New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

safevalues

Package Overview
Dependencies
Maintainers
1
Versions
31
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

safevalues - npm Package Compare versions

Comparing version 1.1.0 to 1.2.0

27

dist/cjs/dom/globals/url.js

@@ -10,8 +10,10 @@ "use strict";

/**
* A pattern that matches safe MIME types. Only matches image, video and audio
* types, with some parameter support (most notably, we haven't implemented the
* more complex parts like %-encoded characters or non-alphanumerical ones for
* simplicity's sake). Also, the specs are fairly complex, and they don't
* necessarily agree with Chrome on some aspects, and so we settled on a subset
* where the behavior makes sense to all parties involved.
* A pattern that matches safe MIME types. Only matches image, video, audio and
* application/octet-stream types, with some parameter support (most notably, we
* haven't implemented the more complex parts like %-encoded characters or
* non-alphanumerical ones for simplicity's sake). Also, the specs are fairly
* complex, and they don't necessarily agree with Chrome on some aspects, and so
* we settled on a subset where the behavior makes sense to all parties
* involved.
* Use application/octet-stream for blobs that are meant to be downloaded.
*

@@ -23,2 +25,5 @@ * The spec is available at https://mimesniff.spec.whatwg.org/ (and see

function isSafeMimeType(mimeType) {
if (mimeType.toLowerCase() === 'application/octet-stream') {
return true;
}
const match = mimeType.match(/^([^;]+)(?:;\w+=(?:\w+|"[\w;,= ]+"))*$/i);

@@ -28,6 +33,7 @@ return ((match === null || match === void 0 ? void 0 : match.length) === 2 &&

isSafeVideoMimeType(match[1]) ||
isSafeAudioMimeType(match[1])));
isSafeAudioMimeType(match[1]) ||
isSafeFontMimeType(match[1])));
}
function isSafeImageMimeType(mimeType) {
return /^image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp|x-icon|heic|heif)$/i.test(mimeType);
return /^image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp|x-icon|heic|heif|avif|x-ms-bmp)$/i.test(mimeType);
}

@@ -38,4 +44,7 @@ function isSafeVideoMimeType(mimeType) {

function isSafeAudioMimeType(mimeType) {
return /^audio\/(?:3gpp2|3gpp|aac|L16|midi|mp3|mp4|mpeg|oga|ogg|opus|x-m4a|x-matroska|x-wav|wav|webm)$/i.test(mimeType);
return /^audio\/(?:3gpp2|3gpp|aac|amr|L16|midi|mp3|mp4|mpeg|oga|ogg|opus|x-m4a|x-matroska|x-wav|wav|webm)$/i.test(mimeType);
}
function isSafeFontMimeType(mimeType) {
return /^font\/[\w-]+$/i.test(mimeType);
}
/**

@@ -42,0 +51,0 @@ * Wraps URL.createObjectURL, checking the safety of the source. For blobs, the

2

dist/cjs/package.json
{
"type": "commonjs",
"version": "1.1.0"
"version": "1.2.0"
}

27

dist/mjs/dom/globals/url.js

@@ -7,8 +7,10 @@ /**

/**
* A pattern that matches safe MIME types. Only matches image, video and audio
* types, with some parameter support (most notably, we haven't implemented the
* more complex parts like %-encoded characters or non-alphanumerical ones for
* simplicity's sake). Also, the specs are fairly complex, and they don't
* necessarily agree with Chrome on some aspects, and so we settled on a subset
* where the behavior makes sense to all parties involved.
* A pattern that matches safe MIME types. Only matches image, video, audio and
* application/octet-stream types, with some parameter support (most notably, we
* haven't implemented the more complex parts like %-encoded characters or
* non-alphanumerical ones for simplicity's sake). Also, the specs are fairly
* complex, and they don't necessarily agree with Chrome on some aspects, and so
* we settled on a subset where the behavior makes sense to all parties
* involved.
* Use application/octet-stream for blobs that are meant to be downloaded.
*

@@ -20,2 +22,5 @@ * The spec is available at https://mimesniff.spec.whatwg.org/ (and see

function isSafeMimeType(mimeType) {
if (mimeType.toLowerCase() === 'application/octet-stream') {
return true;
}
const match = mimeType.match(/^([^;]+)(?:;\w+=(?:\w+|"[\w;,= ]+"))*$/i);

@@ -25,6 +30,7 @@ return ((match === null || match === void 0 ? void 0 : match.length) === 2 &&

isSafeVideoMimeType(match[1]) ||
isSafeAudioMimeType(match[1])));
isSafeAudioMimeType(match[1]) ||
isSafeFontMimeType(match[1])));
}
function isSafeImageMimeType(mimeType) {
return /^image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp|x-icon|heic|heif)$/i.test(mimeType);
return /^image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp|x-icon|heic|heif|avif|x-ms-bmp)$/i.test(mimeType);
}

@@ -35,4 +41,7 @@ function isSafeVideoMimeType(mimeType) {

function isSafeAudioMimeType(mimeType) {
return /^audio\/(?:3gpp2|3gpp|aac|L16|midi|mp3|mp4|mpeg|oga|ogg|opus|x-m4a|x-matroska|x-wav|wav|webm)$/i.test(mimeType);
return /^audio\/(?:3gpp2|3gpp|aac|amr|L16|midi|mp3|mp4|mpeg|oga|ogg|opus|x-m4a|x-matroska|x-wav|wav|webm)$/i.test(mimeType);
}
function isSafeFontMimeType(mimeType) {
return /^font\/[\w-]+$/i.test(mimeType);
}
/**

@@ -39,0 +48,0 @@ * Wraps URL.createObjectURL, checking the safety of the source. For blobs, the

2

dist/mjs/package.json
{
"type": "module",
"version": "1.1.0"
"version": "1.2.0"
}

2

package.json
{
"name": "safevalues",
"version": "1.1.0",
"version": "1.2.0",
"description": "Safe builders for Trusted Types values",

@@ -5,0 +5,0 @@ "repository": "https://github.com/google/safevalues",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc