npm - @crowdin/app-project-module - Versions diffs - 1.14.0 → 1.15.0 - Mend

@crowdin/app-project-module 1.14.0 → 1.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/out/index.js +2 -0
package/out/static/ui/form.bundle.js +219 -46
package/out/static/ui/form.bundle.js.map +1 -1
package/out/util/log-sanitizer.d.ts +18 -0
package/out/util/log-sanitizer.js +169 -0
package/package.json +2 -2

package/out/index.js CHANGED Viewed

@@ -71,6 +71,7 @@ const types_1 = require("./types");
 const util_1 = require("./util");
 const form_schema_1 = require("./util/form-schema");
 const connection_1 = require("./util/connection");
+const log_sanitizer_1 = require("./util/log-sanitizer");
 const logger = __importStar(require("./util/logger"));
 const logger_1 = require("./util/logger");
 const terminus_express_1 = __importDefault(require("./util/terminus-express"));
@@ -187,6 +188,7 @@ function addCrowdinEndpoints(app, clientConfig) {
     });
     if (!config.disableLogsFormatter) {
         logsFormatter.setup();
+        logsFormatter.registerSanitizer(log_sanitizer_1.crowdinLogSanitizer);
         app.use(logsFormatter.contextResolverMiddleware());
         app.use(logsFormatter.expressMiddleware());
     }

package/out/static/ui/form.bundle.js CHANGED Viewed

@@ -27185,6 +27185,15 @@ export default theme;`;
 		/** @type {(value: string) => boolean} */
 		const isIPv4 = RegExp.prototype.test.bind(/^(?:(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)\.){3}(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)$/u);
+		/** @type {(value: string) => boolean} */
+		const isHexPair = RegExp.prototype.test.bind(/^[\da-f]{2}$/iu);
+		/** @type {(value: string) => boolean} */
+		const isUnreserved = RegExp.prototype.test.bind(/^[\da-z\-._~]$/iu);
+		/** @type {(value: string) => boolean} */
+		const isPathCharacter = RegExp.prototype.test.bind(/^[\da-z\-._~!$&'()*+,;=:@/]$/iu);
 		/**
 		 * @param {Array<string>} input
 		 * @returns {string}
@@ -27443,31 +27452,126 @@ export default theme;`;
 		}
 		/**
-		 * @param {import('../types/index').URIComponent} component
-		 * @param {boolean} esc
-		 * @returns {import('../types/index').URIComponent}
+		 * Re-escape RFC 3986 gen-delims that must not appear literally in the host.
+		 * After the URI regex parses, these characters cannot be literal in the host
+		 * field, so any that appear after decoding came from percent-encoding and
+		 * must be restored to prevent authority structure changes.
+		 *
+		 * @param {string} host
+		 * @param {boolean} isIP - true for IPv4/IPv6 hosts (skip colon re-escaping)
+		 * @returns {string}
 		 */
-		function normalizeComponentEncoding (component, esc) {
-		  const func = esc !== true ? escape : unescape;
-		  if (component.scheme !== undefined) {
-		    component.scheme = func(component.scheme);
-		  }
-		  if (component.userinfo !== undefined) {
-		    component.userinfo = func(component.userinfo);
-		  }
-		  if (component.host !== undefined) {
-		    component.host = func(component.host);
+		const HOST_DELIMS = { '@': '%40', '/': '%2F', '?': '%3F', '#': '%23', ':': '%3A' };
+		const HOST_DELIM_RE = /[@/?#:]/g;
+		const HOST_DELIM_NO_COLON_RE = /[@/?#]/g;
+		function reescapeHostDelimiters (host, isIP) {
+		  const re = isIP ? HOST_DELIM_NO_COLON_RE : HOST_DELIM_RE;
+		  re.lastIndex = 0;
+		  return host.replace(re, (ch) => HOST_DELIMS[ch])
+		}
+		/**
+		 * Normalizes percent escapes and optionally decodes only unreserved ASCII bytes.
+		 * Reserved delimiters such as `%2F` and `%2E` stay escaped.
+		 *
+		 * @param {string} input
+		 * @param {boolean} [decodeUnreserved=false]
+		 * @returns {string}
+		 */
+		function normalizePercentEncoding (input, decodeUnreserved = false) {
+		  if (input.indexOf('%') === -1) {
+		    return input
 		  }
-		  if (component.path !== undefined) {
-		    component.path = func(component.path);
+		  let output = '';
+		  for (let i = 0; i < input.length; i++) {
+		    if (input[i] === '%' && i + 2 < input.length) {
+		      const hex = input.slice(i + 1, i + 3);
+		      if (isHexPair(hex)) {
+		        const normalizedHex = hex.toUpperCase();
+		        const decoded = String.fromCharCode(parseInt(normalizedHex, 16));
+		        if (decodeUnreserved && isUnreserved(decoded)) {
+		          output += decoded;
+		        } else {
+		          output += '%' + normalizedHex;
+		        }
+		        i += 2;
+		        continue
+		      }
+		    }
+		    output += input[i];
 		  }
-		  if (component.query !== undefined) {
-		    component.query = func(component.query);
+		  return output
+		}
+		/**
+		 * Normalizes path data without turning reserved escapes into live path syntax.
+		 * Valid escapes are uppercased, raw unsafe characters are escaped, and only
+		 * unreserved bytes that are not `.` are decoded.
+		 *
+		 * @param {string} input
+		 * @returns {string}
+		 */
+		function normalizePathEncoding (input) {
+		  let output = '';
+		  for (let i = 0; i < input.length; i++) {
+		    if (input[i] === '%' && i + 2 < input.length) {
+		      const hex = input.slice(i + 1, i + 3);
+		      if (isHexPair(hex)) {
+		        const normalizedHex = hex.toUpperCase();
+		        const decoded = String.fromCharCode(parseInt(normalizedHex, 16));
+		        if (decoded !== '.' && isUnreserved(decoded)) {
+		          output += decoded;
+		        } else {
+		          output += '%' + normalizedHex;
+		        }
+		        i += 2;
+		        continue
+		      }
+		    }
+		    if (isPathCharacter(input[i])) {
+		      output += input[i];
+		    } else {
+		      output += escape(input[i]);
+		    }
 		  }
-		  if (component.fragment !== undefined) {
-		    component.fragment = func(component.fragment);
+		  return output
+		}
+		/**
+		 * Escapes a component while preserving existing valid percent escapes.
+		 *
+		 * @param {string} input
+		 * @returns {string}
+		 */
+		function escapePreservingEscapes (input) {
+		  let output = '';
+		  for (let i = 0; i < input.length; i++) {
+		    if (input[i] === '%' && i + 2 < input.length) {
+		      const hex = input.slice(i + 1, i + 3);
+		      if (isHexPair(hex)) {
+		        output += '%' + hex.toUpperCase();
+		        i += 2;
+		        continue
+		      }
+		    }
+		    output += escape(input[i]);
 		  }
-		  return component
+		  return output
 		}
 		/**
@@ -27489,7 +27593,7 @@ export default theme;`;
 		      if (ipV6res.isIPV6 === true) {
 		        host = `[${ipV6res.escapedHost}]`;
 		      } else {
-		        host = component.host;
+		        host = reescapeHostDelimiters(host, false);
 		      }
 		    }
 		    uriTokens.push(host);
@@ -27505,7 +27609,10 @@ export default theme;`;
 		utils = {
 		  nonSimpleDomain,
 		  recomposeAuthority,
-		  normalizeComponentEncoding,
+		  reescapeHostDelimiters,
+		  normalizePercentEncoding,
