@locker/internal-policy - npm Package Compare versions

Comparing version 0.19.6 to 0.19.7

dist/index.cjs.d.ts

 import { ScriptElement } from "@locker/shared-dom";
 type Evaluator = (sourceText: string) => any;
 // eslint-disable-next-line no-shadow
-declare const enum ContentType {
+declare enum ContentType {
     HTML = 0,
@@ -6,0 +6,0 @@ SVG = 1,

dist/index.cjs.js

@@ -41,2 +41,10 @@ /*!
 const BLOB_SCRIPT_SOURCE$LWS = `document.currentScript['${EVALUATOR_PROPERTY_KEY$LWS}']`;
+
+// eslint-disable-next-line no-shadow
+exports.ContentType = void 0;
+(function (ContentType$LWS) {
+  ContentType$LWS[ContentType$LWS["HTML"] = 0] = "HTML";
+  ContentType$LWS[ContentType$LWS["SVG"] = 1] = "SVG";
+  ContentType$LWS[ContentType$LWS["XML"] = 2] = "XML";
+})(exports.ContentType || (exports.ContentType = {}));
 const evaluatedScripts$LWS = shared$LWS.toSafeWeakSet(new shared$LWS.WeakSetCtor());
@@ -54,3 +62,3 @@ const scriptURLsCache$LWS = shared$LWS.toSafeWeakMap(new shared$LWS.WeakMapCtor());
     switch (contentType$LWS) {
-      case 0 /* ContentType.HTML */:
+      case exports.ContentType.HTML:
         {
@@ -63,5 +71,13 @@ shared$LWS.ReflectApply(sharedDom$LWS.ElementProtoInnerHTMLSetter, htmlTemplate$LWS, [trustedTypes$LWS.trusted.createHTML(dirty$LWS)]);
         }
-      case 1 /* ContentType.SVG */:
-        return '';
-      case 2 /* ContentType.XML */:
+      case exports.ContentType.SVG:
+        {
+          const tplElement$LWS = shared$LWS.ReflectApply(sharedDom$LWS.DocumentProtoCreateElement, document, ['template']);
+          shared$LWS.ReflectApply(sharedDom$LWS.ElementProtoInnerHTMLSetter, tplElement$LWS, [trustedTypes$LWS.trusted.createHTML(dirty$LWS)]);
+          const wrappedDirty$LWS = shared$LWS.ReflectApply(sharedDom$LWS.DocumentProtoCreateElementNS, document, [sharedDom$LWS.NAMESPACE_SVG, 'svg']);
+          shared$LWS.ReflectApply(sharedDom$LWS.ElementProtoInnerHTMLSetter, wrappedDirty$LWS, [trustedTypes$LWS.trusted.createHTML(dirty$LWS)]);
+          const sanitized$LWS = htmlSanitizer$LWS.getSanitizerForConfig('SHARED_SVG_SANITIZER_KEY', 'NODE_SVG').sanitize(wrappedDirty$LWS);
+          const firstChild$LWS = shared$LWS.ReflectApply(sharedDom$LWS.NodeProtoFirstChildGetter, sanitized$LWS, []);
+          return shared$LWS.ReflectApply(sharedDom$LWS.ElementProtoInnerHTMLGetter, firstChild$LWS, []);
+        }
+      case exports.ContentType.XML:
         return dirty$LWS;
@@ -176,2 +192,2 @@ default:
 exports.lwsInternalPolicy = lwsInternalPolicy$LWS;
-/*! version: 0.19.6 */
+/*! version: 0.19.7 */

dist/index.mjs.d.ts

 import { ScriptElement } from "@locker/shared-dom";
 type Evaluator = (sourceText: string) => any;
 // eslint-disable-next-line no-shadow
-declare const enum ContentType {
+declare enum ContentType {
     HTML = 0,
@@ -6,0 +6,0 @@ SVG = 1,

dist/index.mjs.js

@@ -6,3 +6,3 @@ /*!
 import { toSafeWeakMap as toSafeWeakMap$LWS, WeakMapCtor as WeakMapCtor$LWS, ReflectApply as ReflectApply$LWS, ErrorCtor as ErrorCtor$LWS, toSafeWeakSet as toSafeWeakSet$LWS, WeakSetCtor as WeakSetCtor$LWS, LockerSecurityError as LockerSecurityError$LWS, ERR_INVALID_SANDBOX_KEY as ERR_INVALID_SANDBOX_KEY$LWS, PromiseProtoThen as PromiseProtoThen$LWS, ReflectDefineProperty as ReflectDefineProperty$LWS, FunctionProtoBind as FunctionProtoBind$LWS, ReflectDeleteProperty as ReflectDeleteProperty$LWS } from '@locker/shared';
-import { AbortControllerCtor as AbortControllerCtor$LWS, AbortControllerProtoSignalGetter as AbortControllerProtoSignalGetter$LWS, WindowFetch as WindowFetch$LWS, ResponseProtoOkGetter as ResponseProtoOkGetter$LWS, ResponseProtoText as ResponseProtoText$LWS, AbortControllerProtoAbort as AbortControllerProtoAbort$LWS, DocumentProtoCreateElement as DocumentProtoCreateElement$LWS, ElementProtoInnerHTMLSetter as ElementProtoInnerHTMLSetter$LWS, HTMLTemplateElementProtoContentGetter as HTMLTemplateElementProtoContentGetter$LWS, ElementProtoInnerHTMLGetter as ElementProtoInnerHTMLGetter$LWS, NodeProtoIsConnectedGetter as NodeProtoIsConnectedGetter$LWS, URLCreateObjectURL as URLCreateObjectURL$LWS, BlobCtor as BlobCtor$LWS, ElementProtoGetAttribute as ElementProtoGetAttribute$LWS, ElementProtoHasAttribute as ElementProtoHasAttribute$LWS, ElementProtoNamespaceURIGetter as ElementProtoNamespaceURIGetter$LWS, ElementProtoSetAttributeNS as ElementProtoSetAttributeNS$LWS, URLRevokeObjectURL as URLRevokeObjectURL$LWS, EventTargetProtoAddEventListener as EventTargetProtoAddEventListener$LWS, HTMLScriptElementCtor as HTMLScriptElementCtor$LWS, NAMESPACE_XHTML as NAMESPACE_XHTML$LWS, NAMESPACE_XLINK as NAMESPACE_XLINK$LWS, EventTargetProtoRemoveEventListener as EventTargetProtoRemoveEventListener$LWS } from '@locker/shared-dom';
+import { AbortControllerCtor as AbortControllerCtor$LWS, AbortControllerProtoSignalGetter as AbortControllerProtoSignalGetter$LWS, WindowFetch as WindowFetch$LWS, ResponseProtoOkGetter as ResponseProtoOkGetter$LWS, ResponseProtoText as ResponseProtoText$LWS, AbortControllerProtoAbort as AbortControllerProtoAbort$LWS, DocumentProtoCreateElement as DocumentProtoCreateElement$LWS, ElementProtoInnerHTMLSetter as ElementProtoInnerHTMLSetter$LWS, DocumentProtoCreateElementNS as DocumentProtoCreateElementNS$LWS, NAMESPACE_SVG as NAMESPACE_SVG$LWS, NodeProtoFirstChildGetter as NodeProtoFirstChildGetter$LWS, ElementProtoInnerHTMLGetter as ElementProtoInnerHTMLGetter$LWS, HTMLTemplateElementProtoContentGetter as HTMLTemplateElementProtoContentGetter$LWS, NodeProtoIsConnectedGetter as NodeProtoIsConnectedGetter$LWS, URLCreateObjectURL as URLCreateObjectURL$LWS, BlobCtor as BlobCtor$LWS, ElementProtoGetAttribute as ElementProtoGetAttribute$LWS, ElementProtoHasAttribute as ElementProtoHasAttribute$LWS, ElementProtoNamespaceURIGetter as ElementProtoNamespaceURIGetter$LWS, ElementProtoSetAttributeNS as ElementProtoSetAttributeNS$LWS, URLRevokeObjectURL as URLRevokeObjectURL$LWS, EventTargetProtoAddEventListener as EventTargetProtoAddEventListener$LWS, HTMLScriptElementCtor as HTMLScriptElementCtor$LWS, NAMESPACE_XHTML as NAMESPACE_XHTML$LWS, NAMESPACE_XLINK as NAMESPACE_XLINK$LWS, EventTargetProtoRemoveEventListener as EventTargetProtoRemoveEventListener$LWS } from '@locker/shared-dom';
 import { resolveURL as resolveURL$LWS } from '@locker/shared-url';
@@ -37,2 +37,10 @@ import { createPolicy as createPolicy$LWS, trusted as trusted$LWS } from '@locker/trusted-types';
 const BLOB_SCRIPT_SOURCE$LWS = `document.currentScript['${EVALUATOR_PROPERTY_KEY$LWS}']`;
+
+// eslint-disable-next-line no-shadow
+var ContentType$LWS;
+(function (ContentType$LWS) {
+  ContentType$LWS[ContentType$LWS["HTML"] = 0] = "HTML";
+  ContentType$LWS[ContentType$LWS["SVG"] = 1] = "SVG";
+  ContentType$LWS[ContentType$LWS["XML"] = 2] = "XML";
+})(ContentType$LWS || (ContentType$LWS = {}));
 const evaluatedScripts$LWS = toSafeWeakSet$LWS(new WeakSetCtor$LWS());
@@ -50,3 +58,3 @@ const scriptURLsCache$LWS = toSafeWeakMap$LWS(new WeakMapCtor$LWS());
     switch (contentType$LWS) {
-      case 0 /* ContentType.HTML */:
+      case ContentType$LWS.HTML:
         {
@@ -59,5 +67,13 @@ ReflectApply$LWS(ElementProtoInnerHTMLSetter$LWS, htmlTemplate$LWS, [trusted$LWS.createHTML(dirty$LWS)]);
         }
-      case 1 /* ContentType.SVG */:
-        return '';
-      case 2 /* ContentType.XML */:
+      case ContentType$LWS.SVG:
+        {
+          const tplElement$LWS = ReflectApply$LWS(DocumentProtoCreateElement$LWS, document, ['template']);
+          ReflectApply$LWS(ElementProtoInnerHTMLSetter$LWS, tplElement$LWS, [trusted$LWS.createHTML(dirty$LWS)]);
+          const wrappedDirty$LWS = ReflectApply$LWS(DocumentProtoCreateElementNS$LWS, document, [NAMESPACE_SVG$LWS, 'svg']);
+          ReflectApply$LWS(ElementProtoInnerHTMLSetter$LWS, wrappedDirty$LWS, [trusted$LWS.createHTML(dirty$LWS)]);
+          const sanitized$LWS = getSanitizerForConfig$LWS('SHARED_SVG_SANITIZER_KEY', 'NODE_SVG').sanitize(wrappedDirty$LWS);
+          const firstChild$LWS = ReflectApply$LWS(NodeProtoFirstChildGetter$LWS, sanitized$LWS, []);
+          return ReflectApply$LWS(ElementProtoInnerHTMLGetter$LWS, firstChild$LWS, []);
+        }
+      case ContentType$LWS.XML:
         return dirty$LWS;
@@ -171,3 +187,3 @@ default:
 }
-export { lwsInternalPolicy$LWS as lwsInternalPolicy };
-/*! version: 0.19.6 */
+export { ContentType$LWS as ContentType, lwsInternalPolicy$LWS as lwsInternalPolicy };
+/*! version: 0.19.7 */

package.json

 {
     "name": "@locker/internal-policy",
-    "version": "0.19.6",
+    "version": "0.19.7",
     "license": "SEE LICENSE IN LICENSE.txt",
@@ -22,8 +22,8 @@ "author": "Salesforce UI Security Team",
     "dependencies": {
-        "@locker/html-sanitizer": "0.19.6",
-        "@locker/shared": "0.19.6",
-        "@locker/shared-dom": "0.19.6",
-        "@locker/shared-url": "0.19.6",
-        "@locker/trusted-types": "0.19.6"
+        "@locker/html-sanitizer": "0.19.7",
+        "@locker/shared": "0.19.7",
+        "@locker/shared-dom": "0.19.7",
+        "@locker/shared-url": "0.19.7",
+        "@locker/trusted-types": "0.19.7"
     }
 }

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

29301

increased by9.34%

Lines of code

404

increased by8.31%

Number of medium supply chain risk alerts

0

decreased by-100%

Dependency changes

• + Added@locker/html-sanitizer@0.19.7(transitive)

• + Added@locker/shared@0.19.7(transitive)

• + Added@locker/shared-dom@0.19.7(transitive)

• + Added@locker/shared-url@0.19.7(transitive)

• + Added@locker/trusted-types@0.19.7(transitive)

• - Removed@locker/html-sanitizer@0.19.6(transitive)

• - Removed@locker/shared@0.19.6(transitive)

• - Removed@locker/shared-dom@0.19.6(transitive)

• - Removed@locker/shared-url@0.19.6(transitive)

• - Removed@locker/trusted-types@0.19.6(transitive)

• Updated@locker/html-sanitizer@0.19.7

• Updated@locker/shared@0.19.7

• Updated@locker/shared-dom@0.19.7

• Updated@locker/shared-url@0.19.7

• Updated@locker/trusted-types@0.19.7