Comparing version 0.4.0 to 0.5.0
@@ -0,1 +1,19 @@ | ||
# Changelog | ||
All notable changes to this project will be documented in this file. | ||
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). | ||
## 0.5.0 | ||
### Fixes | ||
- Avoid misinterpretation of malicious XML input - `GHSA-h6q6-9hqw-rwfv` (CVE-2021-21366) | ||
- Fix breaking preprocessors' directives when parsing attributes [`#171`](https://github.com/xmldom/xmldom/pull/171) | ||
- fix(dom): Escape `]]>` when serializing CharData [`#181`](https://github.com/xmldom/xmldom/pull/181) | ||
- Switch to (only) MIT license (drop problematic LGPL license option) [`#178`](https://github.com/xmldom/xmldom/pull/178) | ||
- Export DOMException; remove custom assertions; etc. [`#174`](https://github.com/xmldom/xmldom/pull/174) | ||
### Docs | ||
- Update MDN links in `readme.md` [`#188`](https://github.com/xmldom/xmldom/pull/188) | ||
## 0.4.0 | ||
@@ -2,0 +20,0 @@ |
@@ -181,4 +181,3 @@ function DOMParser(options){ | ||
fatalError:function(error) { | ||
console.error('[xmldom fatalError]\t'+error,_locator(this.locator)); | ||
throw error; | ||
throw new ParseError(error, this.locator); | ||
} | ||
@@ -248,6 +247,9 @@ } | ||
var htmlEntity = require('./entities'); | ||
var XMLReader = require('./sax').XMLReader; | ||
var sax = require('./sax'); | ||
var XMLReader = sax.XMLReader; | ||
var ParseError = sax.ParseError; | ||
var DOMImplementation = exports.DOMImplementation = require('./dom').DOMImplementation; | ||
exports.XMLSerializer = require('./dom').XMLSerializer ; | ||
exports.DOMParser = DOMParser; | ||
exports.__DOMHandler = DOMHandler; | ||
//} |
@@ -1,8 +0,1 @@ | ||
/* | ||
* DOM Level 2 | ||
* Object DOMException | ||
* @see http://www.w3.org/TR/REC-DOM-Level-1/ecma-script-language-binding.html | ||
* @see http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/ecma-script-binding.html | ||
*/ | ||
function copy(src,dest){ | ||
@@ -69,3 +62,8 @@ for(var p in src){ | ||
/** | ||
* DOM Level 2 | ||
* Object DOMException | ||
* @see http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/ecma-script-binding.html | ||
* @see http://www.w3.org/TR/REC-DOM-Level-1/ecma-script-language-binding.html | ||
*/ | ||
function DOMException(code, message) { | ||
@@ -1070,5 +1068,23 @@ if(message instanceof Error){ | ||
case ATTRIBUTE_NODE: | ||
return buf.push(' ',node.name,'="',node.value.replace(/[<&"]/g,_xmlEncoder),'"'); | ||
return buf.push(' ',node.name,'="',node.value.replace(/[&"]/g,_xmlEncoder),'"'); | ||
case TEXT_NODE: | ||
return buf.push(node.data.replace(/[<&]/g,_xmlEncoder)); | ||
/** | ||
* The ampersand character (&) and the left angle bracket (<) must not appear in their literal form, | ||
* except when used as markup delimiters, or within a comment, a processing instruction, or a CDATA section. | ||
* If they are needed elsewhere, they must be escaped using either numeric character references or the strings | ||
* `&` and `<` respectively. | ||
* The right angle bracket (>) may be represented using the string " > ", and must, for compatibility, | ||
* be escaped using either `>` or a character reference when it appears in the string `]]>` in content, | ||
* when that string is not marking the end of a CDATA section. | ||
* | ||
