npm - @firebase/database - Versions diffs - 1.0.6-canary.4b4db85ff → 1.0.6-canary.62661245f - Mend

@firebase/database 1.0.6-canary.4b4db85ff → 1.0.6-canary.62661245f

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/dist/index.cjs.js +20 -15
package/dist/index.cjs.js.map +1 -1
package/dist/index.esm2017.js +20 -15
package/dist/index.esm2017.js.map +1 -1
package/dist/index.esm5.js +20 -15
package/dist/index.esm5.js.map +1 -1
package/dist/index.node.cjs.js +20 -15
package/dist/index.node.cjs.js.map +1 -1
package/dist/index.standalone.js +16 -10
package/dist/index.standalone.js.map +1 -1
package/dist/internal.d.ts +4 -5
package/dist/node-esm/index.node.esm.js +20 -15
package/dist/node-esm/index.node.esm.js.map +1 -1
package/dist/node-esm/src/api/Database.d.ts +3 -4
package/dist/node-esm/src/core/WriteTree.d.ts +1 -1
package/dist/node-esm/src/core/util/Tree.d.ts +1 -1
package/dist/node-esm/src/core/util/util.d.ts +2 -2
package/dist/node-esm/src/realtime/BrowserPollConnection.d.ts +1 -1
package/dist/private.d.ts +4 -5
package/dist/public.d.ts +3 -4
package/dist/src/api/Database.d.ts +3 -4
package/dist/src/core/WriteTree.d.ts +1 -1
package/dist/src/core/util/Tree.d.ts +1 -1
package/dist/src/core/util/util.d.ts +2 -2
package/dist/src/realtime/BrowserPollConnection.d.ts +1 -1
package/package.json +8 -7

package/dist/index.node.cjs.js CHANGED Viewed

@@ -608,7 +608,7 @@ var isWindowsStoreApp = function () {
     return typeof Windows === 'object' && typeof Windows.UI === 'object';
 };
 /**
- * Converts a server error code to a Javascript Error
+ * Converts a server error code to a JavaScript Error
  */
 function errorForServerCode(code, query) {
     var reason = 'Unknown Error';
@@ -637,7 +637,7 @@ var INTEGER_REGEXP_ = new RegExp('^-?(0*)\\d{1,10}$');
  */
 var INTEGER_32_MIN = -2147483648;
 /**
- * For use in kyes, the maximum possible 32-bit integer.
+ * For use in keys, the maximum possible 32-bit integer.
  */
 var INTEGER_32_MAX = 2147483647;
 /**
@@ -1300,7 +1300,7 @@ var WebSocketConnection = /** @class */ (function () {
 }());
 var name = "@firebase/database";
-var version = "1.0.6-canary.4b4db85ff";
+var version = "1.0.6-canary.62661245f";
 /**
  * @license
@@ -1338,7 +1338,7 @@ var AppCheckTokenProvider = /** @class */ (function () {
                 // Support delayed initialization of FirebaseAppCheck. This allows our
                 // customers to initialize the RTDB SDK before initializing Firebase
                 // AppCheck and ensures that all requests are authenticated if a token
-                // becomes available before the timoeout below expires.
+                // becomes available before the timeout below expires.
                 setTimeout(function () {
                     if (_this.appCheck) {
                         _this.getToken(forceRefresh).then(resolve, reject);
@@ -1400,7 +1400,7 @@ var FirebaseAuthTokenProvider = /** @class */ (function () {
                 // Support delayed initialization of FirebaseAuth. This allows our
                 // customers to initialize the RTDB SDK before initializing Firebase
                 // Auth and ensures that all requests are authenticated if a token
-                // becomes available before the timoeout below expires.
+                // becomes available before the timeout below expires.
                 setTimeout(function () {
                     if (_this.auth_) {
                         _this.getToken(forceRefresh).then(resolve, reject);
@@ -1894,7 +1894,7 @@ var BrowserPollConnection = /** @class */ (function () {
  *********************************************************************************************/
 var FirebaseIFrameScriptHolder = /** @class */ (function () {
     /**
-     * @param commandCB - The callback to be called when control commands are recevied from the server.
+     * @param commandCB - The callback to be called when control commands are received from the server.
      * @param onMessageCB - The callback to be triggered when responses arrive from the server.
      * @param onDisconnect - The callback to be triggered when this tag holder is closed
      * @param urlFn - A function that provides the URL of the endpoint to send data to.
@@ -1939,6 +1939,8 @@ var FirebaseIFrameScriptHolder = /** @class */ (function () {
             var iframeContents = '<html><body>' + script + '</body></html>';
             try {
                 this.myIFrame.doc.open();
+                // TODO: Do not use document.write, since it can lead to XSS. Instead, use the safevalues
+                // library to sanitize the HTML in the iframeContents.
                 this.myIFrame.doc.write(iframeContents);
                 this.myIFrame.doc.close();
             }
@@ -2164,6 +2166,10 @@ var FirebaseIFrameScriptHolder = /** @class */ (function () {
                     var newScript_1 = _this.myIFrame.doc.createElement('script');
                     newScript_1.type = 'text/javascript';
                     newScript_1.async = true;
+                    // TODO: We cannot assign an arbitrary URL to a script attached to the DOM, since it is
+                    // at risk of XSS. We should use the safevalues library to create a safeScriptEl, and
+                    // assign a sanitized trustedResourceURL to it. Since the URL must be a template string
+                    // literal, this could require some heavy refactoring.
                     newScript_1.src = url;
                     // eslint-disable-next-line @typescript-eslint/no-explicit-any
                     newScript_1.onload = newScript_1.onreadystatechange =
@@ -10654,7 +10660,7 @@ function treeHasChildren(tree) {
     return tree.node.childCount > 0;
 }
 /**
- * @returns Whethe rthe tree is empty (no value or children).
+ * @returns Whether the tree is empty (no value or children).
  */
 function treeIsEmpty(tree) {
     return treeGetValue(tree) === undefined && !treeHasChildren(tree);
@@ -13065,7 +13071,7 @@ function push(parent, value) {
     // then() and catch() methods and is used as the return value of push(). The
     // second remains a regular Reference and is used as the fulfilled value of
     // the first ThennableReference.
-    var thennablePushRef = child(parent, name);
+    var thenablePushRef = child(parent, name);
     var pushRef = child(parent, name);
     var promise;
     if (value != null) {
@@ -13074,9 +13080,9 @@ function push(parent, value) {
     else {
         promise = Promise.resolve(pushRef);
     }
-    thennablePushRef.then = promise.then.bind(promise);
-    thennablePushRef.catch = promise.then.bind(promise, undefined);
-    return thennablePushRef;
+    thenablePushRef.then = promise.then.bind(promise);
+    thenablePushRef.catch = promise.then.bind(promise, undefined);
+    return thenablePushRef;
 }
 /**
  * Removes the data at this Database location.
@@ -14108,10 +14114,9 @@ function forceLongPolling() {
     BrowserPollConnection.forceAllow();
 }
 /**
- * Returns the instance of the Realtime Database SDK that is associated
- * with the provided {@link @firebase/app#FirebaseApp}. Initializes a new instance with
- * with default settings if no instance exists or if the existing instance uses
- * a custom database URL.
+ * Returns the instance of the Realtime Database SDK that is associated with the provided
+ * {@link @firebase/app#FirebaseApp}. Initializes a new instance with default settings if
+ * no instance exists or if the existing instance uses a custom database URL.
  *
  * @param app - The {@link @firebase/app#FirebaseApp} instance that the returned Realtime
  * Database instance is associated with.