2.2.1

Author: archmoj

dist/README.md

@@ -46,9 +46,9 @@ The main plotly.js bundles weight in at:
 | 8 MB | 3.4 MB | 1019.6 kB | 8.3 MB |
 
 #### CDN links
-> https://cdn.plot.ly/plotly-2.2.0.js
+> https://cdn.plot.ly/plotly-2.2.1.js
 
-> https://cdn.plot.ly/plotly-2.2.0.min.js
+> https://cdn.plot.ly/plotly-2.2.1.min.js
 
 
 #### npm packages
@@ -94,9 +94,9 @@ The `basic` partial bundle contains trace modules `bar`, `pie` and `scatter`.
 | 2.7 MB | 1007.3 kB | 327.3 kB |
 
 #### CDN links
-> https://cdn.plot.ly/plotly-basic-2.2.0.js
+> https://cdn.plot.ly/plotly-basic-2.2.1.js
 
-> https://cdn.plot.ly/plotly-basic-2.2.0.min.js
+> https://cdn.plot.ly/plotly-basic-2.2.1.min.js
 
 
 #### npm packages
@@ -114,12 +114,12 @@ The `cartesian` partial bundle contains trace modules `bar`, `box`, `contour`, `
 
 | Raw size | Minified size | Minified + gzip size |
 |------|-----------------|------------------------|
-| 3.3 MB | 1.2 MB | 398.7 kB |
+| 3.3 MB | 1.2 MB | 398.8 kB |
 
 #### CDN links
-> https://cdn.plot.ly/plotly-cartesian-2.2.0.js
+> https://cdn.plot.ly/plotly-cartesian-2.2.1.js
 
-> https://cdn.plot.ly/plotly-cartesian-2.2.0.min.js
+> https://cdn.plot.ly/plotly-cartesian-2.2.1.min.js
 
 
 #### npm packages
@@ -137,12 +137,12 @@ The `geo` partial bundle contains trace modules `choropleth`, `scatter` and `sca
 
 | Raw size | Minified size | Minified + gzip size |
 |------|-----------------|------------------------|
-| 2.9 MB | 1 MB | 337.3 kB |
+| 2.9 MB | 1 MB | 337.4 kB |
 
 #### CDN links
-> https://cdn.plot.ly/plotly-geo-2.2.0.js
+> https://cdn.plot.ly/plotly-geo-2.2.1.js
 
-> https://cdn.plot.ly/plotly-geo-2.2.0.min.js
+> https://cdn.plot.ly/plotly-geo-2.2.1.min.js
 
 
 #### npm packages
@@ -163,9 +163,9 @@ The `gl3d` partial bundle contains trace modules `cone`, `isosurface`, `mesh3d`,
 | 3.8 MB | 1.5 MB | 482.7 kB |
 
 #### CDN links
-> https://cdn.plot.ly/plotly-gl3d-2.2.0.js
+> https://cdn.plot.ly/plotly-gl3d-2.2.1.js
 
-> https://cdn.plot.ly/plotly-gl3d-2.2.0.min.js
+> https://cdn.plot.ly/plotly-gl3d-2.2.1.min.js
 
 
 #### npm packages
@@ -183,12 +183,12 @@ The `gl2d` partial bundle contains trace modules `heatmapgl`, `parcoords`, `poin
 
 | Raw size | Minified size | Minified + gzip size |
 |------|-----------------|------------------------|
-| 3.8 MB | 1.5 MB | 503.1 kB |
+| 3.8 MB | 1.5 MB | 503.2 kB |
 
 #### CDN links
-> https://cdn.plot.ly/plotly-gl2d-2.2.0.js
+> https://cdn.plot.ly/plotly-gl2d-2.2.1.js
 
-> https://cdn.plot.ly/plotly-gl2d-2.2.0.min.js
+> https://cdn.plot.ly/plotly-gl2d-2.2.1.min.js
 
 
 #### npm packages
@@ -209,9 +209,9 @@ The `mapbox` partial bundle contains trace modules `choroplethmapbox`, `densitym
 | 4.4 MB | 1.8 MB | 525 kB |
 
 #### CDN links
-> https://cdn.plot.ly/plotly-mapbox-2.2.0.js
+> https://cdn.plot.ly/plotly-mapbox-2.2.1.js
 
-> https://cdn.plot.ly/plotly-mapbox-2.2.0.min.js
+> https://cdn.plot.ly/plotly-mapbox-2.2.1.min.js
 
 
 #### npm packages
@@ -229,12 +229,12 @@ The `finance` partial bundle contains trace modules `bar`, `candlestick`, `funne
 
 | Raw size | Minified size | Minified + gzip size |
 |------|-----------------|------------------------|
-| 3 MB | 1.1 MB | 353.5 kB |
+| 3 MB | 1.1 MB | 353.6 kB |
 
 #### CDN links
-> https://cdn.plot.ly/plotly-finance-2.2.0.js
+> https://cdn.plot.ly/plotly-finance-2.2.1.js
 
-> https://cdn.plot.ly/plotly-finance-2.2.0.min.js
+> https://cdn.plot.ly/plotly-finance-2.2.1.min.js
 
 
 #### npm packages
@@ -252,12 +252,12 @@ The `strict` partial bundle contains trace modules `bar`, `barpolar`, `box`, `ca
 
 | Raw size | Minified size | Minified + gzip size |
 |------|-----------------|------------------------|
-| 6.7 MB | 2.8 MB | 840.4 kB |
+| 6.7 MB | 2.8 MB | 840.5 kB |
 
 #### CDN links
-> https://cdn.plot.ly/plotly-strict-2.2.0.js
+> https://cdn.plot.ly/plotly-strict-2.2.1.js
 
-> https://cdn.plot.ly/plotly-strict-2.2.0.min.js
+> https://cdn.plot.ly/plotly-strict-2.2.1.min.js
 
 
 #### npm packages

dist/plotly-basic.js

@@ -1,5 +1,5 @@
 /**
-* plotly.js (basic) v2.2.0
+* plotly.js (basic) v2.2.1
 * Copyright 2012-2021, Plotly, Inc.
 * All rights reserved.
 * Licensed under the MIT license
@@ -49233,14 +49233,9 @@ function buildSVGText(containerNode, str) {
                     var href = getQuotedMatch(extra, HREFMATCH);
 
                     if(href) {
-                        // check safe protocols
-                        var dummyAnchor = document.createElement('a');
-                        dummyAnchor.href = href;
-                        if(PROTOCOLS.indexOf(dummyAnchor.protocol) !== -1) {
-                            // Decode href to allow both already encoded and not encoded
-                            // URIs. Without decoding prior encoding, an already encoded
-                            // URI would be encoded twice producing a semantically different URI.
-                            nodeSpec.href = encodeURI(decodeURI(href));
+                        var safeHref = sanitizeHref(href);
+                        if(safeHref) {
+                            nodeSpec.href = safeHref;
                             nodeSpec.target = getQuotedMatch(extra, TARGETMATCH) || '_blank';
                             nodeSpec.popup = getQuotedMatch(extra, POPUPMATCH);
                         }
@@ -49255,6 +49250,27 @@ function buildSVGText(containerNode, str) {
     return hasLink;
 }
 
+function sanitizeHref(href) {
+    var decodedHref = encodeURI(decodeURI(href));
+    var dummyAnchor1 = document.createElement('a');
+    var dummyAnchor2 = document.createElement('a');
+    dummyAnchor1.href = href;
+    dummyAnchor2.href = decodedHref;
+
+    var p1 = dummyAnchor1.protocol;
+    var p2 = dummyAnchor2.protocol;
+
+    // check safe protocols
+    if(
+        PROTOCOLS.indexOf(p1) !== -1 &&
+        PROTOCOLS.indexOf(p2) !== -1
+    ) {
+        return decodedHref;
+    } else {
+        return '';
+    }
+}
+
 /*
  * sanitizeHTML: port of buildSVGText aimed at providing a clean subset of HTML
  * @param {string} str: the html string to clean
@@ -49289,10 +49305,9 @@ exports.sanitizeHTML = function sanitizeHTML(str) {
                     var href = getQuotedMatch(extra, HREFMATCH);
 
                     if(href) {
-                        var dummyAnchor = document.createElement('a');
-                        dummyAnchor.href = href;
-                        if(PROTOCOLS.indexOf(dummyAnchor.protocol) !== -1) {
-                            nodeAttrs.href = encodeURI(decodeURI(href));
+                        var safeHref = sanitizeHref(href);
+                        if(safeHref) {
+                            nodeAttrs.href = safeHref;
                             var target = getQuotedMatch(extra, TARGETMATCH);
                             if(target) {
                                 nodeAttrs.target = target;
@@ -84237,7 +84252,7 @@ function getSortFunc(opts, d2c) {
 'use strict';
 
 // package version injected by `npm run preprocess`
-exports.version = '2.2.0';
+exports.version = '2.2.1';
 
 },{}]},{},[8])(8)
 });

dist/plotly-basic.min.js

@@ -1,5 +1,5 @@
 /**
-* plotly.js (cartesian) v2.2.0
+* plotly.js (cartesian) v2.2.1
 * Copyright 2012-2021, Plotly, Inc.
 * All rights reserved.
 * Licensed under the MIT license
@@ -58392,14 +58392,9 @@ function buildSVGText(containerNode, str) {
                     var href = getQuotedMatch(extra, HREFMATCH);
 
                     if(href) {
-                        // check safe protocols
-                        var dummyAnchor = document.createElement('a');
-                        dummyAnchor.href = href;
-                        if(PROTOCOLS.indexOf(dummyAnchor.protocol) !== -1) {
-                            // Decode href to allow both already encoded and not encoded
-                            // URIs. Without decoding prior encoding, an already encoded
-                            // URI would be encoded twice producing a semantically different URI.
-                            nodeSpec.href = encodeURI(decodeURI(href));
+                        var safeHref = sanitizeHref(href);
+                        if(safeHref) {
+                            nodeSpec.href = safeHref;
                             nodeSpec.target = getQuotedMatch(extra, TARGETMATCH) || '_blank';
                             nodeSpec.popup = getQuotedMatch(extra, POPUPMATCH);
                         }
@@ -58414,6 +58409,27 @@ function buildSVGText(containerNode, str) {
     return hasLink;
 }
 
+function sanitizeHref(href) {
+    var decodedHref = encodeURI(decodeURI(href));
+    var dummyAnchor1 = document.createElement('a');
+    var dummyAnchor2 = document.createElement('a');
+    dummyAnchor1.href = href;
+    dummyAnchor2.href = decodedHref;
+
+    var p1 = dummyAnchor1.protocol;
+    var p2 = dummyAnchor2.protocol;
+
+    // check safe protocols
+    if(
+        PROTOCOLS.indexOf(p1) !== -1 &&
+        PROTOCOLS.indexOf(p2) !== -1
+    ) {
+        return decodedHref;
+    } else {
+        return '';
+    }
+}
+
 /*
  * sanitizeHTML: port of buildSVGText aimed at providing a clean subset of HTML
  * @param {string} str: the html string to clean
@@ -58448,10 +58464,9 @@ exports.sanitizeHTML = function sanitizeHTML(str) {
                     var href = getQuotedMatch(extra, HREFMATCH);
 
                     if(href) {
-                        var dummyAnchor = document.createElement('a');
-                        dummyAnchor.href = href;
-                        if(PROTOCOLS.indexOf(dummyAnchor.protocol) !== -1) {
-                            nodeAttrs.href = encodeURI(decodeURI(href));
+                        var safeHref = sanitizeHref(href);
+                        if(safeHref) {
+                            nodeAttrs.href = safeHref;
                             var target = getQuotedMatch(extra, TARGETMATCH);
                             if(target) {
                                 nodeAttrs.target = target;
@@ -104098,7 +104113,7 @@ function getSortFunc(opts, d2c) {
 'use strict';
 
 // package version injected by `npm run preprocess`
-exports.version = '2.2.0';
+exports.version = '2.2.1';
 
 },{}]},{},[15])(15)
 });

dist/plotly-cartesian.js

@@ -1,5 +1,5 @@
 /**
-* plotly.js (finance) v2.2.0
+* plotly.js (finance) v2.2.1
 * Copyright 2012-2021, Plotly, Inc.
 * All rights reserved.
 * Licensed under the MIT license
@@ -49289,14 +49289,9 @@ function buildSVGText(containerNode, str) {
                     var href = getQuotedMatch(extra, HREFMATCH);
 
                     if(href) {
-                        // check safe protocols
-                        var dummyAnchor = document.createElement('a');
-                        dummyAnchor.href = href;
-                        if(PROTOCOLS.indexOf(dummyAnchor.protocol) !== -1) {
-                            // Decode href to allow both already encoded and not encoded
-                            // URIs. Without decoding prior encoding, an already encoded
-                            // URI would be encoded twice producing a semantically different URI.
-                            nodeSpec.href = encodeURI(decodeURI(href));
+                        var safeHref = sanitizeHref(href);
+                        if(safeHref) {
+                            nodeSpec.href = safeHref;
                             nodeSpec.target = getQuotedMatch(extra, TARGETMATCH) || '_blank';
                             nodeSpec.popup = getQuotedMatch(extra, POPUPMATCH);
                         }
@@ -49311,6 +49306,27 @@ function buildSVGText(containerNode, str) {
     return hasLink;
 }
 
+function sanitizeHref(href) {
+    var decodedHref = encodeURI(decodeURI(href));
+    var dummyAnchor1 = document.createElement('a');
+    var dummyAnchor2 = document.createElement('a');
+    dummyAnchor1.href = href;
+    dummyAnchor2.href = decodedHref;
+
+    var p1 = dummyAnchor1.protocol;
+    var p2 = dummyAnchor2.protocol;
+
+    // check safe protocols
+    if(
+        PROTOCOLS.indexOf(p1) !== -1 &&
+        PROTOCOLS.indexOf(p2) !== -1
+    ) {
+        return decodedHref;
+    } else {
+        return '';
+    }
+}
+
 /*
  * sanitizeHTML: port of buildSVGText aimed at providing a clean subset of HTML
  * @param {string} str: the html string to clean
@@ -49345,10 +49361,9 @@ exports.sanitizeHTML = function sanitizeHTML(str) {
                     var href = getQuotedMatch(extra, HREFMATCH);
 
                     if(href) {
-                        var dummyAnchor = document.createElement('a');
-                        dummyAnchor.href = href;
-                        if(PROTOCOLS.indexOf(dummyAnchor.protocol) !== -1) {
-                            nodeAttrs.href = encodeURI(decodeURI(href));
+                        var safeHref = sanitizeHref(href);
+                        if(safeHref) {
+                            nodeAttrs.href = safeHref;
                             var target = getQuotedMatch(extra, TARGETMATCH);
                             if(target) {
                                 nodeAttrs.target = target;
@@ -90985,7 +91000,7 @@ function getSortFunc(opts, d2c) {
 'use strict';
 
 // package version injected by `npm run preprocess`
-exports.version = '2.2.0';
+exports.version = '2.2.1';
 
 },{}]},{},[12])(12)
 });