@tramvai/safe-strings - npm Package Compare versions

lib/removeXss.es.js

lib/removeXss.js

lib/safeParseJSON.es.js

lib/safeParseJSON.js

lib/safeStringify.es.js

lib/safeStringify.js

lib/safeStringifyJSON.es.js

lib/safeStringifyJSON.js

97

lib/utils.es.js

		@@ -1,93 +0,4 @@
		import reduce from '@tinkoff/utils/array/reduce';

		// source https://github.com/preactjs/preact-render-to-string/blob/60075a5a7389d638d535c85f3706739e9ba932bc/src/util.js
		// perf https://esbench.com/bench/5f88af6cb4632100a7dcd414
		const ENCODED_ENTITIES = /[<\u2028\u2029]/;
		/**
		* Stringify object to safe for evaluation json string
		*
		* @param {*} json
		* @return {String} safe for evaluation json string
		* @example
		*
		* safeStringify({ s:'test string' }) // => '{ "s":"test string" }'
		* safeStringify({ s:'some\u2028 test\u2029' }) // => '{ "s": "some\\u2028 test\\u2029" }'
		*/
		function encodeEntities(str) {
		// Skip all work for strings with no entities needing encoding:
		if (str.length === 0 \|\| ENCODED_ENTITIES.test(str) === false)
		return str;
		let last = 0;
		let i = 0;
		let out = '';
		let ch = '';
		// Seek forward in str until the next entity char:
		for (; i < str.length; i++) {
		switch (str.charCodeAt(i)) {
		case 60: // <
		ch = '\\u003C';
		break;
		case 8232: // u2028 symbol (line separator)
		ch = '\\u2028';
		break;
		case 8233: // u2029 symbol (paragraph separator)
		ch = '\\u2029';
		break;
		default:
		continue;
		}
		// Append skipped/buffered characters and the encoded entity:
		if (i !== last)
		out += str.slice(last, i);
		out += ch;
		// Start the next seek/buffer after the entity's offset:
		last = i + 1;
		}
		if (i !== last)
		out += str.slice(last, i);
		return out;
		}
		const safeStringify$1 = (json) => {
		return encodeEntities(JSON.stringify(json));
		};

		const safeParseJSON = (str, defaultValue = null) => {
		// old version of node has memory leak if use json.parse with undefined value https://github.com/nodejs/node/issues/33266#issuecomment-638532113
		if (str === undefined) {
		return defaultValue;
		}
		try {
		return JSON.parse(str);
		}
		catch (error) {
		return defaultValue;
		}
		};

		const safeStringify = (value, replacer, space) => {
		const seen = new Set();
		const replace = replacer \|\| ((val) => val);
		return JSON.stringify(value, (_, val) => {
		if (!val \|\| typeof val !== 'object') {
		return replace(val);
		}
		if (seen.has(val)) {
		return '[~Circular~]';
		}
		seen.add(val);
		return replace(val);
		}, space);
		};
		const safeStringifyJSON = (value, replacer, space) => {
		try {
		return JSON.stringify(value, replacer, space);
		}
		catch (err) {
		return safeStringify(value, replacer, space);
		}
		};

		const xssPossibleTags = [/<link[^>]+>/gi, /<script\b[^<](?:(?!<\/script>)<[^<])<\/script\s>/gi];
		const removeXss = (referrer = '') => reduce((newReferrer, regexp) => newReferrer.replace(regexp, ''), referrer, xssPossibleTags);

		export { removeXss, safeParseJSON, safeStringify$1 as safeStringify, safeStringifyJSON };
		export { safeStringify } from './safeStringify.es.js';
		export { safeParseJSON } from './safeParseJSON.es.js';
		export { safeStringifyJSON } from './safeStringifyJSON.es.js';
		export { removeXss } from './removeXss.es.js';

105

lib/utils.js

		@@ -5,101 +5,12 @@ 'use strict';

		var reduce = require('@tinkoff/utils/array/reduce');
		var safeStringify = require('./safeStringify.js');
		var safeParseJSON = require('./safeParseJSON.js');
		var safeStringifyJSON = require('./safeStringifyJSON.js');
		var removeXss = require('./removeXss.js');

		function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }

		var reduce__default = /#__PURE__/_interopDefaultLegacy(reduce);

		// source https://github.com/preactjs/preact-render-to-string/blob/60075a5a7389d638d535c85f3706739e9ba932bc/src/util.js
		// perf https://esbench.com/bench/5f88af6cb4632100a7dcd414
		const ENCODED_ENTITIES = /[<\u2028\u2029]/;
		/**
		* Stringify object to safe for evaluation json string
		*
		* @param {*} json
		* @return {String} safe for evaluation json string
		* @example
		*
		* safeStringify({ s:'test string' }) // => '{ "s":"test string" }'
		* safeStringify({ s:'some\u2028 test\u2029' }) // => '{ "s": "some\\u2028 test\\u2029" }'
		*/
		function encodeEntities(str) {
		// Skip all work for strings with no entities needing encoding:
		if (str.length === 0 \|\| ENCODED_ENTITIES.test(str) === false)
		return str;
		let last = 0;
		let i = 0;
		let out = '';
		let ch = '';
		// Seek forward in str until the next entity char:
		for (; i < str.length; i++) {
		switch (str.charCodeAt(i)) {
		case 60: // <
		ch = '\\u003C';
		break;
		case 8232: // u2028 symbol (line separator)
		ch = '\\u2028';
		break;
		case 8233: // u2029 symbol (paragraph separator)
		ch = '\\u2029';
		break;
		default:
		continue;
		}
		// Append skipped/buffered characters and the encoded entity:
		if (i !== last)
		out += str.slice(last, i);
		out += ch;
		// Start the next seek/buffer after the entity's offset:
		last = i + 1;
		}
		if (i !== last)
		out += str.slice(last, i);
		return out;
		}
		const safeStringify$1 = (json) => {
		return encodeEntities(JSON.stringify(json));
		};

		const safeParseJSON = (str, defaultValue = null) => {
		// old version of node has memory leak if use json.parse with undefined value https://github.com/nodejs/node/issues/33266#issuecomment-638532113
		if (str === undefined) {
		return defaultValue;
		}
		try {
		return JSON.parse(str);
		}
		catch (error) {
		return defaultValue;
		}
		};

		const safeStringify = (value, replacer, space) => {
		const seen = new Set();
		const replace = replacer \|\| ((val) => val);
		return JSON.stringify(value, (_, val) => {
		if (!val \|\| typeof val !== 'object') {
		return replace(val);
		}
		if (seen.has(val)) {
		return '[~Circular~]';
		}
		seen.add(val);
		return replace(val);
		}, space);
		};
		const safeStringifyJSON = (value, replacer, space) => {
		try {
		return JSON.stringify(value, replacer, space);
		}
		catch (err) {
		return safeStringify(value, replacer, space);
		}
		};

		const xssPossibleTags = [/<link[^>]+>/gi, /<script\b[^<](?:(?!<\/script>)<[^<])<\/script\s>/gi];
		const removeXss = (referrer = '') => reduce__default["default"]((newReferrer, regexp) => newReferrer.replace(regexp, ''), referrer, xssPossibleTags);

		exports.removeXss = removeXss;
		exports.safeParseJSON = safeParseJSON;
		exports.safeStringify = safeStringify$1;
		exports.safeStringifyJSON = safeStringifyJSON;
		exports.safeStringify = safeStringify.safeStringify;
		exports.safeParseJSON = safeParseJSON.safeParseJSON;
		exports.safeStringifyJSON = safeStringifyJSON.safeStringifyJSON;
		exports.removeXss = removeXss.removeXss;

7

package.json

		{
		"name": "@tramvai/safe-strings",
		"version": "0.5.6",
		"version": "0.5.7",
		"description": "",
		@@ -15,5 +15,4 @@ "main": "lib/utils.js",
		"scripts": {
		"build": "tramvai-build --for-publish",
		"watch": "tsc -w",
		"build-for-publish": "true"
		"build": "tramvai-build --forPublish --preserveModules",
		"watch": "tsc -w"
		},
		@@ -20,0 +19,0 @@ "dependencies": {

@tramvai/safe-strings - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics