diff options
author | Max Kostikov <max@kostikov.co> | 2020-07-19 14:58:19 +0200 |
---|---|---|
committer | Max Kostikov <max@kostikov.co> | 2020-07-19 14:58:19 +0200 |
commit | 5ea7196e78d08550b3ec93d3b708f915b3b0057f (patch) | |
tree | 07e5f865b6c83898d7ac508302a227509e8207fd /vendor/twbs/bootstrap/js/src/tools/sanitizer.js | |
parent | d0c7c99d5e1eb27281431231640c7e8c019b90e1 (diff) | |
parent | fcc47e69e424635fa54b2684329623d4f7694436 (diff) | |
download | volse-hubzilla-5ea7196e78d08550b3ec93d3b708f915b3b0057f.tar.gz volse-hubzilla-5ea7196e78d08550b3ec93d3b708f915b3b0057f.tar.bz2 volse-hubzilla-5ea7196e78d08550b3ec93d3b708f915b3b0057f.zip |
Merge branch 'dev' into 'dev'
Dev sync
See merge request kostikov/core!1
Diffstat (limited to 'vendor/twbs/bootstrap/js/src/tools/sanitizer.js')
-rw-r--r-- | vendor/twbs/bootstrap/js/src/tools/sanitizer.js | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/vendor/twbs/bootstrap/js/src/tools/sanitizer.js b/vendor/twbs/bootstrap/js/src/tools/sanitizer.js index 797159bcc..e57f856f0 100644 --- a/vendor/twbs/bootstrap/js/src/tools/sanitizer.js +++ b/vendor/twbs/bootstrap/js/src/tools/sanitizer.js @@ -1,6 +1,6 @@ /** * -------------------------------------------------------------------------- - * Bootstrap (v4.4.1): tools/sanitizer.js + * Bootstrap (v4.5.0): tools/sanitizer.js * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * -------------------------------------------------------------------------- */ @@ -37,7 +37,7 @@ export const DefaultWhitelist = { h5: [], h6: [], i: [], - img: ['src', 'alt', 'title', 'width', 'height'], + img: ['src', 'srcset', 'alt', 'title', 'width', 'height'], li: [], ol: [], p: [], @@ -57,14 +57,14 @@ export const DefaultWhitelist = { * * Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts */ -const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^&:/?#]*(?:[/?#]|$))/gi +const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^#&/:?]*(?:[#/?]|$))/gi /** * A pattern that matches safe data URLs. Only matches image, video and audio types. * * Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts */ -const DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[a-z0-9+/]+=*$/i +const DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[\d+/a-z]+=*$/i function allowedAttribute(attr, allowedAttributeList) { const attrName = attr.nodeName.toLowerCase() @@ -80,7 +80,7 @@ function allowedAttribute(attr, allowedAttributeList) { const regExp = allowedAttributeList.filter((attrRegex) => attrRegex instanceof RegExp) // Check if a regular expression validates the attribute. - for (let i = 0, l = regExp.length; i < l; i++) { + for (let i = 0, len = regExp.length; i < len; i++) { if (attrName.match(regExp[i])) { return true } |