serialize-to-js
Advanced tools
Comparing version 1.0.0 to 1.1.0
/* | ||
* @copyright 2016 commenthol | ||
* @copyright 2016- commenthol | ||
* @license MIT | ||
@@ -9,3 +9,3 @@ */ | ||
var sanitize = require('./internal/sanitize') | ||
var saferEval = require('safer-eval') | ||
@@ -15,4 +15,3 @@ /** | ||
* | ||
* _NOTE_: Deserialization uses `new Function()` for code evaluation which may be "harmful". | ||
* In default mode input code gets inspected, but removing `new Function, function, eval` might still not be sufficient. | ||
* _NOTE_: Deserialization uses `safer-eval` for code evaluation which may be "harmful". | ||
* *So now you are WARNED!* | ||
@@ -31,9 +30,11 @@ * | ||
* @param {String} str - string containing serialized data | ||
* @param {Boolean} [unsafe] - if `true` unsafe and harmful code evaluation (default=false) | ||
* @param {Object|Boolean} [context] - pass context - if `true` unsafe execution | ||
* @return {Any} deserialized data | ||
*/ | ||
function deserialize (str, unsafe) { | ||
if (!unsafe) str = sanitize(str) | ||
return (new Function('"use strict"; return ' + str))() | ||
function deserialize (str, context) { | ||
if (context === true) { | ||
return (new Function('"use strict"; return ' + str))() // unsafe execution | ||
} | ||
return saferEval(str, context) | ||
} | ||
module.exports = deserialize |
/* | ||
* @copyright 2015 commenthol | ||
* @copyright 2015- commenthol | ||
* @license MIT | ||
@@ -4,0 +4,0 @@ */ |
@@ -94,15 +94,6 @@ /* eslint | ||
TYPED_ARRAYS.forEach(function (i) { | ||
var fn = new Function('arg', 'return (arg instanceof ' + i + ')') | ||
exports['is' + i] = function (arg) { | ||
return fn(arg) | ||
} | ||
}) | ||
function isTypedArray (arg) { | ||
for (var i in TYPED_ARRAYS) { | ||
var type = TYPED_ARRAYS[i] | ||
if (exports['is' + type](arg)) { | ||
return type | ||
} | ||
var type = toType(arg) | ||
if (TYPED_ARRAYS.indexOf(type) !== -1) { | ||
return type | ||
} | ||
@@ -115,1 +106,5 @@ } | ||
} | ||
function toType (o) { | ||
return objectToString(o).replace(/^\[object (.*)\]$/, '$1') | ||
} |
/* | ||
* @copyright 2016 commenthol | ||
* @copyright 2016- commenthol | ||
* @license MIT | ||
@@ -4,0 +4,0 @@ */ |
/* | ||
* @copyright 2016 commenthol | ||
* @copyright 2016- commenthol | ||
* @license MIT | ||
@@ -4,0 +4,0 @@ */ |
{ | ||
"name": "serialize-to-js", | ||
"version": "1.0.0", | ||
"version": "1.1.0", | ||
"description": "serialize objects to javascript", | ||
"main": "lib", | ||
"engines": { | ||
"node": ">=0.8.0" | ||
"node": ">=4.0.0" | ||
}, | ||
@@ -14,4 +14,4 @@ "directories": { | ||
"dependencies": { | ||
"esprima": "^3.1.3", | ||
"js-beautify": "~1.6.8" | ||
"js-beautify": "~1.6.8", | ||
"safer-eval": "^1.2.0" | ||
}, | ||
@@ -28,3 +28,3 @@ "devDependencies": { | ||
"scripts": { | ||
"test": "mocha --reporter spec --check-leaks test/*.js", | ||
"test": "mocha test/*.js", | ||
"cover": "istanbul cover _mocha --report lcov --report text -- --reporter dot --check-leaks test/*.js", | ||
@@ -31,0 +31,0 @@ "doc": "jsdox -o doc lib/*.js", |
@@ -97,3 +97,3 @@ # serialize-to-js | ||
`deserialize(str)` | ||
`deserialize(str, [context])` | ||
@@ -103,5 +103,6 @@ deserialize a serialized object to javascript | ||
> _NOTE_: Deserialization uses `new Function()` for code evaluation which may be "harmful". | ||
> In default mode input code gets inspected, but removing `new Function, function, eval` might still not be sufficient. | ||
> **SO NOW YOU ARE WARNED!** | ||
Uses [safer-eval][] for deserialization. | ||
#### Example - deserializing regex, date, ... | ||
@@ -123,3 +124,3 @@ | ||
**unsafe**: `Boolean`, if `true` unsafe and harmful code evaluation (default=false) | ||
**context**: (optional) pass context e.g. if requiring Buffer use `{Buffer: Buffer}`. | ||
@@ -182,1 +183,2 @@ **Returns**: `Any`, deserialized data | ||
[LICENSE]: ./LICENSE | ||
[safer-eval]: https://github.com/commenthol/safer-eval |
181
18715
9
397
+ Addedsafer-eval@^1.2.0
+ Addedclones@1.2.0(transitive)
+ Addedsafer-eval@1.3.6(transitive)
- Removedesprima@^3.1.3
- Removedesprima@3.1.3(transitive)