@lwrjs/client-modules 0.19.2 → 0.19.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1514,7 +1514,8 @@ const {
|
|
|
1514
1514
|
} = PromiseCtor$LWS.prototype;
|
|
1515
1515
|
const PromiseResolve$LWS = PromiseCtor$LWS.resolve.bind(PromiseCtor$LWS);
|
|
1516
1516
|
const PromiseReject$LWS = PromiseCtor$LWS.reject.bind(PromiseCtor$LWS);
|
|
1517
|
-
|
|
1517
|
+
const trustedResources$LWS = toSafeSet$LWS(new SetCtor$LWS$1());
|
|
1518
|
+
/*! version: 0.25.3 */
|
|
1518
1519
|
|
|
1519
1520
|
/*!
|
|
1520
1521
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -1882,7 +1883,7 @@ const NodeProtoIsConnectedGetter$LWS = ObjectLookupOwnGetter$LWS$1(NodeProto$LWS
|
|
|
1882
1883
|
ObjectLookupOwnGetter$LWS$1(NodeProto$LWS$1, 'lastChild');
|
|
1883
1884
|
const NodeProtoNodeNameGetter$LWS = ObjectLookupOwnGetter$LWS$1(NodeProto$LWS$1, 'nodeName');
|
|
1884
1885
|
const NodeProtoOwnerDocumentGetter$LWS = ObjectLookupOwnGetter$LWS$1(NodeProto$LWS$1, 'ownerDocument');
|
|
1885
|
-
|
|
1886
|
+
ObjectLookupOwnGetter$LWS$1(NodeProto$LWS$1, 'parentNode');
|
|
1886
1887
|
ReflectGetOwnPropertyDescriptor$LWS(NodeProto$LWS$1, 'textContent');
|
|
1887
1888
|
const rootDocumentDetachedFragment$LWS = ReflectApply$LWS$1(DocumentProtoCreateDocumentFragment$LWS, rootDocument$LWS, []);
|
|
1888
1889
|
const rootDocumentDetachedContainer$LWS = ReflectApply$LWS$1(DocumentProtoCreateElement$LWS$1, rootDocument$LWS, ['div']);
|
|
@@ -1902,8 +1903,9 @@ class Validator$LWS {
|
|
|
1902
1903
|
// There is no reason to ever allow any HTML or XML that contains all three of these substrings.
|
|
1903
1904
|
// eslint-disable-next-line class-methods-use-this
|
|
1904
1905
|
this.isInherentlyUnsecure = input$LWS => {
|
|
1905
|
-
const
|
|
1906
|
-
const
|
|
1906
|
+
const normalizedInput$LWS = toSafeStringValue$LWS(input$LWS);
|
|
1907
|
+
const hasIframe$LWS = hasTag$LWS(normalizedInput$LWS, 'iframe') && ReflectApply$LWS$1(StringProtoIncludes$LWS, normalizedInput$LWS, ['srcdoc']);
|
|
1908
|
+
const hasScript$LWS = hasTag$LWS(normalizedInput$LWS, 'script');
|
|
1907
1909
|
// If neither an iframe or a script was detected, then this input is safe.
|
|
1908
1910
|
// istanbul ignore else: returns immediately
|
|
1909
1911
|
if (!hasIframe$LWS && !hasScript$LWS) {
|
|
@@ -1914,6 +1916,10 @@ class Validator$LWS {
|
|
|
1914
1916
|
if (hasIframe$LWS) {
|
|
1915
1917
|
return true;
|
|
1916
1918
|
}
|
|
1919
|
+
// This is obnoxious... jsdom doesn't implement HTMLElement.prototype.innerText
|
|
1920
|
+
if (!HTMLElementProtoInnerTextGetter$LWS && hasScript$LWS) {
|
|
1921
|
+
return true;
|
|
1922
|
+
}
|
|
1917
1923
|
// If the input contained the word "script", then we need to confirm that the string
|
|
1918
1924
|
// that was seen is actually markup.
|
|
1919
1925
|
//
|
|
@@ -1921,7 +1927,7 @@ class Validator$LWS {
|
|
|
1921
1927
|
// do not return innerText or textContent, which makes the following innerHTML/innerText
|
|
1922
1928
|
// check useless.
