Skip to content

Commit e4caa67

Browse files
cure53cure53
committed
see #1022
feature: Added configurability for text & HTML integration points
1 parent 785982c commit e4caa67

File tree

9 files changed

+62
-51
lines changed

9 files changed

+62
-51
lines changed

dist/purify.cjs.js

Lines changed: 10 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.cjs.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.es.mjs

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -521,6 +521,14 @@ function createDOMPurify() {
521521
/* Allowed XHTML+XML namespaces */
522522
let ALLOWED_NAMESPACES = null;
523523
const DEFAULT_ALLOWED_NAMESPACES = addToSet({}, [MATHML_NAMESPACE, SVG_NAMESPACE, HTML_NAMESPACE], stringToString);
524+
let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, ['mi', 'mo', 'mn', 'ms', 'mtext']);
525+
let HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']);
526+
527+
// Certain elements are allowed in both SVG and HTML
528+
// namespace. We need to specify them explicitly
529+
// so that they don't get erroneously deleted from
530+
// HTML namespace.
531+
const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, ['title', 'style', 'font', 'a', 'script']);
524532

525533
/* Parsing of strict XHTML documents */
526534
let PARSER_MEDIA_TYPE = null;
@@ -604,6 +612,8 @@ function createDOMPurify() {
604612
IN_PLACE = cfg.IN_PLACE || false; // Default false
605613
IS_ALLOWED_URI$1 = cfg.ALLOWED_URI_REGEXP || IS_ALLOWED_URI;
606614
NAMESPACE = cfg.NAMESPACE || HTML_NAMESPACE;
615+
MATHML_TEXT_INTEGRATION_POINTS = cfg.MATHML_TEXT_INTEGRATION_POINTS || MATHML_TEXT_INTEGRATION_POINTS;
616+
HTML_INTEGRATION_POINTS = cfg.HTML_INTEGRATION_POINTS || HTML_INTEGRATION_POINTS;
607617
CUSTOM_ELEMENT_HANDLING = cfg.CUSTOM_ELEMENT_HANDLING || {};
608618
if (cfg.CUSTOM_ELEMENT_HANDLING && isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck)) {
609619
CUSTOM_ELEMENT_HANDLING.tagNameCheck = cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck;
@@ -716,14 +726,6 @@ function createDOMPurify() {
716726
}
717727
CONFIG = cfg;
718728
};
719-
const MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, ['mi', 'mo', 'mn', 'ms', 'mtext']);
720-
const HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']);
721-
722-
// Certain elements are allowed in both SVG and HTML
723-
// namespace. We need to specify them explicitly
724-
// so that they don't get erroneously deleted from
725-
// HTML namespace.
726-
const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, ['title', 'style', 'font', 'a', 'script']);
727729

728730
/* Keep track of all possible SVG and MathML tags
729731
* so that we can perform the namespace checks

dist/purify.es.mjs.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.js

Lines changed: 10 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.min.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/purify.min.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/purify.js

Lines changed: 27 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -400,6 +400,28 @@ function createDOMPurify(window = getGlobal()) {
400400
stringToString
401401
);
402402

403+
let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, [
404+
'mi',
405+
'mo',
406+
'mn',
407+
'ms',
408+
'mtext',
409+
]);
410+
411+
let HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']);
412+
413+
// Certain elements are allowed in both SVG and HTML
414+
// namespace. We need to specify them explicitly
415+
// so that they don't get erroneously deleted from
416+
// HTML namespace.
417+
const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, [
418+
'title',
419+
'style',
420+
'font',
421+
'a',
422+
'script',
423+
]);
424+
403425
/* Parsing of strict XHTML documents */
404426
let PARSER_MEDIA_TYPE = null;
405427
const SUPPORTED_PARSER_MEDIA_TYPES = ['application/xhtml+xml', 'text/html'];
@@ -502,6 +524,11 @@ function createDOMPurify(window = getGlobal()) {
502524
IN_PLACE = cfg.IN_PLACE || false; // Default false
503525
IS_ALLOWED_URI = cfg.ALLOWED_URI_REGEXP || EXPRESSIONS.IS_ALLOWED_URI;
504526
NAMESPACE = cfg.NAMESPACE || HTML_NAMESPACE;
527+
MATHML_TEXT_INTEGRATION_POINTS =
528+
cfg.MATHML_TEXT_INTEGRATION_POINTS || MATHML_TEXT_INTEGRATION_POINTS;
529+
HTML_INTEGRATION_POINTS =
530+
cfg.HTML_INTEGRATION_POINTS || HTML_INTEGRATION_POINTS;
531+
505532
CUSTOM_ELEMENT_HANDLING = cfg.CUSTOM_ELEMENT_HANDLING || {};
506533
if (
507534
cfg.CUSTOM_ELEMENT_HANDLING &&
@@ -651,28 +678,6 @@ function createDOMPurify(window = getGlobal()) {
651678
CONFIG = cfg;
652679
};
653680

654-
const MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, [
655-
'mi',
656-
'mo',
657-
'mn',
658-
'ms',
659-
'mtext',
660-
]);
661-
662-
const HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']);
663-
664-
// Certain elements are allowed in both SVG and HTML
665-
// namespace. We need to specify them explicitly
666-
// so that they don't get erroneously deleted from
667-
// HTML namespace.
668-
const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, [
669-
'title',
670-
'style',
671-
'font',
672-
'a',
673-
'script',
674-
]);
675-
676681
/* Keep track of all possible SVG and MathML tags
677682
* so that we can perform the namespace checks
678683
* correctly. */

0 commit comments

Comments
 (0)