New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@locker/shared-dom
Advanced tools
@locker/shared-dom - npm Package Compare versions
Comparing version 0.23.2 to 0.23.3
@@ -395,4 +395,4 @@ /*! | ||
| this.isInherentlyUnsecure = input$LWS => { | ||
| const hasIframe$LWS = shared$LWS.ReflectApply(shared$LWS.StringProtoIncludes, input$LWS, ['iframe']) && shared$LWS.ReflectApply(shared$LWS.StringProtoIncludes, input$LWS, ['srcdoc']); | ||
| const hasScript$LWS = shared$LWS.ReflectApply(shared$LWS.StringProtoIncludes, input$LWS, ['script']); | ||
| const hasIframe$LWS = hasTag$LWS(input$LWS, 'iframe') && shared$LWS.ReflectApply(shared$LWS.StringProtoIncludes, input$LWS, ['srcdoc']); | ||
| const hasScript$LWS = hasTag$LWS(input$LWS, 'script'); | ||
| // If neither an iframe or a script was detected, then this input is safe. | ||
@@ -421,3 +421,3 @@ if (!hasIframe$LWS && !hasScript$LWS) { | ||
| // was hiding a script element through some kind of obfuscation, and is unsecure. | ||
| return shared$LWS.ReflectApply(shared$LWS.StringProtoIncludes, innerHTML$LWS, ['script']) && !shared$LWS.ReflectApply(shared$LWS.StringProtoIncludes, innerText$LWS, ['script']); | ||
| return hasTag$LWS(innerHTML$LWS, 'script') && !hasTag$LWS(innerText$LWS, 'script'); | ||
| }; | ||
@@ -456,2 +456,5 @@ this.isSharedElement = element$LWS => element$LWS === shared$LWS.ReflectApply(DocumentProtoHeadGetter$LWS, this._document, []) || element$LWS === shared$LWS.ReflectApply(DocumentProtoBodyGetter$LWS, this._document, []) || element$LWS === shared$LWS.ReflectApply(DocumentProtoDocumentElementGetter$LWS, this._document, []); | ||
| } | ||
| function hasTag$LWS(input$LWS, tag$LWS) { | ||
| return shared$LWS.ReflectApply(shared$LWS.StringProtoIncludes, input$LWS, [`<${tag$LWS} `]) || shared$LWS.ReflectApply(shared$LWS.StringProtoIncludes, input$LWS, [`:${tag$LWS} `]) || shared$LWS.ReflectApply(shared$LWS.StringProtoIncludes, input$LWS, [`<${tag$LWS}>`]) || shared$LWS.ReflectApply(shared$LWS.StringProtoIncludes, input$LWS, [`:${tag$LWS}>`]); | ||
| } | ||
| const rootValidator$LWS = new Validator$LWS(rootDocument$LWS, rootWindow$LWS); | ||
@@ -1253,2 +1256,2 @@ const documentToValidatorMap$LWS = shared$LWS.toSafeWeakMap(new shared$LWS.WeakMapCtor([[rootDocument$LWS, rootValidator$LWS]])); | ||
| exports.transformSourceText = transformSourceText$LWS; | ||
| /*! version: 0.23.2 */ | ||
| /*! version: 0.23.3 */ |
@@ -390,4 +390,4 @@ /*! | ||
| this.isInherentlyUnsecure = input$LWS => { | ||
| const hasIframe$LWS = ReflectApply$LWS(StringProtoIncludes$LWS, input$LWS, ['iframe']) && ReflectApply$LWS(StringProtoIncludes$LWS, input$LWS, ['srcdoc']); | ||
| const hasScript$LWS = ReflectApply$LWS(StringProtoIncludes$LWS, input$LWS, ['script']); | ||
| const hasIframe$LWS = hasTag$LWS(input$LWS, 'iframe') && ReflectApply$LWS(StringProtoIncludes$LWS, input$LWS, ['srcdoc']); | ||
| const hasScript$LWS = hasTag$LWS(input$LWS, 'script'); | ||
| // If neither an iframe or a script was detected, then this input is safe. | ||
@@ -416,3 +416,3 @@ if (!hasIframe$LWS && !hasScript$LWS) { | ||
| // was hiding a script element through some kind of obfuscation, and is unsecure. | ||
| return ReflectApply$LWS(StringProtoIncludes$LWS, innerHTML$LWS, ['script']) && !ReflectApply$LWS(StringProtoIncludes$LWS, innerText$LWS, ['script']); | ||
| return hasTag$LWS(innerHTML$LWS, 'script') && !hasTag$LWS(innerText$LWS, 'script'); | ||
| }; | ||
@@ -451,2 +451,5 @@ this.isSharedElement = element$LWS => element$LWS === ReflectApply$LWS(DocumentProtoHeadGetter$LWS, this._document, []) || element$LWS === ReflectApply$LWS(DocumentProtoBodyGetter$LWS, this._document, []) || element$LWS === ReflectApply$LWS(DocumentProtoDocumentElementGetter$LWS, this._document, []); | ||
| } | ||
| function hasTag$LWS(input$LWS, tag$LWS) { | ||
| return ReflectApply$LWS(StringProtoIncludes$LWS, input$LWS, [`<${tag$LWS} `]) || ReflectApply$LWS(StringProtoIncludes$LWS, input$LWS, [`:${tag$LWS} `]) || ReflectApply$LWS(StringProtoIncludes$LWS, input$LWS, [`<${tag$LWS}>`]) || ReflectApply$LWS(StringProtoIncludes$LWS, input$LWS, [`:${tag$LWS}>`]); | ||
| } | ||
| const rootValidator$LWS = new Validator$LWS(rootDocument$LWS, rootWindow$LWS); | ||
@@ -1087,2 +1090,2 @@ const documentToValidatorMap$LWS = toSafeWeakMap$LWS(new WeakMapCtor$LWS([[rootDocument$LWS, rootValidator$LWS]])); | ||
| export { AbortControllerCtor$LWS as AbortControllerCtor, AbortControllerProto$LWS as AbortControllerProto, AbortControllerProtoAbort$LWS as AbortControllerProtoAbort, AbortControllerProtoSignalGetter$LWS as AbortControllerProtoSignalGetter, AttrProtoNameGetter$LWS as AttrProtoNameGetter, AttrProtoNamespaceURIGetter$LWS as AttrProtoNamespaceURIGetter, AttrProtoOwnerElementGetter$LWS as AttrProtoOwnerElementGetter, AttrProtoValueGetter$LWS as AttrProtoValueGetter, AttrProtoValueSetter$LWS as AttrProtoValueSetter, BlobCtor$LWS as BlobCtor, BlobProtoSizeGetter$LWS as BlobProtoSizeGetter, BlobProtoSlice$LWS as BlobProtoSlice, BlobProtoTypeGetter$LWS as BlobProtoTypeGetter, CHILD_WINDOW_BLOCKED_PROPERTY_SYMBOL$LWS as CHILD_WINDOW_BLOCKED_PROPERTY_SYMBOL, CUSTOM_ELEMENT_REGISTRY_ATTRIBUTE_NAME$LWS as CUSTOM_ELEMENT_REGISTRY_ATTRIBUTE_NAME, DATA_CLONE_ERROR_CODE$LWS as DATA_CLONE_ERROR_CODE, DOMExceptionCtor$LWS as DOMExceptionCtor, DOMExceptionProtoCodeGetter$LWS as DOMExceptionProtoCodeGetter, DOMImplementationProtoCreateDocument$LWS as DOMImplementationProtoCreateDocument, DOMTokenListProtoValueGetter$LWS as DOMTokenListProtoValueGetter, DocumentFragmentProtoAppend$LWS as DocumentFragmentProtoAppend, DocumentFragmentProtoGetElementById$LWS as DocumentFragmentProtoGetElementById, DocumentProtoBodyGetter$LWS as DocumentProtoBodyGetter, DocumentProtoClose$LWS as DocumentProtoClose, DocumentProtoCookieGetter$LWS as DocumentProtoCookieGetter, DocumentProtoCookieSetter$LWS as DocumentProtoCookieSetter, DocumentProtoCreateComment$LWS as DocumentProtoCreateComment, DocumentProtoCreateDocumentFragment$LWS as DocumentProtoCreateDocumentFragment, DocumentProtoCreateElement$LWS as DocumentProtoCreateElement, DocumentProtoCreateElementNS$LWS as DocumentProtoCreateElementNS, DocumentProtoDefaultViewGetter$LWS as DocumentProtoDefaultViewGetter, DocumentProtoDocumentElementGetter$LWS as DocumentProtoDocumentElementGetter, DocumentProtoGetElementById$LWS as DocumentProtoGetElementById, DocumentProtoHeadGetter$LWS as DocumentProtoHeadGetter, DocumentProtoImplementationGetter$LWS as DocumentProtoImplementationGetter, DocumentProtoOpen$LWS as DocumentProtoOpen, ElementAriaAttributesToPropertyName$LWS as ElementAriaAttributesToPropertyName, ElementProtoClosest$LWS as ElementProtoClosest, ElementProtoGetAttribute$LWS as ElementProtoGetAttribute, ElementProtoGetAttributeNode$LWS as ElementProtoGetAttributeNode, ElementProtoGetAttributeNodeNS$LWS as ElementProtoGetAttributeNodeNS, ElementProtoHasAttribute$LWS as ElementProtoHasAttribute, ElementProtoInnerHTMLGetter$LWS as ElementProtoInnerHTMLGetter, ElementProtoInnerHTMLSetter$LWS as ElementProtoInnerHTMLSetter, ElementProtoNamespaceURIGetter$LWS as ElementProtoNamespaceURIGetter, ElementProtoOuterHTMLGetter$LWS as ElementProtoOuterHTMLGetter, ElementProtoQuerySelector$LWS as ElementProtoQuerySelector, ElementProtoQuerySelectorAll$LWS as ElementProtoQuerySelectorAll, ElementProtoRemove$LWS as ElementProtoRemove, ElementProtoRemoveAttribute$LWS as ElementProtoRemoveAttribute, ElementProtoRemoveAttributeNS$LWS as ElementProtoRemoveAttributeNS, ElementProtoRemoveAttributeNode$LWS as ElementProtoRemoveAttributeNode, ElementProtoSetAttribute$LWS as ElementProtoSetAttribute, ElementProtoSetAttributeNS$LWS as ElementProtoSetAttributeNS, ElementProtoTagNameGetter$LWS as ElementProtoTagNameGetter, ElementProtoToggleAttribute$LWS as ElementProtoToggleAttribute, ErrorEventCtor$LWS as ErrorEventCtor, EventCtor$LWS as EventCtor, EventProtoCurrentTargetGetter$LWS as EventProtoCurrentTargetGetter, EventProtoStopPropagation$LWS as EventProtoStopPropagation, EventTargetProtoAddEventListener$LWS as EventTargetProtoAddEventListener, EventTargetProtoDispatchEvent$LWS as EventTargetProtoDispatchEvent, EventTargetProtoRemoveEventListener$LWS as EventTargetProtoRemoveEventListener, HTMLAnchorElementProtoHostnameGetter$LWS as HTMLAnchorElementProtoHostnameGetter, HTMLAnchorElementProtoHrefGetter$LWS as HTMLAnchorElementProtoHrefGetter, HTMLAnchorElementProtoHrefSetter$LWS as HTMLAnchorElementProtoHrefSetter, HTMLAnchorElementProtoPathnameGetter$LWS as HTMLAnchorElementProtoPathnameGetter, HTMLAnchorElementProtoProtocolGetter$LWS as HTMLAnchorElementProtoProtocolGetter, HTMLElementGlobalAttributesToPropertyName$LWS as HTMLElementGlobalAttributesToPropertyName, HTMLElementProto$LWS as HTMLElementProto, HTMLElementProtoInnerTextGetter$LWS as HTMLElementProtoInnerTextGetter, HTMLElementProtoStyleGetter$LWS as HTMLElementProtoStyleGetter, HTMLIFrameElementProtoContentWindowGetter$LWS as HTMLIFrameElementProtoContentWindowGetter, HTMLIFrameElementProtoSrcSetter$LWS as HTMLIFrameElementProtoSrcSetter, HTMLScriptElementCtor$LWS as HTMLScriptElementCtor, HTMLScriptElementProto$LWS as HTMLScriptElementProto, HTMLScriptElementProtoSrcGetter$LWS as HTMLScriptElementProtoSrcGetter, HTMLScriptElementProtoSrcSetter$LWS as HTMLScriptElementProtoSrcSetter, HTMLTemplateElementProtoContentGetter$LWS as HTMLTemplateElementProtoContentGetter, IS_CHROMIUM_BROWSER$LWS as IS_CHROMIUM_BROWSER, IS_OLD_CHROMIUM_BROWSER$LWS as IS_OLD_CHROMIUM_BROWSER, IS_WEBKIT_BROWSER$LWS as IS_WEBKIT_BROWSER, NAMESPACE_DEFAULT$LWS as NAMESPACE_DEFAULT, NAMESPACE_SVG$LWS as NAMESPACE_SVG, NAMESPACE_XHTML$LWS as NAMESPACE_XHTML, NAMESPACE_XLINK$LWS as NAMESPACE_XLINK, NodeProtoAppendChild$LWS as NodeProtoAppendChild, NodeProtoChildNodesGetter$LWS as NodeProtoChildNodesGetter, NodeProtoCloneNode$LWS as NodeProtoCloneNode, NodeProtoFirstChildGetter$LWS as NodeProtoFirstChildGetter, NodeProtoIsConnectedGetter$LWS as NodeProtoIsConnectedGetter, NodeProtoIsEqualNode$LWS as NodeProtoIsEqualNode, NodeProtoLastChildGetter$LWS as NodeProtoLastChildGetter, NodeProtoNodeNameGetter$LWS as NodeProtoNodeNameGetter, NodeProtoOwnerDocumentGetter$LWS as NodeProtoOwnerDocumentGetter, NodeProtoParentNodeGetter$LWS as NodeProtoParentNodeGetter, NodeProtoTextContentGetter$LWS as NodeProtoTextContentGetter, NodeProtoTextContentSetter$LWS as NodeProtoTextContentSetter, RangeProtoCreateContextualFragment$LWS as RangeProtoCreateContextualFragment, RequestProtoURLGetter$LWS as RequestProtoURLGetter, ResponseCtor$LWS as ResponseCtor, ResponseProtoOkGetter$LWS as ResponseProtoOkGetter, ResponseProtoStatus$LWS as ResponseProtoStatus, ResponseProtoStatusText$LWS as ResponseProtoStatusText, ResponseProtoText$LWS as ResponseProtoText, SCRIPT_HOOK_SOURCE_TEXT$LWS as SCRIPT_HOOK_SOURCE_TEXT, SVGScriptElementProtoHrefGetter$LWS as SVGScriptElementProtoHrefGetter, SVGScriptElementProtoHrefSetter$LWS as SVGScriptElementProtoHrefSetter, StorageProtoGetItem$LWS as StorageProtoGetItem, StorageProtoKey$LWS as StorageProtoKey, StorageProtoRemoveItem$LWS as StorageProtoRemoveItem, StorageProtoSetItem$LWS as StorageProtoSetItem, Transpiler$LWS as Transpiler, UNIVERSAL_CONTEXT_NAMES$LWS as UNIVERSAL_CONTEXT_NAMES, URLCreateObjectURL$LWS as URLCreateObjectURL, URLRevokeObjectURL$LWS as URLRevokeObjectURL, WindowClearInterval$LWS as WindowClearInterval, WindowDecodeURIComponent$LWS as WindowDecodeURIComponent, WindowDocumentGetter$LWS as WindowDocumentGetter, WindowEncodeURIComponent$LWS as WindowEncodeURIComponent, WindowFetch$LWS as WindowFetch, WindowFrameElementGetter$LWS as WindowFrameElementGetter, WindowLengthGetter$LWS as WindowLengthGetter, WindowLocationGetter$LWS as WindowLocationGetter, WindowQueueMicrotask$LWS as WindowQueueMicrotask, WindowSetInterval$LWS as WindowSetInterval, XhrCtor$LWS as XhrCtor, XhrProtoAbort$LWS as XhrProtoAbort, XhrProtoOpen$LWS as XhrProtoOpen, XhrProtoResponseTextGetter$LWS as XhrProtoResponseTextGetter, XhrProtoSend$LWS as XhrProtoSend, XhrProtoStatusGetter$LWS as XhrProtoStatusGetter, XhrProtoWithCredentialsSetter$LWS as XhrProtoWithCredentialsSetter, compileSourceText$LWS as compileSourceText, defineScriptAccessorProperty$LWS as defineScriptAccessorProperty, defineScriptEvaluatorProperty$LWS as defineScriptEvaluatorProperty, deleteOriginalScriptProperty$LWS as deleteOriginalScriptProperty, deleteResolvedScriptURL$LWS as deleteResolvedScriptURL, deleteScriptEvaluatorProperty$LWS as deleteScriptEvaluatorProperty, generateContextAssignmentCodeFromContextNames$LWS as generateContextAssignmentCodeFromContextNames, getOriginalScriptProperty$LWS as getOriginalScriptProperty, getResolvedScriptURL$LWS as getResolvedScriptURL, getScriptSrcEvaluatorHookURL$LWS as getScriptSrcEvaluatorHookURL, getValidator$LWS as getValidator, initWindowOpenChildWindow$LWS as initWindowOpenChildWindow, isScriptEvaluated$LWS as isScriptEvaluated, isScriptPropertyEvaluatorHookDefined$LWS as isScriptPropertyEvaluatorHookDefined, isScriptURLEvaluatorHookDefined$LWS as isScriptURLEvaluatorHookDefined, isWindow$LWS as isWindow, markForUnsafePropertyBlocking$LWS as markForUnsafePropertyBlocking, normalizeNamespacedAttributeName$LWS as normalizeNamespacedAttributeName, normalizeWindowOpenArguments$LWS as normalizeWindowOpenArguments, rootDocument$LWS as rootDocument, rootValidator$LWS as rootValidator, rootWindow$LWS as rootWindow, rootWindowLocation$LWS as rootWindowLocation, rootWindowTop$LWS as rootWindowTop, setOriginalScriptScriptProperty$LWS as setOriginalScriptScriptProperty, setResolvedScriptURL$LWS as setResolvedScriptURL, throwIfMarkedAsUnsafeInChildWindow$LWS as throwIfMarkedAsUnsafeInChildWindow, trackScriptAsEvaluated$LWS as trackScriptAsEvaluated, transformSourceText$LWS as transformSourceText }; | ||
| /*! version: 0.23.2 */ | ||
| /*! version: 0.23.3 */ |
| { | ||
| "name": "@locker/shared-dom", | ||
| "version": "0.23.2", | ||
| "version": "0.23.3", | ||
| "license": "SEE LICENSE IN LICENSE.txt", | ||
@@ -19,3 +19,3 @@ "author": "Salesforce UI Security Team", | ||
| "dependencies": { | ||
| "@locker/shared": "0.23.2" | ||
| "@locker/shared": "0.23.3" | ||
| }, | ||
@@ -22,0 +22,0 @@ "files": [ |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by0.23%
184204
- Lines of code
- increased by0.26%
3141
Dependency changes
+ Added@locker/shared@0.23.3(transitive)
- Removed@locker/shared@0.23.2(transitive)
Updated@locker/shared@0.23.3