Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@paypal/sdk-client

Package Overview
Dependencies
Maintainers
20
Versions
165
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@paypal/sdk-client - npm Package Compare versions

Comparing version 4.0.194 to 4.0.195-alpha.0

5

package.json
{
"name": "@paypal/sdk-client",
"version": "4.0.194",
"version": "4.0.195-alpha.0",
"description": "Shared config between PayPal/Braintree.",

@@ -24,5 +24,6 @@ "main": "index.js",

"test": "npm run format:check && npm run lint && npm run flow && npm run test:unit",
"test:unit": "vitest run --coverage",
"test:watch": "vitest",
"webpack": "babel-node --plugins=transform-es2015-modules-commonjs ./node_modules/.bin/webpack -- --progress",
"test:unit:watch": "vitest --coverage",
"test:unit": "vitest run --coverage",
"prepublishOnly": "npm run babel",

@@ -29,0 +30,0 @@ "postpublish": "rm -rf ./server && git checkout ./server",

21

server/meta.js

@@ -248,2 +248,23 @@ "use strict";

// if patch version is less than 132, we want to
// set the version to 132. If for some reason we can't
// parse out a patch version, set version as latest
// if neither cases are true, leave version alone because
// it can be more than a semver version number ("min" for example)
//
// NOTE ABOUT REGEX
// The . in the regex technically need to be escaped but that breaks the
// regex in real browsers. Because we are writing JavaScript in a string, we
// need a double escape (\\.) which breaks the browser but works when using eval()
// a single escape works in the browser but breaks in the tests with eval()
if (/4.0.\\d{1,3}/.test(version)) {
var patchString = version?.split('.')?.pop()
if (!patchString) {
version = ''
} else if (parseInt(patchString, 10) < 132) {
version = '4.0.132'
}
}
var url = '${baseURL}checkout' + (version ? ('.' + version) : '') + '.js';

@@ -250,0 +271,0 @@ var attributes = '${_constants.DATA_ATTRIBUTES.PAYPAL_CHECKOUT} ${_constants.DATA_ATTRIBUTES.NO_BRIDGE}';

27

server/meta.jsx

@@ -8,3 +8,2 @@ /* @flow */

import {
ENV,
SDK_PATH,

@@ -171,4 +170,4 @@ SDK_QUERY_KEYS,

// eslint-disable-next-line no-process-env
return (
// eslint-disable-next-line no-process-env
process.env.NODE_ENV === "development" &&

@@ -182,3 +181,3 @@ localUrls.some((url) => host.includes(url))

pathname: string | null
): { hostname: string, pathname: string } {
): {| hostname: string, pathname: string |} {
if (!pathname || !hostname) {

@@ -212,2 +211,3 @@ throw new Error(`Expected host and pathname to be passed for sdk url`);

// eslint-disable-next-line no-useless-escape
const hostnameMatchResults = hostname.match(/[a-z0-9\.\-]+/);

@@ -367,2 +367,23 @@

// if patch version is less than 132, we want to
// set the version to 132. If for some reason we can't
// parse out a patch version, set version as latest
// if neither cases are true, leave version alone because
// it can be more than a semver version number ("min" for example)
//
// NOTE ABOUT REGEX
// The . in the regex technically need to be escaped but that breaks the
// regex in real browsers. Because we are writing JavaScript in a string, we
// need a double escape (\\.) which breaks the browser but works when using eval()
// a single escape works in the browser but breaks in the tests with eval()
if (/4.0.\\d{1,3}/.test(version)) {
var patchString = version?.split('.')?.pop()
if (!patchString) {
version = ''
} else if (parseInt(patchString, 10) < 132) {
version = '4.0.132'
}
}
var url = '${baseURL}checkout' + (version ? ('.' + version) : '') + '.js';

@@ -369,0 +390,0 @@ var attributes = '${DATA_ATTRIBUTES.PAYPAL_CHECKOUT} ${DATA_ATTRIBUTES.NO_BRIDGE}';

1622

server/meta.test.js

@@ -10,236 +10,156 @@ "use strict";

});
(0, _vitest.test)("should construct a valid script url", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid script url with data-popups-disabled attribute", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-popups-disabled": "true"
_vitest.describe.only("valid checkout.js loading scenarios", () => {
_vitest.test.each([{
url: "https://www.paypalobjects.com/api/checkout.js"
}, {
url: "http://www.paypalobjects.com/api/checkout.js"
}, {
url: "https://www.paypalobjects.com/api/checkout.min.js"
}, {
url: "http://www.paypalobjects.com/api/checkout.min.js"
}, {
url: "https://www.objects.paypal.cn/api/checkout.js"
}, {
url: "http://www.objects.paypal.cn/api/checkout.js"
}, {
url: "https://www.paypalobjects.com/api/checkout.js?",
expected: "https://www.paypalobjects.com/api/checkout.js"
}, {
url: "https://uideploy--staticcontent--7482d416a81b5--ghe.preview.dev.paypalinc.com/api/checkout.js"
}, {
url: "http://localhost.paypal.com:8000/api/checkout.js"
}, {
url: "https://www.paypalobjects.com/api/checkout.min.js"
}, {
url: "https://www.sandbox.paypal.com/cgi-bin/webscr/checkout.js?cmd=_flow&CONTEXT=wtgSziM4oze46J3pBRQ",
expected: "https://www.sandbox.paypal.com/cgi-bin/webscr/checkout.js"
}, {
url: "https://www.paypalobjects.com/api/checkout.4.0.125.js"
}, {
url: "https://www.paypalobjects.com/api/checkout.4.0.125.min.js"
}])("$url is valid and loads", ({
url,
expected
}) => {
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script[data-paypal-checkout]");
const src = script.attr("src");
(0, _vitest.expect)(src).toEqual(expected ? expected : url);
});
_vitest.test.each([{
windowName: "xcomponent__ppcheckout__latest__abc12345",
expected: "https://www.paypalobjects.com/api/checkout.js"
}, {
windowName: "xcomponent__ppcheckout__min__abc12345",
expected: "https://www.paypalobjects.com/api/checkout.min.js"
}, {
windowName: "xcomponent__ppcheckout__4_0_435__abc12345",
expected: "https://www.paypalobjects.com/api/checkout.4.0.435.js"
}, {
windowName: "xcomponent__ppcheckout__4__abc12345",
expected: "https://www.paypalobjects.com/api/checkout.js"
}, {
windowName: "xcomponent__ppcheckout__4_0_1__abc12345",
expected: "https://www.paypalobjects.com/api/checkout.4.0.132.js"
}, {
windowName: "xcomponent__ppcheckout__4_0_65__abc12345",
expected: "https://www.paypalobjects.com/api/checkout.4.0.132.js"
}, {
windowName: "xcomponent__ppcheckout__4_0_131__abc12345",
expected: "https://www.paypalobjects.com/api/checkout.4.0.132.js"
}, {
windowName: "xcomponent__ppcheckout__4_0_132__abc12345",
expected: "https://www.paypalobjects.com/api/checkout.4.0.132.js"
}, {
windowName: "xcomponent__ppcheckout__4_0_133__abc12345",
expected: "https://www.paypalobjects.com/api/checkout.4.0.133.js"
}])("constructing url from window.name with $windowName is valid and loads", ({
windowName,
expected
}) => {
const {
getSDKLoader
} = (0, _.unpackSDKMeta)();
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script").html();
let scriptTag;
const window = {
name: windowName
};
const document = {
write: html => {
scriptTag = html;
}
};
eval(script);
const $$ = _cheerio.default.load(scriptTag);
const scriptz = $$("script[data-paypal-checkout]");
const src = scriptz.attr("src");
(0, _vitest.expect)(src).toEqual(expected);
});
(0, _vitest.test)("should construct a script url with checkout.js on localhost without a paypal.com domain", () => {
process.env.NODE_ENV = "development";
const sdkUrl = "http://localhost:8000/api/checkout.js";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const dataPopUsDisabled = $("script").attr("data-popups-disabled");
if (dataPopUsDisabled !== "true") {
throw new Error(`Expected dataPopUsDisabled to be true - got ${dataPopUsDisabled}`);
}
(0, _vitest.expect)(error).toEqual(undefined);
});
});
(0, _vitest.test)("should construct a valid script url with paypalobjects", () => {
const sdkUrl = "https://www.paypalobjects.com/api/checkout.js";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script[data-paypal-checkout]");
const src = script.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid script url with url encoded sdkMeta and trailing ? in checkout.js", () => {
const sdkUrl = "https://www.paypalobjects.com/api/checkout.js?";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(encodeURIComponent(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64")));
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script[data-paypal-checkout]");
const src = script.attr("src");
if (src !== "https://www.paypalobjects.com/api/checkout.js") {
throw new Error(`unexpected script url ${src}`);
}
});
(0, _vitest.test)("should construct a valid script url with checkout.js using the qa cdn", () => {
const sdkUrl = "https://uideploy--staticcontent--7482d416a81b5--ghe.preview.dev.paypalinc.com/api/checkout.js";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script[data-paypal-checkout]");
const src = script.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid script url with checkout.js on localhost", () => {
const sdkUrl = "http://localhost.paypal.com:8000/api/checkout.js";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script[data-paypal-checkout]");
const src = script.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a script url with checkout.js on localhost without a paypal.com domain", () => {
process.env.NODE_ENV = "development";
const sdkUrl = "http://localhost:8000/api/checkout.js";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (error) {
throw new Error(`Should construct script with localhost url`);
}
});
(0, _vitest.test)("should not construct a script url with checkout.js for non-supported local urls", () => {
process.env.NODE_ENV = "development";
const sdkUrl = "http://not.a.supported.url:8000/api/checkout.js";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Should construct script with supported local urls: (localhost, loca.lt)`);
}
});
(0, _vitest.test)("should construct a valid minified script url with paypalobjects", () => {
const sdkUrl = "https://www.paypalobjects.com/api/checkout.min.js";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script[data-paypal-checkout]");
const src = script.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should prevent query string parameters with checkout.js", () => {
const sdkUrl = "https://www.sandbox.paypal.com/cgi-bin/webscr/checkout.js?cmd=_flow&CONTEXT=wtgSziM4oze46J3pBRQ";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script[data-paypal-checkout]");
const src = script.attr("src");
const urlObject = new URL(sdkUrl);
urlObject.search = "";
const expectedUrl = urlObject.toString();
if (src !== expectedUrl) {
throw new Error(`Expected script url to be ${expectedUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid versioned script url with paypalobjects", () => {
const sdkUrl = "https://www.paypalobjects.com/api/checkout.4.0.125.js";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script[data-paypal-checkout]");
const src = script.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid versioned minified script url with paypalobjects", () => {
const sdkUrl = "https://www.paypalobjects.com/api/checkout.4.0.125.min.js";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script[data-paypal-checkout]");
const src = script.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid localhost script url", () => {
const sdkUrl = "http://localhost.paypal.com:8000/sdk/js?client-id=foo";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should unpack a valid sdk meta bundle with a component", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo&components=buttons";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should unpack a valid sdk meta bundle with multiple components", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo&components=buttons,hosted-fields";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should unpack a valid sdk meta bundle with multiple merchant-id email addresses", () => {
const emails = ["test@gmail.com", "foo@bar.com", "test@test.org.uk", "test-test@test.com", "test.test@test.com", "test@test@test.com"];
const sdkUrl = `https://www.paypal.com/sdk/js?client-id=foo&merchant-id=${emails.map(anEmail => encodeURIComponent(anEmail)).join(",")}`;
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should error out from invalid merchant-id email addresses", () => {
const emails = ["@", "@io", "@test.com", "name@"];
emails.forEach(email => {
const sdkUrl = `https://www.paypal.com/sdk/js?client-id=foo&merchant-id=${email}`;
(0, _vitest.describe)("invalid checkout.js loading scenarios", () => {
_vitest.test.each([{
url: "data://www.paypalobjects.com/api/checkout.js",
expected: "Expected protocol for sdk url to be http: or https: for host: www.paypalobjects.com - got data:"
}, {
url: "\uFEFFhttp://www.paypalobjects.com/api/checkout.js",
expected: "Expected protocol for sdk url to be http: or https: for host: www.paypalobjects.com - got http:"
}, {
url: "https://www.paypalobjects.com/**/checkout.js",
expected: "Invalid path for legacy sdk url: /**/checkout.js"
}])("$url is not valid and does not load", ({
url,
expected
}) => {
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url
})).toString("base64"));
} catch (err) {
error = err;
}
(0, _vitest.expect)(error).toEqual(new Error(expected));
});
_vitest.test.each(["", "ppcheckout__4_0_435__abc12345", "ppcheckout__4_0_435__abc12345", "xcomponent__ppcheckout__4_*_435__abc12345", "xcomponent__ppcheckout__4_!_435__abc12345"])("constructing url from window.name with %s is not valid and does not load", windowName => {
const {
getSDKLoader
} = (0, _.unpackSDKMeta)();
const writeMock = _vitest.vi.fn();
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script").html();
const window = {
name: windowName
};
const document = {
write: writeMock
};
eval(script);
(0, _vitest.expect)(writeMock).not.toHaveBeenCalled();
});
(0, _vitest.test)("should not construct a script url with checkout.js for non-supported local urls", () => {
process.env.NODE_ENV = "development";
const sdkUrl = "http://not.a.supported.url:8000/api/checkout.js";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl

@@ -251,695 +171,635 @@ })).toString("base64"));

if (!error) {
throw new Error(`Expected error to be thrown for ${sdkUrl}`);
throw new Error(`Should construct script with supported local urls: (localhost, loca.lt)`);
}
});
});
(0, _vitest.test)("should error from very long merchant-id email addresses", () => {
const longEmail = `${"a-very-long-email".repeat(20)}@a-very-long-domain.com`;
const sdkUrl = `https://www.paypal.com/sdk/js?client-id=foo&merchant-id=${longEmail}`;
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
(0, _vitest.describe)("loading /sdk/js", () => {
(0, _vitest.test)("should construct a valid script url", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown for ${sdkUrl}`);
}
});
(0, _vitest.test)("should construct a valid script url with multiple merchant ids", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo";
const merchantId = "abcd1234, abcd5678";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-merchant-id": merchantId
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
const dataMerchantId = $("script").attr("data-merchant-id");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
if (dataMerchantId !== merchantId) {
throw new Error(`Expected data-merchant-id to be ${merchantId} - got ${dataMerchantId}`);
}
});
(0, _vitest.test)("should construct a valid script url with a single merchant id in the url", () => {
const merchantId = "UYEGJNV75RAJQ";
const sdkUrl = `https://www.paypal.com/sdk/js?client-id=foo&merchant-id=${merchantId}`;
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid script url without invalid attributes", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-dummy-id": "abcd"
});
(0, _vitest.test)("should construct a valid script url with data-popups-disabled attribute", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-popups-disabled": "true"
}
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const dataPopUsDisabled = $("script").attr("data-popups-disabled");
if (dataPopUsDisabled !== "true") {
throw new Error(`Expected dataPopUsDisabled to be true - got ${dataPopUsDisabled}`);
}
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
const result = $("script").attr("data-dummy-id");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
if (result !== undefined) {
throw new Error(`Expected invalid attribute to be undefined - got ${result}`);
}
});
(0, _vitest.test)("should error out with an unsecure protocol", () => {
const sdkUrl = "http://www.paypal.com/sdk/js?client-id=foo&";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
});
(0, _vitest.test)("should construct a valid localhost script url", () => {
const sdkUrl = "http://localhost.paypal.com:8000/sdk/js?client-id=foo";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an invalid protocol", () => {
const sdkUrl = "meep://www.paypal.com/sdk/js?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should unpack a valid sdk meta bundle with a component", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo&components=buttons";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an invalid protocol in localhost", () => {
const sdkUrl = "meep://localhost.paypal.com:8000/sdk/js?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should unpack a valid sdk meta bundle with multiple components", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo&components=buttons,hosted-fields";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an invalid host", () => {
const sdkUrl = "https://?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should unpack a valid sdk meta bundle with multiple merchant-id email addresses", () => {
const emails = ["test@gmail.com", "foo@bar.com", "test@test.org.uk", "test-test@test.com", "test.test@test.com", "test@test@test.com"];
const sdkUrl = `https://www.paypal.com/sdk/js?client-id=foo&merchant-id=${emails.map(anEmail => encodeURIComponent(anEmail)).join(",")}`;
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with no path", () => {
const sdkUrl = "https://www.paypal.com?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should error out from invalid merchant-id email addresses", () => {
const emails = ["@", "@io", "@test.com", "name@"];
emails.forEach(email => {
const sdkUrl = `https://www.paypal.com/sdk/js?client-id=foo&merchant-id=${email}`;
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown for ${sdkUrl}`);
}
});
});
(0, _vitest.test)("should error from very long merchant-id email addresses", () => {
const longEmail = `${"a-very-long-email".repeat(20)}@a-very-long-domain.com`;
const sdkUrl = `https://www.paypal.com/sdk/js?client-id=foo&merchant-id=${longEmail}`;
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown for ${sdkUrl}`);
}
});