|
|
1923
1929
|
ReflectApply$LWS$1(DocumentFragmentProtoAppend$LWS, rootDocumentDetachedFragment$LWS, [rootDocumentDetachedContainer$LWS]);
|
|
1924
|
-
ReflectApply$LWS$1(ElementProtoInnerHTMLSetter$LWS, rootDocumentDetachedContainer$LWS, [
|
|
1930
|
+
ReflectApply$LWS$1(ElementProtoInnerHTMLSetter$LWS, rootDocumentDetachedContainer$LWS, [normalizedInput$LWS]);
|
|
1925
1931
|
// This MUST BE CHECKED AFTER IT IS RENDERED. The nature of these attacks requires
|
|
1926
1932
|
// the actual source to be set to the innerHTML to allow the browser to render
|
|
1927
1933
|
const innerHTML$LWS = ReflectApply$LWS$1(ElementProtoInnerHTMLGetter$LWS, rootDocumentDetachedContainer$LWS, []);
|
|
@@ -1964,7 +1970,12 @@ function deepIsEqualNode$LWS(leftRoot$LWS, rightRoot$LWS) {
|
|
|
1964
1970
|
return false;
|
|
1965
1971
|
}
|
|
1966
1972
|
function hasTag$LWS(input$LWS, tag$LWS) {
|
|
1967
|
-
|
|
1973
|
+
let checkableInput$LWS = input$LWS;
|
|
1974
|
+
if (isGaterEnabledFeature$LWS('changesSince.256')) {
|
|
1975
|
+
const lowerCasedInput$LWS = ReflectApply$LWS$1(StringProtoToLowerCase$LWS, input$LWS, []);
|
|
1976
|
+
checkableInput$LWS = ReflectApply$LWS$1(StringProtoReplace$LWS, lowerCasedInput$LWS, [/\s+/g, ' ']);
|
|
1977
|
+
}
|
|
1978
|
+
return ReflectApply$LWS$1(StringProtoIncludes$LWS, checkableInput$LWS, [`<${tag$LWS} `]) || ReflectApply$LWS$1(StringProtoIncludes$LWS, checkableInput$LWS, [`:${tag$LWS} `]) || ReflectApply$LWS$1(StringProtoIncludes$LWS, checkableInput$LWS, [`<${tag$LWS}>`]) || ReflectApply$LWS$1(StringProtoIncludes$LWS, checkableInput$LWS, [`:${tag$LWS}>`]);
|
|
1968
1979
|
}
|
|
1969
1980
|
const rootValidator$LWS = new Validator$LWS(rootDocument$LWS, rootWindow$LWS$1);
|
|
1970
1981
|
const documentToValidatorMap$LWS = toSafeWeakMap$LWS$1(new WeakMapCtor$LWS$1([[rootDocument$LWS, rootValidator$LWS]]));
|
|
@@ -2286,7 +2297,7 @@ const {
|
|
|
2286
2297
|
const XhrProtoResponseTextGetter$LWS = ObjectLookupOwnGetter$LWS$1(XhrProto$LWS, 'responseText');
|
|
2287
2298
|
const XhrProtoStatusGetter$LWS = ObjectLookupOwnGetter$LWS$1(XhrProto$LWS, 'status');
|
|
2288
2299
|
ObjectLookupOwnSetter$LWS(XhrProto$LWS, 'withCredentials');
|
|
2289
|
-
/*! version: 0.
|
|
2300
|
+
/*! version: 0.25.3 */
|
|
2290
2301
|
|
|
2291
2302
|
/*!
