xmldom - npm Package Compare versions

Comparing version 0.4.0 to 0.5.0

LICENSE

CHANGELOG.md

		@@ -0,1 +1,19 @@
		# Changelog

		All notable changes to this project will be documented in this file.

		This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

		## 0.5.0

		### Fixes
		- Avoid misinterpretation of malicious XML input - `GHSA-h6q6-9hqw-rwfv` (CVE-2021-21366)
		- Fix breaking preprocessors' directives when parsing attributes [`#171`](https://github.com/xmldom/xmldom/pull/171)
		- fix(dom): Escape `]]>` when serializing CharData [`#181`](https://github.com/xmldom/xmldom/pull/181)
		- Switch to (only) MIT license (drop problematic LGPL license option) [`#178`](https://github.com/xmldom/xmldom/pull/178)
		- Export DOMException; remove custom assertions; etc. [`#174`](https://github.com/xmldom/xmldom/pull/174)

		### Docs
		- Update MDN links in `readme.md` [`#188`](https://github.com/xmldom/xmldom/pull/188)

		## 0.4.0
		@@ -2,0 +20,0 @@

lib/dom-parser.js

		@@ -181,4 +181,3 @@ function DOMParser(options){
		fatalError:function(error) {
		console.error('[xmldom fatalError]\t'+error,_locator(this.locator));
		throw error;
		throw new ParseError(error, this.locator);
		}
		@@ -248,6 +247,9 @@ }
		var htmlEntity = require('./entities');
		var XMLReader = require('./sax').XMLReader;
		var sax = require('./sax');
		var XMLReader = sax.XMLReader;
		var ParseError = sax.ParseError;
		var DOMImplementation = exports.DOMImplementation = require('./dom').DOMImplementation;
		exports.XMLSerializer = require('./dom').XMLSerializer ;
		exports.DOMParser = DOMParser;
		exports.__DOMHandler = DOMHandler;
		//}

lib/dom.js

		@@ -1,8 +0,1 @@
		/*
		* DOM Level 2
		* Object DOMException
		* @see http://www.w3.org/TR/REC-DOM-Level-1/ecma-script-language-binding.html
		* @see http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/ecma-script-binding.html
		*/

		function copy(src,dest){
		@@ -69,3 +62,8 @@ for(var p in src){


		/**
		* DOM Level 2
		* Object DOMException
		* @see http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/ecma-script-binding.html
		* @see http://www.w3.org/TR/REC-DOM-Level-1/ecma-script-language-binding.html
		*/
		function DOMException(code, message) {
		@@ -1070,5 +1068,23 @@ if(message instanceof Error){
		case ATTRIBUTE_NODE:
		return buf.push(' ',node.name,'="',node.value.replace(/[<&"]/g,_xmlEncoder),'"');
		return buf.push(' ',node.name,'="',node.value.replace(/[&"]/g,_xmlEncoder),'"');
		case TEXT_NODE:
		return buf.push(node.data.replace(/[<&]/g,_xmlEncoder));
		/**
		* The ampersand character (&) and the left angle bracket (<) must not appear in their literal form,
		* except when used as markup delimiters, or within a comment, a processing instruction, or a CDATA section.
		* If they are needed elsewhere, they must be escaped using either numeric character references or the strings
		* `&` and `<` respectively.
		* The right angle bracket (>) may be represented using the string " > ", and must, for compatibility,
		* be escaped using either `>` or a character reference when it appears in the string `]]>` in content,
		* when that string is not marking the end of a CDATA section.
		*
		* In the content of elements, character data is any string of characters
		* which does not contain the start-delimiter of any markup
		* and does not include the CDATA-section-close delimiter, `]]>`.
		*
		* @see https://www.w3.org/TR/xml/#NT-CharData
		*/
		return buf.push(node.data
		.replace(/[<&]/g,_xmlEncoder)
		.replace(/]]>/g, ']]>')
		);
		case CDATA_SECTION_NODE:
		@@ -1083,9 +1099,9 @@ return buf.push( '<![CDATA[',node.data,']]>');
		if(pubid){
		buf.push(' PUBLIC "',pubid);
		buf.push(' PUBLIC ', pubid);
		if (sysid && sysid!='.') {
		buf.push( '" "',sysid);
		buf.push(' ', sysid);
		}
		buf.push('">');
		buf.push('>');
		}else if(sysid && sysid!='.'){
		buf.push(' SYSTEM "',sysid,'">');
		buf.push(' SYSTEM ', sysid, '>');
		}else{
		@@ -1257,4 +1273,5 @@ var sub = node.internalSubset;
		exports.Node = Node;
		exports.DOMException = DOMException;
		exports.DOMImplementation = DOMImplementation;
		exports.XMLSerializer = XMLSerializer;
		//}

lib/sax.js

		@@ -21,2 +21,17 @@ //[4] NameStartChar ::= ":" \| [A-Z] \| "_" \| [a-z] \| [#xC0-#xD6] \| [#xD8-#xF6] \| [#xF8-#x2FF] \| [#x370-#x37D] \| [#x37F-#x1FFF] \| [#x200C-#x200D] \| [#x2070-#x218F] \| [#x2C00-#x2FEF] \| [#x3001-#xD7FF] \| [#xF900-#xFDCF] \| [#xFDF0-#xFFFD] \| [#x10000-#xEFFFF]

		/**
		* Creates an error that will not be caught by XMLReader aka the SAX parser.
		*
		* @param {string} message
		* @param {any?} locator Optional, can provide details about the location in the source
		* @constructor
		*/
		function ParseError(message, locator) {
		this.message = message
		this.locator = locator
		if(Error.captureStackTrace) Error.captureStackTrace(this, ParseError);
		}
		ParseError.prototype = new Error();
		ParseError.prototype.name = ParseError.name

		function XMLReader(){
		@@ -130,3 +145,3 @@
		if(!endMatch){
		errorHandler.fatalError("end tag name: "+tagName+' is not match the current start tagName:'+config.tagName );
		errorHandler.fatalError("end tag name: "+tagName+' is not match the current start tagName:'+config.tagName ); // No known test case
		}
		@@ -192,6 +207,7 @@ }else{
		}catch(e){
		if (e instanceof ParseError) {
		throw e;
		}
		errorHandler.error('element parse error: '+e)
		//errorHandler.error('element parse error: '+e);
		end = -1;
		//throw e;
		}
		@@ -217,2 +233,12 @@ if(end>start){
		function parseElementStartPart(source,start,el,currentNSMap,entityReplacer,errorHandler){

		/**
		* @param {string} qname
		* @param {string} value
		* @param {number} startIndex
		*/
		function addAttribute(qname, value, startIndex) {
		if (qname in el.attributeNames) errorHandler.fatalError('Attribute ' + qname + ' redefined')
		el.addValue(qname, value, startIndex)
		}
		var attrName;
		@@ -233,3 +259,3 @@ var value;
		//fatalError: equal must after attrName or space after attrName
		throw new Error('attribute equal must after attrName');
		throw new Error('attribute equal must after attrName'); // No known test case
		}
		@@ -249,3 +275,3 @@ break;
		value = source.slice(start,p).replace(/&#?\w+;/g,entityReplacer);
		el.add(attrName,value,start-1);
		addAttribute(attrName, value, start-1);
		s = S_ATTR_END;
		@@ -259,3 +285,3 @@ }else{
		//console.log(attrName,value,start,p)
		el.add(attrName,value,start);
		addAttribute(attrName, value, start);
		//console.dir(el)
		@@ -267,3 +293,3 @@ errorHandler.warning('attribute "'+attrName+'" missed start quot('+c+')!!');
		//fatalError: no equal before
		throw new Error('attribute value must after "="');
		throw new Error('attribute value must after "="'); // No known test case
		}
		@@ -286,7 +312,6 @@ break;
		default:
		throw new Error("attribute invalid close char('/')")
		throw new Error("attribute invalid close char('/')") // No known test case
		}
		break;
		case ''://end document
		//throw new Error('unexpected end of input')
		errorHandler.error('unexpected end of input');
		@@ -317,4 +342,4 @@ if(s == S_TAG){
		if(s == S_ATTR_NOQUOT_VALUE){
		errorHandler.warning('attribute "'+value+'" missed quot(")!!');
		el.add(attrName,value.replace(/&#?\w+;/g,entityReplacer),start)
		errorHandler.warning('attribute "'+value+'" missed quot(")!');
		addAttribute(attrName, value.replace(/&#?\w+;/g,entityReplacer), start)
		}else{
		@@ -324,3 +349,3 @@ if(currentNSMap[''] !== 'http://www.w3.org/1999/xhtml' \|\| !value.match(/^(?:disabled\|checked\|selected)$/i)){
		}
		el.add(value,value,start)
		addAttribute(value, value, start)
		}
		@@ -350,3 +375,3 @@ break;
		errorHandler.warning('attribute "'+value+'" missed quot(")!!');
		el.add(attrName,value,start)
		addAttribute(attrName, value, start)
		case S_ATTR_END:
		@@ -374,3 +399,3 @@ s = S_TAG_SPACE;
		}
		el.add(attrName,attrName,start);
		addAttribute(attrName, attrName, start);
		start = p;
		@@ -558,4 +583,3 @@ s = S_ATTR;
		var lastMatch = matchs[len-1]
		domBuilder.startDTD(name,pubid && pubid.replace(/^(['"])(.*?)\1$/,'$2'),
		sysid && sysid.replace(/^(['"])(.*?)\1$/,'$2'));
		domBuilder.startDTD(name, pubid, sysid);
		domBuilder.endDTD();
		@@ -586,7 +610,4 @@

