Skip to content

Commit e3cf592

Browse files
intripintrip
authored
Update vendored Trix version to 2.1.12 (rails#54099)
1 parent 5ee1542 commit e3cf592

File tree

2 files changed

+348
-267
lines changed

2 files changed

+348
-267
lines changed

actiontext/app/assets/javascripts/trix.js

Lines changed: 39 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
Trix 2.1.10
2+
Trix 2.1.12
33
Copyright © 2024 37signals, LLC
44
*/
55
(function (global, factory) {
@@ -9,7 +9,7 @@ Copyright © 2024 37signals, LLC
99
})(this, (function () { 'use strict';
1010

1111
var name = "trix";
12-
var version = "2.1.10";
12+
var version = "2.1.12";
1313
var description = "A rich text editor for everyday writing";
1414
var main = "dist/trix.umd.min.js";
1515
var module = "dist/trix.esm.min.js";
@@ -44,27 +44,28 @@ Copyright © 2024 37signals, LLC
4444
"@rollup/plugin-node-resolve": "^13.3.0",
4545
"@web/dev-server": "^0.1.34",
4646
"babel-eslint": "^10.1.0",
47+
chokidar: "^4.0.2",
4748
concurrently: "^7.4.0",
4849
eslint: "^7.32.0",
4950
esm: "^3.2.25",
5051
karma: "6.4.1",
5152
"karma-chrome-launcher": "3.2.0",
5253
"karma-qunit": "^4.1.2",
5354
"karma-sauce-launcher": "^4.3.6",
54-
"node-sass": "^7.0.1",
5555
qunit: "2.19.1",
5656
rangy: "^1.3.0",
5757
rollup: "^2.56.3",
5858
"rollup-plugin-includepaths": "^0.2.4",
5959
"rollup-plugin-terser": "^7.0.2",
60+
sass: "^1.83.0",
6061
svgo: "^2.8.0",
6162
webdriverio: "^7.19.5"
6263
};
6364
var resolutions = {
6465
webdriverio: "^7.19.5"
6566
};
6667
var scripts = {
67-
"build-css": "node-sass --functions=./assets/trix/stylesheets/functions assets/trix.scss dist/trix.css",
68+
"build-css": "bin/sass-build assets/trix.scss dist/trix.css",
6869
"build-js": "rollup -c",
6970
"build-assets": "cp -f assets/*.html dist/",
7071
build: "yarn run build-js && yarn run build-css && yarn run build-assets",
@@ -209,6 +210,12 @@ Copyright © 2024 37signals, LLC
209210
attachmentGallery: "attachment-gallery"
210211
};
211212

213+
var dompurify = {
214+
ADD_ATTR: ["language"],
215+
SAFE_FOR_XML: false,
216+
RETURN_DOM: true
217+
};
218+
212219
var lang$1 = {
213220
attachFiles: "Attach Files",
214221
bold: "Bold",
@@ -631,7 +638,7 @@ Copyright © 2024 37signals, LLC
631638

632639
var toolbar = {
633640
getDefaultHTML() {
634-
return "<div class=\"trix-button-row\">\n <span class=\"trix-button-group trix-button-group--text-tools\" data-trix-button-group=\"text-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-bold\" data-trix-attribute=\"bold\" data-trix-key=\"b\" title=\"".concat(lang$1.bold, "\" tabindex=\"-1\">").concat(lang$1.bold, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-italic\" data-trix-attribute=\"italic\" data-trix-key=\"i\" title=\"").concat(lang$1.italic, "\" tabindex=\"-1\">").concat(lang$1.italic, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-strike\" data-trix-attribute=\"strike\" title=\"").concat(lang$1.strike, "\" tabindex=\"-1\">").concat(lang$1.strike, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-link\" data-trix-attribute=\"href\" data-trix-action=\"link\" data-trix-key=\"k\" title=\"").concat(lang$1.link, "\" tabindex=\"-1\">").concat(lang$1.link, "</button>\n </span>\n\n <span class=\"trix-button-group trix-button-group--block-tools\" data-trix-button-group=\"block-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-heading-1\" data-trix-attribute=\"heading1\" title=\"").concat(lang$1.heading1, "\" tabindex=\"-1\">").concat(lang$1.heading1, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-quote\" data-trix-attribute=\"quote\" title=\"").concat(lang$1.quote, "\" tabindex=\"-1\">").concat(lang$1.quote, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-code\" data-trix-attribute=\"code\" title=\"").concat(lang$1.code, "\" tabindex=\"-1\">").concat(lang$1.code, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-bullet-list\" data-trix-attribute=\"bullet\" title=\"").concat(lang$1.bullets, "\" tabindex=\"-1\">").concat(lang$1.bullets, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-number-list\" data-trix-attribute=\"number\" title=\"").concat(lang$1.numbers, "\" tabindex=\"-1\">").concat(lang$1.numbers, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-decrease-nesting-level\" data-trix-action=\"decreaseNestingLevel\" title=\"").concat(lang$1.outdent, "\" tabindex=\"-1\">").concat(lang$1.outdent, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-increase-nesting-level\" data-trix-action=\"increaseNestingLevel\" title=\"").concat(lang$1.indent, "\" tabindex=\"-1\">").concat(lang$1.indent, "</button>\n </span>\n\n <span class=\"trix-button-group trix-button-group--file-tools\" data-trix-button-group=\"file-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-attach\" data-trix-action=\"attachFiles\" title=\"").concat(lang$1.attachFiles, "\" tabindex=\"-1\">").concat(lang$1.attachFiles, "</button>\n </span>\n\n <span class=\"trix-button-group-spacer\"></span>\n\n <span class=\"trix-button-group trix-button-group--history-tools\" data-trix-button-group=\"history-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-undo\" data-trix-action=\"undo\" data-trix-key=\"z\" title=\"").concat(lang$1.undo, "\" tabindex=\"-1\">").concat(lang$1.undo, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-redo\" data-trix-action=\"redo\" data-trix-key=\"shift+z\" title=\"").concat(lang$1.redo, "\" tabindex=\"-1\">").concat(lang$1.redo, "</button>\n </span>\n </div>\n\n <div class=\"trix-dialogs\" data-trix-dialogs>\n <div class=\"trix-dialog trix-dialog--link\" data-trix-dialog=\"href\" data-trix-dialog-attribute=\"href\">\n <div class=\"trix-dialog__link-fields\">\n <input type=\"url\" name=\"href\" class=\"trix-input trix-input--dialog\" placeholder=\"").concat(lang$1.urlPlaceholder, "\" aria-label=\"").concat(lang$1.url, "\" required data-trix-input>\n <div class=\"trix-button-group\">\n <input type=\"button\" class=\"trix-button trix-button--dialog\" value=\"").concat(lang$1.link, "\" data-trix-method=\"setAttribute\">\n <input type=\"button\" class=\"trix-button trix-button--dialog\" value=\"").concat(lang$1.unlink, "\" data-trix-method=\"removeAttribute\">\n </div>\n </div>\n </div>\n </div>");
641+
return "<div class=\"trix-button-row\">\n <span class=\"trix-button-group trix-button-group--text-tools\" data-trix-button-group=\"text-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-bold\" data-trix-attribute=\"bold\" data-trix-key=\"b\" title=\"".concat(lang$1.bold, "\" tabindex=\"-1\">").concat(lang$1.bold, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-italic\" data-trix-attribute=\"italic\" data-trix-key=\"i\" title=\"").concat(lang$1.italic, "\" tabindex=\"-1\">").concat(lang$1.italic, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-strike\" data-trix-attribute=\"strike\" title=\"").concat(lang$1.strike, "\" tabindex=\"-1\">").concat(lang$1.strike, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-link\" data-trix-attribute=\"href\" data-trix-action=\"link\" data-trix-key=\"k\" title=\"").concat(lang$1.link, "\" tabindex=\"-1\">").concat(lang$1.link, "</button>\n </span>\n\n <span class=\"trix-button-group trix-button-group--block-tools\" data-trix-button-group=\"block-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-heading-1\" data-trix-attribute=\"heading1\" title=\"").concat(lang$1.heading1, "\" tabindex=\"-1\">").concat(lang$1.heading1, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-quote\" data-trix-attribute=\"quote\" title=\"").concat(lang$1.quote, "\" tabindex=\"-1\">").concat(lang$1.quote, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-code\" data-trix-attribute=\"code\" title=\"").concat(lang$1.code, "\" tabindex=\"-1\">").concat(lang$1.code, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-bullet-list\" data-trix-attribute=\"bullet\" title=\"").concat(lang$1.bullets, "\" tabindex=\"-1\">").concat(lang$1.bullets, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-number-list\" data-trix-attribute=\"number\" title=\"").concat(lang$1.numbers, "\" tabindex=\"-1\">").concat(lang$1.numbers, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-decrease-nesting-level\" data-trix-action=\"decreaseNestingLevel\" title=\"").concat(lang$1.outdent, "\" tabindex=\"-1\">").concat(lang$1.outdent, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-increase-nesting-level\" data-trix-action=\"increaseNestingLevel\" title=\"").concat(lang$1.indent, "\" tabindex=\"-1\">").concat(lang$1.indent, "</button>\n </span>\n\n <span class=\"trix-button-group trix-button-group--file-tools\" data-trix-button-group=\"file-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-attach\" data-trix-action=\"attachFiles\" title=\"").concat(lang$1.attachFiles, "\" tabindex=\"-1\">").concat(lang$1.attachFiles, "</button>\n </span>\n\n <span class=\"trix-button-group-spacer\"></span>\n\n <span class=\"trix-button-group trix-button-group--history-tools\" data-trix-button-group=\"history-tools\">\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-undo\" data-trix-action=\"undo\" data-trix-key=\"z\" title=\"").concat(lang$1.undo, "\" tabindex=\"-1\">").concat(lang$1.undo, "</button>\n <button type=\"button\" class=\"trix-button trix-button--icon trix-button--icon-redo\" data-trix-action=\"redo\" data-trix-key=\"shift+z\" title=\"").concat(lang$1.redo, "\" tabindex=\"-1\">").concat(lang$1.redo, "</button>\n </span>\n </div>\n\n <div class=\"trix-dialogs\" data-trix-dialogs>\n <div class=\"trix-dialog trix-dialog--link\" data-trix-dialog=\"href\" data-trix-dialog-attribute=\"href\">\n <div class=\"trix-dialog__link-fields\">\n <input type=\"url\" name=\"href\" class=\"trix-input trix-input--dialog\" placeholder=\"").concat(lang$1.urlPlaceholder, "\" aria-label=\"").concat(lang$1.url, "\" data-trix-validate-href required data-trix-input>\n <div class=\"trix-button-group\">\n <input type=\"button\" class=\"trix-button trix-button--dialog\" value=\"").concat(lang$1.link, "\" data-trix-method=\"setAttribute\">\n <input type=\"button\" class=\"trix-button trix-button--dialog\" value=\"").concat(lang$1.unlink, "\" data-trix-method=\"removeAttribute\">\n </div>\n </div>\n </div>\n </div>");
635642
}
636643
};
637644

@@ -645,6 +652,7 @@ Copyright © 2024 37signals, LLC
645652
blockAttributes: attributes,
646653
browser: browser$1,
647654
css: css$3,
655+
dompurify: dompurify,
648656
fileSize: file_size_formatting,
649657
input: input,
650658
keyNames: key_names,
@@ -3064,6 +3072,12 @@ $\
30643072
}
30653073
var purify = createDOMPurify();
30663074

3075+
purify.addHook("uponSanitizeAttribute", function (node, data) {
3076+
const allowedAttributePattern = /^data-trix-/;
3077+
if (allowedAttributePattern.test(data.attrName)) {
3078+
data.forceKeepAttr = true;
3079+
}
3080+
});
30673081
const DEFAULT_ALLOWED_ATTRIBUTES = "style href src width height language class".split(" ");
30683082
const DEFAULT_FORBIDDEN_PROTOCOLS = "javascript:".split(" ");
30693083
const DEFAULT_FORBIDDEN_ELEMENTS = "script iframe form noscript".split(" ");
@@ -3093,10 +3107,9 @@ $\
30933107
sanitize() {
30943108
this.sanitizeElements();
30953109
this.normalizeListElementNesting();
3096-
return purify.sanitize(this.body, {
3097-
ADD_ATTR: ["language"],
3098-
RETURN_DOM: true
3099-
});
3110+
purify.setConfig(dompurify);
3111+
this.body = purify.sanitize(this.body);
3112+
return this.body;
31003113
}
31013114
getHTML() {
31023115
return this.body.innerHTML;
@@ -12626,16 +12639,26 @@ $\
1262612639
return (_this$delegate6 = this.delegate) === null || _this$delegate6 === void 0 ? void 0 : _this$delegate6.toolbarDidShowDialog(dialogName);
1262712640
}
1262812641
setAttribute(dialogElement) {
12642+
var _this$delegate7;
1262912643
const attributeName = getAttributeName(dialogElement);
1263012644
const input = getInputForDialog(dialogElement, attributeName);
12631-
if (input.willValidate && !input.checkValidity()) {
12632-
input.setAttribute("data-trix-validate", "");
12633-
input.classList.add("trix-validate");
12634-
return input.focus();
12645+
if (input.willValidate) {
12646+
input.setCustomValidity("");
12647+
if (!input.checkValidity() || !this.isSafeAttribute(input)) {
12648+
input.setCustomValidity("Invalid value");
12649+
input.setAttribute("data-trix-validate", "");
12650+
input.classList.add("trix-validate");
12651+
return input.focus();
12652+
}
12653+
}
12654+
(_this$delegate7 = this.delegate) === null || _this$delegate7 === void 0 || _this$delegate7.toolbarDidUpdateAttribute(attributeName, input.value);
12655+
return this.hideDialog();
12656+
}
12657+
isSafeAttribute(input) {
12658+
if (input.hasAttribute("data-trix-validate-href")) {
12659+
return purify.isValidAttribute("a", "href", input.value);
1263512660
} else {
12636-
var _this$delegate7;
12637-
(_this$delegate7 = this.delegate) === null || _this$delegate7 === void 0 || _this$delegate7.toolbarDidUpdateAttribute(attributeName, input.value);
12638-
return this.hideDialog();
12661+
return true;
1263912662
}
1264012663
}
1264112664
removeAttribute(dialogElement) {

0 commit comments

Comments
 (0)