@forge/api - npm Package Compare versions

Comparing version 2.19.3-next.0 to 2.19.3-next.1

CHANGELOG.md

 # @forge/api
 
+## 2.19.3-next.1
+
+### Patch Changes
+
+- dd43e2f: Fix trusted routes interpolated into larger routes
+
 ## 2.19.3-next.0
@@ -4,0 +10,0 @@

out/safeUrl.js

@@ -32,7 +32,10 @@ "use strict";
         case 'path':
-            const parameterString = isRoute(parameter) ? parameter.value : String(parameter);
-            if (containsOneOf(DOUBLE_DOT, parameterString) || containsOneOf(ENDS_PATH, parameterString)) {
+            if (isRoute(parameter)) {
+                return parameter.value;
+            }
+            parameter = String(parameter);
+            if (containsOneOf(DOUBLE_DOT, parameter) || containsOneOf(ENDS_PATH, parameter)) {
                 throw new Error('Disallowing path manipulation attempt');
             }
-            return parameterString;
+            return parameter;
         case 'query':
@@ -39,0 +42,0 @@ if (isRoute(parameter)) {

package.json

 {
   "name": "@forge/api",
-  "version": "2.19.3-next.0",
+  "version": "2.19.3-next.1",
   "description": "Forge API methods",
@@ -15,3 +15,3 @@ "author": "Atlassian",
   "devDependencies": {
-    "@forge/runtime": "5.1.2-next.1",
+    "@forge/runtime": "5.1.2-next.2",
     "@types/node": "14.18.63",
@@ -18,0 +18,0 @@ "jest-matcher-specific-error": "^1.0.0",

No alert changes

Improved metrics

Total package byte prevSize

90028

increased by0.14%

Lines of code

959

increased by0.31%

No dependency changes