jodit 4.12.29 → 4.12.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -0
- package/es2015/jodit.css +1 -1
- package/es2015/jodit.fat.min.js +2 -2
- package/es2015/jodit.js +25 -7
- package/es2015/jodit.min.js +2 -2
- package/es2015/plugins/debug/debug.css +1 -1
- package/es2015/plugins/debug/debug.js +1 -1
- package/es2015/plugins/debug/debug.min.js +1 -1
- package/es2015/plugins/speech-recognize/speech-recognize.css +1 -1
- package/es2015/plugins/speech-recognize/speech-recognize.js +1 -1
- package/es2015/plugins/speech-recognize/speech-recognize.min.js +1 -1
- package/es2018/jodit.fat.min.js +2 -2
- package/es2018/jodit.min.js +2 -2
- package/es2018/plugins/debug/debug.min.js +1 -1
- package/es2018/plugins/speech-recognize/speech-recognize.min.js +1 -1
- package/es2021/jodit.css +1 -1
- package/es2021/jodit.fat.min.js +3 -3
- package/es2021/jodit.js +25 -7
- package/es2021/jodit.min.js +3 -3
- package/es2021/plugins/debug/debug.css +1 -1
- package/es2021/plugins/debug/debug.js +1 -1
- package/es2021/plugins/debug/debug.min.js +1 -1
- package/es2021/plugins/speech-recognize/speech-recognize.css +1 -1
- package/es2021/plugins/speech-recognize/speech-recognize.js +1 -1
- package/es2021/plugins/speech-recognize/speech-recognize.min.js +1 -1
- package/es2021.en/jodit.css +1 -1
- package/es2021.en/jodit.fat.min.js +3 -3
- package/es2021.en/jodit.js +25 -7
- package/es2021.en/jodit.min.js +3 -3
- package/es2021.en/plugins/debug/debug.css +1 -1
- package/es2021.en/plugins/debug/debug.js +1 -1
- package/es2021.en/plugins/debug/debug.min.js +1 -1
- package/es2021.en/plugins/speech-recognize/speech-recognize.css +1 -1
- package/es2021.en/plugins/speech-recognize/speech-recognize.js +1 -1
- package/es2021.en/plugins/speech-recognize/speech-recognize.min.js +1 -1
- package/es5/jodit.css +2 -2
- package/es5/jodit.fat.min.js +2 -2
- package/es5/jodit.js +26 -8
- package/es5/jodit.min.css +2 -2
- package/es5/jodit.min.js +2 -2
- package/es5/plugins/debug/debug.css +1 -1
- package/es5/plugins/debug/debug.js +1 -1
- package/es5/plugins/debug/debug.min.js +1 -1
- package/es5/plugins/speech-recognize/speech-recognize.css +1 -1
- package/es5/plugins/speech-recognize/speech-recognize.js +1 -1
- package/es5/plugins/speech-recognize/speech-recognize.min.js +1 -1
- package/es5/polyfills.fat.min.js +1 -1
- package/es5/polyfills.js +1 -1
- package/es5/polyfills.min.js +1 -1
- package/esm/core/constants.js +1 -1
- package/esm/core/helpers/html/apply-styles.js +14 -3
- package/esm/core/helpers/html/safe-html.js +9 -2
- package/package.json +1 -1
package/es2015/jodit.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/*!
|
|
2
2
|
* jodit - Jodit is an awesome and useful wysiwyg editor with filebrowser
|
|
3
3
|
* Author: Chupurnov <chupurnov@gmail.com> (https://xdsoft.net/jodit/)
|
|
4
|
-
* Version: v4.12.
|
|
4
|
+
* Version: v4.12.31
|
|
5
5
|
* Url: https://xdsoft.net/jodit/
|
|
6
6
|
* License(s): MIT
|
|
7
7
|
*/
|
|
@@ -1816,7 +1816,7 @@ __webpack_require__.r(__webpack_exports__);
|
|
|
1816
1816
|
* ```
|
|
1817
1817
|
* @packageDocumentation
|
|
1818
1818
|
* @module constants
|
|
1819
|
-
*/ const APP_VERSION = "4.12.
|
|
1819
|
+
*/ const APP_VERSION = "4.12.31";
|
|
1820
1820
|
// prettier-ignore
|
|
1821
1821
|
const ES = "es2015";
|
|
1822
1822
|
const IS_ES_MODERN = true;
|
|
@@ -5791,11 +5791,22 @@ function normalizeCSS(s) {
|
|
|
5791
5791
|
* it applies them to the selectors in the HTML itself
|
|
5792
5792
|
* and then removes the selector styles, leaving only the inline ones.
|
|
5793
5793
|
*/ function applyStyles(html) {
|
|
5794
|
-
|
|
5794
|
+
// Match the opening <html> tag whether or not it carries attributes. MS
|
|
5795
|
+
// Word emits `<html xmlns:o=…>` (note the trailing space), but Excel/Calc
|
|
5796
|
+
// wrap the copied table in a bare `<html>`. The old `'<html '` check missed
|
|
5797
|
+
// the bare tag, so for Excel clipboards the `<style>` rules (class-based
|
|
5798
|
+
// cell backgrounds/borders, e.g. `.xl31 { background:#FCE4D6 }`) were never
|
|
5799
|
+
// inlined and all styling was lost once the `<style>` block got stripped.
|
|
5800
|
+
// See https://github.com/xdan/jodit/issues/1362
|
|
5801
|
+
const openMatch = /<html(?:\s[^>]*)?>/i.exec(html);
|
|
5802
|
+
if (!openMatch) {
|
|
5795
5803
|
return html;
|
|
5796
5804
|
}
|
|
5797
|
-
html = html.substring(
|
|
5798
|
-
|
|
5805
|
+
html = html.substring(openMatch.index);
|
|
5806
|
+
const closeIndex = html.toLowerCase().lastIndexOf('</html>');
|
|
5807
|
+
if (closeIndex !== -1) {
|
|
5808
|
+
html = html.substring(0, closeIndex + '</html>'.length);
|
|
5809
|
+
}
|
|
5799
5810
|
const iframe = jodit_core_constants__WEBPACK_IMPORTED_MODULE_0__.globalDocument.createElement('iframe');
|
|
5800
5811
|
iframe.style.display = 'none';
|
|
5801
5812
|
jodit_core_constants__WEBPACK_IMPORTED_MODULE_0__.globalDocument.body.appendChild(iframe);
|
|
@@ -6192,8 +6203,16 @@ function sanitizeHTMLElement(elm, { safeJavaScriptLink, removeOnError } = {
|
|
|
6192
6203
|
(0,jodit_core_helpers_utils__WEBPACK_IMPORTED_MODULE_1__.attr)(elm, 'onerror', null);
|
|
6193
6204
|
effected = true;
|
|
6194
6205
|
}
|
|
6206
|
+
const tagName = elm.nodeName.toLowerCase();
|
|
6195
6207
|
const href = elm.getAttribute('href');
|
|
6196
|
-
|
|
6208
|
+
// Neutralize executable-scheme `href`s with the same normalization used for
|
|
6209
|
+
// every other URL attribute (`isDangerousUrl`), which strips control bytes,
|
|
6210
|
+
// tabs and newlines and lowercases before matching the scheme. The previous
|
|
6211
|
+
// bare `href.trim().indexOf('javascript') === 0` was case-sensitive and
|
|
6212
|
+
// missed `JAVASCRIPT:`, a leading control byte, or a tab/newline inside the
|
|
6213
|
+
// scheme (e.g. `java\tscript:`) — all of which the browser still resolves to
|
|
6214
|
+
// `javascript:` on click. See GHSA-j839-gqq4-gf9j.
|
|
6215
|
+
if (safeJavaScriptLink && href && isDangerousUrl(href, tagName)) {
|
|
6197
6216
|
(0,jodit_core_helpers_utils__WEBPACK_IMPORTED_MODULE_1__.attr)(elm, 'href', location.protocol + '//' + href);
|
|
6198
6217
|
effected = true;
|
|
6199
6218
|
}
|
|
@@ -6204,7 +6223,6 @@ function sanitizeHTMLElement(elm, { safeJavaScriptLink, removeOnError } = {
|
|
|
6204
6223
|
effected = true;
|
|
6205
6224
|
}
|
|
6206
6225
|
// Strip executable schemes from any other URL-bearing attribute.
|
|
6207
|
-
const tagName = elm.nodeName.toLowerCase();
|
|
6208
6226
|
for (const name of URL_ATTRIBUTES){
|
|
6209
6227
|
const value = elm.getAttribute(name);
|
|
6210
6228
|
if (value && isDangerousUrl(value, tagName)) {
|