natxocc/sigpro
1
1
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Improved XXS
All checks were successful
Deploy Docs to Synology / deploy (push) Successful in 4s
Details

Browse Source
This commit is contained in:
Natxo
2026-04-27 10:32:11 +02:00
parent 25975eb89a
commit a65219759d
7 changed files with 29 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dist/sigpro.esm.js vendored
View File

@@ -244,7 +244,8 @@ var cleanupNode = (node) => {
node.childNodes.forEach((n) => cleanupNode(n));
};
var DANGEROUS_PROTOCOL = /^\s*(javascript|data|vbscript):/i;
var isDangerousAttr = (key) => key === "src" || key === "href" || key.startsWith("on");
var DANGEROUS_URI_ATTRS = new Set(["src", "href", "formaction", "action", "background", "code", "archive"]);
var isDangerousAttr = (key) => DANGEROUS_URI_ATTRS.has(key) || key.startsWith("on");
var validateAttr = (key, val) => {
if (val == null || val === false)
return null;
@@ -298,8 +299,9 @@ var h = (tag, props = {}, children = []) => {
continue;
}
if (isSVG && k.startsWith("xlink:")) {
const ns = "http://www.w3.org/1999/xlink";
v == null ? el.removeAttributeNS(ns, k.slice(6)) : el.setAttributeNS(ns, k.slice(6), v);
const cleanVal = validateAttr(k.slice(6), v);
let lnk = "http://www.w3.org/1999/xlink";
cleanVal == null ? el.removeAttributeNS(lnk, k.slice(6)) : el.setAttributeNS(lnk, k.slice(6), cleanVal);
continue;
}
if (k.startsWith("on")) {

2
dist/sigpro.esm.min.js vendored
View File

File diff suppressed because one or more lines are too long

8
dist/sigpro.js vendored
View File

@@ -300,7 +300,8 @@
node.childNodes.forEach((n) => cleanupNode(n));
};
var DANGEROUS_PROTOCOL = /^\s*(javascript|data|vbscript):/i;
var isDangerousAttr = (key) => key === "src" || key === "href" || key.startsWith("on");
var DANGEROUS_URI_ATTRS = new Set(["src", "href", "formaction", "action", "background", "code", "archive"]);
var isDangerousAttr = (key) => DANGEROUS_URI_ATTRS.has(key) || key.startsWith("on");
var validateAttr = (key, val) => {
if (val == null || val === false)
return null;
@@ -354,8 +355,9 @@
continue;
}
if (isSVG && k.startsWith("xlink:")) {
const ns = "http://www.w3.org/1999/xlink";
v == null ? el.removeAttributeNS(ns, k.slice(6)) : el.setAttributeNS(ns, k.slice(6), v);
const cleanVal = validateAttr(k.slice(6), v);
let lnk = "http://www.w3.org/1999/xlink";
cleanVal == null ? el.removeAttributeNS(lnk, k.slice(6)) : el.setAttributeNS(lnk, k.slice(6), cleanVal);
continue;
}
if (k.startsWith("on")) {

2
dist/sigpro.min.js vendored
View File

File diff suppressed because one or more lines are too long

8
docs/sigpro.js
View File

@@ -300,7 +300,8 @@
node.childNodes.forEach((n) => cleanupNode(n));
};
var DANGEROUS_PROTOCOL = /^\s*(javascript|data|vbscript):/i;
var isDangerousAttr = (key) => key === "src" || key === "href" || key.startsWith("on");
var DANGEROUS_URI_ATTRS = new Set(["src", "href", "formaction", "action", "background", "code", "archive"]);
var isDangerousAttr = (key) => DANGEROUS_URI_ATTRS.has(key) || key.startsWith("on");
var validateAttr = (key, val) => {
if (val == null || val === false)
return null;
@@ -354,8 +355,9 @@
continue;
}
if (isSVG && k.startsWith("xlink:")) {
const ns = "http://www.w3.org/1999/xlink";
v == null ? el.removeAttributeNS(ns, k.slice(6)) : el.setAttributeNS(ns, k.slice(6), v);
const cleanVal = validateAttr(k.slice(6), v);
let lnk = "http://www.w3.org/1999/xlink";
cleanVal == null ? el.removeAttributeNS(lnk, k.slice(6)) : el.setAttributeNS(lnk, k.slice(6), cleanVal);
continue;
}
if (k.startsWith("on")) {

6
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "sigpro",
"version": "1.2.20",
"version": "1.2.21",
"type": "module",
"license": "MIT",
"main": "./dist/sigpro.esm.min.js",
@@ -28,10 +28,10 @@
"homepage": "https://sigpro.natxocc.com/#/",
"repository": {
"type": "git",
"url": "https://git.natxocc.com/natxocc/sigpro"
"url": "https://github.com/natxocc/sigpro"
},
"bugs": {
"url": "https://git.natxocc.com/natxocc/sigpro/issues"
"url": "https://github.com/natxocc/sigpro/issues"
},
"scripts": {
"clean": "rm -rf dist",

14
sigpro.js
View File

@@ -230,8 +230,9 @@ const cleanupNode = (node) => {
if (node.childNodes) node.childNodes.forEach(n => cleanupNode(n));
};
const DANGEROUS_PROTOCOL = /^\s*(javascript|data|vbscript):/i
const isDangerousAttr = key => key === 'src' || key === 'href' || key.startsWith('on')
var DANGEROUS_PROTOCOL = /^\s*(javascript|data|vbscript):/i;
var DANGEROUS_URI_ATTRS = new Set(["src", "href", "formaction", "action", "background", "code", "archive"]);
var isDangerousAttr = (key) => DANGEROUS_URI_ATTRS.has(key) || key.startsWith("on");
const validateAttr = (key, val) => {
if (val == null || val === false) return null
@@ -292,9 +293,12 @@ const h = (tag, props = {}, children = []) => {
continue
}
if (isSVG && k.startsWith("xlink:")) {
const ns = "http://www.w3.org/1999/xlink"
v == null ? el.removeAttributeNS(ns, k.slice(6)) : el.setAttributeNS(ns, k.slice(6), v)
continue
const cleanVal = validateAttr(k.slice(6), v);
let lnk = "http://www.w3.org/1999/xlink"
cleanVal == null
? el.removeAttributeNS(lnk, k.slice(6))
: el.setAttributeNS(lnk, k.slice(6), cleanVal);
continue;
}
if (k.startsWith("on")) {
const ev = k.slice(2).toLowerCase()