From 3bd962a6d7f61239c020e2dbbeb7341e5b842dd1 Mon Sep 17 00:00:00 2001
From: WXL <wl_5969728@163.com>
Date: 星期二, 21 四月 2026 11:46:41 +0800
Subject: [PATCH] 推送
---
node_modules/@intlify/shared/dist/shared.esm-browser.js | 79 ++++++++++-----------------------------
1 files changed, 20 insertions(+), 59 deletions(-)
diff --git a/node_modules/@intlify/shared/dist/shared.esm-browser.js b/node_modules/@intlify/shared/dist/shared.esm-browser.js
index 38120d4..4c030e6 100644
--- a/node_modules/@intlify/shared/dist/shared.esm-browser.js
+++ b/node_modules/@intlify/shared/dist/shared.esm-browser.js
@@ -1,25 +1,8 @@
/*!
- * shared v9.14.5
+ * shared v9.14.4
* (c) 2025 kazuya kawaguchi
* Released under the MIT License.
*/
-function warn(msg, err) {
- if (typeof console !== 'undefined') {
- console.warn(`[intlify] ` + msg);
- /* istanbul ignore if */
- if (err) {
- console.warn(err.stack);
- }
- }
-}
-const hasWarned = {};
-function warnOnce(msg) {
- if (!hasWarned[msg]) {
- hasWarned[msg] = true;
- warn(msg);
- }
-}
-
/**
* Original Utilities
* written by kazuya kawaguchi
@@ -88,49 +71,10 @@
};
function escapeHtml(rawText) {
return rawText
- .replace(/&/g, '&') // escape `&` first to avoid double escaping
.replace(/</g, '<')
.replace(/>/g, '>')
.replace(/"/g, '"')
- .replace(/'/g, ''')
- .replace(/\//g, '/') // escape `/` to prevent closing tags or JavaScript URLs
- .replace(/=/g, '='); // escape `=` to prevent attribute injection
-}
-function escapeAttributeValue(value) {
- return value
- .replace(/&(?![a-zA-Z0-9#]{2,6};)/g, '&') // escape unescaped `&`
- .replace(/"/g, '"')
- .replace(/'/g, ''')
- .replace(/</g, '<')
- .replace(/>/g, '>');
-}
-function sanitizeTranslatedHtml(html) {
- // Escape dangerous characters in attribute values
- // Process attributes with double quotes
- html = html.replace(/(\w+)\s*=\s*"([^"]*)"/g, (_, attrName, attrValue) => `${attrName}="${escapeAttributeValue(attrValue)}"`);
- // Process attributes with single quotes
- html = html.replace(/(\w+)\s*=\s*'([^']*)'/g, (_, attrName, attrValue) => `${attrName}='${escapeAttributeValue(attrValue)}'`);
- // Detect and neutralize event handler attributes
- const eventHandlerPattern = /\s*on\w+\s*=\s*["']?[^"'>]+["']?/gi;
- if (eventHandlerPattern.test(html)) {
- {
- warn('Potentially dangerous event handlers detected in translation. ' +
- 'Consider removing onclick, onerror, etc. from your translation messages.');
- }
- // Neutralize event handler attributes by escaping 'on'
- html = html.replace(/(\s+)(on)(\w+\s*=)/gi, '$1on$3');
- }
- // Disable javascript: URLs in various contexts
- const javascriptUrlPattern = [
- // In href, src, action, formaction attributes
- /(\s+(?:href|src|action|formaction)\s*=\s*["']?)\s*javascript:/gi,
- // In style attributes within url()
- /(style\s*=\s*["'][^"']*url\s*\(\s*)javascript:/gi
- ];
- javascriptUrlPattern.forEach(pattern => {
- html = html.replace(pattern, '$1javascript:');
- });
- return html;
+ .replace(/'/g, ''');
}
const hasOwnProperty = Object.prototype.hasOwnProperty;
function hasOwn(obj, key) {
@@ -212,6 +156,23 @@
return () => ++current;
}
+function warn(msg, err) {
+ if (typeof console !== 'undefined') {
+ console.warn(`[intlify] ` + msg);
+ /* istanbul ignore if */
+ if (err) {
+ console.warn(err.stack);
+ }
+ }
+}
+const hasWarned = {};
+function warnOnce(msg) {
+ if (!hasWarned[msg]) {
+ hasWarned[msg] = true;
+ warn(msg);
+ }
+}
+
/**
* Event emitter, forked from the below:
* - original repository url: https://github.com/developit/mitt
@@ -287,4 +248,4 @@
}
}
-export { assign, create, createEmitter, deepCopy, escapeHtml, format, friendlyJSONstringify, generateCodeFrame, generateFormatCacheKey, getGlobalThis, hasOwn, inBrowser, incrementer, isArray, isBoolean, isDate, isEmptyObject, isFunction, isNumber, isObject, isPlainObject, isPromise, isRegExp, isString, isSymbol, join, makeSymbol, mark, measure, objectToString, sanitizeTranslatedHtml, toDisplayString, toTypeString, warn, warnOnce };
+export { assign, create, createEmitter, deepCopy, escapeHtml, format, friendlyJSONstringify, generateCodeFrame, generateFormatCacheKey, getGlobalThis, hasOwn, inBrowser, incrementer, isArray, isBoolean, isDate, isEmptyObject, isFunction, isNumber, isObject, isPlainObject, isPromise, isRegExp, isString, isSymbol, join, makeSymbol, mark, measure, objectToString, toDisplayString, toTypeString, warn, warnOnce };
--
Gitblit v1.9.3