@commercetools-frontend/application-config 21.5.0 → 21.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commercetools-frontend-application-config.cjs.dev.js +18 -2
- package/dist/commercetools-frontend-application-config.cjs.prod.js +18 -2
- package/dist/commercetools-frontend-application-config.esm.js +17 -2
- package/dist/declarations/src/sanitize-svg.d.ts +1 -0
- package/package.json +4 -1
- package/schema.json +1 -1
|
@@ -38,6 +38,8 @@ var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/i
|
|
|
38
38
|
var uniq = require('lodash/uniq');
|
|
39
39
|
var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
|
|
40
40
|
var formatters = require('./formatters-41584280.cjs.dev.js');
|
|
41
|
+
var createDOMPurify = require('dompurify');
|
|
42
|
+
var jsdom$1 = require('jsdom');
|
|
41
43
|
require('lodash/upperFirst');
|
|
42
44
|
|
|
43
45
|
function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
|
|
@@ -65,6 +67,7 @@ var _Object$values__default = /*#__PURE__*/_interopDefault(_Object$values);
|
|
|
65
67
|
var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
|
|
66
68
|
var uniq__default = /*#__PURE__*/_interopDefault(uniq);
|
|
67
69
|
var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
|
|
70
|
+
var createDOMPurify__default = /*#__PURE__*/_interopDefault(createDOMPurify);
|
|
68
71
|
|
|
69
72
|
function _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = _Reflect$construct__default["default"](Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
|
|
70
73
|
|
|
@@ -184,7 +187,7 @@ var schemaJson = {
|
|
|
184
187
|
oneOf: [
|
|
185
188
|
{
|
|
186
189
|
type: "string",
|
|
187
|
-
pattern: "^[^\\-_]([0-9a-z]|[\\-_](?![\\-_])){
|
|
190
|
+
pattern: "^[^\\-_#]([0-9a-z]|[\\-_](?![\\-_])){0,62}[^\\-_#]$"
|
|
188
191
|
},
|
|
189
192
|
{
|
|
190
193
|
$ref: "#/definitions/envVariablePlaceholder"
|
|
@@ -732,6 +735,19 @@ var getOrThrow = function getOrThrow(fn, errorMessage) {
|
|
|
732
735
|
}
|
|
733
736
|
};
|
|
734
737
|
|
|
738
|
+
var jsdom = new jsdom$1.JSDOM(''); // @ts-expect-error: jsdom returns DOMWindow, which doesn't match Window dompurify expects
|
|
739
|
+
|
|
740
|
+
var DOMPurify = createDOMPurify__default["default"](jsdom.window);
|
|
741
|
+
function sanitizeSvg(data) {
|
|
742
|
+
return DOMPurify.sanitize(data, {
|
|
743
|
+
USE_PROFILES: {
|
|
744
|
+
svg: true
|
|
745
|
+
},
|
|
746
|
+
FORBID_ATTR: [// To avoid injection by using `style="filter:url(\"data:image/svg+xml,<svg`
|
|
747
|
+
'style']
|
|
748
|
+
});
|
|
749
|
+
}
|
|
750
|
+
|
|
735
751
|
function ownKeys$1(object, enumerableOnly) { var keys = _Object$keys__default["default"](object); if (_Object$getOwnPropertySymbols__default["default"]) { var symbols = _Object$getOwnPropertySymbols__default["default"](object); enumerableOnly && (symbols = _filterInstanceProperty__default["default"](symbols).call(symbols, function (sym) { return _Object$getOwnPropertyDescriptor__default["default"](object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
|
|
736
752
|
|
|
737
753
|
function _objectSpread$1(target) { for (var i = 1; i < arguments.length; i++) { var _context3, _context4; var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? _forEachInstanceProperty__default["default"](_context3 = ownKeys$1(Object(source), !0)).call(_context3, function (key) { _defineProperty(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors__default["default"] ? _Object$defineProperties__default["default"](target, _Object$getOwnPropertyDescriptors__default["default"](source)) : _forEachInstanceProperty__default["default"](_context4 = ownKeys$1(Object(source))).call(_context4, function (key) { _Object$defineProperty__default["default"](target, key, _Object$getOwnPropertyDescriptor__default["default"](source, key)); }); } return target; }
|
|
@@ -770,7 +786,7 @@ function transformCustomApplicationConfigToData(appConfig) {
|
|
|
770
786
|
name: permissionKeys.manage,
|
|
771
787
|
oAuthScopes: appConfig.oAuthScopes.manage
|
|
772
788
|
}],
|
|
773
|
-
icon: appConfig.icon,
|
|
789
|
+
icon: sanitizeSvg(appConfig.icon),
|
|
774
790
|
mainMenuLink: appConfig.mainMenuLink,
|
|
775
791
|
submenuLinks: _mapInstanceProperty__default["default"](_context2 = appConfig.submenuLinks).call(_context2, function (submenuLink) {
|
|
776
792
|
return _objectSpread$1(_objectSpread$1({}, submenuLink), {}, {
|
|
@@ -38,6 +38,8 @@ var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/i
|
|
|
38
38
|
var uniq = require('lodash/uniq');
|
|
39
39
|
var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
|
|
40
40
|
var formatters = require('./formatters-40251cfd.cjs.prod.js');
|
|
41
|
+
var createDOMPurify = require('dompurify');
|
|
42
|
+
var jsdom$1 = require('jsdom');
|
|
41
43
|
require('lodash/upperFirst');
|
|
42
44
|
|
|
43
45
|
function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
|
|
@@ -65,6 +67,7 @@ var _Object$values__default = /*#__PURE__*/_interopDefault(_Object$values);
|
|
|
65
67
|
var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
|
|
66
68
|
var uniq__default = /*#__PURE__*/_interopDefault(uniq);
|
|
67
69
|
var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
|
|
70
|
+
var createDOMPurify__default = /*#__PURE__*/_interopDefault(createDOMPurify);
|
|
68
71
|
|
|
69
72
|
function _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = _Reflect$construct__default["default"](Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
|
|
70
73
|
|
|
@@ -184,7 +187,7 @@ var schemaJson = {
|
|
|
184
187
|
oneOf: [
|
|
185
188
|
{
|
|
186
189
|
type: "string",
|
|
187
|
-
pattern: "^[^\\-_]([0-9a-z]|[\\-_](?![\\-_])){
|
|
190
|
+
pattern: "^[^\\-_#]([0-9a-z]|[\\-_](?![\\-_])){0,62}[^\\-_#]$"
|
|
188
191
|
},
|
|
189
192
|
{
|
|
190
193
|
$ref: "#/definitions/envVariablePlaceholder"
|
|
@@ -732,6 +735,19 @@ var getOrThrow = function getOrThrow(fn, errorMessage) {
|
|
|
732
735
|
}
|
|
733
736
|
};
|
|
734
737
|
|
|
738
|
+
var jsdom = new jsdom$1.JSDOM(''); // @ts-expect-error: jsdom returns DOMWindow, which doesn't match Window dompurify expects
|
|
739
|
+
|
|
740
|
+
var DOMPurify = createDOMPurify__default["default"](jsdom.window);
|
|
741
|
+
function sanitizeSvg(data) {
|
|
742
|
+
return DOMPurify.sanitize(data, {
|
|
743
|
+
USE_PROFILES: {
|
|
744
|
+
svg: true
|
|
745
|
+
},
|
|
746
|
+
FORBID_ATTR: [// To avoid injection by using `style="filter:url(\"data:image/svg+xml,<svg`
|
|
747
|
+
'style']
|
|
748
|
+
});
|
|
749
|
+
}
|
|
750
|
+
|
|
735
751
|
function ownKeys$1(object, enumerableOnly) { var keys = _Object$keys__default["default"](object); if (_Object$getOwnPropertySymbols__default["default"]) { var symbols = _Object$getOwnPropertySymbols__default["default"](object); enumerableOnly && (symbols = _filterInstanceProperty__default["default"](symbols).call(symbols, function (sym) { return _Object$getOwnPropertyDescriptor__default["default"](object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
|
|
736
752
|
|
|
737
753
|
function _objectSpread$1(target) { for (var i = 1; i < arguments.length; i++) { var _context3, _context4; var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? _forEachInstanceProperty__default["default"](_context3 = ownKeys$1(Object(source), !0)).call(_context3, function (key) { _defineProperty(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors__default["default"] ? _Object$defineProperties__default["default"](target, _Object$getOwnPropertyDescriptors__default["default"](source)) : _forEachInstanceProperty__default["default"](_context4 = ownKeys$1(Object(source))).call(_context4, function (key) { _Object$defineProperty__default["default"](target, key, _Object$getOwnPropertyDescriptor__default["default"](source, key)); }); } return target; }
|
|
@@ -770,7 +786,7 @@ function transformCustomApplicationConfigToData(appConfig) {
|
|
|
770
786
|
name: permissionKeys.manage,
|
|
771
787
|
oAuthScopes: appConfig.oAuthScopes.manage
|
|
772
788
|
}],
|
|
773
|
-
icon: appConfig.icon,
|
|
789
|
+
icon: sanitizeSvg(appConfig.icon),
|
|
774
790
|
mainMenuLink: appConfig.mainMenuLink,
|
|
775
791
|
submenuLinks: _mapInstanceProperty__default["default"](_context2 = appConfig.submenuLinks).call(_context2, function (submenuLink) {
|
|
776
792
|
return _objectSpread$1(_objectSpread$1({}, submenuLink), {}, {
|
|
@@ -34,6 +34,8 @@ import _includesInstanceProperty from '@babel/runtime-corejs3/core-js-stable/ins
|
|
|
34
34
|
import uniq from 'lodash/uniq';
|
|
35
35
|
import _startsWithInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/starts-with';
|
|
36
36
|
import { e as entryPointUriPathToResourceAccesses } from './formatters-62af6993.esm.js';
|
|
37
|
+
import createDOMPurify from 'dompurify';
|
|
38
|
+
import { JSDOM } from 'jsdom';
|
|
37
39
|
import 'lodash/upperFirst';
|
|
38
40
|
|
|
39
41
|
function _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = _Reflect$construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
|
|
@@ -154,7 +156,7 @@ var schemaJson = {
|
|
|
154
156
|
oneOf: [
|
|
155
157
|
{
|
|
156
158
|
type: "string",
|
|
157
|
-
pattern: "^[^\\-_]([0-9a-z]|[\\-_](?![\\-_])){
|
|
159
|
+
pattern: "^[^\\-_#]([0-9a-z]|[\\-_](?![\\-_])){0,62}[^\\-_#]$"
|
|
158
160
|
},
|
|
159
161
|
{
|
|
160
162
|
$ref: "#/definitions/envVariablePlaceholder"
|
|
@@ -702,6 +704,19 @@ var getOrThrow = function getOrThrow(fn, errorMessage) {
|
|
|
702
704
|
}
|
|
703
705
|
};
|
|
704
706
|
|
|
707
|
+
var jsdom = new JSDOM(''); // @ts-expect-error: jsdom returns DOMWindow, which doesn't match Window dompurify expects
|
|
708
|
+
|
|
709
|
+
var DOMPurify = createDOMPurify(jsdom.window);
|
|
710
|
+
function sanitizeSvg(data) {
|
|
711
|
+
return DOMPurify.sanitize(data, {
|
|
712
|
+
USE_PROFILES: {
|
|
713
|
+
svg: true
|
|
714
|
+
},
|
|
715
|
+
FORBID_ATTR: [// To avoid injection by using `style="filter:url(\"data:image/svg+xml,<svg`
|
|
716
|
+
'style']
|
|
717
|
+
});
|
|
718
|
+
}
|
|
719
|
+
|
|
705
720
|
function ownKeys$1(object, enumerableOnly) { var keys = _Object$keys(object); if (_Object$getOwnPropertySymbols) { var symbols = _Object$getOwnPropertySymbols(object); enumerableOnly && (symbols = _filterInstanceProperty(symbols).call(symbols, function (sym) { return _Object$getOwnPropertyDescriptor(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
|
|
706
721
|
|
|
707
722
|
function _objectSpread$1(target) { for (var i = 1; i < arguments.length; i++) { var _context3, _context4; var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? _forEachInstanceProperty(_context3 = ownKeys$1(Object(source), !0)).call(_context3, function (key) { _defineProperty(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(target, _Object$getOwnPropertyDescriptors(source)) : _forEachInstanceProperty(_context4 = ownKeys$1(Object(source))).call(_context4, function (key) { _Object$defineProperty(target, key, _Object$getOwnPropertyDescriptor(source, key)); }); } return target; }
|
|
@@ -740,7 +755,7 @@ function transformCustomApplicationConfigToData(appConfig) {
|
|
|
740
755
|
name: permissionKeys.manage,
|
|
741
756
|
oAuthScopes: appConfig.oAuthScopes.manage
|
|
742
757
|
}],
|
|
743
|
-
icon: appConfig.icon,
|
|
758
|
+
icon: sanitizeSvg(appConfig.icon),
|
|
744
759
|
mainMenuLink: appConfig.mainMenuLink,
|
|
745
760
|
submenuLinks: _mapInstanceProperty(_context2 = appConfig.submenuLinks).call(_context2, function (submenuLink) {
|
|
746
761
|
return _objectSpread$1(_objectSpread$1({}, submenuLink), {}, {
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export default function sanitizeSvg(data: string): string;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@commercetools-frontend/application-config",
|
|
3
|
-
"version": "21.
|
|
3
|
+
"version": "21.6.0",
|
|
4
4
|
"description": "Configuration utilities for building Custom Applications",
|
|
5
5
|
"bugs": "https://github.com/commercetools/merchant-center-application-kit/issues",
|
|
6
6
|
"repository": {
|
|
@@ -39,10 +39,13 @@
|
|
|
39
39
|
"ajv": "8.11.0",
|
|
40
40
|
"core-js": "^3.21.1",
|
|
41
41
|
"cosmiconfig": "7.0.1",
|
|
42
|
+
"dompurify": "^2.3.6",
|
|
43
|
+
"jsdom": "^19.0.0",
|
|
42
44
|
"lodash": "4.17.21",
|
|
43
45
|
"omit-empty-es": "1.1.3"
|
|
44
46
|
},
|
|
45
47
|
"devDependencies": {
|
|
48
|
+
"@types/jsdom": "^16.2.14",
|
|
46
49
|
"json-schema-to-typescript": "10.1.5",
|
|
47
50
|
"shelljs": "0.8.5"
|
|
48
51
|
},
|
package/schema.json
CHANGED