Socket
Socket
Sign inDemoInstall

@ui5/webcomponents-base

Package Overview
Dependencies
Maintainers
5
Versions
482
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@ui5/webcomponents-base - npm Package Compare versions

Comparing version 1.22.0-rc.1 to 1.22.0-rc.2

dist/sap/base/config/MemoryConfigurationProvider.js
dist/sap/base/util/uid.js

7

dist/decorators/event.d.ts

@@ -1,2 +0,1 @@

import { EventData } from "../UI5ElementMetadata.js";
/**

@@ -9,3 +8,7 @@ * Returns an event class decorator.

*/
declare const event: (name: string, data?: EventData) => ClassDecorator;
declare const event: <EventDetail>(name: string, data?: {
detail?: Record<keyof EventDetail, {
type: any;
}> | undefined;
}) => ClassDecorator;
export default event;

6

dist/generated/VersionInfo.js
const VersionInfo = {
version: "1.22.0-rc.0",
version: "1.22.0-rc.1",
major: 1,
minor: 22,
patch: 0,
suffix: "-rc.0",
suffix: "-rc.1",
isNext: false,
buildTime: 1705565122,
buildTime: 1706169926,
};
export default VersionInfo;
//# sourceMappingURL=VersionInfo.js.map

29

dist/sap/base/assert.js

@@ -0,7 +1,34 @@

// TODO-evo:assert on node throws an error if the assertion is violated
/**
* A simple assertion mechanism that logs a message when a given condition is not met.
*
* <b>Note:</b> Calls to this method might be removed when the JavaScript code
* is optimized during build. Therefore, callers should not rely on any side effects
* of this method.
*
* @function
* @since 1.58
* @alias module:sap/base/assert
* @param {boolean} bResult Result of the checked assertion
* @param {string|function():any} vMessage Message that will be logged when the result is <code>false</code>.
* In case this is a function, the return value of the function will be displayed. This can be used to execute
* complex code only if the assertion fails.
* @public
* @SecSink {1|SECRET} Could expose secret data in logs
*
*/ /*!
* OpenUI5
* (c) Copyright 2009-2024 SAP SE or an SAP affiliate company.
* Licensed under the Apache License, Version 2.0 - see LICENSE.txt.
*/
var fnAssert = function (bResult, vMessage) {
if (!bResult) {
var sMessage = typeof vMessage === "function" ? vMessage() : vMessage;
/*eslint-disable no-console */
console.assert(bResult, sMessage);
/*eslint-enable no-console */
}
};
export default fnAssert;
export default fnAssert;

884

dist/sap/base/Log.js

@@ -1,240 +0,750 @@

import now from './util/now.js';
/*!
* OpenUI5
* (c) Copyright 2009-2024 SAP SE or an SAP affiliate company.
* Licensed under the Apache License, Version 2.0 - see LICENSE.txt.
*/
import BaseConfig from "./config.js";
import now from "./util/now.js";
/**
* A Logging API for JavaScript.
*
* Provides methods to manage a client-side log and to create entries in it. Each of the logging methods
* {@link module:sap/base/Log.debug}, {@link module:sap/base/Log.info}, {@link module:sap/base/Log.warning},
* {@link module:sap/base/Log.error} and {@link module:sap/base/Log.fatal} creates and records a log entry,
* containing a timestamp, a log level, a message with details and a component info.
* The log level will be one of {@link module:sap/base/Log.Level} and equals the name of the concrete logging method.
*
* By using the {@link module:sap/base/Log.setLevel} method, consumers can determine the least important
* log level which should be recorded. Less important entries will be filtered out. (Note that higher numeric
* values represent less important levels). The initially set level depends on the mode that UI5 is running in.
* When the optimized sources are executed, the default level will be {@link module:sap/base/Log.Level.ERROR}.
* For normal (debug sources), the default level is {@link module:sap/base/Log.Level.DEBUG}.
*
* All logging methods allow to specify a <b>component</b>. These components are simple strings and
* don't have a special meaning to the UI5 framework. However they can be used to semantically group
* log entries that belong to the same software component (or feature). There are two APIs that help
* to manage logging for such a component. With {@link module:sap/base/Log.getLogger},
* one can retrieve a logger that automatically adds the given <code>sComponent</code> as component
* parameter to each log entry, if no other component is specified. Typically, JavaScript code will
* retrieve such a logger once during startup and reuse it for the rest of its lifecycle.
* Second, the {@link module:sap/base/Log.setLevel}(iLevel, sComponent) method allows to set the log level
* for a specific component only. This allows a more fine grained control about the created logging entries.
* {@link module:sap/base/Log.getLevel} allows to retrieve the currently effective log level for a given
* component.
*
* {@link module:sap/base/Log.getLogEntries} returns an array of the currently collected log entries.
*
* Furthermore, a listener can be registered to the log. It will be notified whenever a new entry
* is added to the log. The listener can be used for displaying log entries in a separate page area,
* or for sending it to some external target (server).
*
* @public
* @since 1.58
* @namespace
* @alias module:sap/base/Log
*/
var Log = {};
/**
* Enumeration of the configurable log levels that a Logger should persist to the log.
*
* Only if the current LogLevel is higher than the level {@link module:sap/base/Log.Level} of the currently added log entry,
* then this very entry is permanently added to the log. Otherwise it is ignored.
* @enum {int}
* @public
*/
Log.Level = {
NONE: -1,
FATAL: 0,
ERROR: 1,
WARNING: 2,
INFO: 3,
DEBUG: 4,
TRACE: 5,
ALL: 5 + 1
/**
* Do not log anything
* @public
*/
NONE: -1,
/**
* Fatal level. Use this for logging unrecoverable situations
* @public
*/
FATAL: 0,
/**
* Error level. Use this for logging of erroneous but still recoverable situations
* @public
*/
ERROR: 1,
/**
* Warning level. Use this for logging unwanted but foreseen situations
* @public
*/
WARNING: 2,
/**
* Info level. Use this for logging information of purely informative nature
* @public
*/
INFO: 3,
/**
* Debug level. Use this for logging information necessary for debugging
* @public
*/
DEBUG: 4,
/**
* Trace level. Use this for tracing the program flow.
* @public
*/
TRACE: 5,
/**
* Trace level to log everything.
* @public
*/
ALL: 5 + 1
};
var aLog = [], mMaxLevel = { '': Log.Level.ERROR }, iLogEntriesLimit = 3000, oListener = null, bLogSupportInfo = false;
/**
* The array that holds the log entries that have been recorded so far
*/
var aLog = [],
/**
* Maximum log level to be recorded (per component).
*/
mMaxLevel = {
'': Log.Level.ERROR
},
/**
* Maximum amount of stored log entries
*/
iLogEntriesLimit = 3000,
/**
* Registered listener to be informed about new log entries.
*/
oListener = null,
/**
* Additional support information delivered by callback should be logged
*/
bLogSupportInfo = false;
function pad0(i, w) {
return ('000' + String(i)).slice(-w);
return ("000" + String(i)).slice(-w);
}
function level(sComponent) {
return !sComponent || isNaN(mMaxLevel[sComponent]) ? mMaxLevel[''] : mMaxLevel[sComponent];
return !sComponent || isNaN(mMaxLevel[sComponent]) ? mMaxLevel[''] : mMaxLevel[sComponent];
}
/**
* Discard 30 percent of log entries when the limit is reached
*/
function discardLogEntries() {
var iLogLength = aLog.length;
if (iLogLength) {
var iEntriesToKeep = Math.min(iLogLength, Math.floor(iLogEntriesLimit * 0.7));
if (oListener) {
oListener.onDiscardLogEntries(aLog.slice(0, iLogLength - iEntriesToKeep));
}
if (iEntriesToKeep) {
aLog = aLog.slice(-iEntriesToKeep, iLogLength);
} else {
aLog = [];
}
var iLogLength = aLog.length;
if (iLogLength) {
var iEntriesToKeep = Math.min(iLogLength, Math.floor(iLogEntriesLimit * 0.7));
if (oListener) {
// Notify listener that entries are being discarded
oListener.onDiscardLogEntries(aLog.slice(0, iLogLength - iEntriesToKeep));
}
if (iEntriesToKeep) {
aLog = aLog.slice(-iEntriesToKeep, iLogLength);
} else {
aLog = [];
}
}
}
/**
* Gets the log entry listener instance, if not present creates a new one
* @returns {Object} the singleton log entry listener
*/
function getLogEntryListenerInstance() {
if (!oListener) {
oListener = {
listeners: [],
onLogEntry: function (oLogEntry) {
for (var i = 0; i < oListener.listeners.length; i++) {
if (oListener.listeners[i].onLogEntry) {
oListener.listeners[i].onLogEntry(oLogEntry);
}
}
},
onDiscardLogEntries: function (aDiscardedLogEntries) {
for (var i = 0; i < oListener.listeners.length; i++) {
if (oListener.listeners[i].onDiscardLogEntries) {
oListener.listeners[i].onDiscardLogEntries(aDiscardedLogEntries);
}
}
},
attach: function (oLog, oLstnr) {
if (oLstnr) {
oListener.listeners.push(oLstnr);
if (oLstnr.onAttachToLog) {
oLstnr.onAttachToLog(oLog);
}
}
},
detach: function (oLog, oLstnr) {
for (var i = 0; i < oListener.listeners.length; i++) {
if (oListener.listeners[i] === oLstnr) {
if (oLstnr.onDetachFromLog) {
oLstnr.onDetachFromLog(oLog);
}
oListener.listeners.splice(i, 1);
return;
}
}
if (!oListener) {
oListener = {
listeners: [],
onLogEntry: function (oLogEntry) {
for (var i = 0; i < oListener.listeners.length; i++) {
if (oListener.listeners[i].onLogEntry) {
oListener.listeners[i].onLogEntry(oLogEntry);
}
}
},
onDiscardLogEntries: function (aDiscardedLogEntries) {
for (var i = 0; i < oListener.listeners.length; i++) {
if (oListener.listeners[i].onDiscardLogEntries) {
oListener.listeners[i].onDiscardLogEntries(aDiscardedLogEntries);
}
}
},
attach: function (oLog, oLstnr) {
if (oLstnr) {
oListener.listeners.push(oLstnr);
if (oLstnr.onAttachToLog) {
oLstnr.onAttachToLog(oLog);
}
}
},
detach: function (oLog, oLstnr) {
for (var i = 0; i < oListener.listeners.length; i++) {
if (oListener.listeners[i] === oLstnr) {
if (oLstnr.onDetachFromLog) {
oLstnr.onDetachFromLog(oLog);
}
};
}
return oListener;
oListener.listeners.splice(i, 1);
return;
}
}
}
};
}
return oListener;
}
/**
* Creates a new fatal-level entry in the log with the given message, details and calling component.
*
* @param {string} sMessage
* Message text to display
* @param {string|Error} [vDetails='']
* Optional details about the message, might be omitted. Can be an Error object which will be
* logged together with its stacktrace.
* @param {string} [sComponent='']
* Name of the component that produced the log entry
* @param {function} [fnSupportInfo]
* Callback that returns an additional support object to be logged in support mode.
* This function is only called if support info mode is turned on with
* <code>logSupportInfo(true)</code>. To avoid negative effects regarding execution times and
* memory consumption, the returned object should be a simple immutable JSON object with mostly
* static and stable content.
* @public
* @SecSink {0 1 2|SECRET} Could expose secret data in logs
*/
Log.fatal = function (sMessage, vDetails, sComponent, fnSupportInfo) {
log(Log.Level.FATAL, sMessage, vDetails, sComponent, fnSupportInfo);
log(Log.Level.FATAL, sMessage, vDetails, sComponent, fnSupportInfo);
};
/**
* Creates a new error-level entry in the log with the given message, details and calling component.
*
* @param {string} sMessage
* Message text to display
* @param {string|Error} [vDetails='']
* Optional details about the message, might be omitted. Can be an Error object which will be
* logged together with its stacktrace.
* @param {string} [sComponent='']
* Name of the component that produced the log entry
* @param {function} [fnSupportInfo]
* Callback that returns an additional support object to be logged in support mode.
* This function is only called if support info mode is turned on with
* <code>logSupportInfo(true)</code>. To avoid negative effects regarding execution times and
* memory consumption, the returned object should be a simple immutable JSON object with mostly
* static and stable content.
* @public
* @SecSink {0 1 2|SECRET} Could expose secret data in logs
*/
Log.error = function (sMessage, vDetails, sComponent, fnSupportInfo) {
log(Log.Level.ERROR, sMessage, vDetails, sComponent, fnSupportInfo);
log(Log.Level.ERROR, sMessage, vDetails, sComponent, fnSupportInfo);
};
/**
* Creates a new warning-level entry in the log with the given message, details and calling component.
*
* @param {string} sMessage
* Message text to display
* @param {string|Error} [vDetails='']
* Optional details about the message, might be omitted. Can be an Error object which will be
* logged together with its stacktrace.
* @param {string} [sComponent='']
* Name of the component that produced the log entry
* @param {function} [fnSupportInfo]
* Callback that returns an additional support object to be logged in support mode.
* This function is only called if support info mode is turned on with
* <code>logSupportInfo(true)</code>. To avoid negative effects regarding execution times and
* memory consumption, the returned object should be a simple immutable JSON object with mostly
* static and stable content.
* @public
* @SecSink {0 1 2|SECRET} Could expose secret data in logs
*/
Log.warning = function (sMessage, vDetails, sComponent, fnSupportInfo) {
log(Log.Level.WARNING, sMessage, vDetails, sComponent, fnSupportInfo);
log(Log.Level.WARNING, sMessage, vDetails, sComponent, fnSupportInfo);
};
/**
* Creates a new info-level entry in the log with the given message, details and calling component.
*
* @param {string} sMessage
* Message text to display
* @param {string|Error} [vDetails='']
* Optional details about the message, might be omitted. Can be an Error object which will be
* logged with the stack.
* @param {string} [sComponent='']
* Name of the component that produced the log entry
* @param {function} [fnSupportInfo]
* Callback that returns an additional support object to be logged in support mode.
* This function is only called if support info mode is turned on with
* <code>logSupportInfo(true)</code>. To avoid negative effects regarding execution times and
* memory consumption, the returned object should be a simple immutable JSON object with mostly
* static and stable content.
* @public
* @SecSink {0 1 2|SECRET} Could expose secret data in logs
*/
Log.info = function (sMessage, vDetails, sComponent, fnSupportInfo) {
log(Log.Level.INFO, sMessage, vDetails, sComponent, fnSupportInfo);
log(Log.Level.INFO, sMessage, vDetails, sComponent, fnSupportInfo);
};
/**
* Creates a new debug-level entry in the log with the given message, details and calling component.
*
* @param {string} sMessage
* Message text to display
* @param {string|Error} [vDetails='']
* Optional details about the message, might be omitted. Can be an Error object which will be
* logged with the stack.
* @param {string} [sComponent='']
* Name of the component that produced the log entry
* @param {function} [fnSupportInfo]
* Callback that returns an additional support object to be logged in support mode.
* This function is only called if support info mode is turned on with
* <code>logSupportInfo(true)</code>. To avoid negative effects regarding execution times and
* memory consumption, the returned object should be a simple immutable JSON object with mostly
* static and stable content.
* @public
* @SecSink {0 1 2|SECRET} Could expose secret data in logs
*/
Log.debug = function (sMessage, vDetails, sComponent, fnSupportInfo) {
log(Log.Level.DEBUG, sMessage, vDetails, sComponent, fnSupportInfo);
log(Log.Level.DEBUG, sMessage, vDetails, sComponent, fnSupportInfo);
};
/**
* Creates a new trace-level entry in the log with the given message, details and calling component.
*
* @param {string} sMessage
* Message text to display
* @param {string|Error} [vDetails='']
* Optional details about the message, might be omitted. Can be an Error object which will be
* logged with the stack.
* @param {string} [sComponent='']
* Name of the component that produced the log entry
* @param {function} [fnSupportInfo]
* Callback that returns an additional support object to be logged in support mode.
* This function is only called if support info mode is turned on with
* <code>logSupportInfo(true)</code>. To avoid negative effects regarding execution times and
* memory consumption, the returned object should be a simple immutable JSON object with mostly
* static and stable content.
* @public
* @SecSink {0 1 2|SECRET} Could expose secret data in logs
*/
Log.trace = function (sMessage, vDetails, sComponent, fnSupportInfo) {
log(Log.Level.TRACE, sMessage, vDetails, sComponent, fnSupportInfo);
log(Log.Level.TRACE, sMessage, vDetails, sComponent, fnSupportInfo);
};
/**
* Defines the maximum <code>sap/base/Log.Level</code> of log entries that will be recorded.
* Log entries with a higher (less important) log level will be omitted from the log.
* When a component name is given, the log level will be configured for that component
* only, otherwise the log level for the default component of this logger is set.
* For the global logger, the global default level is set.
*
* <b>Note</b>: Setting a global default log level has no impact on already defined
* component log levels. They always override the global default log level.
*
* @param {module:sap/base/Log.Level} iLogLevel The new log level
* @param {string} [sComponent] The log component to set the log level for
* @public
*/
Log.setLevel = function (iLogLevel, sComponent, _bDefault) {
sComponent = sComponent || '';
if (!_bDefault || mMaxLevel[sComponent] == null) {
mMaxLevel[sComponent] = iLogLevel;
var sLogLevel;
Object.keys(Log.Level).forEach(function (sLevel) {
if (Log.Level[sLevel] === iLogLevel) {
sLogLevel = sLevel;
}
});
log(Log.Level.INFO, 'Changing log level ' + (sComponent ? 'for \'' + sComponent + '\' ' : '') + 'to ' + sLogLevel, '', 'sap.base.log');
}
sComponent = sComponent || '';
if (!_bDefault || mMaxLevel[sComponent] == null) {
mMaxLevel[sComponent] = iLogLevel;
var sLogLevel;
Object.keys(Log.Level).forEach(function (sLevel) {
if (Log.Level[sLevel] === iLogLevel) {
sLogLevel = sLevel;
}
});
log(Log.Level.INFO, "Changing log level " + (sComponent ? "for '" + sComponent + "' " : "") + "to " + sLogLevel, "", "sap.base.log");
}
};
/**
* Returns the log level currently effective for the given component.
* If no component is given or when no level has been configured for a
* given component, the log level for the default component of this logger is returned.
*
* @param {string} [sComponent] Name of the component to retrieve the log level for
* @returns {module:sap/base/Log.Level} The log level for the given component or the default log level
* @public
*/
Log.getLevel = function (sComponent) {
return level(sComponent);
return level(sComponent);
};
/**
* Checks whether logging is enabled for the given log level,
* depending on the currently effective log level for the given component.
*
* If no component is given, the default component of this logger will be taken into account.
*
* @param {module:sap/base/Log.Level} [iLevel=Level.DEBUG] The log level in question
* @param {string} [sComponent] Name of the component to check the log level for
* @returns {boolean} Whether logging is enabled or not
* @public
*/
Log.isLoggable = function (iLevel, sComponent) {
return (iLevel == null ? Log.Level.DEBUG : iLevel) <= level(sComponent);
return (iLevel == null ? Log.Level.DEBUG : iLevel) <= level(sComponent);
};
/**
* Enables or disables whether additional support information is logged in a trace.
* If enabled, logging methods like error, warning, info and debug are calling the additional
* optional callback parameter fnSupportInfo and store the returned object in the log entry property supportInfo.
*
* @param {boolean} bEnabled true if the support information should be logged
* @private
* @ui5-restricted sap.ui.support
*/
Log.logSupportInfo = function (bEnabled) {
bLogSupportInfo = bEnabled;
bLogSupportInfo = bEnabled;
};
/**
* Creates a new log entry depending on its level and component.
*
* If the given level is higher than the max level for the given component
* (or higher than the global level, if no component is given),
* then no entry is created and <code>undefined</code> is returned.
*
* If an <code>Error</code> is passed via <code>vDetails</code> the stack
* of the <code>Error</code> will be logged as a separate parameter in
* the proper <code>console</code> function for the matching log level.
*
* @param {module:sap/base/Log.Level} iLevel
* One of the log levels FATAL, ERROR, WARNING, INFO, DEBUG, TRACE
* @param {string} sMessage
* The message to be logged
* @param {string|Error} [vDetails]
* The optional details for the message; could be an Error which will be logged with the
* stacktrace, to easily find the root cause of the Error
* @param {string} [sComponent]
* The log component under which the message should be logged
* @param {function} [fnSupportInfo] Callback that returns an additional support object to be
* logged in support mode. This function is only called if support info mode is turned on with
* <code>logSupportInfo(true)</code>. To avoid negative effects regarding execution times and
* memory consumption, the returned object should be a simple immutable JSON object with mostly
* static and stable content.
* @returns {module:sap/base/Log.Entry}
* The log entry as an object or <code>undefined</code> if no entry was created
* @private
*/
function log(iLevel, sMessage, vDetails, sComponent, fnSupportInfo) {
if (!fnSupportInfo && !sComponent && typeof vDetails === 'function') {
fnSupportInfo = vDetails;
vDetails = '';
if (!fnSupportInfo && !sComponent && typeof vDetails === "function") {
fnSupportInfo = vDetails;
vDetails = "";
}
if (!fnSupportInfo && typeof sComponent === "function") {
fnSupportInfo = sComponent;
sComponent = "";
}
if (iLevel <= level(sComponent)) {
var fNow = now(),
oNow = new Date(fNow),
iMicroSeconds = Math.floor((fNow - Math.floor(fNow)) * 1000),
oLogEntry = {
time: pad0(oNow.getHours(), 2) + ":" + pad0(oNow.getMinutes(), 2) + ":" + pad0(oNow.getSeconds(), 2) + "." + pad0(oNow.getMilliseconds(), 3) + pad0(iMicroSeconds, 3),
date: pad0(oNow.getFullYear(), 4) + "-" + pad0(oNow.getMonth() + 1, 2) + "-" + pad0(oNow.getDate(), 2),
timestamp: fNow,
level: iLevel,
message: String(sMessage || ""),
details: String(vDetails || ""),
component: String(sComponent || "")
};
if (bLogSupportInfo && typeof fnSupportInfo === "function") {
oLogEntry.supportInfo = fnSupportInfo();
}
if (!fnSupportInfo && typeof sComponent === 'function') {
fnSupportInfo = sComponent;
sComponent = '';
if (iLogEntriesLimit) {
if (aLog.length >= iLogEntriesLimit) {
// Cap the amount of stored log messages by 30 percent
discardLogEntries();
}
aLog.push(oLogEntry);
}
if (iLevel <= level(sComponent)) {
var fNow = now(), oNow = new Date(fNow), iMicroSeconds = Math.floor((fNow - Math.floor(fNow)) * 1000), oLogEntry = {
time: pad0(oNow.getHours(), 2) + ':' + pad0(oNow.getMinutes(), 2) + ':' + pad0(oNow.getSeconds(), 2) + '.' + pad0(oNow.getMilliseconds(), 3) + pad0(iMicroSeconds, 3),
date: pad0(oNow.getFullYear(), 4) + '-' + pad0(oNow.getMonth() + 1, 2) + '-' + pad0(oNow.getDate(), 2),
timestamp: fNow,
level: iLevel,
message: String(sMessage || ''),
details: String(vDetails || ''),
component: String(sComponent || '')
};
if (bLogSupportInfo && typeof fnSupportInfo === 'function') {
oLogEntry.supportInfo = fnSupportInfo();
}
if (iLogEntriesLimit) {
if (aLog.length >= iLogEntriesLimit) {
discardLogEntries();
}
aLog.push(oLogEntry);
}
if (oListener) {
oListener.onLogEntry(oLogEntry);
}
if (console) {
var isDetailsError = vDetails instanceof Error, logText = oLogEntry.date + ' ' + oLogEntry.time + ' ' + oLogEntry.message + ' - ' + oLogEntry.details + ' ' + oLogEntry.component;
switch (iLevel) {
case Log.Level.FATAL:
case Log.Level.ERROR:
isDetailsError ? console.error(logText, '\n', vDetails) : console.error(logText);
break;
case Log.Level.WARNING:
isDetailsError ? console.warn(logText, '\n', vDetails) : console.warn(logText);
break;
case Log.Level.INFO:
if (console.info) {
isDetailsError ? console.info(logText, '\n', vDetails) : console.info(logText);
} else {
isDetailsError ? console.log(logText, '\n', vDetails) : console.log(logText);
}
break;
case Log.Level.DEBUG:
isDetailsError ? console.debug(logText, '\n', vDetails) : console.debug(logText);
break;
case Log.Level.TRACE:
isDetailsError ? console.trace(logText, '\n', vDetails) : console.trace(logText);
break;
}
if (console.info && oLogEntry.supportInfo) {
console.info(oLogEntry.supportInfo);
}
}
return oLogEntry;
if (oListener) {
oListener.onLogEntry(oLogEntry);
}
/*
* Console Log, also tries to log to the console, if available.
*
* Unfortunately, the support for console is quite different between the UI5 browsers. The most important differences are:
* - in FF3.6 the console is not available, until FireBug is opened. It disappears again, when fire bug is closed.
* But when the settings for a web site are stored (convenience), the console remains open
* When the console is available, it supports all relevant methods
* - in FF9.0, the console is always available, but method assert is only available when firebug is open
* - in Webkit browsers, the console object is always available and has all required methods
* - Exception: in the iOS Simulator, console.info() does not exist
*/
/*eslint-disable no-console */
if (console) {
// in Firefox, console might not exist or it might even disappear
var isDetailsError = vDetails instanceof Error,
logText = oLogEntry.date + " " + oLogEntry.time + " " + oLogEntry.message + " - " + oLogEntry.details + " " + oLogEntry.component;
switch (iLevel) {
case Log.Level.FATAL:
case Log.Level.ERROR:
isDetailsError ? console.error(logText, "\n", vDetails) : console.error(logText);
break;
case Log.Level.WARNING:
isDetailsError ? console.warn(logText, "\n", vDetails) : console.warn(logText);
break;
case Log.Level.INFO:
if (console.info) {
// info not available in iOS simulator
isDetailsError ? console.info(logText, "\n", vDetails) : console.info(logText);
} else {
isDetailsError ? console.log(logText, "\n", vDetails) : console.log(logText);
}
break;
case Log.Level.DEBUG:
isDetailsError ? console.debug(logText, "\n", vDetails) : console.debug(logText);
break;
case Log.Level.TRACE:
isDetailsError ? console.trace(logText, "\n", vDetails) : console.trace(logText);
break;
}
if (console.info && oLogEntry.supportInfo) {
console.info(oLogEntry.supportInfo);
}
}
/*eslint-enable no-console */
return oLogEntry;
}
}
/**
* Returns the logged entries recorded so far as an array.
*
* Log entries are plain JavaScript objects with the following properties
* <ul>
* <li>timestamp {number} point in time when the entry was created
* <li>level {module:sap/base/Log.Level} LogLevel level of the entry
* <li>message {string} message text of the entry
* </ul>
* The default amount of stored log entries is limited to 3000 entries.
* @returns {Array<module:sap/base/Log.Entry>} an array containing the recorded log entries
* @public
* @static
*/
Log.getLogEntries = function () {
return aLog.slice();
return aLog.slice();
};
/**
* Returns the maximum amount of stored log entries.
*
* @returns {int|Infinity} The maximum amount of stored log entries or Infinity if no limit is set
* @private
* @ui5-restricted
*/
Log.getLogEntriesLimit = function () {
return iLogEntriesLimit;
return iLogEntriesLimit;
};
/**
* Sets the limit of stored log entries
*
* If the new limit is lower than the current limit, the overlap of old log entries will be discarded.
* If the limit is reached the amount of stored messages will be reduced by 30 percent.
*
* @param {int|Infinity} iLimit The maximum amount of stored log entries or Infinity for unlimited entries
* @private
* @ui5-restricted
*/
Log.setLogEntriesLimit = function (iLimit) {
if (iLimit < 0) {
throw new Error('The log entries limit needs to be greater than or equal to 0!');
}
iLogEntriesLimit = iLimit;
if (aLog.length >= iLogEntriesLimit) {
discardLogEntries();
}
if (iLimit < 0) {
throw new Error("The log entries limit needs to be greater than or equal to 0!");
}
iLogEntriesLimit = iLimit;
if (aLog.length >= iLogEntriesLimit) {
discardLogEntries();
}
};
/**
* @typedef {object} module:sap/base/Log.Entry
* @property {float} timestamp The number of milliseconds since the epoch
* @property {string} time Time string in format HH:mm:ss:mmmnnn
* @property {string} date Date string in format yyyy-MM-dd
* @property {module:sap/base/Log.Level} level The level of the log entry, see {@link module:sap/base/Log.Level}
* @property {string} message The message of the log entry
* @property {string} details The detailed information of the log entry
* @property {string} component The component that creates the log entry
* @property {function():any} [supportInfo] Callback that returns an additional support object to be
* logged in support mode.
* @public
*/
/**
* Interface to be implemented by a log listener.
*
* Typically, a listener will at least implement the {@link #.onLogEntry} method,
* but in general, all methods are optional.
*
* @interface
* @name module:sap/base/Log.Listener
* @public
*/
/**
* The function that is called when a new log entry is created
*
* @param {module:sap/base/Log.Entry} oLogEntry The newly created log entry
* @name module:sap/base/Log.Listener.onLogEntry?
* @function
* @public
*/
/**
* The function that is called once the Listener is attached
*
* @param {module:sap/base/Log} oLog The Log instance where the listener is attached
* @name module:sap/base/Log.Listener.onAttachToLog?
* @function
* @public
*/
/**
* The function that is called once the Listener is detached
*
* @param {module:sap/base/Log} oLog The Log instance where the listener is detached
* @name module:sap/base/Log.Listener.onDetachFromLog?
* @function
* @public
*/
/**
* The function that is called once log entries are discarded due to the exceed of total log entry amount
*
* @param {Array<module:sap/base/Log.Entry>} aDiscardedEntries The discarded log entries
* @name module:sap/base/Log.Listener.onDiscardLogEntries?
* @function
* @public
*/
/**
* Allows to add a new listener that will be notified for new log entries.
*
* The given object must provide method <code>onLogEntry</code> and can also be informed
* about <code>onDetachFromLog</code>, <code>onAttachToLog</code> and <code>onDiscardLogEntries</code>.
* @param {module:sap/base/Log.Listener} oListener The new listener object that should be informed
* @public
* @static
*/
Log.addLogListener = function (oListener) {
getLogEntryListenerInstance().attach(this, oListener);
getLogEntryListenerInstance().attach(this, oListener);
};
/**
* Allows to remove a registered LogListener.
* @param {module:sap/base/Log.Listener} oListener The listener object that should be removed
* @public
* @static
*/
Log.removeLogListener = function (oListener) {
getLogEntryListenerInstance().detach(this, oListener);
getLogEntryListenerInstance().detach(this, oListener);
};
/**
* The logger comes with a subset of the API of the <code>sap/base/Log</code> module:
* <ul>
* <li><code>#fatal</code> - see: {@link module:sap/base/Log.fatal}
* <li><code>#error</code> - see: {@link module:sap/base/Log.error}
* <li><code>#warning</code> - see: {@link module:sap/base/Log.warning}
* <li><code>#info</code> - see: {@link module:sap/base/Log.info}
* <li><code>#debug</code> - see: {@link module:sap/base/Log.debug}
* <li><code>#trace</code> - see: {@link module:sap/base/Log.trace}
* <li><code>#setLevel</code> - see: {@link module:sap/base/Log.setLevel}
* <li><code>#getLevel</code> - see: {@link module:sap/base/Log.getLevel}
* <li><code>#isLoggable</code> - see: {@link module:sap/base/Log.isLoggable}
* </ul>
* @interface
* @borrows module:sap/base/Log.fatal as #fatal
* @borrows module:sap/base/Log.error as #error
* @borrows module:sap/base/Log.warning as #warning
* @borrows module:sap/base/Log.info as #info
* @borrows module:sap/base/Log.debug as #debug
* @borrows module:sap/base/Log.trace as #trace
* @borrows module:sap/base/Log.setLevel as #setLevel
* @borrows module:sap/base/Log.getLevel as #getLevel
* @borrows module:sap/base/Log.isLoggable as #isLoggable
* @name module:sap/base/Log.Logger
* @public
*/
function Logger(sComponent) {
this.fatal = function (msg, detail, comp, support) {
Log.fatal(msg, detail, comp || sComponent, support);
return this;
};
this.error = function (msg, detail, comp, support) {
Log.error(msg, detail, comp || sComponent, support);
return this;
};
this.warning = function (msg, detail, comp, support) {
Log.warning(msg, detail, comp || sComponent, support);
return this;
};
this.info = function (msg, detail, comp, support) {
Log.info(msg, detail, comp || sComponent, support);
return this;
};
this.debug = function (msg, detail, comp, support) {
Log.debug(msg, detail, comp || sComponent, support);
return this;
};
this.trace = function (msg, detail, comp, support) {
Log.trace(msg, detail, comp || sComponent, support);
return this;
};
this.setLevel = function (level, comp) {
Log.setLevel(level, comp || sComponent);
return this;
};
this.getLevel = function (comp) {
return Log.getLevel(comp || sComponent);
};
this.isLoggable = function (level, comp) {
return Log.isLoggable(level, comp || sComponent);
};
this.fatal = function (msg, detail, comp, support) {
Log.fatal(msg, detail, comp || sComponent, support);
return this;
};
this.error = function (msg, detail, comp, support) {
Log.error(msg, detail, comp || sComponent, support);
return this;
};
this.warning = function (msg, detail, comp, support) {
Log.warning(msg, detail, comp || sComponent, support);
return this;
};
this.info = function (msg, detail, comp, support) {
Log.info(msg, detail, comp || sComponent, support);
return this;
};
this.debug = function (msg, detail, comp, support) {
Log.debug(msg, detail, comp || sComponent, support);
return this;
};
this.trace = function (msg, detail, comp, support) {
Log.trace(msg, detail, comp || sComponent, support);
return this;
};
this.setLevel = function (level, comp) {
Log.setLevel(level, comp || sComponent);
return this;
};
this.getLevel = function (comp) {
return Log.getLevel(comp || sComponent);
};
this.isLoggable = function (level, comp) {
return Log.isLoggable(level, comp || sComponent);
};
}
/**
* Returns a dedicated logger for a component.
*
* The logger comes with the same API as the <code>sap/base/Log</code> module:
* <ul>
* <li><code>#fatal</code> - see: {@link module:sap/base/Log.fatal}
* <li><code>#error</code> - see: {@link module:sap/base/Log.error}
* <li><code>#warning</code> - see: {@link module:sap/base/Log.warning}
* <li><code>#info</code> - see: {@link module:sap/base/Log.info}
* <li><code>#debug</code> - see: {@link module:sap/base/Log.debug}
* <li><code>#trace</code> - see: {@link module:sap/base/Log.trace}
* <li><code>#setLevel</code> - see: {@link module:sap/base/Log.setLevel}
* <li><code>#getLevel</code> - see: {@link module:sap/base/Log.getLevel}
* <li><code>#isLoggable</code> - see: {@link module:sap/base/Log.isLoggable}
* </ul>
*
* @param {string} sComponent Name of the component which should be logged
* @param {module:sap/base/Log.Level} [iDefaultLogLevel] The default log level
* @return {module:sap/base/Log.Logger} A logger with a specified component
* @public
* @static
*/
Log.getLogger = function (sComponent, iDefaultLogLevel) {
if (!isNaN(iDefaultLogLevel) && mMaxLevel[sComponent] == null) {
mMaxLevel[sComponent] = iDefaultLogLevel;
}
return new Logger(sComponent);
if (!isNaN(iDefaultLogLevel) && mMaxLevel[sComponent] == null) {
mMaxLevel[sComponent] = iDefaultLogLevel;
}
return new Logger(sComponent);
};
// set LogLevel
const sLogLevel = BaseConfig.get({
name: "sapUiLogLevel",
type: BaseConfig.Type.String,
defaultValue: undefined,
external: true
});
if (sLogLevel) {
Log.setLevel(Log.Level[sLogLevel.toUpperCase()] || parseInt(sLogLevel));
} else if (!globalThis["sap-ui-optimized"]) {
Log.setLevel(Log.Level.DEBUG);
}
export default Log;

