@lark-apaas/fullstack-nestjs-core 1.1.12-alpha.2 → 1.1.12-alpha.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +41 -6
- package/dist/index.js +41 -6
- package/package.json +2 -3
package/dist/index.cjs
CHANGED
|
@@ -170,7 +170,42 @@ CsrfMiddleware = _ts_decorate2([
|
|
|
170
170
|
// src/middlewares/view-context/index.ts
|
|
171
171
|
var import_common3 = require("@nestjs/common");
|
|
172
172
|
var import_nestjs_common = require("@lark-apaas/nestjs-common");
|
|
173
|
-
|
|
173
|
+
|
|
174
|
+
// src/utils/safe-stringify.ts
|
|
175
|
+
function safeEscape(s) {
|
|
176
|
+
return s.replace(/[<>&='\u2028\u2029]/g, function(c) {
|
|
177
|
+
switch (c.charCodeAt(0)) {
|
|
178
|
+
case 60:
|
|
179
|
+
return "\\u003c";
|
|
180
|
+
// <
|
|
181
|
+
case 62:
|
|
182
|
+
return "\\u003e";
|
|
183
|
+
// >
|
|
184
|
+
case 38:
|
|
185
|
+
return "\\u0026";
|
|
186
|
+
// &
|
|
187
|
+
case 61:
|
|
188
|
+
return "\\u003d";
|
|
189
|
+
// =
|
|
190
|
+
case 39:
|
|
191
|
+
return "\\u0027";
|
|
192
|
+
// '
|
|
193
|
+
// 正常来说用户无法输入这几个字符, 现代浏览器也修复了这个问题
|
|
194
|
+
// https://zhuanlan.zhihu.com/p/29958439
|
|
195
|
+
case 8232:
|
|
196
|
+
return "\\u2028";
|
|
197
|
+
// 行分隔符
|
|
198
|
+
case 8233:
|
|
199
|
+
return "\\u2029";
|
|
200
|
+
// 段落分隔符
|
|
201
|
+
default:
|
|
202
|
+
return c;
|
|
203
|
+
}
|
|
204
|
+
});
|
|
205
|
+
}
|
|
206
|
+
__name(safeEscape, "safeEscape");
|
|
207
|
+
|
|
208
|
+
// src/middlewares/view-context/index.ts
|
|
174
209
|
function _ts_decorate3(decorators, target, key, desc) {
|
|
175
210
|
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
176
211
|
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
@@ -226,9 +261,9 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
|
|
|
226
261
|
csrfToken: csrfToken ?? "",
|
|
227
262
|
userId: userId ?? "",
|
|
228
263
|
appId: appId ?? "",
|
|
229
|
-
appName: (
|
|
264
|
+
appName: safeEscape(appInfo?.app_name ?? ""),
|
|
230
265
|
appAvatar: appInfo?.app_avatar ?? "",
|
|
231
|
-
appDescription: (
|
|
266
|
+
appDescription: safeEscape(appInfo?.app_description ?? ""),
|
|
232
267
|
tenantId
|
|
233
268
|
};
|
|
234
269
|
res.locals = {
|
|
@@ -237,9 +272,9 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
|
|
|
237
272
|
userId: userId ?? "",
|
|
238
273
|
tenantId: tenantId ?? "",
|
|
239
274
|
appId: appId ?? "",
|
|
240
|
-
appName: (
|
|
275
|
+
appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
|
|
241
276
|
appAvatar: appInfo?.app_avatar ?? "",
|
|
242
|
-
appDescription: (
|
|
277
|
+
appDescription: safeEscape(appInfo?.app_description ?? "")
|
|
243
278
|
};
|
|
244
279
|
next();
|
|
245
280
|
}
|
|
@@ -718,7 +753,7 @@ PlatformHttpClientService = _ts_decorate8([
|
|
|
718
753
|
], PlatformHttpClientService);
|
|
719
754
|
|
|
720
755
|
// src/modules/platform/config/feature-switch.ts
|
|
721
|
-
var DISABLE_DATAPASS = process.env.
