Isiah Meadows
GitHub
parent
d629c7aef8
commit
ddc8adbbd3
3 changed files with 71 additions and 16 deletions
|
|
@ -100,6 +100,7 @@
|
|||
- render: fix internal error when `onbeforeupdate` returns false and then true with new child tree ([#2447](https://github.com/MithrilJS/mithril.js/pull/2447) [@isiahmeadows](https://github.com/isiahmeadows))
|
||||
- route: arbitrary prefixes are properly supported now, including odd prefixes like `?#` and invalid prefixes like `#foo#bar` ([#2448](https://github.com/MithrilJS/mithril.js/pull/2448) [@isiahmeadows](https://github.com/isiahmeadows))
|
||||
- request: correct IE workaround for response type non-support ([#2449](https://github.com/MithrilJS/mithril.js/pull/2449) [@isiahmeadows](https://github.com/isiahmeadows))
|
||||
- render: correct `contenteditable` check to also check for `contentEditable` property name ([#2450](https://github.com/MithrilJS/mithril.js/pull/2450) [@isiahmeadows](https://github.com/isiahmeadows))
|
||||
|
||||
---
|
||||
|
||||
|
|
|
|||
|
|
@ -123,10 +123,7 @@ module.exports = function($window) {
|
|||
|
||||
insertNode(parent, element, nextSibling)
|
||||
|
||||
if (attrs != null && attrs.contenteditable != null) {
|
||||
setContentEditable(vnode)
|
||||
}
|
||||
else {
|
||||
if (!maybeSetContentEditable(vnode)) {
|
||||
if (vnode.text != null) {
|
||||
if (vnode.text !== "") element.textContent = vnode.text
|
||||
else vnode.children = [Vnode("#", undefined, undefined, vnode.text, undefined, undefined)]
|
||||
|
|
@ -496,16 +493,15 @@ module.exports = function($window) {
|
|||
}
|
||||
}
|
||||
updateAttrs(vnode, old.attrs, vnode.attrs, ns)
|
||||
if (vnode.attrs != null && vnode.attrs.contenteditable != null) {
|
||||
setContentEditable(vnode)
|
||||
}
|
||||
else if (old.text != null && vnode.text != null && vnode.text !== "") {
|
||||
if (old.text.toString() !== vnode.text.toString()) old.dom.firstChild.nodeValue = vnode.text
|
||||
}
|
||||
else {
|
||||
if (old.text != null) old.children = [Vnode("#", undefined, undefined, old.text, undefined, old.dom.firstChild)]
|
||||
if (vnode.text != null) vnode.children = [Vnode("#", undefined, undefined, vnode.text, undefined, undefined)]
|
||||
updateNodes(element, old.children, vnode.children, hooks, null, ns)
|
||||
if (!maybeSetContentEditable(vnode)) {
|
||||
if (old.text != null && vnode.text != null && vnode.text !== "") {
|
||||
if (old.text.toString() !== vnode.text.toString()) old.dom.firstChild.nodeValue = vnode.text
|
||||
}
|
||||
else {
|
||||
if (old.text != null) old.children = [Vnode("#", undefined, undefined, old.text, undefined, old.dom.firstChild)]
|
||||
if (vnode.text != null) vnode.children = [Vnode("#", undefined, undefined, vnode.text, undefined, undefined)]
|
||||
updateNodes(element, old.children, vnode.children, hooks, null, ns)
|
||||
}
|
||||
}
|
||||
}
|
||||
function updateComponent(parent, old, vnode, hooks, nextSibling, ns) {
|
||||
|
|
@ -613,7 +609,11 @@ module.exports = function($window) {
|
|||
else parent.appendChild(dom)
|
||||
}
|
||||
|
||||
function setContentEditable(vnode) {
|
||||
function maybeSetContentEditable(vnode) {
|
||||
if (vnode.attrs == null || (
|
||||
vnode.attrs.contenteditable == null && // attribute
|
||||
vnode.attrs.contentEditable == null // property
|
||||
)) return
|
||||
var children = vnode.children
|
||||
if (children != null && children.length === 1 && children[0].tag === "<") {
|
||||
var content = children[0].children
|
||||
|
|
|
|||
|
|
@ -648,7 +648,7 @@ o.spec("attributes", function() {
|
|||
o(d.dom.value).equals("2")
|
||||
})
|
||||
})
|
||||
o.spec("contenteditable throws on untrusted children", function() {
|
||||
o.spec("contenteditable attr throws on untrusted children", function() {
|
||||
o("including text nodes", function() {
|
||||
var div = {tag: "div", attrs: {contenteditable: true}, text: ""}
|
||||
var succeeded = false
|
||||
|
|
@ -699,6 +699,60 @@ o.spec("attributes", function() {
|
|||
}
|
||||
catch(e){/* ignore */}
|
||||
|
||||
o(succeeded).equals(true)
|
||||
})
|
||||
})
|
||||
o.spec("contentEditable prop throws on untrusted children", function() {
|
||||
o("including text nodes", function() {
|
||||
var div = {tag: "div", attrs: {contentEditable: true}, text: ""}
|
||||
var succeeded = false
|
||||
|
||||
try {
|
||||
render(root, div)
|
||||
|
||||
succeeded = true
|
||||
}
|
||||
catch(e){/* ignore */}
|
||||
|
||||
o(succeeded).equals(false)
|
||||
})
|
||||
o("including elements", function() {
|
||||
var div = {tag: "div", attrs: {contentEditable: true}, children: [{tag: "script", attrs: {src: "http://evil.com"}}]}
|
||||
var succeeded = false
|
||||
|
||||
try {
|
||||
render(root, div)
|
||||
|
||||
succeeded = true
|
||||
}
|
||||
catch(e){/* ignore */}
|
||||
|
||||
o(succeeded).equals(false)
|
||||
})
|
||||
o("tolerating empty children", function() {
|
||||
var div = {tag: "div", attrs: {contentEditable: true}, children: []}
|
||||
var succeeded = false
|
||||
|
||||
try {
|
||||
render(root, div)
|
||||
|
||||
succeeded = true
|
||||
}
|
||||
catch(e){/* ignore */}
|
||||
|
||||
o(succeeded).equals(true)
|
||||
})
|
||||
o("tolerating trusted content", function() {
|
||||
var div = {tag: "div", attrs: {contentEditable: true}, children: [{tag: "<", children: "<a></a>"}]}
|
||||
var succeeded = false
|
||||
|
||||
try {
|
||||
render(root, div)
|
||||
|
||||
succeeded = true
|
||||
}
|
||||
catch(e){/* ignore */}
|
||||
|
||||
o(succeeded).equals(true)
|
||||
})
|
||||
})
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue