@firebase/database 1.0.6-canary.62661245f → 1.0.6-canary.6bb2e8931

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/dist/index.cjs.js +1 -7
  2. package/dist/index.cjs.js.map +1 -1
  3. package/dist/index.esm2017.js +1 -7
  4. package/dist/index.esm2017.js.map +1 -1
  5. package/dist/index.esm5.js +1 -7
  6. package/dist/index.esm5.js.map +1 -1
  7. package/dist/index.node.cjs.js +1 -7
  8. package/dist/index.node.cjs.js.map +1 -1
  9. package/dist/index.standalone.js +0 -6
  10. package/dist/index.standalone.js.map +1 -1
  11. package/dist/node-esm/index.node.esm.js +1 -7
  12. package/dist/node-esm/index.node.esm.js.map +1 -1
  13. package/package.json +7 -8
package/dist/index.standalone.js CHANGED
@@ -1935,8 +1935,6 @@ var FirebaseIFrameScriptHolder = /** @class */ (function () {
1935
1935
  var iframeContents = '<html><body>' + script + '</body></html>';
1936
1936
  try {
1937
1937
  this.myIFrame.doc.open();
1938
- // TODO: Do not use document.write, since it can lead to XSS. Instead, use the safevalues
1939
- // library to sanitize the HTML in the iframeContents.
1940
1938
  this.myIFrame.doc.write(iframeContents);
1941
1939
  this.myIFrame.doc.close();
1942
1940
  }
@@ -2162,10 +2160,6 @@ var FirebaseIFrameScriptHolder = /** @class */ (function () {
2162
2160
  var newScript_1 = _this.myIFrame.doc.createElement('script');
2163
2161
  newScript_1.type = 'text/javascript';
2164
2162
  newScript_1.async = true;
2165
- // TODO: We cannot assign an arbitrary URL to a script attached to the DOM, since it is
2166
- // at risk of XSS. We should use the safevalues library to create a safeScriptEl, and
2167
- // assign a sanitized trustedResourceURL to it. Since the URL must be a template string
2168
- // literal, this could require some heavy refactoring.
2169
2163
  newScript_1.src = url;
2170
2164
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
2171
2165
  newScript_1.onload = newScript_1.onreadystatechange =