Mercurial Hosting > sceditor
diff src/sceditor.js @ 20:cf42d9b17c25
more
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Mon, 08 Aug 2022 18:17:55 -0600 |
parents | 13df5ac9b34b |
children | 2edd68951454 |
line wrap: on
line diff
--- a/src/sceditor.js Mon Aug 08 16:50:22 2022 -0600 +++ b/src/sceditor.js Mon Aug 08 18:17:55 2022 -0600 @@ -2,7 +2,6 @@ 'use strict'; let baseUrl = document.currentScript.getAttribute('src').match(/.*\//)[0]; - //console.log(baseUrl); /** * Check if the passed argument is the @@ -2731,7 +2730,8 @@ // START_COMMAND: Ltr ltr: { state: function (editor, parents, firstBlock) { - return firstBlock && firstBlock.style.direction === 'ltr'; + //return firstBlock && firstBlock.style.direction === 'ltr'; + return firstBlock && firstBlock.style && firstBlock.style.direction === 'ltr'; }, exec: function (editor) { var rangeHelper = editor.getRangeHelper(), @@ -2759,7 +2759,8 @@ // START_COMMAND: Rtl rtl: { state: function (editor, parents, firstBlock) { - return firstBlock && firstBlock.style.direction === 'rtl'; + //return firstBlock && firstBlock.style.direction === 'rtl'; + return firstBlock && firstBlock.style && firstBlock.style.direction === 'rtl'; }, exec: function (editor) { var rangeHelper = editor.getRangeHelper(), @@ -4137,18 +4138,6 @@ }; } - var arrayForEach = unapply(Array.prototype.forEach); - var arrayPop = unapply(Array.prototype.pop); - var arrayPush = unapply(Array.prototype.push); - - var stringToLowerCase = unapply(String.prototype.toLowerCase); - var stringMatch = unapply(String.prototype.match); - var stringReplace = unapply(String.prototype.replace); - var stringIndexOf = unapply(String.prototype.indexOf); - var stringTrim = unapply(String.prototype.trim); - - var regExpTest = unapply(RegExp.prototype.test); - var typeErrorCreate = unconstruct(TypeError); function unapply(func) { @@ -4184,7 +4173,7 @@ while (l--) { var element = array[l]; if (typeof element === 'string') { - var lcElement = stringToLowerCase(element); + var lcElement = element.toLowerCase(); if (lcElement !== element) { // Config presets (e.g. tags.js, attrs.js) are immutable. if (!isFrozen(array)) { @@ -4368,12 +4357,12 @@ trustedTypes = window.trustedTypes; - var ElementPrototype = Element.prototype; - - var cloneNode = lookupGetter(ElementPrototype, 'cloneNode'); - var getNextSibling = lookupGetter(ElementPrototype, 'nextSibling'); - var getChildNodes = lookupGetter(ElementPrototype, 'childNodes'); - var getParentNode = lookupGetter(ElementPrototype, 'parentNode'); + var ElementPrototype = Element.prototype; + + var cloneNode = lookupGetter(ElementPrototype, 'cloneNode'); + var getNextSibling = lookupGetter(ElementPrototype, 'nextSibling'); + var getChildNodes = lookupGetter(ElementPrototype, 'childNodes'); + var getParentNode = lookupGetter(ElementPrototype, 'parentNode'); // As per issue #47, the web-components registry is inherited by a // new document created via createHTMLDocument. As per the spec @@ -4391,7 +4380,7 @@ var trustedTypesPolicy = _createTrustedTypesPolicy(trustedTypes, originalDocument); var emptyHTML = trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML('') : ''; - var implementation = document.implementation, + var implementation = document.implementation; //var importNode = originalDocument.importNode; @@ -4677,8 +4666,8 @@ }; } - var tagName = stringToLowerCase(element.tagName); - var parentTagName = stringToLowerCase(parent.tagName); + var tagName = element.tagName.toLowerCase(); + var parentTagName = parent.tagName.toLowerCase(); if (element.namespaceURI === SVG_NAMESPACE) { // The only way to switch from HTML namespace to SVG @@ -4754,7 +4743,7 @@ * @param {Node} node a DOM node */ var _forceRemove = function _forceRemove(node) { - arrayPush(DOMPurify.removed, { element: node }); + DOMPurify.removed.push({ element: node }); try { node.parentNode.removeChild(node); } catch (_) { @@ -4774,12 +4763,12 @@ */ var _removeAttribute = function _removeAttribute(name, node) { try { - arrayPush(DOMPurify.removed, { + DOMPurify.removed.push({ attribute: node.getAttributeNode(name), from: node }); } catch (_) { - arrayPush(DOMPurify.removed, { + DOMPurify.removed.push({ attribute: null, from: node }); @@ -4803,7 +4792,7 @@ dirty = '<remove></remove>' + dirty; } else { /* If FORCE_BODY isn't used, leading whitespace needs to be preserved manually */ - var matches = stringMatch(dirty, /^[\r\n\t ]+/); + var matches = dirty.match(/^[\r\n\t ]+/); leadingWhitespace = matches && matches[0]; } @@ -4890,8 +4879,8 @@ return; } - arrayForEach(hooks[entryPoint], function (hook) { - hook.call(DOMPurify, currentNode, data, CONFIG); + hooks[entryPoint].forEach(function (hook) { + hook.call(DOMPurify, currentNode, data, CONFIG); }); }; @@ -4918,13 +4907,13 @@ } /* Check if tagname contains Unicode */ - if (stringMatch(currentNode.nodeName, /[\u0080-\uFFFF]/)) { + if (currentNode.nodeName.match(/[\u0080-\uFFFF]/)) { _forceRemove(currentNode); return true; } /* Now let's check the element's type and name */ - var tagName = stringToLowerCase(currentNode.nodeName); + var tagName = currentNode.nodeName.toLowerCase(); /* Execute a hook if present */ _executeHook('uponSanitizeElement', currentNode, { @@ -4933,7 +4922,7 @@ }); /* Detect mXSS attempts abusing namespace confusion */ - if (!_isNode(currentNode.firstElementChild) && (!_isNode(currentNode.content) || !_isNode(currentNode.content.firstElementChild)) && regExpTest(/<[/\w]/g, currentNode.innerHTML) && regExpTest(/<[/\w]/g, currentNode.textContent)) { + if (!_isNode(currentNode.firstElementChild) && (!_isNode(currentNode.content) || !_isNode(currentNode.content.firstElementChild)) && /<[/\w]/g.test(currentNode.innerHTML) && /<[/\w]/g.text(currentNode.textContent)) { _forceRemove(currentNode); return true; } @@ -4946,7 +4935,7 @@ var childNodes = getChildNodes(currentNode); var childCount = childNodes.length; for (var i = childCount - 1; i >= 0; --i) { - parentNode.insertBefore(cloneNode(childNodes[i], true), getNextSibling(currentNode)); + parentNode.insertBefore(cloneNode(childNodes[i], true), getNextSibling(currentNode)); } } @@ -4960,7 +4949,7 @@ return true; } - if ((tagName === 'noscript' || tagName === 'noembed') && regExpTest(/<\/no(script|embed)/i, currentNode.innerHTML)) { + if ((tagName === 'noscript' || tagName === 'noembed') && /<\/no(script|embed)/i.test(currentNode.innerHTML)) { _forceRemove(currentNode); return true; } @@ -4969,10 +4958,10 @@ if (SAFE_FOR_TEMPLATES && currentNode.nodeType === 3) { /* Get the element's text content */ content = currentNode.textContent; - content = stringReplace(content, MUSTACHE_EXPR$$1, ' '); - content = stringReplace(content, ERB_EXPR$$1, ' '); + content = content.replace(MUSTACHE_EXPR$$1, ' '); + content = content.replace(ERB_EXPR$$1, ' '); if (currentNode.textContent !== content) { - arrayPush(DOMPurify.removed, { element: currentNode.cloneNode() }); + DOMPurify.removed.push({ element: currentNode.cloneNode() }); currentNode.textContent = content; } } @@ -5002,11 +4991,11 @@ (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes) XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804) We don't need to check the value; it's always URI safe. */ - if (ALLOW_DATA_ATTR && regExpTest(DATA_ATTR$$1, lcName)) ; else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR$$1, lcName)) ; else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) { + if (ALLOW_DATA_ATTR && DATA_ATTR$$1.test(lcName)) ; else if (ALLOW_ARIA_ATTR && ARIA_ATTR$$1.test(lcName)) ; else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) { return false; /* Check value is safe. First, is attr inert? If so, is safe */ - } else if (URI_SAFE_ATTRIBUTES[lcName]) ; else if (regExpTest(IS_ALLOWED_URI$$1, stringReplace(value, ATTR_WHITESPACE$$1, ''))) ; else if ((lcName === 'src' || lcName === 'xlink:href' || lcName === 'href') && lcTag !== 'script' && stringIndexOf(value, 'data:') === 0 && DATA_URI_TAGS[lcTag]) ; else if (ALLOW_UNKNOWN_PROTOCOLS && !regExpTest(IS_SCRIPT_OR_DATA$$1, stringReplace(value, ATTR_WHITESPACE$$1, ''))) ; else if (!value) ; else { + } else if (URI_SAFE_ATTRIBUTES[lcName]) ; else if (IS_ALLOWED_URI$$1.test(value.replace(ATTR_WHITESPACE$$1, ''))) ; else if ((lcName === 'src' || lcName === 'xlink:href' || lcName === 'href') && lcTag !== 'script' && value.indexOf('data:') === 0 && DATA_URI_TAGS[lcTag]) ; else if (ALLOW_UNKNOWN_PROTOCOLS && !IS_SCRIPT_OR_DATA$$1.test(value.replace(ATTR_WHITESPACE$$1, ''))) ; else if (!value) ; else { return false; } @@ -5054,8 +5043,8 @@ name = _attr.name, namespaceURI = _attr.namespaceURI; - value = stringTrim(attr.value); - lcName = stringToLowerCase(name); + value = attr.value.trim(); + lcName = name.toLowerCase(name); /* Execute a hook if present */ hookEvent.attrName = lcName; @@ -5078,15 +5067,15 @@ } /* Work around a security issue in jQuery 3.0 */ - if (regExpTest(/\/>/i, value)) { + if (/\/>/i.test(value)) { _removeAttribute(name, currentNode); continue; } /* Sanitize attribute content to be template-safe */ if (SAFE_FOR_TEMPLATES) { - value = stringReplace(value, MUSTACHE_EXPR$$1, ' '); - value = stringReplace(value, ERB_EXPR$$1, ' '); + value = value.replace(MUSTACHE_EXPR$$1, ' '); + value = value.replace(ERB_EXPR$$1, ' '); } /* Is `value` valid for this attribute? */ @@ -5104,7 +5093,7 @@ currentNode.setAttribute(name, value); } - arrayPop(DOMPurify.removed); + DOMPurify.removed.pop(); } catch (_) {} } @@ -5312,8 +5301,8 @@ /* Sanitize final string template-safe */ if (SAFE_FOR_TEMPLATES) { - serializedHTML = stringReplace(serializedHTML, MUSTACHE_EXPR$$1, ' '); - serializedHTML = stringReplace(serializedHTML, ERB_EXPR$$1, ' '); + serializedHTML = serializedHTML.replace(MUSTACHE_EXPR$$1, ' '); + serializedHTML = serializedHTML.replace(ERB_EXPR$$1, ' '); } return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(serializedHTML) : serializedHTML; @@ -5356,8 +5345,8 @@ _parseConfig({}); } - var lcTag = stringToLowerCase(tag); - var lcName = stringToLowerCase(attr); + var lcTag = tag.toLowerCase(); + var lcName = attr.toLowerCase(); return _isValidAttribute(lcTag, lcName, value); }; @@ -5374,7 +5363,7 @@ } hooks[entryPoint] = hooks[entryPoint] || []; - arrayPush(hooks[entryPoint], hookFunction); + hooks[entryPoint].push(hookFunction); }; /** @@ -5386,7 +5375,7 @@ */ DOMPurify.removeHook = function (entryPoint) { if (hooks[entryPoint]) { - arrayPop(hooks[entryPoint]); + hooks[entryPoint].pop(); } }; @@ -8038,7 +8027,7 @@ if (eventHandlers[name]) { eventHandlers[name].forEach(function (fn) { - fn.call(base, e); + fn(base, e); // removed call, untested }); } };