XhmikosR
GitHub
parent
c5d03d93fc
commit
8f2e678424
|
|
@ -69,11 +69,7 @@ class FocusTrap {
|
|||
const { target } = event
|
||||
const { trapElement } = this._config
|
||||
|
||||
if (
|
||||
target === document ||
|
||||
target === trapElement ||
|
||||
trapElement.contains(target)
|
||||
) {
|
||||
if (target === document || target === trapElement || trapElement.contains(target)) {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
* --------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
const uriAttrs = new Set([
|
||||
const uriAttributes = new Set([
|
||||
'background',
|
||||
'cite',
|
||||
'href',
|
||||
|
|
@ -32,22 +32,22 @@ const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^#&/:?]*(?:[#/?]|
|
|||
*/
|
||||
const DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[\d+/a-z]+=*$/i
|
||||
|
||||
const allowedAttribute = (attr, allowedAttributeList) => {
|
||||
const attrName = attr.nodeName.toLowerCase()
|
||||
const allowedAttribute = (attribute, allowedAttributeList) => {
|
||||
const attributeName = attribute.nodeName.toLowerCase()
|
||||
|
||||
if (allowedAttributeList.includes(attrName)) {
|
||||
if (uriAttrs.has(attrName)) {
|
||||
return Boolean(SAFE_URL_PATTERN.test(attr.nodeValue) || DATA_URL_PATTERN.test(attr.nodeValue))
|
||||
if (allowedAttributeList.includes(attributeName)) {
|
||||
if (uriAttributes.has(attributeName)) {
|
||||
return Boolean(SAFE_URL_PATTERN.test(attribute.nodeValue) || DATA_URL_PATTERN.test(attribute.nodeValue))
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
const regExp = allowedAttributeList.filter(attrRegex => attrRegex instanceof RegExp)
|
||||
const regExp = allowedAttributeList.filter(attributeRegex => attributeRegex instanceof RegExp)
|
||||
|
||||
// Check if a regular expression validates the attribute.
|
||||
for (let i = 0, len = regExp.length; i < len; i++) {
|
||||
if (regExp[i].test(attrName)) {
|
||||
if (regExp[i].test(attributeName)) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
|
@ -100,25 +100,24 @@ export function sanitizeHtml(unsafeHtml, allowList, sanitizeFn) {
|
|||
|
||||
const domParser = new window.DOMParser()
|
||||
const createdDocument = domParser.parseFromString(unsafeHtml, 'text/html')
|
||||
const allowlistKeys = Object.keys(allowList)
|
||||
const elements = [].concat(...createdDocument.body.querySelectorAll('*'))
|
||||
|
||||
for (let i = 0, len = elements.length; i < len; i++) {
|
||||
const el = elements[i]
|
||||
const elName = el.nodeName.toLowerCase()
|
||||
const element = elements[i]
|
||||
const elementName = element.nodeName.toLowerCase()
|
||||
|
||||
if (!allowlistKeys.includes(elName)) {
|
||||
el.remove()
|
||||
if (!Object.keys(allowList).includes(elementName)) {
|
||||
element.remove()
|
||||
|
||||
continue
|
||||
}
|
||||
|
||||
const attributeList = [].concat(...el.attributes)
|
||||
const allowedAttributes = [].concat(allowList['*'] || [], allowList[elName] || [])
|
||||
const attributeList = [].concat(...element.attributes)
|
||||
const allowedAttributes = [].concat(allowList['*'] || [], allowList[elementName] || [])
|
||||
|
||||
attributeList.forEach(attr => {
|
||||
if (!allowedAttribute(attr, allowedAttributes)) {
|
||||
el.removeAttribute(attr.nodeName)
|
||||
attributeList.forEach(attribute => {
|
||||
if (!allowedAttribute(attribute, allowedAttributes)) {
|
||||
element.removeAttribute(attribute.nodeName)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue