suneditor 2.47.8 → 2.47.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -11
- package/dist/suneditor.min.js +2 -2
- package/package.json +13 -2
- package/src/lang/pt_br.js +9 -9
- package/src/lib/core.js +54 -2
- package/src/options.d.ts +1 -1
package/package.json
CHANGED
|
@@ -1,10 +1,16 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "suneditor",
|
|
3
|
-
"version": "2.47.
|
|
3
|
+
"version": "2.47.9",
|
|
4
4
|
"description": "Vanilla JavaScript WYSIWYG web editor (2.x legacy version, actively maintained)",
|
|
5
5
|
"author": "JiHong.Lee",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"main": "src/suneditor.js",
|
|
8
|
+
"publishConfig": {
|
|
9
|
+
"tag": "legacy"
|
|
10
|
+
},
|
|
11
|
+
"engines": {
|
|
12
|
+
"node": "<13.0.0"
|
|
13
|
+
},
|
|
8
14
|
"sideEffects": [
|
|
9
15
|
"./src/assets/css/*.css"
|
|
10
16
|
],
|
|
@@ -18,7 +24,7 @@
|
|
|
18
24
|
"bugs": {
|
|
19
25
|
"url": "https://github.com/JiHong88/SunEditor/issues"
|
|
20
26
|
},
|
|
21
|
-
"homepage": "
|
|
27
|
+
"homepage": "https://legacy.suneditor.com",
|
|
22
28
|
"repository": {
|
|
23
29
|
"type": "git",
|
|
24
30
|
"url": "https://github.com/JiHong88/SunEditor.git"
|
|
@@ -44,7 +50,12 @@
|
|
|
44
50
|
"jshint": "~2.13.4",
|
|
45
51
|
"karma": "~6.3.19",
|
|
46
52
|
"karma-chrome-launcher": "~2.2.0",
|
|
53
|
+
"karma-firefox-launcher": "^2.1.2",
|
|
54
|
+
"karma-ie-launcher": "^1.0.0",
|
|
47
55
|
"karma-jasmine": "~1.1.2",
|
|
56
|
+
"karma-opera-launcher": "^1.0.0",
|
|
57
|
+
"karma-safari-launcher": "^1.0.0",
|
|
58
|
+
"karma-webpack": "^4.0.2",
|
|
48
59
|
"katex": "^0.16.21",
|
|
49
60
|
"mini-css-extract-plugin": "~0.4.5",
|
|
50
61
|
"optimize-css-assets-webpack-plugin": "~5.0.4",
|
package/src/lang/pt_br.js
CHANGED
|
@@ -33,11 +33,11 @@
|
|
|
33
33
|
bold: 'Negrito',
|
|
34
34
|
underline: 'Sublinhado',
|
|
35
35
|
italic: 'Itálico',
|
|
36
|
-
strike: '
|
|
37
|
-
subscript: '
|
|
36
|
+
strike: 'Tachado',
|
|
37
|
+
subscript: 'Subscrito',
|
|
38
38
|
superscript: 'Sobrescrito',
|
|
39
|
-
removeFormat: 'Remover
|
|
40
|
-
fontColor: 'Cor da
|
|
39
|
+
removeFormat: 'Remover formatação',
|
|
40
|
+
fontColor: 'Cor da fonte',
|
|
41
41
|
hiliteColor: 'Cor de destaque',
|
|
42
42
|
indent: 'Recuo',
|
|
43
43
|
outdent: 'Avançar',
|
|
@@ -66,7 +66,7 @@
|
|
|
66
66
|
redo: 'Refazer',
|
|
67
67
|
preview: 'Prever',
|
|
68
68
|
print: 'Imprimir',
|
|
69
|
-
tag_p: '
|
|
69
|
+
tag_p: 'Parágrafo',
|
|
70
70
|
tag_div: '(DIV) Normal',
|
|
71
71
|
tag_h: 'Cabeçalho',
|
|
72
72
|
tag_blockquote: 'Citar',
|
|
@@ -83,9 +83,9 @@
|
|
|
83
83
|
dialogBox: {
|
|
84
84
|
linkBox: {
|
|
85
85
|
title: 'Inserir link',
|
|
86
|
-
url: '
|
|
87
|
-
text: 'Texto
|
|
88
|
-
newWindowCheck: 'Abrir em nova guia',
|
|
86
|
+
url: 'Endereço do link',
|
|
87
|
+
text: 'Texto exibido',
|
|
88
|
+
newWindowCheck: 'Abrir em uma nova guia',
|
|
89
89
|
downloadLinkCheck: 'Link para Download',
|
|
90
90
|
bookmark: 'marcar páginas'
|
|
91
91
|
},
|
|
@@ -109,7 +109,7 @@
|
|
|
109
109
|
audioBox: {
|
|
110
110
|
title: 'Inserir áudio',
|
|
111
111
|
file: 'Selecionar arquivos',
|
|
112
|
-
url: 'URL
|
|
112
|
+
url: 'URL do áudio'
|
|
113
113
|
},
|
|
114
114
|
browser: {
|
|
115
115
|
tags: 'Tag',
|
package/src/lib/core.js
CHANGED
|
@@ -5356,7 +5356,7 @@ export default function (context, pluginCallButtons, plugins, lang, options, _re
|
|
|
5356
5356
|
|
|
5357
5357
|
// blacklist
|
|
5358
5358
|
const bAttr = this._attributesTagsBlacklist[tagName];
|
|
5359
|
-
m = m.replace(/\s(?:on[a-z]+)\s*=\s*(")[^"]*\1/
|
|
5359
|
+
m = m.replace(/\s(?:on[a-z]+)\s*=\s*(?:(["'])[^"']*\1|\S+)/gi, '');
