chore(all): prepare release 1.9.1

bower.json

@@ -1,6 +1,6 @@
 {
   "name": "aurelia-templating-resources",
-  "version": "1.9.0",
+  "version": "1.9.1",
   "description": "A standard set of behaviors, converters and other resources for use with the Aurelia templating library.",
   "keywords": [
     "aurelia",

dist/amd/html-sanitizer.js

@@ -9,15 +9,20 @@ define(['exports', 'aurelia-logging'], function (exports, _aureliaLogging) {
 
 
   var SCRIPT_REGEX = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi;
+  var needsToWarn = true;
 
   var HTMLSanitizer = exports.HTMLSanitizer = function () {
     function HTMLSanitizer() {
 
-
-      (0, _aureliaLogging.getLogger)('html-sanitizer').warn('CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,\n      and should not be relied on for sanitizing input from unknown sources.\n      Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.');
     }
 
     HTMLSanitizer.prototype.sanitize = function sanitize(input) {
+      if (needsToWarn) {
+        needsToWarn = false;
+
+        (0, _aureliaLogging.getLogger)('html-sanitizer').warn('CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,\n        and should not be relied on for sanitizing input from unknown sources.\n        Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.');
+      }
+
       return input.replace(SCRIPT_REGEX, '');
     };
 

dist/aurelia-templating-resources.d.ts

@@ -202,7 +202,6 @@ export declare class IfCore {
 * Default Html Sanitizer to prevent script injection.
 */
 export declare class HTMLSanitizer {
-  constructor();
 
   /**
     * Sanitizes the provided input.

dist/aurelia-templating-resources.js

@@ -459,23 +459,26 @@ export class IfCore {
 }
 
 const SCRIPT_REGEX = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi;
+let needsToWarn = true;
 
 /**
 * Default Html Sanitizer to prevent script injection.
 */
 export class HTMLSanitizer {
-  constructor() {
-    getLogger('html-sanitizer')
-      .warn(`CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,
-      and should not be relied on for sanitizing input from unknown sources.
-      Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.`);
-  }
-
   /**
   * Sanitizes the provided input.
   * @param input The input to be sanitized.
   */
   sanitize(input) {
+    if (needsToWarn) {
+      needsToWarn = false;
+
+      getLogger('html-sanitizer')
+        .warn(`CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,
+        and should not be relied on for sanitizing input from unknown sources.
+        Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.`);
+    }
+
     return input.replace(SCRIPT_REGEX, '');
   }
 }

dist/commonjs/html-sanitizer.js

@@ -10,15 +10,20 @@ var _aureliaLogging = require('aurelia-logging');
 
 
 var SCRIPT_REGEX = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi;
+var needsToWarn = true;
 
 var HTMLSanitizer = exports.HTMLSanitizer = function () {
   function HTMLSanitizer() {
 
-
-    (0, _aureliaLogging.getLogger)('html-sanitizer').warn('CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,\n      and should not be relied on for sanitizing input from unknown sources.\n      Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.');
   }
 
   HTMLSanitizer.prototype.sanitize = function sanitize(input) {
+    if (needsToWarn) {
+      needsToWarn = false;
+
+      (0, _aureliaLogging.getLogger)('html-sanitizer').warn('CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,\n        and should not be relied on for sanitizing input from unknown sources.\n        Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.');
+    }
+
     return input.replace(SCRIPT_REGEX, '');
   };
 

dist/es2015/html-sanitizer.js

@@ -1,15 +1,18 @@
 import { getLogger } from 'aurelia-logging';
 
 const SCRIPT_REGEX = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi;
+let needsToWarn = true;
 
 export let HTMLSanitizer = class HTMLSanitizer {
-  constructor() {
-    getLogger('html-sanitizer').warn(`CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,
-      and should not be relied on for sanitizing input from unknown sources.
-      Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.`);
-  }
-
   sanitize(input) {
+    if (needsToWarn) {
+      needsToWarn = false;
+
+      getLogger('html-sanitizer').warn(`CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,
+        and should not be relied on for sanitizing input from unknown sources.
+        Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.`);
+    }
+
     return input.replace(SCRIPT_REGEX, '');
   }
 };

dist/native-modules/html-sanitizer.js

@@ -3,15 +3,20 @@
 import { getLogger } from 'aurelia-logging';
 
 var SCRIPT_REGEX = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi;
+var needsToWarn = true;
 
 export var HTMLSanitizer = function () {
   function HTMLSanitizer() {
 
-
-    getLogger('html-sanitizer').warn('CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,\n      and should not be relied on for sanitizing input from unknown sources.\n      Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.');
   }
 
   HTMLSanitizer.prototype.sanitize = function sanitize(input) {
+    if (needsToWarn) {
+      needsToWarn = false;
+
+      getLogger('html-sanitizer').warn('CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,\n        and should not be relied on for sanitizing input from unknown sources.\n        Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.');
+    }
+
     return input.replace(SCRIPT_REGEX, '');
   };
 

dist/system/html-sanitizer.js

@@ -3,7 +3,7 @@
 System.register(['aurelia-logging'], function (_export, _context) {
   "use strict";
 
-  var getLogger, SCRIPT_REGEX, HTMLSanitizer;
+  var getLogger, SCRIPT_REGEX, needsToWarn, HTMLSanitizer;
 
 
 
@@ -13,15 +13,20 @@ System.register(['aurelia-logging'], function (_export, _context) {
     }],
     execute: function () {
       SCRIPT_REGEX = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi;
+      needsToWarn = true;
 
       _export('HTMLSanitizer', HTMLSanitizer = function () {
         function HTMLSanitizer() {
 
-
-          getLogger('html-sanitizer').warn('CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,\n      and should not be relied on for sanitizing input from unknown sources.\n      Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.');
         }
 
         HTMLSanitizer.prototype.sanitize = function sanitize(input) {
+          if (needsToWarn) {
+            needsToWarn = false;
+
+            getLogger('html-sanitizer').warn('CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,\n        and should not be relied on for sanitizing input from unknown sources.\n        Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.');
+          }
+
           return input.replace(SCRIPT_REGEX, '');
         };
 

dist/temp/aurelia-templating-resources.js

@@ -480,15 +480,20 @@ var IfCore = exports.IfCore = function () {
 }();
 
 var SCRIPT_REGEX = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi;
+var needsToWarn = true;
 
 var HTMLSanitizer = exports.HTMLSanitizer = function () {
   function HTMLSanitizer() {
     _classCallCheck(this, HTMLSanitizer);
-
-    (0, _aureliaLogging.getLogger)('html-sanitizer').warn('CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,\n      and should not be relied on for sanitizing input from unknown sources.\n      Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.');
   }
 
   HTMLSanitizer.prototype.sanitize = function sanitize(input) {
+    if (needsToWarn) {
+      needsToWarn = false;
+
+      (0, _aureliaLogging.getLogger)('html-sanitizer').warn('CAUTION: The default HTMLSanitizer does NOT provide security against a wide variety of sophisticated XSS attacks,\n        and should not be relied on for sanitizing input from unknown sources.\n        Please see https://aurelia.io/docs/binding/basics#element-content for instructions on how to use a secure solution like DOMPurify or sanitize-html.');
+    }
+
     return input.replace(SCRIPT_REGEX, '');
   };
 

doc/CHANGELOG.md

@@ -1,3 +1,13 @@
+<a name="1.9.1"></a>
+## [1.9.1](https://github.com/aurelia/templating-resources/compare/1.9.0...1.9.1) (2019-03-28)
+
+
+### Bug Fixes
+
+* **html-sanitizer:** only warn if sanitization is attempted ([82beb9b](https://github.com/aurelia/templating-resources/commit/82beb9b))
+
+
+
 <a name="1.9.0"></a>
 # [1.9.0](https://github.com/aurelia/templating-resources/compare/1.8.0...1.9.0) (2019-03-27)
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "aurelia-templating-resources",
-  "version": "1.9.0",
+  "version": "1.9.1",
   "description": "A standard set of behaviors, converters and other resources for use with the Aurelia templating library.",
   "keywords": [
     "aurelia",