suneditor 2.47.8 → 2.47.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -11
- package/dist/suneditor.min.js +2 -2
- package/package.json +13 -2
- package/src/lang/pt_br.js +9 -9
- package/src/lib/core.js +54 -4
- package/src/options.d.ts +1 -1
package/package.json
CHANGED
|
@@ -1,10 +1,16 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "suneditor",
|
|
3
|
-
"version": "2.47.
|
|
3
|
+
"version": "2.47.10",
|
|
4
4
|
"description": "Vanilla JavaScript WYSIWYG web editor (2.x legacy version, actively maintained)",
|
|
5
5
|
"author": "JiHong.Lee",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"main": "src/suneditor.js",
|
|
8
|
+
"publishConfig": {
|
|
9
|
+
"tag": "legacy"
|
|
10
|
+
},
|
|
11
|
+
"engines": {
|
|
12
|
+
"node": "<13.0.0"
|
|
13
|
+
},
|
|
8
14
|
"sideEffects": [
|
|
9
15
|
"./src/assets/css/*.css"
|
|
10
16
|
],
|
|
@@ -18,7 +24,7 @@
|
|
|
18
24
|
"bugs": {
|
|
19
25
|
"url": "https://github.com/JiHong88/SunEditor/issues"
|
|
20
26
|
},
|
|
21
|
-
"homepage": "
|
|
27
|
+
"homepage": "https://legacy.suneditor.com",
|
|
22
28
|
"repository": {
|
|
23
29
|
"type": "git",
|
|
24
30
|
"url": "https://github.com/JiHong88/SunEditor.git"
|
|
@@ -44,7 +50,12 @@
|
|
|
44
50
|
"jshint": "~2.13.4",
|
|
45
51
|
"karma": "~6.3.19",
|
|
46
52
|
"karma-chrome-launcher": "~2.2.0",
|
|
53
|
+
"karma-firefox-launcher": "^2.1.2",
|
|
54
|
+
"karma-ie-launcher": "^1.0.0",
|
|
47
55
|
"karma-jasmine": "~1.1.2",
|
|
56
|
+
"karma-opera-launcher": "^1.0.0",
|
|
57
|
+
"karma-safari-launcher": "^1.0.0",
|
|
58
|
+
"karma-webpack": "^4.0.2",
|
|
48
59
|
"katex": "^0.16.21",
|
|
49
60
|
"mini-css-extract-plugin": "~0.4.5",
|
|
50
61
|
"optimize-css-assets-webpack-plugin": "~5.0.4",
|
package/src/lang/pt_br.js
CHANGED
|
@@ -33,11 +33,11 @@
|
|
|
33
33
|
bold: 'Negrito',
|
|
34
34
|
underline: 'Sublinhado',
|
|
35
35
|
italic: 'Itálico',
|
|
36
|
-
strike: '
|
|
37
|
-
subscript: '
|
|
36
|
+
strike: 'Tachado',
|
|
37
|
+
subscript: 'Subscrito',
|
|
38
38
|
superscript: 'Sobrescrito',
|
|
39
|
-
removeFormat: 'Remover
|
|
40
|
-
fontColor: 'Cor da
|
|
39
|
+
removeFormat: 'Remover formatação',
|
|
40
|
+
fontColor: 'Cor da fonte',
|
|
41
41
|
hiliteColor: 'Cor de destaque',
|
|
42
42
|
indent: 'Recuo',
|
|
43
43
|
outdent: 'Avançar',
|
|
@@ -66,7 +66,7 @@
|
|
|
66
66
|
redo: 'Refazer',
|
|
67
67
|
preview: 'Prever',
|
|
68
68
|
print: 'Imprimir',
|
|
69
|
-
tag_p: '
|
|
69
|
+
tag_p: 'Parágrafo',
|
|
70
70
|
tag_div: '(DIV) Normal',
|
|
71
71
|
tag_h: 'Cabeçalho',
|
|
72
72
|
tag_blockquote: 'Citar',
|
|
@@ -83,9 +83,9 @@
|
|
|
83
83
|
dialogBox: {
|
|
84
84
|
linkBox: {
|
|
85
85
|
title: 'Inserir link',
|
|
86
|
-
url: '
|
|
87
|
-
text: 'Texto
|
|
88
|
-
newWindowCheck: 'Abrir em nova guia',
|
|
86
|
+
url: 'Endereço do link',
|
|
87
|
+
text: 'Texto exibido',
|
|
88
|
+
newWindowCheck: 'Abrir em uma nova guia',
|
|
89
89
|
downloadLinkCheck: 'Link para Download',
|
|
90
90
|
bookmark: 'marcar páginas'
|
|
91
91
|
},
|
|
@@ -109,7 +109,7 @@
|
|
|
109
109
|
audioBox: {
|
|
110
110
|
title: 'Inserir áudio',
|
|
111
111
|
file: 'Selecionar arquivos',
|
|
112
|
-
url: 'URL
|
|
112
|
+
url: 'URL do áudio'
|
|
113
113
|
},
|
|
114
114
|
browser: {
|
|
115
115
|
tags: 'Tag',
|
package/src/lib/core.js
CHANGED
|
@@ -1589,8 +1589,6 @@ export default function (context, pluginCallButtons, plugins, lang, options, _re
|
|
|
1589
1589
|
}
|
|
1590
1590
|
|
|
1591
1591
|
if (!notSelect) {
|
|
1592
|
-
this.setRange(element, 0, element, 0);
|
|
1593
|
-
|
|
1594
1592
|
const fileComponentInfo = this.getFileComponent(element);
|
|
1595
1593
|
if (fileComponentInfo) {
|
|
1596
1594
|
this.selectComponent(fileComponentInfo.target, fileComponentInfo.pluginName);
|
|
@@ -5356,7 +5354,7 @@ export default function (context, pluginCallButtons, plugins, lang, options, _re
|
|
|
5356
5354
|
|
|
5357
5355
|
// blacklist
|
|
5358
5356
|
const bAttr = this._attributesTagsBlacklist[tagName];
|
|
5359
|
-
m = m.replace(/\s(?:on[a-z]+)\s*=\s*(")[^"]*\1/
|
|
5357
|
+
m = m.replace(/\s(?:on[a-z]+)\s*=\s*(?:(["'])[^"']*\1|\S+)/gi, '');
|
|
5360
5358
|
if (bAttr) m = m.replace(bAttr, '');
|
|
5361
5359
|
else m = m.replace(this._attributesBlacklistRegExp, '');
|
|
5362
5360
|
|
|
@@ -5398,7 +5396,7 @@ export default function (context, pluginCallButtons, plugins, lang, options, _re
|
|
|
5398
5396
|
if (v) {
|
|
5399
5397
|
for (let i = 0, len = v.length, a; i < len; i++) {
|
|
5400
5398
|
// if (lowLevelCheck && /^class="(?!(__se__|se-|katex))/.test(v[i].trim())) continue;
|
|
5401
|
-
a = (
|
|
5399
|
+
a = (_isSafeAttribute(v[i].trim()) ? v[i] : '');
|
|
5402
5400
|
t += (/^\s/.test(a) ? '' : ' ') + a;
|
|
5403
5401
|
}
|
|
5404
5402
|
}
|
|
@@ -9452,4 +9450,56 @@ export default function (context, pluginCallButtons, plugins, lang, options, _re
|
|
|
9452
9450
|
}
|
|
9453
9451
|
|
|
9454
9452
|
return functions;
|
|
9453
|
+
}
|
|
9454
|
+
|
|
9455
|
+
/** @description Safe URL protocol whitelist */
|
|
9456
|
+
const _SAFE_URL_PROTOCOL = /^(?:https?|ftps?|mailto|tel|blob|sms|geo|webcal|callto):|^[#/]|^data:image\//i;
|
|
9457
|
+
const _URL_ATTR_PATTERN = /^(?:href|src)\s*=/i;
|
|
9458
|
+
const _RE_ATTR_VALUE = /=\s*(?:"([^"]*)"|'([^']*)'|(\S+))/;
|
|
9459
|
+
const _RE_COLON = /:/i;
|
|
9460
|
+
|
|
9461
|
+
/**
|
|
9462
|
+
* @description Normalize a URL by decoding HTML entities, URL-encoded characters,
|
|
9463
|
+
* and stripping whitespace/control characters. Detects obfuscated dangerous protocols.