42

dist/sap/base/security/encodeCSS.js

@@ -1,14 +0,40 @@

import toHex from '../strings/toHex.js';
/*!
* OpenUI5
* (c) Copyright 2009-2024 SAP SE or an SAP affiliate company.
* Licensed under the Apache License, Version 2.0 - see LICENSE.txt.
*/
import toHex from "../strings/toHex.js";
/**
* RegExp and escape function for CSS escaping
*/
// eslint-disable-next-line no-control-regex -- special characters are really needed here!
var rCSS = /[\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\xff\u2028\u2029][0-9A-Fa-f]?/g;
var fnCSS = function (sChar) {
var iChar = sChar.charCodeAt(0);
if (sChar.length === 1) {
return '\\' + toHex(iChar);
} else {
return '\\' + toHex(iChar) + ' ' + sChar.substr(1);
}
var iChar = sChar.charCodeAt(0);
if (sChar.length === 1) {
return "\\" + toHex(iChar);
} else {
return "\\" + toHex(iChar) + " " + sChar.substr(1);
}
};
/*
* Encoding according to the Secure Programming Guide
* <SAPWIKI>/wiki/display/NWCUIAMSIM/XSS+Secure+Programming+Guide
*/
/**
* Encode the string for inclusion into CSS string literals or identifiers.
*
* @function
* @since 1.58
* @alias module:sap/base/security/encodeCSS
* @param {string} sString The string to be escaped
* @returns {string} The encoded string
* @SecValidate {0|return|XSS} validates the given string for a CSS context
* @public
*/
var fnEncodeCSS = function (sString) {
return sString.replace(rCSS, fnCSS);
return sString.replace(rCSS, fnCSS);
};
export default fnEncodeCSS;

