diff options
Diffstat (limited to 'xstatic/pkg/bootstrap_scss/data/js/bootstrap')
12 files changed, 298 insertions, 95 deletions
diff --git a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/affix.js b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/affix.js index 7f65168..ad62904 100644 --- a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/affix.js +++ b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/affix.js @@ -1,8 +1,8 @@ /* ======================================================================== - * Bootstrap: affix.js v3.3.7 - * http://getbootstrap.com/javascript/#affix + * Bootstrap: affix.js v3.4.1 + * https://getbootstrap.com/docs/3.4/javascript/#affix * ======================================================================== - * Copyright 2011-2016 Twitter, Inc. + * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== */ @@ -16,7 +16,9 @@ var Affix = function (element, options) { this.options = $.extend({}, Affix.DEFAULTS, options) - this.$target = $(this.options.target) + var target = this.options.target === Affix.DEFAULTS.target ? $(this.options.target) : $(document).find(this.options.target) + + this.$target = target .on('scroll.bs.affix.data-api', $.proxy(this.checkPosition, this)) .on('click.bs.affix.data-api', $.proxy(this.checkPositionWithEventLoop, this)) @@ -28,7 +30,7 @@ this.checkPosition() } - Affix.VERSION = '3.3.7' + Affix.VERSION = '3.4.1' Affix.RESET = 'affix affix-top affix-bottom' diff --git a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/alert.js b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/alert.js index db97f3b..7f9606b 100644 --- a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/alert.js +++ b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/alert.js @@ -1,8 +1,8 @@ /* ======================================================================== - * Bootstrap: alert.js v3.3.7 - * http://getbootstrap.com/javascript/#alerts + * Bootstrap: alert.js v3.4.1 + * https://getbootstrap.com/docs/3.4/javascript/#alerts * ======================================================================== - * Copyright 2011-2016 Twitter, Inc. + * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== */ @@ -18,7 +18,7 @@ $(el).on('click', dismiss, this.close) } - Alert.VERSION = '3.3.7' + Alert.VERSION = '3.4.1' Alert.TRANSITION_DURATION = 150 @@ -31,7 +31,8 @@ selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7 } - var $parent = $(selector === '#' ? [] : selector) + selector = selector === '#' ? [] : selector + var $parent = $(document).find(selector) if (e) e.preventDefault() diff --git a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/button.js b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/button.js index 843b39c..ff4af20 100644 --- a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/button.js +++ b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/button.js @@ -1,8 +1,8 @@ /* ======================================================================== - * Bootstrap: button.js v3.3.7 - * http://getbootstrap.com/javascript/#buttons + * Bootstrap: button.js v3.4.1 + * https://getbootstrap.com/docs/3.4/javascript/#buttons * ======================================================================== - * Copyright 2011-2016 Twitter, Inc. + * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== */ @@ -19,7 +19,7 @@ this.isLoading = false } - Button.VERSION = '3.3.7' + Button.VERSION = '3.4.1' Button.DEFAULTS = { loadingText: 'loading...' diff --git a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/carousel.js b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/carousel.js index 6ff954c..a5fcac3 100644 --- a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/carousel.js +++ b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/carousel.js @@ -1,8 +1,8 @@ /* ======================================================================== - * Bootstrap: carousel.js v3.3.7 - * http://getbootstrap.com/javascript/#carousel + * Bootstrap: carousel.js v3.4.1 + * https://getbootstrap.com/docs/3.4/javascript/#carousel * ======================================================================== - * Copyright 2011-2016 Twitter, Inc. + * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== */ @@ -30,7 +30,7 @@ .on('mouseleave.bs.carousel', $.proxy(this.cycle, this)) } - Carousel.VERSION = '3.3.7' + Carousel.VERSION = '3.4.1' Carousel.TRANSITION_DURATION = 600 @@ -144,7 +144,9 @@ var slidEvent = $.Event('slid.bs.carousel', { relatedTarget: relatedTarget, direction: direction }) // yes, "slid" if ($.support.transition && this.