diff options
author | Johann-S <johann.servoire@gmail.com> | 2019-02-11 17:59:39 +0300 |
---|---|---|
committer | XhmikosR <xhmikosr@gmail.com> | 2019-02-13 09:32:15 +0300 |
commit | 7bc4d2e0bc65151b6f60dccad50c9c8f50252bd6 (patch) | |
tree | 178feb0626afeb5861d6c873f72efefc16e076ac /js/src/tooltip.js | |
parent | bf2515ae68f1d89e8b795478aec90f8db61159e5 (diff) |
Add sanitize template option for tooltip/popover plugins.
Diffstat (limited to 'js/src/tooltip.js')
-rw-r--r-- | js/src/tooltip.js | 59 |
1 files changed, 46 insertions, 13 deletions
diff --git a/js/src/tooltip.js b/js/src/tooltip.js index 859ab918ff..e7b5b2a7f0 100644 --- a/js/src/tooltip.js +++ b/js/src/tooltip.js @@ -5,6 +5,10 @@ * -------------------------------------------------------------------------- */ +import { + DefaultWhitelist, + sanitizeHtml +} from './tools/sanitizer' import $ from 'jquery' import Popper from 'popper.js' import Util from './util' @@ -15,13 +19,14 @@ import Util from './util' * ------------------------------------------------------------------------ */ -const NAME = 'tooltip' -const VERSION = '4.3.0' -const DATA_KEY = 'bs.tooltip' -const EVENT_KEY = `.${DATA_KEY}` -const JQUERY_NO_CONFLICT = $.fn[NAME] -const CLASS_PREFIX = 'bs-tooltip' -const BSCLS_PREFIX_REGEX = new RegExp(`(^|\\s)${CLASS_PREFIX}\\S+`, 'g') +const NAME = 'tooltip' +const VERSION = '4.3.0' +const DATA_KEY = 'bs.tooltip' +const EVENT_KEY = `.${DATA_KEY}` +const JQUERY_NO_CONFLICT = $.fn[NAME] +const CLASS_PREFIX = 'bs-tooltip' +const BSCLS_PREFIX_REGEX = new RegExp(`(^|\\s)${CLASS_PREFIX}\\S+`, 'g') +const DISALLOWED_ATTRIBUTES = ['sanitize', 'whiteList', 'sanitizeFn'] const DefaultType = { animation : 'boolean', @@ -35,7 +40,10 @@ const DefaultType = { offset : '(number|string|function)', container : '(string|element|boolean)', fallbackPlacement : '(string|array)', - boundary : '(string|element)' + boundary : '(string|element)', + sanitize : 'boolean', + sanitizeFn : '(null|function)', + whiteList : 'object' } const AttachmentMap = { @@ -60,7 +68,10 @@ const Default = { offset : 0, container : false, fallbackPlacement : 'flip', - boundary : 'scrollParent' + boundary : 'scrollParent', + sanitize : true, + sanitizeFn : null, + whiteList : DefaultWhitelist } const HoverState = { @@ -419,18 +430,27 @@ class Tooltip { } setElementContent($element, content) { - const html = this.config.html if (typeof content === 'object' && (content.nodeType || content.jquery)) { // Content is a DOM node or a jQuery - if (html) { + if (this.config.html) { if (!$(content).parent().is($element)) { $element.empty().append(content) } } else { $element.text($(content).text()) } + + return + } + + if (this.config.html) { + if (this.config.sanitize) { + content = sanitizeHtml(content, this.config.whiteList, this.config.sanitizeFn) + } + + $element.html(content) } else { - $element[html ? 'html' : 'text'](content) + $element.text(content) } } @@ -636,9 +656,18 @@ class Tooltip { } _getConfig(config) { + const dataAttributes = $(this.element).data() + + Object.keys(dataAttributes) + .forEach((dataAttr) => { + if (DISALLOWED_ATTRIBUTES.indexOf(dataAttr) !== -1) { + delete dataAttributes[dataAttr] + } + }) + config = { ...this.constructor.Default, - ...$(this.element).data(), + ...dataAttributes, ...typeof config === 'object' && config ? config : {} } @@ -663,6 +692,10 @@ class Tooltip { this.constructor.DefaultType ) + if (config.sanitize) { + config.template = sanitizeHtml(config.template, config.whiteList, config.sanitizeFn) + } + return config } |