|
|
2292
2303
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -2307,6 +2318,7 @@ function isMIMETypeAllowed$LWS(mimeType$LWS) {
|
|
|
2307
2318
|
}
|
|
2308
2319
|
return false;
|
|
2309
2320
|
}
|
|
2321
|
+
const DISALLOWED_ENDPOINTS_LIST$LWS = ['/aura', '/webruntime'];
|
|
2310
2322
|
const TRUSTED_DOMAINS_REG_EXP$LWS = /\.(force|salesforce|visualforce|documentforce|my\.site|salesforce-sites)\.com$/;
|
|
2311
2323
|
const URL_SCHEMES_LIST$LWS = toSafeArray$LWS$1(['about:', 'http:', 'https:']);
|
|
2312
2324
|
const newlinesAndTabsRegExp$LWS = /[\u2028\u2029\n\r\t]/g;
|
|
@@ -2329,8 +2341,6 @@ function isSameOriginURL$LWS(resourceValue$LWS) {
|
|
|
2329
2341
|
}
|
|
2330
2342
|
// @TODO: W-7302311 Make paths and domains configurable.
|
|
2331
2343
|
function isValidURL$LWS(parsedURL$LWS) {
|
|
2332
|
-
// Need to add /services to isValidUrl unit test and locker/scripts/test/disallowed-endpoints.js once we remove the gate.
|
|
2333
|
-
const DISALLOWED_ENDPOINTS_LIST$LWS = isGaterEnabledFeature$LWS('enableBlockServicesEndpoint') ? ['/aura', '/webruntime', '/services'] : ['/aura', '/webruntime'];
|
|
2334
2344
|
const loweredPathname$LWS = ReflectApply$LWS$1(StringProtoToLowerCase$LWS, parsedURL$LWS.pathname, []);
|
|
2335
2345
|
for (let i$LWS = 0, {
|
|
2336
2346
|
length: length$LWS
|
|
@@ -2362,7 +2372,7 @@ function sanitizeURLForElement$LWS(url$LWS) {
|
|
|
2362
2372
|
function sanitizeURLString$LWS(urlString$LWS) {
|
|
2363
2373
|
return urlString$LWS === '' ? urlString$LWS : ReflectApply$LWS$1(StringProtoReplace$LWS, urlString$LWS, [newlinesAndTabsRegExp$LWS, '']);
|
|
2364
2374
|
}
|
|
2365
|
-
/*! version: 0.
|
|
2375
|
+
/*! version: 0.25.3 */
|
|
2366
2376
|
|
|
2367
2377
|
/*! @license DOMPurify 3.1.6 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.1.6/LICENSE */
|
|
2368
2378
|
|
|
@@ -3990,7 +4000,7 @@ try {
|
|
|
3990
4000
|
// swallow
|
|
3991
4001
|
}
|
|
3992
4002
|
const trusted = createPolicy('trusted', policyOptions);
|
|
3993
|
-
/*! version: 0.
|
|
4003
|
+
/*! version: 0.25.3 */
|
|
3994
4004
|
|
|
3995
4005
|
/*!
|
|
3996
4006
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -4251,7 +4261,7 @@ function blobSanitizer$LWS(sandboxKey$LWS) {
|
|
|
4251
4261
|
}
|
|
4252
4262
|
return getSanitizerForConfig$LWS(sandboxKey$LWS, 'STRING_BLOB_HTML');
|
|
4253
4263
|
}
|
|
4254
|
-
/*! version: 0.
|
|
4264
|
+
/*! version: 0.25.3 */
|
|
4255
4265
|
|
|
4256
4266
|
/*!
|
|
4257
4267
|
* Copyright (C) 2023 salesforce.com, inc.
|
|
@@ -4450,7 +4460,7 @@ function createScriptSrcURLSetter$LWS(targetElement$LWS) {
|
|
|
4450
4460
|
ReflectApply$LWS$1(ElementProtoSetAttributeNS$LWS, targetElement$LWS, [attributeNamespaceURI$LWS, attributeName$LWS, src$LWS]);
|
|
4451
4461
|
};
|
|
4452
4462
|
}
|
|
4453
|
-
/*! version: 0.
|
|
4463
|
+
/*! version: 0.25.3 */
|
|
4454
4464
|
|
|
4455
4465
|
/*!
