diff options
author | Olivier Paroz <github@oparoz.com> | 2015-09-24 18:34:15 +0300 |
---|---|---|
committer | Olivier Paroz <github@oparoz.com> | 2015-09-24 18:34:15 +0300 |
commit | e317f88ca843a56e3f5ad3db1eaafa79ba3fa4c8 (patch) | |
tree | 7e25bd9594b54d1be2f8af111b647600821d60c7 | |
parent | b1c88d331d444efb540d862cb1c19df2de76f724 (diff) |
Update JS libraries
-rw-r--r-- | js/bower.json | 2 | ||||
-rw-r--r-- | js/vendor/dompurify/src/purify.js (renamed from js/vendor/dompurify/purify.js) | 24 | ||||
-rw-r--r-- | templates/part.content.php | 2 | ||||
-rw-r--r-- | templates/public.php | 2 |
4 files changed, 17 insertions, 13 deletions
diff --git a/js/bower.json b/js/bower.json index 9b8f9d96..79c6182d 100644 --- a/js/bower.json +++ b/js/bower.json @@ -18,7 +18,7 @@ "dependencies": { "eventsource-polyfill": "~0.*", "github-markdown-css": "~2.*", - "dompurify": "~0.6.5", + "dompurify": "~0.6.7", "commonmark": "~0.22.0" } } diff --git a/js/vendor/dompurify/purify.js b/js/vendor/dompurify/src/purify.js index 552eaafe..79f2df9f 100644 --- a/js/vendor/dompurify/purify.js +++ b/js/vendor/dompurify/src/purify.js @@ -21,7 +21,7 @@ * Version label, exposed for easier checks * if DOMPurify is up to date or not */ - DOMPurify.version = '0.6.5'; + DOMPurify.version = '0.6.7'; if (!window || !window.document || window.document.nodeType !== 9) { // not running in a browser, provide a factory function @@ -38,6 +38,7 @@ var NamedNodeMap = window.NamedNodeMap || window.MozNamedAttrMap; var Text = window.Text; var Comment = window.Comment; + var DOMParser = window.DOMParser; // As per issue #47, the web-components registry is inherited by a // new document created via createHTMLDocument. As per the spec @@ -48,7 +49,6 @@ if (typeof HTMLTemplateElement === 'function') { document = document.createElement('template').content.ownerDocument; } - var implementation = document.implementation; var createNodeIterator = document.createNodeIterator; var getElementsByTagName = document.getElementsByTagName; var createDocumentFragment = document.createDocumentFragment; @@ -60,8 +60,7 @@ * Expose whether this browser supports running the full DOMPurify. */ DOMPurify.isSupported = - typeof implementation.createHTMLDocument !== 'undefined' && - document.documentMode !== 9; + typeof DOMParser !== 'undefined' && document.documentMode !== 9; /* Add properties to a lookup table */ var _addToSet = function(set, array) { @@ -302,13 +301,9 @@ * @return a DOM, filled with the dirty markup */ var _initDocument = function(dirty) { - /* Create new document to parse markup to */ - var doc = implementation.createHTMLDocument(''); - /* Set content */ - var body = doc.body; - body.parentNode.removeChild(body.parentNode.firstElementChild); - body.outerHTML = dirty; + /* Create a HTML document using DOMParser */ + var doc = new DOMParser().parseFromString(dirty, "text/html"); /* Work on whole document or just its body */ return getElementsByTagName.call(doc, @@ -593,10 +588,17 @@ /* Get node iterator */ var currentNode; + var oldNode; var nodeIterator = _createIterator(body); /* Now start iterating over the created document */ while ( (currentNode = nodeIterator.nextNode()) ) { + + /* Fix IE's strange behavior with manipulated textNodes #89 */ + if (currentNode.nodeType === 3 && currentNode === oldNode) { + continue; + } + /* Sanitize tags and elements */ if (_sanitizeElements(currentNode)) { continue; @@ -609,6 +611,8 @@ /* Check attributes, sanitize if necessary */ _sanitizeAttributes(currentNode); + + oldNode = currentNode; } /* Return sanitized string or DOM */ diff --git a/templates/part.content.php b/templates/part.content.php index 5b829d23..05cab273 100644 --- a/templates/part.content.php +++ b/templates/part.content.php @@ -22,7 +22,7 @@ script( 'vendor/modified-eventsource-polyfill/eventsource-polyfill', 'eventsource', 'vendor/commonmark/dist/commonmark.min', - 'vendor/dompurify/purify', + 'vendor/dompurify/src/purify', 'vendor/bigshot/bigshot-compressed', 'slideshow', 'slideshowcontrols', diff --git a/templates/public.php b/templates/public.php index ea7e3d57..4d611c6c 100644 --- a/templates/public.php +++ b/templates/public.php @@ -22,7 +22,7 @@ script( 'vendor/modified-eventsource-polyfill/eventsource-polyfill', 'eventsource', 'vendor/commonmark/dist/commonmark.min', - 'vendor/dompurify/purify', + 'vendor/dompurify/src/purify', 'vendor/bigshot/bigshot-compressed', 'slideshow', 'slideshowcontrols', |