@locker/html-sanitizer - npm Package Compare versions

Comparing version 0.13.1 to 0.13.2

dist/index.cjs.js

		@@ -259,3 +259,3 @@ /**
		const queue = new shared.SetCtor();
		// simple regex to find all non lowercase alfanumeric
		// simple regex to find all non lowercase alphanumeric
		const urlReplacer = /[^a-z0-9]+/gi;
		@@ -273,7 +273,7 @@ const URL_SCHEMES = ['http:', 'https:'];
		return {
		requestedUrl: urlParam[0],
		normalizedUrl,
		normalizedFragment,
		protocol: normalized.protocol,
		requestedFragment: urlParam[1],
		protocol: normalized.protocol,
		requestedUrl: urlParam[0],
		};
		@@ -283,5 +283,5 @@ }
		const c = sharedDom.DocumentCreateElement(document$1, 'div');
		sharedDom.ElementSetAttributeUtil(c, 'style', 'display:none');
		sharedDom.ElementSetAttributeUtil(c, 'id', url);
		const body = shared.ReflectApply(sharedDom.DocumentBodyGetter, document$1, shared.emptyArray);
		sharedDom.ElementSetAttribute(c, 'style', 'display:none');
		sharedDom.ElementSetAttribute(c, 'id', url);
		const body = shared.ReflectApply(sharedDom.DocumentProtoBodyGetter, document$1, shared.emptyArray);
		sharedDom.NodeAppendChild(body, c);
		@@ -292,7 +292,7 @@ return c;
		const { normalizedFragment, requestedFragment } = normalizedHref;
		let el = sharedDom.ElementQuerySelectorUtil(container, `#${normalizedFragment}`);
		let el = sharedDom.ElementQuerySelector(container, `#${normalizedFragment}`);
		if (!el) {
		try {
		el = sharedDom.ElementQuerySelectorUtil(container, `#${requestedFragment}`);
		sharedDom.ElementSetAttributeUtil(el, 'id', normalizedFragment);
		el = sharedDom.ElementQuerySelector(container, `#${requestedFragment}`);
		sharedDom.ElementSetAttribute(el, 'id', normalizedFragment);
		}
		@@ -312,7 +312,7 @@ catch (e) {
		updater(container, normalizedHref);
		sharedDom.WindowClearIntervalUtil(window, interval);
		sharedDom.WindowClearInterval(window, interval);
		}
		};
		// wait for request to finish, then update content
		const interval = sharedDom.WindowSetIntervalUtil(window, checkFn, 50);
		const interval = sharedDom.WindowSetInterval(window, checkFn, 50);
		}
		@@ -341,3 +341,3 @@ else {
		if (el) {
		sharedDom.ElementSetAttributeUtil(el, 'id', normalizedHref.normalizedFragment);
		sharedDom.ElementSetAttribute(el, 'id', normalizedHref.normalizedFragment);
		}
		@@ -358,18 +358,18 @@ }
		}
		const normalized = parseAttributeValue(value);
		const normalizedHref = parseAttributeValue(value);
		// sanitize only for supported URL_SCHEMES
		if (shared.ArrayIncludes(URL_SCHEMES, normalized.protocol)) {
		const container = sharedDom.DocumentGetElementById(document$1, normalized.normalizedUrl);
		if (shared.ArrayIncludes(URL_SCHEMES, normalizedHref.protocol)) {
		const container = sharedDom.DocumentGetElementById(document$1, normalizedHref.normalizedUrl);
		// have we sanitized this URL already ?
		if (container && normalized.normalizedFragment) {
		checkExistingAndDequeue(container, normalized);
		if (container && normalizedHref.normalizedFragment) {
		checkExistingAndDequeue(container, normalizedHref);
		}
		else if (!container) {
		fetchAndSanitize(normalized);
		fetchAndSanitize(normalizedHref);
		}
		// if this has been in the form of http://my-url/file.svg#fragment we return the normalized fragment
		// otherwise we return the normalized url
		return normalized.requestedFragment
		? `#${normalized.normalizedFragment}`
		: `#${normalized.normalizedUrl}`;
		return normalizedHref.requestedFragment
		? `#${normalizedHref.normalizedFragment}`
		: `#${normalizedHref.normalizedUrl}`;
		}
		@@ -380,3 +380,3 @@ return value;
		function sanitizeHrefAttributeHook(node, data) {
		const nodeName = shared.StringToUpperCase(shared.ReflectApply(sharedDom.NodeNodeNameGetter, node, shared.emptyArray));
		const nodeName = shared.StringToUpperCase(shared.ReflectApply(sharedDom.NodeProtoNodeNameGetter, node, shared.emptyArray));
		if (data.attrValue && nodeName === 'USE' && shared.ArrayIncludes(ATTRIBUTES, data.attrName)) {
		@@ -412,2 +412,2 @@ data.attrValue = sanitizeSvgHrefValue(data.attrValue);
		exports.svgSanitizer = svgSanitizer;
		/** version: 0.13.1 */
		/** version: 0.13.2 */

dist/index.js

		@@ -5,3 +5,3 @@ /**
		import { WeakMapCtor, WeakMapGet, MapForEach, WeakMapSet, ArrayConcat, ArrayFilter, ArrayIncludes, SetCtor, StringStartsWith, StringSplit, StringReplace, StringToLowerCase, SetHas, SetAdd, ReflectApply, StringToUpperCase, emptyArray, MapCtor, SetDelete } from '@locker/shared';
		import { DocumentCreateElement, DocumentGetElementById, WindowSetIntervalUtil, XhrCtor, XhrOpen, XhrOnReadyStateChangeSetter, XhrSend, NodeNodeNameGetter, ElementSetAttributeUtil, DocumentBodyGetter, NodeAppendChild, ElementQuerySelectorUtil, WindowClearIntervalUtil, XhrReadyStateGetter, XhrStatusGetter, DocumentFragmentGetElementById } from '@locker/shared-dom';
		import { DocumentCreateElement, DocumentGetElementById, WindowSetInterval, XhrCtor, XhrOpen, XhrOnReadyStateChangeSetter, XhrSend, NodeProtoNodeNameGetter, ElementSetAttribute, DocumentProtoBodyGetter, NodeAppendChild, ElementQuerySelector, WindowClearInterval, XhrReadyStateGetter, XhrStatusGetter, DocumentFragmentGetElementById } from '@locker/shared-dom';
		import DOMPurify from 'dompurify';
		@@ -252,3 +252,3 @@
		const queue = new SetCtor();
		// simple regex to find all non lowercase alfanumeric
		// simple regex to find all non lowercase alphanumeric
		const urlReplacer = /[^a-z0-9]+/gi;
		@@ -266,7 +266,7 @@ const URL_SCHEMES = ['http:', 'https:'];
		return {
		requestedUrl: urlParam[0],
		normalizedUrl,
		normalizedFragment,
		protocol: normalized.protocol,
		requestedFragment: urlParam[1],
		protocol: normalized.protocol,
		requestedUrl: urlParam[0],
		};
		@@ -276,5 +276,5 @@ }
		const c = DocumentCreateElement(document$1, 'div');
		ElementSetAttributeUtil(c, 'style', 'display:none');
		ElementSetAttributeUtil(c, 'id', url);
		const body = ReflectApply(DocumentBodyGetter, document$1, emptyArray);
		ElementSetAttribute(c, 'style', 'display:none');
		ElementSetAttribute(c, 'id', url);
		const body = ReflectApply(DocumentProtoBodyGetter, document$1, emptyArray);
		NodeAppendChild(body, c);
		@@ -285,7 +285,7 @@ return c;
		const { normalizedFragment, requestedFragment } = normalizedHref;
		let el = ElementQuerySelectorUtil(container, `#${normalizedFragment}`);
		let el = ElementQuerySelector(container, `#${normalizedFragment}`);
		if (!el) {
		try {
		el = ElementQuerySelectorUtil(container, `#${requestedFragment}`);
		ElementSetAttributeUtil(el, 'id', normalizedFragment);
		el = ElementQuerySelector(container, `#${requestedFragment}`);
		ElementSetAttribute(el, 'id', normalizedFragment);
		}
		@@ -305,7 +305,7 @@ catch (e) {
		updater(container, normalizedHref);
		WindowClearIntervalUtil(window, interval);
		WindowClearInterval(window, interval);
		}
		};
		// wait for request to finish, then update content
		const interval = WindowSetIntervalUtil(window, checkFn, 50);
		const interval = WindowSetInterval(window, checkFn, 50);
		}
		@@ -334,3 +334,3 @@ else {
