Comparing version 4.4.3 to 4.5.0
12
index.js
@@ -6,2 +6,4 @@ var document = require('global/document') | ||
var SVGNS = 'http://www.w3.org/2000/svg' | ||
var XLINKNS = 'http://www.w3.org/1999/xlink' | ||
var BOOL_PROPS = { | ||
@@ -63,5 +65,5 @@ autofocus: 1, | ||
var unload = props.onunload || function () {} | ||
onload(el, function bel_onload () { | ||
onload(el, function belOnload () { | ||
load(el) | ||
}, function bel_onunload () { | ||
}, function belOnunload () { | ||
unload(el) | ||
@@ -99,3 +101,7 @@ }, | ||
if (ns) { | ||
el.setAttributeNS(null, p, val) | ||
if (p === 'xlink:href') { | ||
el.setAttributeNS(XLINKNS, p, val) | ||
} else { | ||
el.setAttributeNS(null, p, val) | ||
} | ||
} else { | ||
@@ -102,0 +108,0 @@ el.setAttribute(p, val) |
{ | ||
"name": "bel", | ||
"version": "4.4.3", | ||
"version": "4.5.0", | ||
"description": "A simple extension to native elements", | ||
@@ -39,4 +39,4 @@ "main": "index.js", | ||
"electron-prebuilt": "^0.36.9", | ||
"morphdom": "^1.4.5", | ||
"standard": "^6.0.7", | ||
"morphdom": "^2.1.1", | ||
"standard": "^8.3.0", | ||
"tape": "^4.6.0", | ||
@@ -43,0 +43,0 @@ "testron": "^1.2.0", |
@@ -19,2 +19,15 @@ # [bel](https://en.wikipedia.org/wiki/Bel_(mythology)) | ||
## note | ||
Please use [yo-yoify](https://github.com/shama/yo-yoify) which will transform any `Function.caller` into plain strings until an alternative solution to identify element creators is implemented. | ||
yo-yoify can resolve the error like below: | ||
`TypeError: Function.caller used to retrieve strict caller` | ||
or | ||
`TypeError: access to strict mode caller function is censored` | ||
### A Simple Element | ||
@@ -136,2 +149,6 @@ | ||
## security | ||
bel sets attributes with `element.setAttribute()` and `element.setAttributeNS()`, and creates text nodes with `document.createTextNode()`. These approaches mitigate some [Cross-Site Scripting (XSS)](https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29) attacks. You should still code carefully every time you put content from users in the DOM. | ||
## similar projects | ||
@@ -138,0 +155,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
10636
132
175