@ciscospark/helper-html - npm Package Compare versions

Comparing version 0.6.3 to 0.6.4

dist/html-base.js

@@ -18,3 +18,3 @@ "use strict";
  *
- * Copyright (c) 2015 Cisco Systems, Inc. See LICENSE file.
+ * Copyright (c) 2015-2016 Cisco Systems, Inc. See LICENSE file.
  */
@@ -21,0 +21,0 @@

dist/html.js

@@ -33,4 +33,2 @@ 'use strict';
 
-// TODO We should implement these at some point
-
 /**
@@ -37,0 +35,0 @@ * @param {Object} allowedTags

dist/html.shim.js

@@ -49,2 +49,31 @@ 'use strict';
 
+/* istanbul ignore next */
+if (!Element.prototype.remove) {
+  Element.prototype.remove = function remove() {
+    this.parentElement.removeChild(this);
+  };
+}
+
+/* istanbul ignore next */
+if (!NodeList.prototype.remove) {
+  NodeList.prototype.remove = function remove() {
+    for (var i = this.length - 1; i >= 0; i--) {
+      if (this[i] && this[i].parentElement) {
+        this[i].parentElement.removeChild(this[i]);
+      }
+    }
+  };
+}
+
+/* istanbul ignore next */
+if (!HTMLCollection.prototype.remove) {
+  HTMLCollection.prototype.remove = function remove() {
+    for (var i = this.length - 1; i >= 0; i--) {
+      if (this[i] && this[i].parentElement) {
+        this[i].parentElement.removeChild(this[i]);
+      }
+    }
+  };
+}
+
 /**
@@ -74,5 +103,7 @@ * @param {Object} allowedTags
  */
-var filter = exports.filter = (0, _curry2.default)(_filter, 3);
+var filter = exports.filter = (0, _curry2.default)(_filter, 4);
 
 /**
+ * @param {function} processCallback callback function to do additional
+ * processing on node. of the form process(node)
  * @param {Object} allowedTags
@@ -84,4 +115,8 @@ * @param {Array<string>} allowedStyles
  */
-function _filterSync(allowedTags, allowedStyles, html) {
-  if (arguments.length < 3) {
+function _filterSync(processCallback, allowedTags, allowedStyles, html) {
+  if (!html || !allowedStyles || !allowedTags) {
+    if (html.length === 0) {
+      return html;
+    }
+
     throw new Error('`allowedTags`, `allowedStyles`, and `html` must be provided');
@@ -92,9 +127,10 @@ }
   depthFirstForEach(doc.body.childNodes, filterNode);
+  processCallback(doc.body);
 
   if (html.indexOf('body') === 1) {
     return '<body>' + doc.body.innerHTML + '</body>';
-  } else {
-    return doc.body.innerHTML;
   }
 
+  return doc.body.innerHTML;
+
   /**
@@ -115,5 +151,3 @@ * @param {Node} node
 
-    if (!(0, _includes2.default)(allowedTagNames, nodeName)) {
-      reparent(node);
-    } else {
+    if ((0, _includes2.default)(allowedTagNames, nodeName)) {
       (function () {
@@ -131,3 +165,7 @@ var allowedAttributes = allowedTags[nodeName];
             var styles = node.attributes.getNamedItem('style').value.split(';').map(function (style) {
-              return (0, _includes2.default)(allowedStyles, style.split(':')[0]) ? style : null;
+              var styleName = trim(style.split(':')[0]);
+              if ((0, _includes2.default)(allowedStyles, styleName)) {
+                return style;
+              }
+              return null;
             }).filter(function (style) {
@@ -140,2 +178,4 @@ return Boolean(style);
       })();
+    } else {
+      reparent(node);
     }
@@ -145,3 +185,12 @@ }
 
+var trimPattern = /^\s|\s$/g;
 /**
+ * @param {string} str
+ * @returns {string}
+ */
+function trim(str) {
+  return str.replace(trimPattern, '');
+}
+
+/**
  * @param {Node} node
@@ -188,3 +237,19 @@ * @private
 function isElement(o) {
-  return o && o.ownerDocument !== undefined && o.nodeType === 1 && typeof o.nodeName === 'string';
+  if (!o) {
+    return false;
+  }
+
+  if (o.ownerDocument === undefined) {
+    return false;
+  }
+
+  if (o.nodeType !== 1) {
+    return false;
+  }
+
+  if (typeof o.nodeName !== 'string') {
+    return false;
+  }
+
+  return true;
 }
@@ -199,3 +264,3 @@
  */
-var filterSync = exports.filterSync = (0, _curry2.default)(_filterSync, 3);
+var filterSync = exports.filterSync = (0, _curry2.default)(_filterSync, 4);
 //# sourceMappingURL=html.shim.js.map