64

dist/sap/base/security/encodeXML.js

@@ -1,23 +0,53 @@

import toHex from '../strings/toHex.js';
var rHtml = /[\x00-\x2b\x2f\x3a-\x40\x5b-\x5e\x60\x7b-\xff\u2028\u2029]/g, rHtmlReplace = /[\x00-\x08\x0b\x0c\x0e-\x1f\x7f-\x9f]/, mHtmlLookup = {
'<': '&lt;',
'>': '&gt;',
'&': '&amp;',
'"': '&quot;'
};
/*!
* OpenUI5
* (c) Copyright 2009-2024 SAP SE or an SAP affiliate company.
* Licensed under the Apache License, Version 2.0 - see LICENSE.txt.
*/
import toHex from "../strings/toHex.js";
/* eslint-disable no-control-regex -- special characters are really needed here! */
/**
* RegExp and escape function for HTML escaping
*/
var rHtml = /[\x00-\x2b\x2f\x3a-\x40\x5b-\x5e\x60\x7b-\xff\u2028\u2029]/g,
rHtmlReplace = /[\x00-\x08\x0b\x0c\x0e-\x1f\x7f-\x9f]/,
mHtmlLookup = {
"<": "&lt;",
">": "&gt;",
"&": "&amp;",
"\"": "&quot;"
};
/* eslint-enable no-control-regex */
var fnHtml = function (sChar) {
var sEncoded = mHtmlLookup[sChar];
if (!sEncoded) {
if (rHtmlReplace.test(sChar)) {
sEncoded = '&#xfffd;';
} else {
sEncoded = '&#x' + toHex(sChar.charCodeAt(0)) + ';';
}
mHtmlLookup[sChar] = sEncoded;
var sEncoded = mHtmlLookup[sChar];
if (!sEncoded) {
if (rHtmlReplace.test(sChar)) {
sEncoded = "&#xfffd;";
} else {
sEncoded = "&#x" + toHex(sChar.charCodeAt(0)) + ";";
}
return sEncoded;
mHtmlLookup[sChar] = sEncoded;
}
return sEncoded;
};
/*
* Encoding according to the Secure Programming Guide
* <SAPWIKI>/wiki/display/NWCUIAMSIM/XSS+Secure+Programming+Guide
*/
/**
* Encode the string for inclusion into XML content/attribute.
*
* @function
* @since 1.58
* @alias module:sap/base/security/encodeXML
* @param {string} sString The string to be escaped
* @returns {string} The encoded string
* @SecValidate {0|return|XSS} validates the given string for XML contexts
* @public
*/
var fnEncodeXML = function (sString) {
return sString.replace(rHtml, fnHtml);
return sString.replace(rHtml, fnHtml);
};
export default fnEncodeXML;

48

dist/sap/base/security/sanitizeHTML.js

@@ -1,16 +0,38 @@

import assert from '../assert.js';
import URLListValidator from './URLListValidator.js';
import '../../ui/thirdparty/caja-html-sanitizer.js';
/*!
* OpenUI5
* (c) Copyright 2009-2024 SAP SE or an SAP affiliate company.
* Licensed under the Apache License, Version 2.0 - see LICENSE.txt.
*/
/*
* IMPORTANT: This is a private module, its API must not be used and is subject to change.
* Code other than the OpenUI5 libraries must not introduce dependencies to this module.
*/
import assert from "../assert.js";
import URLListValidator from "./URLListValidator.js";
import "../../ui/thirdparty/caja-html-sanitizer.js";
/**
* Strips unsafe tags and attributes from HTML.
*
* @function
* @since 1.58
* @alias module:sap/base/security/sanitizeHTML
* @param {string} sHTML the HTML to be sanitized.
* @param {object} [mOptions={}] options for the sanitizer
* @return {string} sanitized HTML
* @private
*/
var fnSanitizeHTML = function (sHTML, mOptions) {
assert(window.html && window.html.sanitize, 'Sanitizer should have been loaded');
mOptions = mOptions || {
uriRewriter: function (sUrl) {
if (URLListValidator.validate(sUrl)) {
return sUrl;
}
}
};
var oTagPolicy = mOptions.tagPolicy || window.html.makeTagPolicy(mOptions.uriRewriter, mOptions.tokenPolicy);
return window.html.sanitizeWithPolicy(sHTML, oTagPolicy);
assert(window.html && window.html.sanitize, "Sanitizer should have been loaded");
mOptions = mOptions || {
uriRewriter: function (sUrl) {
// by default, we use the URLListValidator to check the URLs
if (URLListValidator.validate(sUrl)) {
return sUrl;
}
}
};
var oTagPolicy = mOptions.tagPolicy || window.html.makeTagPolicy(mOptions.uriRewriter, mOptions.tokenPolicy);
return window.html.sanitizeWithPolicy(sHTML, oTagPolicy);
};
export default fnSanitizeHTML;

259

dist/sap/base/security/URLListValidator.js

@@ -0,1 +1,8 @@

// validation regexes
/*!
* OpenUI5
* (c) Copyright 2009-2024 SAP SE or an SAP affiliate company.
* Licensed under the Apache License, Version 2.0 - see LICENSE.txt.
*/
var rBasicUrl = /^(?:([^:\/?#]+):)?((?:[\/\\]{2,}((?:\[[^\]]+\]|[^\/?#:]+))(?::([0-9]+))?)?([^?#]*))(?:\?([^#]*))?(?:#(.*))?$/;

@@ -12,7 +19,40 @@ var rCheckPath = /^([a-z0-9-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*$/i;

var rSpecialSchemeURLs = /^((?:ftp|https?|wss?):)([\s\S]+)$/;
/* eslint-disable no-control-regex */
var rCheckWhitespaces = /[\u0009\u000A\u000D]/;
/**
* Registry to manage allowed URLs and validate against them.
*
* @namespace
* @since 1.85
* @alias module:sap/base/security/URLListValidator
* @public
*/
var oURLListValidator = {};
/**
* Creates a new URLListValidator.Entry object
*
* @param {string} [protocol] The protocol of the URL, can be falsy to allow all protocols for an entry e.g. "", "http", "mailto"
* @param {string} [host] The host of the URL, can be falsy to allow all hosts. A wildcard asterisk can be set at the beginning, e.g. "examples.com", "*.example.com"
* @param {string} [port] The port of the URL, can be falsy to allow all ports, e.g. "", "8080"
* @param {string} [path] the path of the URL, path of the url, can be falsy to allow all paths. A wildcard asterisk can be set at the end, e.g. "/my-example*", "/my-news"
* @returns {module:sap/base/security/URLListValidator.Entry|object}
* @private
*/
oURLListValidator._createEntry = function (protocol, host, port, path) {
return new URLListValidatorEntry(protocol, host, port, path);
};
/**
* Entry object of the URLListValidator.
*
* @public
* @typedef {object} module:sap/base/security/URLListValidator.Entry
* @property {string} [protocol] The protocol of the URL, can be falsy to allow all protocols for an entry e.g. "", "http", "mailto"
* @property {string} [host] The host of the URL, can be falsy to allow all hosts. A wildcard asterisk can be set at the beginning, e.g. "examples.com", "*.example.com"
* @property {string} [port] The port of the URL, can be falsy to allow all ports, e.g. "", "8080"
* @property {string} [path] the path of the URL, path of the url, can be falsy to allow all paths. A wildcard asterisk can be set at the end, e.g. "/my-example*", "/my-news"
*/
function URLListValidatorEntry(protocol, host, port, path) {

