mobiledoc-dom-renderer - npm Package Compare versions

Comparing version 0.7.1 to 0.7.2

dist/amd/mobiledoc-dom-renderer.js

@@ -1138,6 +1138,6 @@ define('mobiledoc-dom-renderer/cards/image', ['exports', 'mobiledoc-dom-renderer/utils/render-type'], function (exports, _mobiledocDomRendererUtilsRenderType) {
 
-  var PROTOCOL_REGEXP = /^([a-z0-9.+-]+:)/i;
+  var PROTOCOL_REGEXP = /.+:/i;
 
-  var badProtocols = ['javascript:', // jshint ignore:line
-  'vbscript:' // jshint ignore:line
+  var badProtocols = ['javascript', // jshint ignore:line
+  'vbscript' // jshint ignore:line
   ];
@@ -1147,3 +1147,3 @@
     var matches = url && url.match(PROTOCOL_REGEXP);
-    var protocol = matches && matches[0] || ':';
+    var protocol = matches && matches[0] && matches[0].split(':')[0] || '';
     return protocol;
@@ -1153,3 +1153,3 @@ }
   function sanitizeHref(url) {
-    var protocol = getProtocol(url).toLowerCase();
+    var protocol = getProtocol(url).toLowerCase().replace(/ /g, '');
     if ((0, _mobiledocDomRendererUtilsArrayUtils.includes)(badProtocols, protocol)) {
@@ -1156,0 +1156,0 @@ return 'unsafe:' + url;

dist/commonjs/mobiledoc-dom-renderer/utils/sanitization-utils.js

@@ -8,6 +8,6 @@ 'use strict';
 
-var PROTOCOL_REGEXP = /^([a-z0-9.+-]+:)/i;
+var PROTOCOL_REGEXP = /.+:/i;
 
-var badProtocols = ['javascript:', // jshint ignore:line
-'vbscript:' // jshint ignore:line
+var badProtocols = ['javascript', // jshint ignore:line
+'vbscript' // jshint ignore:line
 ];
@@ -17,3 +17,3 @@
   var matches = url && url.match(PROTOCOL_REGEXP);
-  var protocol = matches && matches[0] || ':';
+  var protocol = matches && matches[0] && matches[0].split(':')[0] || '';
   return protocol;
@@ -23,3 +23,3 @@ }
 function sanitizeHref(url) {
-  var protocol = getProtocol(url).toLowerCase();
+  var protocol = getProtocol(url).toLowerCase().replace(/ /g, '');
   if ((0, _arrayUtils.includes)(badProtocols, protocol)) {
@@ -26,0 +26,0 @@ return 'unsafe:' + url;

dist/global/mobiledoc-dom-renderer.js

@@ -1358,6 +1358,6 @@ ;(function() {
 
-  var PROTOCOL_REGEXP = /^([a-z0-9.+-]+:)/i;
+  var PROTOCOL_REGEXP = /.+:/i;
 
-  var badProtocols = ['javascript:', // jshint ignore:line
-  'vbscript:' // jshint ignore:line
+  var badProtocols = ['javascript', // jshint ignore:line
+  'vbscript' // jshint ignore:line
   ];
@@ -1367,3 +1367,3 @@
     var matches = url && url.match(PROTOCOL_REGEXP);
-    var protocol = matches && matches[0] || ':';
+    var protocol = matches && matches[0] && matches[0].split(':')[0] || '';
     return protocol;
@@ -1373,3 +1373,3 @@ }
   function sanitizeHref(url) {
-    var protocol = getProtocol(url).toLowerCase();
+    var protocol = getProtocol(url).toLowerCase().replace(/ /g, '');
     if ((0, _mobiledocDomRendererUtilsArrayUtils.includes)(badProtocols, protocol)) {
@@ -1376,0 +1376,0 @@ return 'unsafe:' + url;

lib/utils/sanitization-utils.js

 import { includes } from './array-utils';
 
-const PROTOCOL_REGEXP = /^([a-z0-9.+-]+:)/i;
+const PROTOCOL_REGEXP = /.+:/i;
 
 const badProtocols = [
-  'javascript:', // jshint ignore:line
-  'vbscript:' // jshint ignore:line
+  'javascript', // jshint ignore:line
+  'vbscript' // jshint ignore:line
 ];
@@ -12,3 +12,3 @@
   let matches = url && url.match(PROTOCOL_REGEXP);
-  let protocol = (matches && matches[0]) || ':';
+  let protocol = matches && matches[0] && matches[0].split(':')[0] || '';
   return protocol;
@@ -18,3 +18,3 @@ }
 export function sanitizeHref(url) {
-  let protocol = getProtocol(url).toLowerCase();
+  let protocol = getProtocol(url).toLowerCase().replace(/ /g, '');
   if (includes(badProtocols, protocol)) {
@@ -21,0 +21,0 @@ return `unsafe:${url}`;

package.json

 {
   "name": "mobiledoc-dom-renderer",
-  "version": "0.7.1",
+  "version": "0.7.2",
   "description": "Renders Mobiledoc input to DOM output",
@@ -5,0 +5,0 @@ "license": "MIT",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

489756

increased by0.07%

Lines of code

10190

increased by0.03%

No dependency changes