Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A diff for DOM elements, as client-side JavaScript code. Gets all modifications, insertions and removals between two DOM fragments.
This library allows the abstraction of differences between DOM elements as a "diff" object, representing the sequence of modifications that must be applied to one element in order to turn it into the other element. This diff is non-destructive, meaning that relocations of DOM nodes are preferred over remove-insert operations.
This project is licensed under the LGPL v. 3. For details see LICENSE.txt.
Check http://fiduswriter.github.io/diffDOM for demo and tests.
Include the diffDOM file in your HTML like this:
<script src="browser/diffDOM.js"></script>
Or like this if you import from npm:
import { DiffDOM } from "diff-dom"
Then create an instance of diffDOM within the javascript code:
dd = new diffDOM.DiffDOM()
(leave out the diffdom.
if you use the npm-version)
Now you can create a diff to get from dom elementA
to dom elementB
like this:
diff = dd.diff(elementA, elementB)
You can now apply this diff like this:
dd.apply(elementA, diff)
Now elementA
will have been changed to be structurally equal to elementB
.
You can also use HTML strings or the virtual DOM objects diffDOM uses internally to create diffs.
diff = dd.diff(elementA, "<div>hello</div>")
You can create the Virtual DOM objects diffDOM uses, create them like this:
import { nodeToObj, stringToObj } from "diff-dom"
obj1 = nodeToObj(elementA)
obj2 = stringToObj("<div>hello</div>")
Diffing between these objects will be faster than diffing DOM nodes and can be useful in environments without access to the DOM.
Continuing on from the previous example, you can also undo a diff, like this:
dd.undo(elementA, diff)
Now elementA will be what it was like before applying the diff.
If you need to move diffs from one machine to another one, you will likely want to send the diffs through a websocket connection or as part of a form submit. In both cases you need to convert the diff to a json string
.
To convert a diff to a json string which you can send over the network, do:
diffJson = JSON.stringify(diff)
On the receiving end you then need to unpack it like this:
diff = JSON.parse(diffJson)
Sometimes one may try to patch an elment without knowing whether the patch actually will apply cleanly. This should not be a problem. If diffDOM determines that a patch cannot be executed, it will simple return false
. Else it will return true
:
result = dd.apply(element, diff)
if (result) {
console.log("no problem!")
} else {
console.log("diff could not be applied")
}
diffDOM does not include merging for changes to text nodes. However, it includes hooks so that you can add more advanced handling. Simple overwrite the textDiff
function of the diffDOM
instance. The functions TEXTDIFF and TEXTPATCH need to be defined in the code:
dd = new diffDOM.DiffDOM({
textDiff: function (node, currentValue, expectedValue, newValue) {
if (currentValue === expectedValue) {
// The text node contains the text we expect it to contain, so we simple change the text of it to the new value.
node.data = newValue
} else {
// The text node currently does not contain what we expected it to contain, so we need to merge.
difference = TEXTDIFF(expectedValue, currentValue)
node.data = TEXTPATCH(newValue, difference)
}
return true
},
})
diffDOM provides extension points before and after virtual and actual diffs, exposing some of the internals of the diff algorithm, and allowing you to make additional decisions based on that information.
dd = new diffDOM.DiffDOM({
preVirtualDiffApply: function (info) {
console.log(info)
},
postVirtualDiffApply: function (info) {
console.log(info)
},
preDiffApply: function (info) {
console.log(info)
},
postDiffApply: function (info) {
console.log(info)
},
})
Additionally, the pre hooks allow you to shortcircuit the standard behaviour of the diff by returning true
from this callback. This will cause the diffApply
functions to return prematurely, skipping their standard behaviour.
dd = new diffDOM.DiffDOM({
// prevent removal of attributes
preDiffApply: function (info) {
if (info.diff.action === "removeAttribute") {
console.log("preventing attribute removal")
return true
}
},
})
diffDOM also provides a way to filter outer diff
dd = new diffDOM.DiffDOM({
filterOuterDiff: function (t1, t2, diffs) {
// can change current outer diffs by returning a new array,
// or by mutating outerDiffs.
if (
!diffs.length &&
t1.nodeName == "my-component" &&
t2.nodeName == t1.nodeName
) {
// will not diff childNodes
t1.innerDone = true
}
},
})
For debugging you might want to set a max number of diff changes between two elements before diffDOM gives up. To allow for a maximum of 500 differences between elements when diffing, initialize diffDOM like this:
dd = new diffDOM.DiffDOM({
debug: true,
diffcap: 500,
})
For forms that have been filled out by a user in ways that have changed which value is associated with an input field or which options are checked/selected without
the DOM having been updated, the values are diffed. For use cases in which no changes have been made to any of the form values, one may choose to skip diffing the values. To do this, set valueDiffing
to false
as a configuration option to diffDOM:
dd = new diffDOM.DiffDOM({
valueDiffing: false,
})
Strings of HTML can normally be interpreted case-insensitively as HTML tags don't differentiate between uppercase and lowercase. However, in the case of XML (SVGs, XHTML) there is a difference and this should be enabled. To do this, set caseSensitive
to true
as a configuration option to diffDOM:
dd = new diffDOM.DiffDOM({
caseSensitive: true,
})
NOTE! If there is an SVG inside of the HTML in the string, diffDOM can automatically determine that it should switch to case sensitivity. It is only if the diff happens entirely within an SVG that it is required to specify this.
FAQs
A diff for DOM elements, as client-side JavaScript code. Gets all modifications, insertions and removals between two DOM fragments.
We found that diff-dom demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.