@alicloud/sandbox-escape 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/CHANGELOG.md +5 -0
  2. package/README.md +3 -0
  3. package/build/cjs/index.js +18 -0
  4. package/build/cjs/util/get-window-by-dom.js +14 -0
  5. package/build/cjs/util/get-window-by-new-function.js +19 -0
  6. package/build/cjs/util/get-window.js +26 -0
  7. package/build/cjs/util/index.js +15 -0
  8. package/build/es/index.js +1 -0
  9. package/build/es/util/get-window-by-dom.js +7 -0
  10. package/build/es/util/get-window-by-new-function.js +12 -0
  11. package/build/es/util/get-window.js +15 -0
  12. package/build/es/util/index.js +1 -0
  13. package/build/types/index.d.ts +1 -0
  14. package/build/types/util/get-window-by-dom.d.ts +1 -0
  15. package/build/types/util/get-window-by-new-function.d.ts +1 -0
  16. package/build/types/util/get-window.d.ts +4 -0
  17. package/build/types/util/index.d.ts +1 -0
  18. package/package.json +45 -0
package/CHANGELOG.md ADDED
@@ -0,0 +1,5 @@
1
+ # CHANGELOG
2
+
3
+ ## 1.0.0 2022/06/28 @驳是
4
+
5
+ * First Blood
package/README.md ADDED
@@ -0,0 +1,3 @@
1
+ # @alicloud/sandbox-escape
2
+
3
+ 沙箱逃逸,虽然 ConsoleBase 不属于沙箱,但有沙箱应用会用到 ConsoleBase 提供的包,需要保证 ConsoleBase 在这些沙箱应用下可以用到真正的 window 等全局对象。
package/build/cjs/index.js ADDED
@@ -0,0 +1,18 @@
1
+ "use strict";
2
+
3
+ Object.defineProperty(exports, "__esModule", {
4
+ value: true
5
+ });
6
+
7
+ var _util = require("./util");
8
+
9
+ Object.keys(_util).forEach(function (key) {
10
+ if (key === "default" || key === "__esModule") return;
11
+ if (key in exports && exports[key] === _util[key]) return;
12
+ Object.defineProperty(exports, key, {
13
+ enumerable: true,
14
+ get: function get() {
15
+ return _util[key];
16
+ }
17
+ });
18
+ });
package/build/cjs/util/get-window-by-dom.js ADDED
@@ -0,0 +1,14 @@
1
+ "use strict";
2
+
3
+ Object.defineProperty(exports, "__esModule", {
4
+ value: true
5
+ });
6
+ exports.default = getWindowByDom;
7
+
8
+ function getWindowByDom() {
9
+ try {
10
+ return window.document.getElementsByTagName('html')[0].ownerDocument.defaultView;
11
+ } catch (err) {
12
+ return null;
13
+ }
14
+ }
package/build/cjs/util/get-window-by-new-function.js ADDED
@@ -0,0 +1,19 @@
1
+ "use strict";
2
+
3
+ Object.defineProperty(exports, "__esModule", {
4
+ value: true
5
+ });
6
+ exports.default = getWindowByNewFunction;
7
+
8
+ function getWindowByNewFunction() {
9
+ /**
10
+ * 需要 try-catch,因为可能会被 CSP 拦截,比如这段代码放在 Github 的项目页面就会报错如下:
11
+ *
12
+ * 「Content Security Policy: The page’s settings blocked the loading of a resource at eval (“script-src”).」
13
+ */
14
+ try {
15
+ return new Function('', 'return window')(); // eslint-disable-line no-new-func
16
+ } catch (err) {
17
+ return null;
18
+ }
19
+ }
package/build/cjs/util/get-window.js ADDED
@@ -0,0 +1,26 @@
1
+ "use strict";
2
+
3
+ var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
4
+
5
+ Object.defineProperty(exports, "__esModule", {
6
+ value: true
7
+ });
8
+ exports.default = getWindow;
9
+
10
+ var _getWindowByNewFunction = _interopRequireDefault(require("./get-window-by-new-function"));
11
+
12
+ var _getWindowByDom = _interopRequireDefault(require("./get-window-by-dom"));
13
+
14
+ var win;
15
+ /**
16
+ * 避免沙箱模式下 window 被 with 劫持
17
+ */
18
+
19
+ function getWindow() {
20
+ if (!win) {
21
+ // 取一次即可
22
+ win = (0, _getWindowByNewFunction.default)() || (0, _getWindowByDom.default)() || window;
23
+ }
24
+
25
+ return win;
26
+ }
package/build/cjs/util/index.js ADDED
@@ -0,0 +1,15 @@
1
+ "use strict";
2
+
3
+ var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
4
+
5
+ Object.defineProperty(exports, "__esModule", {
6
+ value: true
7
+ });
8
+ Object.defineProperty(exports, "getWindow", {
9
+ enumerable: true,
10
+ get: function get() {
11
+ return _getWindow.default;
12
+ }
13
+ });
14
+
15
+ var _getWindow = _interopRequireDefault(require("./get-window"));
package/build/es/index.js ADDED
@@ -0,0 +1 @@
1
+ export * from './util';
package/build/es/util/get-window-by-dom.js ADDED
@@ -0,0 +1,7 @@
1
+ export default function getWindowByDom() {
2
+ try {
3
+ return window.document.getElementsByTagName('html')[0].ownerDocument.defaultView;
4
+ } catch (err) {
5
+ return null;
6
+ }
7
+ }
package/build/es/util/get-window-by-new-function.js ADDED
@@ -0,0 +1,12 @@
1
+ export default function getWindowByNewFunction() {
2
+ /**
3
+ * 需要 try-catch,因为可能会被 CSP 拦截,比如这段代码放在 Github 的项目页面就会报错如下:
4
+ *
5
+ * 「Content Security Policy: The page’s settings blocked the loading of a resource at eval (“script-src”).」
6
+ */
7
+ try {
8
+ return new Function('', 'return window')(); // eslint-disable-line no-new-func
9
+ } catch (err) {
10
+ return null;
11
+ }
12
+ }
package/build/es/util/get-window.js ADDED
@@ -0,0 +1,15 @@
1
+ import getWindowByNewFunction from './get-window-by-new-function';
2
+ import getWindowByDom from './get-window-by-dom';
3
+ var win;
4
+ /**
5
+ * 避免沙箱模式下 window 被 with 劫持
6
+ */
7
+
8
+ export default function getWindow() {
9
+ if (!win) {
10
+ // 取一次即可
11
+ win = getWindowByNewFunction() || getWindowByDom() || window;
12
+ }
13
+
14
+ return win;
15
+ }
package/build/es/util/index.js ADDED
@@ -0,0 +1 @@
1
+ export { default as getWindow } from './get-window';
package/build/types/index.d.ts ADDED
@@ -0,0 +1 @@
1
+ export * from './util';
package/build/types/util/get-window-by-dom.d.ts ADDED
@@ -0,0 +1 @@
1
+ export default function getWindowByDom(): Window | null;
package/build/types/util/get-window-by-new-function.d.ts ADDED
@@ -0,0 +1 @@
1
+ export default function getWindowByNewFunction(): Window | null;
package/build/types/util/get-window.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ /**
2
+ * 避免沙箱模式下 window 被 with 劫持
3
+ */
4
+ export default function getWindow<T extends Window = Window>(): T;
package/build/types/util/index.d.ts ADDED
@@ -0,0 +1 @@
1
+ export { default as getWindow } from './get-window';
package/package.json ADDED
@@ -0,0 +1,45 @@
1
+ {
2
+ "name": "@alicloud/sandbox-escape",
3
+ "version": "1.0.0",
4
+ "description": "沙箱逃逸",
5
+ "license": "MIT",
6
+ "main": "build/cjs/index.js",
7
+ "module": "build/es/index.js",
8
+ "types": "build/types/index.d.ts",
9
+ "homepage": "https://github.com/aliyun/alibabacloud-console-base/tree/master/packages/sandbox-escape",
10
+ "author": {
11
+ "name": "Jianchun Wang",
12
+ "email": "justnewbee@gmail.com"
13
+ },
14
+ "repository": {
15
+ "type": "git",
16
+ "url": "git+https://github.com/aliyun/alibabacloud-console-base.git"
17
+ },
18
+ "publishConfig": {
19
+ "access": "public"
20
+ },
21
+ "keywords": [
22
+ "sandbox",
23
+ "escape",
24
+ "window"
25
+ ],
26
+ "devDependencies": {
27
+ "@alicloud/console-toolkit-cli": "^1.2.30",
28
+ "@alicloud/console-toolkit-preset-component": "^1.2.61",
29
+ "@types/lodash": "^4.14.182",
30
+ "@types/react": "^17.0.45",
31
+ "react": "^17.0.2",
32
+ "typescript": "^4.7.4"
33
+ },
34
+ "scripts": {
35
+ "start": "breezr start-storybook",
36
+ "test": "breezr test:unit",
37
+ "build:esm": "breezr build --engine babel --es-module",
38
+ "build:cjs": "breezr build --engine babel",
39
+ "build:bundle": "breezr build --engine webpack",
40
+ "build:typings": "tsc --outDir build/types --declaration --emitDeclarationOnly",
41
+ "build": "yarn build:esm && yarn build:cjs && yarn build:typings",
42
+ "clean": "rm -rf build",
43
+ "prepublishOnly": "yarn clean && yarn build"
44
+ }
45
+ }