codestop-dom-proof
Advanced tools
Comparing version 1.0.6 to 1.0.7
@@ -17,15 +17,35 @@ const cheerio = require('cheerio'); | ||
static async initialize(html, css) { | ||
try { | ||
const HTML = new HTMLLoader(html); | ||
if (css) { | ||
await HTML.addExternalCSS(css); | ||
} | ||
static async initialize(html, css, withScript = false) { | ||
if (withScript) { | ||
return Proof.initializeWithScript(html, css); | ||
} | ||
await HTML.load(); | ||
const HTML = new HTMLLoader(html); | ||
if (css) { | ||
await HTML.addExternalCSS(css); | ||
} | ||
return new Proof(HTML); | ||
} catch(e) { | ||
throw e; | ||
await HTML.load(); | ||
return new Proof(HTML); | ||
} | ||
static async initializeWithScript(html, css) { | ||
const HTML = new HTMLLoader(html); | ||
if (css) { | ||
await HTML.addExternalCSS(css); | ||
} | ||
await HTML.load(true); | ||
const jsPath = await Proof.loadScript(HTML.serialize()); | ||
if (jsPath) { // We have a JS file | ||
const jsProof = await JSProof.default(jsPath); | ||
return new Proof(HTML, jsProof); | ||
} | ||
return new Proof(HTML); | ||
} | ||
@@ -37,13 +57,5 @@ | ||
async loadScript() { | ||
const script = this.getScript(); | ||
static async loadScript(html) { | ||
const script = Proof.getScript(html); | ||
// Evaluate the JS file so it will not load the JS Proof file if it can't evaluate it. | ||
try { | ||
eval(script); | ||
} catch(e) { | ||
// Rethrow the error message only to hide our library from the user. | ||
throw e.message; | ||
} | ||
if (script && script.trim()) { | ||
@@ -54,7 +66,7 @@ const file = await tmp.file(); | ||
this.js = await JSProof.default(file.path); | ||
return file.path; | ||
} | ||
} | ||
getScript() { | ||
const ch = cheerio.load(this.html.serialize()); | ||
static getScript(html) { | ||
const ch = cheerio.load(html); | ||
return ch.root().find('script').html(); | ||
@@ -61,0 +73,0 @@ } |
{ | ||
"name": "codestop-dom-proof", | ||
"version": "1.0.6", | ||
"version": "1.0.7", | ||
"description": "", | ||
@@ -21,3 +21,3 @@ "main": "index.js", | ||
"cheerio": "^1.0.0-rc.2", | ||
"codestop-css-proof": "^1.0.8", | ||
"codestop-css-proof": "^1.0.10", | ||
"codestop-js-proof": "^1.0", | ||
@@ -24,0 +24,0 @@ "tmp": "0.0.33", |
Uses eval
Supply chain riskPackage uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
2390
54
0
Updatedcodestop-css-proof@^1.0.10