@locker/trusted-types - npm Package Compare versions

Comparing version 0.19.7 to 0.19.8

dist/index.cjs.js

@@ -32,5 +32,39 @@ /*!
 };
+// Temporarily surround in try-catch until migration to AMD run.
+try {
+  createPolicy('default', {
+    createHTML(dirty) {
+      // Treat null & undefined separately
+      if (dirty === 'null' || dirty === 'undefined') {
+        return dirty;
+      }
+      return dirty;
+    },
+    // Ignore typescript type validation for this policy.
+    // Returning `undefined` from a TT policy blocks usages
+    // of specific DOM sinks affected by this hook.
+    // We want to block eval and inline scripts.
+    // @ts-ignore
+    createScript(dirty) {
+      // Treat null & undefined separately
+      if (dirty === 'null' || dirty === 'undefined') {
+        return dirty;
+      }
+      // Block script evaluation
+      return undefined;
+    },
+    createScriptURL(dirty) {
+      // Treat null & undefined separately
+      if (dirty === 'null' || dirty === 'undefined') {
+        return dirty;
+      }
+      return dirty;
+    }
+  });
+} catch (_unused) {
+  // swallow
+}
 const trusted = createPolicy('trusted', policyOptions);
 exports.createPolicy = createPolicy;
 exports.trusted = trusted;
-/*! version: 0.19.7 */
+/*! version: 0.19.8 */

dist/index.mjs.js

@@ -26,4 +26,38 @@ /*!
 };
+// Temporarily surround in try-catch until migration to AMD run.
+try {
+  createPolicy('default', {
+    createHTML(dirty) {
+      // Treat null & undefined separately
+      if (dirty === 'null' || dirty === 'undefined') {
+        return dirty;
+      }
+      return dirty;
+    },
+    // Ignore typescript type validation for this policy.
+    // Returning `undefined` from a TT policy blocks usages
+    // of specific DOM sinks affected by this hook.
+    // We want to block eval and inline scripts.
+    // @ts-ignore
+    createScript(dirty) {
+      // Treat null & undefined separately
+      if (dirty === 'null' || dirty === 'undefined') {
+        return dirty;
+      }
+      // Block script evaluation
+      return undefined;
+    },
+    createScriptURL(dirty) {
+      // Treat null & undefined separately
+      if (dirty === 'null' || dirty === 'undefined') {
+        return dirty;
+      }
+      return dirty;
+    }
+  });
+} catch (_unused) {
+  // swallow
+}
 const trusted = createPolicy('trusted', policyOptions);
 export { createPolicy, trusted };
-/*! version: 0.19.7 */
+/*! version: 0.19.8 */

package.json

 {
     "name": "@locker/trusted-types",
-    "version": "0.19.7",
+    "version": "0.19.8",
     "license": "SEE LICENSE IN LICENSE.txt",
@@ -5,0 +5,0 @@ "author": "Salesforce UI Security Team",

No alert changes

Improved metrics

Total package byte prevSize

10817

increased by21.5%

Lines of code

151

increased by81.93%

No dependency changes