diff options
author | Olivier Paroz <github@oparoz.com> | 2015-09-25 00:58:59 +0300 |
---|---|---|
committer | Olivier Paroz <github@oparoz.com> | 2015-09-25 01:00:02 +0300 |
commit | 29b699b6a3bc6543ef354e0e6d8d1746c9611a05 (patch) | |
tree | 5c945dfb874e6bd26f3a53704138ad9182aa70d6 /js/vendor/dompurify | |
parent | 15b1b5e9a9d78616903b2a7bc7c0819826e2cf77 (diff) |
Update DOMPurify to 0.7 which offers better cross-browser support
Diffstat (limited to 'js/vendor/dompurify')
-rw-r--r-- | js/vendor/dompurify/src/purify.js | 46 |
1 files changed, 34 insertions, 12 deletions
diff --git a/js/vendor/dompurify/src/purify.js b/js/vendor/dompurify/src/purify.js index 79f2df9f..9ab1db3d 100644 --- a/js/vendor/dompurify/src/purify.js +++ b/js/vendor/dompurify/src/purify.js @@ -21,7 +21,7 @@ * Version label, exposed for easier checks * if DOMPurify is up to date or not */ - DOMPurify.version = '0.6.7'; + DOMPurify.version = '0.7.0'; if (!window || !window.document || window.document.nodeType !== 9) { // not running in a browser, provide a factory function @@ -49,6 +49,7 @@ if (typeof HTMLTemplateElement === 'function') { document = document.createElement('template').content.ownerDocument; } + var implementation = document.implementation; var createNodeIterator = document.createNodeIterator; var getElementsByTagName = document.getElementsByTagName; var createDocumentFragment = document.createDocumentFragment; @@ -60,7 +61,8 @@ * Expose whether this browser supports running the full DOMPurify. */ DOMPurify.isSupported = - typeof DOMParser !== 'undefined' && document.documentMode !== 9; + typeof implementation.createHTMLDocument !== 'undefined' && + document.documentMode !== 9; /* Add properties to a lookup table */ var _addToSet = function(set, array) { @@ -301,13 +303,29 @@ * @return a DOM, filled with the dirty markup */ var _initDocument = function(dirty) { - /* Create a HTML document using DOMParser */ - var doc = new DOMParser().parseFromString(dirty, "text/html"); + var doc, body; + try { + doc = new DOMParser().parseFromString(dirty, "text/html"); + } catch (e) {} + + /* Some browsers throw, some browsers return null for the code above + DOMParser with text/html support is only in very recent browsers. */ + if (!doc){ + doc = implementation.createHTMLDocument(''); + body = doc.body; + body.parentNode.removeChild(body.parentNode.firstElementChild); + body.outerHTML = dirty; + } /* Work on whole document or just its body */ - return getElementsByTagName.call(doc, - WHOLE_DOCUMENT ? 'html' : 'body')[0]; + if (typeof doc.getElementsByTagName === 'function'){ + return doc.getElementsByTagName( + WHOLE_DOCUMENT ? 'html' : 'body')[0]; + } else { + return getElementsByTagName.call(doc, + WHOLE_DOCUMENT ? 'html' : 'body')[0]; + } }; /** @@ -422,12 +440,12 @@ if (!attributes) { return; } var hookEvent = { - attrName: '', - attrValue: '', - keepAttr: true - }, - l = attributes.length, - attr, name, value, lcName, idAttr; + attrName: '', + attrValue: '', + keepAttr: true + }; + var l = attributes.length; + var attr, name, value, lcName, idAttr; /* Go backwards over all attributes; safely remove bad ones */ while (l--) { @@ -562,6 +580,10 @@ * @param {Object} configuration object */ DOMPurify.sanitize = function(dirty, cfg) { + if (!dirty) { + dirty = ''; + } + /* Check we can run. Otherwise fall back or ignore */ if (!DOMPurify.isSupported) { if (typeof window.toStaticHTML === 'function' && typeof dirty === 'string') { |