		/**
		* @param source
		*/
		function ElementAttributes(source){

		function ElementAttributes(){
		this.attributeNames = {}
		}
		@@ -600,6 +621,7 @@ ElementAttributes.prototype = {
		},
		add:function(qName,value,offset){
		addValue:function(qName, value, offset) {
		if(!tagNamePattern.test(qName)){
		throw new Error('invalid attribute:'+qName)
		}
		this.attributeNames[qName] = this.length;
		this[this.length++] = {qName:qName,value:value,offset:offset}
		@@ -640,2 +662,2 @@ },
		exports.XMLReader = XMLReader;

		exports.ParseError = ParseError;

package.json

		{
		"name": "xmldom",
		"version": "0.4.0",
		"version": "0.5.0",
		"description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.",
		@@ -23,3 +23,3 @@ "keywords": [
		"CHANGELOG.md",
		"LICENSE.md",
		"LICENSE",
		"readme.md",
		@@ -42,15 +42,14 @@ "lib"
		"devDependencies": {
		"@stryker-mutator/core": "^3.3.1",
		"@stryker-mutator/javascript-mutator": "^3.3.1",
		"@stryker-mutator/core": "^4.4.1",
		"dom-js": "0.0.9",
		"eslint": "^7.12.0",
		"eslint-config-prettier": "^6.14.0",
		"eslint": "^7.18.0",
		"eslint-config-prettier": "^7.2.0",
		"eslint-plugin-es5": "^1.5.0",
		"eslint-plugin-prettier": "^3.1.4",
		"eslint-plugin-prettier": "^3.3.1",
		"get-stream": "^6.0.0",
		"jest": "^26.6.1",
		"nodemon": "^2.0.6",
		"jest": "^26.6.3",
		"nodemon": "^2.0.7",
		"npm-run-all": "^4.1.5",
		"prettier": "^2.1.2",
		"xmltest": "^1.4.0",
		"prettier": "^2.2.1",
		"xmltest": "^1.5.0",
		"yauzl": "^2.10.0"
		@@ -90,2 +89,7 @@ },
		"web": "https://github.com/kethinov"
		},
		{
		"name": "Christian Bewernitz",
		"email": "coder@karfau.de",
		"web": "https://github.com/karfau"
		}
		@@ -96,3 +100,3 @@ ],
		},
		"license": "(LGPL-2.0 OR MIT)"
		"license": "MIT"
		}

readme.md

		# XMLDOM

		[![license](https://img.shields.io/npm/l/xmldom?color=blue&style=flat-square)](./LICENSE.md)
		[![license](https://img.shields.io/npm/l/xmldom?color=blue&style=flat-square)](LICENSE)
		[![npm](https://img.shields.io/npm/v/xmldom?style=flat-square)](https://www.npmjs.com/package/xmldom)
		@@ -49,3 +49,3 @@ [![bug issues](https://img.shields.io/github/issues/xmldom/xmldom/bug?color=red&style=flat-square)](https://github.com/xmldom/xmldom/issues?q=is%3Aissue+is%3Aopen+label%3Abug)

		* [DOMParser](https://developer.mozilla.org/en/DOMParser):
		* [DOMParser](https://developer.mozilla.org/en-US/docs/Web/API/DOMParser):

		@@ -78,3 +78,3 @@ ```javascript

		* [XMLSerializer](https://developer.mozilla.org/en/XMLSerializer)
		* [XMLSerializer](https://developer.mozilla.org/en-US/docs/Web/API/XMLSerializer)

		@@ -103,3 +103,27 @@ ```javascript
		hasAttributes()
		* [DOMException](http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/ecma-script-binding.html)
		The DOMException class has the following constants (and `value` of type `Number`):

		1. `DOMException.INDEX_SIZE_ERR` (`1`)
		1. `DOMException.DOMSTRING_SIZE_ERR` (`2`)
		1. `DOMException.HIERARCHY_REQUEST_ERR` (`3`)
		1. `DOMException.WRONG_DOCUMENT_ERR` (`4`)
		1. `DOMException.INVALID_CHARACTER_ERR` (`5`)
		1. `DOMException.NO_DATA_ALLOWED_ERR` (`6`)
		1. `DOMException.NO_MODIFICATION_ALLOWED_ERR` (`7`)
		1. `DOMException.NOT_FOUND_ERR` (`8`)
		1. `DOMException.NOT_SUPPORTED_ERR` (`9`)
		1. `DOMException.INUSE_ATTRIBUTE_ERR` (`10`)
		1. `DOMException.INVALID_STATE_ERR` (`11`)
		1. `DOMException.SYNTAX_ERR` (`12`)
		1. `DOMException.INVALID_MODIFICATION_ERR` (`13`)
		1. `DOMException.NAMESPACE_ERR` (`14`)
		1. `DOMException.INVALID_ACCESS_ERR` (`15`)

		The DOMException object has the following properties:
		code
		This property is of type Number.

		* extends the Error type thrown as part of DOM API:

		* [DOMImplementation](http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/core.html#ID-102161490)
		@@ -234,3 +258,4 @@
		---
		* [Node] Source position extension;

		* [Node] Source position extension;

		@@ -237,0 +262,0 @@ attribute:

LICENSE.md

xmldom - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics