Skip to content

Commit 74701dc

Browse files
yahondayahonda
authored
Merge pull request rails#55046 from flavorjones/flavorjones/dep-trix-2.1.15
dep: bump trix to v2.1.15
2 parents c78af80 + 598e5d2 commit 74701dc

File tree

1 file changed

+22
-9
lines changed
  • actiontext/app/assets/javascripts

1 file changed

+22
-9
lines changed

actiontext/app/assets/javascripts/trix.js

Lines changed: 22 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
1+
// [email protected] downloaded from https://unpkg.com/[email protected]/dist/trix.umd.js
2+
13
/*
2-
Trix 2.1.14
4+
Trix 2.1.15
35
Copyright © 2025 37signals, LLC
46
*/
57
(function (global, factory) {
@@ -9,7 +11,7 @@ Copyright © 2025 37signals, LLC
911
})(this, (function () { 'use strict';
1012

1113
var name = "trix";
12-
var version = "2.1.14";
14+
var version = "2.1.15";
1315
var description = "A rich text editor for everyday writing";
1416
var main = "dist/trix.umd.min.js";
1517
var module = "dist/trix.esm.min.js";
@@ -3091,8 +3093,8 @@ $\
30913093
const DEFAULT_FORBIDDEN_PROTOCOLS = "javascript:".split(" ");
30923094
const DEFAULT_FORBIDDEN_ELEMENTS = "script iframe form noscript".split(" ");
30933095
class HTMLSanitizer extends BasicObject {
3094-
static setHTML(element, html) {
3095-
const sanitizedElement = new this(html).sanitize();
3096+
static setHTML(element, html, options) {
3097+
const sanitizedElement = new this(html, options).sanitize();
30963098
const sanitizedHtml = sanitizedElement.getHTML ? sanitizedElement.getHTML() : sanitizedElement.outerHTML;
30973099
element.innerHTML = sanitizedHtml;
30983100
}
@@ -3105,18 +3107,21 @@ $\
31053107
let {
31063108
allowedAttributes,
31073109
forbiddenProtocols,
3108-
forbiddenElements
3110+
forbiddenElements,
3111+
purifyOptions
31093112
} = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
31103113
super(...arguments);
31113114
this.allowedAttributes = allowedAttributes || DEFAULT_ALLOWED_ATTRIBUTES;
31123115
this.forbiddenProtocols = forbiddenProtocols || DEFAULT_FORBIDDEN_PROTOCOLS;
31133116
this.forbiddenElements = forbiddenElements || DEFAULT_FORBIDDEN_ELEMENTS;
3117+
this.purifyOptions = purifyOptions || {};
31143118
this.body = createBodyElementForHTML(html);
31153119
}
31163120
sanitize() {
31173121
this.sanitizeElements();
31183122
this.normalizeListElementNesting();
3119-
purify.setConfig(dompurify);
3123+
const purifyConfig = Object.assign({}, dompurify, this.purifyOptions);
3124+
purify.setConfig(purifyConfig);
31203125
this.body = purify.sanitize(this.body);
31213126
return this.body;
31223127
}
@@ -8369,11 +8374,13 @@ $\
83698374
}
83708375
constructor(html) {
83718376
let {
8372-
referenceElement
8377+
referenceElement,
8378+
purifyOptions
83738379
} = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
83748380
super(...arguments);
83758381
this.html = html;
83768382
this.referenceElement = referenceElement;
8383+
this.purifyOptions = purifyOptions;
83778384
this.blocks = [];
83788385
this.blockElements = [];
83798386
this.processedElements = [];
@@ -8387,7 +8394,9 @@ $\
83878394
parse() {
83888395
try {
83898396
this.createHiddenContainer();
8390-
HTMLSanitizer.setHTML(this.containerElement, this.html);
8397+
HTMLSanitizer.setHTML(this.containerElement, this.html, {
8398+
purifyOptions: this.purifyOptions
8399+
});
83918400
const walker = walkTree(this.containerElement, {
83928401
usingFilter: nodeFilter
83938402
});
@@ -9067,7 +9076,11 @@ $\
90679076
}
90689077
}
90699078
insertHTML(html) {
9070-
const document = HTMLParser.parse(html).getDocument();
9079+
const document = HTMLParser.parse(html, {
9080+
purifyOptions: {
9081+
SAFE_FOR_XML: true
9082+
}
9083+
}).getDocument();
90719084
const selectedRange = this.getSelectedRange();
90729085
this.setDocument(this.document.mergeDocumentAtRange(document, selectedRange));
90739086
const startPosition = selectedRange[0];

0 commit comments

Comments
 (0)