|
|
4456
4466
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -5195,65 +5205,7 @@ document$LWS = globalObject$LWS.document) {
|
|
|
5195
5205
|
function setCustomElementsRegistry$LWS(document$LWS, key$LWS) {
|
|
5196
5206
|
currentRegistry$LWS = getSandboxCustomElementRegistry$LWS(document$LWS, key$LWS);
|
|
5197
5207
|
}
|
|
5198
|
-
const
|
|
5199
|
-
const elementShadowRootBySandboxKeyRegistry$LWS = {
|
|
5200
|
-
__proto__: null
|
|
5201
|
-
};
|
|
5202
|
-
function registerShadowRootInSandbox$LWS(sandboxKey$LWS, shadowRoot$LWS) {
|
|
5203
|
-
const {
|
|
5204
|
-
[sandboxKey$LWS]: elementShadowRootRegistry$LWS = toSafeWeakSet$LWS$1(new WeakSetCtor$LWS$1())
|
|
5205
|
-
} = elementShadowRootBySandboxKeyRegistry$LWS;
|
|
5206
|
-
elementShadowRootRegistry$LWS.add(shadowRoot$LWS);
|
|
5207
|
-
if (!elementShadowRootBySandboxKeyRegistry$LWS[sandboxKey$LWS]) {
|
|
5208
|
-
elementShadowRootBySandboxKeyRegistry$LWS[sandboxKey$LWS] = elementShadowRootRegistry$LWS;
|
|
5209
|
-
}
|
|
5210
|
-
}
|
|
5211
|
-
function isShadowRootAccessibleInThisSandbox$LWS(sandboxKey$LWS, shadowRoot$LWS) {
|
|
5212
|
-
const elementShadowRootRegistry$LWS = elementShadowRootBySandboxKeyRegistry$LWS[sandboxKey$LWS];
|
|
5213
|
-
if (!elementShadowRootRegistry$LWS) {
|
|
5214
|
-
return false;
|
|
5215
|
-
}
|
|
5216
|
-
return elementShadowRootRegistry$LWS.has(shadowRoot$LWS);
|
|
5217
|
-
}
|
|
5218
|
-
function isContainerWithinAShadowRootAccessibleInThisSandbox$LWS(key$LWS, container$LWS) {
|
|
5219
|
-
let parentNode$LWS = container$LWS;
|
|
5220
|
-
do {
|
|
5221
|
-
if (isShadowRootAccessibleInThisSandbox$LWS(key$LWS, parentNode$LWS)) {
|
|
5222
|
-
return true;
|
|
5223
|
-
}
|
|
5224
|
-
} while (parentNode$LWS = ReflectApply$LWS$1(NodeProtoParentNodeGetter$LWS, parentNode$LWS, []));
|
|
5225
|
-
return false;
|
|
5226
|
-
}
|
|
5227
|
-
function initDistortionAbstractRangeEndContainerGetter$LWS({
|
|
5228
|
-
globalObject: {
|
|
5229
|
-
AbstractRange: AbstractRange$LWS
|
|
5230
|
-
}
|
|
5231
|
-
}) {
|
|
5232
|
-
const originalEndContainerGetter$LWS = ObjectLookupOwnGetter$LWS$1(AbstractRange$LWS.prototype, 'endContainer');
|
|
5233
|
-
return function distortionEndContainerGetter$LWS({
|
|
5234
|
-
key: key$LWS
|
|
5235
|
-
}) {
|
|
5236
|
-
return [originalEndContainerGetter$LWS, function endContainer$LWS() {
|
|
5237
|
-
const realEndContainer$LWS = ReflectApply$LWS$1(originalEndContainerGetter$LWS, this, []);
|
|
5238
|
-
return isContainerWithinAShadowRootAccessibleInThisSandbox$LWS(key$LWS, realEndContainer$LWS) ? realEndContainer$LWS : null;
|
|
5239
|
-
}];
|
|
5240
|
-
};
|
|
5241
|
-
}
|
|
5242
|
-
function initDistortionAbstractRangeStartContainerGetter$LWS({
|
|
5243
|
-
globalObject: {
|
|
5244
|
-
AbstractRange: AbstractRange$LWS
|
|
5245
|
-
}
|
|
5246
|
-
}) {
|
|
5247
|
-
const originalStartContainerGetter$LWS = ObjectLookupOwnGetter$LWS$1(AbstractRange$LWS.prototype, 'startContainer');
|
|
5248
|
-
return function distortionStartContainerGetter$LWS({
|
|
5249
|
-
key: key$LWS
|
|
5250
|
-
}) {
|
|
5251
|
-
return [originalStartContainerGetter$LWS, function startContainer$LWS() {
|
|
5252
|
-
const realStartContainer$LWS = ReflectApply$LWS$1(originalStartContainerGetter$LWS, this, []);
|
|
5253
|
-
return isContainerWithinAShadowRootAccessibleInThisSandbox$LWS(key$LWS, realStartContainer$LWS) ? realStartContainer$LWS : null;
|
|
5254
|
-
}];
|
|
5255
|
-
};
|
|
5256
|
-
}
|
|
5208
|
+
const DataTransferProtoBlockedProperties$LWS = ['mozCursor', 'mozSourceNode', 'mozUserCancelled'];
|
|
5257
5209
|
const attributeDistortionFactoriesCache$LWS = toSafeMap$LWS$1(new MapCtor$LWS$1());
|
|
5258
5210
|
const sandboxAttributeDistortionRegistryCache$LWS = toSafeWeakMap$LWS$1(new WeakMapCtor$LWS$1());
|
|
5259
5211
|
function finalizeAttributeDistortions$LWS(record$LWS) {
|
|
@@ -6235,7 +6187,7 @@ function initDistortionDocumentOpen$LWS({
|
|
|
6235
6187
|
} = normalizedArgs$LWS;
|
|
6236
6188
|
// In 256, limit this restriction to urls that can be treated as same-origin
|
|
6237
6189
|
// istanbul ignore else: previous behavior will not be tested in collection coverage
|
|
6238
|
-
if (isGaterEnabledFeature$LWS('
|
|
6190
|
+
if (isGaterEnabledFeature$LWS('changesSince.256')) {
|
|
6239
6191
|
// This CANNOT be combined with the above condition, because doing so
|
|
6240
6192
|
// will result in the else consequent body being executed in the case
|
|
6241
6193
|
// where the gate is enabled and the url is not same origin,
|
|
@@ -6410,6 +6362,25 @@ function initDistortionElementAppend$LWS({
|
|
|
6410
6362
|
return distortionEntry$LWS;
|
|
6411
6363
|
};
|
|
6412
6364
|
}
|
|
6365
|
+
const elementShadowRootBySandboxKeyRegistry$LWS = {
|
|
6366
|
+
__proto__: null
|
|
6367
|
+
};
|
|
6368
|
+
function registerShadowRootInSandbox$LWS(sandboxKey$LWS, shadowRoot$LWS) {
|
|
6369
|
+
const {
|
|
6370
|
+
[sandboxKey$LWS]: elementShadowRootRegistry$LWS = toSafeWeakSet$LWS$1(new WeakSetCtor$LWS$1())
|
|
6371
|
+
} = elementShadowRootBySandboxKeyRegistry$LWS;
|
|
6372
|
+
elementShadowRootRegistry$LWS.add(shadowRoot$LWS);
|
|
6373
|
+
if (!elementShadowRootBySandboxKeyRegistry$LWS[sandboxKey$LWS]) {
|
|
6374
|
+
elementShadowRootBySandboxKeyRegistry$LWS[sandboxKey$LWS] = elementShadowRootRegistry$LWS;
|
|
6375
|
+
}
|
|
6376
|
+
}
|
|
6377
|
+
function isShadowRootAccessibleInThisSandbox$LWS(sandboxKey$LWS, shadowRoot$LWS) {
|
|
6378
|
+
const elementShadowRootRegistry$LWS = elementShadowRootBySandboxKeyRegistry$LWS[sandboxKey$LWS];
|
|
6379
|
+
if (!elementShadowRootRegistry$LWS) {
|
|
6380
|
+
return false;
|
|
6381
|
+
}
|
|
6382
|
+
return elementShadowRootRegistry$LWS.has(shadowRoot$LWS);
|
|
6383
|
+
}
|
|
6413
6384
|
function initDistortionElementAttachShadow$LWS({
|
|
6414
6385
|
globalObject: {
|
|
6415
6386
|
Element: {
|
|
@@ -7052,6 +7023,7 @@ function initDistortionElementSetHTML$LWS({
|
|
|
7052
7023
|
return [originalSetHTML$LWS, function setHTML$LWS(...args$LWS) {
|
|
7053
7024
|
const isOwnerXMLDocument$LWS = ReflectApply$LWS$1(NodeProtoOwnerDocumentGetter$LWS, this, []) instanceof XMLDocument$LWS;
|
|
7054
7025
|
if (!isOwnerXMLDocument$LWS) {
|
|
7026
|
+
const normalizedValue$LWS = toSafeStringValue$LWS(args$LWS[0]);
|
|
7055
7027
|
// istanbul ignore else: needs default platform behavior test
|
|
7056
7028
|
if (isSharedElement$g$LWS(this)) {
|
|
7057
7029
|
throw new LockerSecurityError$LWS(`Cannot setHTML of ${ReflectApply$LWS$1(NodeProtoNodeNameGetter$LWS, this, [])}.`);
|
|
@@ -7063,9 +7035,8 @@ function initDistortionElementSetHTML$LWS({
|
|
|
7063
7035
|
setCustomElementsRegistry$LWS(document$LWS, key$LWS);
|
|
7064
7036
|
// If options not specified, the default Sanitizer object is used.
|
|
7065
7037
|
// This will be in addition to the sanitization we have.
|
|
7066
|
-
const value$LWS = args$LWS[0];
|
|
7067
7038
|
const contentType$LWS = this instanceof SVGElement$LWS ? ContentType$LWS.SVG : ContentType$LWS.HTML;
|
|
7068
|
-
args$LWS[0] = lwsInternalPolicy$LWS.createHTML(
|
|
7039
|
+
args$LWS[0] = lwsInternalPolicy$LWS.createHTML(normalizedValue$LWS, key$LWS, contentType$LWS);
|
|
7069
7040
|
if (isInherentlyUnsecure$1$LWS(args$LWS[0])) {
|
|
7070
7041
|
throw new LockerSecurityError$LWS(`Cannot 'setHTML' using an unsecure ${toSafeTemplateStringValue$LWS(args$LWS[0])}.`);
|
|
7071
7042
|
}
|
|
@@ -7107,7 +7078,8 @@ function initDistortionElementSetHTMLUnsafe$LWS({
|
|
|
7107
7078
|
get: originalInnerHTMLGetter$LWS,
|
|
7108
7079
|
set: originalInnerHTMLSetter$LWS
|
|
7109
7080
|
} = ReflectGetOwnPropertyDescriptor$LWS(Element$LWS.prototype, 'innerHTML');
|
|
7110
|
-
return [originalSetHTMLUnsafe$LWS, function
|
|
7081
|
+
return [originalSetHTMLUnsafe$LWS, function setHTMLUnsafe$LWS(value$LWS) {
|
|
7082
|
+
let normalizedValue$LWS = toSafeStringValue$LWS(value$LWS);
|
|
7111
7083
|
const isOwnerXMLDocument$LWS = ReflectApply$LWS$1(NodeProtoOwnerDocumentGetter$LWS, this, []) instanceof XMLDocument$LWS;
|
|
7112
7084
|
if (!isOwnerXMLDocument$LWS) {
|
|
7113
7085
|
// istanbul ignore else: needs default platform behavior test
|
|
@@ -7116,7 +7088,7 @@ function initDistortionElementSetHTMLUnsafe$LWS({
|
|
|
7116
7088
|
}
|
|
7117
7089
|
// This is necessary to support script.setHTMLUnsafe(...)
|
|
7118
7090
|
if (this instanceof HTMLScriptElement$LWS || this instanceof SVGScriptElement) {
|
|
7119
|
-
const scriptWasNotEvaluatedInScriptPropertySetter$LWS = scriptPropertySetters$LWS(this, 'innerHTML', trusted.createScript(
|
|
7091
|
+
const scriptWasNotEvaluatedInScriptPropertySetter$LWS = scriptPropertySetters$LWS(this, 'innerHTML', trusted.createScript(normalizedValue$LWS), originalInnerHTMLGetter$LWS, originalInnerHTMLSetter$LWS, distortions$LWS, sandboxEvaluator$LWS, trusted.createScript(SCRIPT_HOOK_SOURCE_TEXT$LWS));
|
|
7120
7092
|
if (scriptWasNotEvaluatedInScriptPropertySetter$LWS) {
|
|
7121
7093
|
return;
|
|
7122
7094
|
}
|
|
@@ -7127,12 +7099,12 @@ function initDistortionElementSetHTMLUnsafe$LWS({
|
|
|
7127
7099
|
// association to this sandbox.
|
|
7128
7100
|
setCustomElementsRegistry$LWS(document$LWS, key$LWS);
|
|
7129
7101
|
const contentType$LWS = this instanceof SVGElement$LWS ? ContentType$LWS.SVG : ContentType$LWS.HTML;
|
|
7130
|
-
|
|
7102
|
+
normalizedValue$LWS = lwsInternalPolicy$LWS.createHTML(normalizedValue$LWS, key$LWS, contentType$LWS);
|
|
7131
7103
|
}
|
|
7132
|
-
if (isInherentlyUnsecure$LWS(
|
|
7133
|
-
throw new LockerSecurityError$LWS(`Cannot 'setHTMLUnsafe' using an unsecure ${toSafeTemplateStringValue$LWS(
|
|
7104
|
+
if (isInherentlyUnsecure$LWS(normalizedValue$LWS)) {
|
|
7105
|
+
throw new LockerSecurityError$LWS(`Cannot 'setHTMLUnsafe' using an unsecure ${toSafeTemplateStringValue$LWS(normalizedValue$LWS)}.`);
|
|
7134
7106
|
}
|
|
7135
|
-
ReflectApply$LWS$1(originalSetHTMLUnsafe$LWS, this, [
|
|
7107
|
+
ReflectApply$LWS$1(originalSetHTMLUnsafe$LWS, this, [normalizedValue$LWS]);
|
|
7136
7108
|
}];
|
|
7137
7109
|
};
|
|
7138
7110
|
}
|
|
@@ -7669,6 +7641,15 @@ function initDistortionHTMLIFrameElementSrcSetter$LWS({
|
|
|
7669
7641
|
if (urlString$LWS && !isValidURLScheme$LWS(urlString$LWS)) {
|
|
7670
7642
|
throw new LockerSecurityError$LWS('HTMLIFrameElement.src supports http://, https:// schemes, relative urls and about:blank.');
|
|
7671
7643
|
}
|
|
7644
|
+
if (isGaterEnabledFeature$LWS('changesSince.258')) {
|
|
7645
|
+
const parsedURL$LWS = parseURL$LWS(urlString$LWS);
|
|
7646
|
+
if (!isValidURL$LWS(parsedURL$LWS)) {
|
|
7647
|
+
const {
|
|
7648
|
+
normalizedURL: normalizedURL$LWS
|
|
7649
|
+
} = parsedURL$LWS;
|
|
7650
|
+
throw new LockerSecurityError$LWS(`Cannot request disallowed endpoint: ${toSafeTemplateStringValue$LWS(normalizedURL$LWS)}`);
|
|
7651
|
+
}
|
|
7652
|
+
}
|
|
7672
7653
|
ReflectApply$LWS$1(HTMLIFrameElementProtoSrcSetter$LWS, this, [urlString$LWS]);
|
|
7673
7654
|
if (isGaterEnabledFeature$LWS(ENABLE_SANDBOXED_SAMEORIGIN_IFRAME_GATE$LWS) && isNotAllowedToOverrideGaterEnabledFeature$LWS(record$LWS.key, ENABLE_SANDBOXED_SAMEORIGIN_IFRAME_GATE$LWS)) {
|
|
7674
7655
|
enforceSandboxAllowScriptsForSameOriginIframeRealm$LWS(this);
|
|
@@ -8000,7 +7981,7 @@ function initDistortionHTMLScriptElementTextContentGetter$LWS({
|
|
|
8000
7981
|
const descriptor$LWS = ReflectGetOwnPropertyDescriptor$LWS(HTMLScriptElement$LWS.prototype, 'textContent');
|
|
8001
7982
|
// This may not be implemented in all browsers.
