vega 0.3.1 → 0.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +12 -12
- data/lib/vega/version.rb +1 -1
- data/lib/vega.rb +8 -8
- data/licenses/LICENSE-vega-interpreter.txt +1 -1
- data/licenses/LICENSE-vega.txt +1 -1
- data/vendor/assets/javascripts/vega-embed.js +436 -248
- data/vendor/assets/javascripts/vega-interpreter.js +33 -40
- data/vendor/assets/javascripts/vega-lite.js +2191 -1580
- data/vendor/assets/javascripts/vega.js +7345 -11726
- metadata +3 -3
@@ -2,11 +2,10 @@
|
|
2
2
|
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
|
3
3
|
typeof define === 'function' && define.amd ? define(['exports'], factory) :
|
4
4
|
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.vega = global.vega || {}));
|
5
|
-
}(this, (function (exports) { 'use strict';
|
5
|
+
})(this, (function (exports) { 'use strict';
|
6
6
|
|
7
7
|
function adjustSpatial (item, encode, swap) {
|
8
8
|
let t;
|
9
|
-
|
10
9
|
if (encode.x2) {
|
11
10
|
if (encode.x) {
|
12
11
|
if (swap && item.x > item.x2) {
|
@@ -14,17 +13,14 @@
|
|
14
13
|
item.x = item.x2;
|
15
14
|
item.x2 = t;
|
16
15
|
}
|
17
|
-
|
18
16
|
item.width = item.x2 - item.x;
|
19
17
|
} else {
|
20
18
|
item.x = item.x2 - (item.width || 0);
|
21
19
|
}
|
22
20
|
}
|
23
|
-
|
24
21
|
if (encode.xc) {
|
25
22
|
item.x = item.xc - (item.width || 0) / 2;
|
26
23
|
}
|
27
|
-
|
28
24
|
if (encode.y2) {
|
29
25
|
if (encode.y) {
|
30
26
|
if (swap && item.y > item.y2) {
|
@@ -32,13 +28,11 @@
|
|
32
28
|
item.y = item.y2;
|
33
29
|
item.y2 = t;
|
34
30
|
}
|
35
|
-
|
36
31
|
item.height = item.y2 - item.y;
|
37
32
|
} else {
|
38
33
|
item.y = item.y2 - (item.height || 0);
|
39
34
|
}
|
40
35
|
}
|
41
|
-
|
42
36
|
if (encode.yc) {
|
43
37
|
item.y = item.yc - (item.height || 0) / 2;
|
44
38
|
}
|
@@ -88,14 +82,11 @@
|
|
88
82
|
};
|
89
83
|
|
90
84
|
const slice = Array.prototype.slice;
|
91
|
-
|
92
85
|
const apply = (m, args, cast) => {
|
93
86
|
const obj = cast ? cast(args[0]) : args[0];
|
94
87
|
return obj[m].apply(obj, slice.call(args, 1));
|
95
88
|
};
|
96
|
-
|
97
89
|
const datetime = (y, m, d, H, M, S, ms) => new Date(y, m || 0, d != null ? d : 1, H || 0, M || 0, S || 0, ms || 0);
|
98
|
-
|
99
90
|
var Functions = {
|
100
91
|
// math functions
|
101
92
|
isNaN: Number.isNaN,
|
@@ -177,6 +168,8 @@
|
|
177
168
|
};
|
178
169
|
|
179
170
|
const EventFunctions = ['view', 'item', 'group', 'xy', 'x', 'y'];
|
171
|
+
const DisallowedMethods = new Set([Function, eval, setTimeout, setInterval]);
|
172
|
+
if (typeof setImmediate === 'function') DisallowedMethods.add(setImmediate);
|
180
173
|
const Visitors = {
|
181
174
|
Literal: ($, n) => n.value,
|
182
175
|
Identifier: ($, n) => {
|
@@ -185,22 +178,28 @@
|
|
185
178
|
},
|
186
179
|
MemberExpression: ($, n) => {
|
187
180
|
const d = !n.computed,
|
188
|
-
|
181
|
+
o = $(n.object);
|
189
182
|
if (d) $.memberDepth += 1;
|
190
183
|
const p = $(n.property);
|
191
184
|
if (d) $.memberDepth -= 1;
|
185
|
+
if (DisallowedMethods.has(o[p])) {
|
186
|
+
// eslint-disable-next-line no-console
|
187
|
+
console.error(`Prevented interpretation of member "${p}" which could lead to insecure code execution`);
|
188
|
+
return;
|
189
|
+
}
|
192
190
|
return o[p];
|
193
191
|
},
|
194
192
|
CallExpression: ($, n) => {
|
195
193
|
const args = n.arguments;
|
196
|
-
let name = n.callee.name;
|
197
|
-
// re-route to corresponding standard function
|
194
|
+
let name = n.callee.name;
|
198
195
|
|
196
|
+
// handle special internal functions used by encoders
|
197
|
+
// re-route to corresponding standard function
|
199
198
|
if (name.startsWith('_')) {
|
200
199
|
name = name.slice(1);
|
