Skip to content
This repository was archived by the owner on Aug 5, 2024. It is now read-only.

Provide an alternative to style injection for CSP purposes #88

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions javascript/diff_match_patch.css
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
.ins_style {
background: #e6ffe6;
}

.del_style {
background: #ffe6e6;
}
56 changes: 1 addition & 55 deletions javascript/diff_match_patch.js

Large diffs are not rendered by default.

16 changes: 14 additions & 2 deletions javascript/diff_match_patch_uncompressed.js
Original file line number Diff line number Diff line change
@@ -51,6 +51,10 @@ var diff_match_patch = function() {

// The number of bits in an int.
this.Match_MaxBits = 32;

// Disable style injection for stricter CSP environments.
// Applies exclusively to diff_prettyHtml.
this.Style_Injection = true;
};


@@ -1254,17 +1258,25 @@ diff_match_patch.prototype.diff_prettyHtml = function(diffs) {
var pattern_lt = /</g;
var pattern_gt = />/g;
var pattern_para = /\n/g;
if (this.Style_Injection) {
var ins_style = 'style="background:#e6ffe6;"'
var del_style = 'style="background:#ffe6e6;"'
} else {
var ins_style = 'class="ins_style"'
var del_style = 'class="del_style"'
}

for (var x = 0; x < diffs.length; x++) {
var op = diffs[x][0]; // Operation (insert, delete, equal)
var data = diffs[x][1]; // Text of change.
var text = data.replace(pattern_amp, '&amp;').replace(pattern_lt, '&lt;')
.replace(pattern_gt, '&gt;').replace(pattern_para, '&para;<br>');
switch (op) {
case DIFF_INSERT:
html[x] = '<ins style="background:#e6ffe6;">' + text + '</ins>';
html[x] = '<ins ' + ins_style + '>' + text + '</ins>';
break;
case DIFF_DELETE:
html[x] = '<del style="background:#ffe6e6;">' + text + '</del>';
html[x] = '<del ' + del_style + '>' + text + '</del>';
break;
case DIFF_EQUAL:
html[x] = '<span>' + text + '</span>';