Mercurial Hosting > sceditor

changeset 20:cf42d9b17c25

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
more
author Franklin Schmidt <fschmidt@gmail.com>
date Mon, 08 Aug 2022 18:17:55 -0600
parents 13df5ac9b34b
children 2edd68951454
files src/sceditor.js
diffstat 1 files changed, 43 insertions(+), 54 deletions(-) [+]
line wrap: on
line diff
--- a/src/sceditor.js	Mon Aug 08 16:50:22 2022 -0600
+++ b/src/sceditor.js	Mon Aug 08 18:17:55 2022 -0600
@@ -2,7 +2,6 @@
 	'use strict';
 
 	let baseUrl = document.currentScript.getAttribute('src').match(/.*\//)[0];
-	//console.log(baseUrl);
 
 	/**
 	 * Check if the passed argument is the
@@ -2731,7 +2730,8 @@
 		// START_COMMAND: Ltr
 		ltr: {
 			state: function (editor, parents, firstBlock) {
-				return firstBlock && firstBlock.style.direction === 'ltr';
+				//return firstBlock && firstBlock.style.direction === 'ltr';
+				return firstBlock && firstBlock.style && firstBlock.style.direction === 'ltr';
 			},
 			exec: function (editor) {
 				var	rangeHelper = editor.getRangeHelper(),
@@ -2759,7 +2759,8 @@
 		// START_COMMAND: Rtl
 		rtl: {
 			state: function (editor, parents, firstBlock) {
-				return firstBlock && firstBlock.style.direction === 'rtl';
+				//return firstBlock && firstBlock.style.direction === 'rtl';
+				return firstBlock && firstBlock.style && firstBlock.style.direction === 'rtl';
 			},
 			exec: function (editor) {
 				var	rangeHelper = editor.getRangeHelper(),
@@ -4137,18 +4138,6 @@
 	  };
 	}
 
-	var arrayForEach = unapply(Array.prototype.forEach);
-	var arrayPop = unapply(Array.prototype.pop);
-	var arrayPush = unapply(Array.prototype.push);
-
-	var stringToLowerCase = unapply(String.prototype.toLowerCase);
-	var stringMatch = unapply(String.prototype.match);
-	var stringReplace = unapply(String.prototype.replace);
-	var stringIndexOf = unapply(String.prototype.indexOf);
-	var stringTrim = unapply(String.prototype.trim);
-
-	var regExpTest = unapply(RegExp.prototype.test);
-
 	var typeErrorCreate = unconstruct(TypeError);
 
 	function unapply(func) {
@@ -4184,7 +4173,7 @@
 	  while (l--) {
 		var element = array[l];
 		if (typeof element === 'string') {
-		  var lcElement = stringToLowerCase(element);
+		  var lcElement = element.toLowerCase();
 		  if (lcElement !== element) {
 			// Config presets (e.g. tags.js, attrs.js) are immutable.
 			if (!isFrozen(array)) {
@@ -4368,12 +4357,12 @@
 		  trustedTypes = window.trustedTypes;
 
 
-	  var ElementPrototype = Element.prototype;
-
-	  var cloneNode = lookupGetter(ElementPrototype, 'cloneNode');
-	  var getNextSibling = lookupGetter(ElementPrototype, 'nextSibling');
-	  var getChildNodes = lookupGetter(ElementPrototype, 'childNodes');
-	  var getParentNode = lookupGetter(ElementPrototype, 'parentNode');
+		var ElementPrototype = Element.prototype;
+
+		var cloneNode = lookupGetter(ElementPrototype, 'cloneNode');
+		var getNextSibling = lookupGetter(ElementPrototype, 'nextSibling');
+		var getChildNodes = lookupGetter(ElementPrototype, 'childNodes');
+		var getParentNode = lookupGetter(ElementPrototype, 'parentNode');
 
 	  // As per issue #47, the web-components registry is inherited by a
 	  // new document created via createHTMLDocument. As per the spec
@@ -4391,7 +4380,7 @@
 	  var trustedTypesPolicy = _createTrustedTypesPolicy(trustedTypes, originalDocument);
 	  var emptyHTML = trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML('') : '';
 
-		var implementation = document.implementation,
+		var implementation = document.implementation;
 		//var importNode = originalDocument.importNode;
 
 
@@ -4677,8 +4666,8 @@
 		  };
 		}
 
-		var tagName = stringToLowerCase(element.tagName);
-		var parentTagName = stringToLowerCase(parent.tagName);
+		var tagName = element.tagName.toLowerCase();
+		var parentTagName = parent.tagName.toLowerCase();
 
 		if (element.namespaceURI === SVG_NAMESPACE) {
 		  // The only way to switch from HTML namespace to SVG
@@ -4754,7 +4743,7 @@
 	   * @param  {Node} node a DOM node
 	   */
 	  var _forceRemove = function _forceRemove(node) {
-		arrayPush(DOMPurify.removed, { element: node });
+		DOMPurify.removed.push({ element: node });
 		try {
 		  node.parentNode.removeChild(node);
 		} catch (_) {
@@ -4774,12 +4763,12 @@
 	   */
 	  var _removeAttribute = function _removeAttribute(name, node) {
 		try {
-		  arrayPush(DOMPurify.removed, {
+		  DOMPurify.removed.push({
 			attribute: node.getAttributeNode(name),
 			from: node
 		  });
 		} catch (_) {
-		  arrayPush(DOMPurify.removed, {
+		  DOMPurify.removed.push({
 			attribute: null,
 			from: node
 		  });
@@ -4803,7 +4792,7 @@
 		  dirty = '<remove></remove>' + dirty;
 		} else {
 		  /* If FORCE_BODY isn't used, leading whitespace needs to be preserved manually */
-		  var matches = stringMatch(dirty, /^[\r\n\t ]+/);
+		  var matches = dirty.match(/^[\r\n\t ]+/);
 		  leadingWhitespace = matches && matches[0];
 		}
 
@@ -4890,8 +4879,8 @@
 		  return;
 		}
 
-		arrayForEach(hooks[entryPoint], function (hook) {
-		  hook.call(DOMPurify, currentNode, data, CONFIG);
+		hooks[entryPoint].forEach(function (hook) {
+			hook.call(DOMPurify, currentNode, data, CONFIG);
 		});
 	  };
 
@@ -4918,13 +4907,13 @@
 		}
 
 		/* Check if tagname contains Unicode */
-		if (stringMatch(currentNode.nodeName, /[\u0080-\uFFFF]/)) {
+		if (currentNode.nodeName.match(/[\u0080-\uFFFF]/)) {
 		  _forceRemove(currentNode);
 		  return true;
 		}
 
 		/* Now let's check the element's type and name */
-		var tagName = stringToLowerCase(currentNode.nodeName);
+		var tagName = currentNode.nodeName.toLowerCase();
 
 		/* Execute a hook if present */
 		_executeHook('uponSanitizeElement', currentNode, {
@@ -4933,7 +4922,7 @@
 		});
 
 		/* Detect mXSS attempts abusing namespace confusion */
-		if (!_isNode(currentNode.firstElementChild) && (!_isNode(currentNode.content) || !_isNode(currentNode.content.firstElementChild)) && regExpTest(/<[/\w]/g, currentNode.innerHTML) && regExpTest(/<[/\w]/g, currentNode.textContent)) {
+		if (!_isNode(currentNode.firstElementChild) && (!_isNode(currentNode.content) || !_isNode(currentNode.content.firstElementChild)) && /<[/\w]/g.test(currentNode.innerHTML) && /<[/\w]/g.text(currentNode.textContent)) {
 		  _forceRemove(currentNode);
 		  return true;
 		}
@@ -4946,7 +4935,7 @@
 			var childNodes = getChildNodes(currentNode);
 			var childCount = childNodes.length;
 			for (var i = childCount - 1; i >= 0; --i) {
-			  parentNode.insertBefore(cloneNode(childNodes[i], true), getNextSibling(currentNode));
+				parentNode.insertBefore(cloneNode(childNodes[i], true), getNextSibling(currentNode));
 			}
 		  }
 
@@ -4960,7 +4949,7 @@
 		  return true;
 		}
 
-		if ((tagName === 'noscript' || tagName === 'noembed') && regExpTest(/<\/no(script|embed)/i, currentNode.innerHTML)) {
+		if ((tagName === 'noscript' || tagName === 'noembed') && /<\/no(script|embed)/i.test(currentNode.innerHTML)) {
 		  _forceRemove(currentNode);
 		  return true;
 		}
@@ -4969,10 +4958,10 @@
 		if (SAFE_FOR_TEMPLATES && currentNode.nodeType === 3) {
 		  /* Get the element's text content */
 		  content = currentNode.textContent;
-		  content = stringReplace(content, MUSTACHE_EXPR$$1, ' ');
-		  content = stringReplace(content, ERB_EXPR$$1, ' ');
+		  content = content.replace(MUSTACHE_EXPR$$1, ' ');
+		  content = content.replace(ERB_EXPR$$1, ' ');
 		  if (currentNode.textContent !== content) {
-			arrayPush(DOMPurify.removed, { element: currentNode.cloneNode() });
+			DOMPurify.removed.push({ element: currentNode.cloneNode() });
 			currentNode.textContent = content;
 		  }
 		}
@@ -5002,11 +4991,11 @@
 			(https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)
 			XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804)
 			We don't need to check the value; it's always URI safe. */
-		if (ALLOW_DATA_ATTR && regExpTest(DATA_ATTR$$1, lcName)) ; else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR$$1, lcName)) ; else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) {
+		if (ALLOW_DATA_ATTR && DATA_ATTR$$1.test(lcName)) ; else if (ALLOW_ARIA_ATTR && ARIA_ATTR$$1.test(lcName)) ; else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) {
 		  return false;
 
 		  /* Check value is safe. First, is attr inert? If so, is safe */
-		} else if (URI_SAFE_ATTRIBUTES[lcName]) ; else if (regExpTest(IS_ALLOWED_URI$$1, stringReplace(value, ATTR_WHITESPACE$$1, ''))) ; else if ((lcName === 'src' || lcName === 'xlink:href' || lcName === 'href') && lcTag !== 'script' && stringIndexOf(value, 'data:') === 0 && DATA_URI_TAGS[lcTag]) ; else if (ALLOW_UNKNOWN_PROTOCOLS && !regExpTest(IS_SCRIPT_OR_DATA$$1, stringReplace(value, ATTR_WHITESPACE$$1, ''))) ; else if (!value) ; else {
+		} else if (URI_SAFE_ATTRIBUTES[lcName]) ; else if (IS_ALLOWED_URI$$1.test(value.replace(ATTR_WHITESPACE$$1, ''))) ; else if ((lcName === 'src' || lcName === 'xlink:href' || lcName === 'href') && lcTag !== 'script' && value.indexOf('data:') === 0 && DATA_URI_TAGS[lcTag]) ; else if (ALLOW_UNKNOWN_PROTOCOLS && !IS_SCRIPT_OR_DATA$$1.test(value.replace(ATTR_WHITESPACE$$1, ''))) ; else if (!value) ; else {
 		  return false;
 		}
 
@@ -5054,8 +5043,8 @@
 			  name = _attr.name,
 			  namespaceURI = _attr.namespaceURI;
 
-		  value = stringTrim(attr.value);
-		  lcName = stringToLowerCase(name);
+		  value = attr.value.trim();
+		  lcName = name.toLowerCase(name);
 
 		  /* Execute a hook if present */
 		  hookEvent.attrName = lcName;
@@ -5078,15 +5067,15 @@
 		  }
 
 		  /* Work around a security issue in jQuery 3.0 */
-		  if (regExpTest(/\/>/i, value)) {
+		  if (/\/>/i.test(value)) {
 			_removeAttribute(name, currentNode);
 			continue;
 		  }
 
 		  /* Sanitize attribute content to be template-safe */
 		  if (SAFE_FOR_TEMPLATES) {
-			value = stringReplace(value, MUSTACHE_EXPR$$1, ' ');
-			value = stringReplace(value, ERB_EXPR$$1, ' ');
+			value = value.replace(MUSTACHE_EXPR$$1, ' ');
+			value = value.replace(ERB_EXPR$$1, ' ');
 		  }
 
 		  /* Is `value` valid for this attribute? */
@@ -5104,7 +5093,7 @@
 			  currentNode.setAttribute(name, value);
 			}
 
-			arrayPop(DOMPurify.removed);
+			DOMPurify.removed.pop();
 		  } catch (_) {}
 		}
 
@@ -5312,8 +5301,8 @@
 
 		/* Sanitize final string template-safe */
 		if (SAFE_FOR_TEMPLATES) {
-		  serializedHTML = stringReplace(serializedHTML, MUSTACHE_EXPR$$1, ' ');
-		  serializedHTML = stringReplace(serializedHTML, ERB_EXPR$$1, ' ');
+		  serializedHTML = serializedHTML.replace(MUSTACHE_EXPR$$1, ' ');
+		  serializedHTML = serializedHTML.replace(ERB_EXPR$$1, ' ');
 		}
 
 		return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(serializedHTML) : serializedHTML;
@@ -5356,8 +5345,8 @@
 		  _parseConfig({});
 		}
 
-		var lcTag = stringToLowerCase(tag);
-		var lcName = stringToLowerCase(attr);
+		var lcTag = tag.toLowerCase();
+		var lcName = attr.toLowerCase();
 		return _isValidAttribute(lcTag, lcName, value);
 	  };
 
@@ -5374,7 +5363,7 @@
 		}
 
 		hooks[entryPoint] = hooks[entryPoint] || [];
-		arrayPush(hooks[entryPoint], hookFunction);
+		hooks[entryPoint].push(hookFunction);
 	  };
 
 	  /**
@@ -5386,7 +5375,7 @@
 	   */
 	  DOMPurify.removeHook = function (entryPoint) {
 		if (hooks[entryPoint]) {
-		  arrayPop(hooks[entryPoint]);
+		  hooks[entryPoint].pop();
 		}
 	  };
 
@@ -8038,7 +8027,7 @@
 
 			if (eventHandlers[name]) {
 				eventHandlers[name].forEach(function (fn) {
-					fn.call(base, e);
+					fn(base, e);  // removed call, untested
 				});
 			}
 		};