|
|
9464
|
+
* @param {string} url
|
|
9465
|
+
* @returns {string}
|
|
9466
|
+
*/
|
|
9467
|
+
function _normalizeURL(url) {
|
|
9468
|
+
let prev, limit = 5;
|
|
9469
|
+
do {
|
|
9470
|
+
prev = url;
|
|
9471
|
+
url = url.replace(/&(#x([0-9a-f]+)|#([0-9]+)|([a-z]+));/gi, function (_, __, hex, dec) {
|
|
9472
|
+
if (hex) return String.fromCharCode(parseInt(hex, 16));
|
|
9473
|
+
if (dec) return String.fromCharCode(parseInt(dec, 10));
|
|
9474
|
+
return '';
|
|
9475
|
+
});
|
|
9476
|
+
} while (url !== prev && --limit);
|
|
9477
|
+
|
|
9478
|
+
try { url = decodeURIComponent(url); } catch (e) { /* malformed URI */ }
|
|
9479
|
+
|
|
9480
|
+
url = url.replace(/[\u0000-\u0020]+/g, '');
|
|
9481
|
+
return url;
|
|
9482
|
+
}
|
|
9483
|
+
|
|
9484
|
+
/**
|
|
9485
|
+
* @description Check if a URL is safe (matches the allowed protocol whitelist).
|
|
9486
|
+
* @param {string} url
|
|
9487
|
+
* @returns {boolean}
|
|
9488
|
+
*/
|
|
9489
|
+
function _isSafeURL(url) {
|
|
9490
|
+
var normalized = _normalizeURL(url);
|
|
9491
|
+
return _SAFE_URL_PROTOCOL.test(normalized) || !_RE_COLON.test(normalized);
|
|
9492
|
+
}
|
|
9493
|
+
|
|
9494
|
+
/**
|
|
9495
|
+
* @description Check if an attribute string (e.g. 'href="..."') contains a safe URL.
|
|
9496
|
+
* @param {string} attr
|
|
9497
|
+
* @returns {boolean}
|
|
9498
|
+
*/
|
|
9499
|
+
function _isSafeAttribute(attr) {
|
|
9500
|
+
if (!_URL_ATTR_PATTERN.test(attr)) return true;
|
|
9501
|
+
var urlMatch = attr.match(_RE_ATTR_VALUE);
|
|
9502
|
+
if (!urlMatch) return true;
|
|
9503
|
+
var url = urlMatch[1] || urlMatch[2] || urlMatch[3] || '';
|
|
9504
|
+
return _isSafeURL(url);
|
|
9455
9505
|
}
|
package/src/options.d.ts
CHANGED
|
@@ -452,7 +452,7 @@ export interface SunEditorOptions {
|
|
|
452
452
|
videoMultipleFile?: boolean;
|
|
453
453
|
/**
|
|
454
454
|
* Define "Attributes" of the video tag.
|
|
455
|
-
* @example { poster: "
|
|
455
|
+
* @example { poster: "https://suneditor-files.s3.ap-northeast-2.amazonaws.com/sample/v2/docs/loading.gif", autoplay: true }
|
|
456
456
|
*/
|
|
457
457
|
videoTagAttrs?: Record<string, string | boolean>;
|
|
458
458
|
/**
|