blacklight-frontend - npm Package Compare versions

Comparing version 7.33.1 to 7.36.2

app/assets/javascripts/blacklight/blacklight.js

 "use strict";
 
-var Blacklight = function () {
+const Blacklight = function () {
   var buffer = new Array();
   return {
-    onLoad: function onLoad(func) {
+    onLoad: function (func) {
       buffer.push(func);
     },
-    activate: function activate() {
+    activate: function () {
       for (var i = 0; i < buffer.length; i++) {
@@ -14,3 +14,3 @@ buffer[i].call();
     },
-    listeners: function listeners() {
+    listeners: function () {
       var listeners = [];
@@ -43,3 +43,3 @@ if (typeof Turbo !== 'undefined') {
 Blacklight.onLoad(function () {
-  var elem = document.querySelector('.no-js');
+  const elem = document.querySelector('.no-js');
 
@@ -52,2 +52,10 @@ // The "no-js" class may already have been removed because this function is
 });
+Blacklight.csrfToken = () => {
+  var _document$querySelect;
+  return (_document$querySelect = document.querySelector('meta[name=csrf-token]')) === null || _document$querySelect === void 0 ? void 0 : _document$querySelect.content;
+};
+Blacklight.csrfParam = () => {
+  var _document$querySelect2;
+  return (_document$querySelect2 = document.querySelector('meta[name=csrf-param]')) === null || _document$querySelect2 === void 0 ? void 0 : _document$querySelect2.content;
+};
 window.Blacklight = Blacklight;
@@ -95,3 +103,3 @@ /*global Bloodhound */
       cssClass: 'toggle-bookmark',
-      success: function success(checked, response) {
+      success: function (checked, response) {
         if (response.bookmarks) {
@@ -112,4 +120,4 @@ $('[data-role=bookmark-counter]').text(response.bookmarks.count);
   // See https://zellwk.com/blog/inconsistent-button-behavior/ for background information
-  document.querySelectorAll('button.collapse-toggle').forEach(function (button) {
-    button.addEventListener('click', function () {
+  document.querySelectorAll('button.collapse-toggle').forEach(button => {
+    button.addEventListener('click', () => {
       event.target.focus();
@@ -195,6 +203,9 @@ });
           url: form.attr('action'),
+          beforeSend: function (xhr) {
+            xhr.setRequestHeader('X-CSRF-Token', Blacklight.csrfToken());
+          },
           dataType: 'json',
           type: form.attr('method').toUpperCase(),
           data: form.serialize(),
-          error: function error() {
+          error: function () {
             label.removeAttr('disabled');
@@ -204,3 +215,3 @@ checkbox.removeAttr('disabled');
           },
-          success: function success(data, status, xhr) {
+          success: function (data, status, xhr) {
             //if app isn't running at all, xhr annoyingly
@@ -229,6 +240,6 @@ //reports success with status 0.
     cssClass: 'blCheckboxSubmit',
-    error: function error() {
+    error: function () {
       alert("Error");
     },
-    success: function success() {} //callback
+    success: function () {} //callback
   };
@@ -245,7 +256,7 @@ })(jQuery);
   document.querySelectorAll('.facet-values, .pivot-facet').forEach(function (elem) {
-    var nodes = elem.querySelectorAll('.facet-count');
+    const nodes = elem.querySelectorAll('.facet-count');
     // TODO: when we drop ie11 support, this can become the spread operator:
-    var longest = Array.from(nodes).sort(longer)[0];
+    const longest = Array.from(nodes).sort(longer)[0];
     if (longest && longest.textContent) {
-      var width = longest.textContent.length + 1 + 'ch';
+      const width = longest.textContent.length + 1 + 'ch';
       elem.querySelector('.facet-count').style.width = width;
@@ -455,5 +466,5 @@ }
   }
-  var elements = document.querySelectorAll('a[data-context-href]');
+  const elements = document.querySelectorAll('a[data-context-href]');
   // Equivalent to Array.from(), but supports ie11
-  var nodes = Array.prototype.slice.call(elements);
+  const nodes = Array.prototype.slice.call(elements);
   nodes.forEach(function (element) {
@@ -465,10 +476,2 @@ element.addEventListener('click', function (e) {
 };
-Blacklight.csrfToken = function () {
-  var _document$querySelect;
-  return (_document$querySelect = document.querySelector('meta[name=csrf-token]')) === null || _document$querySelect === void 0 ? void 0 : _document$querySelect.content;
-};
-Blacklight.csrfParam = function () {
-  var _document$querySelect2;
-  return (_document$querySelect2 = document.querySelector('meta[name=csrf-param]')) === null || _document$querySelect2 === void 0 ? void 0 : _document$querySelect2.content;
-};
 
@@ -485,10 +488,10 @@ // this is the Rails.handleMethod with a couple adjustments, described inline:
   // instead of using the normal href, we need to use the context href instead
-  var href = link.getAttribute('data-context-href');
-  var target = link.getAttribute('target');
-  var csrfToken = Blacklight.csrfToken();
-  var csrfParam = Blacklight.csrfParam();
-  var form = document.createElement('form');
+  let href = link.getAttribute('data-context-href');
+  let target = link.getAttribute('target');
+  let csrfToken = Blacklight.csrfToken();
+  let csrfParam = Blacklight.csrfParam();
+  let form = document.createElement('form');
   form.method = 'post';
   form.action = href;
-  var formContent = "<input name=\"_method\" value=\"post\" type=\"hidden\" />\n    <input name=\"redirect\" value=\"".concat(link.getAttribute('href'), "\" type=\"hidden\" />");
+  let formContent = "<input name=\"_method\" value=\"post\" type=\"hidden\" />\n    <input name=\"redirect\" value=\"".concat(link.getAttribute('href'), "\" type=\"hidden\" />");
 
@@ -495,0 +498,0 @@ // check for meta keys.. if set, we should open in a new tab

app/javascript/blacklight/checkbox_submit.js

@@ -93,2 +93,3 @@ /* A JQuery plugin (should this be implemented as a widget instead? not sure)
                 url: form.attr('action'),
+                beforeSend: function(xhr) { xhr.setRequestHeader('X-CSRF-Token', Blacklight.csrfToken()) },
                 dataType: 'json',
@@ -95,0 +96,0 @@ type: form.attr('method').toUpperCase(),

app/javascript/blacklight/core.js

@@ -54,2 +54,5 @@ const Blacklight = function() {
 
+Blacklight.csrfToken = () => document.querySelector('meta[name=csrf-token]')?.content
+Blacklight.csrfParam = () => document.querySelector('meta[name=csrf-param]')?.content
+
 window.Blacklight = Blacklight

app/javascript/blacklight/search_context.js

@@ -18,5 +18,2 @@ Blacklight.doSearchContextBehavior = function() {
 
-Blacklight.csrfToken = () => document.querySelector('meta[name=csrf-token]')?.content
-Blacklight.csrfParam = () => document.querySelector('meta[name=csrf-param]')?.content
-
 // this is the Rails.handleMethod with a couple adjustments, described inline:
@@ -23,0 +20,0 @@ // first, we're attaching this directly to the event handler, so we can check for meta-keys

package.json

 {
   "name": "blacklight-frontend",
-  "version": "7.33.1",
-  "description": "[![Build Status](https://travis-ci.com/projectblacklight/blacklight.png?branch=main)](https://travis-ci.com/projectblacklight/blacklight) [![Gem Version](https://badge.fury.io/rb/blacklight.png)](http://badge.fury.io/rb/blacklight) [![Coverage Status](https://coveralls.io/repos/github/projectblacklight/blacklight/badge.svg?branch=main)](https://coveralls.io/github/projectblacklight/blacklight?branch=main)",
+  "version": "7.36.2",
+  "description": "The frontend code and styles for Blacklight",
   "main": "app/assets/javascripts/blacklight",
@@ -6,0 +6,0 @@ "scripts": {

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Lines of code

949

increased by0.42%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

66546

decreased by-0.3%

No dependency changes