New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@locker/shared-dom
Advanced tools
@locker/shared-dom - npm Package Compare versions
Comparing version 0.15.6 to 0.15.7
@@ -300,2 +300,33 @@ /*! | ||
| function transformUncompiledSource$LWS(source$LWS) { | ||
| // Input `source` is uncompiled, so window.location returns null inside the sandbox. Our | ||
| // compiler solves this problem by transforming the red location reference into a blue location | ||
| // reference. The solution below emulates what our compiler does, but using a simple string | ||
| // replacement. | ||
| if (shared$LWS.StringIncludes(source$LWS, shared$LWS.SANDBOX_EVAL_CONTEXT_NAME)) { | ||
| // To avoid conflicts with anyone else using SANDBOX_EVAL_CONTEXT_NAME, we sniff the source code | ||
| // to see if it is present, and in that case we don't proceed with the string replacement. | ||
| return source$LWS; | ||
| } | ||
| let locationTransformed$LWS = false; | ||
| source$LWS = shared$LWS.StringReplace(source$LWS, /\b(?:document|self|window)\.location(\s*[?*/%&^|+-]*=(?=[^=]))?/g, (_match$LWS, assignmentOperator$LWS) => { | ||
| locationTransformed$LWS = true; | ||
| if (assignmentOperator$LWS) { | ||
| return `${shared$LWS.UNCOMPILED_LOCATION_NAME}.href${assignmentOperator$LWS}`; | ||
| } | ||
| return shared$LWS.UNCOMPILED_LOCATION_NAME; | ||
| }); | ||
| if (locationTransformed$LWS) { | ||
| // Prepend the SANDBOX_EVAL_CONTEXT_NAME to pluck the UNCOMPILED_LOCATION_NAME only if the | ||
| // source code actually uses (document|self|window).location | ||
| source$LWS = `const { ${shared$LWS.UNCOMPILED_LOCATION_NAME} } = ${shared$LWS.SANDBOX_EVAL_CONTEXT_NAME};${source$LWS}`; | ||
| } | ||
| return source$LWS; | ||
| } | ||
| const BlobProtoSizeGetter$LWS = shared$LWS.ObjectLookupOwnGetter(Blob.prototype, 'size'); | ||
@@ -640,4 +671,6 @@ const { | ||
| const XhrCtor$LWS = XMLHttpRequest; | ||
| const XhrProto$LWS = XhrCtor$LWS.prototype; | ||
| const { | ||
| prototype: XhrProto$LWS | ||
| } = XhrCtor$LWS; | ||
| const { | ||
| send: XhrProtoSend$LWS | ||
@@ -768,2 +801,3 @@ } = XhrProto$LWS; | ||
| exports.patchedWindowPostMessage = patchedWindowPostMessage$LWS; | ||
| /*! version: 0.15.6 */ | ||
| exports.transformUncompiledSource = transformUncompiledSource$LWS; | ||
| /*! version: 0.15.7 */ |
| /*! | ||
| * Copyright (C) 2019 salesforce.com, inc. | ||
| */ | ||
| import { ObjectLookupOwnGetter as ObjectLookupOwnGetter$LWS, ReflectGetOwnPropertyDescriptor as ReflectGetOwnPropertyDescriptor$LWS, ReflectApply as ReflectApply$LWS, StringToUpperCase as StringToUpperCase$LWS, WeakMapCtor as WeakMapCtor$LWS, WeakMapGet as WeakMapGet$LWS, WeakMapSet as WeakMapSet$LWS, JSONParse as JSONParse$LWS, JSONStringify as JSONStringify$LWS, StringToLowerCase as StringToLowerCase$LWS, ObjectLookupOwnSetter as ObjectLookupOwnSetter$LWS, isObject as isObject$LWS, toSafeDescriptor as toSafeDescriptor$LWS, FunctionBind as FunctionBind$LWS, ReflectDefineProperty as ReflectDefineProperty$LWS, ObjectHasOwnProperty as ObjectHasOwnProperty$LWS } from '@locker/shared'; | ||
| import { ObjectLookupOwnGetter as ObjectLookupOwnGetter$LWS, ReflectGetOwnPropertyDescriptor as ReflectGetOwnPropertyDescriptor$LWS, ReflectApply as ReflectApply$LWS, StringToUpperCase as StringToUpperCase$LWS, WeakMapCtor as WeakMapCtor$LWS, WeakMapGet as WeakMapGet$LWS, WeakMapSet as WeakMapSet$LWS, JSONParse as JSONParse$LWS, JSONStringify as JSONStringify$LWS, StringIncludes as StringIncludes$LWS, SANDBOX_EVAL_CONTEXT_NAME as SANDBOX_EVAL_CONTEXT_NAME$LWS, StringReplace as StringReplace$LWS, UNCOMPILED_LOCATION_NAME as UNCOMPILED_LOCATION_NAME$LWS, StringToLowerCase as StringToLowerCase$LWS, ObjectLookupOwnSetter as ObjectLookupOwnSetter$LWS, isObject as isObject$LWS, toSafeDescriptor as toSafeDescriptor$LWS, FunctionBind as FunctionBind$LWS, ReflectDefineProperty as ReflectDefineProperty$LWS, ObjectHasOwnProperty as ObjectHasOwnProperty$LWS } from '@locker/shared'; | ||
| const AttrProtoNameGetter$LWS = ObjectLookupOwnGetter$LWS(Attr.prototype, 'name'); | ||
@@ -293,2 +293,33 @@ const AttrProtoNamespaceURIGetter$LWS = ObjectLookupOwnGetter$LWS(Attr.prototype, 'namespaceURI'); | ||
| function transformUncompiledSource$LWS(source$LWS) { | ||
| // Input `source` is uncompiled, so window.location returns null inside the sandbox. Our | ||
| // compiler solves this problem by transforming the red location reference into a blue location | ||
| // reference. The solution below emulates what our compiler does, but using a simple string | ||
| // replacement. | ||
| if (StringIncludes$LWS(source$LWS, SANDBOX_EVAL_CONTEXT_NAME$LWS)) { | ||
| // To avoid conflicts with anyone else using SANDBOX_EVAL_CONTEXT_NAME, we sniff the source code | ||
| // to see if it is present, and in that case we don't proceed with the string replacement. | ||
| return source$LWS; | ||
| } | ||
| let locationTransformed$LWS = false; | ||
| source$LWS = StringReplace$LWS(source$LWS, /\b(?:document|self|window)\.location(\s*[?*/%&^|+-]*=(?=[^=]))?/g, (_match$LWS, assignmentOperator$LWS) => { | ||
| locationTransformed$LWS = true; | ||
| if (assignmentOperator$LWS) { | ||
| return `${UNCOMPILED_LOCATION_NAME$LWS}.href${assignmentOperator$LWS}`; | ||
| } | ||
| return UNCOMPILED_LOCATION_NAME$LWS; | ||
| }); | ||
| if (locationTransformed$LWS) { | ||
| // Prepend the SANDBOX_EVAL_CONTEXT_NAME to pluck the UNCOMPILED_LOCATION_NAME only if the | ||
| // source code actually uses (document|self|window).location | ||
| source$LWS = `const { ${UNCOMPILED_LOCATION_NAME$LWS} } = ${SANDBOX_EVAL_CONTEXT_NAME$LWS};${source$LWS}`; | ||
| } | ||
| return source$LWS; | ||
| } | ||
| const BlobProtoSizeGetter$LWS = ObjectLookupOwnGetter$LWS(Blob.prototype, 'size'); | ||
@@ -633,4 +664,6 @@ const { | ||
| const XhrCtor$LWS = XMLHttpRequest; | ||
| const XhrProto$LWS = XhrCtor$LWS.prototype; | ||
| const { | ||
| prototype: XhrProto$LWS | ||
| } = XhrCtor$LWS; | ||
| const { | ||
| send: XhrProtoSend$LWS | ||
@@ -670,3 +703,3 @@ } = XhrProto$LWS; | ||
