build: release 1.3.4

CHANGELOG.md

@@ -1,6 +1,6 @@
 # Changelog
 
-## next
+## 1.3.4 (Jun 1, 2019)
 
 - Escape all strings that use in HTML for better security (#269).
 - Fix the missing fide out transition when hide the viewer (#275).

dist/viewer.common.js

@@ -1,11 +1,11 @@
 /*!
- * Viewer.js v1.3.3
+ * Viewer.js v1.3.4
  * https://fengyuanchen.github.io/viewerjs
  *
  * Copyright 2015-present Chen Fengyuan
  * Released under the MIT license
  *
- * Date: 2019-04-06T14:06:28.301Z
+ * Date: 2019-06-01T03:32:35.881Z
  */
 
 'use strict';
@@ -444,6 +444,15 @@ function setStyle(element, styles) {
     style[property] = value;
   });
 }
+/**
+ * Escape a string for using in HTML.
+ * @param {String} value - The string to escape.
+ * @returns {String} Returns the escaped string.
+ */
+
+function escapeHTMLEntities(value) {
+  return isString(value) ? value.replace(/&/g, '&amp;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/</g, '&lt;').replace(/>/g, '&gt;') : value;
+}
 /**
  * Check if the given element has a special class.
  * @param {Element} element - The element to check.
@@ -776,7 +785,7 @@ function getTransforms(_ref) {
  */
 
 function getImageNameFromURL(url) {
-  return isString(url) ? url.replace(/^.*\//, '').replace(/[?&#].*$/, '') : '';
+  return isString(url) ? decodeURIComponent(url.replace(/^.*\//, '').replace(/[?&#].*$/, '')) : '';
 }
 var IS_SAFARI = WINDOW.navigator && /(Macintosh|iPhone|iPod|iPad).*AppleWebKit/i.test(WINDOW.navigator.userAgent);
 /**
@@ -952,14 +961,14 @@ var render = {
         list = this.list;
     var items = [];
     forEach(this.images, function (image, i) {
-      var src = image.src;
-      var alt = image.alt || getImageNameFromURL(src);
+      var src = escapeHTMLEntities(image.src);
+      var alt = escapeHTMLEntities(image.alt || getImageNameFromURL(src));
       var url = options.url;
 
       if (isString(url)) {
-        url = image.getAttribute(url);
+        url = escapeHTMLEntities(image.getAttribute(url));
       } else if (isFunction(url)) {
-        url = url.call(_this, image);
+        url = escapeHTMLEntities(url.call(_this, image));
       }
 
       if (src || url) {
@@ -1710,10 +1719,13 @@ var methods = {
       var hidden = this.hidden.bind(this);
 
       var hide = function hide() {
-        addListener(viewer, EVENT_TRANSITION_END, hidden, {
-          once: true
-        });
-        removeClass(viewer, CLASS_IN);
+        // XXX: It seems the `event.stopPropagation()` method does not work here
+        setTimeout(function () {
+          addListener(viewer, EVENT_TRANSITION_END, hidden, {
+            once: true
+          });
+          removeClass(viewer, CLASS_IN);
+        }, 0);
       };
 
       this.transitioning = {
@@ -1772,8 +1784,8 @@ var methods = {
         canvas = this.canvas;
     var item = this.items[index];
     var img = item.querySelector('img');
-    var url = getData(img, 'originalUrl');
-    var alt = img.getAttribute('alt');
+    var url = escapeHTMLEntities(getData(img, 'originalUrl'));
+    var alt = escapeHTMLEntities(img.getAttribute('alt'));
     var image = document.createElement('img');
     image.src = url;
     image.alt = alt;
@@ -1814,7 +1826,7 @@ var methods = {
     var onViewed = function onViewed() {
       var imageData = _this.imageData;
       var render = Array.isArray(options.title) ? options.title[1] : options.title;
-      title.innerHTML = isFunction(render) ? render.call(_this, image, imageData) : "".concat(alt, " (").concat(imageData.naturalWidth, " \xD7 ").concat(imageData.naturalHeight, ")");
+      title.innerHTML = escapeHTMLEntities(isFunction(render) ? render.call(_this, image, imageData) : "".concat(alt, " (").concat(imageData.naturalWidth, " \xD7 ").concat(imageData.naturalHeight, ")"));
     };
 
     var onLoad;
@@ -2186,8 +2198,8 @@ var methods = {
     forEach(this.items, function (item, i) {
       var img = item.querySelector('img');
       var image = document.createElement('img');
-      image.src = getData(img, 'originalUrl');
-      image.alt = img.getAttribute('alt');
+      image.src = escapeHTMLEntities(getData(img, 'originalUrl'));
+      image.alt = escapeHTMLEntities(img.getAttribute('alt'));
       total += 1;
       addClass(image, CLASS_FADE);
       toggleClass(image, CLASS_TRANSITION, options.transition);

dist/viewer.css

@@ -1,11 +1,11 @@
 /*!
- * Viewer.js v1.3.3
+ * Viewer.js v1.3.4
  * https://fengyuanchen.github.io/viewerjs
  *
  * Copyright 2015-present Chen Fengyuan
  * Released under the MIT license
  *
- * Date: 2019-04-06T14:06:24.626Z
+ * Date: 2019-06-01T03:32:33.340Z
  */
 
