores its per-subject handler namespaces under a `__JoditEventEmitterNamespaces<timestamp>` property, but on `off()`/`destruct()` it only set that property to `undefined` instead of removing it. On long-lived subjects such as `window`, repeatedly creating and destroying editors in a single-page application left a growing pile of leftover `undefined` keys on the object. The property is now `delete`d on cleanup, so nothing lingers after `destruct()`. Reported by Ralf Pichler (uniquare.com, Jodit OEM).
17
+
18
+ ## 4.12.28
19
+
20
+ #### :bug: Bug Fix
21
+
22
+ - **Security / clean-html (mutation XSS, CWE-79)**: the HTML sanitizer (`safeHTML`) walked the parsed value as elements, but a handler smuggled as `<style>` rawtext inside a MathML/SVG foreign-content carrier (e.g. `math > mtext > table > mglyph > style` hiding an `<img onload=…>`) was never an element during that walk. A later serialize-reparse then hoisted the `<img>` out of `<style>` into a live HTML node with its `on*` handler intact, so an application that re-rendered `editor.value` could execute attacker script with no user interaction — a stored XSS in the default config affecting all 3.x/4.x through 4.12.27. The fix drops the smuggled HTML at the source: any HTML-namespace element the parser placed inside `<math>`/`<svg>` outside an integration point (`foreignObject`/`annotation-xml`/`desc`/`title`) is removed before the walk, which also covers carriers nested one level deeper without a re-parse loop. Legitimate MathML/SVG content and top-level `<style>`/`<script>` are preserved. Responsibly reported by Younghun Ko of AhnLab ([@koyokr](https://github.com/koyokr)) (GHSA-rxcw-mc6f-6hr3).
23
+
12
24
  ## 4.12.26
13
25
 
14
26
  #### :bug: Bug Fix
package/es2015/jodit.css CHANGED
@@ -1,7 +1,7 @@
1
1
  /*!
2
2
  * jodit - Jodit is an awesome and useful wysiwyg editor with filebrowser
3
3
  * Author: Chupurnov <chupurnov@gmail.com> (https://xdsoft.net/jodit/)
4
- * Version: v4.12.27
4
+ * Version: v4.12.29
5
5
  * Url: https://xdsoft.net/jodit/
6
6
  * License(s): MIT
7
7
  */