@@ -38,6 +78,35 @@ Object.defineProperties(this, {

}
/**
* The internally managed allowed entries.
* @private
*/
var aAllowedEntries = [];
/**
* Clears the allowed entries for URL validation.
* This makes all URLs allowed.
*
* @public
*/
oURLListValidator.clear = function () {
aAllowedEntries = [];
};
/**
* Adds an allowed entry.
*
* Note:
* Adding the first entry to the list of allowed entries will disallow all URLs but the ones matching the newly added entry.
*
* <b>Note</b>:
* It is strongly recommended to set a path only in combination with an origin (never set a path alone).
* There's almost no case where checking only the path of a URL would allow to ensure its validity.
*
* @param {string} [protocol] The protocol of the URL, can be falsy to allow all protocols for an entry e.g. "", "http", "mailto"
* @param {string} [host] The host of the URL, can be falsy to allow all hosts. A wildcard asterisk can be set at the beginning, e.g. "examples.com", "*.example.com"
* @param {string} [port] The port of the URL, can be falsy to allow all ports, e.g. "", "8080"
* @param {string} [path] the path of the URL, path of the url, can be falsy to allow all paths. A wildcard asterisk can be set at the end, e.g. "/my-example*", "/my-news"
* @public
*/
oURLListValidator.add = function (protocol, host, port, path) {

@@ -47,9 +116,150 @@ var oEntry = this._createEntry(protocol, host, port, path);

};
/**
* Deletes an entry from the allowed entries.
*
* Note:
* Deleting the last entry from the list of allowed entries will allow all URLs.
*
* @param {module:sap/base/security/URLListValidator.Entry} oEntry The entry to be deleted
* @private
*/
oURLListValidator._delete = function (oEntry) {
aAllowedEntries.splice(aAllowedEntries.indexOf(oEntry), 1);
};
/**
* Gets the list of allowed entries.
*
* @returns {module:sap/base/security/URLListValidator.Entry[]} The allowed entries
* @public
*/
oURLListValidator.entries = function () {
return aAllowedEntries.slice();
};
/**
* Validates a URL. Check if it's not a script or other security issue.
*
* <b>Note</b>:
* It is strongly recommended to validate only absolute URLs. There's almost no case
* where checking only the path of a URL would allow to ensure its validity.
* For compatibility reasons, this API cannot automatically resolve URLs relative to
* <code>document.baseURI</code>, but callers should do so. In that case, and when the
* allow list is not empty, an entry for the origin of <code>document.baseURI</code>
* must be added to the allow list.
*
* <h3>Details</h3>
* Splits the given URL into components and checks for allowed characters according to RFC 3986:
*
* <pre>
* authority = [ userinfo "@" ] host [ ":" port ]
* userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
* host = IP-literal / IPv4address / reg-name
*
* IP-literal = "[" ( IPv6address / IPvFuture ) "]"
* IPvFuture = "v" 1*HEXDIG "." 1*( unreserved / sub-delims / ":" )
* IPv6address = 6( h16 ":" ) ls32
* / "::" 5( h16 ":" ) ls32
* / [ h16 ] "::" 4( h16 ":" ) ls32
* / [ *1( h16 ":" ) h16 ] "::" 3( h16 ":" ) ls32
* / [ *2( h16 ":" ) h16 ] "::" 2( h16 ":" ) ls32
* / [ *3( h16 ":" ) h16 ] "::" h16 ":" ls32
* / [ *4( h16 ":" ) h16 ] "::" ls32
* / [ *5( h16 ":" ) h16 ] "::" h16
* / [ *6( h16 ":" ) h16 ] "::"
* ls32 = ( h16 ":" h16 ) / IPv4address
* ; least-significant 32 bits of address
* h16 = 1*4HEXDIG
* ; 16 bits of address represented in hexadecimal
*
* IPv4address = dec-octet "." dec-octet "." dec-octet "." dec-octet
* dec-octet = DIGIT ; 0-9
* / %x31-39 DIGIT ; 10-99
* / "1" 2DIGIT ; 100-199
* / "2" %x30-34 DIGIT ; 200-249
* / "25" %x30-35 ; 250-255
*
* reg-name = *( unreserved / pct-encoded / sub-delims )
*
* pct-encoded = "%" HEXDIG HEXDIG
* reserved = gen-delims / sub-delims
* gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
* sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
* / "*" / "+" / "," / ";" / "="
* unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
* pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
*
* path = path-abempty ; begins with "/" or is empty
* / path-absolute ; begins with "/" but not "//"
* / path-noscheme ; begins with a non-colon segment
* / path-rootless ; begins with a segment
* / path-empty ; zero characters
*
* path-abempty = *( "/" segment )
* path-absolute = "/" [ segment-nz *( "/" segment ) ]
* path-noscheme = segment-nz-nc *( "/" segment )
* path-rootless = segment-nz *( "/" segment )
* path-empty = 0<pchar>
* segment = *pchar
* segment-nz = 1*pchar
* segment-nz-nc = 1*( unreserved / pct-encoded / sub-delims / "@" )
* ; non-zero-length segment without any colon ":"
*
* query = *( pchar / "/" / "?" )
*
* fragment = *( pchar / "/" / "?" )
* </pre>
*
* For the hostname component, we are checking for valid DNS hostnames according to RFC 952 / RFC 1123:
*
* <pre>
* hname = name *("." name)
* name = let-or-digit ( *( let-or-digit-or-hyphen ) let-or-digit )
* </pre>
*
*
* When the URI uses the protocol 'mailto:', the address part is additionally checked
* against the most commonly used parts of RFC 6068:
*
* <pre>
* mailtoURI = "mailto:" [ to ] [ hfields ]
* to = addr-spec *("," addr-spec )
* hfields = "?" hfield *( "&" hfield )
* hfield = hfname "=" hfvalue
* hfname = *qchar
* hfvalue = *qchar
* addr-spec = local-part "@" domain
* local-part = dot-atom-text // not accepted: quoted-string
* domain = dot-atom-text // not accepted: "[" *dtext-no-obs "]"
* dtext-no-obs = %d33-90 / ; Printable US-ASCII
* %d94-126 ; characters not including
* ; "[", "]", or "\"
* qchar = unreserved / pct-encoded / some-delims
* some-delims = "!" / "$" / "'" / "(" / ")" / "*"
* / "+" / "," / ";" / ":" / "@"
*
* Note:
* A number of characters that can appear in &lt;addr-spec> MUST be
* percent-encoded. These are the characters that cannot appear in
* a URI according to [STD66] as well as "%" (because it is used for
* percent-encoding) and all the characters in gen-delims except "@"
* and ":" (i.e., "/", "?", "#", "[", and "]"). Of the characters
* in sub-delims, at least the following also have to be percent-
* encoded: "&", ";", and "=". Care has to be taken both when
* encoding as well as when decoding to make sure these operations
* are applied only once.
*
* </pre>
*
* When a list of allowed entries has been configured using {@link #add},
* any URL that passes the syntactic checks above, additionally will be tested against
* the content of this list.
*
* @param {string} sUrl URL to be validated
* @return {boolean} true if valid, false if not valid
* @public
*/
oURLListValidator.validate = function (sUrl) {
// Test for not allowed whitespaces
if (typeof sUrl === "string") {

@@ -60,4 +270,9 @@ if (rCheckWhitespaces.test(sUrl)) {

}
// for 'special' URLs without a given base URL, the whatwg spec allows any number of slashes.
// As the rBasicUrl regular expression cannot handle 'special' URLs, the URL is modified upfront,
// if it wouldn't be recognized by the regex.
// See https://url.spec.whatwg.org/#scheme-state (case 2.6.)
var result = rSpecialSchemeURLs.exec(sUrl);
if (result && !(/^[\/\\]{2}/).test(result[2])) {
if (result && !/^[\/\\]{2}/.test(result[2])) {
sUrl = result[1] + "//" + result[2];

