@keypuncherlabs/live-preview 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/lib/relay.js +17 -1
- package/src/lib/relay.js.map +1 -1
- package/src/lib/validate-css.js +3 -1
- package/src/lib/validate-css.js.map +1 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@keypuncherlabs/live-preview",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.3.0",
|
|
4
4
|
"type": "commonjs",
|
|
5
5
|
"description": "Send validated CSS and Google Fonts into an embedded preview (e.g. a Storybook on another origin) over postMessage. Framework-agnostic, dependency-free, security-first.",
|
|
6
6
|
"keywords": [
|
package/src/lib/relay.js
CHANGED
|
@@ -19,7 +19,23 @@ exports.createLivePreviewRelay = createLivePreviewRelay;
|
|
|
19
19
|
const protocol_1 = require("./protocol");
|
|
20
20
|
const validate_css_1 = require("./validate-css");
|
|
21
21
|
const google_fonts_1 = require("./google-fonts");
|
|
22
|
-
|
|
22
|
+
// An allowlist entry may be an exact origin, the lone `'*'` (allow any — dev
|
|
23
|
+
// opt-out), or a wildcard pattern such as `https://*.app.example.com`. In a
|
|
24
|
+
// pattern, `*` matches exactly one DNS label (no dots), so it never crosses a
|
|
25
|
+
// domain boundary into a different parent domain.
|
|
26
|
+
const isOriginAllowed = (origin, allowed) => allowed.some((entry) => {
|
|
27
|
+
if (entry === '*')
|
|
28
|
+
return true;
|
|
29
|
+
if (!entry.includes('*'))
|
|
30
|
+
return entry === origin;
|
|
31
|
+
const pattern = '^' +
|
|
32
|
+
entry
|
|
33
|
+
.split('*')
|
|
34
|
+
.map((part) => part.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'))
|
|
35
|
+
.join('[^.]+') +
|
|
36
|
+
'$';
|
|
37
|
+
return new RegExp(pattern).test(origin);
|
|
38
|
+
});
|
|
23
39
|
function createLivePreviewRelay(options) {
|
|
24
40
|
const { allowedOrigins, getTargetWindow, targetOrigin, source = window, validation, fontsValidation, onReject, } = options;
|
|
25
41
|
if (!allowedOrigins || allowedOrigins.length === 0) {
|
package/src/lib/relay.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"relay.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/relay.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;
|
|
1
|
+
{"version":3,"file":"relay.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/relay.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AAsDH,wDAqEC;AAzHD,yCAQoB;AACpB,iDAAwE;AACxE,iDAAwF;AAwBxF,6EAA6E;AAC7E,4EAA4E;AAC5E,8EAA8E;AAC9E,kDAAkD;AAClD,MAAM,eAAe,GAAG,CAAC,MAAc,EAAE,OAAiB,EAAW,EAAE,CACrE,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,IAAI,KAAK,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC/B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,KAAK,MAAM,CAAC;IAClD,MAAM,OAAO,GACX,GAAG;QACH,KAAK;aACF,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;aAC1D,IAAI,CAAC,OAAO,CAAC;QAChB,GAAG,CAAC;IACN,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC1C,CAAC,CAAC,CAAC;AAEL,SAAgB,sBAAsB,CAAC,OAAgC;IACrE,MAAM,EACJ,cAAc,EACd,eAAe,EACf,YAAY,EACZ,MAAM,GAAG,MAAM,EACf,UAAU,EACV,eAAe,EACf,QAAQ,GACT,GAAG,OAAO,CAAC;IAEZ,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,CAAC,YAAY,IAAI,YAAY,KAAK,GAAG,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,KAAmB,EAAQ,EAAE;QAClD,4EAA4E;QAC5E,kDAAkD;QAClD,IAAI,IAAA,yBAAc,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC9C,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC7C,CAAC;YACD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,CAAC;YACnD,OAAO;QACT,CAAC;QAED,6EAA6E;QAC7E,4EAA4E;QAC5E,IAAI,OAAO,GAAiE,IAAI,CAAC;QAEjF,IAAI,IAAA,uBAAY,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,IAAA,0BAAW,EAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;YACvD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAG,2BAA2B,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACnF,OAAO;YACT,CAAC;YACD,OAAO,GAAG,EAAE,IAAI,EAAE,gCAAqB,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;QAC7D,CAAC;aAAM,IAAI,IAAA,+BAAoB,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5C,MAAM,MAAM,GAAG,IAAA,kCAAmB,EAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YACtE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAG,oCAAoC,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC5F,OAAO;YACT,CAAC;YACD,OAAO,GAAG,EAAE,IAAI,EAAE,yCAA8B,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;QAC1E,CAAC;aAAM,CAAC;YACN,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;QAChC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,8DAA8D;QACxE,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAC3C,CAAC,CAAC;IAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IAElD,OAAO;QACL,IAAI;YACF,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/src/lib/validate-css.js
CHANGED
|
@@ -25,7 +25,9 @@ exports.DEFAULT_ALLOWED_URL_SCHEMES = ['https', 'data'];
|
|
|
25
25
|
const FORBIDDEN_URL_SCHEMES = ['javascript', 'vbscript', 'file'];
|
|
26
26
|
// Matches any ASCII control character except tab (\t \x09), newline (\n \x0a)
|
|
27
27
|
// and carriage return (\r \x0d), which are legitimate whitespace in CSS. Built
|
|
28
|
-
// from escapes so no literal control bytes live in this source file.
|
|
28
|
+
// from escapes so no literal control bytes live in this source file. Matching
|
|
29
|
+
// control characters is the whole point here, so the rule is intentionally off.
|
|
30
|
+
// eslint-disable-next-line no-control-regex
|
|
29
31
|
const CONTROL_CHARS = new RegExp('[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f\\x7f]');
|
|
30
32
|
// Active-content / breakout constructs that have no place in injected CSS.
|
|
31
33
|
const FORBIDDEN_PATTERNS = [
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate-css.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/validate-css.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;
|
|
1
|
+
{"version":3,"file":"validate-css.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/validate-css.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;AAkEH,kCAqDC;AArHD,+EAA+E;AAClE,QAAA,sBAAsB,GAAG,MAAO,CAAC;AAE9C,8EAA8E;AACjE,QAAA,2BAA2B,GAAG,CAAC,OAAO,EAAE,MAAM,CAAU,CAAC;AAEtE,4EAA4E;AAC5E,MAAM,qBAAqB,GAAG,CAAC,YAAY,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;AAyBjE,8EAA8E;AAC9E,+EAA+E;AAC/E,8EAA8E;AAC9E,gFAAgF;AAChF,4CAA4C;AAC5C,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,yCAAyC,CAAC,CAAC;AAE5E,2EAA2E;AAC3E,MAAM,kBAAkB,GAAwD;IAC9E,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,4CAA4C,EAAE;IACnF,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,yBAAyB,EAAE;IAC9D,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,2BAA2B,EAAE;IAClE,EAAE,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,+BAA+B,EAAE;IACzE,EAAE,OAAO,EAAE,iBAAiB,EAAE,OAAO,EAAE,kCAAkC,EAAE;IAC3E,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,gCAAgC,EAAE;IACvE,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,qCAAqC,EAAE;IAC5E,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,kCAAkC,EAAE;IACzE,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,6BAA6B,EAAE;CACnE,CAAC;AAEF,uEAAuE;AACvE,MAAM,WAAW,GAAG,mCAAmC,CAAC;AAExD,MAAM,QAAQ,GAAG,CAAC,MAAc,EAAiB,EAAE;IACjD,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1D,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/C,CAAC,CAAC;AAEF;;;GAGG;AACH,SAAgB,WAAW,CACzB,KAAc,EACd,UAAgC,EAAE;IAElC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EACJ,SAAS,GAAG,8BAAsB,EAClC,aAAa,GAAG,KAAK,EACrB,iBAAiB,GAAG,KAAK,EACzB,iBAAiB,GAAG,mCAA2B,GAChD,GAAG,OAAO,CAAC;IAEZ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,sBAAsB,CAAC,EAAE,CAAC;IACrE,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,qCAAqC,SAAS,aAAa,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,kBAAkB,EAAE,CAAC;QACtD,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,OAAO,OAAO,EAAE,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,IAAI,CAAC,aAAa,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/C,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QACxE,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAClC,wDAAwD;YACxD,IAAI,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjD,MAAM,CAAC,IAAI,CAAC,2CAA2C,MAAM,GAAG,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAClC,IAAI,MAAM,KAAK,IAAI,IAAI,qBAAqB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9D,MAAM,CAAC,IAAI,CAAC,0CAA0C,MAAM,GAAG,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;IAC3C,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AACjD,CAAC"}
|