@boteteam/utils 0.0.14 → 0.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/dist/cjs/formatModule/formatModuleData.js +19 -1
  2. package/dist/cjs/formatModule/formatModuleData.js.map +2 -2
  3. package/dist/cjs/formatModule/helpers/formatFormProps.js +20 -27
  4. package/dist/cjs/formatModule/helpers/formatFormProps.js.map +2 -2
  5. package/dist/cjs/formatModule/helpers/formatStepsProps.d.ts +23 -0
  6. package/dist/cjs/formatModule/helpers/formatStepsProps.js +88 -0
  7. package/dist/cjs/formatModule/helpers/formatStepsProps.js.map +7 -0
  8. package/dist/cjs/formatModule/helpers/formatTableProps.d.ts +11 -0
  9. package/dist/cjs/formatModule/helpers/formatTableProps.js +76 -6
  10. package/dist/cjs/formatModule/helpers/formatTableProps.js.map +2 -2
  11. package/dist/cjs/formatModule/helpers/index.d.ts +2 -1
  12. package/dist/cjs/formatModule/helpers/index.js +3 -0
  13. package/dist/cjs/formatModule/helpers/index.js.map +3 -3
  14. package/dist/cjs/index.d.ts +2 -1
  15. package/dist/cjs/index.js +9 -0
  16. package/dist/cjs/index.js.map +2 -2
  17. package/dist/cjs/securityUtils.d.ts +28 -0
  18. package/dist/cjs/securityUtils.js +103 -0
  19. package/dist/cjs/securityUtils.js.map +7 -0
  20. package/dist/esm/formatModule/formatModuleData.js +18 -5
  21. package/dist/esm/formatModule/formatModuleData.js.map +1 -1
  22. package/dist/esm/formatModule/helpers/formatFormProps.js +25 -32
  23. package/dist/esm/formatModule/helpers/formatFormProps.js.map +1 -1
  24. package/dist/esm/formatModule/helpers/formatStepsProps.d.ts +23 -0
  25. package/dist/esm/formatModule/helpers/formatStepsProps.js +58 -0
  26. package/dist/esm/formatModule/helpers/formatStepsProps.js.map +1 -0
  27. package/dist/esm/formatModule/helpers/formatTableProps.d.ts +11 -0
  28. package/dist/esm/formatModule/helpers/formatTableProps.js +73 -6
  29. package/dist/esm/formatModule/helpers/formatTableProps.js.map +1 -1
  30. package/dist/esm/formatModule/helpers/index.d.ts +2 -1
  31. package/dist/esm/formatModule/helpers/index.js +2 -1
  32. package/dist/esm/formatModule/helpers/index.js.map +1 -1
  33. package/dist/esm/index.d.ts +2 -1
  34. package/dist/esm/index.js +2 -1
  35. package/dist/esm/index.js.map +1 -1
  36. package/dist/esm/securityUtils.d.ts +28 -0
  37. package/dist/esm/securityUtils.js +101 -0
  38. package/dist/esm/securityUtils.js.map +1 -0
  39. package/dist/umd/index.min.js +1 -1
  40. package/dist/umd/index.min.js.map +1 -1
  41. package/package.json +2 -2
package/dist/esm/securityUtils.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"names":["isValidUrl","url","urlObj","URL","window","location","origin","includes","protocol","dangerousPatterns","some","pattern","test","_unused","sanitizeRedirectUrl","allowedDomains","arguments","length","undefined","defaultUrl","currentHost","hostname","isAllowedDomain","domain","endsWith","concat","toString","_unused2","safeRedirect","safeUrl","href","sanitizeEventHandler","handler","apply","error","console"],"sources":["../../src/securityUtils.ts"],"sourcesContent":["/**\n * 安全工具函数,用于防止XSS等安全漏洞\n */\n\n/**\n * 验证URL是否安全,防止XSS攻击\n * @param url 待验证的URL\n * @returns 是否为安全的URL\n */\nexport const isValidUrl = (url: string): boolean => {\n if (!url || typeof url !== 'string') {\n return false;\n }\n\n try {\n const urlObj = new URL(url, window.location.origin);\n \n // 只允许http和https协议,防止javascript:等危险协议\n if (!['http:', 'https:'].includes(urlObj.protocol)) {\n return false;\n }\n\n // 检查是否包含危险字符\n const dangerousPatterns = [\n /javascript:/i,\n /vbscript:/i,\n /data:/i,\n /file:/i,\n /<script/i,\n /onload=/i,\n /onerror=/i,\n /onclick=/i,\n ];\n\n return !dangerousPatterns.some(pattern => pattern.test(url));\n } catch {\n return false;\n }\n};\n\n/**\n * 清理和验证重定向URL,确保安全\n * @param url 待清理的URL\n * @param allowedDomains 允许的域名列表,为空时允许同源URL\n * @returns 清理后的安全URL,如果不安全则返回默认URL\n */\nexport const sanitizeRedirectUrl = (\n url: string,\n allowedDomains: string[] = [],\n defaultUrl: string = '/'\n): string => {\n if (!url || typeof url !== 'string') {\n return defaultUrl;\n }\n\n // 基本URL验证\n if (!isValidUrl(url)) {\n return defaultUrl;\n }\n\n try {\n const urlObj = new URL(url, window.location.origin);\n const currentHost = window.location.hostname;\n\n // 如果没有指定允许的域名,只允许同源URL\n if (allowedDomains.length === 0) {\n if (urlObj.hostname !== currentHost) {\n return defaultUrl;\n }\n } else {\n // 检查是否在允许的域名列表中\n const isAllowedDomain = allowedDomains.some(domain =>\n urlObj.hostname === domain || urlObj.hostname.endsWith(`.${domain}`)\n );\n \n if (!isAllowedDomain && urlObj.hostname !== currentHost) {\n return defaultUrl;\n }\n }\n\n return urlObj.toString();\n } catch {\n return defaultUrl;\n }\n};\n\n/**\n * 安全地设置window.location.href,防止XSS攻击\n * @param url 目标URL\n * @param allowedDomains 允许的域名列表\n */\nexport const safeRedirect = (url: string, allowedDomains: string[] = []): void => {\n const safeUrl = sanitizeRedirectUrl(url, allowedDomains);\n window.location.href = safeUrl;\n};\n\n/**\n * 验证和清理事件处理器,防止恶意代码注入\n * @param handler 事件处理函数\n * @returns 安全的事件处理函数\n */\nexport const sanitizeEventHandler = (handler: Function): Function => {\n if (typeof handler !== 'function') {\n return () => {};\n }\n \n return (...args: any[]) => {\n try {\n handler(...args);\n } catch (error) {\n console.error('Event handler error:', error);\n }\n };\n};\n"],"mappings":"AAAA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO,IAAMA,UAAU,GAAG,SAAbA,UAAUA,CAAIC,GAAW,EAAc;EAClD,IAAI,CAACA,GAAG,IAAI,OAAOA,GAAG,KAAK,QAAQ,EAAE;IACnC,OAAO,KAAK;EACd;EAEA,IAAI;IACF,IAAMC,MAAM,GAAG,IAAIC,GAAG,CAACF,GAAG,EAAEG,MAAM,CAACC,QAAQ,CAACC,MAAM,CAAC;;IAEnD;IACA,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAACC,QAAQ,CAACL,MAAM,CAACM,QAAQ,CAAC,EAAE;MAClD,OAAO,KAAK;IACd;;IAEA;IACA,IAAMC,iBAAiB,GAAG,CACxB,cAAc,EACd,YAAY,EACZ,QAAQ,EACR,QAAQ,EACR,UAAU,EACV,UAAU,EACV,WAAW,EACX,WAAW,CACZ;IAED,OAAO,CAACA,iBAAiB,CAACC,IAAI,CAAC,UAAAC,OAAO;MAAA,OAAIA,OAAO,CAACC,IAAI,CAACX,GAAG,CAAC;IAAA,EAAC;EAC9D,CAAC,CAAC,OAAAY,OAAA,EAAM;IACN,OAAO,KAAK;EACd;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,IAAMC,mBAAmB,GAAG,SAAtBA,mBAAmBA,CAC9Bb,GAAW,EAGA;EAAA,IAFXc,cAAwB,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,EAAE;EAAA,IAC7BG,UAAkB,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,GAAG;EAExB,IAAI,CAACf,GAAG,IAAI,OAAOA,GAAG,KAAK,QAAQ,EAAE;IACnC,OAAOkB,UAAU;EACnB;;EAEA;EACA,IAAI,CAACnB,UAAU,CAACC,GAAG,CAAC,EAAE;IACpB,OAAOkB,UAAU;EACnB;EAEA,IAAI;IACF,IAAMjB,MAAM,GAAG,IAAIC,GAAG,CAACF,GAAG,EAAEG,MAAM,CAACC,QAAQ,CAACC,MAAM,CAAC;IACnD,IAAMc,WAAW,GAAGhB,MAAM,CAACC,QAAQ,CAACgB,QAAQ;;IAE5C;IACA,IAAIN,cAAc,CAACE,MAAM,KAAK,CAAC,EAAE;MAC/B,IAAIf,MAAM,CAACmB,QAAQ,KAAKD,WAAW,EAAE;QACnC,OAAOD,UAAU;MACnB;IACF,CAAC,MAAM;MACL;MACA,IAAMG,eAAe,GAAGP,cAAc,CAACL,IAAI,CAAC,UAAAa,MAAM;QAAA,OAChDrB,MAAM,CAACmB,QAAQ,KAAKE,MAAM,IAAIrB,MAAM,CAACmB,QAAQ,CAACG,QAAQ,KAAAC,MAAA,CAAKF,MAAM,CAAE,CAAC;MAAA,CACtE,CAAC;MAED,IAAI,CAACD,eAAe,IAAIpB,MAAM,CAACmB,QAAQ,KAAKD,WAAW,EAAE;QACvD,OAAOD,UAAU;MACnB;IACF;IAEA,OAAOjB,MAAM,CAACwB,QAAQ,CAAC,CAAC;EAC1B,CAAC,CAAC,OAAAC,QAAA,EAAM;IACN,OAAOR,UAAU;EACnB;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA,OAAO,IAAMS,YAAY,GAAG,SAAfA,YAAYA,CAAI3B,GAAW,EAA0C;EAAA,IAAxCc,cAAwB,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,EAAE;EACrE,IAAMa,OAAO,GAAGf,mBAAmB,CAACb,GAAG,EAAEc,cAAc,CAAC;EACxDX,MAAM,CAACC,QAAQ,CAACyB,IAAI,GAAGD,OAAO;AAChC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA,OAAO,IAAME,oBAAoB,GAAG,SAAvBA,oBAAoBA,CAAIC,OAAiB,EAAe;EACnE,IAAI,OAAOA,OAAO,KAAK,UAAU,EAAE;IACjC,OAAO,YAAM,CAAC,CAAC;EACjB;EAEA,OAAO,YAAoB;IACzB,IAAI;MACFA,OAAO,CAAAC,KAAA,SAAAjB,SAAQ,CAAC;IAClB,CAAC,CAAC,OAAOkB,KAAK,EAAE;MACdC,OAAO,CAACD,KAAK,CAAC,sBAAsB,EAAEA,KAAK,CAAC;IAC9C;EACF,CAAC;AACH,CAAC"}