hast-util-to-dom - npm Package Compare versions

Comparing version 2.0.1 to 2.0.2

dist/hast-util-to-dom.js

@@ -7,3 +7,4 @@ 'use strict';
 var find = _interopDefault(require('property-information/find'));
-var schema = _interopDefault(require('property-information/html'));
+var html = _interopDefault(require('property-information/html'));
+var svg = _interopDefault(require('property-information/svg'));
 
@@ -25,16 +26,31 @@ function _defineProperty(obj, key, value) {
 
-function _objectSpread(target) {
+function ownKeys(object, enumerableOnly) {
+  var keys = Object.keys(object);
+
+  if (Object.getOwnPropertySymbols) {
+    var symbols = Object.getOwnPropertySymbols(object);
+    if (enumerableOnly) symbols = symbols.filter(function (sym) {
+      return Object.getOwnPropertyDescriptor(object, sym).enumerable;
+    });
+    keys.push.apply(keys, symbols);
+  }
+
+  return keys;
+}
+
+function _objectSpread2(target) {
   for (var i = 1; i < arguments.length; i++) {
     var source = arguments[i] != null ? arguments[i] : {};
-    var ownKeys = Object.keys(source);
 
-    if (typeof Object.getOwnPropertySymbols === 'function') {
-      ownKeys = ownKeys.concat(Object.getOwnPropertySymbols(source).filter(function (sym) {
-        return Object.getOwnPropertyDescriptor(source, sym).enumerable;
-      }));
+    if (i % 2) {
+      ownKeys(Object(source), true).forEach(function (key) {
+        _defineProperty(target, key, source[key]);
+      });
+    } else if (Object.getOwnPropertyDescriptors) {
+      Object.defineProperties(target, Object.getOwnPropertyDescriptors(source));
+    } else {
+      ownKeys(Object(source)).forEach(function (key) {
+        Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
+      });
     }
-
-    ownKeys.forEach(function (key) {
-      _defineProperty(target, key, source[key]);
-    });
   }
@@ -105,6 +121,7 @@
 
-  return appendAll(el, children, Object.assign({
+  return appendAll(el, children, _objectSpread2({}, options, {
     fragment: fragment,
-    namespace: namespace
-  }, options));
+    namespace: namespace,
+    impliedNamespace: namespace
+  }));
 } // Create a `doctype`.
@@ -133,6 +150,6 @@
   var namespace = options.namespace,
-      doc = options.doc; // TODO: use `g` in SVG space.
-
+      doc = options.doc;
+  var impliedNamespace = options.impliedNamespace || namespace;
   var _node$tagName = node.tagName,
-      tagName = _node$tagName === void 0 ? 'div' : _node$tagName,
+      tagName = _node$tagName === void 0 ? impliedNamespace === ns.svg ? 'g' : 'div' : _node$tagName,
       _node$properties = node.properties,
@@ -142,4 +159,10 @@ properties = _node$properties === void 0 ? {} : _node$properties,
       children = _node$children2 === void 0 ? [] : _node$children2;
-  var el = typeof namespace !== 'undefined' ? doc.createElementNS(namespace, tagName) : doc.createElement(tagName); // Add HTML attributes.
 
+  if ((impliedNamespace === null || impliedNamespace === undefined || impliedNamespace === ns.html) && tagName === 'svg') {
+    impliedNamespace = ns.svg;
+  }
+
+  var schema = impliedNamespace === ns.svg ? svg : html;
+  var el = impliedNamespace === null || impliedNamespace === undefined ? doc.createElement(tagName) : doc.createElementNS(impliedNamespace, tagName); // Add HTML attributes.
+
   var props = Object.keys(properties);
@@ -185,3 +208,5 @@ var length = props.length;
 
-  return appendAll(el, children, options);
+  return appendAll(el, children, _objectSpread2({}, options, {
+    impliedNamespace: impliedNamespace
+  }));
 } // Add all children.
@@ -202,3 +227,3 @@
   var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  return transform(hast, _objectSpread({}, options, {
+  return transform(hast, _objectSpread2({}, options, {
     doc: options.document || document
@@ -205,0 +230,0 @@ }));

package.json

 {
   "name": "hast-util-to-dom",
-  "version": "2.0.1",
+  "version": "2.0.2",
   "description": "hast utility to transform to the DOM",
@@ -38,4 +38,4 @@ "license": "ISC",
     "babel-jest": "^24.0.0",
-    "eslint": "^5.0.0",
-    "eslint-config-airbnb-base": "^13.0.0",
+    "eslint": "^6.0.0",
+    "eslint-config-airbnb-base": "^14.0.0",
     "eslint-plugin-import": "^2.0.0",
@@ -47,3 +47,3 @@ "glob": "^7.0.0",
     "karma": "^4.0.0",
-    "karma-chrome-launcher": "^2.0.0",
+    "karma-chrome-launcher": "^3.0.0",
     "karma-firefox-launcher": "^1.0.0",
@@ -54,4 +54,4 @@ "karma-jasmine": "^2.0.0",
     "karma-safari-launcher": "^1.0.0",
-    "remark-cli": "^6.0.1",
-    "remark-preset-wooorm": "^5.0.0",
+    "remark-cli": "^7.0.0",
+    "remark-preset-wooorm": "^6.0.0",
     "rollup": "^1.0.0",
@@ -58,0 +58,0 @@ "rollup-plugin-babel": "^4.0.1",

readme.md

@@ -91,2 +91,8 @@ # hast-util-to-dom
 
+## Security
+
+Use of `hast-util-to-dom` can open you up to a
+[cross-site scripting (XSS)][xss] attack if the hast tree is unsafe.
+Use [`hast-util-santize`][sanitize] to make the hast tree safe.
+
 ## Related
@@ -162,1 +168,5 @@
 [tree]: https://github.com/syntax-tree/unist#tree
+
+[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting
+
+[sanitize]: https://github.com/syntax-tree/hast-util-sanitize

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

20370

increased by11.85%

Lines of code

352

increased by14.29%

Number of lines in readme file

171

increased by6.21%

No dependency changes