eval-sanitizer - npm Package Compare versions

Comparing version 0.0.3 to 0.0.4

lib/sanitizer.js

		@@ -15,2 +15,3 @@ /**
		const SAME_AST_AND_ONLY_LITERALS = 2;
		const ONLY_LITERALS_AND_IDENTIFIERS = 3;

		@@ -36,2 +37,3 @@ var CURRENT_POLICY = SAME_AST_AND_ONLY_LITERALS;
		}

		var origAst = esprima.parse(templateString, {loc : true});
		@@ -55,7 +57,4 @@ var ast = esprima.parse(finalString, {loc : true});
		ast = removeMalicious(ast, origAst)
		//try {
		return escodegen.generate(ast);
		//} catch(e) {
		// return "";
		//}

		return escodegen.generate(ast);
		}
		@@ -102,2 +101,12 @@
		}
		if (CURRENT_POLICY === ONLY_LITERALS_AND_IDENTIFIERS) {
		traverse(runtimeAst, {
		pre: function(node) {

		if (node.label === USER_LABEL && node.type != "Literal" && node.type != "Identifier") {
		toRemove.push(node);
		}
		}
		});
		}
		trav(runtimeAst, null, null, null);
		@@ -137,2 +146,3 @@
		module.exports.SAME_AST_AND_ONLY_LITERALS = SAME_AST_AND_ONLY_LITERALS;
		module.exports.ONLY_LITERALS_AND_IDENTIFIERS = ONLY_LITERALS_AND_IDENTIFIERS;

		@@ -139,0 +149,0 @@ module.exports.setPolicy = function(policy) {

package.json

		{
		"name": "eval-sanitizer",
		"description" : "Parsing-based sanitization package for eval.",
		"version": "0.0.3",
		"version": "0.0.4",
		"main" : "./lib/sanitizer.js",
		@@ -6,0 +6,0 @@ "dependencies": {

test/test-simple-use-case.js

		@@ -10,2 +10,7 @@ /**
		eval(sanitizer`var x = ${USER_INPUT}`);
		assert(y === 0, "Sanitization failed");
		assert(y === 0, "Sanitization failed");

		var SECOND_INPUT = "'x'";
		sanitizer.setPolicy(sanitizer.ONLY_LITERALS_AND_IDENTIFIERS);
		eval(sanitizer`var x = {${SECOND_INPUT} : ${SECOND_INPUT}}`);
		console.log(x);

README

Sorry, the diff of this file is not supported yet

Improved metrics