safevalues - npm Package Compare versions

Comparing version 0.3.4 to 0.4.0

builders/html_builders.d.ts

@@ -25,3 +25,3 @@ /**
  */
-export declare function createScript(script: SafeScript, options?: {
+export declare function scriptToHtml(script: SafeScript, options?: {
     id?: string;
@@ -35,4 +35,7 @@ nonce?: string;
  */
-export declare function createScriptSrc(src: TrustedResourceUrl, async?: boolean, nonce?: string): SafeHtml;
+export declare function scriptUrlToHtml(src: TrustedResourceUrl, options?: {
+    async?: boolean;
+    nonce?: string;
+}): SafeHtml;
 /** Creates a `SafeHtml` value by concatenating multiple `SafeHtml`s. */
 export declare function concatHtmls(htmls: readonly SafeHtml[]): SafeHtml;

builders/html_builders.js

@@ -7,3 +7,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.concatHtmls = exports.createScriptSrc = exports.createScript = exports.htmlEscape = void 0;
+exports.concatHtmls = exports.scriptUrlToHtml = exports.scriptToHtml = exports.htmlEscape = void 0;
 var html_impl_1 = require("../internals/html_impl");
@@ -41,3 +41,3 @@ var resource_url_impl_1 = require("../internals/resource_url_impl");
  */
-function createScript(script, options) {
+function scriptToHtml(script, options) {
     if (options === void 0) { options = {}; }
@@ -58,3 +58,3 @@ var unwrappedScript = (0, script_impl_1.unwrapScript)(script).toString();
 }
-exports.createScript = createScript;
+exports.scriptToHtml = scriptToHtml;
 /**
@@ -64,10 +64,11 @@ * Creates a `SafeHtml` representing a script tag with the src attribute.
  */
-function createScriptSrc(src, async, nonce) {
+function scriptUrlToHtml(src, options) {
+    if (options === void 0) { options = {}; }
     var unwrappedSrc = (0, resource_url_impl_1.unwrapResourceUrl)(src).toString();
     var stringTag = "<script src=\"".concat(htmlEscapeToString(unwrappedSrc), "\"");
-    if (async) {
+    if (options.async) {
         stringTag += ' async';
     }
-    if (nonce) {
-        stringTag += " nonce=\"".concat(htmlEscapeToString(nonce), "\"");
+    if (options.nonce) {
+        stringTag += " nonce=\"".concat(htmlEscapeToString(options.nonce), "\"");
     }
@@ -77,3 +78,3 @@ stringTag += '>\x3c/script>';
 }
-exports.createScriptSrc = createScriptSrc;
+exports.scriptUrlToHtml = scriptUrlToHtml;
 /**
@@ -80,0 +81,0 @@ * HTML-escapes the given text (`&`, `<`, `>`, `"` and `'`).

builders/resource_url_builders.d.ts

@@ -82,3 +82,3 @@ /**
  */
-export declare function blobUrlFromScript(safeScript: SafeScript): TrustedResourceUrl;
+export declare function objectUrlFromScript(safeScript: SafeScript): TrustedResourceUrl;
 export {};

builders/resource_url_builders.js

@@ -7,3 +7,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.blobUrlFromScript = exports.replaceFragment = exports.appendParams = exports.trustedResourceUrl = void 0;
+exports.objectUrlFromScript = exports.replaceFragment = exports.appendParams = exports.trustedResourceUrl = void 0;
 require("../environment/dev");
@@ -214,3 +214,3 @@ var resource_url_impl_1 = require("../internals/resource_url_impl");
  */
-function blobUrlFromScript(safeScript) {
+function objectUrlFromScript(safeScript) {
     var scriptContent = (0, script_impl_1.unwrapScript)(safeScript).toString();
@@ -220,2 +220,2 @@ var blob = new Blob([scriptContent], { type: 'text/javascript' });
 }
-exports.blobUrlFromScript = blobUrlFromScript;
+exports.objectUrlFromScript = objectUrlFromScript;

builders/script_builders.d.ts

@@ -30,3 +30,3 @@ /**
  */
-export declare function scriptFromJson(value: Serializable): SafeScript;
+export declare function valueAsScript(value: Serializable): SafeScript;
 /**
@@ -33,0 +33,0 @@ * Creates a `SafeScript` object from a template literal (without any embedded

builders/script_builders.js

@@ -7,3 +7,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.safeScriptWithArgs = exports.scriptFromJson = exports.concatScripts = exports.safeScript = void 0;
+exports.safeScriptWithArgs = exports.valueAsScript = exports.concatScripts = exports.safeScript = void 0;
 require("../environment/dev");
@@ -42,6 +42,6 @@ var script_impl_1 = require("../internals/script_impl");
  */
-function scriptFromJson(value) {
+function valueAsScript(value) {
     return (0, script_impl_1.createScript)(JSON.stringify(value).replace(/</g, '\\x3c'));
 }
-exports.scriptFromJson = scriptFromJson;
+exports.valueAsScript = valueAsScript;
 /**
@@ -89,3 +89,3 @@ * Creates a `SafeScript` object from a template literal (without any embedded
         }
-        var values = argValues.map(function (v) { return scriptFromJson(v).toString(); });
+        var values = argValues.map(function (v) { return valueAsScript(v).toString(); });
         return (0, script_impl_1.createScript)("(".concat(templateObj.join(''), ")(").concat(values.join(','), ")"));
@@ -92,0 +92,0 @@ };

builders/url_sanitizer.d.ts

@@ -11,2 +11,9 @@ /**
 /**
+ * Extracts the scheme from the given URL. If the URL is relative, https: is
+ * assumed.
+ * @param url The URL to extract the scheme from.
+ * @return the URL scheme.
+ */
+export declare function extractScheme(url: string): string | undefined;
+/**
  * Checks that the URL scheme is not javascript.
@@ -13,0 +20,0 @@ * The URL parsing relies on the URL API in browsers that support it.

builders/url_sanitizer.js

@@ -7,3 +7,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.restrictivelySanitizeUrl = exports.unwrapUrlOrSanitize = exports.sanitizeJavascriptUrl = void 0;
+exports.restrictivelySanitizeUrl = exports.unwrapUrlOrSanitize = exports.sanitizeJavascriptUrl = exports.extractScheme = void 0;
 /**
@@ -14,2 +14,8 @@ * @fileoverview Provides functions to enforce the SafeUrl contract at the sink
 require("../environment/dev");
+/**
+ * Extracts the scheme from the given URL. If the URL is relative, https: is
+ * assumed.
+ * @param url The URL to extract the scheme from.
+ * @return the URL scheme.
+ */
 function extractScheme(url) {
@@ -30,2 +36,3 @@ var parsedUrl;
 }
+exports.extractScheme = extractScheme;
 // We can't use an ES6 Set here because gws somehow depends on this code and
@@ -32,0 +39,0 @@ // doesn't want to pay the cost of a polyfill.

dom/index.d.ts

@@ -21,2 +21,3 @@ /**
 export * as safeStyleEl from './elements/style';
+export * as safeSvgUseEl from './elements/svg_use';
 export * as safeDocument from './globals/document';
@@ -23,0 +24,0 @@ export * as safeDomParser from './globals/dom_parser';

dom/index.js

@@ -30,3 +30,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.safeWorker = exports.safeWindow = exports.safeServiceWorkerContainer = exports.safeRange = exports.safeLocation = exports.safeGlobal = exports.safeDomParser = exports.safeDocument = exports.safeStyleEl = exports.safeScriptEl = exports.safeObjectEl = exports.safeLinkEl = exports.safeInputEl = exports.safeIframeEl = exports.safeFormEl = exports.safeEmbedEl = exports.safeElement = exports.safeButtonEl = exports.safeAreaEl = exports.safeAnchorEl = void 0;
+exports.safeWorker = exports.safeWindow = exports.safeServiceWorkerContainer = exports.safeRange = exports.safeLocation = exports.safeGlobal = exports.safeDomParser = exports.safeDocument = exports.safeSvgUseEl = exports.safeStyleEl = exports.safeScriptEl = exports.safeObjectEl = exports.safeLinkEl = exports.safeInputEl = exports.safeIframeEl = exports.safeFormEl = exports.safeEmbedEl = exports.safeElement = exports.safeButtonEl = exports.safeAreaEl = exports.safeAnchorEl = void 0;
 /**
@@ -48,2 +48,3 @@ * @fileoverview This file re-exports all of the wrappers to ensure that we have
 exports.safeStyleEl = __importStar(require("./elements/style"));
+exports.safeSvgUseEl = __importStar(require("./elements/svg_use"));
 exports.safeDocument = __importStar(require("./globals/document"));
@@ -50,0 +51,0 @@ exports.safeDomParser = __importStar(require("./globals/dom_parser"));

index.d.ts

@@ -7,7 +7,7 @@ /**
 export { safeAttrPrefix } from './builders/attribute_builders';
-export { concatHtmls, createScript, createScriptSrc, htmlEscape } from './builders/html_builders';
+export { concatHtmls, htmlEscape, scriptToHtml, scriptUrlToHtml } from './builders/html_builders';
 export { HtmlSanitizer, sanitizeHtml, sanitizeHtmlAssertUnchanged, sanitizeHtmlToFragment } from './builders/html_sanitizer/html_sanitizer';
 export { HtmlSanitizerBuilder } from './builders/html_sanitizer/html_sanitizer_builder';
-export { appendParams, blobUrlFromScript, replaceFragment, trustedResourceUrl } from './builders/resource_url_builders';
-export { concatScripts, safeScript, safeScriptWithArgs, scriptFromJson } from './builders/script_builders';
+export { appendParams, objectUrlFromScript, replaceFragment, trustedResourceUrl } from './builders/resource_url_builders';
+export { concatScripts, safeScript, safeScriptWithArgs, valueAsScript } from './builders/script_builders';
 export { concatStyles, safeStyle } from './builders/style_builders';
@@ -14,0 +14,0 @@ export { concatStyleSheets, safeStyleSheet } from './builders/style_sheet_builders';

index.js

@@ -7,3 +7,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.unwrapStyleSheet = exports.SafeStyleSheet = exports.isStyleSheet = exports.unwrapStyle = exports.SafeStyle = exports.isStyle = exports.unwrapScript = exports.SafeScript = exports.isScript = exports.EMPTY_SCRIPT = exports.unwrapResourceUrl = exports.TrustedResourceUrl = exports.isResourceUrl = exports.unwrapHtml = exports.SafeHtml = exports.isHtml = exports.EMPTY_HTML = exports.unwrapAttributePrefix = exports.SafeAttributePrefix = exports.safeStyleSheet = exports.concatStyleSheets = exports.safeStyle = exports.concatStyles = exports.scriptFromJson = exports.safeScriptWithArgs = exports.safeScript = exports.concatScripts = exports.trustedResourceUrl = exports.replaceFragment = exports.blobUrlFromScript = exports.appendParams = exports.HtmlSanitizerBuilder = exports.sanitizeHtmlToFragment = exports.sanitizeHtmlAssertUnchanged = exports.sanitizeHtml = exports.htmlEscape = exports.createScriptSrc = exports.createScript = exports.concatHtmls = exports.safeAttrPrefix = void 0;
+exports.unwrapStyleSheet = exports.SafeStyleSheet = exports.isStyleSheet = exports.unwrapStyle = exports.SafeStyle = exports.isStyle = exports.unwrapScript = exports.SafeScript = exports.isScript = exports.EMPTY_SCRIPT = exports.unwrapResourceUrl = exports.TrustedResourceUrl = exports.isResourceUrl = exports.unwrapHtml = exports.SafeHtml = exports.isHtml = exports.EMPTY_HTML = exports.unwrapAttributePrefix = exports.SafeAttributePrefix = exports.safeStyleSheet = exports.concatStyleSheets = exports.safeStyle = exports.concatStyles = exports.valueAsScript = exports.safeScriptWithArgs = exports.safeScript = exports.concatScripts = exports.trustedResourceUrl = exports.replaceFragment = exports.objectUrlFromScript = exports.appendParams = exports.HtmlSanitizerBuilder = exports.sanitizeHtmlToFragment = exports.sanitizeHtmlAssertUnchanged = exports.sanitizeHtml = exports.scriptUrlToHtml = exports.scriptToHtml = exports.htmlEscape = exports.concatHtmls = exports.safeAttrPrefix = void 0;
 /** Safe builders */
@@ -14,5 +14,5 @@ var attribute_builders_1 = require("./builders/attribute_builders");
 Object.defineProperty(exports, "concatHtmls", { enumerable: true, get: function () { return html_builders_1.concatHtmls; } });
-Object.defineProperty(exports, "createScript", { enumerable: true, get: function () { return html_builders_1.createScript; } });
-Object.defineProperty(exports, "createScriptSrc", { enumerable: true, get: function () { return html_builders_1.createScriptSrc; } });
 Object.defineProperty(exports, "htmlEscape", { enumerable: true, get: function () { return html_builders_1.htmlEscape; } });
+Object.defineProperty(exports, "scriptToHtml", { enumerable: true, get: function () { return html_builders_1.scriptToHtml; } });
+Object.defineProperty(exports, "scriptUrlToHtml", { enumerable: true, get: function () { return html_builders_1.scriptUrlToHtml; } });
 var html_sanitizer_1 = require("./builders/html_sanitizer/html_sanitizer");
@@ -26,3 +26,3 @@ Object.defineProperty(exports, "sanitizeHtml", { enumerable: true, get: function () { return html_sanitizer_1.sanitizeHtml; } });
 Object.defineProperty(exports, "appendParams", { enumerable: true, get: function () { return resource_url_builders_1.appendParams; } });
-Object.defineProperty(exports, "blobUrlFromScript", { enumerable: true, get: function () { return resource_url_builders_1.blobUrlFromScript; } });
+Object.defineProperty(exports, "objectUrlFromScript", { enumerable: true, get: function () { return resource_url_builders_1.objectUrlFromScript; } });
 Object.defineProperty(exports, "replaceFragment", { enumerable: true, get: function () { return resource_url_builders_1.replaceFragment; } });
@@ -34,3 +34,3 @@ Object.defineProperty(exports, "trustedResourceUrl", { enumerable: true, get: function () { return resource_url_builders_1.trustedResourceUrl; } });
 Object.defineProperty(exports, "safeScriptWithArgs", { enumerable: true, get: function () { return script_builders_1.safeScriptWithArgs; } });
-Object.defineProperty(exports, "scriptFromJson", { enumerable: true, get: function () { return script_builders_1.scriptFromJson; } });
+Object.defineProperty(exports, "valueAsScript", { enumerable: true, get: function () { return script_builders_1.valueAsScript; } });
 var style_builders_1 = require("./builders/style_builders");
@@ -37,0 +37,0 @@ Object.defineProperty(exports, "concatStyles", { enumerable: true, get: function () { return style_builders_1.concatStyles; } });

package.json

 {
   "name": "safevalues",
-  "version": "0.3.4",
+  "version": "0.4.0",
   "description": "Safe builders for Trusted Types values",
@@ -5,0 +5,0 @@ "repository": "https://github.com/google/safevalues",

README.md

@@ -61,2 +61,16 @@ # safevalues
 
+## Known issues
+
+### ReferenceError: Can't find variable: process
+
+When using a bundler that performs dead-code elimination, you must ensure that
+`process.env.NODE_ENV` is declared globally with either a value of `development`
+or `production`. This is done in Webpack by
+[specifying a mode](https://webpack.js.org/guides/production/#specify-the-mode),
+in Terser using the
+[--define flag](https://webpack.js.org/guides/production/#specify-the-mode) and
+in Rollup using the
+[rollup-plugin-define plugin](https://www.npmjs.com/package/rollup-plugin-define#usage).
+See ([#212](https://github.com/google/safevalues/issues/212)).
+
 --------------------------------------------------------------------------------
@@ -63,0 +77,0 @@

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

281714

increased by1.2%

Number of package files

153

increased by2%

Lines of code

6784

increased by1.22%

Number of lines in readme file

83

increased by20.29%

Worsened metrics

Number of low supply chain risk alerts

82

increased by12.33%

No dependency changes