jodit 4.12.29 → 4.12.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -0
- package/es2015/jodit.css +1 -1
- package/es2015/jodit.fat.min.js +2 -2
- package/es2015/jodit.js +25 -7
- package/es2015/jodit.min.js +2 -2
- package/es2015/plugins/debug/debug.css +1 -1
- package/es2015/plugins/debug/debug.js +1 -1
- package/es2015/plugins/debug/debug.min.js +1 -1
- package/es2015/plugins/speech-recognize/speech-recognize.css +1 -1
- package/es2015/plugins/speech-recognize/speech-recognize.js +1 -1
- package/es2015/plugins/speech-recognize/speech-recognize.min.js +1 -1
- package/es2018/jodit.fat.min.js +2 -2
- package/es2018/jodit.min.js +2 -2
- package/es2018/plugins/debug/debug.min.js +1 -1
- package/es2018/plugins/speech-recognize/speech-recognize.min.js +1 -1
- package/es2021/jodit.css +1 -1
- package/es2021/jodit.fat.min.js +3 -3
- package/es2021/jodit.js +25 -7
- package/es2021/jodit.min.js +3 -3
- package/es2021/plugins/debug/debug.css +1 -1
- package/es2021/plugins/debug/debug.js +1 -1
- package/es2021/plugins/debug/debug.min.js +1 -1
- package/es2021/plugins/speech-recognize/speech-recognize.css +1 -1
- package/es2021/plugins/speech-recognize/speech-recognize.js +1 -1
- package/es2021/plugins/speech-recognize/speech-recognize.min.js +1 -1
- package/es2021.en/jodit.css +1 -1
- package/es2021.en/jodit.fat.min.js +3 -3
- package/es2021.en/jodit.js +25 -7
- package/es2021.en/jodit.min.js +3 -3
- package/es2021.en/plugins/debug/debug.css +1 -1
- package/es2021.en/plugins/debug/debug.js +1 -1
- package/es2021.en/plugins/debug/debug.min.js +1 -1
- package/es2021.en/plugins/speech-recognize/speech-recognize.css +1 -1
- package/es2021.en/plugins/speech-recognize/speech-recognize.js +1 -1
- package/es2021.en/plugins/speech-recognize/speech-recognize.min.js +1 -1
- package/es5/jodit.css +2 -2
- package/es5/jodit.fat.min.js +2 -2
- package/es5/jodit.js +26 -8
- package/es5/jodit.min.css +2 -2
- package/es5/jodit.min.js +2 -2
- package/es5/plugins/debug/debug.css +1 -1
- package/es5/plugins/debug/debug.js +1 -1
- package/es5/plugins/debug/debug.min.js +1 -1
- package/es5/plugins/speech-recognize/speech-recognize.css +1 -1
- package/es5/plugins/speech-recognize/speech-recognize.js +1 -1
- package/es5/plugins/speech-recognize/speech-recognize.min.js +1 -1
- package/es5/polyfills.fat.min.js +1 -1
- package/es5/polyfills.js +1 -1
- package/es5/polyfills.min.js +1 -1
- package/esm/core/constants.js +1 -1
- package/esm/core/helpers/html/apply-styles.js +14 -3
- package/esm/core/helpers/html/safe-html.js +9 -2
- package/package.json +1 -1
package/es2021/jodit.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/*!
|
|
2
2
|
* jodit - Jodit is an awesome and useful wysiwyg editor with filebrowser
|
|
3
3
|
* Author: Chupurnov <chupurnov@gmail.com> (https://xdsoft.net/jodit/)
|
|
4
|
-
* Version: v4.12.
|
|
4
|
+
* Version: v4.12.31
|
|
5
5
|
* Url: https://xdsoft.net/jodit/
|
|
6
6
|
* License(s): MIT
|
|
7
7
|
*/
|
|
@@ -1810,7 +1810,7 @@ __webpack_require__.r(__webpack_exports__);
|
|
|
1810
1810
|
* ```
|
|
1811
1811
|
* @packageDocumentation
|
|
1812
1812
|
* @module constants
|
|
1813
|
-
*/ const APP_VERSION = "4.12.
|
|
1813
|
+
*/ const APP_VERSION = "4.12.31";
|
|
1814
1814
|
// prettier-ignore
|
|
1815
1815
|
const ES = "es2021";
|
|
1816
1816
|
const IS_ES_MODERN = true;
|
|
@@ -5769,11 +5769,22 @@ function normalizeCSS(s) {
|
|
|
5769
5769
|
* it applies them to the selectors in the HTML itself
|
|
5770
5770
|
* and then removes the selector styles, leaving only the inline ones.
|
|
5771
5771
|
*/ function applyStyles(html) {
|
|
5772
|
-
|
|
5772
|
+
// Match the opening <html> tag whether or not it carries attributes. MS
|
|
5773
|
+
// Word emits `<html xmlns:o=…>` (note the trailing space), but Excel/Calc
|
|
5774
|
+
// wrap the copied table in a bare `<html>`. The old `'<html '` check missed
|
|
5775
|
+
// the bare tag, so for Excel clipboards the `<style>` rules (class-based
|
|
5776
|
+
// cell backgrounds/borders, e.g. `.xl31 { background:#FCE4D6 }`) were never
|
|
5777
|
+
// inlined and all styling was lost once the `<style>` block got stripped.
|
|
5778
|
+
// See https://github.com/xdan/jodit/issues/1362
|
|
5779
|
+
const openMatch = /<html(?:\s[^>]*)?>/i.exec(html);
|
|
5780
|
+
if (!openMatch) {
|
|
5773
5781
|
return html;
|
|
5774
5782
|
}
|
|
5775
|
-
html = html.substring(
|
|
5776
|
-
|
|
5783
|
+
html = html.substring(openMatch.index);
|
|
5784
|
+
const closeIndex = html.toLowerCase().lastIndexOf('</html>');
|
|
5785
|
+
if (closeIndex !== -1) {
|
|
5786
|
+
html = html.substring(0, closeIndex + '</html>'.length);
|
|
5787
|
+
}
|
|
5777
5788
|
const iframe = jodit_core_constants__WEBPACK_IMPORTED_MODULE_0__.globalDocument.createElement('iframe');
|
|
5778
5789
|
iframe.style.display = 'none';
|
|
5779
5790
|
jodit_core_constants__WEBPACK_IMPORTED_MODULE_0__.globalDocument.body.appendChild(iframe);
|
|
@@ -6169,8 +6180,16 @@ function sanitizeHTMLElement(elm, { safeJavaScriptLink, removeOnError } = {
|
|
|
6169
6180
|
(0,jodit_core_helpers_utils__WEBPACK_IMPORTED_MODULE_1__.attr)(elm, 'onerror', null);
|
|
6170
6181
|
effected = true;
|
|
6171
6182
|
}
|
|
6183
|
+
const tagName = elm.nodeName.toLowerCase();
|
|
6172
6184
|
const href = elm.getAttribute('href');
|
|
6173
|
-
|
|
6185
|
+
// Neutralize executable-scheme `href`s with the same normalization used for
|
|
6186
|
+
// every other URL attribute (`isDangerousUrl`), which strips control bytes,
|
|
6187
|
+
// tabs and newlines and lowercases before matching the scheme. The previous
|
|
6188
|
+
// bare `href.trim().indexOf('javascript') === 0` was case-sensitive and
|
|
6189
|
+
// missed `JAVASCRIPT:`, a leading control byte, or a tab/newline inside the
|
|
6190
|
+
// scheme (e.g. `java\tscript:`) — all of which the browser still resolves to
|
|
6191
|
+
// `javascript:` on click. See GHSA-j839-gqq4-gf9j.
|
|
6192
|
+
if (safeJavaScriptLink && href && isDangerousUrl(href, tagName)) {
|
|
6174
6193
|
(0,jodit_core_helpers_utils__WEBPACK_IMPORTED_MODULE_1__.attr)(elm, 'href', location.protocol + '//' + href);
|
|
6175
6194
|
effected = true;
|
|
6176
6195
|
}
|
|
@@ -6181,7 +6200,6 @@ function sanitizeHTMLElement(elm, { safeJavaScriptLink, removeOnError } = {
|
|
|
6181
6200
|
effected = true;
|
|
6182
6201
|
}
|
|
6183
6202
|
// Strip executable schemes from any other URL-bearing attribute.
|
|
6184
|
-
const tagName = elm.nodeName.toLowerCase();
|
|
6185
6203
|
for (const name of URL_ATTRIBUTES){
|
|
6186
6204
|
const value = elm.getAttribute(name);
|
|
6187
6205
|
if (value && isDangerousUrl(value, tagName)) {
|