From 9bce51f651aad297ef9eb6df832bfdaf1de05d84 Mon Sep 17 00:00:00 2001
From: WXL <wl_5969728@163.com>
Date: 星期三, 22 四月 2026 14:27:54 +0800
Subject: [PATCH] 青岛推送
---
node_modules/@intlify/core-base/dist/core-base.global.js | 71 +++++++----------------------------
1 files changed, 14 insertions(+), 57 deletions(-)
diff --git a/node_modules/@intlify/core-base/dist/core-base.global.js b/node_modules/@intlify/core-base/dist/core-base.global.js
index 93f9ac8..c70771f 100644
--- a/node_modules/@intlify/core-base/dist/core-base.global.js
+++ b/node_modules/@intlify/core-base/dist/core-base.global.js
@@ -1,20 +1,10 @@
/*!
- * core-base v9.14.5
+ * core-base v9.14.4
* (c) 2025 kazuya kawaguchi
* Released under the MIT License.
*/
var IntlifyCoreBase = (function (exports) {
'use strict';
-
- function warn(msg, err) {
- if (typeof console !== 'undefined') {
- console.warn(`[intlify] ` + msg);
- /* istanbul ignore if */
- if (err) {
- console.warn(err.stack);
- }
- }
- }
/**
* Original Utilities
@@ -68,49 +58,10 @@
const create = (obj = null) => _create(obj);
function escapeHtml(rawText) {
return rawText
- .replace(/&/g, '&') // escape `&` first to avoid double escaping
.replace(/</g, '<')
.replace(/>/g, '>')
.replace(/"/g, '"')
- .replace(/'/g, ''')
- .replace(/\//g, '/') // escape `/` to prevent closing tags or JavaScript URLs
- .replace(/=/g, '='); // escape `=` to prevent attribute injection
- }
- function escapeAttributeValue(value) {
- return value
- .replace(/&(?![a-zA-Z0-9#]{2,6};)/g, '&') // escape unescaped `&`
- .replace(/"/g, '"')
- .replace(/'/g, ''')
- .replace(/</g, '<')
- .replace(/>/g, '>');
- }
- function sanitizeTranslatedHtml(html) {
- // Escape dangerous characters in attribute values
- // Process attributes with double quotes
- html = html.replace(/(\w+)\s*=\s*"([^"]*)"/g, (_, attrName, attrValue) => `${attrName}="${escapeAttributeValue(attrValue)}"`);
- // Process attributes with single quotes
- html = html.replace(/(\w+)\s*=\s*'([^']*)'/g, (_, attrName, attrValue) => `${attrName}='${escapeAttributeValue(attrValue)}'`);
- // Detect and neutralize event handler attributes
- const eventHandlerPattern = /\s*on\w+\s*=\s*["']?[^"'>]+["']?/gi;
- if (eventHandlerPattern.test(html)) {
- {
- warn('Potentially dangerous event handlers detected in translation. ' +
- 'Consider removing onclick, onerror, etc. from your translation messages.');
- }
- // Neutralize event handler attributes by escaping 'on'
- html = html.replace(/(\s+)(on)(\w+\s*=)/gi, '$1on$3');
- }
- // Disable javascript: URLs in various contexts
- const javascriptUrlPattern = [
- // In href, src, action, formaction attributes
- /(\s+(?:href|src|action|formaction)\s*=\s*["']?)\s*javascript:/gi,
- // In style attributes within url()
- /(style\s*=\s*["'][^"']*url\s*\(\s*)javascript:/gi
- ];
- javascriptUrlPattern.forEach(pattern => {
- html = html.replace(pattern, '$1javascript:');
- });
- return html;
+ .replace(/'/g, ''');
}
const hasOwnProperty = Object.prototype.hasOwnProperty;
function hasOwn(obj, key) {
@@ -189,6 +140,16 @@
function incrementer(code) {
let current = code;
return () => ++current;
+ }
+
+ function warn(msg, err) {
+ if (typeof console !== 'undefined') {
+ console.warn(`[intlify] ` + msg);
+ /* istanbul ignore if */
+ if (err) {
+ console.warn(err.stack);
+ }
+ }
}
function createPosition(line, column, offset) {
@@ -2491,7 +2452,7 @@
* Intlify core-base version
* @internal
*/
- const VERSION = '9.14.5';
+ const VERSION = '9.14.4';
const NOT_REOSLVED = -1;
const DEFAULT_LOCALE = 'en-US';
const MISSING_RESOLVE_VALUE = '';
@@ -3021,13 +2982,9 @@
const msgContext = createMessageContext(ctxOptions);
const messaged = evaluateMessage(context, msg, msgContext);
// if use post translation option, proceed it with handler
- let ret = postTranslation
+ const ret = postTranslation
? postTranslation(messaged, key)
: messaged;
- // apply HTML sanitization for security
- if (escapeParameter && isString(ret)) {
- ret = sanitizeTranslatedHtml(ret);
- }
// NOTE: experimental !!
{
// prettier-ignore
--
Gitblit v1.9.3