package.json

 {
   "name": "@ciscospark/helper-html",
-  "version": "0.6.3",
+  "version": "0.6.4",
   "description": "HTML Utiltities",
   "main": "dist/index.js",
+  "devMain": "src/index.js",
   "author": "Ian W. Remmel <iremmel@cisco.com>",
@@ -10,2 +11,3 @@ "license": "(Apache-2.0)",
     "babel-runtime": "^6.3.19",
+    "envify": "^3.4.0",
     "lodash": "^4.5.1"
@@ -17,7 +19,7 @@ },
     "@ciscospark/xunit-with-logs": "^0.6.0",
-    "babel-eslint": "^4.1.6",
+    "babel-eslint": "^6.0.0-beta.5",
     "babel-plugin-lodash": "2.1.0",
     "babel-polyfill": "^6.3.14",
     "babel-register": "^6.4.3",
-    "eslint": "^1.10.3",
+    "eslint": "2.2.0",
     "eslint-plugin-mocha-only": "0.0.3"
@@ -28,3 +30,8 @@ },
     "./dist/html.js": "./dist/html.shim.js"
+  },
+  "browserify": {
+    "transform": [
+      "envify"
+    ]
   }
 }

src/html-base.js

 /**!
  *
- * Copyright (c) 2015 Cisco Systems, Inc. See LICENSE file.
+ * Copyright (c) 2015-2016 Cisco Systems, Inc. See LICENSE file.
  */
@@ -36,11 +36,11 @@
   switch (char) {
-    case `<`:
-      return `&lt;`;
-    case `>`:
-      return `&gt;`;
-    case `&`:
-      return `&amp;`;
-    default:
-      return char;
+  case `<`:
+    return `&lt;`;
+  case `>`:
+    return `&gt;`;
+  case `&`:
+    return `&amp;`;
+  default:
+    return char;
   }
 }

src/html.js

 /**!
  *
- * Copyright (c) 2015 Cisco Systems, Inc. See LICENSE file.
+ * Copyright (c) 2015-2016 Cisco Systems, Inc. See LICENSE file.
  */
@@ -10,4 +10,2 @@
 
-// TODO We should implement these at some point
-
 /**
@@ -14,0 +12,0 @@ * @param {Object} allowedTags

src/html.shim.js

 /**!
  *
- * Copyright (c) 2015 Cisco Systems, Inc. See LICENSE file.
+ * Copyright (c) 2015-2016 Cisco Systems, Inc. See LICENSE file.
  */
@@ -12,2 +12,31 @@
 
+/* istanbul ignore next */
+if (!Element.prototype.remove) {
+  Element.prototype.remove = function remove() {
+    this.parentElement.removeChild(this);
+  };
+}
+
+/* istanbul ignore next */
+if (!NodeList.prototype.remove) {
+  NodeList.prototype.remove = function remove() {
+    for (let i = this.length - 1; i >= 0; i--) {
+      if (this[i] && this[i].parentElement) {
+        this[i].parentElement.removeChild(this[i]);
+      }
+    }
+  };
+}
+
+/* istanbul ignore next */
+if (!HTMLCollection.prototype.remove) {
+  HTMLCollection.prototype.remove = function remove() {
+    for (let i = this.length - 1; i >= 0; i--) {
+      if (this[i] && this[i].parentElement) {
+        this[i].parentElement.removeChild(this[i]);
+      }
+    }
+  };
+}
+
 /**
@@ -33,5 +62,7 @@ * @param {Object} allowedTags
  */
-export const filter = curry(_filter, 3);
+export const filter = curry(_filter, 4);
 
 /**
+ * @param {function} processCallback callback function to do additional
+ * processing on node. of the form process(node)
  * @param {Object} allowedTags
@@ -43,4 +74,8 @@ * @param {Array<string>} allowedStyles
  */
-function _filterSync(allowedTags, allowedStyles, html) {
-  if (arguments.length < 3) {
+function _filterSync(processCallback, allowedTags, allowedStyles, html) {
+  if (!html || !allowedStyles || !allowedTags) {
+    if (html.length === 0) {
+      return html;
+    }
+
     throw new Error(`\`allowedTags\`, \`allowedStyles\`, and \`html\` must be provided`);
@@ -51,2 +86,3 @@ }
   depthFirstForEach(doc.body.childNodes, filterNode);
+  processCallback(doc.body);
 
@@ -56,6 +92,5 @@ if (html.indexOf(`body`) === 1) {
   }
-  else {
-    return doc.body.innerHTML;
-  }
 
