@slack/oauth - npm Package Compare versions

Comparing version 2.6.0 to 2.6.1

dist/callback-options.d.ts

@@ -35,2 +35,3 @@ /// <reference types="node" />
 export declare function defaultCallbackFailure(error: CodedError, _options: InstallURLOptions, _req: IncomingMessage, res: ServerResponse): void;
+export declare function escapeHtml(input: string | undefined | null): string;
 //# sourceMappingURL=callback-options.d.ts.map

dist/callback-options.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.defaultCallbackFailure = exports.defaultCallbackSuccess = void 0;
+exports.escapeHtml = exports.defaultCallbackFailure = exports.defaultCallbackSuccess = void 0;
 var errors_1 = require("./errors");
@@ -26,3 +26,3 @@ // Default function to call when OAuth flow is successful
     }
-    var htmlResponse = "<html>\n  <head>\n  <meta http-equiv=\"refresh\" content=\"0; URL=".concat(redirectUrl, "\">\n  <style>\n  body {\n    padding: 10px 15px;\n    font-family: verdana;\n    text-align: center;\n  }\n  </style>\n  </head>\n  <body>\n  <h2>Thank you!</h2>\n  <p>Redirecting to the Slack App... click <a href=\"").concat(redirectUrl, "\">here</a>. If you use the browser version of Slack, click <a href=\"").concat(browserUrl, "\" target=\"_blank\">this link</a> instead.</p>\n  </body>\n  </html>");
+    var htmlResponse = "<html>\n  <head>\n  <meta http-equiv=\"refresh\" content=\"0; URL=".concat(escapeHtml(redirectUrl), "\">\n  <style>\n  body {\n    padding: 10px 15px;\n    font-family: verdana;\n    text-align: center;\n  }\n  </style>\n  </head>\n  <body>\n  <h2>Thank you!</h2>\n  <p>Redirecting to the Slack App... click <a href=\"").concat(escapeHtml(redirectUrl), "\">here</a>. If you use the browser version of Slack, click <a href=\"").concat(escapeHtml(browserUrl), "\" target=\"_blank\">this link</a> instead.</p>\n  </body>\n  </html>");
     res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
@@ -45,3 +45,3 @@ res.end(htmlResponse);
     res.writeHead(httpStatus, { 'Content-Type': 'text/html; charset=utf-8' });
-    var html = "<html>\n  <head>\n  <style>\n  body {\n    padding: 10px 15px;\n    font-family: verdana;\n    text-align: center;\n  }\n  </style>\n  </head>\n  <body>\n  <h2>Oops, Something Went Wrong!</h2>\n  <p>Please try again or contact the app owner (reason: ".concat(error.code, ")</p>\n  </body>\n  </html>");
+    var html = "<html>\n  <head>\n  <style>\n  body {\n    padding: 10px 15px;\n    font-family: verdana;\n    text-align: center;\n  }\n  </style>\n  </head>\n  <body>\n  <h2>Oops, Something Went Wrong!</h2>\n  <p>Please try again or contact the app owner (reason: ".concat(escapeHtml(error.code), ")</p>\n  </body>\n  </html>");
     res.end(html);
@@ -60,2 +60,13 @@ }
 }
+function escapeHtml(input) {
+    if (input) {
+        return input.replace(/&/g, '&amp;')
+            .replace(/</g, '&lt;')
+            .replace(/>/g, '&gt;')
+            .replace(/"/g, '&quot;')
+            .replace(/'/g, '&#x27;');
+    }
+    return '';
+}
+exports.escapeHtml = escapeHtml;
 //# sourceMappingURL=callback-options.js.map

package.json

 {
   "name": "@slack/oauth",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "description": "Official library for interacting with Slack's Oauth endpoints",
@@ -5,0 +5,0 @@ "author": "Slack Technologies, LLC",

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

192889

increased by0.45%

Lines of code

2148

increased by0.56%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes