phoenix_live_view 1.1.30 → 1.1.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -144,7 +144,7 @@ var EntryUploader = class {
144
144
  }
145
145
  upload() {
146
146
  this.uploadChannel.onError((reason) => this.error(reason));
147
- this.uploadChannel.join().receive("ok", (_data) => this.readNextChunk()).receive("error", (reason) => this.error(reason));
147
+ this.uploadChannel.join().receive("ok", (_data) => this.readNextChunk()).receive("error", ({ reason }) => this.error(reason));
148
148
  }
149
149
  isDone() {
150
150
  return this.offset >= this.entry.file.size;
@@ -187,6 +187,21 @@ var EntryUploader = class {
187
187
 
188
188
  // js/phoenix_live_view/utils.js
189
189
  var logError = (msg, obj) => console.error && console.error(msg, obj);
190
+ var ensureSameOrigin = (href, kind) => {
191
+ let url;
192
+ try {
193
+ url = new URL(href, window.location.href);
194
+ } catch {
195
+ throw new Error(
196
+ `expected ${kind} destination to be a valid URL, got: ${href}`
197
+ );
198
+ }
199
+ if (url.origin !== window.location.origin) {
200
+ throw new Error(
201
+ `cannot ${kind} to "${href}" because its origin does not match the current origin "${window.location.origin}". Use window.location directly for cross-origin navigation.`
202
+ );
203
+ }
204
+ };
190
205
  var isCid = (cid) => {
191
206
  const type = typeof cid;
192
207
  return type === "number" || type === "string" && /^(0|[1-9]\d*)$/.test(cid);
@@ -3854,6 +3869,7 @@ var js_commands_default = (liveSocket, eventType) => {
3854
3869
  });
3855
3870
  },
3856
3871
  navigate(href, opts = {}) {
3872
+ ensureSameOrigin(href, "navigate");
3857
3873
  const customEvent = new CustomEvent("phx:exec");
3858
3874
  liveSocket.historyRedirect(
3859
3875
  customEvent,
@@ -3864,6 +3880,7 @@ var js_commands_default = (liveSocket, eventType) => {
3864
3880
  );
3865
3881
  },
3866
3882
  patch(href, opts = {}) {
3883
+ ensureSameOrigin(href, "patch");
3867
3884
  const customEvent = new CustomEvent("phx:exec");
3868
3885
  liveSocket.pushHistoryPatch(
3869
3886
  customEvent,
@@ -5948,7 +5965,7 @@ var LiveSocket = class {
5948
5965
  }
5949
5966
  // public
5950
5967
  version() {
5951
- return "1.1.30";
5968
+ return "1.1.31";
5952
5969
  }
5953
5970
  isProfileEnabled() {
5954
5971
  return this.sessionStorage.getItem(PHX_LV_PROFILE) === "true";