201
|
-
}
|
202
|
-
|
200
|
+
}
|
203
201
|
|
202
|
+
// special case "if" due to conditional evaluation of branches
|
204
203
|
return name === 'if' ? $(args[0]) ? $(args[1]) : $(args[2]) : ($.fn[name] || Functions[name]).apply($.fn, args.map($));
|
205
204
|
},
|
206
205
|
ArrayExpression: ($, n) => n.elements.map($),
|
@@ -212,20 +211,25 @@
|
|
212
211
|
$.memberDepth += 1;
|
213
212
|
const k = $(p.key);
|
214
213
|
$.memberDepth -= 1;
|
215
|
-
|
214
|
+
if (DisallowedMethods.has($(p.value))) {
|
215
|
+
// eslint-disable-next-line no-console
|
216
|
+
console.error(`Prevented interpretation of property "${k}" which could lead to insecure code execution`);
|
217
|
+
} else {
|
218
|
+
o[k] = $(p.value);
|
219
|
+
}
|
216
220
|
return o;
|
217
221
|
}, {})
|
218
222
|
};
|
219
223
|
function interpret (ast, fn, params, datum, event, item) {
|
220
224
|
const $ = n => Visitors[n.type]($, n);
|
221
|
-
|
222
225
|
$.memberDepth = 0;
|
223
226
|
$.fn = Object.create(fn);
|
224
227
|
$.params = params;
|
225
228
|
$.datum = datum;
|
226
229
|
$.event = event;
|
227
|
-
$.item = item;
|
230
|
+
$.item = item;
|
228
231
|
|
232
|
+
// route event functions to annotated vega event context
|
229
233
|
EventFunctions.forEach(f => $.fn[f] = (...args) => event.vega[f](...args));
|
230
234
|
return $(ast);
|
231
235
|
}
|
@@ -236,76 +240,65 @@
|
|
236
240
|
*/
|
237
241
|
operator(ctx, expr) {
|
238
242
|
const ast = expr.ast,
|
239
|
-
|
243
|
+
fn = ctx.functions;
|
240
244
|
return _ => interpret(ast, fn, _);
|
241
245
|
},
|
242
|
-
|
243
246
|
/**
|
244
247
|
* Parse an expression provided as an operator parameter value.
|
245
248
|
*/
|
246
249
|
parameter(ctx, expr) {
|
247
250
|
const ast = expr.ast,
|
248
|
-
|
251
|
+
fn = ctx.functions;
|
249
252
|
return (datum, _) => interpret(ast, fn, _, datum);
|
250
253
|
},
|
251
|
-
|
252
254
|
/**
|
253
255
|
* Parse an expression applied to an event stream.
|
254
256
|
*/
|
255
257
|
event(ctx, expr) {
|
256
258
|
const ast = expr.ast,
|
257
|
-
|
259
|
+
fn = ctx.functions;
|
258
260
|
return event => interpret(ast, fn, undefined, undefined, event);
|
259
261
|
},
|
260
|
-
|
261
262
|
/**
|
262
263
|
* Parse an expression used to handle an event-driven operator update.
|
263
264
|
*/
|
264
265
|
handler(ctx, expr) {
|
265
266
|
const ast = expr.ast,
|
266
|
-
|
267
|
+
fn = ctx.functions;
|
267
268
|
return (_, event) => {
|
268
269
|
const datum = event.item && event.item.datum;
|
269
270
|
return interpret(ast, fn, _, datum, event);
|
270
271
|
};
|
271
272
|
},
|
272
|
-
|
273
273
|
/**
|
274
274
|
* Parse an expression that performs visual encoding.
|
275
275
|
*/
|
276
276
|
encode(ctx, encode) {
|
277
277
|
const {
|
278
|
-
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
|
278
|
+
marktype,
|
279
|
+
channels
|
280
|
+
} = encode,
|
281
|
+
fn = ctx.functions,
|
282
|
+
swap = marktype === 'group' || marktype === 'image' || marktype === 'rect';
|
283
283
|
return (item, _) => {
|
284
284
|
const datum = item.datum;
|
285
285
|
let m = 0,
|
286
|
-
|
287
|
-
|
286
|
+
v;
|
288
287
|
for (const name in channels) {
|
289
288
|
v = interpret(channels[name].ast, fn, _, datum, undefined, item);
|
290
|
-
|
291
289
|
if (item[name] !== v) {
|
292
290
|
item[name] = v;
|
293
291
|
m = 1;
|
294
292
|
}
|
295
293
|
}
|
296
|
-
|
297
294
|
if (marktype !== 'rule') {
|
298
295
|
adjustSpatial(item, channels, swap);
|
299
296
|
}
|
300
|
-
|
301
297
|
return m;
|
302
298
|
};
|
303
299
|
}
|
304
|
-
|
305
300
|
};
|
306
301
|
|
307
302
|
exports.expressionInterpreter = expression;
|
308
303
|
|
309
|
-
|
310
|
-
|
311
|
-
})));
|
304
|
+
}));
|