diff --git a/src/vhtml.js b/src/vhtml.js index 0e03f69..e2bff65 100644 --- a/src/vhtml.js +++ b/src/vhtml.js @@ -9,7 +9,16 @@ let DOMAttributeNames = { htmlFor: 'for' }; -let sanitized = {}; +let sanitized = new Set(); + +let cleanupTimer = 0; +function cleanup() { + cleanupTimer = 0; + sanitized.clear(); +} +function scheduleCleanup() { + if (!cleanupTimer) cleanupTimer = setTimeout(cleanup); +} /** Hyperscript reviver that constructs a sanitized HTML string. */ export default function h(name, attrs) { @@ -47,7 +56,7 @@ export default function h(name, attrs) { for (let i=child.length; i--; ) stack.push(child[i]); } else { - s += sanitized[child]===true ? child : esc(child); + s += sanitized.has(child) ? child : esc(child); } } } @@ -55,6 +64,7 @@ export default function h(name, attrs) { s += name ? `${name}>` : ''; } - sanitized[s] = true; + sanitized.add(s); + scheduleCleanup(); return s; }
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: