15283895011

Committed 27 May 2025 07:22PM CUT coverage: 95.999% (-0.07%) from 96.07%

Build # 15283895011

Build Type

push

github

Committed by

web-flow

Commit Message

Build(deps-dev): Bump the development-dependencies group with 8 updates (#41502)

Bumps the development-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@astrojs/markdown-remark](https://github.com/withastro/astro/tree/HEAD/packages/markdown/remark) | `6.3.1` | `6.3.2` |
| [@astrojs/mdx](https://github.com/withastro/astro/tree/HEAD/packages/integrations/mdx) | `4.2.6` | `4.3.0` |
| [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.27.1` | `7.27.3` |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.7.13` | `5.8.0` |
| [npm-run-all2](https://github.com/bcomnes/npm-run-all2) | `8.0.2` | `8.0.4` |
| [rollup](https://github.com/rollup/rollup) | `4.41.0` | `4.41.1` |
| [terser](https://github.com/terser/terser) | `5.39.2` | `5.40.0` |
| [zod](https://github.com/colinhacks/zod) | `3.25.7` | `3.25.30` |



Updates `@astrojs/markdown-remark` from 6.3.1 to 6.3.2
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/markdown/remark/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/markdown-remark@6.3.2/packages/markdown/remark)

Updates `@astrojs/mdx` from 4.2.6 to 4.3.0
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/mdx/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/mdx@4.3.0/packages/integrations/mdx)

Updates `@astrojs/prism` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro-prism/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/prism@3.3.0/packages/astro-prism)

Updates `@babel/core` from 7.27.1 to 7.27.3
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://gi... (continued)

Run Details

665 of 726 branches covered (91.6%)

Branch coverage included in aggregate %.

2022 of 2073 relevant lines covered (97.54%)

194.54 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.24

/js/src/util/sanitizer.js

/**
 * --------------------------------------------------------------------------
 * Bootstrap util/sanitizer.js
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
 * --------------------------------------------------------------------------
 */

// js-docs-start allow-list
const ARIA_ATTRIBUTE_PATTERN = /^aria-[\w-]*$/i

export const DefaultAllowlist = {
  // Global attributes allowed on any supplied element below.
  '*': ['class', 'dir', 'id', 'lang', 'role', ARIA_ATTRIBUTE_PATTERN],
  a: ['target', 'href', 'title', 'rel'],
  area: [],
  b: [],
  br: [],
  col: [],
  code: [],
  dd: [],
  div: [],
  dl: [],
  dt: [],
  em: [],
  hr: [],
  h1: [],
  h2: [],
  h3: [],
  h4: [],
  h5: [],
  h6: [],
  i: [],
  img: ['src', 'srcset', 'alt', 'title', 'width', 'height'],
  li: [],
  ol: [],
  p: [],
  pre: [],
  s: [],
  small: [],
  span: [],
  sub: [],
  sup: [],
  strong: [],
  u: [],
  ul: []
}
// js-docs-end allow-list

const uriAttributes = new Set([
  'background',
  'cite',
  'href',
  'itemtype',
  'longdesc',
  'poster',
  'src',
  'xlink:href'
])

/**
 * A pattern that recognizes URLs that are safe wrt. XSS in URL navigation
 * contexts.
 *
 * Shout-out to Angular https://github.com/angular/angular/blob/15.2.8/packages/core/src/sanitization/url_sanitizer.ts#L38
 */
const SAFE_URL_PATTERN = /^(?!javascript:)(?:[a-z0-9+.-]+:|[^&:/?#]*(?:[/?#]|$))/i

const allowedAttribute = (attribute, allowedAttributeList) => {
  const attributeName = attribute.nodeName.toLowerCase()

  if (allowedAttributeList.includes(attributeName)) {
    if (uriAttributes.has(attributeName)) {
      return Boolean(SAFE_URL_PATTERN.test(attribute.nodeValue))
    }

    return true
  }

  // Check if a regular expression validates the attribute.
  return allowedAttributeList.filter(attributeRegex => attributeRegex instanceof RegExp)
    .some(regex => regex.test(attributeName))
}

export function sanitizeHtml(unsafeHtml, allowList, sanitizeFunction) {
  if (!unsafeHtml.length) {
    return unsafeHtml
  }

  if (sanitizeFunction && typeof sanitizeFunction === 'function') {
    return sanitizeFunction(unsafeHtml)
  }

  const domParser = new window.DOMParser()
  const createdDocument = domParser.parseFromString(unsafeHtml, 'text/html')
  const elements = [].concat(...createdDocument.body.querySelectorAll('*'))

  for (const element of elements) {
    const elementName = element.nodeName.toLowerCase()

    if (!Object.keys(allowList).includes(elementName)) {
      element.remove()
      continue
    }

    const attributeList = [].concat(...element.attributes)
    const allowedAttributes = [].concat(allowList['*'] || [], allowList[elementName] || [])

    for (const attribute of attributeList) {
      if (!allowedAttribute(attribute, allowedAttributes)) {
        element.removeAttribute(attribute.nodeName)
      }
    }
  }

  return createdDocument.body.innerHTML
}

1	/**
2	* --------------------------------------------------------------------------
3	* Bootstrap util/sanitizer.js
4	* Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
5	* --------------------------------------------------------------------------
6	*/
7
8	// js-docs-start allow-list
9	const ARIA_ATTRIBUTE_PATTERN = /^aria-[\w-]*$/i	4✔
10
11	export const DefaultAllowlist = {	4✔
12	// Global attributes allowed on any supplied element below.
13	'*': ['class', 'dir', 'id', 'lang', 'role', ARIA_ATTRIBUTE_PATTERN],
14	a: ['target', 'href', 'title', 'rel'],
15	area: [],
16	b: [],
17	br: [],
18	col: [],
19	code: [],
20	dd: [],
21	div: [],
22	dl: [],
23	dt: [],
24	em: [],
25	hr: [],
26	h1: [],
27	h2: [],
28	h3: [],
29	h4: [],
30	h5: [],
31	h6: [],
32	i: [],
33	img: ['src', 'srcset', 'alt', 'title', 'width', 'height'],
34	li: [],
35	ol: [],
36	p: [],
37	pre: [],
38	s: [],
39	small: [],
40	span: [],
41	sub: [],
42	sup: [],
43	strong: [],
44	u: [],
45	ul: []
46	}
47	// js-docs-end allow-list
48
49	const uriAttributes = new Set([	4✔
50	'background',
51	'cite',
52	'href',
53	'itemtype',
54	'longdesc',
55	'poster',
56	'src',
57	'xlink:href'
58	])
59
60	/**
61	* A pattern that recognizes URLs that are safe wrt. XSS in URL navigation
62	* contexts.
63	*
64	* Shout-out to Angular https://github.com/angular/angular/blob/15.2.8/packages/core/src/sanitization/url_sanitizer.ts#L38
65	*/
66	const SAFE_URL_PATTERN = /^(?!javascript:)(?:[a-z0-9+.-]+:\|[^&:/?#]*(?:[/?#]\|$))/i	4✔
67
68	const allowedAttribute = (attribute, allowedAttributeList) => {	4✔
69	const attributeName = attribute.nodeName.toLowerCase()	334✔
70
71	if (allowedAttributeList.includes(attributeName)) {	334✔
72	if (uriAttributes.has(attributeName)) {	329✔
73	return Boolean(SAFE_URL_PATTERN.test(attribute.nodeValue))	38✔
74	}
75
76	return true	291✔
77	}
78
79	// Check if a regular expression validates the attribute.
80	return allowedAttributeList.filter(attributeRegex => attributeRegex instanceof RegExp)	48✔
81	.some(regex => regex.test(attributeName))	6✔
82	}
83
84	export function sanitizeHtml(unsafeHtml, allowList, sanitizeFunction) {
85	if (!unsafeHtml.length) {	126✔
86	return unsafeHtml	1✔
87	}
88
89	if (sanitizeFunction && typeof sanitizeFunction === 'function') {	125✔
90	return sanitizeFunction(unsafeHtml)	1✔
91	}
92
93	const domParser = new window.DOMParser()	124✔
94	const createdDocument = domParser.parseFromString(unsafeHtml, 'text/html')	124✔
95	const elements = [].concat(...createdDocument.body.querySelectorAll('*'))	124✔
96
97	for (const element of elements) {	124✔
98	const elementName = element.nodeName.toLowerCase()	356✔
99
100	if (!Object.keys(allowList).includes(elementName)) {	356✔
101	element.remove()	2✔
102	continue	2✔
103	}
104
105	const attributeList = [].concat(...element.attributes)	354✔
106	const allowedAttributes = [].concat(allowList['*'] \|\| [], allowList[elementName] \|\| [])	354!
107
108	for (const attribute of attributeList) {	354✔
109	if (!allowedAttribute(attribute, allowedAttributes)) {	334✔
110	element.removeAttribute(attribute.nodeName)	17✔
111	}
112	}
113	}
114
115	return createdDocument.body.innerHTML	124✔
116	}

twbs / bootstrap / 15283895011

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous