@firebase/database 1.0.6-canary.4b4db85ff → 1.0.6-canary.62661245f

package/dist/internal.d.ts

@@ -576,10 +576,9 @@ export declare function forceWebSockets(): void;
 export declare function get(query: Query): Promise<DataSnapshot>;
 
 /**
- * Returns the instance of the Realtime Database SDK that is associated
- * with the provided {@link @firebase/app#FirebaseApp}. Initializes a new instance with
- * with default settings if no instance exists or if the existing instance uses
- * a custom database URL.
+ * Returns the instance of the Realtime Database SDK that is associated with the provided
+ * {@link @firebase/app#FirebaseApp}. Initializes a new instance with default settings if
+ * no instance exists or if the existing instance uses a custom database URL.
  *
  * @param app - The {@link @firebase/app#FirebaseApp} instance that the returned Realtime
  * Database instance is associated with.
@@ -2965,7 +2964,7 @@ declare interface ViewProcessor {
 
 /**
  * Defines a single user-initiated write operation. May be the result of a set(), transaction(), or update() call. In
- * the case of a set() or transaction, snap wil be non-null.  In the case of an update(), children will be non-null.
+ * the case of a set() or transaction, snap will be non-null.  In the case of an update(), children will be non-null.
  */
 declare interface WriteRecord {
     writeId: number;

package/dist/node-esm/index.node.esm.js

@@ -573,7 +573,7 @@ const isWindowsStoreApp = function () {
     return typeof Windows === 'object' && typeof Windows.UI === 'object';
 };
 /**
- * Converts a server error code to a Javascript Error
+ * Converts a server error code to a JavaScript Error
  */
 function errorForServerCode(code, query) {
     let reason = 'Unknown Error';
@@ -602,7 +602,7 @@ const INTEGER_REGEXP_ = new RegExp('^-?(0*)\\d{1,10}$');
  */
 const INTEGER_32_MIN = -2147483648;
 /**
- * For use in kyes, the maximum possible 32-bit integer.
+ * For use in keys, the maximum possible 32-bit integer.
  */
 const INTEGER_32_MAX = 2147483647;
 /**
@@ -1251,7 +1251,7 @@ WebSocketConnection.responsesRequiredToBeHealthy = 2;
 WebSocketConnection.healthyTimeout = 30000;
 
 const name = "@firebase/database";
-const version = "1.0.6-canary.4b4db85ff";
+const version = "1.0.6-canary.62661245f";
 
 /**
  * @license
@@ -1287,7 +1287,7 @@ class AppCheckTokenProvider {
                 // Support delayed initialization of FirebaseAppCheck. This allows our
                 // customers to initialize the RTDB SDK before initializing Firebase
                 // AppCheck and ensures that all requests are authenticated if a token
-                // becomes available before the timoeout below expires.
+                // becomes available before the timeout below expires.
                 setTimeout(() => {
                     if (this.appCheck) {
                         this.getToken(forceRefresh).then(resolve, reject);
@@ -1346,7 +1346,7 @@ class FirebaseAuthTokenProvider {
                 // Support delayed initialization of FirebaseAuth. This allows our
                 // customers to initialize the RTDB SDK before initializing Firebase
                 // Auth and ensures that all requests are authenticated if a token
-                // becomes available before the timoeout below expires.
+                // becomes available before the timeout below expires.
                 setTimeout(() => {
                     if (this.auth_) {
                         this.getToken(forceRefresh).then(resolve, reject);
@@ -1816,7 +1816,7 @@ class BrowserPollConnection {
  *********************************************************************************************/
 class FirebaseIFrameScriptHolder {
     /**
-     * @param commandCB - The callback to be called when control commands are recevied from the server.
+     * @param commandCB - The callback to be called when control commands are received from the server.
      * @param onMessageCB - The callback to be triggered when responses arrive from the server.
      * @param onDisconnect - The callback to be triggered when this tag holder is closed
      * @param urlFn - A function that provides the URL of the endpoint to send data to.
@@ -1861,6 +1861,8 @@ class FirebaseIFrameScriptHolder {
             const iframeContents = '<html><body>' + script + '</body></html>';
             try {
                 this.myIFrame.doc.open();
+                // TODO: Do not use document.write, since it can lead to XSS. Instead, use the safevalues
+                // library to sanitize the HTML in the iframeContents.
                 this.myIFrame.doc.write(iframeContents);
                 this.myIFrame.doc.close();
             }
@@ -2083,6 +2085,10 @@ class FirebaseIFrameScriptHolder {
                     const newScript = this.myIFrame.doc.createElement('script');
                     newScript.type = 'text/javascript';
                     newScript.async = true;
+                    // TODO: We cannot assign an arbitrary URL to a script attached to the DOM, since it is
+                    // at risk of XSS. We should use the safevalues library to create a safeScriptEl, and
+                    // assign a sanitized trustedResourceURL to it. Since the URL must be a template string
+                    // literal, this could require some heavy refactoring.
                     newScript.src = url;
                     // eslint-disable-next-line @typescript-eslint/no-explicit-any
                     newScript.onload = newScript.onreadystatechange =
@@ -10319,7 +10325,7 @@ function treeHasChildren(tree) {
     return tree.node.childCount > 0;
 }
 /**
- * @returns Whethe rthe tree is empty (no value or children).
+ * @returns Whether the tree is empty (no value or children).
  */
 function treeIsEmpty(tree) {
     return treeGetValue(tree) === undefined && !treeHasChildren(tree);
@@ -12647,7 +12653,7 @@ function push(parent, value) {
     // then() and catch() methods and is used as the return value of push(). The
     // second remains a regular Reference and is used as the fulfilled value of
     // the first ThennableReference.
-    const thennablePushRef = child(parent, name);
+    const thenablePushRef = child(parent, name);
     const pushRef = child(parent, name);
     let promise;
     if (value != null) {
@@ -12656,9 +12662,9 @@ function push(parent, value) {
     else {
         promise = Promise.resolve(pushRef);
     }
-    thennablePushRef.then = promise.then.bind(promise);
-    thennablePushRef.catch = promise.then.bind(promise, undefined);
-    return thennablePushRef;
+    thenablePushRef.then = promise.then.bind(promise);
+    thenablePushRef.catch = promise.then.bind(promise, undefined);
+    return thenablePushRef;
 }
 /**
  * Removes the data at this Database location.
@@ -13633,10 +13639,9 @@ function forceLongPolling() {
     BrowserPollConnection.forceAllow();
 }
 /**
- * Returns the instance of the Realtime Database SDK that is associated
- * with the provided {@link @firebase/app#FirebaseApp}. Initializes a new instance with
- * with default settings if no instance exists or if the existing instance uses
- * a custom database URL.
+ * Returns the instance of the Realtime Database SDK that is associated with the provided
+ * {@link @firebase/app#FirebaseApp}. Initializes a new instance with default settings if
+ * no instance exists or if the existing instance uses a custom database URL.
  *
  * @param app - The {@link @firebase/app#FirebaseApp} instance that the returned Realtime
  * Database instance is associated with.