Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@locker/html-sanitizer
Advanced tools
@locker/html-sanitizer - npm Package Compare versions
Comparing version 0.12.12 to 0.12.13
@@ -16,17 +16,17 @@ /** | ||
| const instances = shared.WeakMapCreate(); | ||
| const instances = new shared.WeakMapCtor(); | ||
| function sanitizer(config, hooks) { | ||
| let sanitizer = shared.WeakMapGet(instances, config); | ||
| if (sanitizer) { | ||
| return sanitizer; | ||
| let dompurify = shared.WeakMapGet(instances, config); | ||
| if (dompurify) { | ||
| return dompurify; | ||
| } | ||
| sanitizer = DOMPurify__default['default'](); | ||
| sanitizer.setConfig(config); | ||
| dompurify = DOMPurify__default['default'](); | ||
| dompurify.setConfig(config); | ||
| if (hooks) { | ||
| shared.MapForEach(hooks, (cb, hookName) => { | ||
| sanitizer.addHook(hookName, cb); | ||
| dompurify.addHook(hookName, cb); | ||
| }); | ||
| } | ||
| shared.WeakMapSet(instances, config, sanitizer); | ||
| return sanitizer; | ||
| shared.WeakMapSet(instances, config, dompurify); | ||
| return dompurify; | ||
| } | ||
@@ -259,3 +259,3 @@ | ||
| // queue for managing pending xhr requests | ||
| const queue = shared.SetCreate(); | ||
| const queue = new shared.SetCtor(); | ||
| // simple regex to find all non lowercase alfanumeric | ||
@@ -285,3 +285,3 @@ const urlReplacer = /[^a-z0-9]+/gi; | ||
| sharedDom.ElementSetAttributeUtil(c, 'id', url); | ||
| const body = shared.FunctionCall(sharedDom.DocumentBodyGetter, document$1); | ||
| const body = shared.ReflectApply(sharedDom.DocumentBodyGetter, document$1, shared.emptyArray); | ||
| sharedDom.NodeAppendChild(body, c); | ||
@@ -327,7 +327,7 @@ return c; | ||
| // initiate an XHR to fetch the resource | ||
| const onComplete = function () { | ||
| const readyState = shared.FunctionCall(sharedDom.XhrReadyStateGetter, xhr); | ||
| const status = shared.FunctionCall(sharedDom.XhrStatusGetter, xhr); | ||
| const onComplete = function onComplete() { | ||
| const readyState = shared.ReflectApply(sharedDom.XhrReadyStateGetter, xhr, shared.emptyArray); | ||
| const status = shared.ReflectApply(sharedDom.XhrStatusGetter, xhr, shared.emptyArray); | ||
| if (readyState === 4 && status === 200) { | ||
| const san = sanitizer(DOM_SVG, shared.MapCreate([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| const san = sanitizer(DOM_SVG, new shared.MapCtor([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| // retrieved content should be sanitized immediately | ||
@@ -347,6 +347,6 @@ const content = san.sanitize(xhr.responseText); | ||
| }; | ||
| const xhr = sharedDom.XhrCreateUtil(); | ||
| sharedDom.XhrOpenUtil(xhr, 'GET', normalizedHref.requestedUrl); | ||
| const xhr = new sharedDom.XhrCtor(); | ||
| sharedDom.XhrOpen(xhr, 'GET', normalizedHref.requestedUrl); | ||
| shared.ReflectApply(sharedDom.XhrOnReadyStateChangeSetter, xhr, [onComplete]); | ||
| sharedDom.XhrSendUtil(xhr); | ||
| sharedDom.XhrSend(xhr); | ||
| } | ||
@@ -378,3 +378,3 @@ function sanitizeSvgHrefValue(value) { | ||
| function sanitizeHrefAttributeHook(node, data) { | ||
| const nodeName = shared.StringToUpperCase(shared.FunctionCall(sharedDom.NodeNodeNameGetter, node)); | ||
| const nodeName = shared.StringToUpperCase(shared.ReflectApply(sharedDom.NodeNodeNameGetter, node, shared.emptyArray)); | ||
| if (data.attrValue && nodeName === 'USE' && shared.ArrayIncludes(ATTRIBUTES, data.attrName)) { | ||
@@ -390,6 +390,6 @@ data.attrValue = sanitizeSvgHrefValue(data.attrValue); | ||
| function blobSanitizer() { | ||
| return sanitizer(STRING_BLOB, shared.MapCreate([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| return sanitizer(STRING_BLOB, new shared.MapCtor([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| } | ||
| function svgSanitizer() { | ||
| return sanitizer(DOM_SVG, shared.MapCreate([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| return sanitizer(DOM_SVG, new shared.MapCtor([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| } | ||
@@ -401,3 +401,3 @@ function sanitize(dirty) { | ||
| } | ||
| defaultSanitizer = sanitizer(DEFAULT_CONFIGURATION, shared.MapCreate([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| defaultSanitizer = sanitizer(DEFAULT_CONFIGURATION, new shared.MapCtor([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| return defaultSanitizer.sanitize(template.content); | ||
@@ -412,2 +412,2 @@ } | ||
| exports.svgSanitizer = svgSanitizer; | ||
| /** version: 0.12.12 */ | ||
| /** version: 0.12.13 */ |
| /** | ||
| * Copyright (C) 2019 salesforce.com, inc. | ||
| */ | ||
| import { WeakMapCreate, WeakMapGet, MapForEach, WeakMapSet, ArrayConcat, ArrayFilter, ArrayIncludes, SetCreate, StringStartsWith, StringSplit, StringReplace, StringToLowerCase, SetHas, SetAdd, ReflectApply, StringToUpperCase, FunctionCall, MapCreate, SetDelete } from '@locker/shared'; | ||
| import { DocumentCreateElement, DocumentGetElementById, WindowSetIntervalUtil, XhrCreateUtil, XhrOpenUtil, XhrOnReadyStateChangeSetter, XhrSendUtil, NodeNodeNameGetter, ElementSetAttributeUtil, DocumentBodyGetter, NodeAppendChild, ElementQuerySelectorUtil, WindowClearIntervalUtil, XhrReadyStateGetter, XhrStatusGetter, DocumentFragmentGetElementById } from '@locker/shared-dom'; | ||
| import { WeakMapCtor, WeakMapGet, MapForEach, WeakMapSet, ArrayConcat, ArrayFilter, ArrayIncludes, SetCtor, StringStartsWith, StringSplit, StringReplace, StringToLowerCase, SetHas, SetAdd, ReflectApply, StringToUpperCase, emptyArray, MapCtor, SetDelete } from '@locker/shared'; | ||
| import { DocumentCreateElement, DocumentGetElementById, WindowSetIntervalUtil, XhrCtor, XhrOpen, XhrOnReadyStateChangeSetter, XhrSend, NodeNodeNameGetter, ElementSetAttributeUtil, DocumentBodyGetter, NodeAppendChild, ElementQuerySelectorUtil, WindowClearIntervalUtil, XhrReadyStateGetter, XhrStatusGetter, DocumentFragmentGetElementById } from '@locker/shared-dom'; | ||
| import DOMPurify from 'dompurify'; | ||
| const instances = WeakMapCreate(); | ||
| const instances = new WeakMapCtor(); | ||
| function sanitizer(config, hooks) { | ||
| let sanitizer = WeakMapGet(instances, config); | ||
| if (sanitizer) { | ||
| return sanitizer; | ||
| let dompurify = WeakMapGet(instances, config); | ||
| if (dompurify) { | ||
| return dompurify; | ||
| } | ||
| sanitizer = DOMPurify(); | ||
| sanitizer.setConfig(config); | ||
| dompurify = DOMPurify(); | ||
| dompurify.setConfig(config); | ||
| if (hooks) { | ||
| MapForEach(hooks, (cb, hookName) => { | ||
| sanitizer.addHook(hookName, cb); | ||
| dompurify.addHook(hookName, cb); | ||
| }); | ||
| } | ||
| WeakMapSet(instances, config, sanitizer); | ||
| return sanitizer; | ||
| WeakMapSet(instances, config, dompurify); | ||
| return dompurify; | ||
| } | ||
@@ -250,3 +250,3 @@ | ||
| // queue for managing pending xhr requests | ||
| const queue = SetCreate(); | ||
| const queue = new SetCtor(); | ||
| // simple regex to find all non lowercase alfanumeric | ||
@@ -276,3 +276,3 @@ const urlReplacer = /[^a-z0-9]+/gi; | ||
| ElementSetAttributeUtil(c, 'id', url); | ||
| const body = FunctionCall(DocumentBodyGetter, document$1); | ||
| const body = ReflectApply(DocumentBodyGetter, document$1, emptyArray); | ||
| NodeAppendChild(body, c); | ||
@@ -318,7 +318,7 @@ return c; | ||
| // initiate an XHR to fetch the resource | ||
| const onComplete = function () { | ||
| const readyState = FunctionCall(XhrReadyStateGetter, xhr); | ||
| const status = FunctionCall(XhrStatusGetter, xhr); | ||
| const onComplete = function onComplete() { | ||
| const readyState = ReflectApply(XhrReadyStateGetter, xhr, emptyArray); | ||
| const status = ReflectApply(XhrStatusGetter, xhr, emptyArray); | ||
| if (readyState === 4 && status === 200) { | ||
| const san = sanitizer(DOM_SVG, MapCreate([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| const san = sanitizer(DOM_SVG, new MapCtor([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| // retrieved content should be sanitized immediately | ||
@@ -338,6 +338,6 @@ const content = san.sanitize(xhr.responseText); | ||
| }; | ||
| const xhr = XhrCreateUtil(); | ||
| XhrOpenUtil(xhr, 'GET', normalizedHref.requestedUrl); | ||
| const xhr = new XhrCtor(); | ||
| XhrOpen(xhr, 'GET', normalizedHref.requestedUrl); | ||
| ReflectApply(XhrOnReadyStateChangeSetter, xhr, [onComplete]); | ||
| XhrSendUtil(xhr); | ||
| XhrSend(xhr); | ||
| } | ||
@@ -369,3 +369,3 @@ function sanitizeSvgHrefValue(value) { | ||
| function sanitizeHrefAttributeHook(node, data) { | ||
| const nodeName = StringToUpperCase(FunctionCall(NodeNodeNameGetter, node)); | ||
| const nodeName = StringToUpperCase(ReflectApply(NodeNodeNameGetter, node, emptyArray)); | ||
| if (data.attrValue && nodeName === 'USE' && ArrayIncludes(ATTRIBUTES, data.attrName)) { | ||
@@ -381,6 +381,6 @@ data.attrValue = sanitizeSvgHrefValue(data.attrValue); | ||
| function blobSanitizer() { | ||
| return sanitizer(STRING_BLOB, MapCreate([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| return sanitizer(STRING_BLOB, new MapCtor([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| } | ||
| function svgSanitizer() { | ||
| return sanitizer(DOM_SVG, MapCreate([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| return sanitizer(DOM_SVG, new MapCtor([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| } | ||
@@ -392,3 +392,3 @@ function sanitize(dirty) { | ||
| } | ||
| defaultSanitizer = sanitizer(DEFAULT_CONFIGURATION, MapCreate([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| defaultSanitizer = sanitizer(DEFAULT_CONFIGURATION, new MapCtor([['uponSanitizeAttribute', sanitizeHrefAttributeHook]])); | ||
| return defaultSanitizer.sanitize(template.content); | ||
@@ -398,2 +398,2 @@ } | ||
| export { config as CONFIG, blobSanitizer, sanitize, sanitizeSvgHrefValue, sanitizer, svgSanitizer }; | ||
| /** version: 0.12.12 */ | ||
| /** version: 0.12.13 */ |
| { | ||
| "name": "@locker/html-sanitizer", | ||
| "version": "0.12.12", | ||
| "version": "0.12.13", | ||
| "license": "Salesforce Developer Agreement", | ||
@@ -22,8 +22,8 @@ "author": "Salesforce UI Security Team", | ||
| "dependencies": { | ||
| "@locker/shared": "0.12.12", | ||
| "@locker/shared-dom": "0.12.12", | ||
| "@locker/shared": "0.12.13", | ||
| "@locker/shared-dom": "0.12.13", | ||
| "@types/dompurify": "2.1.0", | ||
| "dompurify": "2.2.2" | ||
| }, | ||
| "gitHead": "70462b15cdef106c1a55b77e5c48d3a023004f0b" | ||
| "gitHead": "773c88ecf9df8aae0fb438aba23605f10950dff0" | ||
| } |
@@ -5,3 +5,3 @@ import { DOMPurifyI } from 'dompurify'; | ||
| import { sanitizeSvgHrefValue } from './hooks/svg-sanitize-href-attribute'; | ||
| export { sanitizer, CONFIG, sanitizeSvgHrefValue }; | ||
| export { CONFIG, sanitizer, sanitizeSvgHrefValue }; | ||
| export declare function blobSanitizer(): DOMPurifyI; | ||
@@ -8,0 +8,0 @@ export declare function svgSanitizer(): DOMPurifyI; |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by0.43%
28961
Worsened metrics
- Lines of code
- decreased by-0.12%
801
Dependency changes
+ Added@locker/shared@0.12.13(transitive)
+ Added@locker/shared-dom@0.12.13(transitive)
- Removed@locker/shared@0.12.12(transitive)
- Removed@locker/shared-dom@0.12.12(transitive)
Updated@locker/shared@0.12.13
Updated@locker/shared-dom@0.12.13