@dr.pogodin/react-utils 1.47.3 → 1.47.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/build/development/client/getInj.js +9 -6
  2. package/build/development/client/getInj.js.map +1 -1
  3. package/build/production/client/getInj.js +1 -6
  4. package/build/production/client/getInj.js.map +1 -1
  5. package/build/web/client/getInj.js +9 -6
  6. package/build/web/client/getInj.js.map +1 -1
  7. package/config/jest/setup.js +1 -0
  8. package/package.json +2 -2
package/build/development/client/getInj.js CHANGED
@@ -19,12 +19,15 @@ export default function getInj() {
19
19
  // NOTE: Since 2025 there is Uint8Array.fromBase64(), which should be
20
20
  // preferred, but it is not supported by older environments yet.
21
21
  const data = atob(metaElement.content);
22
-
23
- // TODO: Our current handling of this encryption / decryption follows
24
- // a legacy approach, and can be enhanced by using Crypto features.
25
- // Though, this is not strictly intended to be secure (it is more
26
- // to obfurscate injected data, rather than really keeping them
27
- // secure), thus it is fine like this for now.
22
+ if (!window.isSecureContext) {
23
+ if (window.location.protocol === 'https:') {
24
+ throw Error('Loaded via HTTPS, but it is not considered a secure context');
25
+ } else if (window.location.protocol !== 'http:') {
26
+ throw Error('Unexpected protocol');
27
+ }
28
+ const target = window.location.href.replace(/^http:/, 'https:');
29
+ window.location.replace(target);
30
+ }
28
31
  const {
29
32
  key
30
33
  } = getBuildInfo();
package/build/development/client/getInj.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"getInj.js","names":["getBuildInfo","inj","getInj","metaElement","document","querySelector","remove","data","atob","content","key","code","x","charCodeAt","dataBuffer","Uint8Array","from","slice","ivBuffer","keyBuffer","cKey","window","crypto","subtle","importKey","name","buffer","decrypt","iv","decoder","TextDecoder","res","eval","decode","REACT_UTILS_INJECTION"],"sources":["../../../src/client/getInj.ts"],"sourcesContent":["// Encapsulates retrieval of server-side data injection into HTML template.\n\n/* global document */\n\nimport type { InjT } from 'utils/globalState';\n\nimport { getBuildInfo } from 'utils/isomorphy/buildInfo';\n\nlet inj: InjT | Promise<InjT> | undefined;\n\nexport default function getInj(): InjT | Promise<InjT> {\n inj ??= (async () => {\n const metaElement: HTMLMetaElement | null = typeof document === 'undefined'\n ? null : document.querySelector('meta[itemprop=\"drpruinj\"]');\n\n if (metaElement) {\n metaElement.remove();\n\n // NOTE: Since 2025 there is Uint8Array.fromBase64(), which should be\n // preferred, but it is not supported by older environments yet.\n const data = atob(metaElement.content);\n\n // TODO: Our current handling of this encryption / decryption follows\n // a legacy approach, and can be enhanced by using Crypto features.\n // Though, this is not strictly intended to be secure (it is more\n // to obfurscate injected data, rather than really keeping them\n // secure), thus it is fine like this for now.\n const { key } = getBuildInfo();\n\n const code = (x: string) => x.charCodeAt(0);\n const dataBuffer = Uint8Array.from(data.slice(16), code);\n const ivBuffer = Uint8Array.from(data.slice(0, 16), code);\n const keyBuffer = Uint8Array.from(atob(key), code);\n\n const cKey = await window.crypto.subtle.importKey(\n 'raw',\n keyBuffer,\n { name: 'AES-CBC' },\n false,\n ['decrypt'],\n );\n\n const buffer = await window.crypto.subtle.decrypt({\n iv: ivBuffer,\n name: 'AES-CBC',\n }, cKey, dataBuffer);\n\n const decoder = new TextDecoder();\n\n // eslint-disable-next-line no-eval\n const res = eval(`(${decoder.decode(buffer)})`) as InjT;\n\n // NOTE: This is important, to be able to return the injection\n // synchronously once it is initialized.\n inj = res;\n\n return res;\n } else if (typeof window !== 'undefined' && window.REACT_UTILS_INJECTION) {\n const res = window.REACT_UTILS_INJECTION;\n delete window.REACT_UTILS_INJECTION;\n return res;\n }\n\n // Otherwise, a bunch of dependent stuff will easily fail in non-standard\n // environments, where no client-side initialization is performed. Like tests,\n // Docusaurus examples, etc.\n return {};\n })();\n\n return inj;\n}\n"],"mappings":";;;;;;;AAAA;;AAEA;AAAA,SAISA,YAAY;AAErB,IAAIC,GAAqC;AAEzC,eAAe,SAASC,MAAMA,CAAA,EAAyB;EACrDD,GAAG,KAAK,CAAC,YAAY;IACnB,MAAME,WAAmC,GAAG,OAAOC,QAAQ,KAAK,WAAW,GACvE,IAAI,GAAGA,QAAQ,CAACC,aAAa,CAAC,2BAA2B,CAAC;IAE9D,IAAIF,WAAW,EAAE;MACfA,WAAW,CAACG,MAAM,CAAC,CAAC;;MAEpB;MACA;MACA,MAAMC,IAAI,GAAGC,IAAI,CAACL,WAAW,CAACM,OAAO,CAAC;;MAEtC;MACA;MACA;MACA;MACA;MACA,MAAM;QAAEC;MAAI,CAAC,GAAGV,YAAY,CAAC,CAAC;MAE9B,MAAMW,IAAI,GAAIC,CAAS,IAAKA,CAAC,CAACC,UAAU,CAAC,CAAC,CAAC;MAC3C,MAAMC,UAAU,GAAGC,UAAU,CAACC,IAAI,CAACT,IAAI,CAACU,KAAK,CAAC,EAAE,CAAC,EAAEN,IAAI,CAAC;MACxD,MAAMO,QAAQ,GAAGH,UAAU,CAACC,IAAI,CAACT,IAAI,CAACU,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAEN,IAAI,CAAC;MACzD,MAAMQ,SAAS,GAAGJ,UAAU,CAACC,IAAI,CAACR,IAAI,CAACE,GAAG,CAAC,EAAEC,IAAI,CAAC;MAElD,MAAMS,IAAI,GAAG,MAAMC,MAAM,CAACC,MAAM,CAACC,MAAM,CAACC,SAAS,CAC/C,KAAK,EACLL,SAAS,EACT;QAAEM,IAAI,EAAE;MAAU,CAAC,EACnB,KAAK,EACL,CAAC,SAAS,CACZ,CAAC;MAED,MAAMC,MAAM,GAAG,MAAML,MAAM,CAACC,MAAM,CAACC,MAAM,CAACI,OAAO,CAAC;QAChDC,EAAE,EAAEV,QAAQ;QACZO,IAAI,EAAE;MACR,CAAC,EAAEL,IAAI,EAAEN,UAAU,CAAC;MAEpB,MAAMe,OAAO,GAAG,IAAIC,WAAW,CAAC,CAAC;;MAEjC;MACA,MAAMC,GAAG,GAAGC,IAAI,CAAC,IAAIH,OAAO,CAACI,MAAM,CAACP,MAAM,CAAC,GAAG,CAAS;;MAEvD;MACA;MACAzB,GAAG,GAAG8B,GAAG;MAET,OAAOA,GAAG;IACZ,CAAC,MAAM,IAAI,OAAOV,MAAM,KAAK,WAAW,IAAIA,MAAM,CAACa,qBAAqB,EAAE;MACxE,MAAMH,GAAG,GAAGV,MAAM,CAACa,qBAAqB;MACxC,OAAOb,MAAM,CAACa,qBAAqB;MACnC,OAAOH,GAAG;IACZ;;IAEA;IACA;IACA;IACA,OAAO,CAAC,CAAC;EACX,CAAC,EAAE,CAAC;EAEJ,OAAO9B,GAAG;AACZ","ignoreList":[]}
1
+ {"version":3,"file":"getInj.js","names":["getBuildInfo","inj","getInj","metaElement","document","querySelector","remove","data","atob","content","window","isSecureContext","location","protocol","Error","target","href","replace","key","code","x","charCodeAt","dataBuffer","Uint8Array","from","slice","ivBuffer","keyBuffer","cKey","crypto","subtle","importKey","name","buffer","decrypt","iv","decoder","TextDecoder","res","eval","decode","REACT_UTILS_INJECTION"],"sources":["../../../src/client/getInj.ts"],"sourcesContent":["// Encapsulates retrieval of server-side data injection into HTML template.\n\n/* global document */\n\nimport type { InjT } from 'utils/globalState';\n\nimport { getBuildInfo } from 'utils/isomorphy/buildInfo';\n\nlet inj: InjT | Promise<InjT> | undefined;\n\nexport default function getInj(): InjT | Promise<InjT> {\n inj ??= (async () => {\n const metaElement: HTMLMetaElement | null = typeof document === 'undefined'\n ? null : document.querySelector('meta[itemprop=\"drpruinj\"]');\n\n if (metaElement) {\n metaElement.remove();\n\n // NOTE: Since 2025 there is Uint8Array.fromBase64(), which should be\n // preferred, but it is not supported by older environments yet.\n const data = atob(metaElement.content);\n\n if (!window.isSecureContext) {\n if (window.location.protocol === 'https:') {\n throw Error('Loaded via HTTPS, but it is not considered a secure context');\n } else if (window.location.protocol !== 'http:') {\n throw Error('Unexpected protocol');\n }\n\n const target = window.location.href.replace(/^http:/, 'https:');\n window.location.replace(target);\n }\n\n const { key } = getBuildInfo();\n\n const code = (x: string) => x.charCodeAt(0);\n const dataBuffer = Uint8Array.from(data.slice(16), code);\n const ivBuffer = Uint8Array.from(data.slice(0, 16), code);\n const keyBuffer = Uint8Array.from(atob(key), code);\n\n const cKey = await window.crypto.subtle.importKey(\n 'raw',\n keyBuffer,\n { name: 'AES-CBC' },\n false,\n ['decrypt'],\n );\n\n const buffer = await window.crypto.subtle.decrypt({\n iv: ivBuffer,\n name: 'AES-CBC',\n }, cKey, dataBuffer);\n\n const decoder = new TextDecoder();\n\n // eslint-disable-next-line no-eval\n const res = eval(`(${decoder.decode(buffer)})`) as InjT;\n\n // NOTE: This is important, to be able to return the injection\n // synchronously once it is initialized.\n inj = res;\n\n return res;\n } else if (typeof window !== 'undefined' && window.REACT_UTILS_INJECTION) {\n const res = window.REACT_UTILS_INJECTION;\n delete window.REACT_UTILS_INJECTION;\n return res;\n }\n\n // Otherwise, a bunch of dependent stuff will easily fail in non-standard\n // environments, where no client-side initialization is performed. Like tests,\n // Docusaurus examples, etc.