postcss - npm Package Compare versions
+1
-1
@@ -10,3 +10,3 @@ 'use strict' | ||
| constructor(plugins = []) { | ||
| this.version = '8.5.9' | ||
| this.version = '8.5.10' | ||
| this.plugins = this.normalize(plugins) | ||
@@ -13,0 +13,0 @@ } |
+25
-8
| 'use strict' | ||
| // Escapes sequences that could break out of an HTML <style> context. | ||
| // Uses CSS unicode escaping (\3c = '<') which is valid CSS and parsed | ||
| // correctly by all compliant CSS consumers. | ||
| const STYLE_TAG = /(<)(\/?style\b)/gi | ||
| const COMMENT_OPEN = /(<)(!--)/g | ||
| function escapeHTMLInCSS(str) { | ||
| if (typeof str !== 'string') return str | ||
| if (!str.includes('<')) return str | ||
| return str.replace(STYLE_TAG, '\\3c $2').replace(COMMENT_OPEN, '\\3c $2') | ||
| } | ||
| const DEFAULT_RAW = { | ||
@@ -41,3 +53,3 @@ after: '\n', | ||
| let end = (node.raws.between || '') + (semicolon ? ';' : '') | ||
| this.builder(name + params + end, node) | ||
| this.builder(escapeHTMLInCSS(name + params + end), node) | ||
| } | ||
@@ -77,3 +89,3 @@ } | ||
| let between = this.raw(node, 'between', 'beforeOpen') | ||
| this.builder(start + between + '{', node, 'start') | ||
| this.builder(escapeHTMLInCSS(start + between) + '{', node, 'start') | ||
@@ -88,3 +100,3 @@ let after | ||
| if (after) this.builder(after) | ||
| if (after) this.builder(escapeHTMLInCSS(after)) | ||
| this.builder('}', node, 'end') | ||
@@ -101,6 +113,7 @@ } | ||
| let semicolon = this.raw(node, 'semicolon') | ||
| let isDocument = node.type === 'document' | ||
| for (let i = 0; i < node.nodes.length; i++) { | ||
| let child = node.nodes[i] | ||
| let before = this.raw(child, 'before') | ||
| if (before) this.builder(before) | ||
| if (before) this.builder(isDocument ? before : escapeHTMLInCSS(before)) | ||
| this.stringify(child, last !== i || semicolon) | ||
@@ -113,3 +126,3 @@ } | ||
| let right = this.raw(node, 'right', 'commentRight') | ||
| this.builder('/*' + left + node.text + right + '*/', node) | ||
| this.builder(escapeHTMLInCSS('/*' + left + node.text + right + '*/'), node) | ||
| } | ||
@@ -126,3 +139,3 @@ | ||
| if (semicolon) string += ';' | ||
| this.builder(string, node) | ||
| this.builder(escapeHTMLInCSS(string), node) | ||
| } | ||
@@ -333,3 +346,7 @@ | ||
| this.body(node) | ||
| if (node.raws.after) this.builder(node.raws.after) | ||
| if (node.raws.after) { | ||
| let after = node.raws.after | ||
| let isDocument = node.parent && node.parent.type === 'document' | ||
| this.builder(isDocument ? after : escapeHTMLInCSS(after)) | ||
| } | ||
| } | ||
@@ -340,3 +357,3 @@ | ||
| if (node.raws.ownSemicolon) { | ||
| this.builder(node.raws.ownSemicolon, node, 'end') | ||
| this.builder(escapeHTMLInCSS(node.raws.ownSemicolon), node, 'end') | ||
| } | ||
@@ -343,0 +360,0 @@ } |
+1
-1
| { | ||
| "name": "postcss", | ||
| "version": "8.5.9", | ||
| "version": "8.5.10", | ||
| "description": "Tool for transforming styles with JS plugins", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
204244
0.38%- Lines of code
7022
0.21%