phoenix_live_view 1.1.30 → 1.1.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -189,7 +189,7 @@ var LiveView = (() => {
189
189
  }
190
190
  upload() {
191
191
  this.uploadChannel.onError((reason) => this.error(reason));
192
- this.uploadChannel.join().receive("ok", (_data) => this.readNextChunk()).receive("error", (reason) => this.error(reason));
192
+ this.uploadChannel.join().receive("ok", (_data) => this.readNextChunk()).receive("error", ({ reason }) => this.error(reason));
193
193
  }
194
194
  isDone() {
195
195
  return this.offset >= this.entry.file.size;
@@ -232,6 +232,21 @@ var LiveView = (() => {
232
232
 
233
233
  // js/phoenix_live_view/utils.js
234
234
  var logError = (msg, obj) => console.error && console.error(msg, obj);
235
+ var ensureSameOrigin = (href, kind) => {
236
+ let url;
237
+ try {
238
+ url = new URL(href, window.location.href);
239
+ } catch (e) {
240
+ throw new Error(
241
+ `expected ${kind} destination to be a valid URL, got: ${href}`
242
+ );
243
+ }
244
+ if (url.origin !== window.location.origin) {
245
+ throw new Error(
246
+ `cannot ${kind} to "${href}" because its origin does not match the current origin "${window.location.origin}". Use window.location directly for cross-origin navigation.`
247
+ );
248
+ }
249
+ };
235
250
  var isCid = (cid) => {
236
251
  const type = typeof cid;
237
252
  return type === "number" || type === "string" && /^(0|[1-9]\d*)$/.test(cid);
@@ -3901,6 +3916,7 @@ removing illegal node: "${(childNode.outerHTML || childNode.nodeValue).trim()}"
3901
3916
  });
3902
3917
  },
3903
3918
  navigate(href, opts = {}) {
3919
+ ensureSameOrigin(href, "navigate");
3904
3920
  const customEvent = new CustomEvent("phx:exec");
3905
3921
  liveSocket.historyRedirect(
3906
3922
  customEvent,
@@ -3911,6 +3927,7 @@ removing illegal node: "${(childNode.outerHTML || childNode.nodeValue).trim()}"
3911
3927
  );
3912
3928
  },
3913
3929
  patch(href, opts = {}) {
3930
+ ensureSameOrigin(href, "patch");
3914
3931
  const customEvent = new CustomEvent("phx:exec");
3915
3932
  liveSocket.pushHistoryPatch(
3916
3933
  customEvent,
@@ -5992,7 +6009,7 @@ removing illegal node: "${(childNode.outerHTML || childNode.nodeValue).trim()}"
5992
6009
  }
5993
6010
  // public
5994
6011
  version() {
5995
- return "1.1.30";
6012
+ return "1.1.31";
5996
6013
  }
5997
6014
  isProfileEnabled() {
5998
6015
  return this.sessionStorage.getItem(PHX_LV_PROFILE) === "true";