@contrast/assess
Advanced tools
Comparing version 1.16.1 to 1.17.0
@@ -33,3 +33,3 @@ /* | ||
require('./install/decode-uri-component')(core); | ||
require('./install/encode-uri-component')(core); | ||
require('./install/encode-uri')(core); | ||
require('./install/escape-html')(core); | ||
@@ -39,2 +39,3 @@ require('./install/escape')(core); | ||
require('./install/isnumeric-0')(core); | ||
require('./install/mustache-escape')(core); | ||
require('./install/mysql-connection-escape')(core); | ||
@@ -41,0 +42,0 @@ require('./install/parse-int')(core); |
@@ -22,3 +22,3 @@ /* | ||
const { | ||
createFullLengthCopyTags | ||
createEscapeTagRanges | ||
} = require('../../tag-utils'); | ||
@@ -56,3 +56,3 @@ const { patchType } = require('../common'); | ||
const history = [{ ...argInfo }]; | ||
const newTags = createFullLengthCopyTags(argInfo.tags, result.length); | ||
const newTags = createEscapeTagRanges(args[0], result, argInfo.tags); | ||
@@ -59,0 +59,0 @@ newTags[HTML_ENCODED] = [0, result.length - 1]; |
@@ -29,7 +29,11 @@ /* | ||
require('./dirname')(core); | ||
require('./extname')(core); | ||
require('./format')(core); | ||
require('./join-and-resolve')(core); | ||
require('./normalize')(core); | ||
require('./parse')(core); | ||
require('./relative')(core); | ||
require('./toNamespacedPath')(core); | ||
return pathInstrumentation; | ||
}; |
@@ -27,5 +27,7 @@ /* | ||
require('./escape')(core); | ||
require('./parse')(core); | ||
require('./stringify')(core); | ||
return querystringInstrumentation; | ||
}; |
@@ -46,3 +46,2 @@ /* | ||
const rInfo = tracker.getData(result); | ||
if (rInfo) { | ||
@@ -81,3 +80,3 @@ // this may happen w/ trackedStr.concat('') => trackedStr | ||
methodName: 'prototype.concat', | ||
context: `${inspect(objInfo?.value) || String(obj)}.concat(${join(argsData.map(d => d.value), ', ')})`, | ||
context: `${inspect(objInfo?.value) || String(obj)}.concat(${inspect(join(argsData.map(d => d.value)), ', ')})`, | ||
object: { | ||
@@ -103,3 +102,2 @@ value: objInfo?.value || String(obj), | ||
if (!event) return; | ||
const { extern } = tracker.track(result, event); | ||
@@ -106,0 +104,0 @@ |
@@ -54,11 +54,6 @@ /* | ||
const start = presetStart || obj.indexOf(result); | ||
const newTags = {}; | ||
const objTags = objInfo.tags || {}; | ||
Object.assign(newTags, createSubsetTags(objTags, start, result.length)); | ||
const newTags = createSubsetTags(objTags, start, result.length); | ||
if (!newTags.untrusted) { | ||
return; | ||
} | ||
const event = createPropagationEvent({ | ||
const event = newTags && createPropagationEvent({ | ||
name: `String.prototype.${methodName}`, | ||
@@ -65,0 +60,0 @@ moduleName: 'String', |
@@ -27,2 +27,8 @@ /* | ||
function atomicAppend(firstTagRanges, secondTagRanges, offset) { | ||
if (!firstTagRanges.length) { | ||
const ret = secondTagRanges.map((v) => v + offset); | ||
return ret; | ||
} | ||
const newTagRanges = [...firstTagRanges]; | ||
@@ -275,2 +281,36 @@ | ||
function createEscapeTagRanges(input, result, tags) { | ||
const inputArr = input.split(''); | ||
const escapedArr = result.split(''); | ||
const overlap = inputArr.filter((x) => { | ||
if (escapedArr.includes(x)) { | ||
return x; | ||
} | ||
}); | ||
if (overlap.length === 0) { | ||
return []; | ||
} | ||
const newTagRanges = []; | ||
let firstIndex = escapedArr.indexOf(overlap[0]); | ||
let currIndex = firstIndex; | ||
let nextIndex; | ||
for (let i = 1; i < overlap.length; i++) { | ||
nextIndex = escapedArr.indexOf(overlap[i], currIndex + 1); | ||
if (nextIndex !== currIndex + 1) { | ||
newTagRanges.push(firstIndex, currIndex); | ||
firstIndex = nextIndex; | ||
} | ||
if (i === overlap.length - 1) { | ||
newTagRanges.push(firstIndex, nextIndex); | ||
} | ||
currIndex = nextIndex; | ||
} | ||
const ret = Object.create(null); | ||
for (const tagName of Object.keys(tags)) { | ||
ret[tagName] = newTagRanges; | ||
} | ||
return ret; | ||
} | ||
module.exports = { | ||
@@ -283,3 +323,4 @@ createSubsetTags, | ||
createAdjustedQueryTags, | ||
createOverlappingTags | ||
createOverlappingTags, | ||
createEscapeTagRanges | ||
}; |
{ | ||
"name": "@contrast/assess", | ||
"version": "1.16.1", | ||
"version": "1.17.0", | ||
"description": "Contrast service providing framework-agnostic Assess support", | ||
@@ -5,0 +5,0 @@ "license": "SEE LICENSE IN LICENSE", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
511721
142
14657