| export { AttrNameGetter$LWS as AttrNameGetter, AttrNamespaceURIGetter$LWS as AttrNamespaceURIGetter, AttrOwnerElementGetter$LWS as AttrOwnerElementGetter, AttrValueGetter$LWS as AttrValueGetter, AttrValueSetter$LWS as AttrValueSetter, BlobCtor$LWS as BlobCtor, BlobSizeGetter$LWS as BlobSizeGetter, BlobSlice$LWS as BlobSlice, BlobTypeGetter$LWS as BlobTypeGetter, DOMImplementationCreateDocument$LWS as DOMImplementationCreateDocument, DOMTokenListValueGetter$LWS as DOMTokenListValueGetter, DocumentBodyGetter$LWS as DocumentBodyGetter, DocumentCookieGetter$LWS as DocumentCookieGetter, DocumentCookieSetter$LWS as DocumentCookieSetter, DocumentCreateComment$LWS as DocumentCreateComment, DocumentCreateElement$LWS as DocumentCreateElement, DocumentCreateElementNS$LWS as DocumentCreateElementNS, DocumentDocumentElementGetter$LWS as DocumentDocumentElementGetter, DocumentFragmentGetElementById$LWS as DocumentFragmentGetElementById, DocumentGetElementById$LWS as DocumentGetElementById, DocumentHeadGetter$LWS as DocumentHeadGetter, DocumentImplementation$LWS as DocumentImplementation, ElementClosest$LWS as ElementClosest, ElementGetAttributeNode$LWS as ElementGetAttributeNode, ElementGetAttributeNodeNS$LWS as ElementGetAttributeNodeNS, ElementGetNamespaceURI$LWS as ElementGetNamespaceURI, ElementInnerHTMLGetter$LWS as ElementInnerHTMLGetter, ElementInnerHTMLSetter$LWS as ElementInnerHTMLSetter, ElementOuterHTMLGetter$LWS as ElementOuterHTMLGetter, ElementProtoSetAttribute$LWS as ElementProtoSetAttribute, ElementProtoSetAttributeNS$LWS as ElementProtoSetAttributeNS, ElementQuerySelector$LWS as ElementQuerySelector, ElementRemove$LWS as ElementRemove, ElementRemoveAttributeNode$LWS as ElementRemoveAttributeNode, ElementSetAttribute$LWS as ElementSetAttribute, ElementSetAttributeNS$LWS as ElementSetAttributeNS, EventCurrentTargetGetter$LWS as EventCurrentTargetGetter, EventTargetAddEventListener$LWS as EventTargetAddEventListener, HTMLAnchorElementHostnameGetter$LWS as HTMLAnchorElementHostnameGetter, HTMLAnchorElementHrefGetter$LWS as HTMLAnchorElementHrefGetter, HTMLAnchorElementHrefSetter$LWS as HTMLAnchorElementHrefSetter, HTMLAnchorElementPathnameGetter$LWS as HTMLAnchorElementPathnameGetter, HTMLAnchorElementProtocolGetter$LWS as HTMLAnchorElementProtocolGetter, HTMLElementDatasetGetter$LWS as HTMLElementDatasetGetter, HTMLElementStyleGetter$LWS as HTMLElementStyleGetter, HTMLIFrameElementContentWindowGetter$LWS as HTMLIFrameElementContentWindowGetter, HTMLIFrameElementSrcSetter$LWS as HTMLIFrameElementSrcSetter, HTMLScriptElementProtoSrcGetter$LWS as HTMLScriptElementProtoSrcGetter, HTMLScriptElementProtoSrcSetter$LWS as HTMLScriptElementProtoSrcSetter, HTMLTemplateElementContentGetter$LWS as HTMLTemplateElementContentGetter, JSONClone$LWS as JSONClone, NAMESPACE_DEFAULT$LWS as NAMESPACE_DEFAULT, NAMESPACE_SVG$LWS as NAMESPACE_SVG, NAMESPACE_XHTML$LWS as NAMESPACE_XHTML, NAMESPACE_XLINK$LWS as NAMESPACE_XLINK, NodeAppendChild$LWS as NodeAppendChild, NodeChildNodesGetter$LWS as NodeChildNodesGetter, NodeClone$LWS as NodeClone, NodeFirstChildGetter$LWS as NodeFirstChildGetter, NodeIsEqualNode$LWS as NodeIsEqualNode, NodeLastChildGetter$LWS as NodeLastChildGetter, NodeNameGetter$LWS as NodeNameGetter, NodeOwnerDocumentGetter$LWS as NodeOwnerDocumentGetter, RangeProtoCreateContextualFragment$LWS as RangeProtoCreateContextualFragment, RequestURLGetter$LWS as RequestURLGetter, SVGElementDatasetGetter$LWS as SVGElementDatasetGetter, StorageProtoGetItem$LWS as StorageProtoGetItem, StorageProtoKey$LWS as StorageProtoKey, StorageProtoRemoveItem$LWS as StorageProtoRemoveItem, StorageProtoSetItem$LWS as StorageProtoSetItem, URLCreateObjectURL$LWS as URLCreateObjectURL, URLRevokeObjectURL$LWS as URLRevokeObjectURL, WindowClearInterval$LWS as WindowClearInterval, WindowDecodeURIComponent$LWS as WindowDecodeURIComponent, WindowEncodeURIComponent$LWS as WindowEncodeURIComponent, WindowLengthGetter$LWS as WindowLengthGetter, WindowSelfGetter$LWS as WindowSelfGetter, WindowSetInterval$LWS as WindowSetInterval, XhrCtor$LWS as XhrCtor, XhrOpen$LWS as XhrOpen, XhrResponseTextGetter$LWS as XhrResponseTextGetter, XhrSend$LWS as XhrSend, XhrStatusGetter$LWS as XhrStatusGetter, XhrWithCredentialsSetter$LWS as XhrWithCredentialsSetter, getPatchedWindow$LWS as getPatchedWindow, getValidator$LWS as getValidator, isWindow$LWS as isWindow, isWindowLike$LWS as isWindowLike, nsCookieKey$LWS as nsCookieKey, nsCookieRootKey$LWS as nsCookieRootKey, patchedWindowPostMessage$LWS as patchedWindowPostMessage }; | ||
| /*! version: 0.15.6 */ | ||
| export { AttrNameGetter$LWS as AttrNameGetter, AttrNamespaceURIGetter$LWS as AttrNamespaceURIGetter, AttrOwnerElementGetter$LWS as AttrOwnerElementGetter, AttrValueGetter$LWS as AttrValueGetter, AttrValueSetter$LWS as AttrValueSetter, BlobCtor$LWS as BlobCtor, BlobSizeGetter$LWS as BlobSizeGetter, BlobSlice$LWS as BlobSlice, BlobTypeGetter$LWS as BlobTypeGetter, DOMImplementationCreateDocument$LWS as DOMImplementationCreateDocument, DOMTokenListValueGetter$LWS as DOMTokenListValueGetter, DocumentBodyGetter$LWS as DocumentBodyGetter, DocumentCookieGetter$LWS as DocumentCookieGetter, DocumentCookieSetter$LWS as DocumentCookieSetter, DocumentCreateComment$LWS as DocumentCreateComment, DocumentCreateElement$LWS as DocumentCreateElement, DocumentCreateElementNS$LWS as DocumentCreateElementNS, DocumentDocumentElementGetter$LWS as DocumentDocumentElementGetter, DocumentFragmentGetElementById$LWS as DocumentFragmentGetElementById, DocumentGetElementById$LWS as DocumentGetElementById, DocumentHeadGetter$LWS as DocumentHeadGetter, DocumentImplementation$LWS as DocumentImplementation, ElementClosest$LWS as ElementClosest, ElementGetAttributeNode$LWS as ElementGetAttributeNode, ElementGetAttributeNodeNS$LWS as ElementGetAttributeNodeNS, ElementGetNamespaceURI$LWS as ElementGetNamespaceURI, ElementInnerHTMLGetter$LWS as ElementInnerHTMLGetter, ElementInnerHTMLSetter$LWS as ElementInnerHTMLSetter, ElementOuterHTMLGetter$LWS as ElementOuterHTMLGetter, ElementProtoSetAttribute$LWS as ElementProtoSetAttribute, ElementProtoSetAttributeNS$LWS as ElementProtoSetAttributeNS, ElementQuerySelector$LWS as ElementQuerySelector, ElementRemove$LWS as ElementRemove, ElementRemoveAttributeNode$LWS as ElementRemoveAttributeNode, ElementSetAttribute$LWS as ElementSetAttribute, ElementSetAttributeNS$LWS as ElementSetAttributeNS, EventCurrentTargetGetter$LWS as EventCurrentTargetGetter, EventTargetAddEventListener$LWS as EventTargetAddEventListener, HTMLAnchorElementHostnameGetter$LWS as HTMLAnchorElementHostnameGetter, HTMLAnchorElementHrefGetter$LWS as HTMLAnchorElementHrefGetter, HTMLAnchorElementHrefSetter$LWS as HTMLAnchorElementHrefSetter, HTMLAnchorElementPathnameGetter$LWS as HTMLAnchorElementPathnameGetter, HTMLAnchorElementProtocolGetter$LWS as HTMLAnchorElementProtocolGetter, HTMLElementDatasetGetter$LWS as HTMLElementDatasetGetter, HTMLElementStyleGetter$LWS as HTMLElementStyleGetter, HTMLIFrameElementContentWindowGetter$LWS as HTMLIFrameElementContentWindowGetter, HTMLIFrameElementSrcSetter$LWS as HTMLIFrameElementSrcSetter, HTMLScriptElementProtoSrcGetter$LWS as HTMLScriptElementProtoSrcGetter, HTMLScriptElementProtoSrcSetter$LWS as HTMLScriptElementProtoSrcSetter, HTMLTemplateElementContentGetter$LWS as HTMLTemplateElementContentGetter, JSONClone$LWS as JSONClone, NAMESPACE_DEFAULT$LWS as NAMESPACE_DEFAULT, NAMESPACE_SVG$LWS as NAMESPACE_SVG, NAMESPACE_XHTML$LWS as NAMESPACE_XHTML, NAMESPACE_XLINK$LWS as NAMESPACE_XLINK, NodeAppendChild$LWS as NodeAppendChild, NodeChildNodesGetter$LWS as NodeChildNodesGetter, NodeClone$LWS as NodeClone, NodeFirstChildGetter$LWS as NodeFirstChildGetter, NodeIsEqualNode$LWS as NodeIsEqualNode, NodeLastChildGetter$LWS as NodeLastChildGetter, NodeNameGetter$LWS as NodeNameGetter, NodeOwnerDocumentGetter$LWS as NodeOwnerDocumentGetter, RangeProtoCreateContextualFragment$LWS as RangeProtoCreateContextualFragment, RequestURLGetter$LWS as RequestURLGetter, SVGElementDatasetGetter$LWS as SVGElementDatasetGetter, StorageProtoGetItem$LWS as StorageProtoGetItem, StorageProtoKey$LWS as StorageProtoKey, StorageProtoRemoveItem$LWS as StorageProtoRemoveItem, StorageProtoSetItem$LWS as StorageProtoSetItem, URLCreateObjectURL$LWS as URLCreateObjectURL, URLRevokeObjectURL$LWS as URLRevokeObjectURL, WindowClearInterval$LWS as WindowClearInterval, WindowDecodeURIComponent$LWS as WindowDecodeURIComponent, WindowEncodeURIComponent$LWS as WindowEncodeURIComponent, WindowLengthGetter$LWS as WindowLengthGetter, WindowSelfGetter$LWS as WindowSelfGetter, WindowSetInterval$LWS as WindowSetInterval, XhrCtor$LWS as XhrCtor, XhrOpen$LWS as XhrOpen, XhrResponseTextGetter$LWS as XhrResponseTextGetter, XhrSend$LWS as XhrSend, XhrStatusGetter$LWS as XhrStatusGetter, XhrWithCredentialsSetter$LWS as XhrWithCredentialsSetter, getPatchedWindow$LWS as getPatchedWindow, getValidator$LWS as getValidator, isWindow$LWS as isWindow, isWindowLike$LWS as isWindowLike, nsCookieKey$LWS as nsCookieKey, nsCookieRootKey$LWS as nsCookieRootKey, patchedWindowPostMessage$LWS as patchedWindowPostMessage, transformUncompiledSource$LWS as transformUncompiledSource }; | ||
| /*! version: 0.15.7 */ |
| { | ||
| "name": "@locker/shared-dom", | ||
| "version": "0.15.6", | ||
| "version": "0.15.7", | ||
| "license": "Salesforce Developer Agreement", | ||
@@ -20,3 +20,3 @@ "author": "Salesforce UI Security Team", | ||
| "dependencies": { | ||
| "@locker/shared": "0.15.6" | ||
| "@locker/shared": "0.15.7" | ||
| }, | ||
@@ -27,3 +27,3 @@ "files": [ | ||
| ], | ||
| "gitHead": "4a23e2654c20a55b89d94408fe2bc306af46e931" | ||
| "gitHead": "aab7150316f2290799da3bc0cf32ee5a6fce523d" | ||
| } |
| import { GlobalObject } from './types'; | ||
| export declare function getValidator(globalObject: GlobalObject): any; | ||
| export declare function JSONClone(value: any): any; | ||
| export declare function transformUncompiledSource(source: string): string; | ||
| //# sourceMappingURL=basic.d.ts.map |
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by3.71%
95704
- Lines of code
- increased by4.36%
1364
Dependency changes
+ Added@locker/shared@0.15.7(transitive)
- Removed@locker/shared@0.15.6(transitive)
Updated@locker/shared@0.15.7