|
|
5360
5360
|
if (bAttr) m = m.replace(bAttr, '');
|
|
5361
5361
|
else m = m.replace(this._attributesBlacklistRegExp, '');
|
|
5362
5362
|
|
|
@@ -5398,7 +5398,7 @@ export default function (context, pluginCallButtons, plugins, lang, options, _re
|
|
|
5398
5398
|
if (v) {
|
|
5399
5399
|
for (let i = 0, len = v.length, a; i < len; i++) {
|
|
5400
5400
|
// if (lowLevelCheck && /^class="(?!(__se__|se-|katex))/.test(v[i].trim())) continue;
|
|
5401
|
-
a = (
|
|
5401
|
+
a = (_isSafeAttribute(v[i].trim()) ? v[i] : '');
|
|
5402
5402
|
t += (/^\s/.test(a) ? '' : ' ') + a;
|
|
5403
5403
|
}
|
|
5404
5404
|
}
|
|
@@ -9452,4 +9452,56 @@ export default function (context, pluginCallButtons, plugins, lang, options, _re
|
|
|
9452
9452
|
}
|
|
9453
9453
|
|
|
9454
9454
|
return functions;
|
|
9455
|
+
}
|
|
9456
|
+
|
|
9457
|
+
/** @description Safe URL protocol whitelist */
|
|
9458
|
+
const _SAFE_URL_PROTOCOL = /^(?:https?|ftps?|mailto|tel|blob|sms|geo|webcal|callto):|^[#/]|^data:image\//i;
|
|
9459
|
+
const _URL_ATTR_PATTERN = /^(?:href|src)\s*=/i;
|
|
9460
|
+
const _RE_ATTR_VALUE = /=\s*(?:"([^"]*)"|'([^']*)'|(\S+))/;
|
|
9461
|
+
const _RE_COLON = /:/i;
|
|
9462
|
+
|
|
9463
|
+
/**
|
|
9464
|
+
* @description Normalize a URL by decoding HTML entities, URL-encoded characters,
|
|
9465
|
+
* and stripping whitespace/control characters. Detects obfuscated dangerous protocols.
|
|
9466
|
+
* @param {string} url
|
|
9467
|
+
* @returns {string}
|
|
9468
|
+
*/
|
|
9469
|
+
function _normalizeURL(url) {
|
|
9470
|
+
let prev, limit = 5;
|
|
9471
|
+
do {
|
|
9472
|
+
prev = url;
|
|
9473
|
+
url = url.replace(/&(#x([0-9a-f]+)|#([0-9]+)|([a-z]+));/gi, function (_, __, hex, dec) {
|
|
9474
|
+
if (hex) return String.fromCharCode(parseInt(hex, 16));
|
|
9475
|
+
if (dec) return String.fromCharCode(parseInt(dec, 10));
|
|
9476
|
+
return '';
|
|
9477
|
+
});
|
|
9478
|
+
} while (url !== prev && --limit);
|
|
9479
|
+
|
|
9480
|
+
try { url = decodeURIComponent(url); } catch (e) { /* malformed URI */ }
|
|
9481
|
+
|
|
9482
|
+
url = url.replace(/[\u0000-\u0020]+/g, '');
|
|
9483
|
+
return url;
|
|
9484
|
+
}
|
|
9485
|
+
|
|
9486
|
+
/**
|
|
9487
|
+
* @description Check if a URL is safe (matches the allowed protocol whitelist).
|
|
9488
|
+
* @param {string} url
|
|
9489
|
+
* @returns {boolean}
|
|
9490
|
+
*/
|
|
9491
|
+
function _isSafeURL(url) {
|
|
9492
|
+
var normalized = _normalizeURL(url);
|
|
9493
|
+
return _SAFE_URL_PROTOCOL.test(normalized) || !_RE_COLON.test(normalized);
|
|
9494
|
+
}
|
|
9495
|
+
|
|
9496
|
+
/**
|
|
9497
|
+
* @description Check if an attribute string (e.g. 'href="..."') contains a safe URL.
|
|
9498
|
+
* @param {string} attr
|
|
9499
|
+
* @returns {boolean}
|
|
9500
|
+
*/
|
|
9501
|
+
function _isSafeAttribute(attr) {
|
|
9502
|
+
if (!_URL_ATTR_PATTERN.test(attr)) return true;
|
|
9503
|
+
var urlMatch = attr.match(_RE_ATTR_VALUE);
|
|
9504
|
+
if (!urlMatch) return true;
|
|
9505
|
+
var url = urlMatch[1] || urlMatch[2] || urlMatch[3] || '';
|
|
9506
|
+
return _isSafeURL(url);
|
|
9455
9507
|
}
|
package/src/options.d.ts
CHANGED
|
@@ -452,7 +452,7 @@ export interface SunEditorOptions {
|
|
|
452
452
|
videoMultipleFile?: boolean;
|
|
453
453
|
/**
|
|
454
454
|
* Define "Attributes" of the video tag.
|
|
455
|
-
* @example { poster: "
|
|
455
|
+
* @example { poster: "https://suneditor-files.s3.ap-northeast-2.amazonaws.com/sample/v2/docs/loading.gif", autoplay: true }
|
|
456
456
|
*/
|
|
457
457
|
videoTagAttrs?: Record<string, string | boolean>;
|
|
458
458
|
/**
|