		if (el) {
		ElementSetAttributeUtil(el, 'id', normalizedHref.normalizedFragment);
		ElementSetAttribute(el, 'id', normalizedHref.normalizedFragment);
		}
		@@ -351,18 +351,18 @@ }
		}
		const normalized = parseAttributeValue(value);
		const normalizedHref = parseAttributeValue(value);
		// sanitize only for supported URL_SCHEMES
		if (ArrayIncludes(URL_SCHEMES, normalized.protocol)) {
		const container = DocumentGetElementById(document$1, normalized.normalizedUrl);
		if (ArrayIncludes(URL_SCHEMES, normalizedHref.protocol)) {
		const container = DocumentGetElementById(document$1, normalizedHref.normalizedUrl);
		// have we sanitized this URL already ?
		if (container && normalized.normalizedFragment) {
		checkExistingAndDequeue(container, normalized);
		if (container && normalizedHref.normalizedFragment) {
		checkExistingAndDequeue(container, normalizedHref);
		}
		else if (!container) {
		fetchAndSanitize(normalized);
		fetchAndSanitize(normalizedHref);
		}
		// if this has been in the form of http://my-url/file.svg#fragment we return the normalized fragment
		// otherwise we return the normalized url
		return normalized.requestedFragment
		? `#${normalized.normalizedFragment}`
		: `#${normalized.normalizedUrl}`;
		return normalizedHref.requestedFragment
		? `#${normalizedHref.normalizedFragment}`
		: `#${normalizedHref.normalizedUrl}`;
		}
		@@ -373,3 +373,3 @@ return value;
		function sanitizeHrefAttributeHook(node, data) {
		const nodeName = StringToUpperCase(ReflectApply(NodeNodeNameGetter, node, emptyArray));
		const nodeName = StringToUpperCase(ReflectApply(NodeProtoNodeNameGetter, node, emptyArray));
		if (data.attrValue && nodeName === 'USE' && ArrayIncludes(ATTRIBUTES, data.attrName)) {
		@@ -400,2 +400,2 @@ data.attrValue = sanitizeSvgHrefValue(data.attrValue);
		export { config as CONFIG, blobSanitizer, sanitize, sanitizeSvgHrefValue, sanitizer, svgSanitizer };
		/** version: 0.13.1 */
		/** version: 0.13.2 */

package.json

		{
		"name": "@locker/html-sanitizer",
		"version": "0.13.1",
		"version": "0.13.2",
		"license": "Salesforce Developer Agreement",
		@@ -22,8 +22,8 @@ "author": "Salesforce UI Security Team",
		"dependencies": {
		"@locker/shared": "0.13.1",
		"@locker/shared-dom": "0.13.1",
		"@locker/shared": "0.13.2",
		"@locker/shared-dom": "0.13.2",
		"@types/dompurify": "2.1.0",
		"dompurify": "2.2.2"
		},
		"gitHead": "e45e156c181f1db0923287cff16a283b5eacff7a"
		"gitHead": "8821f240966fb91cce5be32deca204095d133308"
		}

types/config.d.ts

		import { Config } from 'dompurify';
		export declare const DEFAULT_CONFIGURATION: {
		ALLOWED_TAGS: any;
		ALLOWED_TAGS: any[];
		ADD_ATTR: string[];
		@@ -5,0 +5,0 @@ };

types/hooks/svg-sanitize-href-attribute.d.ts.map

Sorry, the diff of this file is not supported yet

@locker/html-sanitizer - npm Package Compare versions

Improved metrics

Dependency changes