(0, _vitest.test)("should construct a valid script url with multiple merchant ids", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo";
const merchantId = "abcd1234, abcd5678";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-merchant-id": merchantId
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an invalid path", () => {
const sdkUrl = "https://www.paypal.com/sdk/meep?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
const dataMerchantId = $("script").attr("data-merchant-id");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
if (dataMerchantId !== merchantId) {
throw new Error(`Expected data-merchant-id to be ${merchantId} - got ${dataMerchantId}`);
}
});
(0, _vitest.test)("should construct a valid script url with a single merchant id in the url", () => {
const merchantId = "UYEGJNV75RAJQ";
const sdkUrl = `https://www.paypal.com/sdk/js?client-id=foo&merchant-id=${merchantId}`;
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an invalid legacy path", () => {
const sdkUrl = "https://www.paypalobjects.com/foo.js";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid script url without invalid attributes", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-dummy-id": "abcd"
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an empty query param", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with a duplicated query param", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo&client-id=bar";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an invalid query param", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo&foo=bar";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an invalid query value", () => {
const sdkUrl = 'https://www.paypal.com/sdk/js?client-id="foo"';
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with a hash", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo#bar";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should construct a valid loader even when no url passed", () => {
const sdkUrl = "https://www.paypalobjects.com/api/checkout.js";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)();
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script").html();
let scriptTag;
const window = {
name: "xcomponent__ppcheckout__latest__abc12345"
};
const document = {
write: html => {
scriptTag = html;
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
const result = $("script").attr("data-dummy-id");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
};
eval(script);
const $$ = _cheerio.default.load(scriptTag);
const scriptz = $$("script[data-paypal-checkout]");
const src = scriptz.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid minified loader even when no url passed", () => {
const sdkUrl = "https://www.paypalobjects.com/api/checkout.min.js";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)();
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script").html();
let scriptTag;
const window = {
name: "xcomponent__ppcheckout__min__abc12345"
};
const document = {
write: html => {
scriptTag = html;
if (result !== undefined) {
throw new Error(`Expected invalid attribute to be undefined - got ${result}`);
}
};
eval(script);
const $$ = _cheerio.default.load(scriptTag);
const src = $$("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid version loader even when no url passed", () => {
const sdkUrl = "https://www.paypalobjects.com/api/checkout.4.0.435.js";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)();
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script").html();
let scriptTag;
const window = {
name: "xcomponent__ppcheckout__4_0_435__abc12345"
};
const document = {
write: html => {
scriptTag = html;
});
(0, _vitest.test)("should error out with an unsecure protocol", () => {
const sdkUrl = "http://www.paypal.com/sdk/js?client-id=foo&";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
};
eval(script);
const $$ = _cheerio.default.load(scriptTag);
const src = $$("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid loader even when no url passed with version 4", () => {
const sdkUrl = "https://www.paypalobjects.com/api/checkout.js";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)();
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script").html();
let scriptTag;
const window = {
name: "xcomponent__ppcheckout__4__abc12345"
};
const document = {
write: html => {
scriptTag = html;
if (!error) {
throw new Error(`Expected error to be thrown`);
}
};
eval(script);
const $$ = _cheerio.default.load(scriptTag);
const scriptz = $$("script[data-paypal-checkout]");
const src = scriptz.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid loader even when no url passed with version 5 in a popup", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foobarbaz";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)();
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script").html();
let scriptTag;
const window = {
opener: {
document: {
querySelector: selector => {
if (selector !== 'script[src*="/sdk/js"]') {
throw new Error(`Expected selector to be 'script[src*="/sdk/js"]', got ${selector}`);
});
(0, _vitest.test)("should error out with an invalid protocol", () => {
const sdkUrl = "meep://www.paypal.com/sdk/js?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an invalid protocol in localhost", () => {
const sdkUrl = "meep://localhost.paypal.com:8000/sdk/js?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an empty query param", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with a duplicated query param", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo&client-id=bar";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an invalid query param", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo&foo=bar";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an invalid query value", () => {
const sdkUrl = 'https://www.paypal.com/sdk/js?client-id="foo"';
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with a hash", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo#bar";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should construct a valid loader even when no url passed with version 5 in a popup", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foobarbaz";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)();
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script").html();
let scriptTag;
const window = {
opener: {
document: {
querySelector: selector => {
if (selector !== 'script[src*="/sdk/js"]') {
throw new Error(`Expected selector to be 'script[src*="/sdk/js"]', got ${selector}`);
}
return {
src: sdkUrl
};
}
return {
src: sdkUrl
};
}
}
};
const document = {
write: html => {
scriptTag = html;
}
};
eval(script);
const $$ = _cheerio.default.load(scriptTag);
const scriptz = $$("script");
const src = scriptz.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
};
const document = {
write: html => {
scriptTag = html;
}
};
eval(script);
const $$ = _cheerio.default.load(scriptTag);
const scriptz = $$("script");
const src = scriptz.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid loader even when no url passed with version 5 in an iframe", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foobarbaz";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)();
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script").html();
let scriptTag;
const window = {
parent: {
document: {
querySelector: selector => {
if (selector !== 'script[src*="/sdk/js"]') {
throw new Error(`Expected selector to be 'script[src*="/sdk/js"]', got ${selector}`);
});
(0, _vitest.test)("should construct a valid loader even when no url passed with version 5 in an iframe", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foobarbaz";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)();
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script").html();
let scriptTag;
const window = {
parent: {
document: {
querySelector: selector => {
if (selector !== 'script[src*="/sdk/js"]') {
throw new Error(`Expected selector to be 'script[src*="/sdk/js"]', got ${selector}`);
}
return {
src: sdkUrl
};
}
return {
src: sdkUrl
};
}
}
};
const document = {
write: html => {
scriptTag = html;
}
};
eval(script);
const $$ = _cheerio.default.load(scriptTag);
const scriptz = $$("script");
const src = scriptz.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
};
const document = {
write: html => {
scriptTag = html;
});
(0, _vitest.test)("should error out if a non http or https url passed for the sdk", () => {
const sdkUrl = "data://www.paypal.com/sdk/js?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
};
eval(script);
const $$ = _cheerio.default.load(scriptTag);
const scriptz = $$("script");
const src = scriptz.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should error out if a non http or https url passed", () => {
const sdkUrl = "data://www.paypalobjects.com/api/checkout.js";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out if a double && passed in the sdk url", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo&&currency=USD";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out if sdk url ends with &", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo&";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should construct a valid script url hosted on www.paypal.cn", () => {
const sdkUrl = "https://www.paypal.cn/sdk/js?client-id=foo";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out if a non http or https url passed for the sdk", () => {
const sdkUrl = "data://www.paypal.com/sdk/js?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out if special characters are passed in the checkout.js path", () => {
const sdkUrl = "https://www.paypalobjects.com/**/checkout.js";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out if a double && passed in the sdk url", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo&&currency=USD";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out if sdk url ends with &", () => {
const sdkUrl = "https://www.paypal.com/sdk/js?client-id=foo&";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should construct a valid script url with paypalobjects on http", () => {
const sdkUrl = "http://www.paypalobjects.com/api/checkout.js";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script[data-paypal-checkout]");
const src = script.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid min script url with paypalobjects on http", () => {
const sdkUrl = "http://www.paypalobjects.com/api/checkout.min.js";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script[data-paypal-checkout]");
const src = script.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid script url hosted on objects.paypal.cn", () => {
const sdkUrl = "http://www.objects.paypal.cn/api/checkout.js";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script[data-paypal-checkout]");
const src = script.attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)("should construct a valid script url hosted on www.paypal.cn", () => {
const sdkUrl = "https://www.paypal.cn/sdk/js?client-id=foo";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
});
(0, _vitest.test)('should error when the script url does not start with "https://" or "http://"', () => {
const sdkUrl = "\uFEFFhttps://www.paypal.com/sdk/js?client-id=foo";
const sdkUrlLegacy = "\uFEFFhttp://www.paypalobjects.com/api/checkout.js";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrlLegacy
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error when invalid characters are found in the subdomain - we allow letters, numbers, . and -", () => {
const sdkUrl = "https://\uff3cU0022\uff3cU003E\uff3cU003C\uff3cU002Fscript\uff3cU003E\uff3cU003Ciframe\uff3cU0020srcdoc\uff3cU003D\uff3cU0027.www.paypal.com/sdk/js?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should construct a valid web-sdk bridge url", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?version=1.2.3&origin=https%3A%2F%2Fwww.example.com%3A8000";
const sdkUID = "abc123";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-uid": sdkUID
const $ = _cheerio.default.load(getSDKLoader());
const src = $("script").attr("src");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
})).toString("base64"));
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script");
const src = script.attr("src");
const uid = script.attr("data-uid");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
if (uid !== sdkUID) {
throw new Error(`Expected data UID be ${sdkUID} - got ${uid}`);
}
});
(0, _vitest.test)('should error when the script url does not start with "https://" or "http://"', () => {
const sdkUrl = "\uFEFFhttps://www.paypal.com/sdk/js?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrlLegacy
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error when invalid characters are found in the subdomain - we allow letters, numbers, . and -", () => {
const sdkUrl = "https://\uff3cU0022\uff3cU003E\uff3cU003C\uff3cU002Fscript\uff3cU003E\uff3cU003Ciframe\uff3cU0020srcdoc\uff3cU003D\uff3cU0027.www.paypal.com/sdk/js?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
});
(0, _vitest.test)("should error when extra parameters are present", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?version=1.2.3&origin=https%3A%2F%2Fwww.example.com%3A8000&name=value";
let error = null;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
(0, _vitest.describe)("loading /web-sdk/v6", () => {
(0, _vitest.test)("should construct a valid web-sdk bridge url", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?version=1.2.3&origin=https%3A%2F%2Fwww.example.com%3A8000";
const sdkUID = "abc123";
const {
getSDKLoader
} = (0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-uid": "abc123"
"data-uid": sdkUID
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error("Expected error to be thrown");
}
const $ = _cheerio.default.load(getSDKLoader());
const script = $("script");
const src = script.attr("src");
const uid = script.attr("data-uid");
if (src !== sdkUrl) {
throw new Error(`Expected script url to be ${sdkUrl} - got ${src}`);
}
if (uid !== sdkUID) {
throw new Error(`Expected data UID be ${sdkUID} - got ${uid}`);
}
});
(0, _vitest.test)("should error when extra parameters are present", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?version=1.2.3&origin=https%3A%2F%2Fwww.example.com%3A8000&name=value";
let error = null;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-uid": "abc123"
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error("Expected error to be thrown");
}
});
(0, _vitest.test)("should error when the version parameter is missing", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?origin=https%3A%2F%2Fwww.example.com%3A8000";
let error = null;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-uid": "abc123"
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error("Expected error to be thrown");
}
});
(0, _vitest.test)("should error when the version parameter is invalid", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?version=^1.2.3&origin=https%3A%2F%2Fwww.example.com%3A8000";
let error = null;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-uid": "abc123"
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error("Expected error to be thrown");
}
});
(0, _vitest.test)("should error when the origin parameter is missing", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?version=1.2.3";
let error = null;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-uid": "abc123"
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error("Expected error to be thrown");
}
});
(0, _vitest.test)("should error when the origin parameter is invalid", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?version=1.2.3&origin=example";
let error = null;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-uid": "abc123"
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error("Expected error to be thrown");
}
});
(0, _vitest.test)("should error when the origin parameter is not just the origin", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?version=1.2.3&origin=https%3A%2F%2Fwww.example.com%3A8000%2Fpath";
let error = null;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-uid": "abc123"
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error("Expected error to be thrown");
}
});
});
(0, _vitest.test)("should error when the version parameter is missing", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?origin=https%3A%2F%2Fwww.example.com%3A8000";
let error = null;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-uid": "abc123"
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error("Expected error to be thrown");
}
});
(0, _vitest.test)("should error when the version parameter is invalid", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?version=^1.2.3&origin=https%3A%2F%2Fwww.example.com%3A8000";
let error = null;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-uid": "abc123"
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error("Expected error to be thrown");
}
});
(0, _vitest.test)("should error when the origin parameter is missing", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?version=1.2.3";
let error = null;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-uid": "abc123"
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error("Expected error to be thrown");
}
});
(0, _vitest.test)("should error when the origin parameter is invalid", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?version=1.2.3&origin=example";
let error = null;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-uid": "abc123"
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error("Expected error to be thrown");
}
});
(0, _vitest.test)("should error when the origin parameter is not just the origin", () => {
const sdkUrl = "https://www.paypal.com/web-sdk/v6/bridge?version=1.2.3&origin=https%3A%2F%2Fwww.example.com%3A8000%2Fpath";
let error = null;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl,
attrs: {
"data-uid": "abc123"
}
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error("Expected error to be thrown");
}
(0, _vitest.describe)("loading invalid urls", () => {
(0, _vitest.test)("should error out with an invalid host", () => {
const sdkUrl = "https://?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with no path", () => {
const sdkUrl = "https://www.paypal.com?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an invalid path", () => {
const sdkUrl = "https://www.paypal.com/sdk/meep?client-id=foo";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
(0, _vitest.test)("should error out with an invalid legacy path", () => {
const sdkUrl = "https://www.paypalobjects.com/foo.js";
let error;
try {
(0, _.unpackSDKMeta)(Buffer.from(JSON.stringify({
url: sdkUrl
})).toString("base64"));
} catch (err) {
error = err;
}
if (!error) {
throw new Error(`Expected error to be thrown`);
}
});
});
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc