New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@locker/shared-url

Package Overview
Dependencies
Maintainers
8
Versions
239
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@locker/shared-url - npm Package Compare versions

Comparing version

0.18.15
to
0.18.16

dist/index.cjs.d.ts
dist/index.mjs.d.ts

28

dist/index.cjs.js

@@ -9,10 +9,6 @@ /*!

});
var shared$LWS = require('@locker/shared');
var sharedDom$LWS = require('@locker/shared-dom');
const ALLOWED_MIME_TYPES$LWS = ['application/octet-stream', 'application/json', 'application/pdf', 'video/', 'audio/', 'image/', 'font/', 'text/plain', 'text/markdown', 'application/zip', 'application/x-bzip', 'application/x-rar-compressed', 'application/x-tar'];
const validMimeTypeRegExp$LWS = /^[a-z]+\/[a-z0-9.+-]+$/;
function isMIMETypeAllowed$LWS(mimeType$LWS) {

@@ -23,4 +19,4 @@ // W-4896359 Avoid MIME types which try to escape using special characters:

for (let i$LWS = 0, {
length: length$LWS
} = ALLOWED_MIME_TYPES$LWS; i$LWS < length$LWS; i$LWS += 1) {
length: length$LWS
} = ALLOWED_MIME_TYPES$LWS; i$LWS < length$LWS; i$LWS += 1) {
if (shared$LWS.ReflectApply(shared$LWS.StringProtoStartsWith, mimeType$LWS, [ALLOWED_MIME_TYPES$LWS[i$LWS]])) {

@@ -31,17 +27,14 @@ return true;

}
return false;
}
const DISALLOWED_ENDPOINTS_LIST$LWS = ['/aura', '/webruntime'];
const URL_SCHEMES_LIST$LWS = shared$LWS.toSafeArray(['http:', 'https:']);
const newlinesAndTabsRegExp$LWS = /[\u2028\u2029\n\r\t]/g;
const normalizerAnchor$LWS = shared$LWS.ReflectApply(sharedDom$LWS.DocumentProtoCreateElement, sharedDom$LWS.rootDocument, ['a']); // @TODO: W-7302311 Make paths and domains configurable.
const normalizerAnchor$LWS = shared$LWS.ReflectApply(sharedDom$LWS.DocumentProtoCreateElement, sharedDom$LWS.rootDocument, ['a']);
// @TODO: W-7302311 Make paths and domains configurable.
function isValidURL$LWS(parsedURL$LWS) {
const loweredPathname$LWS = shared$LWS.ReflectApply(shared$LWS.StringProtoToLowerCase, parsedURL$LWS.pathname, []);
for (let i$LWS = 0, {
length: length$LWS
} = DISALLOWED_ENDPOINTS_LIST$LWS; i$LWS < length$LWS; i$LWS += 1) {
length: length$LWS
} = DISALLOWED_ENDPOINTS_LIST$LWS; i$LWS < length$LWS; i$LWS += 1) {
if (shared$LWS.ReflectApply(shared$LWS.StringProtoEndsWith, loweredPathname$LWS, [DISALLOWED_ENDPOINTS_LIST$LWS[i$LWS]]) || shared$LWS.ReflectApply(shared$LWS.StringProtoIncludes, loweredPathname$LWS, [`${DISALLOWED_ENDPOINTS_LIST$LWS[i$LWS]}/`])) {

@@ -51,6 +44,4 @@ return false;

}
return true;
}
function isValidURLScheme$LWS(url$LWS) {

@@ -60,3 +51,2 @@ shared$LWS.ReflectApply(sharedDom$LWS.HTMLAnchorElementProtoHrefSetter, normalizerAnchor$LWS, [url$LWS]);

}
function parseURL$LWS(url$LWS) {

@@ -69,3 +59,2 @@ const normalizedURL$LWS = sanitizeURLForElement$LWS(url$LWS);

}
function resolveURL$LWS(url$LWS) {

@@ -75,11 +64,8 @@ shared$LWS.ReflectApply(sharedDom$LWS.HTMLAnchorElementProtoHrefSetter, normalizerAnchor$LWS, [url$LWS]);

}
function sanitizeURLForElement$LWS(url$LWS) {
return resolveURL$LWS(sanitizeURLString$LWS(url$LWS));
}
function sanitizeURLString$LWS(urlString$LWS) {
return urlString$LWS === '' ? urlString$LWS : shared$LWS.ReflectApply(shared$LWS.StringProtoReplace, urlString$LWS, [newlinesAndTabsRegExp$LWS, '']);
}
exports.URL_SCHEMES_LIST = URL_SCHEMES_LIST$LWS;

@@ -94,2 +80,2 @@ exports.isMIMETypeAllowed = isMIMETypeAllowed$LWS;

exports.sanitizeURLString = sanitizeURLString$LWS;
/*! version: 0.18.15 */
/*! version: 0.18.16 */

25

dist/index.mjs.js

@@ -8,3 +8,2 @@ /*!

const validMimeTypeRegExp$LWS = /^[a-z]+\/[a-z0-9.+-]+$/;
function isMIMETypeAllowed$LWS(mimeType$LWS) {

