Skip to content

Commit d47a6f4

Browse files
committed
Editor sanitize parser updates.
1 parent fe1d3cc commit d47a6f4

File tree

6 files changed

+107
-53
lines changed

6 files changed

+107
-53
lines changed

Diff for: dist/jsuites.basic.js

+20-6
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717

1818
var jSuites = function(options) {
1919
var obj = {}
20-
var version = '4.4.0';
20+
var version = '4.9.11';
2121

2222
var find = function(DOMElement, component) {
2323
if (DOMElement[component.type] && DOMElement[component.type] == component) {
@@ -4999,6 +4999,10 @@ jSuites.editor = (function(el, options) {
49994999
}
50005000

50015001
obj.addImage = function(src, asSnippet) {
5002+
if (! src) {
5003+
src = '';
5004+
}
5005+
50025006
if (src.substr(0,4) != 'data' && ! obj.options.remoteParser) {
50035007
console.error('remoteParser not defined in your initialization');
50045008
} else {
@@ -5273,6 +5277,9 @@ jSuites.editor = (function(el, options) {
52735277
// Elements to be removed
52745278
var remove = [HTMLUnknownElement,HTMLAudioElement,HTMLEmbedElement,HTMLIFrameElement,HTMLTextAreaElement,HTMLInputElement,HTMLScriptElement];
52755279

5280+
// Valid properties
5281+
var validProperty = ['width', 'height', 'align', 'border', 'src', 'tabindex'];
5282+
52765283
// Valid CSS attributes
52775284
var validStyle = ['color', 'font-weight', 'font-size', 'background', 'background-color', 'margin'];
52785285

@@ -5297,20 +5304,27 @@ jSuites.editor = (function(el, options) {
52975304
}
52985305
// Process image
52995306
if (element.tagName.toUpperCase() == 'IMG') {
5300-
if (! obj.options.acceptImages) {
5307+
if (! obj.options.acceptImages || ! element.src) {
53015308
element.parentNode.removeChild(element);
53025309
} else {
53035310
// Check if is data
53045311
element.setAttribute('tabindex', '900');
53055312
// Check attributes for persistance
53065313
obj.addImage(element.src);
53075314
}
5308-
} else {
5309-
// Remove attributes
5310-
var numAttributes = element.attributes.length - 1;
5315+
}
5316+
// Remove attributes
5317+
var attr = [];
5318+
var numAttributes = element.attributes.length - 1;
5319+
if (numAttributes > 0) {
53115320
for (var i = numAttributes; i >= 0 ; i--) {
5312-
element.removeAttribute(element.attributes[i].name);
5321+
attr.push(element.attributes[i].name);
53135322
}
5323+
attr.forEach(function(v) {
5324+
if (validProperty.indexOf(v) == -1) {
5325+
element.removeAttribute(v);
5326+
}
5327+
});
53145328
}
53155329
element.style = '';
53165330
// Add valid style

Diff for: dist/jsuites.js

+20-6
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717

1818
var jSuites = function(options) {
1919
var obj = {}
20-
var version = '4.4.0';
20+
var version = '4.9.11';
2121

2222
var find = function(DOMElement, component) {
2323
if (DOMElement[component.type] && DOMElement[component.type] == component) {
@@ -5010,6 +5010,10 @@ jSuites.editor = (function(el, options) {
50105010
}
50115011

50125012
obj.addImage = function(src, asSnippet) {
5013+
if (! src) {
5014+
src = '';
5015+
}
5016+
50135017
if (src.substr(0,4) != 'data' && ! obj.options.remoteParser) {
50145018
console.error('remoteParser not defined in your initialization');
50155019
} else {
@@ -5284,6 +5288,9 @@ jSuites.editor = (function(el, options) {
52845288
// Elements to be removed
52855289
var remove = [HTMLUnknownElement,HTMLAudioElement,HTMLEmbedElement,HTMLIFrameElement,HTMLTextAreaElement,HTMLInputElement,HTMLScriptElement];
52865290

5291+
// Valid properties
5292+
var validProperty = ['width', 'height', 'align', 'border', 'src', 'tabindex'];
5293+
52875294
// Valid CSS attributes
52885295
var validStyle = ['color', 'font-weight', 'font-size', 'background', 'background-color', 'margin'];
52895296

@@ -5308,20 +5315,27 @@ jSuites.editor = (function(el, options) {
53085315
}
53095316
// Process image
53105317
if (element.tagName.toUpperCase() == 'IMG') {
5311-
if (! obj.options.acceptImages) {
5318+
if (! obj.options.acceptImages || ! element.src) {
53125319
element.parentNode.removeChild(element);
53135320
} else {
53145321
// Check if is data
53155322
element.setAttribute('tabindex', '900');
53165323
// Check attributes for persistance
53175324
obj.addImage(element.src);
53185325
}
5319-
} else {
5320-
// Remove attributes
5321-
var numAttributes = element.attributes.length - 1;
5326+
}
5327+
// Remove attributes
5328+
var attr = [];
5329+
var numAttributes = element.attributes.length - 1;
5330+
if (numAttributes > 0) {
53225331
for (var i = numAttributes; i >= 0 ; i--) {
5323-
element.removeAttribute(element.attributes[i].name);
5332+
attr.push(element.attributes[i].name);
53245333
}
5334+
attr.forEach(function(v) {
5335+
if (validProperty.indexOf(v) == -1) {
5336+
element.removeAttribute(v);
5337+
}
5338+
});
53255339
}
53265340
element.style = '';
53275341
// Add valid style

Diff for: dist/jsuites.layout.css

+1
Original file line numberDiff line numberDiff line change
@@ -1588,6 +1588,7 @@ section.middle {
15881588

15891589
.jmenu a:hover, .jmenu a.selected {
15901590
text-decoration: underline;
1591+
font-weight: bold;
15911592
}
15921593

15931594
.jmenu .title {

Diff for: dist/jsuites.layout.js

+46-35
Original file line numberDiff line numberDiff line change
@@ -1701,7 +1701,7 @@ jSuites.menu = (function(el, options) {
17011701
menu[i].classList.remove('selected');
17021702
if (menu[i].getAttribute('data-id')) {
17031703
var state = localStorage.getItem('jmenu-' + menu[i].getAttribute('data-id'));
1704-
if (state === null || state == 1) {
1704+
if (state == 1) {
17051705
menu[i].classList.add('selected');
17061706
}
17071707
}
@@ -1716,48 +1716,59 @@ jSuites.menu = (function(el, options) {
17161716
}
17171717
}
17181718

1719-
obj.select = function(o) {
1720-
var menu = el.querySelectorAll('nav a');
1721-
for (var i = 0; i < menu.length; i++) {
1722-
menu[i].classList.remove('selected');
1723-
}
1724-
o.classList.add('selected');
1725-
1726-
// Better navigation
1727-
if (options && options.collapse == true) {
1728-
if (o.classList.contains('show')) {
1729-
menu = el.querySelectorAll('nav');
1730-
for (var i = 0; i < menu.length; i++) {
1731-
menu[i].style.display = '';
1732-
}
1733-
o.style.display = 'none';
1734-
} else {
1735-
menu = el.querySelectorAll('nav');
1736-
for (var i = 0; i < menu.length; i++) {
1737-
menu[i].style.display = 'none';
1738-
}
1719+
obj.select = function(o, e) {
1720+
if (o.tagName == 'NAV') {
1721+
var m = el.querySelectorAll('nav');
1722+
for (var i = 0; i < m.length; i++) {
1723+
m[i].style.display = 'none';
1724+
}
1725+
o.style.display = '';
1726+
o.classList.add('selected');
1727+
} else {
1728+
var m = el.querySelectorAll('nav a');
1729+
for (var i = 0; i < m.length; i++) {
1730+
m[i].classList.remove('selected');
1731+
}
1732+
o.classList.add('selected');
1733+
1734+
// Better navigation
1735+
if (options && options.collapse == true) {
1736+
if (o.classList.contains('show')) {
1737+
m = el.querySelectorAll('nav');
1738+
for (var i = 0; i < m.length; i++) {
1739+
m[i].style.display = '';
1740+
}
1741+
o.style.display = 'none';
1742+
} else {
1743+
m = el.querySelectorAll('nav');
1744+
for (var i = 0; i < m.length; i++) {
1745+
m[i].style.display = 'none';
1746+
}
17391747

1740-
menu = el.querySelector('.show');
1741-
if (menu) {
1742-
menu.style.display = 'block';
1743-
}
1748+
m = el.querySelector('.show');
1749+
if (m) {
1750+
m.style.display = 'block';
1751+
}
17441752

1745-
menu = jSuites.findElement(o.parentNode, 'selected');
1746-
if (menu) {
1747-
menu.style.display = '';
1753+
m = jSuites.findElement(o.parentNode, 'selected');
1754+
if (m) {
1755+
m.style.display = '';
1756+
}
17481757
}
17491758
}
17501759
}
17511760

1761+
if (options && typeof(options.onclick) == 'function') {
1762+
options.onclick(obj, e);
1763+
}
1764+
17521765
// Close menu if is oped
17531766
if (jSuites.getWindowWidth() < 800) {
1754-
setTimeout(function() {
1755-
obj.hide();
1756-
}, 0);
1767+
obj.hide();
17571768
}
17581769
}
17591770

1760-
var actionDown = function(e) {
1771+
var action = function(e) {
17611772
if (e.target.tagName == 'H2') {
17621773
if (e.target.parentNode.classList.contains('selected')) {
17631774
e.target.parentNode.classList.remove('selected');
@@ -1768,14 +1779,14 @@ jSuites.menu = (function(el, options) {
17681779
}
17691780
} else if (e.target.tagName == 'A') {
17701781
// Mark link as selected
1771-
obj.select(e.target);
1782+
obj.select(e.target, e);
17721783
}
17731784
}
17741785

17751786
if ('ontouchstart' in document.documentElement === true) {
1776-
el.addEventListener('touchstart', actionDown);
1787+
el.addEventListener('touchsend', action);
17771788
} else {
1778-
el.addEventListener('mousedown', actionDown);
1789+
el.addEventListener('mouseup', action);
17791790
}
17801791

17811792
// Add close action

Diff for: package.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
"javascript plugins"
2020
],
2121
"main": "dist/jsuites.js",
22-
"version": "4.9.10",
22+
"version": "4.9.11",
2323
"bugs": "https://github.com/jsuites/jsuites/issues",
2424
"homepage": "https://github.com/jsuites/jsuites",
2525
"docs": "https://jsuites.net",

Diff for: src/editor.js

+19-5
Original file line numberDiff line numberDiff line change
@@ -452,6 +452,10 @@ jSuites.editor = (function(el, options) {
452452
}
453453

454454
obj.addImage = function(src, asSnippet) {
455+
if (! src) {
456+
src = '';
457+
}
458+
455459
if (src.substr(0,4) != 'data' && ! obj.options.remoteParser) {
456460
console.error('remoteParser not defined in your initialization');
457461
} else {
@@ -726,6 +730,9 @@ jSuites.editor = (function(el, options) {
726730
// Elements to be removed
727731
var remove = [HTMLUnknownElement,HTMLAudioElement,HTMLEmbedElement,HTMLIFrameElement,HTMLTextAreaElement,HTMLInputElement,HTMLScriptElement];
728732

733+
// Valid properties
734+
var validProperty = ['width', 'height', 'align', 'border', 'src', 'tabindex'];
735+
729736
// Valid CSS attributes
730737
var validStyle = ['color', 'font-weight', 'font-size', 'background', 'background-color', 'margin'];
731738

@@ -750,20 +757,27 @@ jSuites.editor = (function(el, options) {
750757
}
751758
// Process image
752759
if (element.tagName.toUpperCase() == 'IMG') {
753-
if (! obj.options.acceptImages) {
760+
if (! obj.options.acceptImages || ! element.src) {
754761
element.parentNode.removeChild(element);
755762
} else {
756763
// Check if is data
757764
element.setAttribute('tabindex', '900');
758765
// Check attributes for persistance
759766
obj.addImage(element.src);
760767
}
761-
} else {
762-
// Remove attributes
763-
var numAttributes = element.attributes.length - 1;
768+
}
769+
// Remove attributes
770+
var attr = [];
771+
var numAttributes = element.attributes.length - 1;
772+
if (numAttributes > 0) {
764773
for (var i = numAttributes; i >= 0 ; i--) {
765-
element.removeAttribute(element.attributes[i].name);
774+
attr.push(element.attributes[i].name);
766775
}
776+
attr.forEach(function(v) {
777+
if (validProperty.indexOf(v) == -1) {
778+
element.removeAttribute(v);
779+
}
780+
});
767781
}
768782
element.style = '';
769783
// Add valid style

0 commit comments

Comments
 (0)