$element.hasClass('slide')) { $next.addClass(type) - $next[0].offsetWidth // force reflow + if (typeof $next === 'object' && $next.length) { + $next[0].offsetWidth // force reflow + } $active.addClass(direction) $next.addClass(direction) $active @@ -206,10 +208,17 @@ // ================= var clickHandler = function (e) { - var href var $this = $(this) - var $target = $($this.attr('data-target') || (href = $this.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '')) // strip for ie7 + var href = $this.attr('href') + if (href) { + href = href.replace(/.*(?=#[^\s]+$)/, '') // strip for ie7 + } + + var target = $this.attr('data-target') || href + var $target = $(document).find(target) + if (!$target.hasClass('carousel')) return + var options = $.extend({}, $target.data(), $this.data()) var slideIndex = $this.attr('data-slide-to') if (slideIndex) options.interval = false diff --git a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/collapse.js b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/collapse.js index 1203869..2cd5997 100644 --- a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/collapse.js +++ b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/collapse.js @@ -1,8 +1,8 @@ /* ======================================================================== - * Bootstrap: collapse.js v3.3.7 - * http://getbootstrap.com/javascript/#collapse + * Bootstrap: collapse.js v3.4.1 + * https://getbootstrap.com/docs/3.4/javascript/#collapse * ======================================================================== - * Copyright 2011-2016 Twitter, Inc. + * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== */ @@ -30,7 +30,7 @@ if (this.options.toggle) this.toggle() } - Collapse.VERSION = '3.3.7' + Collapse.VERSION = '3.4.1' Collapse.TRANSITION_DURATION = 350 @@ -137,7 +137,7 @@ } Collapse.prototype.getParent = function () { - return $(this.options.parent) + return $(document).find(this.options.parent) .find('[data-toggle="collapse"][data-parent="' + this.options.parent + '"]') .each($.proxy(function (i, element) { var $element = $(element) @@ -160,7 +160,7 @@ var target = $trigger.attr('data-target') || (href = $trigger.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '') // strip for ie7 - return $(target) + return $(document).find(target) } diff --git a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/dropdown.js b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/dropdown.js index 04e9c2d..4ded850 100644 --- a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/dropdown.js +++ b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/dropdown.js @@ -1,8 +1,8 @@ /* ======================================================================== - * Bootstrap: dropdown.js v3.3.7 - * http://getbootstrap.com/javascript/#dropdowns + * Bootstrap: dropdown.js v3.4.1 + * https://getbootstrap.com/docs/3.4/javascript/#dropdowns * ======================================================================== - * Copyright 2011-2016 Twitter, Inc. + * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== */ @@ -19,7 +19,7 @@ $(element).on('click.bs.dropdown', this.toggle) } - Dropdown.VERSION = '3.3.7' + Dropdown.VERSION = '3.4.1' function getParent($this) { var selector = $this.attr('data-target') @@ -29,7 +29,7 @@ selector = selector && /#[A-Za-z]/.test(selector) && selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7 } - var $parent = selector && $(selector) + var $parent = selector !== '#' ? $(document).find(selector) : null return $parent && $parent.length ? $parent : $this.parent() } diff --git a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/modal.js b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/modal.js index f84142d..b9eca49 100644 --- a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/modal.js +++ b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/modal.js @@ -1,8 +1,8 @@ /* ======================================================================== - * Bootstrap: modal.js v3.3.7 - * http://getbootstrap.com/javascript/#modals + * Bootstrap: modal.js v3.4.1 + * https://getbootstrap.com/docs/3.4/javascript/#modals * ======================================================================== - * Copyright 2011-2016 Twitter, Inc. + * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== */ @@ -14,15 +14,16 @@ // ====================== var Modal = function (element, options) { - this.options = options - this.