Skip to content

Commit

Permalink
Merge pull request #899 from cure53/main
Browse files Browse the repository at this point in the history
Update 3.x to be in sync with main
  • Loading branch information
cure53 authored Jan 5, 2024
2 parents aa2c561 + b3b441e commit ec1346a
Show file tree
Hide file tree
Showing 15 changed files with 42 additions and 30 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.

It's also very simple to use and get started with. DOMPurify was [started in February 2014](https://github.com/cure53/DOMPurify/commit/a630922616927373485e0e787ab19e73e3691b2b) and, meanwhile, has reached version **v3.0.7**.
It's also very simple to use and get started with. DOMPurify was [started in February 2014](https://github.com/cure53/DOMPurify/commit/a630922616927373485e0e787ab19e73e3691b2b) and, meanwhile, has reached version **v3.0.8**.

DOMPurify is written in JavaScript and works in all modern browsers (Safari (10+), Opera (15+), Edge, Firefox and Chrome - as well as almost anything else using Blink, Gecko or WebKit). It doesn't break on MSIE or other legacy browsers. It simply does nothing.

Expand Down
2 changes: 1 addition & 1 deletion bower.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "DOMPurify",
"version": "3.0.7",
"version": "3.0.8",
"homepage": "https://github.com/cure53/DOMPurify",
"author": "Cure53 <info@cure53.de>",
"description": "A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG",
Expand Down
6 changes: 3 additions & 3 deletions dist/purify.cjs.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.cjs.js.map

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions dist/purify.es.mjs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/*! @license DOMPurify 3.0.7 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.0.7/LICENSE */
/*! @license DOMPurify 3.0.8 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.0.8/LICENSE */

const {
entries,
Expand Down Expand Up @@ -139,7 +139,7 @@ function clone(object) {
if (getOwnPropertyDescriptor(object, property) !== undefined) {
if (Array.isArray(value)) {
newObject[property] = cleanArray(value);
} else if (typeof value === 'object' && value.constructor === Object) {
} else if (value && typeof value === 'object' && value.constructor === Object) {
newObject[property] = clone(value);
} else {
newObject[property] = value;
Expand Down Expand Up @@ -278,7 +278,7 @@ function createDOMPurify() {
* Version label, exposed for easier checks
* if DOMPurify is up to date or not
*/
DOMPurify.version = '3.0.7';
DOMPurify.version = '3.0.8';

/**
* Array of elements that DOMPurify removed during sanitation.
Expand Down
2 changes: 1 addition & 1 deletion dist/purify.es.mjs.map

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions dist/purify.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/purify.js.map

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions dist/purify.min.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/purify.min.js.map

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 1 addition & 8 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,6 @@
"test:ci": "cross-env NODE_ENV=test BABEL_ENV=rollup npm run test:jsdom && npm run test:karma -- --log-level error --reporters dots --single-run --shouldTestOnBrowserStack=\"${TEST_BROWSERSTACK}\" --shouldProbeOnly=\"${TEST_PROBE_ONLY}\"",
"test": "cross-env NODE_ENV=test BABEL_ENV=rollup npm run lint && npm run test:jsdom && npm run test:karma -- --browsers Chrome"
},
"exports": {
".": {
"require": "./dist/purify.cjs.js",
"import": "./dist/purify.es.mjs"
},
"./package.json": "./package.json"
},
"main": "./dist/purify.cjs.js",
"module": "./dist/purify.es.mjs",
"browser": "./dist/purify.js",
Expand Down Expand Up @@ -105,7 +98,7 @@
},
"name": "dompurify",
"description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.",
"version": "3.0.7",
"version": "3.0.8",
"directories": {
"test": "test"
},
Expand Down
6 changes: 5 additions & 1 deletion src/utils.js
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,11 @@ function clone(object) {
if (getOwnPropertyDescriptor(object, property) !== undefined) {
if (Array.isArray(value)) {
newObject[property] = cleanArray(value);
} else if (typeof value === 'object' && value.constructor === Object) {
} else if (
value &&
typeof value === 'object' &&
value.constructor === Object
) {
newObject[property] = clone(value);
} else {
newObject[property] = value;
Expand Down
15 changes: 15 additions & 0 deletions test/test-suite.js
Original file line number Diff line number Diff line change
Expand Up @@ -804,6 +804,21 @@
);
}
);
QUnit.test(
'CUSTOM_ELEMENT_HANDLING config values of null do not throw a TypeError.',
function (assert) {
DOMPurify.sanitize('', {
CUSTOM_ELEMENT_HANDLING: {
tagNameCheck: null,
attributeNameCheck: null,
allowCustomizedBuiltInElements: null,
},
});

// Don't see a great way to assert NOT throws...
assert.ok(true);
}
);
QUnit.test('Test dirty being an array', function (assert) {
assert.equal(
DOMPurify.sanitize(['<a>123<b>456</b></a>']),
Expand Down
4 changes: 2 additions & 2 deletions website/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<html>
<head>
<meta charset="UTF-8">
<title>DOMPurify 3.0.7 "High Noon"</title>
<title>DOMPurify 3.0.8 "Higher Noon"</title>
<script src="../dist/purify.min.js"></script>
<!-- we don't actually need it - just to demo and test the $(html) sanitation -->
<script src="//code.jquery.com/jquery-3.2.0.min.js"></script>
Expand All @@ -23,7 +23,7 @@
</script>
</head>
<body>
<h4>DOMPurify 3.0.7 "High Noon"</h4>
<h4>DOMPurify 3.0.8 "Higher Noon"</h4>
<p>
<a href="http://badge.fury.io/js/dompurify" rel="nofollow"><img alt="npm version" src="https://badge.fury.io/js/dompurify.svg"></a>
<a target="_blank" rel="noopener noreferrer" href="https://github.com/cure53/DOMPurify/workflows/Build%20and%20Test/badge.svg?branch=main"><img src="https://github.com/cure53/DOMPurify/workflows/Build%20and%20Test/badge.svg?branch=main" alt="Build and Test"></a>
Expand Down

0 comments on commit ec1346a

Please sign in to comment.