* In the content of elements, character data is any string of characters | ||
* which does not contain the start-delimiter of any markup | ||
* and does not include the CDATA-section-close delimiter, `]]>`. | ||
* | ||
* @see https://www.w3.org/TR/xml/#NT-CharData | ||
*/ | ||
return buf.push(node.data | ||
.replace(/[<&]/g,_xmlEncoder) | ||
.replace(/]]>/g, ']]>') | ||
); | ||
case CDATA_SECTION_NODE: | ||
@@ -1083,9 +1099,9 @@ return buf.push( '<![CDATA[',node.data,']]>'); | ||
if(pubid){ | ||
buf.push(' PUBLIC "',pubid); | ||
buf.push(' PUBLIC ', pubid); | ||
if (sysid && sysid!='.') { | ||
buf.push( '" "',sysid); | ||
buf.push(' ', sysid); | ||
} | ||
buf.push('">'); | ||
buf.push('>'); | ||
}else if(sysid && sysid!='.'){ | ||
buf.push(' SYSTEM "',sysid,'">'); | ||
buf.push(' SYSTEM ', sysid, '>'); | ||
}else{ | ||
@@ -1257,4 +1273,5 @@ var sub = node.internalSubset; | ||
exports.Node = Node; | ||
exports.DOMException = DOMException; | ||
exports.DOMImplementation = DOMImplementation; | ||
exports.XMLSerializer = XMLSerializer; | ||
//} |
@@ -21,2 +21,17 @@ //[4] NameStartChar ::= ":" | [A-Z] | "_" | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF] | [#x370-#x37D] | [#x37F-#x1FFF] | [#x200C-#x200D] | [#x2070-#x218F] | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF] | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF] | ||
/** | ||
* Creates an error that will not be caught by XMLReader aka the SAX parser. | ||
* | ||
* @param {string} message | ||
* @param {any?} locator Optional, can provide details about the location in the source | ||
* @constructor | ||
*/ | ||
function ParseError(message, locator) { | ||
this.message = message | ||
this.locator = locator | ||
if(Error.captureStackTrace) Error.captureStackTrace(this, ParseError); | ||
} | ||
ParseError.prototype = new Error(); | ||
ParseError.prototype.name = ParseError.name | ||
function XMLReader(){ | ||
@@ -130,3 +145,3 @@ | ||
if(!endMatch){ | ||
errorHandler.fatalError("end tag name: "+tagName+' is not match the current start tagName:'+config.tagName ); | ||
errorHandler.fatalError("end tag name: "+tagName+' is not match the current start tagName:'+config.tagName ); // No known test case | ||
} | ||
@@ -192,6 +207,7 @@ }else{ | ||
}catch(e){ | ||
if (e instanceof ParseError) { | ||
throw e; | ||
} | ||
errorHandler.error('element parse error: '+e) | ||
//errorHandler.error('element parse error: '+e); | ||
end = -1; | ||
//throw e; | ||
} | ||
@@ -217,2 +233,12 @@ if(end>start){ | ||
function parseElementStartPart(source,start,el,currentNSMap,entityReplacer,errorHandler){ | ||
/** | ||
* @param {string} qname | ||
* @param {string} value | ||
* @param {number} startIndex | ||
*/ | ||
function addAttribute(qname, value, startIndex) { | ||
if (qname in el.attributeNames) errorHandler.fatalError('Attribute ' + qname + ' redefined') | ||
el.addValue(qname, value, startIndex) | ||
} | ||
var attrName; | ||
@@ -233,3 +259,3 @@ var value; | ||
//fatalError: equal must after attrName or space after attrName | ||
throw new Error('attribute equal must after attrName'); | ||
throw new Error('attribute equal must after attrName'); // No known test case | ||
} | ||
@@ -249,3 +275,3 @@ break; | ||
value = source.slice(start,p).replace(/&#?\w+;/g,entityReplacer); | ||
el.add(attrName,value,start-1); | ||
addAttribute(attrName, value, start-1); | ||
s = S_ATTR_END; | ||
@@ -259,3 +285,3 @@ }else{ | ||
//console.log(attrName,value,start,p) | ||
el.add(attrName,value,start); | ||
addAttribute(attrName, value, start); | ||
//console.dir(el) | ||
@@ -267,3 +293,3 @@ errorHandler.warning('attribute "'+attrName+'" missed start quot('+c+')!!'); | ||
//fatalError: no equal before | ||
throw new Error('attribute value must after "="'); | ||
throw new Error('attribute value must after "="'); // No known test case | ||
} | ||
@@ -286,7 +312,6 @@ break; | ||
default: | ||
throw new Error("attribute invalid close char('/')") | ||
throw new Error("attribute invalid close char('/')") // No known test case | ||
} | ||
break; | ||
case ''://end document | ||
//throw new Error('unexpected end of input') | ||
errorHandler.error('unexpected end of input'); | ||
@@ -317,4 +342,4 @@ if(s == S_TAG){ | ||
if(s == S_ATTR_NOQUOT_VALUE){ | ||
errorHandler.warning('attribute "'+value+'" missed quot(")!!'); | ||
el.add(attrName,value.replace(/&#?\w+;/g,entityReplacer),start) | ||
errorHandler.warning('attribute "'+value+'" missed quot(")!'); | ||
addAttribute(attrName, value.replace(/&#?\w+;/g,entityReplacer), start) | ||
}else{ | ||
@@ -324,3 +349,3 @@ if(currentNSMap[''] !== 'http://www.w3.org/1999/xhtml' || !value.match(/^(?:disabled|checked|selected)$/i)){ | ||
} | ||
el.add(value,value,start) | ||
addAttribute(value, value, start) | ||
} | ||
@@ -350,3 +375,3 @@ break; | ||
errorHandler.warning('attribute "'+value+'" missed quot(")!!'); | ||
el.add(attrName,value,start) | ||
addAttribute(attrName, value, start) | ||
case S_ATTR_END: | ||
@@ -374,3 +399,3 @@ s = S_TAG_SPACE; | ||
} | ||
el.add(attrName,attrName,start); | ||
addAttribute(attrName, attrName, start); | ||
start = p; | ||
@@ -558,4 +583,3 @@ s = S_ATTR; | ||
var lastMatch = matchs[len-1] | ||
domBuilder.startDTD(name,pubid && pubid.replace(/^(['"])(.*?)\1$/,'$2'), | ||
sysid && sysid.replace(/^(['"])(.*?)\1$/,'$2')); | ||
domBuilder.startDTD(name, pubid, sysid); | ||
domBuilder.endDTD(); | ||
@@ -586,7 +610,4 @@ | ||
/** | ||
* @param source | ||
*/ | ||
function ElementAttributes(source){ | ||
function ElementAttributes(){ | ||
this.attributeNames = {} | ||
} | ||
@@ -600,6 +621,7 @@ ElementAttributes.prototype = { | ||
}, | ||
add:function(qName,value,offset){ | ||
addValue:function(qName, value, offset) { | ||
if(!tagNamePattern.test(qName)){ | ||
throw new Error('invalid attribute:'+qName) | ||
} | ||
this.attributeNames[qName] = this.length; | ||
this[this.length++] = {qName:qName,value:value,offset:offset} | ||
@@ -640,2 +662,2 @@ }, | ||
exports.XMLReader = XMLReader; | ||
exports.ParseError = ParseError; |
{ | ||
"name": "xmldom", | ||
"version": "0.4.0", | ||
"version": "0.5.0", | ||
"description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.", | ||
@@ -23,3 +23,3 @@ "keywords": [ | ||
"CHANGELOG.md", | ||
"LICENSE.md", | ||
"LICENSE", | ||
"readme.md", | ||
@@ -42,15 +42,14 @@ "lib" | ||
"devDependencies": { | ||
"@stryker-mutator/core": "^3.3.1", | ||
"@stryker-mutator/javascript-mutator": "^3.3.1", | ||
"@stryker-mutator/core": "^4.4.1", | ||
"dom-js": "0.0.9", | ||
"eslint": "^7.12.0", | ||
"eslint-config-prettier": "^6.14.0", | ||
"eslint": "^7.18.0", | ||
"eslint-config-prettier": "^7.2.0", | ||
"eslint-plugin-es5": "^1.5.0", | ||
"eslint-plugin-prettier": "^3.1.4", | ||
"eslint-plugin-prettier": "^3.3.1", | ||
"get-stream": "^6.0.0", | ||
"jest": "^26.6.1", | ||
"nodemon": "^2.0.6", | ||
"jest": "^26.6.3", | ||
"nodemon": "^2.0.7", | ||
"npm-run-all": "^4.1.5", | ||
"prettier": "^2.1.2", | ||
"xmltest": "^1.4.0", | ||
"prettier": "^2.2.1", | ||
"xmltest": "^1.5.0", | ||
"yauzl": "^2.10.0" | ||
@@ -90,2 +89,7 @@ }, | ||
"web": "https://github.com/kethinov" | ||
}, | ||
{ | ||
"name": "Christian Bewernitz", | ||
"email": "coder@karfau.de", | ||
"web": "https://github.com/karfau" | ||
} | ||
@@ -96,3 +100,3 @@ ], | ||
}, | ||
"license": "(LGPL-2.0 OR MIT)" | ||
"license": "MIT" | ||
} |
# XMLDOM | ||
[![license](https://img.shields.io/npm/l/xmldom?color=blue&style=flat-square)](./LICENSE.md) | ||
[![license](https://img.shields.io/npm/l/xmldom?color=blue&style=flat-square)](LICENSE) | ||
[![npm](https://img.shields.io/npm/v/xmldom?style=flat-square)](https://www.npmjs.com/package/xmldom) | ||
@@ -49,3 +49,3 @@ [![bug issues](https://img.shields.io/github/issues/xmldom/xmldom/bug?color=red&style=flat-square)](https://github.com/xmldom/xmldom/issues?q=is%3Aissue+is%3Aopen+label%3Abug) | ||
* [DOMParser](https://developer.mozilla.org/en/DOMParser): | ||
* [DOMParser](https://developer.mozilla.org/en-US/docs/Web/API/DOMParser): | ||
@@ -78,3 +78,3 @@ ```javascript | ||
* [XMLSerializer](https://developer.mozilla.org/en/XMLSerializer) | ||
* [XMLSerializer](https://developer.mozilla.org/en-US/docs/Web/API/XMLSerializer) | ||
@@ -103,3 +103,27 @@ ```javascript | ||
hasAttributes() | ||
* [DOMException](http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/ecma-script-binding.html) | ||
The DOMException class has the following constants (and `value` of type `Number`): | ||
1. `DOMException.INDEX_SIZE_ERR` (`1`) | ||
1. `DOMException.DOMSTRING_SIZE_ERR` (`2`) | ||
1. `DOMException.HIERARCHY_REQUEST_ERR` (`3`) | ||
1. `DOMException.WRONG_DOCUMENT_ERR` (`4`) | ||
1. `DOMException.INVALID_CHARACTER_ERR` (`5`) | ||
1. `DOMException.NO_DATA_ALLOWED_ERR` (`6`) | ||
1. `DOMException.NO_MODIFICATION_ALLOWED_ERR` (`7`) | ||
1. `DOMException.NOT_FOUND_ERR` (`8`) | ||
1. `DOMException.NOT_SUPPORTED_ERR` (`9`) | ||
1. `DOMException.INUSE_ATTRIBUTE_ERR` (`10`) | ||
1. `DOMException.INVALID_STATE_ERR` (`11`) | ||
1. `DOMException.SYNTAX_ERR` (`12`) | ||
1. `DOMException.INVALID_MODIFICATION_ERR` (`13`) | ||
1. `DOMException.NAMESPACE_ERR` (`14`) | ||
1. `DOMException.INVALID_ACCESS_ERR` (`15`) | ||
The DOMException object has the following properties: | ||
code | ||
This property is of type Number. | ||
* extends the Error type thrown as part of DOM API: | ||
* [DOMImplementation](http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/core.html#ID-102161490) | ||
@@ -234,3 +258,4 @@ | ||
--- | ||
* [Node] Source position extension; | ||
* [Node] Source position extension; | ||
@@ -237,0 +262,0 @@ attribute: |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
Unidentified License
License(Experimental) Something that seems like a license was found, but its contents could not be matched with a known license.
Found 1 instance in 1 package
88698
13
0
100
2320
0
263