@tramvai/safe-strings
Advanced tools
Comparing version 0.5.6 to 0.5.7
@@ -1,93 +0,4 @@ | ||
import reduce from '@tinkoff/utils/array/reduce'; | ||
// source https://github.com/preactjs/preact-render-to-string/blob/60075a5a7389d638d535c85f3706739e9ba932bc/src/util.js | ||
// perf https://esbench.com/bench/5f88af6cb4632100a7dcd414 | ||
const ENCODED_ENTITIES = /[<\u2028\u2029]/; | ||
/** | ||
* Stringify object to safe for evaluation json string | ||
* | ||
* @param {*} json | ||
* @return {String} safe for evaluation json string | ||
* @example | ||
* | ||
* safeStringify({ s:'test string' }) // => '{ "s":"test string" }' | ||
* safeStringify({ s:'some\u2028 test\u2029' }) // => '{ "s": "some\\u2028 test\\u2029" }' | ||
*/ | ||
function encodeEntities(str) { | ||
// Skip all work for strings with no entities needing encoding: | ||
if (str.length === 0 || ENCODED_ENTITIES.test(str) === false) | ||
return str; | ||
let last = 0; | ||
let i = 0; | ||
let out = ''; | ||
let ch = ''; | ||
// Seek forward in str until the next entity char: | ||
for (; i < str.length; i++) { | ||
switch (str.charCodeAt(i)) { | ||
case 60: // < | ||
ch = '\\u003C'; | ||
break; | ||
case 8232: // u2028 symbol (line separator) | ||
ch = '\\u2028'; | ||
break; | ||
case 8233: // u2029 symbol (paragraph separator) | ||
ch = '\\u2029'; | ||
break; | ||
default: | ||
continue; | ||
} | ||
// Append skipped/buffered characters and the encoded entity: | ||
if (i !== last) | ||
out += str.slice(last, i); | ||
out += ch; | ||
// Start the next seek/buffer after the entity's offset: | ||
last = i + 1; | ||
} | ||
if (i !== last) | ||
out += str.slice(last, i); | ||
return out; | ||
} | ||
const safeStringify$1 = (json) => { | ||
return encodeEntities(JSON.stringify(json)); | ||
}; | ||
const safeParseJSON = (str, defaultValue = null) => { | ||
// old version of node has memory leak if use json.parse with undefined value https://github.com/nodejs/node/issues/33266#issuecomment-638532113 | ||
if (str === undefined) { | ||
return defaultValue; | ||
} | ||
try { | ||
return JSON.parse(str); | ||
} | ||
catch (error) { | ||
return defaultValue; | ||
} | ||
}; | ||
const safeStringify = (value, replacer, space) => { | ||
const seen = new Set(); | ||
const replace = replacer || ((val) => val); | ||
return JSON.stringify(value, (_, val) => { | ||
if (!val || typeof val !== 'object') { | ||
return replace(val); | ||
} | ||
if (seen.has(val)) { | ||
return '[~Circular~]'; | ||
} | ||
seen.add(val); | ||
return replace(val); | ||
}, space); | ||
}; | ||
const safeStringifyJSON = (value, replacer, space) => { | ||
try { | ||
return JSON.stringify(value, replacer, space); | ||
} | ||
catch (err) { | ||
return safeStringify(value, replacer, space); | ||
} | ||
}; | ||
const xssPossibleTags = [/<link[^>]+>/gi, /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script\s*>/gi]; | ||
const removeXss = (referrer = '') => reduce((newReferrer, regexp) => newReferrer.replace(regexp, ''), referrer, xssPossibleTags); | ||
export { removeXss, safeParseJSON, safeStringify$1 as safeStringify, safeStringifyJSON }; | ||
export { safeStringify } from './safeStringify.es.js'; | ||
export { safeParseJSON } from './safeParseJSON.es.js'; | ||
export { safeStringifyJSON } from './safeStringifyJSON.es.js'; | ||
export { removeXss } from './removeXss.es.js'; |
105
lib/utils.js
@@ -5,101 +5,12 @@ 'use strict'; | ||
var reduce = require('@tinkoff/utils/array/reduce'); | ||
var safeStringify = require('./safeStringify.js'); | ||
var safeParseJSON = require('./safeParseJSON.js'); | ||
var safeStringifyJSON = require('./safeStringifyJSON.js'); | ||
var removeXss = require('./removeXss.js'); | ||
function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; } | ||
var reduce__default = /*#__PURE__*/_interopDefaultLegacy(reduce); | ||
// source https://github.com/preactjs/preact-render-to-string/blob/60075a5a7389d638d535c85f3706739e9ba932bc/src/util.js | ||
// perf https://esbench.com/bench/5f88af6cb4632100a7dcd414 | ||
const ENCODED_ENTITIES = /[<\u2028\u2029]/; | ||
/** | ||
* Stringify object to safe for evaluation json string | ||
* | ||
* @param {*} json | ||
* @return {String} safe for evaluation json string | ||
* @example | ||
* | ||
* safeStringify({ s:'test string' }) // => '{ "s":"test string" }' | ||
* safeStringify({ s:'some\u2028 test\u2029' }) // => '{ "s": "some\\u2028 test\\u2029" }' | ||
*/ | ||
function encodeEntities(str) { | ||
// Skip all work for strings with no entities needing encoding: | ||
if (str.length === 0 || ENCODED_ENTITIES.test(str) === false) | ||
return str; | ||
let last = 0; | ||
let i = 0; | ||
let out = ''; | ||
let ch = ''; | ||
// Seek forward in str until the next entity char: | ||
for (; i < str.length; i++) { | ||
switch (str.charCodeAt(i)) { | ||
case 60: // < | ||
ch = '\\u003C'; | ||
break; | ||
case 8232: // u2028 symbol (line separator) | ||
ch = '\\u2028'; | ||
break; | ||
case 8233: // u2029 symbol (paragraph separator) | ||
ch = '\\u2029'; | ||
break; | ||
default: | ||
continue; | ||
} | ||
// Append skipped/buffered characters and the encoded entity: | ||
if (i !== last) | ||
out += str.slice(last, i); | ||
out += ch; | ||
// Start the next seek/buffer after the entity's offset: | ||
last = i + 1; | ||
} | ||
if (i !== last) | ||
out += str.slice(last, i); | ||
return out; | ||
} | ||
const safeStringify$1 = (json) => { | ||
return encodeEntities(JSON.stringify(json)); | ||
}; | ||
const safeParseJSON = (str, defaultValue = null) => { | ||
// old version of node has memory leak if use json.parse with undefined value https://github.com/nodejs/node/issues/33266#issuecomment-638532113 | ||
if (str === undefined) { | ||
return defaultValue; | ||
} | ||
try { | ||
return JSON.parse(str); | ||
} | ||
catch (error) { | ||
return defaultValue; | ||
} | ||
}; | ||
const safeStringify = (value, replacer, space) => { | ||
const seen = new Set(); | ||
const replace = replacer || ((val) => val); | ||
return JSON.stringify(value, (_, val) => { | ||
if (!val || typeof val !== 'object') { | ||
return replace(val); | ||
} | ||
if (seen.has(val)) { | ||
return '[~Circular~]'; | ||
} | ||
seen.add(val); | ||
return replace(val); | ||
}, space); | ||
}; | ||
const safeStringifyJSON = (value, replacer, space) => { | ||
try { | ||
return JSON.stringify(value, replacer, space); | ||
} | ||
catch (err) { | ||
return safeStringify(value, replacer, space); | ||
} | ||
}; | ||
const xssPossibleTags = [/<link[^>]+>/gi, /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script\s*>/gi]; | ||
const removeXss = (referrer = '') => reduce__default["default"]((newReferrer, regexp) => newReferrer.replace(regexp, ''), referrer, xssPossibleTags); | ||
exports.removeXss = removeXss; | ||
exports.safeParseJSON = safeParseJSON; | ||
exports.safeStringify = safeStringify$1; | ||
exports.safeStringifyJSON = safeStringifyJSON; | ||
exports.safeStringify = safeStringify.safeStringify; | ||
exports.safeParseJSON = safeParseJSON.safeParseJSON; | ||
exports.safeStringifyJSON = safeStringifyJSON.safeStringifyJSON; | ||
exports.removeXss = removeXss.removeXss; |
{ | ||
"name": "@tramvai/safe-strings", | ||
"version": "0.5.6", | ||
"version": "0.5.7", | ||
"description": "", | ||
@@ -15,5 +15,4 @@ "main": "lib/utils.js", | ||
"scripts": { | ||
"build": "tramvai-build --for-publish", | ||
"watch": "tsc -w", | ||
"build-for-publish": "true" | ||
"build": "tramvai-build --forPublish --preserveModules", | ||
"watch": "tsc -w" | ||
}, | ||
@@ -20,0 +19,0 @@ "dependencies": { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Unpopular package
QualityThis package is not very popular.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
8838
17
214
540
1
1