@@ -15,4 +14,4 @@ // W-4896359 Avoid MIME types which try to escape using special characters:

for (let i$LWS = 0, {
length: length$LWS
} = ALLOWED_MIME_TYPES$LWS; i$LWS < length$LWS; i$LWS += 1) {
length: length$LWS
} = ALLOWED_MIME_TYPES$LWS; i$LWS < length$LWS; i$LWS += 1) {
if (ReflectApply$LWS(StringProtoStartsWith$LWS, mimeType$LWS, [ALLOWED_MIME_TYPES$LWS[i$LWS]])) {

@@ -23,17 +22,14 @@ return true;

}
return false;
}
const DISALLOWED_ENDPOINTS_LIST$LWS = ['/aura', '/webruntime'];
const URL_SCHEMES_LIST$LWS = toSafeArray$LWS(['http:', 'https:']);
const newlinesAndTabsRegExp$LWS = /[\u2028\u2029\n\r\t]/g;
const normalizerAnchor$LWS = ReflectApply$LWS(DocumentProtoCreateElement$LWS, rootDocument$LWS, ['a']); // @TODO: W-7302311 Make paths and domains configurable.
const normalizerAnchor$LWS = ReflectApply$LWS(DocumentProtoCreateElement$LWS, rootDocument$LWS, ['a']);
// @TODO: W-7302311 Make paths and domains configurable.
function isValidURL$LWS(parsedURL$LWS) {
const loweredPathname$LWS = ReflectApply$LWS(StringProtoToLowerCase$LWS, parsedURL$LWS.pathname, []);
for (let i$LWS = 0, {
length: length$LWS
} = DISALLOWED_ENDPOINTS_LIST$LWS; i$LWS < length$LWS; i$LWS += 1) {
length: length$LWS
} = DISALLOWED_ENDPOINTS_LIST$LWS; i$LWS < length$LWS; i$LWS += 1) {
if (ReflectApply$LWS(StringProtoEndsWith$LWS, loweredPathname$LWS, [DISALLOWED_ENDPOINTS_LIST$LWS[i$LWS]]) || ReflectApply$LWS(StringProtoIncludes$LWS, loweredPathname$LWS, [`${DISALLOWED_ENDPOINTS_LIST$LWS[i$LWS]}/`])) {

@@ -43,6 +39,4 @@ return false;

}
return true;
}
function isValidURLScheme$LWS(url$LWS) {

@@ -52,3 +46,2 @@ ReflectApply$LWS(HTMLAnchorElementProtoHrefSetter$LWS, normalizerAnchor$LWS, [url$LWS]);

}
function parseURL$LWS(url$LWS) {

@@ -61,3 +54,2 @@ const normalizedURL$LWS = sanitizeURLForElement$LWS(url$LWS);

}
function resolveURL$LWS(url$LWS) {

@@ -67,12 +59,9 @@ ReflectApply$LWS(HTMLAnchorElementProtoHrefSetter$LWS, normalizerAnchor$LWS, [url$LWS]);

}
function sanitizeURLForElement$LWS(url$LWS) {
return resolveURL$LWS(sanitizeURLString$LWS(url$LWS));
}
function sanitizeURLString$LWS(urlString$LWS) {
return urlString$LWS === '' ? urlString$LWS : ReflectApply$LWS(StringProtoReplace$LWS, urlString$LWS, [newlinesAndTabsRegExp$LWS, '']);
}
export { URL_SCHEMES_LIST$LWS as URL_SCHEMES_LIST, isMIMETypeAllowed$LWS as isMIMETypeAllowed, isValidURL$LWS as isValidURL, isValidURLScheme$LWS as isValidURLScheme, normalizerAnchor$LWS as normalizerAnchor, parseURL$LWS as parseURL, resolveURL$LWS as resolveURL, sanitizeURLForElement$LWS as sanitizeURLForElement, sanitizeURLString$LWS as sanitizeURLString };
/*! version: 0.18.15 */
/*! version: 0.18.16 */

12

package.json
{
"name": "@locker/shared-url",
"version": "0.18.15",
"version": "0.18.16",
"license": "SEE LICENSE IN LICENSE.txt",

@@ -10,3 +10,2 @@ "author": "Salesforce UI Security Team",

"sideEffects": false,
"typings": "types/index.d.ts",
"publishConfig": {

@@ -16,14 +15,13 @@ "access": "public"

"scripts": {
"build": "tsc --project tsconfig.types.json && rollup --config .rolluprc.cjs",
"clean": "locker-trash dist/ types/"
"build": "rollup --config .rolluprc.cjs",
"clean": "locker-trash dist/"
},
"dependencies": {
"@locker/shared": "0.18.15",
"@locker/shared-dom": "0.18.15"
"@locker/shared": "0.18.16",
"@locker/shared-dom": "0.18.16"
},
"files": [
"dist/",
"types/",
"LICENSE.txt"
]
}
types/index.d.ts
types/index.d.ts.map
types/types.d.ts
types/types.d.ts.map
types/URL.d.ts
types/URL.d.ts.map