+  return doc.body.innerHTML;
+
   /**
@@ -76,6 +111,3 @@ * @param {Node} node
 
-    if (!includes(allowedTagNames, nodeName)) {
-      reparent(node);
-    }
-    else {
+    if (includes(allowedTagNames, nodeName)) {
       const allowedAttributes = allowedTags[nodeName];
@@ -98,3 +130,9 @@ forEach(listAttributeNames(node.attributes), (attrName) => {
             .split(`;`)
-            .map((style) => includes(allowedStyles, style.split(`:`)[0]) ? style : null)
+            .map((style) => {
+              const styleName = trim(style.split(`:`)[0]);
+              if (includes(allowedStyles, styleName)) {
+                return style;
+              }
+              return null;
+            })
             .filter((style) => Boolean(style))
@@ -106,6 +144,18 @@ .join(`;`);
     }
+    else {
+      reparent(node);
+    }
   }
 }
 
+const trimPattern = /^\s|\s$/g;
 /**
+ * @param {string} str
+ * @returns {string}
+ */
+function trim(str) {
+  return str.replace(trimPattern, ``);
+}
+
+/**
  * @param {Node} node
@@ -152,8 +202,19 @@ * @private
 function isElement(o) {
-  return (
-    o &&
-    (o.ownerDocument !== undefined) &&
-    (o.nodeType === 1) &&
-    (typeof o.nodeName === `string`)
-  );
+  if (!o) {
+    return false;
+  }
+
+  if (o.ownerDocument === undefined) {
+    return false;
+  }
+
+  if (o.nodeType !== 1) {
+    return false;
+  }
+
+  if (typeof o.nodeName !== `string`) {
+    return false;
+  }
+
+  return true;
 }
@@ -168,2 +229,2 @@
  */
-export const filterSync = curry(_filterSync, 3);
+export const filterSync = curry(_filterSync, 4);

src/index.js

 /**!
  *
- * Copyright (c) 2015 Cisco Systems, Inc. See LICENSE file.
+ * Copyright (c) 2015-2016 Cisco Systems, Inc. See LICENSE file.
  */
 
 export {escape, escapeSync, filter, filterSync} from './html';

test/index.js

 /**!
  *
- * Copyright (c) 2015 Cisco Systems, Inc. See LICENSE file.
+ * Copyright (c) 2015-2016 Cisco Systems, Inc. See LICENSE file.
  */
 
+/* eslint global-require: [0] */
+/* eslint no-var: [0] */
+/* eslint prefer-template: [0] */
+/* eslint quotes: [0] */
+
+/* istanbul ignore else */
+if (!global._babelPolyfill) {
+  require('babel-polyfill');
+}
+
 // helper file for code coverage
@@ -7,0 +17,0 @@ if (process.env.COVERAGE && (new RegExp(process.env.PACKAGE + '$')).test(require('../package').name)) {

test/unit/spec/html.js

 /**!
  *
- * Copyright (c) 2015 Cisco Systems, Inc. See LICENSE file.
+ * Copyright (c) 2015-2016 Cisco Systems, Inc. See LICENSE file.
  */
@@ -15,3 +15,3 @@
     strong: [],
-    a: [`style`,`href`,`type`],
+    a: [`style`, `href`, `type`],
     blockquote: [`style`],
@@ -25,3 +25,4 @@ cite: [`style`],
     ul: [`style`],
-    body: [`style`, `xmlns`, `xml:lang`]
+    body: [`style`, `xmlns`, `xml:lang`],
+    'spark-mention': [`data-object-id`, `data-object-type`]
   };
@@ -42,4 +43,7 @@
 
-  const cfilter = filter(allowedTags, allowedStyles);
-  const cfilterSync = filterSync(allowedTags, allowedStyles);
+  function noop() {
+    /* ignore */
+  }
+  const cfilter = filter(noop, allowedTags, allowedStyles);
+  const cfilterSync = filterSync(noop, allowedTags, allowedStyles);
 
@@ -60,2 +64,14 @@ describe(`#filter()`, () => {
     {
+      // IE behaves differently from other browsers when DOMParser receives an
+      // emptry string
+      it: `accepts blank strings`,
+      input: ``,
+      output: ``
+    },
+    {
+      it: `allows custom tags`,
+      input: `<spark-mention data-object-id="88888888-4444-4444-4444-AAAAAAAAAAAA">John Doe</spark-mention>`,
+      output: `<spark-mention data-object-id="88888888-4444-4444-4444-AAAAAAAAAAAA">John Doe</spark-mention>`
+    },
+    {
       it: `filters tags`,
@@ -68,8 +84,8 @@ input: `<p><remove-me><bar>text1<em>text2</em>text3</bar>text4</remove-me><strong>text5</strong>text6</p>`,
       input: `<p remove="me" style="font-size:large"><em>foo</em></p>`,
-      output: `<p style="font-size:large"><em>foo</em></p>`
+      output: /<p style="font-size:\s?large;?"><em>foo<\/em><\/p>/
     },
     {
       it: `filters styles`,
-      input: `<p style="font-size:large;remove:me;color:red"><em>foo</em></p>`,
-      output: `<p style="font-size:large;color:red"><em>foo</em></p>`
+      input: `<p style="color:red;remove:me;font-size:large"><em>foo</em></p>`,
+      output: /<p style="color:\s?red;\s?font-size:\s?large;?"><em>foo<\/em><\/p>/
     },
@@ -79,3 +95,3 @@ {
       input: `<body><span bcd="abc" style="font-size:large"><p><em>foo</em></p></span></body>`,
-      output: `<body><span style="font-size:large"><p><em>foo</em></p></span></body>`
+      output: /<body><span style="font-size:\s?large;?"><p><em>foo<\/em><\/p><\/span><\/body>/
     },
@@ -130,3 +146,3 @@ {
       input: `<a remove="me" style="font-size:large"><p><em>foo</em></p></a>`,
-      output: `<a style="font-size:large"><p><em>foo</em></p></a>`
+      output: /<a style="font-size:\s?large;?"><p><em>foo<\/em><\/p><\/a>/
     },
@@ -160,5 +176,4 @@ {
     describe(`#filter()`, () => {
-      it(def.it, () => {
-        return assert.becomes(cfilter(def.input), def.output);
-      });
+      it(def.it, () => cfilter(def.input)
+        .then((out) => assert.match(out, def.output)));
     });
@@ -168,3 +183,3 @@
       it(def.it, () => {
-        assert.deepEqual(cfilterSync(def.input), def.output);
+        assert.match(cfilterSync(def.input), def.output);
       });
@@ -171,0 +186,0 @@ });

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 4 instances in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Mixed license

License

(Experimental) Package contains multiple licenses.

Found 1 instance in 1 package

Non-permissive License

License

(Experimental) A license not known to be considered permissive was found.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Minified code

Quality

This package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.

Found 3 instances in 1 package

Improved metrics

Total package byte prevSize

1568573

increased by2374.99%

Number of package files

42

increased by90.91%

Lines of code

1782

increased by110.14%

Number of low quality alerts

2

decreased by-60%

Worsened metrics

Dependency count

3

increased by50%

Number of low license alerts

2

increased byInfinity%

License quality

90

decreased by-10%

Number of medium supply chain risk alerts

5

increased by25%

Dependency changes

• + Addedenvify@^3.4.0

• + Addedacorn@5.7.4(transitive)

• + Addedamdefine@1.0.1(transitive)

• + Addedast-types@0.9.6(transitive)

• + Addedbalanced-match@1.0.2(transitive)

• + Addedbase62@1.2.8(transitive)

• + Addedbrace-expansion@1.1.11(transitive)

• + Addedcommander@2.20.3(transitive)

• + Addedcommoner@0.10.8(transitive)

• + Addedconcat-map@0.0.1(transitive)

• + Addeddefined@1.0.1(transitive)

• + Addeddetective@4.7.1(transitive)

• + Addedenvify@3.4.1(transitive)

• + Addedesprima@3.1.3(transitive)

• + Addedesprima-fb@15001.1.0-dev-harmony-fb(transitive)

• + Addedglob@5.0.15(transitive)

• + Addedgraceful-fs@4.2.11(transitive)

• + Addediconv-lite@0.4.24(transitive)

• + Addedinflight@1.0.6(transitive)

• + Addedinherits@2.0.4(transitive)

• + Addedjstransform@11.0.3(transitive)

• + Addedminimatch@3.1.2(transitive)

• + Addedminimist@1.2.8(transitive)

• + Addedmkdirp@0.5.6(transitive)

• + Addedobject-assign@2.1.1(transitive)

• + Addedonce@1.4.0(transitive)

• + Addedpath-is-absolute@1.0.1(transitive)

• + Addedprivate@0.1.8(transitive)

• + Addedq@1.5.1(transitive)

• + Addedrecast@0.11.23(transitive)

• + Addedsafer-buffer@2.1.2(transitive)

• + Addedsource-map@0.4.40.5.7(transitive)

• + Addedthrough@2.3.8(transitive)

• + Addedwrappy@1.0.2(transitive)