+		  normalizePathEncoding,
+		  escapePreservingEscapes,
 		  removeDotSegments,
 		  isIPv4,
 		  isUUID,
@@ -27796,7 +27903,7 @@ export default theme;`;
 		if (hasRequiredFastUri) return fastUri.exports;
 		hasRequiredFastUri = 1;
-		const { normalizeIPv6, removeDotSegments, recomposeAuthority, normalizeComponentEncoding, isIPv4, nonSimpleDomain } = requireUtils();
+		const { normalizeIPv6, removeDotSegments, recomposeAuthority, normalizePercentEncoding, normalizePathEncoding, escapePreservingEscapes, reescapeHostDelimiters, isIPv4, nonSimpleDomain } = requireUtils();
 		const { SCHEMES, getSchemeHandler } = requireSchemes();
 		/**
@@ -27807,7 +27914,7 @@ export default theme;`;
 		 */
 		function normalize (uri, options) {
 		  if (typeof uri === 'string') {
-		    uri = /** @type {T} */ (serialize(parse(uri, options), options));
+		    uri = /** @type {T} */ (normalizeString(uri, options));
 		  } else if (typeof uri === 'object') {
 		    uri = /** @type {T} */ (parse(serialize(uri, options), options));
 		  }
@@ -27902,21 +28009,10 @@ export default theme;`;
 		 * @returns {boolean}
 		 */
 		function equal (uriA, uriB, options) {
-		  if (typeof uriA === 'string') {
-		    uriA = unescape(uriA);
-		    uriA = serialize(normalizeComponentEncoding(parse(uriA, options), true), { ...options, skipEscape: true });
-		  } else if (typeof uriA === 'object') {
-		    uriA = serialize(normalizeComponentEncoding(uriA, true), { ...options, skipEscape: true });
-		  }
-		  if (typeof uriB === 'string') {
-		    uriB = unescape(uriB);
-		    uriB = serialize(normalizeComponentEncoding(parse(uriB, options), true), { ...options, skipEscape: true });
-		  } else if (typeof uriB === 'object') {
-		    uriB = serialize(normalizeComponentEncoding(uriB, true), { ...options, skipEscape: true });
-		  }
+		  const normalizedA = normalizeComparableURI(uriA, options);
+		  const normalizedB = normalizeComparableURI(uriB, options);
-		  return uriA.toLowerCase() === uriB.toLowerCase()
+		  return normalizedA !== undefined && normalizedB !== undefined && normalizedA.toLowerCase() === normalizedB.toLowerCase()
 		}
 		/**
@@ -27952,13 +28048,13 @@ export default theme;`;
 		  if (component.path !== undefined) {
 		    if (!options.skipEscape) {
-		      component.path = escape(component.path);
+		      component.path = escapePreservingEscapes(component.path);
 		      if (component.scheme !== undefined) {
 		        component.path = component.path.split('%3A').join(':');
 		      }
 		    } else {
-		      component.path = unescape(component.path);
+		      component.path = normalizePercentEncoding(component.path);
 		    }
 		  }
@@ -28009,12 +28105,29 @@ export default theme;`;
 		const URI_PARSE = /^(?:([^#/:?]+):)?(?:\/\/((?:([^#/?@]*)@)?(\[[^#/?\]]+\]|[^#/:?]*)(?::(\d*))?))?([^#?]*)(?:\?([^#]*))?(?:#((?:.|[\n\r])*))?/u;
+		/**
+		 * @param {import('./types/index').URIComponent} parsed
+		 * @param {RegExpMatchArray} matches
+		 * @returns {string|undefined}
+		 */
+		function getParseError (parsed, matches) {
+		  if (matches[2] !== undefined && parsed.path && parsed.path[0] !== '/') {
+		    return 'URI path must start with "/" when authority is present.'
+		  }
+		  if (typeof parsed.port === 'number' && (parsed.port < 0 || parsed.port > 65535)) {
+		    return 'URI port is malformed.'
+		  }
+		  return undefined
+		}
 		/**
 		 * @param {string} uri
 		 * @param {import('./types/index').Options} [opts]
-		 * @returns
+		 * @returns {{ parsed: import('./types/index').URIComponent, malformedAuthorityOrPort: boolean }}
 		 */
-		function parse (uri, opts) {
+		function parseWithStatus (uri, opts) {
 		  const options = Object.assign({}, opts);
 		  /** @type {import('./types/index').URIComponent} */
 		  const parsed = {
@@ -28027,6 +28140,8 @@ export default theme;`;
 		    fragment: undefined
 		  };
+		  let malformedAuthorityOrPort = false;
 		  let isIP = false;
 		  if (options.reference === 'suffix') {
 		    if (options.scheme) {
@@ -28052,6 +28167,13 @@ export default theme;`;
 		    if (isNaN(parsed.port)) {
 		      parsed.port = matches[5];
 		    }
+		    const parseError = getParseError(parsed, matches);
+		    if (parseError !== undefined) {
+		      parsed.error = parsed.error || parseError;
+		      malformedAuthorityOrPort = true;
+		    }
 		    if (parsed.host) {
 		      const ipv4result = isIPv4(parsed.host);
 		      if (ipv4result === false) {
@@ -28100,14 +28222,18 @@ export default theme;`;
 		          parsed.scheme = unescape(parsed.scheme);
 		        }
 		        if (parsed.host !== undefined) {
-		          parsed.host = unescape(parsed.host);
+		          parsed.host = reescapeHostDelimiters(unescape(parsed.host), isIP);
 		        }
 		      }
 		      if (parsed.path) {
-		        parsed.path = escape(unescape(parsed.path));
+		        parsed.path = normalizePathEncoding(parsed.path);
 		      }
 		      if (parsed.fragment) {
-		        parsed.fragment = encodeURI(decodeURIComponent(parsed.fragment));
+		        try {
+		          parsed.fragment = encodeURI(decodeURIComponent(parsed.fragment));
+		        } catch {
+		          parsed.error = parsed.error || 'URI malformed';
+		        }
 		      }
 		    }
@@ -28118,7 +28244,54 @@ export default theme;`;
 		  } else {
 		    parsed.error = parsed.error || 'URI can not be parsed.';
 		  }
-		  return parsed
+		  return { parsed, malformedAuthorityOrPort }
+		}
+		/**
+		 * @param {string} uri
+		 * @param {import('./types/index').Options} [opts]
+		 * @returns
+		 */
+		function parse (uri, opts) {
+		  return parseWithStatus(uri, opts).parsed
+		}
+		/**
+		 * @param {string} uri
+		 * @param {import('./types/index').Options} [opts]
+		 * @returns {string}
+		 */
+		function normalizeString (uri, opts) {
+		  return normalizeStringWithStatus(uri, opts).normalized
+		}
+		/**
+		 * @param {string} uri
+		 * @param {import('./types/index').Options} [opts]
+		 * @returns {{ normalized: string, malformedAuthorityOrPort: boolean }}
+		 */
+		function normalizeStringWithStatus (uri, opts) {
+		  const { parsed, malformedAuthorityOrPort } = parseWithStatus(uri, opts);
+		  return {
+		    normalized: malformedAuthorityOrPort ? uri : serialize(parsed, opts),
+		    malformedAuthorityOrPort
+		  }
+		}
+		/**
+		 * @param {import ('./types/index').URIComponent|string} uri
+		 * @param {import('./types/index').Options} [opts]
+		 * @returns {string|undefined}
+		 */
+		function normalizeComparableURI (uri, opts) {
+		  if (typeof uri === 'string') {
+		    const { normalized, malformedAuthorityOrPort } = normalizeStringWithStatus(uri, opts);
+		    return malformedAuthorityOrPort ? undefined : normalized
+		  }
+		  if (typeof uri === 'object') {
+		    return serialize(uri, opts)
+		  }
 		}
 		const fastUri$1 = {