From 9bce51f651aad297ef9eb6df832bfdaf1de05d84 Mon Sep 17 00:00:00 2001
From: WXL <wl_5969728@163.com>
Date: 星期三, 22 四月 2026 14:27:54 +0800
Subject: [PATCH] 青岛推送
---
node_modules/@intlify/shared/dist/shared.cjs | 78 +++++++++-----------------------------
1 files changed, 19 insertions(+), 59 deletions(-)
diff --git a/node_modules/@intlify/shared/dist/shared.cjs b/node_modules/@intlify/shared/dist/shared.cjs
index 483d83f..e3ad620 100644
--- a/node_modules/@intlify/shared/dist/shared.cjs
+++ b/node_modules/@intlify/shared/dist/shared.cjs
@@ -1,26 +1,9 @@
/*!
- * shared v9.14.5
+ * shared v9.14.4
* (c) 2025 kazuya kawaguchi
* Released under the MIT License.
*/
'use strict';
-
-function warn(msg, err) {
- if (typeof console !== 'undefined') {
- console.warn(`[intlify] ` + msg);
- /* istanbul ignore if */
- if (err) {
- console.warn(err.stack);
- }
- }
-}
-const hasWarned = {};
-function warnOnce(msg) {
- if (!hasWarned[msg]) {
- hasWarned[msg] = true;
- warn(msg);
- }
-}
/**
* Original Utilities
@@ -90,49 +73,10 @@
};
function escapeHtml(rawText) {
return rawText
- .replace(/&/g, '&') // escape `&` first to avoid double escaping
.replace(/</g, '<')
.replace(/>/g, '>')
.replace(/"/g, '"')
- .replace(/'/g, ''')
- .replace(/\//g, '/') // escape `/` to prevent closing tags or JavaScript URLs
- .replace(/=/g, '='); // escape `=` to prevent attribute injection
-}
-function escapeAttributeValue(value) {
- return value
- .replace(/&(?![a-zA-Z0-9#]{2,6};)/g, '&') // escape unescaped `&`
- .replace(/"/g, '"')
- .replace(/'/g, ''')
- .replace(/</g, '<')
- .replace(/>/g, '>');
-}
-function sanitizeTranslatedHtml(html) {
- // Escape dangerous characters in attribute values
- // Process attributes with double quotes
- html = html.replace(/(\w+)\s*=\s*"([^"]*)"/g, (_, attrName, attrValue) => `${attrName}="${escapeAttributeValue(attrValue)}"`);
- // Process attributes with single quotes
- html = html.replace(/(\w+)\s*=\s*'([^']*)'/g, (_, attrName, attrValue) => `${attrName}='${escapeAttributeValue(attrValue)}'`);
- // Detect and neutralize event handler attributes
- const eventHandlerPattern = /\s*on\w+\s*=\s*["']?[^"'>]+["']?/gi;
- if (eventHandlerPattern.test(html)) {
- {
- warn('Potentially dangerous event handlers detected in translation. ' +
- 'Consider removing onclick, onerror, etc. from your translation messages.');
- }
- // Neutralize event handler attributes by escaping 'on'
- html = html.replace(/(\s+)(on)(\w+\s*=)/gi, '$1on$3');
- }
- // Disable javascript: URLs in various contexts
- const javascriptUrlPattern = [
- // In href, src, action, formaction attributes
- /(\s+(?:href|src|action|formaction)\s*=\s*["']?)\s*javascript:/gi,
- // In style attributes within url()
- /(style\s*=\s*["'][^"']*url\s*\(\s*)javascript:/gi
- ];
- javascriptUrlPattern.forEach(pattern => {
- html = html.replace(pattern, '$1javascript:');
- });
- return html;
+ .replace(/'/g, ''');
}
const hasOwnProperty = Object.prototype.hasOwnProperty;
function hasOwn(obj, key) {
@@ -212,6 +156,23 @@
function incrementer(code) {
let current = code;
return () => ++current;
+}
+
+function warn(msg, err) {
+ if (typeof console !== 'undefined') {
+ console.warn(`[intlify] ` + msg);
+ /* istanbul ignore if */
+ if (err) {
+ console.warn(err.stack);
+ }
+ }
+}
+const hasWarned = {};
+function warnOnce(msg) {
+ if (!hasWarned[msg]) {
+ hasWarned[msg] = true;
+ warn(msg);
+ }
}
/**
@@ -317,7 +278,6 @@
exports.join = join;
exports.makeSymbol = makeSymbol;
exports.objectToString = objectToString;
-exports.sanitizeTranslatedHtml = sanitizeTranslatedHtml;
exports.toDisplayString = toDisplayString;
exports.toTypeString = toTypeString;
exports.warn = warn;
--
Gitblit v1.9.3