diff options
Diffstat (limited to 'vendor/twbs/bootstrap/js/src/tools/sanitizer.js')
| -rw-r--r-- | vendor/twbs/bootstrap/js/src/tools/sanitizer.js | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/vendor/twbs/bootstrap/js/src/tools/sanitizer.js b/vendor/twbs/bootstrap/js/src/tools/sanitizer.js index 797159bcc..e57f856f0 100644 --- a/vendor/twbs/bootstrap/js/src/tools/sanitizer.js +++ b/vendor/twbs/bootstrap/js/src/tools/sanitizer.js @@ -1,6 +1,6 @@ /** * -------------------------------------------------------------------------- - * Bootstrap (v4.4.1): tools/sanitizer.js + * Bootstrap (v4.5.0): tools/sanitizer.js * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * -------------------------------------------------------------------------- */ @@ -37,7 +37,7 @@ export const DefaultWhitelist = { h5: [], h6: [], i: [], - img: ['src', 'alt', 'title', 'width', 'height'], + img: ['src', 'srcset', 'alt', 'title', 'width', 'height'], li: [], ol: [], p: [], @@ -57,14 +57,14 @@ export const DefaultWhitelist = { * * Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts */ -const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^&:/?#]*(?:[/?#]|$))/gi +const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^#&/:?]*(?:[#/?]|$))/gi /** * A pattern that matches safe data URLs. Only matches image, video and audio types. * * Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts */ -const DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[a-z0-9+/]+=*$/i +const DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[\d+/a-z]+=*$/i function allowedAttribute(attr, allowedAttributeList) { const attrName = attr.nodeName.toLowerCase() @@ -80,7 +80,7 @@ function allowedAttribute(attr, allowedAttributeList) { const regExp = allowedAttributeList.filter((attrRegex) => attrRegex instanceof RegExp) // Check if a regular expression validates the attribute. - for (let i = 0, l = regExp.length; i < l; i++) { + for (let i = 0, len = regExp.length; i < len; i++) { if (attrName.match(regExp[i])) { return true } |