react-json-pretty - npm Package Compare versions

Comparing version 2.0.0 to 2.0.1

CHANGELOG.md

@@ -5,2 +5,12 @@ # Change Log
 
+<a name="2.0.1"></a>
+## [2.0.1](https://github.com/chenckang/react-json-pretty/compare/v2.0.0...v2.0.1) (2019-03-13)
+
+
+### Bug Fixes
+
+* xss security issue under invalid json data ([66526b9](https://github.com/chenckang/react-json-pretty/commit/66526b9))
+
+
+
 <a name="2.0.0"></a>
@@ -7,0 +17,0 @@ # [2.0.0](https://github.com/chenckang/react-json-pretty/compare/v1.7.9...v2.0.0) (2019-01-03)

dist/JSONPretty.js

@@ -44,5 +44,24 @@ "use strict";
 var React = __importStar(require("react"));
+function getStyleValue(name, theme) {
+    return theme ? theme[name] || '' : '';
+}
 function getStyle(name, theme) {
-    return theme ? theme[name] ? " style=\"" + theme[name] + "\"" : '' : '';
+    var value = getStyleValue(name, theme);
+    return value ? " style=\"" + value + "\"" : '';
 }
+var xssmap = {
+    '"': '"',
+    '\'': ''',
+    '&': '&',
+    '>': '>',
+    '<': '&lt',
+};
+function xss(s) {
+    if (!s) {
+        return s;
+    }
+    return s.replace(/<|>|&|"|'/g, function (m) {
+        return xssmap[m];
+    });
+}
 var JSONPretty = /** @class */ (function (_super) {
@@ -65,3 +84,3 @@ __extends(JSONPretty, _super);
                 }
-                return (React.createElement("div", __assign({}, rest, { dangerouslySetInnerHTML: { __html: "<pre class=" + themeClassName + getStyle('main', theme) + ">" + obj + "</pre>"
+                return (React.createElement("div", __assign({}, rest, { dangerouslySetInnerHTML: { __html: "<pre class=" + themeClassName + getStyle('main', theme) + ">" + xss(obj) + "</pre>"
                     } })));
@@ -68,0 +87,0 @@ }

package.json

 {
   "name": "react-json-pretty",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "A code formatting tool for raw json data",
@@ -16,3 +16,3 @@ "main": "dist/JSONPretty.js",
     "test": "jest --verbose=true --coverage",
-    "build": "npm run build-styl && npm run build-jsx",
+    "build": "mkdir -p dist && mkdir -p themes && npm run build-styl && npm run build-jsx",
     "lint": "tslint --project tsconfig.json --config tslint.json './src/**/*.tsx'",
@@ -19,0 +19,0 @@ "precommit": "npm run build && npm run lint",

README.md

@@ -44,3 +44,3 @@ # React JSON Pretty
 
-***Note: if `yourData` is not a plain object, use `circular-json` or other similar tools to preprocess it before passed to `JSONPretty`.***
+***Note: if `yourData` is not a plain object, use `circular-json` or other similar tools to preprocess it before being passed to `JSONPretty`.***
 
@@ -47,0 +47,0 @@ ### Themes

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

20544

increased by3.3%

Lines of code

282

increased by7.22%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes