Socket
Socket
Sign inDemoInstall

node-iframe

Package Overview
Dependencies
23
Maintainers
1
Versions
74
Alerts
File Explorer

Advanced tools

npm Scripts
License

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.6.4 to 1.7.0

4

dist/config/index.js

@@ -10,6 +10,2 @@ "use strict";

exports.__esModule = true;
var cache_1 = require("./cache");
__createBinding(exports, cache_1, "stdTTL");
__createBinding(exports, cache_1, "checkperiod");
__createBinding(exports, cache_1, "cacheConfig");
var headers_1 = require("./headers");

@@ -16,0 +12,0 @@ __createBinding(exports, headers_1, "appHeaders");

233

dist/iframe.js

@@ -60,3 +60,3 @@ "use strict";

exports.__esModule = true;
exports.fetchFrame = exports.configureCacheControl = exports.configureTemplates = exports.configureResourceControl = exports.configureAgent = exports.appSourceConfig = void 0;
exports.fetchFrame = exports.configureTemplates = exports.configureResourceControl = exports.configureAgent = exports.appSourceConfig = void 0;
var isomorphic_unfetch_1 = __importDefault(require("isomorphic-unfetch"));

@@ -68,15 +68,44 @@ var cheerio_1 = require("cheerio");

var config_1 = require("./config");
var cache_1 = require("./cache");
exports.configureCacheControl = cache_1.configureCacheControl;
var appSourceConfig = config_1.defaultConfig;
exports.appSourceConfig = appSourceConfig;
var agent;
function configureAgent(http) {
if (!agent) {
var httpAgent;
var httpsAgent;
var agentConfigured = false;
var agent = agentConfigured
? function (_parsedURL) {
if (_parsedURL.protocol == "http:" && setAgent(true)) {
return httpAgent;
}
else if (setAgent(false)) {
setAgent(false);
return httpsAgent;
}
}
: undefined;
function setAgent(http) {
try {
if (http && !httpAgent) {
var transport = require("http");
httpAgent = new transport.Agent({
rejectUnauthorized: false
});
}
else if (!httpsAgent) {
var transport = require("https");
httpsAgent = new transport.Agent({
rejectUnauthorized: false
});
}
return true;
}
catch (e) {
console.error(e);
return false;
}
}
function configureAgent() {
if (!agentConfigured) {
try {
if (typeof window === "undefined" && !agent) {
var transport = http ? require("http") : require("https");
agent = new transport.Agent({
rejectUnauthorized: false
});
if (typeof window === "undefined" && !agentConfigured) {
agentConfigured = true;
}

@@ -134,3 +163,3 @@ }

return __awaiter(this, void 0, void 0, function () {
var cachedHtml, e_5, _f, inline, cors, headers, response, html, $html, inlineMutations_2, _g, _h, key, attribute_1, e_2_1, inlineMutations_1, inlineMutations_1_1, com, key, attribute, src, element, e_3_1, _j, _k, key, e_4_1, e_6;
var _f, inline, cors, headers, response, html, $html, inlineMutations_2, _g, _h, key, attribute_1, e_2_1, inlineMutations_1, inlineMutations_1_1, com, key, attribute, src, element, e_3_1, _j, _k, key, e_4_1, e_5;
return __generator(this, function (_l) {

@@ -142,17 +171,2 @@ switch (_l.label) {

}
_l.label = 1;
case 1:
_l.trys.push([1, 3, , 4]);
return [4, cache_1.appCache.get(url)];
case 2:
cachedHtml = _l.sent();
if (cachedHtml) {
return [2, cheerio_1.load(cachedHtml)];
}
return [3, 4];
case 3:
e_5 = _l.sent();
console.error(e_5);
return [3, 4];
case 4:
_f = {

@@ -163,5 +177,5 @@ inline: __assign(__assign({}, appSourceConfig.inline), config === null || config === void 0 ? void 0 : config.inline),

headers = __assign(__assign({}, config_1.appHeaders), head);
_l.label = 5;
case 5:
_l.trys.push([5, 50, , 51]);
_l.label = 1;
case 1:
_l.trys.push([1, 46, , 47]);
return [4, isomorphic_unfetch_1["default"](url, {

@@ -171,25 +185,25 @@ headers: head,

})];
case 6:
case 2:
response = _l.sent();
return [4, response.text()];
case 7:
case 3:
html = _l.sent();
$html = cheerio_1.load(html);
if (!!!baseHref) return [3, 9];
if (!!!baseHref) return [3, 5];
return [4, $html("head").prepend("<base target=\"_self\" href=\"" + url + "\">")];
case 8:
case 4:
_l.sent();
_l.label = 9;
case 9:
_l.label = 5;
case 5:
inlineMutations_2 = [];
_l.label = 10;
case 10:
_l.trys.push([10, 16, 17, 22]);
_l.label = 6;
case 6:
_l.trys.push([6, 12, 13, 18]);
_g = __asyncValues(Object.keys(inline));
_l.label = 11;
case 11: return [4, _g.next()];
case 12:
if (!(_h = _l.sent(), !_h.done)) return [3, 15];
_l.label = 7;
case 7: return [4, _g.next()];
case 8:
if (!(_h = _l.sent(), !_h.done)) return [3, 11];
key = _h.value;
if (!inline[key]) return [3, 14];
if (!inline[key]) return [3, 10];
attribute_1 = "src";

@@ -202,30 +216,30 @@ return [4, $html(key).attr(attribute_1, function (_, src) {

})];
case 13:
case 9:
_l.sent();
_l.label = 14;
case 14: return [3, 11];
case 15: return [3, 22];
case 16:
_l.label = 10;
case 10: return [3, 7];
case 11: return [3, 18];
case 12:
e_2_1 = _l.sent();
e_2 = { error: e_2_1 };
return [3, 22];
case 17:
_l.trys.push([17, , 20, 21]);
if (!(_h && !_h.done && (_b = _g["return"]))) return [3, 19];
return [3, 18];
case 13:
_l.trys.push([13, , 16, 17]);
if (!(_h && !_h.done && (_b = _g["return"]))) return [3, 15];
return [4, _b.call(_g)];
case 18:
case 14:
_l.sent();
_l.label = 19;
case 19: return [3, 21];
case 20:
_l.label = 15;
case 15: return [3, 17];
case 16:
if (e_2) throw e_2.error;
return [7];
case 21: return [7];
case 22:
_l.trys.push([22, 29, 30, 35]);
case 17: return [7];
case 18:
_l.trys.push([18, 25, 26, 31]);
inlineMutations_1 = __asyncValues(inlineMutations_2);
_l.label = 23;
case 23: return [4, inlineMutations_1.next()];
case 24:
if (!(inlineMutations_1_1 = _l.sent(), !inlineMutations_1_1.done)) return [3, 28];
_l.label = 19;
case 19: return [4, inlineMutations_1.next()];
case 20:
if (!(inlineMutations_1_1 = _l.sent(), !inlineMutations_1_1.done)) return [3, 24];
com = inlineMutations_1_1.value;

@@ -235,63 +249,62 @@ key = com.key, attribute = com.attribute, src = com.src;

return [4, mutateSource({ key: element, src: src }, url, $html, headers)];
case 25:
case 21:
_l.sent();
return [4, $html(element).removeAttr(attribute)];
case 26:
case 22:
_l.sent();
_l.label = 27;
case 27: return [3, 23];
case 28: return [3, 35];
case 29:
_l.label = 23;
case 23: return [3, 19];
case 24: return [3, 31];
case 25:
e_3_1 = _l.sent();
e_3 = { error: e_3_1 };
return [3, 35];
case 30:
_l.trys.push([30, , 33, 34]);
if (!(inlineMutations_1_1 && !inlineMutations_1_1.done && (_c = inlineMutations_1["return"]))) return [3, 32];
return [3, 31];
case 26:
_l.trys.push([26, , 29, 30]);
if (!(inlineMutations_1_1 && !inlineMutations_1_1.done && (_c = inlineMutations_1["return"]))) return [3, 28];
return [4, _c.call(inlineMutations_1)];
case 31:
case 27:
_l.sent();
_l.label = 32;
case 32: return [3, 34];
case 33:
_l.label = 28;
case 28: return [3, 30];
case 29:
if (e_3) throw e_3.error;
return [7];
case 34: return [7];
case 35: return [4, $html("[src=\"undefined\"]").removeAttr("src")];
case 36:
case 30: return [7];
case 31: return [4, $html("[src=\"undefined\"]").removeAttr("src")];
case 32:
_l.sent();
_l.label = 37;
case 37:
_l.trys.push([37, 43, 44, 49]);
_l.label = 33;
case 33:
_l.trys.push([33, 39, 40, 45]);
_j = __asyncValues(Object.keys(cors));
_l.label = 38;
case 38: return [4, _j.next()];
case 39:
if (!(_k = _l.sent(), !_k.done)) return [3, 42];
_l.label = 34;
case 34: return [4, _j.next()];
case 35:
if (!(_k = _l.sent(), !_k.done)) return [3, 38];
key = _k.value;
if (!cors[key]) return [3, 41];
if (!cors[key]) return [3, 37];
return [4, $html(key).attr("crossorigin", cors[key])];
case 40:
case 36:
_l.sent();
_l.label = 41;
case 41: return [3, 38];
case 42: return [3, 49];
case 43:
_l.label = 37;
case 37: return [3, 34];
case 38: return [3, 45];
case 39:
e_4_1 = _l.sent();
e_4 = { error: e_4_1 };
return [3, 49];
case 44:
_l.trys.push([44, , 47, 48]);
if (!(_k && !_k.done && (_d = _j["return"]))) return [3, 46];
return [3, 45];
case 40:
_l.trys.push([40, , 43, 44]);
if (!(_k && !_k.done && (_d = _j["return"]))) return [3, 42];
return [4, _d.call(_j)];
case 45:
case 41:
_l.sent();
_l.label = 46;
case 46: return [3, 48];
case 47:
_l.label = 42;
case 42: return [3, 44];
case 43:
if (e_4) throw e_4.error;
return [7];
case 48: return [7];
case 49:
cache_1.appCache.set(url, $html.html());
case 44: return [7];
case 45:
if (server) {

@@ -301,7 +314,7 @@ $html.status = 200;

return [2, $html];
case 50:
e_6 = _l.sent();
console.error(e_6);
return [3, 51];
case 51: return [2, renderErrorHtml({ url: url, server: server, noPage: true })];
case 46:
e_5 = _l.sent();
console.error(e_5);
return [3, 47];
case 47: return [2, renderErrorHtml({ url: url, server: server, noPage: true })];
}

@@ -308,0 +321,0 @@ });

16

package.json
{
"name": "node-iframe",
"version": "1.6.4",
"version": "1.7.0",
"description": "create a iframe on your server to bypass CORS issues. ( reverse engineer security issues )",

@@ -20,10 +20,8 @@ "main": "dist/iframe.js",

"cheerio": "^1.0.0-rc.3",
"isomorphic-unfetch": "^3.1.0",
"node-cache": "^5.1.0"
"isomorphic-unfetch": "^3.1.0"
},
"devDependencies": {
"dotenv": "^8.2.0",
"@swc/jest": "^0.2.20",
"express": "^4.17.1",
"jest": "^26.4.0",
"ts-jest": "^26.4.1",
"jest": "^26.6.3",
"tscpaths": "0.0.9",

@@ -33,7 +31,11 @@ "typescript": "^3.7.5"

"jest": {
"preset": "ts-jest",
"moduleNameMapper": {
"^@app/(.*)$": "<rootDir>/src/$1"
},
"transform": {
"^.+\\.(t|j)sx?$": [
"@swc/jest"
]
}
}
}

17

README.md

@@ -16,4 +16,4 @@ # node-iframe

```typescript
import createIframe from "node-iframe"
// or
import createIframe from "node-iframe";
// or
// const createIframe = require("node-iframe").default;

@@ -27,3 +27,3 @@

baseHref: req.query.baseHref, // optional: determine how to control link redirects,
config: { cors: { script: true } } // optional: determine element cors or inlining #shape src/iframe.ts#L34
config: { cors: { script: true } }, // optional: determine element cors or inlining #shape src/iframe.ts#L34
});

@@ -52,7 +52,3 @@ });

```typescript
const {
configureCacheControl,
configureResourceControl,
configureTemplates
} = require("node-iframe");
const { configureResourceControl, configureTemplates } = require("node-iframe");

@@ -62,7 +58,4 @@ // optional: configure if elements should be inlined, cors, etc, this combines with the `config` param

inline: { script: true, link: false },
cors: { script: true }
cors: { script: true },
});
// optional: configure cache-control, to disable cache set `disabled` to true - check https://github.com/node-cache/node-cache#options
// for more options and info
configureCacheControl({ stdTTL: 0, checkperiod: 600, disabled: false });
// optional: configure error-pages - check src/templates for more info

@@ -69,0 +62,0 @@ // 0: error, 1: not-found, 2: all templates - check src/templates/config for options

1

types/config/index.d.ts

@@ -1,3 +0,2 @@

export { stdTTL, checkperiod, cacheConfig } from "./cache";
export { appHeaders } from "./headers";
export { defaultConfig, defaultCorsConfig, defaultInlineConfig, url, } from "./config";

5

types/iframe.d.ts
import { configureTemplates } from "@app/templates";
import { configureCacheControl } from "@app/cache";
declare type CorsResourceType = "anonymous" | "use-credentials" | boolean;

@@ -30,7 +29,7 @@ interface InlineElementsConfig {

};
declare function configureAgent(http: boolean): void;
declare function configureAgent(): void;
declare function fetchFrame(model: any): Promise<any>;
declare function configureResourceControl(appConfig: RenderHtmlConfig): void;
declare function createIframe(_req: any, res: any, next: any): void;
export { appSourceConfig, configureAgent, configureResourceControl, configureTemplates, configureCacheControl, fetchFrame, };
export { appSourceConfig, configureAgent, configureResourceControl, configureTemplates, fetchFrame, };
export default createIframe;
dist/cache/cache.js
dist/cache/cache.js.map
dist/cache/index.js
dist/cache/index.js.map
dist/config/cache.js
dist/config/cache.js.map
dist/config/index.js.map

Sorry, the diff of this file is not supported yet

dist/iframe.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc