@forge/csp 4.2.1-next.0-experimental-8a53773 → 5.0.0-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +7 -1
  2. package/out/csp/csp-processing-service.d.ts +5 -1
  3. package/out/csp/csp-processing-service.d.ts.map +1 -1
  4. package/out/csp/csp-processing-service.js +3 -3
  5. package/package.json +13 -5
package/CHANGELOG.md CHANGED
@@ -1,6 +1,12 @@
1
1
  # @forge/csp
2
2
 
3
- ## 4.2.1-next.0-experimental-8a53773
3
+ ## 5.0.0-next.0
4
+
5
+ ### Major Changes
6
+
7
+ - bc8e0c5: Setup cheerio as optional peer dependency to allow frontend consumption
8
+
9
+ ## 4.2.1
4
10
 
5
11
  ### Patch Changes
6
12
 
package/out/csp/csp-processing-service.d.ts CHANGED
@@ -1,17 +1,20 @@
1
1
  import type { Logger } from '@forge/cli-shared';
2
2
  import type { Permissions } from '@forge/manifest';
3
+ import type { CheerioAPI, CheerioOptions } from 'cheerio/slim';
3
4
  import { ContentPermissions, CSPDetails, DocumentBody } from '../types';
5
+ declare type CheerioLoader = (document: DocumentBody, options?: CheerioOptions) => CheerioAPI;
4
6
  export declare class InvalidConnectSrc extends Error {
5
7
  constructor();
6
8
  }
7
9
  export declare class CSPProcessingService {
8
10
  private readonly logger;
11
+ private readonly cheerioLoader;
9
12
  private STYLE_SRC_ALLOWLIST;
10
13
  private QUOTED_SCRIPT_SRC_ALLOWLIST;
11
14
  private UNQUOTED_SCRIPT_SRC_ALLOWLIST;
12
15
  private SCRIPT_SRC_ALLOWLIST;
13
16
  private BASE_64_HASH_PATTERNS;
14
- constructor(logger: Pick<Logger, 'info'>);
17
+ constructor(logger: Pick<Logger, 'info'>, cheerioLoader: CheerioLoader);
15
18
  getCspDetails(body: DocumentBody, permissions: Permissions): CSPDetails;
16
19
  getInvalidCspPermissions(contentPermissions: ContentPermissions): string[];
17
20
  private assertValidFetchClient;
@@ -29,4 +32,5 @@ export declare class CSPProcessingService {
29
32
  private isValidHash;
30
33
  private getDeprecatedUserCsp;
31
34
  }
35
+ export {};
32
36
  //# sourceMappingURL=csp-processing-service.d.ts.map
package/out/csp/csp-processing-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"csp-processing-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-processing-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAS,MAAM,iBAAiB,CAAC;AAK1D,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,YAAY,EAAuB,MAAM,UAAU,CAAC;AAE7F,qBAAa,iBAAkB,SAAQ,KAAK;;CAI3C;AAMD,qBAAa,oBAAoB;IAanB,OAAO,CAAC,QAAQ,CAAC,MAAM;IAXnC,OAAO,CAAC,mBAAmB,CAAuB;IAElD,OAAO,CAAC,2BAA2B,CAAqD;IACxF,OAAO,CAAC,6BAA6B,CAAa;IAClD,OAAO,CAAC,oBAAoB,CAAgF;IAE5G,OAAO,CAAC,qBAAqB,CAI3B;gBAC2B,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC;IAElD,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,GAAG,UAAU;IAoBvE,wBAAwB,CAAC,kBAAkB,EAAE,kBAAkB,GAAG,MAAM,EAAE;IASjF,OAAO,CAAC,sBAAsB;IAW9B,OAAO,CAAC,mBAAmB;IAI3B,OAAO,CAAC,2BAA2B;IAgBnC,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,YAAY;IAQpB,OAAO,CAAC,mBAAmB;IAoB3B,OAAO,CAAC,qBAAqB;IAS7B,OAAO,CAAC,UAAU;IAIlB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,mBAAmB;IAW3B,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,oBAAoB;CAa7B"}
1
+ {"version":3,"file":"csp-processing-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-processing-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAS,MAAM,iBAAiB,CAAC;AAC1D,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAI/D,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,YAAY,EAAuB,MAAM,UAAU,CAAC;AAE7F,aAAK,aAAa,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,EAAE,cAAc,KAAK,UAAU,CAAC;AAEtF,qBAAa,iBAAkB,SAAQ,KAAK;;CAI3C;AAMD,qBAAa,oBAAoB;IAc7B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,aAAa;IAbhC,OAAO,CAAC,mBAAmB,CAAuB;IAElD,OAAO,CAAC,2BAA2B,CAAqD;IACxF,OAAO,CAAC,6BAA6B,CAAa;IAClD,OAAO,CAAC,oBAAoB,CAAgF;IAE5G,OAAO,CAAC,qBAAqB,CAI3B;gBAEiB,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,aAAa,EAAE,aAAa;IAGxC,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,GAAG,UAAU;IAoBvE,wBAAwB,CAAC,kBAAkB,EAAE,kBAAkB,GAAG,MAAM,EAAE;IASjF,OAAO,CAAC,sBAAsB;IAW9B,OAAO,CAAC,mBAAmB;IAI3B,OAAO,CAAC,2BAA2B;IAgBnC,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,YAAY;IAQpB,OAAO,CAAC,mBAAmB;IAoB3B,OAAO,CAAC,qBAAqB;IAS7B,OAAO,CAAC,UAAU;IAIlB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,mBAAmB;IAW3B,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,oBAAoB;CAa7B"}
package/out/csp/csp-processing-service.js CHANGED
@@ -2,7 +2,6 @@
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.CSPProcessingService = exports.InvalidConnectSrc = void 0;
4
4
  const tslib_1 = require("tslib");
5
- const slim_1 = require("cheerio/slim");
6
5
  const content_security_policy_parser_1 = tslib_1.__importDefault(require("content-security-policy-parser"));
7
6
  const crypto_1 = tslib_1.__importDefault(require("crypto"));
8
7
  class InvalidConnectSrc extends Error {
@@ -12,8 +11,9 @@ class InvalidConnectSrc extends Error {
12
11
  }
13
12
  exports.InvalidConnectSrc = InvalidConnectSrc;
14
13
  class CSPProcessingService {
15
- constructor(logger) {
14
+ constructor(logger, cheerioLoader) {
16
15
  this.logger = logger;
16
+ this.cheerioLoader = cheerioLoader;
17
17
  this.STYLE_SRC_ALLOWLIST = [`'unsafe-inline'`];
18
18
  this.QUOTED_SCRIPT_SRC_ALLOWLIST = ['unsafe-inline', 'unsafe-eval', 'unsafe-hashes'];
19
19
  this.UNQUOTED_SCRIPT_SRC_ALLOWLIST = ['blob:'];
@@ -28,7 +28,7 @@ class CSPProcessingService {
28
28
  var _a, _b;
29
29
  const { scripts, styles } = (_a = permissions === null || permissions === void 0 ? void 0 : permissions.content) !== null && _a !== void 0 ? _a : { scripts: [], styles: [] };
30
30
  const external = (_b = permissions === null || permissions === void 0 ? void 0 : permissions.external) !== null && _b !== void 0 ? _b : {};
31
- const $ = (0, slim_1.load)(body, { xml: { xmlMode: false } });
31
+ const $ = this.cheerioLoader(body, { xml: { xmlMode: false } });
32
32
  const { 'script-src': scriptSrc, 'style-src': styleSrc, ...mappedExternalCsp } = this.mapExternalPermissionsToCsp(external);
33
33
  return {
34
34
  'style-src': [...this.getStyleSrc($, styles), ...styleSrc],
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forge/csp",
3
- "version": "4.2.1-next.0-experimental-8a53773",
3
+ "version": "5.0.0-next.0",
4
4
  "description": "Contains the CSP configuration for Custom UI resources in Forge",
5
5
  "main": "out/index.js",
6
6
  "author": "Atlassian",
@@ -11,15 +11,23 @@
11
11
  "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
12
12
  },
13
13
  "devDependencies": {
14
- "@forge/cli-shared": "8.3.0-next.0-experimental-8a53773",
15
- "@forge/manifest": "10.2.1-next.0-experimental-8a53773",
14
+ "@forge/cli-shared": "8.3.1-next.2",
15
+ "@forge/manifest": "10.2.2-next.2",
16
16
  "@types/jest": "^29.5.14",
17
- "@types/node": "20.19.1"
17
+ "@types/node": "20.19.1",
18
+ "cheerio": "^1.1.0"
18
19
  },
19
20
  "dependencies": {
20
- "cheerio": "^1.1.0",
21
21
  "content-security-policy-parser": "^0.4.1"
22
22
  },
23
+ "peerDependencies": {
24
+ "cheerio": "^1.1.0"
25
+ },
26
+ "peerDependenciesMeta": {
27
+ "cheerio": {
28
+ "optional": true
29
+ }
30
+ },
23
31
  "publishConfig": {
24
32
  "registry": "https://packages.atlassian.com/api/npm/npm-public/"
25
33
  }