umap-project 2.3.0__py3-none-any.whl → 2.3.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of umap-project might be problematic. Click here for more details.
- umap/__init__.py +1 -1
- umap/locale/pl/LC_MESSAGES/django.mo +0 -0
- umap/locale/pl/LC_MESSAGES/django.po +83 -78
- umap/locale/pt/LC_MESSAGES/django.mo +0 -0
- umap/locale/pt/LC_MESSAGES/django.po +129 -123
- umap/static/umap/base.css +4 -2
- umap/static/umap/js/modules/browser.js +8 -15
- umap/static/umap/js/modules/caption.js +118 -0
- umap/static/umap/js/modules/global.js +2 -0
- umap/static/umap/js/modules/panel.js +13 -7
- umap/static/umap/js/umap.controls.js +25 -99
- umap/static/umap/js/umap.core.js +3 -6
- umap/static/umap/js/umap.forms.js +8 -6
- umap/static/umap/js/umap.js +32 -34
- umap/static/umap/js/umap.layer.js +2 -2
- umap/static/umap/js/umap.popup.js +1 -0
- umap/static/umap/vendors/dompurify/purify.es.js +50 -15
- umap/static/umap/vendors/dompurify/purify.es.mjs.map +1 -1
- umap/tests/base.py +1 -0
- umap/tests/integration/test_browser.py +4 -2
- umap/tests/integration/test_caption.py +27 -0
- umap/tests/integration/test_edit_datalayer.py +29 -0
- umap/tests/integration/test_facets_browser.py +4 -1
- umap/tests/integration/test_map.py +0 -15
- umap/tests/integration/test_view_marker.py +17 -0
- {umap_project-2.3.0.dist-info → umap_project-2.3.1.dist-info}/METADATA +5 -5
- {umap_project-2.3.0.dist-info → umap_project-2.3.1.dist-info}/RECORD +30 -28
- {umap_project-2.3.0.dist-info → umap_project-2.3.1.dist-info}/WHEEL +0 -0
- {umap_project-2.3.0.dist-info → umap_project-2.3.1.dist-info}/entry_points.txt +0 -0
- {umap_project-2.3.0.dist-info → umap_project-2.3.1.dist-info}/licenses/LICENSE +0 -0
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @license DOMPurify 3.1.
|
|
1
|
+
/*! @license DOMPurify 3.1.3 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.1.3/LICENSE */
|
|
2
2
|
|
|
3
3
|
const {
|
|
4
4
|
entries,
|
|
@@ -48,6 +48,7 @@ const stringTrim = unapply(String.prototype.trim);
|
|
|
48
48
|
const objectHasOwnProperty = unapply(Object.prototype.hasOwnProperty);
|
|
49
49
|
const regExpTest = unapply(RegExp.prototype.test);
|
|
50
50
|
const typeErrorCreate = unconstruct(TypeError);
|
|
51
|
+
const numberIsNaN = unapply(Number.isNaN);
|
|
51
52
|
|
|
52
53
|
/**
|
|
53
54
|
* Creates a new function that calls the given function with a specified thisArg and arguments.
|
|
@@ -231,6 +232,24 @@ var EXPRESSIONS = /*#__PURE__*/Object.freeze({
|
|
|
231
232
|
CUSTOM_ELEMENT: CUSTOM_ELEMENT
|
|
232
233
|
});
|
|
233
234
|
|
|
235
|
+
// https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType
|
|
236
|
+
const NODE_TYPE = {
|
|
237
|
+
element: 1,
|
|
238
|
+
attribute: 2,
|
|
239
|
+
text: 3,
|
|
240
|
+
cdataSection: 4,
|
|
241
|
+
entityReference: 5,
|
|
242
|
+
// Deprecated
|
|
243
|
+
entityNode: 6,
|
|
244
|
+
// Deprecated
|
|
245
|
+
progressingInstruction: 7,
|
|
246
|
+
comment: 8,
|
|
247
|
+
document: 9,
|
|
248
|
+
documentType: 10,
|
|
249
|
+
documentFragment: 11,
|
|
250
|
+
notation: 12 // Deprecated
|
|
251
|
+
};
|
|
252
|
+
|
|
234
253
|
const getGlobal = function getGlobal() {
|
|
235
254
|
return typeof window === 'undefined' ? null : window;
|
|
236
255
|
};
|
|
@@ -282,14 +301,14 @@ function createDOMPurify() {
|
|
|
282
301
|
* Version label, exposed for easier checks
|
|
283
302
|
* if DOMPurify is up to date or not
|
|
284
303
|
*/
|
|
285
|
-
DOMPurify.version = '3.1.