\n return {};\n })();\n\n return inj;\n}\n"],"mappings":";;;;;;;AAAA;;AAEA;AAAA,SAISA,YAAY;AAErB,IAAIC,GAAqC;AAEzC,eAAe,SAASC,MAAMA,CAAA,EAAyB;EACrDD,GAAG,KAAK,CAAC,YAAY;IACnB,MAAME,WAAmC,GAAG,OAAOC,QAAQ,KAAK,WAAW,GACvE,IAAI,GAAGA,QAAQ,CAACC,aAAa,CAAC,2BAA2B,CAAC;IAE9D,IAAIF,WAAW,EAAE;MACfA,WAAW,CAACG,MAAM,CAAC,CAAC;;MAEpB;MACA;MACA,MAAMC,IAAI,GAAGC,IAAI,CAACL,WAAW,CAACM,OAAO,CAAC;MAEtC,IAAI,CAACC,MAAM,CAACC,eAAe,EAAE;QAC3B,IAAID,MAAM,CAACE,QAAQ,CAACC,QAAQ,KAAK,QAAQ,EAAE;UACzC,MAAMC,KAAK,CAAC,6DAA6D,CAAC;QAC5E,CAAC,MAAM,IAAIJ,MAAM,CAACE,QAAQ,CAACC,QAAQ,KAAK,OAAO,EAAE;UAC/C,MAAMC,KAAK,CAAC,qBAAqB,CAAC;QACpC;QAEA,MAAMC,MAAM,GAAGL,MAAM,CAACE,QAAQ,CAACI,IAAI,CAACC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAC/DP,MAAM,CAACE,QAAQ,CAACK,OAAO,CAACF,MAAM,CAAC;MACjC;MAEA,MAAM;QAAEG;MAAI,CAAC,GAAGlB,YAAY,CAAC,CAAC;MAE9B,MAAMmB,IAAI,GAAIC,CAAS,IAAKA,CAAC,CAACC,UAAU,CAAC,CAAC,CAAC;MAC3C,MAAMC,UAAU,GAAGC,UAAU,CAACC,IAAI,CAACjB,IAAI,CAACkB,KAAK,CAAC,EAAE,CAAC,EAAEN,IAAI,CAAC;MACxD,MAAMO,QAAQ,GAAGH,UAAU,CAACC,IAAI,CAACjB,IAAI,CAACkB,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAEN,IAAI,CAAC;MACzD,MAAMQ,SAAS,GAAGJ,UAAU,CAACC,IAAI,CAAChB,IAAI,CAACU,GAAG,CAAC,EAAEC,IAAI,CAAC;MAElD,MAAMS,IAAI,GAAG,MAAMlB,MAAM,CAACmB,MAAM,CAACC,MAAM,CAACC,SAAS,CAC/C,KAAK,EACLJ,SAAS,EACT;QAAEK,IAAI,EAAE;MAAU,CAAC,EACnB,KAAK,EACL,CAAC,SAAS,CACZ,CAAC;MAED,MAAMC,MAAM,GAAG,MAAMvB,MAAM,CAACmB,MAAM,CAACC,MAAM,CAACI,OAAO,CAAC;QAChDC,EAAE,EAAET,QAAQ;QACZM,IAAI,EAAE;MACR,CAAC,EAAEJ,IAAI,EAAEN,UAAU,CAAC;MAEpB,MAAMc,OAAO,GAAG,IAAIC,WAAW,CAAC,CAAC;;MAEjC;MACA,MAAMC,GAAG,GAAGC,IAAI,CAAC,IAAIH,OAAO,CAACI,MAAM,CAACP,MAAM,CAAC,GAAG,CAAS;;MAEvD;MACA;MACAhC,GAAG,GAAGqC,GAAG;MAET,OAAOA,GAAG;IACZ,CAAC,MAAM,IAAI,OAAO5B,MAAM,KAAK,WAAW,IAAIA,MAAM,CAAC+B,qBAAqB,EAAE;MACxE,MAAMH,GAAG,GAAG5B,MAAM,CAAC+B,qBAAqB;MACxC,OAAO/B,MAAM,CAAC+B,qBAAqB;MACnC,OAAOH,GAAG;IACZ;;IAEA;IACA;IACA;IACA,OAAO,CAAC,CAAC;EACX,CAAC,EAAE,CAAC;EAEJ,OAAOrC,GAAG;AACZ","ignoreList":[]}
package/build/production/client/getInj.js CHANGED
@@ -1,12 +1,7 @@
1
1
  import"core-js/modules/es.array-buffer.detached.js";import"core-js/modules/es.array-buffer.transfer.js";import"core-js/modules/es.array-buffer.transfer-to-fixed-length.js";import"core-js/modules/es.typed-array.to-reversed.js";import"core-js/modules/es.typed-array.to-sorted.js";import"core-js/modules/es.typed-array.with.js";import"core-js/modules/web.dom-exception.stack.js";// Encapsulates retrieval of server-side data injection into HTML template.
2
2
  /* global document */import{getBuildInfo}from"../shared/utils/isomorphy/buildInfo.js";let inj;export default function getInj(){inj??=(async()=>{const metaElement=typeof document==="undefined"?null:document.querySelector("meta[itemprop=\"drpruinj\"]");if(metaElement){metaElement.remove();// NOTE: Since 2025 there is Uint8Array.fromBase64(), which should be
3
3
  // preferred, but it is not supported by older environments yet.
4
- const data=atob(metaElement.content);// TODO: Our current handling of this encryption / decryption follows
5
- // a legacy approach, and can be enhanced by using Crypto features.
6
- // Though, this is not strictly intended to be secure (it is more
7
- // to obfurscate injected data, rather than really keeping them
8
- // secure), thus it is fine like this for now.
9
- const{key}=getBuildInfo();const code=x=>x.charCodeAt(0);const dataBuffer=Uint8Array.from(data.slice(16),code);const ivBuffer=Uint8Array.from(data.slice(0,16),code);const keyBuffer=Uint8Array.from(atob(key),code);const cKey=await window.crypto.subtle.importKey("raw",keyBuffer,{name:"AES-CBC"},false,["decrypt"]);const buffer=await window.crypto.subtle.decrypt({iv:ivBuffer,name:"AES-CBC"},cKey,dataBuffer);const decoder=new TextDecoder;// eslint-disable-next-line no-eval
4
+ const data=atob(metaElement.content);if(!window.isSecureContext){if(window.location.protocol==="https:"){throw Error("Loaded via HTTPS, but it is not considered a secure context")}else if(window.location.protocol!=="http:"){throw Error("Unexpected protocol")}const target=window.location.href.replace(/^http:/,"https:");window.location.replace(target)}const{key}=getBuildInfo();const code=x=>x.charCodeAt(0);const dataBuffer=Uint8Array.from(data.slice(16),code);const ivBuffer=Uint8Array.from(data.slice(0,16),code);const keyBuffer=Uint8Array.from(atob(key),code);const cKey=await window.crypto.subtle.importKey("raw",keyBuffer,{name:"AES-CBC"},false,["decrypt"]);const buffer=await window.crypto.subtle.decrypt({iv:ivBuffer,name:"AES-CBC"},cKey,dataBuffer);const decoder=new TextDecoder;// eslint-disable-next-line no-eval
10
5
  const res=eval(`(${decoder.decode(buffer)})`);// NOTE: This is important, to be able to return the injection
11
6
  // synchronously once it is initialized.
12
7
  inj=res;return res}else if(typeof window!=="undefined"&&window.REACT_UTILS_INJECTION){const res=window.REACT_UTILS_INJECTION;delete window.REACT_UTILS_INJECTION;return res}// Otherwise, a bunch of dependent stuff will easily fail in non-standard
package/build/production/client/getInj.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"getInj.js","names":["getBuildInfo","inj","getInj","metaElement","document","querySelector","remove","data","atob","content","key","code","x","charCodeAt","dataBuffer","Uint8Array","from","slice","ivBuffer","keyBuffer","cKey","window","crypto","subtle","importKey","name","buffer","decrypt","iv","decoder","TextDecoder","res","eval","decode","REACT_UTILS_INJECTION"],"sources":["../../../src/client/getInj.ts"],"sourcesContent":["// Encapsulates retrieval of server-side data injection into HTML template.\n\n/* global document */\n\nimport type { InjT } from 'utils/globalState';\n\nimport { getBuildInfo } from 'utils/isomorphy/buildInfo';\n\nlet inj: InjT | Promise<InjT> | undefined;\n\nexport default function getInj(): InjT | Promise<InjT> {\n inj ??= (async () => {\n const metaElement: HTMLMetaElement | null = typeof document === 'undefined'\n ? null : document.querySelector('meta[itemprop=\"drpruinj\"]');\n\n if (metaElement) {\n metaElement.remove();\n\n // NOTE: Since 2025 there is Uint8Array.fromBase64(), which should be\n // preferred, but it is not supported by older environments yet.\n const data = atob(metaElement.content);\n\n // TODO: Our current handling of this encryption / decryption follows\n // a legacy approach, and can be enhanced by using Crypto features.\n // Though, this is not strictly intended to be secure (it is more\n // to obfurscate injected data, rather than really keeping them\n // secure), thus it is fine like this for now.\n const { key } = getBuildInfo();\n\n const code = (x: string) => x.charCodeAt(0);\n const dataBuffer = Uint8Array.from(data.slice(16), code);\n const ivBuffer = Uint8Array.from(data.slice(0, 16), code);\n const keyBuffer = Uint8Array.from(atob(key), code);\n\n const cKey = await window.crypto.subtle.importKey(\n 'raw',\n keyBuffer,\n { name: 'AES-CBC' },\n false,\n ['decrypt'],\n );\n\n const buffer = await window.crypto.subtle.decrypt({\n iv: ivBuffer,\n name: 'AES-CBC',\n }, cKey, dataBuffer);\n\n const decoder = new TextDecoder();\n\n // eslint-disable-next-line no-eval\n const res = eval(`(${decoder.decode(buffer)})`) as InjT;\n\n // NOTE: This is important, to be able to return the injection\n // synchronously once it is initialized.\n inj = res;\n\n return res;\n } else if (typeof window !== 'undefined' && window.REACT_UTILS_INJECTION) {\n const res = window.REACT_UTILS_INJECTION;\n delete window.REACT_UTILS_INJECTION;\n return res;\n }\n\n // Otherwise, a bunch of dependent stuff will easily fail in non-standard\n // environments, where no client-side initialization is performed. Like tests,\n // Docusaurus examples, etc.\n return {};\n })();\n\n return inj;\n}\n"],"mappings":"wXAAA;AAEA,4BAISA,YAAY,8CAErB,GAAI,CAAAC,GAAqC,CAEzC,cAAe,SAAS,CAAAC,MAAMA,CAAA,CAAyB,CACrDD,GAAG,GAAK,CAAC,SAAY,CACnB,KAAM,CAAAE,WAAmC,CAAG,MAAO,CAAAC,QAAQ,GAAK,WAAW,CACvE,IAAI,CAAGA,QAAQ,CAACC,aAAa,CAAC,6BAA2B,CAAC,CAE9D,GAAIF,WAAW,CAAE,CACfA,WAAW,CAACG,MAAM,CAAC,CAAC,CAEpB;AACA;AACA,KAAM,CAAAC,IAAI,CAAGC,IAAI,CAACL,WAAW,CAACM,OAAO,CAAC,CAEtC;AACA;AACA;AACA;AACA;AACA,KAAM,CAAEC,GAAI,CAAC,CAAGV,YAAY,CAAC,CAAC,CAE9B,KAAM,CAAAW,IAAI,CAAIC,CAAS,EAAKA,CAAC,CAACC,UAAU,CAAC,CAAC,CAAC,CAC3C,KAAM,CAAAC,UAAU,CAAGC,UAAU,CAACC,IAAI,CAACT,IAAI,CAACU,KAAK,CAAC,EAAE,CAAC,CAAEN,IAAI,CAAC,CACxD,KAAM,CAAAO,QAAQ,CAAGH,UAAU,CAACC,IAAI,CAACT,IAAI,CAACU,KAAK,CAAC,CAAC,CAAE,EAAE,CAAC,CAAEN,IAAI,CAAC,CACzD,KAAM,CAAAQ,SAAS,CAAGJ,UAAU,CAACC,IAAI,CAACR,IAAI,CAACE,GAAG,CAAC,CAAEC,IAAI,CAAC,CAElD,KAAM,CAAAS,IAAI,CAAG,KAAM,CAAAC,MAAM,CAACC,MAAM,CAACC,MAAM,CAACC,SAAS,CAC/C,KAAK,CACLL,SAAS,CACT,CAAEM,IAAI,CAAE,SAAU,CAAC,CACnB,KAAK,CACL,CAAC,SAAS,CACZ,CAAC,CAED,KAAM,CAAAC,MAAM,CAAG,KAAM,CAAAL,MAAM,CAACC,MAAM,CAACC,MAAM,CAACI,OAAO,CAAC,CAChDC,EAAE,CAAEV,QAAQ,CACZO,IAAI,CAAE,SACR,CAAC,CAAEL,IAAI,CAAEN,UAAU,CAAC,CAEpB,KAAM,CAAAe,OAAO,CAAG,GAAI,CAAAC,WAAa,CAEjC;AACA,KAAM,CAAAC,GAAG,CAAGC,IAAI,CAAC,IAAIH,OAAO,CAACI,MAAM,CAACP,MAAM,CAAC,GAAG,CAAS,CAEvD;AACA;AACAzB,GAAG,CAAG8B,GAAG,CAET,MAAO,CAAAA,GACT,CAAC,IAAM,IAAI,MAAO,CAAAV,MAAM,GAAK,WAAW,EAAIA,MAAM,CAACa,qBAAqB,CAAE,CACxE,KAAM,CAAAH,GAAG,CAAGV,MAAM,CAACa,qBAAqB,CACxC,MAAO,CAAAb,MAAM,CAACa,qBAAqB,CACnC,MAAO,CAAAH,GACT,CAEA;AACA;AACA;AACA,MAAO,CAAC,CACV,CAAC,EAAE,CAAC,CAEJ,MAAO,CAAA9B,GACT","ignoreList":[]}
1
+ {"version":3,"file":"getInj.js","names":["getBuildInfo","inj","getInj","metaElement","document","querySelector","remove","data","atob","content","window","isSecureContext","location","protocol","Error","target","href","replace","key","code","x","charCodeAt","dataBuffer","Uint8Array","from","slice","ivBuffer","keyBuffer","cKey","crypto","subtle","importKey","name","buffer","decrypt","iv","decoder","TextDecoder","res","eval","decode","REACT_UTILS_INJECTION"],"sources":["../../../src/client/getInj.ts"],"sourcesContent":["// Encapsulates retrieval of server-side data injection into HTML template.\n\n/* global document */\n\nimport type { InjT } from 'utils/globalState';\n\nimport { getBuildInfo } from 'utils/isomorphy/buildInfo';\n\nlet inj: InjT | Promise<InjT> | undefined;\n\nexport default function getInj(): InjT | Promise<InjT> {\n inj ??= (async () => {\n const metaElement: HTMLMetaElement | null = typeof document === 'undefined'\n ? null : document.querySelector('meta[itemprop=\"drpruinj\"]');\n\n if (metaElement) {\n metaElement.remove();\n\n // NOTE: Since 2025 there is Uint8Array.fromBase64(), which should be\n // preferred, but it is not supported by older environments yet.\n const data = atob(metaElement.content);\n\n if (!window.isSecureContext) {\n if (window.location.protocol === 'https:') {\n throw Error('Loaded via HTTPS, but it is not considered a secure context');\n } else if (window.location.protocol !== 'http:') {\n throw Error('Unexpected protocol');\n }\n\n const target = window.location.href.replace(/^http:/, 'https:');\n window.location.replace(target);\n }\n\n const { key } = getBuildInfo();\n\n const code = (x: string) => x.charCodeAt(0);\n const dataBuffer = Uint8Array.from(data.slice(16), code);\n const ivBuffer = Uint8Array.from(data.slice(0, 16), code);\n const keyBuffer = Uint8Array.from(atob(key), code);\n\n const cKey = await window.crypto.subtle.importKey(\n 'raw',\n keyBuffer,\n { name: 'AES-CBC' },\n false,\n ['decrypt'],\n );\n\n const buffer = await window.crypto.subtle.decrypt({\n iv: ivBuffer,\n name: 'AES-CBC',\n }, cKey, dataBuffer);\n\n const decoder = new TextDecoder();\n\n // eslint-disable-next-line no-eval\n const res = eval(`(${decoder.decode(buffer)})`) as InjT;\n\n // NOTE: This is important, to be able to return the injection\n // synchronously once it is initialized.\n inj = res;\n\n return res;\n } else if (typeof window !== 'undefined' && window.REACT_UTILS_INJECTION) {\n const res = window.REACT_UTILS_INJECTION;\n delete window.REACT_UTILS_INJECTION;\n return res;\n }\n\n // Otherwise, a bunch of dependent stuff will easily fail in non-standard\n // environments, where no client-side initialization is performed. Like tests,\n // Docusaurus examples, etc.\n return {};\n })();\n\n return inj;\n}\n"],"mappings":"wXAAA;AAEA,4BAISA,YAAY,8CAErB,GAAI,CAAAC,GAAqC,CAEzC,cAAe,SAAS,CAAAC,MAAMA,CAAA,CAAyB,CACrDD,GAAG,GAAK,CAAC,SAAY,CACnB,KAAM,CAAAE,WAAmC,CAAG,MAAO,CAAAC,QAAQ,GAAK,WAAW,CACvE,IAAI,CAAGA,QAAQ,CAACC,aAAa,CAAC,6BAA2B,CAAC,CAE9D,GAAIF,WAAW,CAAE,CACfA,WAAW,CAACG,MAAM,CAAC,CAAC,CAEpB;AACA;AACA,KAAM,CAAAC,IAAI,CAAGC,IAAI,CAACL,WAAW,CAACM,OAAO,CAAC,CAEtC,GAAI,CAACC,MAAM,CAACC,eAAe,CAAE,CAC3B,GAAID,MAAM,CAACE,QAAQ,CAACC,QAAQ,GAAK,QAAQ,CAAE,CACzC,KAAM,CAAAC,KAAK,CAAC,6DAA6D,CAC3E,CAAC,IAAM,IAAIJ,MAAM,CAACE,QAAQ,CAACC,QAAQ,GAAK,OAAO,CAAE,CAC/C,KAAM,CAAAC,KAAK,CAAC,qBAAqB,CACnC,CAEA,KAAM,CAAAC,MAAM,CAAGL,MAAM,CAACE,QAAQ,CAACI,IAAI,CAACC,OAAO,CAAC,QAAQ,CAAE,QAAQ,CAAC,CAC/DP,MAAM,CAACE,QAAQ,CAACK,OAAO,CAACF,MAAM,CAChC,CAEA,KAAM,CAAEG,GAAI,CAAC,CAAGlB,YAAY,CAAC,CAAC,CAE9B,KAAM,CAAAmB,IAAI,CAAIC,CAAS,EAAKA,CAAC,CAACC,UAAU,CAAC,CAAC,CAAC,CAC3C,KAAM,CAAAC,UAAU,CAAGC,UAAU,CAACC,IAAI,CAACjB,IAAI,CAACkB,KAAK,CAAC,EAAE,CAAC,CAAEN,IAAI,CAAC,CACxD,KAAM,CAAAO,QAAQ,CAAGH,UAAU,CAACC,IAAI,CAACjB,IAAI,CAACkB,KAAK,CAAC,CAAC,CAAE,EAAE,CAAC,CAAEN,IAAI,CAAC,CACzD,KAAM,CAAAQ,SAAS,CAAGJ,UAAU,CAACC,IAAI,CAAChB,IAAI,CAACU,GAAG,CAAC,CAAEC,IAAI,CAAC,CAElD,KAAM,CAAAS,IAAI,CAAG,KAAM,CAAAlB,MAAM,CAACmB,MAAM,CAACC,MAAM,CAACC,SAAS,CAC/C,KAAK,CACLJ,SAAS,CACT,CAAEK,IAAI,CAAE,SAAU,CAAC,CACnB,KAAK,CACL,CAAC,SAAS,CACZ,CAAC,CAED,KAAM,CAAAC,MAAM,CAAG,KAAM,CAAAvB,MAAM,CAACmB,MAAM,CAACC,MAAM,CAACI,OAAO,CAAC,CAChDC,EAAE,CAAET,QAAQ,CACZM,IAAI,CAAE,SACR,CAAC,CAAEJ,IAAI,CAAEN,UAAU,CAAC,CAEpB,KAAM,CAAAc,OAAO,CAAG,GAAI,CAAAC,WAAa,CAEjC;AACA,KAAM,CAAAC,GAAG,CAAGC,IAAI,CAAC,IAAIH,OAAO,CAACI,MAAM,CAACP,MAAM,CAAC,GAAG,CAAS,CAEvD;AACA;AACAhC,GAAG,CAAGqC,GAAG,CAET,MAAO,CAAAA,GACT,CAAC,IAAM,IAAI,MAAO,CAAA5B,MAAM,GAAK,WAAW,EAAIA,MAAM,CAAC+B,qBAAqB,CAAE,CACxE,KAAM,CAAAH,GAAG,CAAG5B,MAAM,CAAC+B,qBAAqB,CACxC,MAAO,CAAA/B,MAAM,CAAC+B,qBAAqB,CACnC,MAAO,CAAAH,GACT,CAEA;AACA;AACA;AACA,MAAO,CAAC,CACV,CAAC,EAAE,CAAC,CAEJ,MAAO,CAAArC,GACT","ignoreList":[]}
package/build/web/client/getInj.js CHANGED
@@ -20,12 +20,15 @@ export default function getInj() {
20
20
  // NOTE: Since 2025 there is Uint8Array.fromBase64(), which should be
21
21
  // preferred, but it is not supported by older environments yet.
22
22
  const data = atob(metaElement.content);
23
-
24
- // TODO: Our current handling of this encryption / decryption follows
25
- // a legacy approach, and can be enhanced by using Crypto features.
26
- // Though, this is not strictly intended to be secure (it is more
27
- // to obfurscate injected data, rather than really keeping them
28
- // secure), thus it is fine like this for now.
23
+ if (!window.isSecureContext) {
24
+ if (window.location.protocol === 'https:') {
25
+ throw Error('Loaded via HTTPS, but it is not considered a secure context');
26
+ } else if (window.location.protocol !== 'http:') {
27
+ throw Error('Unexpected protocol');
28
+ }
29
+ const target = window.location.href.replace(/^http:/, 'https:');
30
+ window.location.replace(target);
31
+ }
29
32
  const {
30
33
  key
31
34
  } = getBuildInfo();
package/build/web/client/getInj.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"getInj.js","names":["getBuildInfo","inj","getInj","metaElement","document","querySelector","remove","data","atob","content","key","code","x","charCodeAt","dataBuffer","Uint8Array","from","slice","ivBuffer","keyBuffer","cKey","window","crypto","subtle","importKey","name","buffer","decrypt","iv","decoder","TextDecoder","res","eval","decode","REACT_UTILS_INJECTION"],"sources":["../../../src/client/getInj.ts"],"sourcesContent":["// Encapsulates retrieval of server-side data injection into HTML template.\n\n/* global document */\n\nimport type { InjT } from 'utils/globalState';\n\nimport { getBuildInfo } from 'utils/isomorphy/buildInfo';\n\nlet inj: InjT | Promise<InjT> | undefined;\n\nexport default function getInj(): InjT | Promise<InjT> {\n inj ??= (async () => {\n const metaElement: HTMLMetaElement | null = typeof document === 'undefined'\n ? null : document.querySelector('meta[itemprop=\"drpruinj\"]');\n\n if (metaElement) {\n metaElement.remove();\n\n // NOTE: Since 2025 there is Uint8Array.fromBase64(), which should be\n // preferred, but it is not supported by older environments yet.\n const data = atob(metaElement.content);\n\n // TODO: Our current handling of this encryption / decryption follows\n // a legacy approach, and can be enhanced by using Crypto features.\n // Though, this is not strictly intended to be secure (it is more\n // to obfurscate injected data, rather than really keeping them\n // secure), thus it is fine like this for now.\n const { key } = getBuildInfo();\n\n const code = (x: string) => x.charCodeAt(0);\n const dataBuffer = Uint8Array.from(data.slice(16), code);\n const ivBuffer = Uint8Array.from(data.slice(0, 16), code);\n const keyBuffer = Uint8Array.from(atob(key), code);\n\n const cKey = await window.crypto.subtle.importKey(\n 'raw',\n keyBuffer,\n { name: 'AES-CBC' },\n false,\n ['decrypt'],\n );\n\n const buffer = await window.crypto.subtle.decrypt({\n iv: ivBuffer,\n name: 'AES-CBC',\n }, cKey, dataBuffer);\n\n const decoder = new TextDecoder();\n\n // eslint-disable-next-line no-eval\n const res = eval(`(${decoder.decode(buffer)})`) as InjT;\n\n // NOTE: This is important, to be able to return the injection\n // synchronously once it is initialized.\n inj = res;\n\n return res;\n } else if (typeof window !== 'undefined' && window.REACT_UTILS_INJECTION) {\n const res = window.REACT_UTILS_INJECTION;\n delete window.REACT_UTILS_INJECTION;\n return res;\n }\n\n // Otherwise, a bunch of dependent stuff will easily fail in non-standard\n // environments, where no client-side initialization is performed. Like tests,\n // Docusaurus examples, etc.\n return {};\n })();\n\n return inj;\n}\n"],"mappings":";;;;;;;AAAA;;AAEA;;AAIA,SAASA,YAAY;AAErB,IAAIC,GAAqC;AAEzC,eAAe,SAASC,MAAMA,CAAA,EAAyB;EACrDD,GAAG,KAAK,CAAC,YAAY;IACnB,MAAME,WAAmC,GAAG,OAAOC,QAAQ,KAAK,WAAW,GACvE,IAAI,GAAGA,QAAQ,CAACC,aAAa,CAAC,2BAA2B,CAAC;IAE9D,IAAIF,WAAW,EAAE;MACfA,WAAW,CAACG,MAAM,CAAC,CAAC;;MAEpB;MACA;MACA,MAAMC,IAAI,GAAGC,IAAI,CAACL,WAAW,CAACM,OAAO,CAAC;;MAEtC;MACA;MACA;MACA;MACA;MACA,MAAM;QAAEC;MAAI,CAAC,GAAGV,YAAY,CAAC,CAAC;MAE9B,MAAMW,IAAI,GAAIC,CAAS,IAAKA,CAAC,CAACC,UAAU,CAAC,CAAC,CAAC;MAC3C,MAAMC,UAAU,GAAGC,UAAU,CAACC,IAAI,CAACT,IAAI,CAACU,KAAK,CAAC,EAAE,CAAC,EAAEN,IAAI,CAAC;MACxD,MAAMO,QAAQ,GAAGH,UAAU,CAACC,IAAI,CAACT,IAAI,CAACU,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAEN,IAAI,CAAC;MACzD,MAAMQ,SAAS,GAAGJ,UAAU,CAACC,IAAI,CAACR,IAAI,CAACE,GAAG,CAAC,EAAEC,IAAI,CAAC;MAElD,MAAMS,IAAI,GAAG,MAAMC,MAAM,CAACC,MAAM,CAACC,MAAM,CAACC,SAAS,CAC/C,KAAK,EACLL,SAAS,EACT;QAAEM,IAAI,EAAE;MAAU,CAAC,EACnB,KAAK,EACL,CAAC,SAAS,CACZ,CAAC;MAED,MAAMC,MAAM,GAAG,MAAML,MAAM,CAACC,MAAM,CAACC,MAAM,CAACI,OAAO,CAAC;QAChDC,EAAE,EAAEV,QAAQ;QACZO,IAAI,EAAE;MACR,CAAC,EAAEL,IAAI,EAAEN,UAAU,CAAC;MAEpB,MAAMe,OAAO,GAAG,IAAIC,WAAW,CAAC,CAAC;;MAEjC;MACA,MAAMC,GAAG,GAAGC,IAAI,CAAC,IAAIH,OAAO,CAACI,MAAM,CAACP,MAAM,CAAC,GAAG,CAAS;;MAEvD;MACA;MACAzB,GAAG,GAAG8B,GAAG;MAET,OAAOA,GAAG;IACZ,CAAC,MAAM,IAAI,OAAOV,MAAM,KAAK,WAAW,IAAIA,MAAM,CAACa,qBAAqB,EAAE;MACxE,MAAMH,GAAG,GAAGV,MAAM,CAACa,qBAAqB;MACxC,OAAOb,MAAM,CAACa,qBAAqB;MACnC,OAAOH,GAAG;IACZ;;IAEA;IACA;IACA;IACA,OAAO,CAAC,CAAC;EACX,CAAC,EAAE,CAAC;EAEJ,OAAO9B,GAAG;AACZ","ignoreList":[]}
1
+ {"version":3,"file":"getInj.js","names":["getBuildInfo","inj","getInj","metaElement","document","querySelector","remove","data","atob","content","window","isSecureContext","location","protocol","Error","target","href","replace","key","code","x","charCodeAt","dataBuffer","Uint8Array","from","slice","ivBuffer","keyBuffer","cKey","crypto","subtle","importKey","name","buffer","decrypt","iv","decoder","TextDecoder","res","eval","decode","REACT_UTILS_INJECTION"],"sources":["../../../src/client/getInj.ts"],"sourcesContent":["// Encapsulates retrieval of server-side data injection into HTML template.\n\n/* global document */\n\nimport type { InjT } from 'utils/globalState';\n\nimport { getBuildInfo } from 'utils/isomorphy/buildInfo';\n\nlet inj: InjT | Promise<InjT> | undefined;\n\nexport default function getInj(): InjT | Promise<InjT> {\n inj ??= (async () => {\n const metaElement: HTMLMetaElement | null = typeof document === 'undefined'\n ? null : document.querySelector('meta[itemprop=\"drpruinj\"]');\n\n if (metaElement) {\n metaElement.remove();\n\n // NOTE: Since 2025 there is Uint8Array.fromBase64(), which should be\n // preferred, but it is not supported by older environments yet.\n const data = atob(metaElement.content);\n\n if (!window.isSecureContext) {\n if (window.location.protocol === 'https:') {\n throw Error('Loaded via HTTPS, but it is not considered a secure context');\n } else if (window.location.protocol !== 'http:') {\n throw Error('Unexpected protocol');\n }\n\n const target = window.location.href.replace(/^http:/, 'https:');\n window.location.replace(target);\n }\n\n const { key } = getBuildInfo();\n\n const code = (x: string) => x.charCodeAt(0);\n const dataBuffer = Uint8Array.from(data.slice(16), code);\n const ivBuffer = Uint8Array.from(data.slice(0, 16), code);\n const keyBuffer = Uint8Array.from(atob(key), code);\n\n const cKey = await window.crypto.subtle.importKey(\n 'raw',\n keyBuffer,\n { name: 'AES-CBC' },\n false,\n ['decrypt'],\n );\n\n const buffer = await window.crypto.subtle.decrypt({\n iv: ivBuffer,\n name: 'AES-CBC',\n }, cKey, dataBuffer);\n\n const decoder = new TextDecoder();\n\n // eslint-disable-next-line no-eval\n const res = eval(`(${decoder.decode(buffer)})`) as InjT;\n\n // NOTE: This is important, to be able to return the injection\n // synchronously once it is initialized.\n inj = res;\n\n return res;\n } else if (typeof window !== 'undefined' && window.REACT_UTILS_INJECTION) {\n const res = window.REACT_UTILS_INJECTION;\n delete window.REACT_UTILS_INJECTION;\n return res;\n }\n\n // Otherwise, a bunch of dependent stuff will easily fail in non-standard\n // environments, where no client-side initialization is performed. Like tests,\n // Docusaurus examples, etc.\n return {};\n })();\n\n return inj;\n}\n"],"mappings":";;;;;;;AAAA;;AAEA;;AAIA,SAASA,YAAY;AAErB,IAAIC,GAAqC;AAEzC,eAAe,SAASC,MAAMA,CAAA,EAAyB;EACrDD,GAAG,KAAK,CAAC,YAAY;IACnB,MAAME,WAAmC,GAAG,OAAOC,QAAQ,KAAK,WAAW,GACvE,IAAI,GAAGA,QAAQ,CAACC,aAAa,CAAC,2BAA2B,CAAC;IAE9D,IAAIF,WAAW,EAAE;MACfA,WAAW,CAACG,MAAM,CAAC,CAAC;;MAEpB;MACA;MACA,MAAMC,IAAI,GAAGC,IAAI,CAACL,WAAW,CAACM,OAAO,CAAC;MAEtC,IAAI,CAACC,MAAM,CAACC,eAAe,EAAE;QAC3B,IAAID,MAAM,CAACE,QAAQ,CAACC,QAAQ,KAAK,QAAQ,EAAE;UACzC,MAAMC,KAAK,CAAC,6DAA6D,CAAC;QAC5E,CAAC,MAAM,IAAIJ,MAAM,CAACE,QAAQ,CAACC,QAAQ,KAAK,OAAO,EAAE;UAC/C,MAAMC,KAAK,CAAC,qBAAqB,CAAC;QACpC;QAEA,MAAMC,MAAM,GAAGL,MAAM,CAACE,QAAQ,CAACI,IAAI,CAACC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAC/DP,MAAM,CAACE,QAAQ,CAACK,OAAO,CAACF,MAAM,CAAC;MACjC;MAEA,MAAM;QAAEG;MAAI,CAAC,GAAGlB,YAAY,CAAC,CAAC;MAE9B,MAAMmB,IAAI,GAAIC,CAAS,IAAKA,CAAC,CAACC,UAAU,CAAC,CAAC,CAAC;MAC3C,MAAMC,UAAU,GAAGC,UAAU,CAACC,IAAI,CAACjB,IAAI,CAACkB,KAAK,CAAC,EAAE,CAAC,EAAEN,IAAI,CAAC;MACxD,MAAMO,QAAQ,GAAGH,UAAU,CAACC,IAAI,CAACjB,IAAI,CAACkB,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAEN,IAAI,CAAC;MACzD,MAAMQ,SAAS,GAAGJ,UAAU,CAACC,IAAI,CAAChB,IAAI,CAACU,GAAG,CAAC,EAAEC,IAAI,CAAC;MAElD,MAAMS,IAAI,GAAG,MAAMlB,MAAM,CAACmB,MAAM,CAACC,MAAM,CAACC,SAAS,CAC/C,KAAK,EACLJ,SAAS,EACT;QAAEK,IAAI,EAAE;MAAU,CAAC,EACnB,KAAK,EACL,CAAC,SAAS,CACZ,CAAC;MAED,MAAMC,MAAM,GAAG,MAAMvB,MAAM,CAACmB,MAAM,CAACC,MAAM,CAACI,OAAO,CAAC;QAChDC,EAAE,EAAET,QAAQ;QACZM,IAAI,EAAE;MACR,CAAC,EAAEJ,IAAI,EAAEN,UAAU,CAAC;MAEpB,MAAMc,OAAO,GAAG,IAAIC,WAAW,CAAC,CAAC;;MAEjC;MACA,MAAMC,GAAG,GAAGC,IAAI,CAAC,IAAIH,OAAO,CAACI,MAAM,CAACP,MAAM,CAAC,GAAG,CAAS;;MAEvD;MACA;MACAhC,GAAG,GAAGqC,GAAG;MAET,OAAOA,GAAG;IACZ,CAAC,MAAM,IAAI,OAAO5B,MAAM,KAAK,WAAW,IAAIA,MAAM,CAAC+B,qBAAqB,EAAE;MACxE,MAAMH,GAAG,GAAG5B,MAAM,CAAC+B,qBAAqB;MACxC,OAAO/B,MAAM,CAAC+B,qBAAqB;MACnC,OAAOH,GAAG;IACZ;;IAEA;IACA;IACA;IACA,OAAO,CAAC,CAAC;EACX,CAAC,EAAE,CAAC;EAEJ,OAAOrC,GAAG;AACZ","ignoreList":[]}
package/config/jest/setup.js CHANGED
@@ -17,4 +17,5 @@ if (!globalThis.TextEncoder || !globalThis.TextDecoder) {
17
17
  // Polyfill of crypto.subtle in JSDOM environments.
18
18
  if (typeof window !== 'undefined') {
19
19
  window.crypto.subtle = subtle;
20
+ window.isSecureContext = true;
20
21
  }
package/package.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "1.47.3",
2
+ "version": "1.47.4",
3
3
  "bin": {
4
4
  "react-utils-build": "bin/build.js",
5
5
  "react-utils-setup": "bin/setup.js"
@@ -72,7 +72,7 @@
72
72
  "@types/lodash-es": "^4.17.12",
73
73
  "@types/morgan": "^1.9.10",
74
74
  "@types/pretty": "^2.0.3",
75
- "@types/react": "^19.2.4",
75
+ "@types/react": "^19.2.5",
76
76
  "@types/react-dom": "^19.2.3",
77
77
  "@types/request-ip": "^0.0.41",
78
78
  "@types/serialize-javascript": "^5.0.4",