@@ -69,7 +284,16 @@ }

}
var sProtocol = result[1], sBody = result[2], sHost = result[3], sPort = result[4], sPath = result[5], sQuery = result[6], sHash = result[7];
var sProtocol = result[1],
sBody = result[2],
sHost = result[3],
sPort = result[4],
sPath = result[5],
sQuery = result[6],
sHash = result[7];
// protocol
if (sProtocol) {
sProtocol = sProtocol.toUpperCase();
if (aAllowedEntries.length <= 0) {
if (!(/^(https?|ftp)/i).test(sProtocol)) {
// no allowed entries -> check for default protocols
if (!/^(https?|ftp)/i.test(sProtocol)) {
return false;

@@ -79,5 +303,8 @@ }

}
// Host -> validity check for IP address or hostname
if (sHost) {
if (rCheckIPv4.test(sHost)) {
if (!rCheckValidIPv4.test(sHost)) {
//invalid ipv4 address
return false;

@@ -87,5 +314,7 @@ }

if (!rCheckValidIPv6.test(sHost)) {
//invalid ipv6 address
return false;
}
} else if (!rCheckHostName.test(sHost)) {
// invalid host name
return false;

@@ -95,2 +324,4 @@ }

}
// Path -> split for "/" and check if forbidden characters exist
if (sPath) {

@@ -101,2 +332,3 @@ if (sProtocol === "MAILTO") {

if (!rCheckMail.test(aAddresses[i])) {
// forbidden character found
return false;

@@ -109,2 +341,3 @@ }

if (!rCheckPath.test(aComponents[i])) {
// forbidden character found
return false;

@@ -115,12 +348,20 @@ }

}
// query
if (sQuery) {
if (!rCheckQuery.test(sQuery)) {
// forbidden character found
return false;
}
}
// hash
if (sHash) {
if (!rCheckFragment.test(sHash)) {
// forbidden character found
return false;
}
}
//filter allowed entries
if (aAllowedEntries.length > 0) {

@@ -130,4 +371,6 @@ var bFound = false;

if (!sProtocol || !aAllowedEntries[i].protocol || sProtocol == aAllowedEntries[i].protocol) {
// protocol OK
var bOk = false;
if (sHost && aAllowedEntries[i].host && (/^\*/).test(aAllowedEntries[i].host)) {
if (sHost && aAllowedEntries[i].host && /^\*/.test(aAllowedEntries[i].host)) {
// check for wildcard search at begin
if (!aAllowedEntries[i]._hostRegexp) {

@@ -145,4 +388,7 @@ var sHostEscaped = aAllowedEntries[i].host.slice(1).replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");

if (bOk) {
// host OK
if (!sHost && !sPort || !aAllowedEntries[i].port || sPort == aAllowedEntries[i].port) {
if (aAllowedEntries[i].path && (/\*$/).test(aAllowedEntries[i].path)) {
// port OK
if (aAllowedEntries[i].path && /\*$/.test(aAllowedEntries[i].path)) {
// check for wildcard search at end
if (!aAllowedEntries[i]._pathRegexp) {

@@ -157,2 +403,3 @@ var sPathEscaped = aAllowedEntries[i].path.slice(0, -1).replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");

} else if (!aAllowedEntries[i].path || sPath == aAllowedEntries[i].path) {
// path OK
bFound = true;

@@ -173,2 +420,2 @@ }

};
export default oURLListValidator;
export default oURLListValidator;

29

dist/sap/base/strings/toHex.js

@@ -0,8 +1,33 @@

/**
* Create hex string and pad to length with zeros.
* @example
* require(["sap/base/strings/toHex"], function(toHex){
* toHex(10, 2); // "0a"
* toHex(16, 2); // "10"
* });
*
* @function
* @since 1.58
* @private
* @alias module:sap/base/strings/toHex
* @param {int} iChar UTF-16 character code
* @param {int} [iLength=0] number of padded zeros
* @returns {string} padded hex representation of the given character code
*/ /*!
* OpenUI5
* (c) Copyright 2009-2024 SAP SE or an SAP affiliate company.
* Licensed under the Apache License, Version 2.0 - see LICENSE.txt.
*/
/*
* IMPORTANT: This is a private module, its API must not be used and is subject to change.
* Code other than the OpenUI5 libraries must not introduce dependencies to this module.
*/
var fnToHex = function (iChar, iLength) {
var sHex = iChar.toString(16);
if (iLength) {
sHex = sHex.padStart(iLength, "0");
sHex = sHex.padStart(iLength, '0');
}
return sHex;
};
export default fnToHex;
export default fnToHex;

27

dist/sap/base/util/now.js

@@ -1,2 +0,23 @@

var fnNow = !(typeof window != "undefined" && window.performance && performance.now && performance.timing) ? Date.now : (function () {
// @evo-todo window.performance does not exist on node.js, but there is a module performance-now. Maybe use it
/**
* Returns a high resolution timestamp in microseconds if supported by the environment, otherwise in milliseconds.
* The timestamp is based on 01/01/1970 00:00:00 (UNIX epoch) as float with microsecond precision or
* with millisecond precision, if high resolution timestamps are not available.
* The fractional part of the timestamp represents fractions of a millisecond.
* Converting to a <code>Date</code> is possible by using <code>require(["sap/base/util/now"], function(now){new Date(now());}</code>
*
* @function
* @since 1.58
* @public
* @alias module:sap/base/util/now
* @returns {float} timestamp in microseconds if supported by the environment otherwise in milliseconds
*/ /*!
* OpenUI5
* (c) Copyright 2009-2024 SAP SE or an SAP affiliate company.
* Licensed under the Apache License, Version 2.0 - see LICENSE.txt.
*/
/*global performance */
var fnNow = !(typeof window != "undefined" && window.performance && performance.now && performance.timing) ? Date.now : function () {
var iNavigationStart = performance.timing.navigationStart;

@@ -6,3 +27,3 @@ return function perfnow() {

};
})();
export default fnNow;
}();
export default fnNow;

9

package.json
{
"name": "@ui5/webcomponents-base",
"version": "1.22.0-rc.1",
"version": "1.22.0-rc.2",
"description": "UI5 Web Components: webcomponents.base",

@@ -41,5 +41,4 @@ "author": "SAP SE (https://www.sap.com)",

"devDependencies": {
"@buxlabs/amd-to-es6": "0.16.1",
"@openui5/sap.ui.core": "1.116.0",
"@ui5/webcomponents-tools": "1.22.0-rc.1",
"@openui5/sap.ui.core": "1.120.3",
"@ui5/webcomponents-tools": "1.22.0-rc.2",
"chromedriver": "119.0.1",

@@ -54,3 +53,3 @@ "clean-css": "^5.2.2",

},
"gitHead": "1a4ba450e7d222535ddaf4f1d3b0ff91b020bb2a"
"gitHead": "7075f9a181e13ac1be2a319b2de876ace16dd564"
}

4

used-modules.txt
# Needed files from OpenUI5
# ./ui5loader-autoconfig.js
sap/base/util/now.js
sap/base/util/uid.js
sap/base/Log.js
# sap/base/config.js
sap/base/config/MemoryConfigurationProvider.js
sap/base/assert.js

@@ -6,0 +10,0 @@ sap/base/security/URLListValidator.js

.eslintignore

Sorry, the diff of this file is not supported yet

CHANGELOG.md

Sorry, the diff of this file is too big to display

dist/.tsbuildinfo

Sorry, the diff of this file is not supported yet

dist/custom-elements-internal.json

Sorry, the diff of this file is too big to display

dist/custom-elements.json

Sorry, the diff of this file is too big to display

dist/decorators/event.js.map

Sorry, the diff of this file is not supported yet

dist/generated/VersionInfo.js.map

Sorry, the diff of this file is not supported yet

dist/sap/ui/thirdparty/caja-html-sanitizer.js

Sorry, the diff of this file is too big to display

package-scripts.cjs

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc