less - npm Package Compare versions

Comparing version 1.0.44 to 1.1.0

lib/less/browser.js

@@ -7,2 +7,3 @@ //
                       location.protocol === 'chrome:'  ||
+                      location.protocol === 'chrome-extension:'  ||
                       location.protocol === 'resource:');
@@ -126,3 +127,7 @@
     if (! /^(https?|file):/.test(href)) {
-        href = url.slice(0, url.lastIndexOf('/') + 1) + href;
+        if (href.charAt(0) == "/") {
+            href = window.location.protocol + "//" + window.location.host + href;
+        } else {
+            href = url.slice(0, url.lastIndexOf('/') + 1) + href;
+        }
     }
@@ -129,0 +134,0 @@

lib/less/index.js

@@ -8,3 +8,3 @@ var path = require('path'),
 var less = {
-    version: [1, 0, 44],
+    version: [1, 1, 0],
     Parser: require('less/parser').Parser,
@@ -11,0 +11,0 @@ importer: require('less/parser').importer,

lib/less/parser.js

@@ -460,7 +460,11 @@ var less, tree;
                 quoted: function () {
-                    var str;
-                    if (input.charAt(i) !== '"' && input.charAt(i) !== "'") return;
+                    var str, j = i, e;
 
+                    if (input.charAt(j) === '~') { j++, e = true } // Escaped strings
+                    if (input.charAt(j) !== '"' && input.charAt(j) !== "'") return;
+
+                    e && $('~');
+
                     if (str = $(/^"((?:[^"\\\r\n]|\\.)*)"|'((?:[^'\\\r\n]|\\.)*)'/)) {
-                        return new(tree.Quoted)(str[0], str[1] || str[2]);
+                        return new(tree.Quoted)(str[0], str[1] || str[2], e);
                     }
@@ -536,3 +540,3 @@ },
                     value = $(this.entities.quoted)  || $(this.entities.variable) ||
-                            $(this.entities.dataURI) || $(/^[-\w%@$\/.&=:;#+?]+/) || "";
+                            $(this.entities.dataURI) || $(/^[-\w%@$\/.&=:;#+?~]+/) || "";
                     if (! $(')')) throw new(Error)("missing closing ) for url()");
@@ -569,3 +573,3 @@
 
-                    if (input.charAt(i) === '@' && (name = $(/^@[\w-]+/))) {
+                    if (input.charAt(i) === '@' && (name = $(/^@@?[\w-]+/))) {
                         return new(tree.Variable)(name, index);
@@ -610,8 +614,11 @@ }
                 javascript: function () {
-                    var str;
+                    var str, j = i, e;
 
-                    if (input.charAt(i) !== '`') { return }
+                    if (input.charAt(j) === '~') { j++, e = true } // Escaped strings
+                    if (input.charAt(j) !== '`') { return }
 
+                    e && $('~');
+
                     if (str = $(/^`([^`]*)`/)) {
-                        return new(tree.JavaScript)(str[1], i);
+                        return new(tree.JavaScript)(str[1], i, e);
                     }
@@ -618,0 +625,0 @@ }

lib/less/tree/javascript.js

 (function (tree) {
 
-tree.JavaScript = function (string, index) {
+tree.JavaScript = function (string, index, escaped) {
+    this.escaped = escaped;
     this.expression = string;
@@ -9,9 +10,18 @@ this.index = index;
     toCSS: function () {
-        return JSON.stringify(this.evaluated);
+        if (this.escaped) {
+            return this.evaluated;
+        } else {
+            return JSON.stringify(this.evaluated);
+        }
     },
     eval: function (env) {
         var result,
-            expression = new(Function)('return (' + this.expression + ')'),
             context = {};
 
+        var expression = this.expression.replace(/@\{([\w-]+)\}/g, function (_, name) {
+            return new(tree.Variable)('@' + name).eval(env).value;
+        });
+
+        expression = new(Function)('return (' + expression + ')');
+
         for (var k in env.frames[0].variables()) {
@@ -18,0 +28,0 @@ context[k.slice(1)] = {

lib/less/tree/mixin.js

@@ -65,3 +65,3 @@ (function (tree) {
     eval: function (env, args) {
-        var frame = new(tree.Ruleset)(null, []), context;
+        var frame = new(tree.Ruleset)(null, []), context, _arguments = [];
 
@@ -78,3 +78,6 @@ for (var i = 0, val; i < this.params.length; i++) {
         }
-        frame.rules.unshift(new(tree.Rule)('@arguments', new(tree.Expression)(args)));
+        for (var i = 0; i < Math.max(this.params.length, args && args.length); i++) {
+            _arguments.push(args[i] || this.params[i].value);
+        }
+        frame.rules.unshift(new(tree.Rule)('@arguments', new(tree.Expression)(_arguments)));
 
@@ -81,0 +84,0 @@ return new(tree.Ruleset)(null, this.rules.slice(0)).eval({

lib/less/tree/quoted.js

 (function (tree) {
 
-tree.Quoted = function (str, content) {
+tree.Quoted = function (str, content, escaped, i) {
+    this.escaped = escaped;
     this.value = content || '';
     this.quote = str.charAt(0);
+    this.index = i;
 };
 tree.Quoted.prototype = {
     toCSS: function () {
-        return this.quote + this.value + this.quote;
+        if (this.escaped) {
+            return this.value;
+        } else {
+            return this.quote + this.value + this.quote;
+        }
     },
-    eval: function () {
+    eval: function (env) {
+        this.value = this.value.replace(/@\{([\w-]+)\}/g, function (_, name) {
+            return new(tree.Variable)('@' + name).eval(env).value;
+        }).replace(/`([^`]+)`/g, function (_, exp) {
+            return new(tree.JavaScript)(exp, this.index, true).eval(env).toCSS();
+        });
         return this;
@@ -13,0 +24,0 @@ }

lib/less/tree/url.js

@@ -8,3 +8,3 @@ (function (tree) {
         // Add the base path if the URL is relative and we are in the browser
-        if (!/^(?:https?:\/|file:\/)?\//.test(val.value) && paths.length > 0 && typeof(window) !== 'undefined') {
+        if (!/^(?:https?:\/|file:\/|data:\/)?\//.test(val.value) && paths.length > 0 && typeof(window) !== 'undefined') {
             val.value = paths[0] + (val.value.charAt(0) === '/' ? val.value.slice(1) : val.value);
@@ -11,0 +11,0 @@ }

lib/less/tree/variable.js

@@ -8,2 +8,6 @@ (function (tree) {
 
+        if (name.indexOf('@@') == 0) {
+            name = '@' + new(tree.Variable)(name.slice(1)).eval(env).value;
+        }
+
         if (variable = tree.find(env.frames, function (frame) {
@@ -15,3 +19,3 @@ if (v = frame.variable(name)) {
         else {
-            throw { message: "variable " + this.name + " is undefined",
+            throw { message: "variable " + name + " is undefined",
                     index: this.index };
@@ -18,0 +22,0 @@ }

package.json

@@ -8,3 +8,3 @@ {
   "contributors"  : [],
-  "version"       : "1.0.44",
+  "version"       : "1.1.0",
   "bin"           : { "lessc": "./bin/lessc" },
@@ -11,0 +11,0 @@ "main"          : "./lib/less/index",

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

445335

increased by2.01%

Lines of code

8082

increased by1.78%

Worsened metrics

Number of medium supply chain risk alerts

4

increased by33.33%

No dependency changes