$body = $(document.body) - this.$element = $(element) - this.$dialog = this.$element.find('.modal-dialog') - this.$backdrop = null - this.isShown = null - this.originalBodyPad = null - this.scrollbarWidth = 0 + this.options = options + this.$body = $(document.body) + this.$element = $(element) + this.$dialog = this.$element.find('.modal-dialog') + this.$backdrop = null + this.isShown = null + this.originalBodyPad = null + this.scrollbarWidth = 0 this.ignoreBackdropClick = false + this.fixedContent = '.navbar-fixed-top, .navbar-fixed-bottom' if (this.options.remote) { this.$element @@ -33,7 +34,7 @@ } } - Modal.VERSION = '3.3.7' + Modal.VERSION = '3.4.1' Modal.TRANSITION_DURATION = 300 Modal.BACKDROP_TRANSITION_DURATION = 150 @@ -50,7 +51,7 @@ Modal.prototype.show = function (_relatedTarget) { var that = this - var e = $.Event('show.bs.modal', { relatedTarget: _relatedTarget }) + var e = $.Event('show.bs.modal', { relatedTarget: _relatedTarget }) this.$element.trigger(e) @@ -141,8 +142,8 @@ .off('focusin.bs.modal') // guard against infinite focus loop .on('focusin.bs.modal', $.proxy(function (e) { if (document !== e.target && - this.$element[0] !== e.target && - !this.$element.has(e.target).length) { + this.$element[0] !== e.target && + !this.$element.has(e.target).length) { this.$element.trigger('focus') } }, this)) @@ -244,7 +245,7 @@ var modalIsOverflowing = this.$element[0].scrollHeight > document.documentElement.clientHeight this.$element.css({ - paddingLeft: !this.bodyIsOverflowing && modalIsOverflowing ? this.scrollbarWidth : '', + paddingLeft: !this.bodyIsOverflowing && modalIsOverflowing ? this.scrollbarWidth : '', paddingRight: this.bodyIsOverflowing && !modalIsOverflowing ? this.scrollbarWidth : '' }) } @@ -269,11 +270,26 @@ Modal.prototype.setScrollbar = function () { var bodyPad = parseInt((this.$body.css('padding-right') || 0), 10) this.originalBodyPad = document.body.style.paddingRight || '' - if (this.bodyIsOverflowing) this.$body.css('padding-right', bodyPad + this.scrollbarWidth) + var scrollbarWidth = this.scrollbarWidth + if (this.bodyIsOverflowing) { + this.$body.css('padding-right', bodyPad + scrollbarWidth) + $(this.fixedContent).each(function (index, element) { + var actualPadding = element.style.paddingRight + var calculatedPadding = $(element).css('padding-right') + $(element) + .data('padding-right', actualPadding) + .css('padding-right', parseFloat(calculatedPadding) + scrollbarWidth + 'px') + }) + } } Modal.prototype.resetScrollbar = function () { this.$body.css('padding-right', this.originalBodyPad) + $(this.fixedContent).each(function (index, element) { + var padding = $(element).data('padding-right') + $(element).removeData('padding-right') + element.style.paddingRight = padding ? padding : '' + }) } Modal.prototype.measureScrollbar = function () { // thx walsh @@ -291,8 +307,8 @@ function Plugin(option, _relatedTarget) { return this.each(function () { - var $this = $(this) - var data = $this.data('bs.modal') + var $this = $(this) + var data = $this.data('bs.modal') var options = $.extend({}, Modal.DEFAULTS, $this.data(), typeof option == 'object' && option) if (!data) $this.data('bs.modal', (data = new Modal(this, options))) @@ -303,7 +319,7 @@ var old = $.fn.modal - $.fn.modal = Plugin + $.fn.modal = Plugin $.fn.modal.Constructor = Modal @@ -320,10 +336,13 @@ // ============== $(document).on('click.bs.modal.data-api', '[data-toggle="modal"]', function (e) { - var $this = $(this) - var href = $this.attr('href') - var $target = $($this.attr('data-target') || (href && href.replace(/.*(?=#[^\s]+$)/, ''))) // strip for ie7 - var option = $target.data('bs.modal') ? 'toggle' : $.extend({ remote: !/#/.test(href) && href }, $target.data(), $this.data()) + var $this = $(this) + var href = $this.attr('href') + var target = $this.attr('data-target') || + (href && href.replace(/.*(?=#[^\s]+$)/, '')) // strip for ie7 + + var $target = $(document).find(target) + var option = $target.data('bs.modal') ? 'toggle' : $.extend({ remote: !/#/.test(href) && href }, $target.data(), $this.data()) if ($this.is('a')) e.preventDefault() diff --git a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/popover.js b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/popover.js index efe1956..66a301c 100644 --- a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/popover.js +++ b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/popover.js @@ -1,8 +1,8 @@ /* ======================================================================== - * Bootstrap: popover.js v3.3.7 - * http://getbootstrap.com/javascript/#popovers + * Bootstrap: popover.js v3.4.1 + * https://getbootstrap.com/docs/3.4/javascript/#popovers * ======================================================================== - * Copyright 2011-2016 Twitter, Inc. + * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== */ @@ -19,7 +19,7 @@ if (!$.fn.tooltip) throw new Error('Popover requires tooltip.js') - Popover.VERSION = '3.3.7' + Popover.VERSION = '3.4.1' Popover.DEFAULTS = $.extend({}, $.fn.tooltip.Constructor.DEFAULTS, { placement: 'right', @@ -45,10 +45,25 @@ var title = this.getTitle() var content = this.getContent() - $tip.find('.popover-title')[this.options.html ? 'html' : 'text'](title) - $tip.find('.popover-content').children().detach().end()[ // we use append for html objects to maintain js events - this.options.html ? (typeof content == 'string' ? 'html' : 'append') : 'text' - ](content) + if (this.options.html) { + var typeContent = typeof content + + if (this.options.sanitize) { + title = this.sanitizeHtml(title) + + if (typeContent === 'string') { + content = this.sanitizeHtml(content) + } + } + + $tip.find('.popover-title').html(title) + $tip.find('.popover-content').children().detach().end()[ + typeContent === 'string' ? 'html' : 'append' + ](content) + } else { + $tip.find('.popover-title').text(title) + $tip.find('.popover-content').children().detach().end().text(content) + } $tip.removeClass('fade top bottom left right in') @@ -67,8 +82,8 @@ return $e.attr('data-content') || (typeof o.content == 'function' ? - o.content.call($e[0]) : - o.content) + o.content.call($e[0]) : + o.content) } Popover.prototype.arrow = function () { diff --git a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/scrollspy.js b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/scrollspy.js index fe19809..a629ac6 100644 --- a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/scrollspy.js +++ b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/scrollspy.js @@ -1,8 +1,8 @@ /* ======================================================================== - * Bootstrap: scrollspy.js v3.3.7 - * http://getbootstrap.com/javascript/#scrollspy + * Bootstrap: scrollspy.js v3.4.1 + * https://getbootstrap.com/docs/3.4/javascript/#scrollspy * ======================================================================== - * Copyright 2011-2016 Twitter, Inc. + * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== */ @@ -28,7 +28,7 @@ this.process() } - ScrollSpy.VERSION = '3.3.7' + ScrollSpy.VERSION = '3.4.1' ScrollSpy.DEFAULTS = { offset: 10 diff --git a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/tab.js b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/tab.js index c4a8635..74495df 100644 --- a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/tab.js +++ b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/tab.js @@ -1,8 +1,8 @@ /* ======================================================================== - * Bootstrap: tab.js v3.3.7 - * http://getbootstrap.com/javascript/#tabs + * Bootstrap: tab.js v3.4.1 + * https://getbootstrap.com/docs/3.4/javascript/#tabs * ======================================================================== - * Copyright 2011-2016 Twitter, Inc. + * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== */ @@ -19,7 +19,7 @@ // jscs:enable requireDollarBeforejQueryAssignment } - Tab.VERSION = '3.3.7' + Tab.VERSION = '3.4.1' Tab.TRANSITION_DURATION = 150 @@ -48,7 +48,7 @@ if (showEvent.isDefaultPrevented() || hideEvent.isDefaultPrevented()) return - var $target = $(selector) + var $target = $(document).find(selector) this.activate($this.closest('li'), $ul) this.activate($target, $target.parent(), function () { @@ -73,15 +73,15 @@ $active .removeClass('active') .find('> .dropdown-menu > .active') - .removeClass('active') + .removeClass('active') .end() .find('[data-toggle="tab"]') - .attr('aria-expanded', false) + .attr('aria-expanded', false) element .addClass('active') .find('[data-toggle="tab"]') - .attr('aria-expanded', true) + .attr('aria-expanded', true) if (transition) { element[0].offsetWidth // reflow for transition @@ -93,10 +93,10 @@ if (element.parent('.dropdown-menu').length) { element .closest('li.dropdown') - .addClass('active') + .addClass('active') .end() .find('[data-toggle="tab"]') - .attr('aria-expanded', true) + .attr('aria-expanded', true) } callback && callback() diff --git a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/tooltip.js b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/tooltip.js index e35d9c7..c8c1c8c 100644 --- a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/tooltip.js +++ b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/tooltip.js @@ -1,16 +1,146 @@ /* ======================================================================== - * Bootstrap: tooltip.js v3.3.7 - * http://getbootstrap.com/javascript/#tooltip + * Bootstrap: tooltip.js v3.4.1 + * https://getbootstrap.com/docs/3.4/javascript/#tooltip * Inspired by the original jQuery.tipsy by Jason Frame * ======================================================================== - * Copyright 2011-2016 Twitter, Inc. + * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== */ - +function ($) { 'use strict'; + var DISALLOWED_ATTRIBUTES = ['sanitize', 'whiteList', 'sanitizeFn'] + + var uriAttrs = [ + 'background', + 'cite', + 'href', + 'itemtype', + 'longdesc', + 'poster', + 'src', + 'xlink:href' + ] + + var ARIA_ATTRIBUTE_PATTERN = /^aria-[\w-]*$/i + + var DefaultWhitelist = { + // Global attributes allowed on any supplied element below. + '*': ['class', 'dir', 'id', 'lang', 'role', ARIA_ATTRIBUTE_PATTERN], + a: ['target', 'href', 'title', 'rel'], + area: [], + b: [], + br: [], + col: [], + code: [], + div: [], + em: [], + hr: [], + h1: [], + h2: [], + h3: [], + h4: [], + h5: [], + h6: [], + i: [], + img: ['src', 'alt', 'title', 'width', 'height'], + li: [], + ol: [], + p: [], + pre: [], + s: [], + small: [], + span: [], + sub: [], + sup: [], + strong: [], + u: [], + ul: [] + } + + /** + * A pattern that recognizes a commonly useful subset of URLs that are safe. + * + * Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts + */ + var SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^&:/?#]*(?:[/?#]|$))/gi + + /** + * A pattern that matches safe data URLs. Only matches image, video and audio types. + * + * Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts + */ + var DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[a-z0-9+/]+=*$/i + + function allowedAttribute(attr, allowedAttributeList) { + var attrName = attr.nodeName.toLowerCase() + + if ($.inArray(attrName, allowedAttributeList) !== -1) { + if ($.inArray(attrName, uriAttrs) !== -1) { + return Boolean(attr.nodeValue.match(SAFE_URL_PATTERN) || attr.nodeValue.match(DATA_URL_PATTERN)) + } + + return true + } + + var regExp = $(allowedAttributeList).filter(function (index, value) { + return value instanceof RegExp + }) + + // Check if a regular expression validates the attribute. + for (var i = 0, l = regExp.length; i < l; i++) { + if (attrName.match(regExp[i])) { + return true + } + } + + return false + } + + function sanitizeHtml(unsafeHtml, whiteList, sanitizeFn) { + if (unsafeHtml.length === 0) { + return unsafeHtml + } + + if (sanitizeFn && typeof sanitizeFn === 'function') { + return sanitizeFn(unsafeHtml) + } + + // IE 8 and below don't support createHTMLDocument + if (!document.implementation || !document.implementation.createHTMLDocument) { + return unsafeHtml + } + + var createdDocument = document.implementation.createHTMLDocument('sanitization') + createdDocument.body.innerHTML = unsafeHtml + + var whitelistKeys = $.map(whiteList, function (el, i) { return i }) + var elements = $(createdDocument.body).find('*') + + for (var i = 0, len = elements.length; i < len; i++) { + var el = elements[i] + var elName = el.nodeName.toLowerCase() + + if ($.inArray(elName, whitelistKeys) === -1) { + el.parentNode.removeChild(el) + + continue + } + + var attributeList = $.map(el.attributes, function (el) { return el }) + var whitelistedAttributes = [].concat(whiteList['*'] || [], whiteList[elName] || []) + + for (var j = 0, len2 = attributeList.length; j < len2; j++) { + if (!allowedAttribute(attributeList[j], whitelistedAttributes)) { + el.removeAttribute(attributeList[j].nodeName) + } + } + } + + return createdDocument.body.innerHTML + } + // TOOLTIP PUBLIC CLASS DEFINITION // =============================== @@ -26,7 +156,7 @@ this.init('tooltip', element, options) } - Tooltip.VERSION = '3.3.7' + Tooltip.VERSION = '3.4.1' Tooltip.TRANSITION_DURATION = 150 @@ -43,7 +173,10 @@ viewport: { selector: 'body', padding: 0 - } + }, + sanitize : true, + sanitizeFn : null, + whiteList : DefaultWhitelist } Tooltip.prototype.init = function (type, element, options) { @@ -51,7 +184,7 @@ this.type = type this.$element = $(element) this.options = this.getOptions(options) - this.$viewport = this.options.viewport && $($.isFunction(this.options.viewport) ? this.options.viewport.call(this, this.$element) : (this.options.viewport.selector || this.options.viewport)) + this.$viewport = this.options.viewport && $(document).find($.isFunction(this.options.viewport) ? this.options.viewport.call(this, this.$element) : (this.options.viewport.selector || this.options.viewport)) this.inState = { click: false, hover: false, focus: false } if (this.$element[0] instanceof document.constructor && !this.options.selector) { @@ -84,7 +217,15 @@ } Tooltip.prototype.getOptions = function (options) { - options = $.extend({}, this.getDefaults(), this.$element.data(), options) + var dataAttributes = this.$element.data() + + for (var dataAttr in dataAttributes) { + if (dataAttributes.hasOwnProperty(dataAttr) && $.inArray(dataAttr, DISALLOWED_ATTRIBUTES) !== -1) { + delete dataAttributes[dataAttr] + } + } + + options = $.extend({}, this.getDefaults(), dataAttributes, options) if (options.delay && typeof options.delay == 'number') { options.delay = { @@ -93,6 +234,10 @@ } } + if (options.sanitize) { + options.template = sanitizeHtml(options.template, options.whiteList, options.sanitizeFn) + } + return options } @@ -204,7 +349,7 @@ .addClass(placement) .data('bs.' + this.type, this) - this.options.container ? $tip.appendTo(this.options.container) : $tip.insertAfter(this.$element) + this.options.container ? $tip.appendTo($(document).find(this.options.container)) : $tip.insertAfter(this.$element) this.$element.trigger('inserted.bs.' + this.type) var pos = this.getPosition() @@ -306,7 +451,16 @@ var $tip = this.tip() var title = this.getTitle() - $tip.find('.tooltip-inner')[this.options.html ? 'html' : 'text'](title) + if (this.options.html) { + if (this.options.sanitize) { + title = sanitizeHtml(title, this.options.whiteList, this.options.sanitizeFn) + } + + $tip.find('.tooltip-inner').html(title) + } else { + $tip.find('.tooltip-inner').text(title) + } + $tip.removeClass('fade in top bottom left right') } @@ -487,6 +641,9 @@ }) } + Tooltip.prototype.sanitizeHtml = function (unsafeHtml) { + return sanitizeHtml(unsafeHtml, this.options.whiteList, this.options.sanitizeFn) + } // TOOLTIP PLUGIN DEFINITION // ========================= diff --git a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/transition.js b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/transition.js index db76596..5a9a3e3 100644 --- a/xstatic/pkg/bootstrap_scss/data/js/bootstrap/transition.js +++ b/xstatic/pkg/bootstrap_scss/data/js/bootstrap/transition.js @@ -1,8 +1,8 @@ /* ======================================================================== - * Bootstrap: transition.js v3.3.7 - * http://getbootstrap.com/javascript/#transitions + * Bootstrap: transition.js v3.4.1 + * https://getbootstrap.com/docs/3.4/javascript/#transitions * ======================================================================== - * Copyright 2011-2016 Twitter, Inc. + * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) * ======================================================================== */ @@ -10,7 +10,7 @@ +function ($) { 'use strict'; - // CSS TRANSITION SUPPORT (Shoutout: http://www.modernizr.com/) + // CSS TRANSITION SUPPORT (Shoutout: https://modernizr.com/) // ============================================================ function transitionEnd() { @@ -32,7 +32,7 @@ return false // explicit for ie8 ( ._.) } - // http://blog.alexmaccaw.com/css-transitions + // https://blog.alexmaccaw.com/css-transitions $.fn.emulateTransitionEnd = function (duration) { var called = false var $el = this |