diff options
Diffstat (limited to 'vendor/twbs/bootstrap/dist/js/bootstrap.js')
| -rw-r--r-- | vendor/twbs/bootstrap/dist/js/bootstrap.js | 81 |
1 files changed, 49 insertions, 32 deletions
diff --git a/vendor/twbs/bootstrap/dist/js/bootstrap.js b/vendor/twbs/bootstrap/dist/js/bootstrap.js index 99bcaf8a2..8fb957a89 100644 --- a/vendor/twbs/bootstrap/dist/js/bootstrap.js +++ b/vendor/twbs/bootstrap/dist/js/bootstrap.js @@ -1,5 +1,5 @@ /*! - * Bootstrap v5.3.0-alpha3 (https://getbootstrap.com/) + * Bootstrap v5.3.0 (https://getbootstrap.com/) * Copyright 2011-2023 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */ @@ -330,6 +330,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -608,6 +609,7 @@ * -------------------------------------------------------------------------- */ + /** * Class definition */ @@ -660,11 +662,12 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ - const VERSION = '5.3.0-alpha2'; + const VERSION = '5.3.0'; /** * Class definition @@ -727,6 +730,7 @@ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) * -------------------------------------------------------------------------- */ + const getSelector = element => { let selector = element.getAttribute('data-bs-target'); if (!selector || selector === '#') { @@ -815,6 +819,7 @@ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) * -------------------------------------------------------------------------- */ + const enableDismissTrigger = (component, method = 'hide') => { const clickEvent = `click.dismiss${component.EVENT_KEY}`; const name = component.NAME; @@ -840,6 +845,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -914,6 +920,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -977,6 +984,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -1096,6 +1104,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -1468,6 +1477,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -1701,6 +1711,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -2068,6 +2079,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -2192,6 +2204,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -2290,6 +2303,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -2387,6 +2401,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -2691,6 +2706,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -2921,34 +2937,6 @@ * -------------------------------------------------------------------------- */ - const uriAttributes = new Set(['background', 'cite', 'href', 'itemtype', 'longdesc', 'poster', 'src', 'xlink:href']); - - /** - * A pattern that recognizes a commonly useful subset of URLs that are safe. - * - * Shout-out to Angular https://github.com/angular/angular/blob/12.2.x/packages/core/src/sanitization/url_sanitizer.ts - */ - const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file|sms):|[^#&/:?]*(?:[#/?]|$))/i; - - /** - * A pattern that matches safe data URLs. Only matches image, video and audio types. - * - * Shout-out to Angular https://github.com/angular/angular/blob/12.2.x/packages/core/src/sanitization/url_sanitizer.ts - */ - const DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[\d+/a-z]+=*$/i; - const allowedAttribute = (attribute, allowedAttributeList) => { - const attributeName = attribute.nodeName.toLowerCase(); - if (allowedAttributeList.includes(attributeName)) { - if (uriAttributes.has(attributeName)) { - return Boolean(SAFE_URL_PATTERN.test(attribute.nodeValue) || DATA_URL_PATTERN.test(attribute.nodeValue)); - } - return true; - } - - // Check if a regular expression validates the attribute. - return allowedAttributeList.filter(attributeRegex => attributeRegex instanceof RegExp).some(regex => regex.test(attributeName)); - }; - // js-docs-start allow-list const ARIA_ATTRIBUTE_PATTERN = /^aria-[\w-]*$/i; const DefaultAllowlist = { @@ -2986,6 +2974,28 @@ }; // js-docs-end allow-list + const uriAttributes = new Set(['background', 'cite', 'href', 'itemtype', 'longdesc', 'poster', 'src', 'xlink:href']); + + /** + * A pattern that recognizes URLs that are safe wrt. XSS in URL navigation + * contexts. + * + * Shout-out to Angular https://github.com/angular/angular/blob/15.2.8/packages/core/src/sanitization/url_sanitizer.ts#L38 + */ + // eslint-disable-next-line unicorn/better-regex + const SAFE_URL_PATTERN = /^(?!javascript:)(?:[a-z0-9+.-]+:|[^&:/?#]*(?:[/?#]|$))/i; + const allowedAttribute = (attribute, allowedAttributeList) => { + const attributeName = attribute.nodeName.toLowerCase(); + if (allowedAttributeList.includes(attributeName)) { + if (uriAttributes.has(attributeName)) { + return Boolean(SAFE_URL_PATTERN.test(attribute.nodeValue)); + } + return true; + } + + // Check if a regular expression validates the attribute. + return allowedAttributeList.filter(attributeRegex => attributeRegex instanceof RegExp).some(regex => regex.test(attributeName)); + }; function sanitizeHtml(unsafeHtml, allowList, sanitizeFunction) { if (!unsafeHtml.length) { return unsafeHtml; @@ -3020,6 +3030,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -3155,6 +3166,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -3666,6 +3678,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -3746,6 +3759,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -3924,11 +3938,11 @@ if (!anchor.hash || isDisabled(anchor)) { continue; } - const observableSection = SelectorEngine.findOne(anchor.hash, this._element); + const observableSection = SelectorEngine.findOne(decodeURI(anchor.hash), this._element); // ensure that the observableSection exists & is visible if (isVisible(observableSection)) { - this._targetLinks.set(anchor.hash, anchor); + this._targetLinks.set(decodeURI(anchor.hash), anchor); this._observableSections.set(anchor.hash, observableSection); } } @@ -4005,6 +4019,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -4266,6 +4281,7 @@ * -------------------------------------------------------------------------- */ + /** * Constants */ @@ -4448,6 +4464,7 @@ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) * -------------------------------------------------------------------------- */ + const index_umd = { Alert, Button, |