diff options
Diffstat (limited to 'vendor/twbs/bootstrap/dist/js/bootstrap.esm.js')
| -rw-r--r-- | vendor/twbs/bootstrap/dist/js/bootstrap.esm.js | 80 |
1 files changed, 48 insertions, 32 deletions
diff --git a/vendor/twbs/bootstrap/dist/js/bootstrap.esm.js b/vendor/twbs/bootstrap/dist/js/bootstrap.esm.js index 65f5ee23c..6d13de2da 100644 --- a/vendor/twbs/bootstrap/dist/js/bootstrap.esm.js +++ b/vendor/twbs/bootstrap/dist/js/bootstrap.esm.js @@ -1,5 +1,5 @@ /*! - * Bootstrap v5.3.0-alpha3 (https://getbootstrap.com/) + * Bootstrap v5.3.0 (https://getbootstrap.com/) * Copyright 2011-2023 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */ @@ -307,6 +307,7 @@ const getNextActiveElement = (list, activeElement, shouldGetNext, isCycleAllowed * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -585,6 +586,7 @@ const Manipulator = { * -------------------------------------------------------------------------- */ + /** * Class definition */ @@ -637,11 +639,12 @@ class Config { * -------------------------------------------------------------------------- */ + /** * Constants */ -const VERSION = '5.3.0-alpha2'; +const VERSION = '5.3.0'; /** * Class definition @@ -704,6 +707,7 @@ class BaseComponent extends Config { * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) * -------------------------------------------------------------------------- */ + const getSelector = element => { let selector = element.getAttribute('data-bs-target'); if (!selector || selector === '#') { @@ -792,6 +796,7 @@ const SelectorEngine = { * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) * -------------------------------------------------------------------------- */ + const enableDismissTrigger = (component, method = 'hide') => { const clickEvent = `click.dismiss${component.EVENT_KEY}`; const name = component.NAME; @@ -817,6 +822,7 @@ const enableDismissTrigger = (component, method = 'hide') => { * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -891,6 +897,7 @@ defineJQueryPlugin(Alert); * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -954,6 +961,7 @@ defineJQueryPlugin(Button); * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -1073,6 +1081,7 @@ class Swipe extends Config { * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -1445,6 +1454,7 @@ defineJQueryPlugin(Carousel); * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -1678,6 +1688,7 @@ defineJQueryPlugin(Collapse); * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -2045,6 +2056,7 @@ defineJQueryPlugin(Dropdown); * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -2169,6 +2181,7 @@ class Backdrop extends Config { * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -2267,6 +2280,7 @@ class FocusTrap extends Config { * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -2364,6 +2378,7 @@ class ScrollBarHelper { * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -2668,6 +2683,7 @@ defineJQueryPlugin(Modal); * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -2898,34 +2914,6 @@ defineJQueryPlugin(Offcanvas); * -------------------------------------------------------------------------- */ -const uriAttributes = new Set(['background', 'cite', 'href', 'itemtype', 'longdesc', 'poster', 'src', 'xlink:href']); - -/** - * A pattern that recognizes a commonly useful subset of URLs that are safe. - * - * Shout-out to Angular https://github.com/angular/angular/blob/12.2.x/packages/core/src/sanitization/url_sanitizer.ts - */ -const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file|sms):|[^#&/:?]*(?:[#/?]|$))/i; - -/** - * A pattern that matches safe data URLs. Only matches image, video and audio types. - * - * Shout-out to Angular https://github.com/angular/angular/blob/12.2.x/packages/core/src/sanitization/url_sanitizer.ts - */ -const DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[\d+/a-z]+=*$/i; -const allowedAttribute = (attribute, allowedAttributeList) => { - const attributeName = attribute.nodeName.toLowerCase(); - if (allowedAttributeList.includes(attributeName)) { - if (uriAttributes.has(attributeName)) { - return Boolean(SAFE_URL_PATTERN.test(attribute.nodeValue) || DATA_URL_PATTERN.test(attribute.nodeValue)); - } - return true; - } - - // Check if a regular expression validates the attribute. - return allowedAttributeList.filter(attributeRegex => attributeRegex instanceof RegExp).some(regex => regex.test(attributeName)); -}; - // js-docs-start allow-list const ARIA_ATTRIBUTE_PATTERN = /^aria-[\w-]*$/i; const DefaultAllowlist = { @@ -2963,6 +2951,28 @@ const DefaultAllowlist = { }; // js-docs-end allow-list +const uriAttributes = new Set(['background', 'cite', 'href', 'itemtype', 'longdesc', 'poster', 'src', 'xlink:href']); + +/** + * A pattern that recognizes URLs that are safe wrt. XSS in URL navigation + * contexts. + * + * Shout-out to Angular https://github.com/angular/angular/blob/15.2.8/packages/core/src/sanitization/url_sanitizer.ts#L38 + */ +// eslint-disable-next-line unicorn/better-regex +const SAFE_URL_PATTERN = /^(?!javascript:)(?:[a-z0-9+.-]+:|[^&:/?#]*(?:[/?#]|$))/i; +const allowedAttribute = (attribute, allowedAttributeList) => { + const attributeName = attribute.nodeName.toLowerCase(); + if (allowedAttributeList.includes(attributeName)) { + if (uriAttributes.has(attributeName)) { + return Boolean(SAFE_URL_PATTERN.test(attribute.nodeValue)); + } + return true; + } + + // Check if a regular expression validates the attribute. + return allowedAttributeList.filter(attributeRegex => attributeRegex instanceof RegExp).some(regex => regex.test(attributeName)); +}; function sanitizeHtml(unsafeHtml, allowList, sanitizeFunction) { if (!unsafeHtml.length) { return unsafeHtml; @@ -2997,6 +3007,7 @@ function sanitizeHtml(unsafeHtml, allowList, sanitizeFunction) { * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -3132,6 +3143,7 @@ class TemplateFactory extends Config { * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -3643,6 +3655,7 @@ defineJQueryPlugin(Tooltip); * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -3723,6 +3736,7 @@ defineJQueryPlugin(Popover); * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -3901,11 +3915,11 @@ class ScrollSpy extends BaseComponent { if (!anchor.hash || isDisabled(anchor)) { continue; } - const observableSection = SelectorEngine.findOne(anchor.hash, this._element); + const observableSection = SelectorEngine.findOne(decodeURI(anchor.hash), this._element); // ensure that the observableSection exists & is visible if (isVisible(observableSection)) { - this._targetLinks.set(anchor.hash, anchor); + this._targetLinks.set(decodeURI(anchor.hash), anchor); this._observableSections.set(anchor.hash, observableSection); } } @@ -3982,6 +3996,7 @@ defineJQueryPlugin(ScrollSpy); * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -4243,6 +4258,7 @@ defineJQueryPlugin(Tab); * -------------------------------------------------------------------------- */ + /** * Constants */ |