rake update[v4.3.1]

author: Gleb Mazovetskiy <glex.spb@gmail.com> 2019-02-13 21:51:58 +0300
committer: Gleb Mazovetskiy <glex.spb@gmail.com> 2019-02-13 21:51:58 +0300
commit: a63d04c96d14e42492ccdba1d7f3d6ec1af022a9 (patch)
tree: 135aa1e7bb40a8fb021d9bf04aef230cae65bead /assets/javascripts/bootstrap
parent: abf9232f33f4d86aa3cc8f2d5631ea3bcdedca1e (diff)
12 files changed, 178 insertions, 31 deletions
diff --git a/assets/javascripts/bootstrap/alert.js b/assets/javascripts/bootstrap/alert.js
index 7415327..ce53097 100644
--- a/assets/javascripts/bootstrap/alert.js
+++ b/assets/javascripts/bootstrap/alert.js
@@ -1,5 +1,5 @@
 /*!
-  * Bootstrap alert.js v4.3.0 (https://getbootstrap.com/)
+  * Bootstrap alert.js v4.3.1 (https://getbootstrap.com/)
   * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)
   * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
   */
@@ -35,7 +35,7 @@
    */
 
   var NAME = 'alert';
-  var VERSION = '4.3.0';
+  var VERSION = '4.3.1';
   var DATA_KEY = 'bs.alert';
   var EVENT_KEY = "." + DATA_KEY;
   var DATA_API_KEY = '.data-api';
diff --git a/assets/javascripts/bootstrap/button.js b/assets/javascripts/bootstrap/button.js
index e906cd8..0c83026 100644
--- a/assets/javascripts/bootstrap/button.js
+++ b/assets/javascripts/bootstrap/button.js
@@ -1,5 +1,5 @@
 /*!
-  * Bootstrap button.js v4.3.0 (https://getbootstrap.com/)
+  * Bootstrap button.js v4.3.1 (https://getbootstrap.com/)
   * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)
   * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
   */
@@ -34,7 +34,7 @@
    */
 
   var NAME = 'button';
-  var VERSION = '4.3.0';
+  var VERSION = '4.3.1';
   var DATA_KEY = 'bs.button';
   var EVENT_KEY = "." + DATA_KEY;
   var DATA_API_KEY = '.data-api';
diff --git a/assets/javascripts/bootstrap/carousel.js b/assets/javascripts/bootstrap/carousel.js
index f74f819..4ceb87a 100644
--- a/assets/javascripts/bootstrap/carousel.js
+++ b/assets/javascripts/bootstrap/carousel.js
@@ -1,5 +1,5 @@
 /*!
-  * Bootstrap carousel.js v4.3.0 (https://getbootstrap.com/)
+  * Bootstrap carousel.js v4.3.1 (https://getbootstrap.com/)
   * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)
   * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
   */
@@ -69,7 +69,7 @@
    */
 
   var NAME = 'carousel';
-  var VERSION = '4.3.0';
+  var VERSION = '4.3.1';
   var DATA_KEY = 'bs.carousel';
   var EVENT_KEY = "." + DATA_KEY;
   var DATA_API_KEY = '.data-api';
diff --git a/assets/javascripts/bootstrap/collapse.js b/assets/javascripts/bootstrap/collapse.js
index f5a9356..da00868 100644
--- a/assets/javascripts/bootstrap/collapse.js
+++ b/assets/javascripts/bootstrap/collapse.js
@@ -1,5 +1,5 @@
 /*!
-  * Bootstrap collapse.js v4.3.0 (https://getbootstrap.com/)
+  * Bootstrap collapse.js v4.3.1 (https://getbootstrap.com/)
   * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)
   * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
   */
@@ -69,7 +69,7 @@
    */
 
   var NAME = 'collapse';
-  var VERSION = '4.3.0';
+  var VERSION = '4.3.1';
   var DATA_KEY = 'bs.collapse';
   var EVENT_KEY = "." + DATA_KEY;
   var DATA_API_KEY = '.data-api';
diff --git a/assets/javascripts/bootstrap/dropdown.js b/assets/javascripts/bootstrap/dropdown.js
index 08c8e51..2d011d7 100644
--- a/assets/javascripts/bootstrap/dropdown.js
+++ b/assets/javascripts/bootstrap/dropdown.js
@@ -1,5 +1,5 @@
 /*!
-  * Bootstrap dropdown.js v4.3.0 (https://getbootstrap.com/)
+  * Bootstrap dropdown.js v4.3.1 (https://getbootstrap.com/)
   * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)
   * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
   */
@@ -70,7 +70,7 @@
    */
 
   var NAME = 'dropdown';
-  var VERSION = '4.3.0';
+  var VERSION = '4.3.1';
   var DATA_KEY = 'bs.dropdown';
   var EVENT_KEY = "." + DATA_KEY;
   var DATA_API_KEY = '.data-api';
diff --git a/assets/javascripts/bootstrap/modal.js b/assets/javascripts/bootstrap/modal.js
index da13eb2..da25fa1 100644
--- a/assets/javascripts/bootstrap/modal.js
+++ b/assets/javascripts/bootstrap/modal.js
@@ -1,5 +1,5 @@
 /*!
-  * Bootstrap modal.js v4.3.0 (https://getbootstrap.com/)
+  * Bootstrap modal.js v4.3.1 (https://getbootstrap.com/)
   * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)
   * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
   */
@@ -69,7 +69,7 @@
    */
 
   var NAME = 'modal';
-  var VERSION = '4.3.0';
+  var VERSION = '4.3.1';
   var DATA_KEY = 'bs.modal';
   var EVENT_KEY = "." + DATA_KEY;
   var DATA_API_KEY = '.data-api';
diff --git a/assets/javascripts/bootstrap/popover.js b/assets/javascripts/bootstrap/popover.js
index 19f2e25..2d7023d 100644
--- a/assets/javascripts/bootstrap/popover.js
+++ b/assets/javascripts/bootstrap/popover.js
@@ -1,5 +1,5 @@
 /*!
-  * Bootstrap popover.js v4.3.0 (https://getbootstrap.com/)
+  * Bootstrap popover.js v4.3.1 (https://getbootstrap.com/)
   * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)
   * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
   */
@@ -75,7 +75,7 @@
    */
 
   var NAME = 'popover';
-  var VERSION = '4.3.0';
+  var VERSION = '4.3.1';
   var DATA_KEY = 'bs.popover';
   var EVENT_KEY = "." + DATA_KEY;
   var JQUERY_NO_CONFLICT = $.fn[NAME];
diff --git a/assets/javascripts/bootstrap/scrollspy.js b/assets/javascripts/bootstrap/scrollspy.js
index 6658d12..782989a 100644
--- a/assets/javascripts/bootstrap/scrollspy.js
+++ b/assets/javascripts/bootstrap/scrollspy.js
@@ -1,5 +1,5 @@
 /*!
-  * Bootstrap scrollspy.js v4.3.0 (https://getbootstrap.com/)
+  * Bootstrap scrollspy.js v4.3.1 (https://getbootstrap.com/)
   * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)
   * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
   */
@@ -69,7 +69,7 @@
    */
 
   var NAME = 'scrollspy';
-  var VERSION = '4.3.0';
+  var VERSION = '4.3.1';
   var DATA_KEY = 'bs.scrollspy';
   var EVENT_KEY = "." + DATA_KEY;
   var DATA_API_KEY = '.data-api';
diff --git a/assets/javascripts/bootstrap/tab.js b/assets/javascripts/bootstrap/tab.js
index 3b23bcc..0943521 100644
--- a/assets/javascripts/bootstrap/tab.js
+++ b/assets/javascripts/bootstrap/tab.js
@@ -1,5 +1,5 @@
 /*!
-  * Bootstrap tab.js v4.3.0 (https://getbootstrap.com/)
+  * Bootstrap tab.js v4.3.1 (https://getbootstrap.com/)
   * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)
   * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
   */
@@ -35,7 +35,7 @@
    */
 
   var NAME = 'tab';
-  var VERSION = '4.3.0';
+  var VERSION = '4.3.1';
   var DATA_KEY = 'bs.tab';
   var EVENT_KEY = "." + DATA_KEY;
   var DATA_API_KEY = '.data-api';
diff --git a/assets/javascripts/bootstrap/toast.js b/assets/javascripts/bootstrap/toast.js
index 9c268a9..bf805f4 100644
--- a/assets/javascripts/bootstrap/toast.js
+++ b/assets/javascripts/bootstrap/toast.js
@@ -1,5 +1,5 @@
 /*!
-  * Bootstrap toast.js v4.3.0 (https://getbootstrap.com/)
+  * Bootstrap toast.js v4.3.1 (https://getbootstrap.com/)
   * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)
   * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
   */
@@ -69,7 +69,7 @@
    */
 
   var NAME = 'toast';
-  var VERSION = '4.3.0';
+  var VERSION = '4.3.1';
   var DATA_KEY = 'bs.toast';
   var EVENT_KEY = "." + DATA_KEY;
   var JQUERY_NO_CONFLICT = $.fn[NAME];
diff --git a/assets/javascripts/bootstrap/tooltip.js b/assets/javascripts/bootstrap/tooltip.js
index b96de60..6a863f8 100644
--- a/assets/javascripts/bootstrap/tooltip.js
+++ b/assets/javascripts/bootstrap/tooltip.js
@@ -1,5 +1,5 @@
 /*!
-  * Bootstrap tooltip.js v4.3.0 (https://getbootstrap.com/)
+  * Bootstrap tooltip.js v4.3.1 (https://getbootstrap.com/)
   * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)
   * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
   */
@@ -64,18 +64,140 @@
   }
 
   /**
+   * --------------------------------------------------------------------------
+   * Bootstrap (v4.3.1): tools/sanitizer.js
+   * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
+   * --------------------------------------------------------------------------
+   */
+  var uriAttrs = ['background', 'cite', 'href', 'itemtype', 'longdesc', 'poster', 'src', 'xlink:href'];
+  var ARIA_ATTRIBUTE_PATTERN = /^aria-[\w-]*$/i;
+  var DefaultWhitelist = {
+    // Global attributes allowed on any supplied element below.
+    '*': ['class', 'dir', 'id', 'lang', 'role', ARIA_ATTRIBUTE_PATTERN],
+    a: ['target', 'href', 'title', 'rel'],
+    area: [],
+    b: [],
+    br: [],
+    col: [],
+    code: [],
+    div: [],
+    em: [],
+    hr: [],
+    h1: [],
+    h2: [],
+    h3: [],
+    h4: [],
+    h5: [],
+    h6: [],
+    i: [],
+    img: ['src', 'alt', 'title', 'width', 'height'],
+    li: [],
+    ol: [],
+    p: [],
+    pre: [],
+    s: [],
+    small: [],
+    span: [],
+    sub: [],
+    sup: [],
+    strong: [],
+    u: [],
+    ul: []
+    /**
+     * A pattern that recognizes a commonly useful subset of URLs that are safe.
+     *
+     * Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts
+     */
+
+  };
+  var SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^&:/?#]*(?:[/?#]|$))/gi;
+  /**
+   * A pattern that matches safe data URLs. Only matches image, video and audio types.
+   *
+   * Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts
+   */
+
+  var DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[a-z0-9+/]+=*$/i;
+
+  function allowedAttribute(attr, allowedAttributeList) {
+    var attrName = attr.nodeName.toLowerCase();
+
+    if (allowedAttributeList.indexOf(attrName) !== -1) {
+      if (uriAttrs.indexOf(attrName) !== -1) {
+        return Boolean(attr.nodeValue.match(SAFE_URL_PATTERN) || attr.nodeValue.match(DATA_URL_PATTERN));
+      }
+
+      return true;
+    }
+
+    var regExp = allowedAttributeList.filter(function (attrRegex) {
+      return attrRegex instanceof RegExp;
+    }); // Check if a regular expression validates the attribute.
+
+    for (var i = 0, l = regExp.length; i < l; i++) {
+      if (attrName.match(regExp[i])) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  function sanitizeHtml(unsafeHtml, whiteList, sanitizeFn) {
+    if (unsafeHtml.length === 0) {
+      return unsafeHtml;
+    }
+
+    if (sanitizeFn && typeof sanitizeFn === 'function') {
+      return sanitizeFn(unsafeHtml);
+    }
+
+    var domParser = new window.DOMParser();
+    var createdDocument = domParser.parseFromString(unsafeHtml, 'text/html');
+    var whitelistKeys = Object.keys(whiteList);
+    var elements = [].slice.call(createdDocument.body.querySelectorAll('*'));
+
+    var _loop = function _loop(i, len) {
+      var el = elements[i];
+      var elName = el.nodeName.toLowerCase();
+
+      if (whitelistKeys.indexOf(el.nodeName.toLowerCase()) === -1) {
+        el.parentNode.removeChild(el);
+        return "continue";
+      }
+
+      var attributeList = [].slice.call(el.attributes);
+      var whitelistedAttributes = [].concat(whiteList['*'] || [], whiteList[elName] || []);
+      attributeList.forEach(function (attr) {
+        if (!allowedAttribute(attr, whitelistedAttributes)) {
+          el.removeAttribute(attr.nodeName);
+        }
+      });
+    };
+
+    for (var i = 0, len = elements.length; i < len; i++) {
+      var _ret = _loop(i, len);
+
+      if (_ret === "continue") continue;
+    }
+
+    return createdDocument.body.innerHTML;
+  }
+
+  /**
    * ------------------------------------------------------------------------
    * Constants
    * ------------------------------------------------------------------------
    */
 
   var NAME = 'tooltip';
-  var VERSION = '4.3.0';
+  var VERSION = '4.3.1';
   var DATA_KEY = 'bs.tooltip';
   var EVENT_KEY = "." + DATA_KEY;
   var JQUERY_NO_CONFLICT = $.fn[NAME];
   var CLASS_PREFIX = 'bs-tooltip';
   var BSCLS_PREFIX_REGEX = new RegExp("(^|\\s)" + CLASS_PREFIX + "\\S+", 'g');
+  var DISALLOWED_ATTRIBUTES = ['sanitize', 'whiteList', 'sanitizeFn'];
   var DefaultType = {
     animation: 'boolean',
     template: 'string',
@@ -88,7 +210,10 @@
     offset: '(number|string|function)',
     container: '(string|element|boolean)',
     fallbackPlacement: '(string|array)',
-    boundary: '(string|element)'
+    boundary: '(string|element)',
+    sanitize: 'boolean',
+    sanitizeFn: '(null|function)',
+    whiteList: 'object'
   };
   var AttachmentMap = {
     AUTO: 'auto',
@@ -109,7 +234,10 @@
     offset: 0,
     container: false,
     fallbackPlacement: 'flip',
-    boundary: 'scrollParent'
+    boundary: 'scrollParent',
+    sanitize: true,
+    sanitizeFn: null,
+    whiteList: DefaultWhitelist
   };
   var HoverState = {
     SHOW: 'show',
@@ -426,19 +554,27 @@
     };
 
     _proto.setElementContent = function setElementContent($element, content) {
-      var html = this.config.html;
-
       if (typeof content === 'object' && (content.nodeType || content.jquery)) {
         // Content is a DOM node or a jQuery
-        if (html) {
+        if (this.config.html) {
           if (!$(content).parent().is($element)) {
             $element.empty().append(content);
           }
         } else {
           $element.text($(content).text());
         }
+
+        return;
+      }
+
+      if (this.config.html) {
+        if (this.config.sanitize) {
+          content = sanitizeHtml(content, this.config.whiteList, this.config.sanitizeFn);
+        }
+
+        $element.html(content);
       } else {
-        $element[html ? 'html' : 'text'](content);
+        $element.text(content);
       }
     };
 
@@ -606,7 +742,13 @@
     };
 
     _proto._getConfig = function _getConfig(config) {
-      config = _objectSpread({}, this.constructor.Default, $(this.element).data(), typeof config === 'object' && config ? config : {});
+      var dataAttributes = $(this.element).data();
+      Object.keys(dataAttributes).forEach(function (dataAttr) {
+        if (DISALLOWED_ATTRIBUTES.indexOf(dataAttr) !== -1) {
+          delete dataAttributes[dataAttr];
+        }
+      });
+      config = _objectSpread({}, this.constructor.Default, dataAttributes, typeof config === 'object' && config ? config : {});
 
       if (typeof config.delay === 'number') {
         config.delay = {
@@ -624,6 +766,11 @@
       }
 
       Util.typeCheckConfig(NAME, config, this.constructor.DefaultType);
+
+      if (config.sanitize) {
+        config.template = sanitizeHtml(config.template, config.whiteList, config.sanitizeFn);
+      }
+
       return config;
     };
 
diff --git a/assets/javascripts/bootstrap/util.js b/assets/javascripts/bootstrap/util.js
index 3ef0c3b..4b538cb 100644
--- a/assets/javascripts/bootstrap/util.js
+++ b/assets/javascripts/bootstrap/util.js
@@ -1,5 +1,5 @@
 /*!
-  * Bootstrap util.js v4.3.0 (https://getbootstrap.com/)
+  * Bootstrap util.js v4.3.1 (https://getbootstrap.com/)
   * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors)
   * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
   */
@@ -13,7 +13,7 @@
 
   /**
    * --------------------------------------------------------------------------
-   * Bootstrap (v4.3.0): util.js
+   * Bootstrap (v4.3.1): util.js
    * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
    * --------------------------------------------------------------------------
    */
author	Gleb Mazovetskiy <glex.spb@gmail.com>	2019-02-13 21:51:58 +0300
committer	Gleb Mazovetskiy <glex.spb@gmail.com>	2019-02-13 21:51:58 +0300
commit	a63d04c96d14e42492ccdba1d7f3d6ec1af022a9 (patch)
tree	135aa1e7bb40a8fb021d9bf04aef230cae65bead /assets/javascripts/bootstrap
parent	abf9232f33f4d86aa3cc8f2d5631ea3bcdedca1e (diff)