|
|
304
|
+
DOMPurify.version = '3.1.3';
|
|
286
305
|
|
|
287
306
|
/**
|
|
288
307
|
* Array of elements that DOMPurify removed during sanitation.
|
|
289
308
|
* Empty if nothing was removed.
|
|
290
309
|
*/
|
|
291
310
|
DOMPurify.removed = [];
|
|
292
|
-
if (!window || !window.document || window.document.nodeType !==
|
|
311
|
+
if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document) {
|
|
293
312
|
// Not running in a browser, provide a factory function
|
|
294
313
|
// so that you can pass your own Window
|
|
295
314
|
DOMPurify.isSupported = false;
|
|
@@ -1000,13 +1019,13 @@ function createDOMPurify() {
|
|
|
1000
1019
|
}
|
|
1001
1020
|
|
|
1002
1021
|
/* Remove any ocurrence of processing instructions */
|
|
1003
|
-
if (currentNode.nodeType ===
|
|
1022
|
+
if (currentNode.nodeType === NODE_TYPE.progressingInstruction) {
|
|
1004
1023
|
_forceRemove(currentNode);
|
|
1005
1024
|
return true;
|
|
1006
1025
|
}
|
|
1007
1026
|
|
|
1008
1027
|
/* Remove any kind of possibly harmful comments */
|
|
1009
|
-
if (SAFE_FOR_XML && currentNode.nodeType ===
|
|
1028
|
+
if (SAFE_FOR_XML && currentNode.nodeType === NODE_TYPE.comment && regExpTest(/<[/\w]/g, currentNode.data)) {
|
|
1010
1029
|
_forceRemove(currentNode);
|
|
1011
1030
|
return true;
|
|
1012
1031
|
}
|
|
@@ -1053,7 +1072,7 @@ function createDOMPurify() {
|
|
|
1053
1072
|
}
|
|
1054
1073
|
|
|
1055
1074
|
/* Sanitize element content to be template-safe */
|
|
1056
|
-
if (SAFE_FOR_TEMPLATES && currentNode.nodeType ===
|
|
1075
|
+
if (SAFE_FOR_TEMPLATES && currentNode.nodeType === NODE_TYPE.text) {
|
|
1057
1076
|
/* Get the element's text content */
|
|
1058
1077
|
content = currentNode.textContent;
|
|
1059
1078
|
arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], expr => {
|
|
@@ -1083,7 +1102,7 @@ function createDOMPurify() {
|
|
|
1083
1102
|
// eslint-disable-next-line complexity
|
|
1084
1103
|
const _isValidAttribute = function _isValidAttribute(lcTag, lcName, value) {
|
|
1085
1104
|
/* Make sure attribute cannot clobber */
|
|
1086
|
-
if (SANITIZE_DOM && (lcName === 'id' || lcName === 'name') && (value in document || value in formElement)) {
|
|
1105
|
+
if (SANITIZE_DOM && (lcName === 'id' || lcName === 'name') && (value in document || value in formElement || value === '__depth' || value === '__removalCount')) {
|
|
1087
1106
|
return false;
|
|
1088
1107
|
}
|
|
1089
1108
|
|
|
@@ -1187,6 +1206,12 @@ function createDOMPurify() {
|
|
|
1187
1206
|
continue;
|
|
1188
1207
|
}
|
|
1189
1208
|
|
|
1209
|
+
/* Work around a security issue with comments inside attributes */
|
|
1210
|
+
if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title)/i, value)) {
|
|
1211
|
+
_removeAttribute(name, currentNode);
|
|
1212
|
+
continue;
|
|
1213
|
+
}
|
|
1214
|
+
|
|
1190
1215
|
/* Sanitize attribute content to be template-safe */
|
|
1191
1216
|
if (SAFE_FOR_TEMPLATES) {
|
|
1192
1217
|
arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], expr => {
|
|
@@ -1237,7 +1262,11 @@ function createDOMPurify() {
|
|
|
1237
1262
|
/* Fallback to setAttribute() for browser-unrecognized namespaces e.g. "x-schema". */
|
|
1238
1263
|
currentNode.setAttribute(name, value);
|
|
1239
1264
|
}
|
|
1240
|
-
|
|
1265
|
+
if (_isClobbered(currentNode)) {
|
|
1266
|
+
_forceRemove(currentNode);
|
|
1267
|
+
} else {
|
|
1268
|
+
arrayPop(DOMPurify.removed);
|
|
1269
|
+
}
|
|
1241
1270
|
} catch (_) {}
|
|
1242
1271
|
}
|
|
1243
1272
|
|
|
@@ -1267,7 +1296,7 @@ function createDOMPurify() {
|
|
|
1267
1296
|
const parentNode = getParentNode(shadowNode);
|
|
1268
1297
|
|
|
1269
1298
|
/* Set the nesting depth of an element */
|
|
1270
|
-
if (shadowNode.nodeType ===
|
|
1299
|
+
if (shadowNode.nodeType === NODE_TYPE.element) {
|
|
1271
1300
|
if (parentNode && parentNode.__depth) {
|
|
1272
1301
|
/*
|
|
1273
1302
|
We want the depth of the node in the original tree, which can
|
|
@@ -1279,8 +1308,11 @@ function createDOMPurify() {
|
|
|
1279
1308
|
}
|
|
1280
1309
|
}
|
|
1281
1310
|
|
|
1282
|
-
/*
|
|
1283
|
-
|
|
1311
|
+
/*
|
|
1312
|
+
* Remove an element if nested too deeply to avoid mXSS
|
|
1313
|
+
* or if the __depth might have been tampered with
|
|
1314
|
+
*/
|
|
1315
|
+
if (shadowNode.__depth >= MAX_NESTING_DEPTH || shadowNode.__depth < 0 || numberIsNaN(shadowNode.__depth)) {
|
|
1284
1316
|
_forceRemove(shadowNode);
|
|
1285
1317
|
}
|
|
1286
1318
|
|
|
@@ -1362,7 +1394,7 @@ function createDOMPurify() {
|
|
|
1362
1394
|
elements being stripped by the parser */
|
|
1363
1395
|
body = _initDocument('<!---->');
|
|
1364
1396
|
importedNode = body.ownerDocument.importNode(dirty, true);
|
|
1365
|
-
if (importedNode.nodeType ===
|
|
1397
|
+
if (importedNode.nodeType === NODE_TYPE.element && importedNode.nodeName === 'BODY') {
|
|
1366
1398
|
/* Node is already a body, use as is */
|
|
1367
1399
|
body = importedNode;
|
|
1368
1400
|
} else if (importedNode.nodeName === 'HTML') {
|
|
@@ -1405,7 +1437,7 @@ function createDOMPurify() {
|
|
|
1405
1437
|
const parentNode = getParentNode(currentNode);
|
|
1406
1438
|
|
|
1407
1439
|
/* Set the nesting depth of an element */
|
|
1408
|
-
if (currentNode.nodeType ===
|
|
1440
|
+
if (currentNode.nodeType === NODE_TYPE.element) {
|
|
1409
1441
|
if (parentNode && parentNode.__depth) {
|
|
1410
1442
|
/*
|
|
1411
1443
|
We want the depth of the node in the original tree, which can
|
|
@@ -1417,8 +1449,11 @@ function createDOMPurify() {
|
|
|
1417
1449
|
}
|
|
1418
1450
|
}
|
|
1419
1451
|
|
|
1420
|
-
/*
|
|
1421
|
-
|
|
1452
|
+
/*
|
|
1453
|
+
* Remove an element if nested too deeply to avoid mXSS
|
|
1454
|
+
* or if the __depth might have been tampered with
|
|
1455
|
+
*/
|
|
1456
|
+
if (currentNode.__depth >= MAX_NESTING_DEPTH || currentNode.__depth < 0 || numberIsNaN(currentNode.__depth)) {
|
|
1422
1457
|
_forceRemove(currentNode);
|
|
1423
1458
|
}
|
|
1424
1459
|
|