 .viewer-zoom-in::before,
@@ -123,6 +123,11 @@
   user-select: none;
 }
 
+.viewer-container::-moz-selection,
+.viewer-container *::-moz-selection {
+  background-color: transparent;
+}
+
 .viewer-container::selection,
 .viewer-container *::selection {
   background-color: transparent;

dist/viewer.esm.js

@@ -1,11 +1,11 @@
 /*!
- * Viewer.js v1.3.3
+ * Viewer.js v1.3.4
  * https://fengyuanchen.github.io/viewerjs
  *
  * Copyright 2015-present Chen Fengyuan
  * Released under the MIT license
  *
- * Date: 2019-04-06T14:06:28.301Z
+ * Date: 2019-06-01T03:32:35.881Z
  */
 
 function _typeof(obj) {
@@ -442,6 +442,15 @@ function setStyle(element, styles) {
     style[property] = value;
   });
 }
+/**
+ * Escape a string for using in HTML.
+ * @param {String} value - The string to escape.
+ * @returns {String} Returns the escaped string.
+ */
+
+function escapeHTMLEntities(value) {
+  return isString(value) ? value.replace(/&/g, '&amp;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/</g, '&lt;').replace(/>/g, '&gt;') : value;
+}
 /**
  * Check if the given element has a special class.
  * @param {Element} element - The element to check.
@@ -774,7 +783,7 @@ function getTransforms(_ref) {
  */
 
 function getImageNameFromURL(url) {
-  return isString(url) ? url.replace(/^.*\//, '').replace(/[?&#].*$/, '') : '';
+  return isString(url) ? decodeURIComponent(url.replace(/^.*\//, '').replace(/[?&#].*$/, '')) : '';
 }
 var IS_SAFARI = WINDOW.navigator && /(Macintosh|iPhone|iPod|iPad).*AppleWebKit/i.test(WINDOW.navigator.userAgent);
 /**
@@ -950,14 +959,14 @@ var render = {
         list = this.list;
     var items = [];
     forEach(this.images, function (image, i) {
-      var src = image.src;
-      var alt = image.alt || getImageNameFromURL(src);
+      var src = escapeHTMLEntities(image.src);
+      var alt = escapeHTMLEntities(image.alt || getImageNameFromURL(src));
       var url = options.url;
 
       if (isString(url)) {
-        url = image.getAttribute(url);
+        url = escapeHTMLEntities(image.getAttribute(url));
       } else if (isFunction(url)) {
-        url = url.call(_this, image);
+        url = escapeHTMLEntities(url.call(_this, image));
       }
 
       if (src || url) {
@@ -1708,10 +1717,13 @@ var methods = {
       var hidden = this.hidden.bind(this);
 
       var hide = function hide() {
-        addListener(viewer, EVENT_TRANSITION_END, hidden, {
-          once: true
-        });
-        removeClass(viewer, CLASS_IN);
+        // XXX: It seems the `event.stopPropagation()` method does not work here
+        setTimeout(function () {
+          addListener(viewer, EVENT_TRANSITION_END, hidden, {
+            once: true
+          });
+          removeClass(viewer, CLASS_IN);
+        }, 0);
       };
 
       this.transitioning = {
@@ -1770,8 +1782,8 @@ var methods = {
         canvas = this.canvas;
     var item = this.items[index];
     var img = item.querySelector('img');
-    var url = getData(img, 'originalUrl');
-    var alt = img.getAttribute('alt');
+    var url = escapeHTMLEntities(getData(img, 'originalUrl'));
+    var alt = escapeHTMLEntities(img.getAttribute('alt'));
     var image = document.createElement('img');
     image.src = url;
     image.alt = alt;
@@ -1812,7 +1824,7 @@ var methods = {
     var onViewed = function onViewed() {
       var imageData = _this.imageData;
       var render = Array.isArray(options.title) ? options.title[1] : options.title;
-      title.innerHTML = isFunction(render) ? render.call(_this, image, imageData) : "".concat(alt, " (").concat(imageData.naturalWidth, " \xD7 ").concat(imageData.naturalHeight, ")");
+      title.innerHTML = escapeHTMLEntities(isFunction(render) ? render.call(_this, image, imageData) : "".concat(alt, " (").concat(imageData.naturalWidth, " \xD7 ").concat(imageData.naturalHeight, ")"));
     };
 
     var onLoad;
@@ -2184,8 +2196,8 @@ var methods = {
     forEach(this.items, function (item, i) {
       var img = item.querySelector('img');
       var image = document.createElement('img');
-      image.src = getData(img, 'originalUrl');
-      image.alt = img.getAttribute('alt');
+      image.src = escapeHTMLEntities(getData(img, 'originalUrl'));
+      image.alt = escapeHTMLEntities(img.getAttribute('alt'));
       total += 1;
       addClass(image, CLASS_FADE);
       toggleClass(image, CLASS_TRANSITION, options.transition);

dist/viewer.js

@@ -1,11 +1,11 @@
 /*!
- * Viewer.js v1.3.3
+ * Viewer.js v1.3.4
  * https://fengyuanchen.github.io/viewerjs
  *
  * Copyright 2015-present Chen Fengyuan
  * Released under the MIT license
  *
- * Date: 2019-04-06T14:06:28.301Z
+ * Date: 2019-06-01T03:32:35.881Z
  */
 
 (function (global, factory) {
@@ -448,6 +448,15 @@
       style[property] = value;
     });
   }
+  /**
+   * Escape a string for using in HTML.
+   * @param {String} value - The string to escape.
+   * @returns {String} Returns the escaped string.
+   */
+
+  function escapeHTMLEntities(value) {
+    return isString(value) ? value.replace(/&/g, '&amp;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/</g, '&lt;').replace(/>/g, '&gt;') : value;
+  }
   /**
    * Check if the given element has a special class.
    * @param {Element} element - The element to check.
@@ -780,7 +789,7 @@
    */
 
   function getImageNameFromURL(url) {
-    return isString(url) ? url.replace(/^.*\//, '').replace(/[?&#].*$/, '') : '';
+    return isString(url) ? decodeURIComponent(url.replace(/^.*\//, '').replace(/[?&#].*$/, '')) : '';
   }
   var IS_SAFARI = WINDOW.navigator && /(Macintosh|iPhone|iPod|iPad).*AppleWebKit/i.test(WINDOW.navigator.userAgent);
   /**
@@ -956,14 +965,14 @@
           list = this.list;
       var items = [];
       forEach(this.images, function (image, i) {
-        var src = image.src;
-        var alt = image.alt || getImageNameFromURL(src);
+        var src = escapeHTMLEntities(image.src);
+        var alt = escapeHTMLEntities(image.alt || getImageNameFromURL(src));
         var url = options.url;
 
         if (isString(url)) {
-          url = image.getAttribute(url);
+          url = escapeHTMLEntities(image.getAttribute(url));
         } else if (isFunction(url)) {
-          url = url.call(_this, image);
+          url = escapeHTMLEntities(url.call(_this, image));
         }
 
         if (src || url) {
@@ -1714,10 +1723,13 @@
         var hidden = this.hidden.bind(this);
 
         var hide = function hide() {
-          addListener(viewer, EVENT_TRANSITION_END, hidden, {
-            once: true
-          });
-          removeClass(viewer, CLASS_IN);
+          // XXX: It seems the `event.stopPropagation()` method does not work here
+          setTimeout(function () {
+            addListener(viewer, EVENT_TRANSITION_END, hidden, {
+              once: true
+            });
+            removeClass(viewer, CLASS_IN);
+          }, 0);
         };
 
         this.transitioning = {
@@ -1776,8 +1788,8 @@
           canvas = this.canvas;
       var item = this.items[index];
       var img = item.querySelector('img');
-      var url = getData(img, 'originalUrl');
-      var alt = img.getAttribute('alt');
+      var url = escapeHTMLEntities(getData(img, 'originalUrl'));
+      var alt = escapeHTMLEntities(img.getAttribute('alt'));
       var image = document.createElement('img');
       image.src = url;
       image.alt = alt;
@@ -1818,7 +1830,7 @@
       var onViewed = function onViewed() {
         var imageData = _this.imageData;
         var render = Array.isArray(options.title) ? options.title[1] : options.title;
-        title.innerHTML = isFunction(render) ? render.call(_this, image, imageData) : "".concat(alt, " (").concat(imageData.naturalWidth, " \xD7 ").concat(imageData.naturalHeight, ")");
+        title.innerHTML = escapeHTMLEntities(isFunction(render) ? render.call(_this, image, imageData) : "".concat(alt, " (").concat(imageData.naturalWidth, " \xD7 ").concat(imageData.naturalHeight, ")"));
       };
 
       var onLoad;
@@ -2190,8 +2202,8 @@
       forEach(this.items, function (item, i) {
         var img = item.querySelector('img');
         var image = document.createElement('img');
-        image.src = getData(img, 'originalUrl');
-        image.alt = img.getAttribute('alt');
+        image.src = escapeHTMLEntities(getData(img, 'originalUrl'));
+        image.alt = escapeHTMLEntities(img.getAttribute('alt'));
         total += 1;
         addClass(image, CLASS_FADE);
         toggleClass(image, CLASS_TRANSITION, options.transition);