|
|
756
|
+
var DISABLE_DATAPASS = process.env.FORCE_FRAMEWORK_DISABLE_DATAPASS === "true";
|
|
722
757
|
|
|
723
758
|
// src/modules/platform/module.ts
|
|
724
759
|
function _ts_decorate9(decorators, target, key, desc) {
|
package/dist/index.js
CHANGED
|
@@ -128,7 +128,42 @@ CsrfMiddleware = _ts_decorate2([
|
|
|
128
128
|
// src/middlewares/view-context/index.ts
|
|
129
129
|
import { Inject, Injectable as Injectable3, Logger } from "@nestjs/common";
|
|
130
130
|
import { PLATFORM_HTTP_CLIENT } from "@lark-apaas/nestjs-common";
|
|
131
|
-
|
|
131
|
+
|
|
132
|
+
// src/utils/safe-stringify.ts
|
|
133
|
+
function safeEscape(s) {
|
|
134
|
+
return s.replace(/[<>&='\u2028\u2029]/g, function(c) {
|
|
135
|
+
switch (c.charCodeAt(0)) {
|
|
136
|
+
case 60:
|
|
137
|
+
return "\\u003c";
|
|
138
|
+
// <
|
|
139
|
+
case 62:
|
|
140
|
+
return "\\u003e";
|
|
141
|
+
// >
|
|
142
|
+
case 38:
|
|
143
|
+
return "\\u0026";
|
|
144
|
+
// &
|
|
145
|
+
case 61:
|
|
146
|
+
return "\\u003d";
|
|
147
|
+
// =
|
|
148
|
+
case 39:
|
|
149
|
+
return "\\u0027";
|
|
150
|
+
// '
|
|
151
|
+
// 正常来说用户无法输入这几个字符, 现代浏览器也修复了这个问题
|
|
152
|
+
// https://zhuanlan.zhihu.com/p/29958439
|
|
153
|
+
case 8232:
|
|
154
|
+
return "\\u2028";
|
|
155
|
+
// 行分隔符
|
|
156
|
+
case 8233:
|
|
157
|
+
return "\\u2029";
|
|
158
|
+
// 段落分隔符
|
|
159
|
+
default:
|
|
160
|
+
return c;
|
|
161
|
+
}
|
|
162
|
+
});
|
|
163
|
+
}
|
|
164
|
+
__name(safeEscape, "safeEscape");
|
|
165
|
+
|
|
166
|
+
// src/middlewares/view-context/index.ts
|
|
132
167
|
function _ts_decorate3(decorators, target, key, desc) {
|
|
133
168
|
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
134
169
|
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
@@ -184,9 +219,9 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
|
|
|
184
219
|
csrfToken: csrfToken ?? "",
|
|
185
220
|
userId: userId ?? "",
|
|
186
221
|
appId: appId ?? "",
|
|
187
|
-
appName:
|
|
222
|
+
appName: safeEscape(appInfo?.app_name ?? ""),
|
|
188
223
|
appAvatar: appInfo?.app_avatar ?? "",
|
|
189
|
-
appDescription:
|
|
224
|
+
appDescription: safeEscape(appInfo?.app_description ?? ""),
|
|
190
225
|
tenantId
|
|
191
226
|
};
|
|
192
227
|
res.locals = {
|
|
@@ -195,9 +230,9 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
|
|
|
195
230
|
userId: userId ?? "",
|
|
196
231
|
tenantId: tenantId ?? "",
|
|
197
232
|
appId: appId ?? "",
|
|
198
|
-
appName:
|
|
233
|
+
appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
|
|
199
234
|
appAvatar: appInfo?.app_avatar ?? "",
|
|
200
|
-
appDescription:
|
|
235
|
+
appDescription: safeEscape(appInfo?.app_description ?? "")
|
|
201
236
|
};
|
|
202
237
|
next();
|
|
203
238
|
}
|
|
@@ -676,7 +711,7 @@ PlatformHttpClientService = _ts_decorate8([
|
|
|
676
711
|
], PlatformHttpClientService);
|
|
677
712
|
|
|
678
713
|
// src/modules/platform/config/feature-switch.ts
|
|
679
|
-
var DISABLE_DATAPASS = process.env.
|
|
714
|
+
var DISABLE_DATAPASS = process.env.FORCE_FRAMEWORK_DISABLE_DATAPASS === "true";
|
|
680
715
|
|
|
681
716
|
// src/modules/platform/module.ts
|
|
682
717
|
function _ts_decorate9(decorators, target, key, desc) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@lark-apaas/fullstack-nestjs-core",
|
|
3
|
-
"version": "1.1.12-alpha.
|
|
3
|
+
"version": "1.1.12-alpha.4",
|
|
4
4
|
"description": "FullStack Nestjs Core",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -49,8 +49,7 @@
|
|
|
49
49
|
"@lark-apaas/nestjs-trigger": "^0.0.1",
|
|
50
50
|
"@nestjs/axios": "^4.0.1",
|
|
51
51
|
"axios": "^1.13.2",
|
|
52
|
-
"cookie-parser": "^1.4.7"
|
|
53
|
-
"serialize-javascript": "^7.0.2"
|
|
52
|
+
"cookie-parser": "^1.4.7"
|
|
54
53
|
},
|
|
55
54
|
"devDependencies": {
|
|
56
55
|
"@nestjs/common": "^10.4.20",
|