browser-module-sandbox
Advanced tools
browser-module-sandbox - npm Package Compare versions
Comparing version 1.4.3 to 1.4.4
@@ -0,1 +1,3 @@ | ||
| 'use strict'; | ||
| var inherits = require('inherits') | ||
@@ -19,4 +21,5 @@ var iframe = require('iframe') | ||
| this.iframeBody = opts.iframeBody || "" | ||
| this.iframeSandbox = opts.iframeSandbox || "" | ||
| this.cdn = opts.cdn || window.location.protocol + '//' + window.location.host | ||
| this.iframe = iframe({ container: this.container, scrollingDisabled: true }) | ||
| this.iframe = iframe({ container: this.container, scrollingDisabled: true, sandboxAttributes: this.iframeSandbox }) | ||
| this.iframeStyle = "<style type='text/css'>" + | ||
@@ -156,3 +159,3 @@ "html, body { margin: 0; padding: 0; border: 0; }\n" + | ||
| var body = self.iframeBody + scriptTag | ||
| var html = { head: self.iframeHead + self.iframeStyle, body: body, script: script } | ||
| var html = { head: self.iframeHead + self.iframeStyle, body: body, script: script, sandboxAttributes: self.iframeSandbox } | ||
| if (self.name) html.name = self.name | ||
@@ -159,0 +162,0 @@ self.iframe.setHTML(html) |
| { | ||
| "name": "browser-module-sandbox", | ||
| "version": "1.4.3", | ||
| "version": "1.4.4", | ||
| "description": "uses browserify-cdn to run node code in an iframe", | ||
@@ -13,3 +13,3 @@ "repository": { | ||
| "detective": "^4.0.0", | ||
| "iframe": "^0.3.1", | ||
| "iframe": "voronianski/iframe", | ||
| "inherits": "^2.0.1" | ||
@@ -16,0 +16,0 @@ }, |
@@ -30,2 +30,3 @@ # browser-module-sandbox | ||
| iframeStyle: string for css, gets appended to end of iframeHead, | ||
| iframeSandbox: array of capability flag strings, | ||
| iframe: iframe instance, default creates a new one inside container | ||
@@ -64,2 +65,2 @@ }) | ||
| BSD | ||
| BSD |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.69%
7813
- Lines of code
- increased by1.49%
136
- Number of lines in readme file
- increased by3.17%
65
Worsened metrics
- Number of high supply chain risk alerts
- increased byInfinity%
1
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
- Removediframe@0.3.1(transitive)
Updatediframe@voronianski/iframe