@locker/html-sanitizer - npm Package Compare versions

Comparing version 0.14.20 to 0.15.0

dist/index.cjs.js

		@@ -199,2 +199,10 @@ /*!
		return sharedDom.ElementInnerHTMLGetter(htmlTemplate);
		}

		function sanitizeDocument(doc) {
		const content = sharedDom.ElementOuterHTMLGetter(sharedDom.DocumentDocumentElementGetter(doc));
		const contentSanitized = sanitize(content);
		const newDoc = sharedDom.DOMImplementationCreateDocument(sharedDom.DocumentImplementation(doc), sharedDom.NAMESPACE_XHTML, 'html');
		sharedDom.ElementInnerHTMLSetter(sharedDom.DocumentDocumentElementGetter(newDoc), contentSanitized);
		return newDoc;
		} // Sanitize a URL representing a SVG href attribute value.
		@@ -237,7 +245,19 @@

		function sanitizeSvgInnerHtml(el, dirty) {
		const ownerDoc = sharedDom.NodeOwnerDocumentGetter(el);
		function createSvgContainer(ownerDoc) {
		return sharedDom.DocumentCreateElementNS(ownerDoc, sharedDom.NAMESPACE_SVG, 'svg');
		}

		function sanitizeSvgInnerHtml(stringOrSvg, dirty = '') {
		let container;
		const ownerDoc = typeof stringOrSvg === 'string' ? document : sharedDom.NodeOwnerDocumentGetter(stringOrSvg);
		const comment = sharedDom.DocumentCreateComment(ownerDoc, '');
		const closestSvg = sharedDom.ElementClosest(el, 'svg');
		const container = closestSvg ? sharedDom.NodeClone(closestSvg, false) : sharedDom.DocumentCreateElementNS(ownerDoc, 'http://www.w3.org/2000/svg', 'svg');

		if (typeof stringOrSvg === 'string') {
		dirty = stringOrSvg;
		container = createSvgContainer(ownerDoc);
		} else {
		const closestSvg = sharedDom.ElementClosest(stringOrSvg, 'svg');
		container = closestSvg ? sharedDom.NodeClone(closestSvg, false) : createSvgContainer(ownerDoc);
		}

		sharedDom.NodeAppendChild(container, comment);
		@@ -259,2 +279,3 @@ const outerHTML = sharedDom.ElementOuterHTMLGetter(container);
		exports.sanitize = sanitize;
		exports.sanitizeDocument = sanitizeDocument;
		exports.sanitizeHrefAttributeHook = sanitizeHrefAttributeHook;
		@@ -266,2 +287,2 @@ exports.sanitizeSvgHrefValue = sanitizeSvgHrefValue;
		exports.svgSanitizer = svgSanitizer;
		/! version: 0.14.20 /
		/! version: 0.15.0 /

dist/index.js

		@@ -5,3 +5,3 @@ /*!
		import { ArrayConcat, ArrayFilter, ArrayIncludes, WeakMapCtor, WeakMapGet, MapForEach, WeakMapSet, MapCtor, SetCtor, StringStartsWith, StringReplace, SetHas, SetAdd, SetDelete, StringSplit, StringToLowerCase } from '@locker/shared';
		import { DocumentCreateElement, ElementInnerHTMLSetter, HTMLTemplateElementContentGetter, ElementInnerHTMLGetter, NodeNameGetter, DocumentGetElementById, NodeOwnerDocumentGetter, DocumentCreateComment, ElementClosest, NodeClone, DocumentCreateElementNS, NodeAppendChild, ElementOuterHTMLGetter, NodeFirstChildGetter, WindowSetInterval, XhrCtor, EventTargetAddEventListener, XhrStatusGetter, XhrResponseTextGetter, DocumentFragmentGetElementById, ElementSetAttribute, XhrOpen, XhrSend, HTMLAnchorElementHrefSetter, HTMLAnchorElementHrefGetter, HTMLAnchorElementProtocolGetter, ElementQuerySelector, WindowClearInterval, DocumentBodyGetter } from '@locker/shared-dom';
		import { DocumentCreateElement, ElementInnerHTMLSetter, HTMLTemplateElementContentGetter, ElementInnerHTMLGetter, ElementOuterHTMLGetter, DocumentDocumentElementGetter, DOMImplementationCreateDocument, DocumentImplementation, NAMESPACE_XHTML, NodeNameGetter, DocumentGetElementById, NodeOwnerDocumentGetter, DocumentCreateComment, DocumentCreateElementNS, NAMESPACE_SVG, ElementClosest, NodeClone, NodeAppendChild, NodeFirstChildGetter, WindowSetInterval, XhrCtor, EventTargetAddEventListener, XhrStatusGetter, XhrResponseTextGetter, DocumentFragmentGetElementById, ElementSetAttribute, XhrOpen, XhrSend, HTMLAnchorElementHrefSetter, HTMLAnchorElementHrefGetter, HTMLAnchorElementProtocolGetter, ElementQuerySelector, WindowClearInterval, DocumentBodyGetter } from '@locker/shared-dom';
		import DOMPurify from 'dompurify';
		@@ -183,2 +183,10 @@ const ariaAttributes = ['aria-activedescendant', 'aria-atomic', 'aria-autocomplete', 'aria-busy', 'aria-checked', 'aria-controls', 'aria-describedby', 'aria-disabled', 'aria-readonly', 'aria-dropeffect', 'aria-expanded', 'aria-flowto', 'aria-grabbed', 'aria-haspopup', 'aria-hidden', 'aria-disabled', 'aria-invalid', 'aria-label', 'aria-labelledby', 'aria-level', 'aria-live', 'aria-multiline', 'aria-multiselectable', 'aria-orientation', 'aria-owns', 'aria-posinset', 'aria-pressed', 'aria-readonly', 'aria-relevant', 'aria-required', 'aria-selected', 'aria-setsize', 'aria-sort', 'aria-valuemax', 'aria-valuemin', 'aria-valuenow', 'aria-valuetext', 'role', 'target'];
		return ElementInnerHTMLGetter(htmlTemplate);
		}

		function sanitizeDocument(doc) {
		const content = ElementOuterHTMLGetter(DocumentDocumentElementGetter(doc));
		const contentSanitized = sanitize(content);
		const newDoc = DOMImplementationCreateDocument(DocumentImplementation(doc), NAMESPACE_XHTML, 'html');
		ElementInnerHTMLSetter(DocumentDocumentElementGetter(newDoc), contentSanitized);
		return newDoc;
		} // Sanitize a URL representing a SVG href attribute value.
		@@ -221,7 +229,19 @@

		function sanitizeSvgInnerHtml(el, dirty) {
		const ownerDoc = NodeOwnerDocumentGetter(el);
		function createSvgContainer(ownerDoc) {
		return DocumentCreateElementNS(ownerDoc, NAMESPACE_SVG, 'svg');
		}

		function sanitizeSvgInnerHtml(stringOrSvg, dirty = '') {
		let container;
		const ownerDoc = typeof stringOrSvg === 'string' ? document : NodeOwnerDocumentGetter(stringOrSvg);
		const comment = DocumentCreateComment(ownerDoc, '');
		const closestSvg = ElementClosest(el, 'svg');
		const container = closestSvg ? NodeClone(closestSvg, false) : DocumentCreateElementNS(ownerDoc, 'http://www.w3.org/2000/svg', 'svg');

		if (typeof stringOrSvg === 'string') {
		dirty = stringOrSvg;
		container = createSvgContainer(ownerDoc);
		} else {
		const closestSvg = ElementClosest(stringOrSvg, 'svg');
		container = closestSvg ? NodeClone(closestSvg, false) : createSvgContainer(ownerDoc);
		}

		NodeAppendChild(container, comment);
		@@ -240,3 +260,3 @@ const outerHTML = ElementOuterHTMLGetter(container);

		export { config as CONFIG, blobSanitizer, sanitize, sanitizeHrefAttributeHook, sanitizeSvgHrefValue, sanitizeSvgInnerHtml, sanitizeSvgTextReturnDOM, sanitizer, svgSanitizer };
		/! version: 0.14.20 /
		export { config as CONFIG, blobSanitizer, sanitize, sanitizeDocument, sanitizeHrefAttributeHook, sanitizeSvgHrefValue, sanitizeSvgInnerHtml, sanitizeSvgTextReturnDOM, sanitizer, svgSanitizer };
		/! version: 0.15.0 /

package.json

		{
		"name": "@locker/html-sanitizer",
		"version": "0.14.20",
		"version": "0.15.0",
		"license": "Salesforce Developer Agreement",
		@@ -20,4 +20,4 @@ "author": "Salesforce UI Security Team",
		"dependencies": {
		"@locker/shared": "0.14.20",
		"@locker/shared-dom": "0.14.20",
		"@locker/shared": "0.15.0",
		"@locker/shared-dom": "0.15.0",
		"@types/dompurify": "2.2.2",
		@@ -30,3 +30,3 @@ "dompurify": "2.2.9"
		],
		"gitHead": "293789c383e41efa0b3f2a96e8330e61321e2956"
		"gitHead": "864a503d2d60e4bca4801ab4d7ddee1c588bcc91"
		}

types/index.d.ts

		@@ -8,7 +8,8 @@ import { SanitizeAttributeHookEvent } from 'dompurify';
		export declare function sanitize(dirty: string): string;
		export declare function sanitizeDocument(doc: Document): Document;
		export declare function sanitizeHrefAttributeHook(node: Node, data: SanitizeAttributeHookEvent): SanitizeAttributeHookEvent;
		export declare function sanitizeSvgHrefValue(url: string): string;
		export declare function sanitizeSvgInnerHtml(el: SVGElement, dirty: string): string;
		export declare function sanitizeSvgInnerHtml(stringOrSvg: string \| SVGElement, dirty?: string): string;
		export declare function sanitizeSvgTextReturnDOM(dirty: string): DocumentFragment;
		export * from './types';
		//# sourceMappingURL=index.d.ts.map

types/index.d.ts.map

Sorry, the diff of this file is not supported yet

@locker/html-sanitizer - npm Package Compare versions

Improved metrics

Dependency changes