|
|
8002
7983
|
// https://www.w3.org/TR/trusted-types/#enforcement-in-scripts
|
|
8003
|
-
if (!isGaterEnabledFeature$LWS('
|
|
7984
|
+
if (!isGaterEnabledFeature$LWS('changesSince.256') || !descriptor$LWS) {
|
|
8004
7985
|
return noop$LWS$1;
|
|
8005
7986
|
}
|
|
8006
7987
|
// istanbul ignore next: currently not implemented in Chrome (used for coverage collection)
|
|
@@ -8028,7 +8009,7 @@ function initDistortionHTMLScriptElementTextContentSetter$LWS({
|
|
|
8028
8009
|
const descriptor$LWS = ReflectGetOwnPropertyDescriptor$LWS(HTMLScriptElement$LWS.prototype, 'textContent');
|
|
8029
8010
|
// This may not be implemented in all browsers.
|
|
8030
8011
|
// https://www.w3.org/TR/trusted-types/#enforcement-in-scripts
|
|
8031
|
-
if (!isGaterEnabledFeature$LWS('
|
|
8012
|
+
if (!isGaterEnabledFeature$LWS('changesSince.256') || !descriptor$LWS) {
|
|
8032
8013
|
return noop$LWS$1;
|
|
8033
8014
|
}
|
|
8034
8015
|
// istanbul ignore next: currently not implemented in Chrome (used for coverage collection)
|
|
@@ -9777,6 +9758,48 @@ function initDistortionWindowFetch$LWS({
|
|
|
9777
9758
|
};
|
|
9778
9759
|
}
|
|
9779
9760
|
|
|
9761
|
+
/* istanbul ignore next: only available in secure context */
|
|
9762
|
+
function initDistortionWindowFetchLater$LWS({
|
|
9763
|
+
globalObject: {
|
|
9764
|
+
fetchLater: originalFetchLater$LWS
|
|
9765
|
+
}
|
|
9766
|
+
}) {
|
|
9767
|
+
if (typeof originalFetchLater$LWS !== 'function') {
|
|
9768
|
+
return noop$LWS$1;
|
|
9769
|
+
}
|
|
9770
|
+
const distortionEntry$LWS = [originalFetchLater$LWS, function fetchLater$LWS(...args$LWS) {
|
|
9771
|
+
if (!isGaterEnabledFeature$LWS('changesSince.258')) {
|
|
9772
|
+
return ReflectApply$LWS$1(originalFetchLater$LWS, this, args$LWS);
|
|
9773
|
+
}
|
|
9774
|
+
// Let the native method handle missing parameters error or null/undefined URL case.
|
|
9775
|
+
let {
|
|
9776
|
+
0: url$LWS
|
|
9777
|
+
} = args$LWS;
|
|
9778
|
+
if (url$LWS !== null && url$LWS !== undefined) {
|
|
9779
|
+
let parsedURL$LWS;
|
|
9780
|
+
if (url$LWS instanceof Request) {
|
|
9781
|
+
// Request will also normalize the url (partial to absolute url)
|
|
9782
|
+
// similar to link element's href.
|
|
9783
|
+
parsedURL$LWS = parseURL$LWS(ReflectApply$LWS$1(RequestProtoURLGetter$LWS, url$LWS, []));
|
|
9784
|
+
} else {
|
|
9785
|
+
parsedURL$LWS = parseURL$LWS(toSafeStringValue$LWS(url$LWS));
|
|
9786
|
+
url$LWS = parsedURL$LWS.normalizedURL;
|
|
9787
|
+
args$LWS[0] = url$LWS;
|
|
9788
|
+
}
|
|
9789
|
+
if (!isValidURL$LWS(parsedURL$LWS)) {
|
|
9790
|
+
const {
|
|
9791
|
+
normalizedURL: normalizedURL$LWS
|
|
9792
|
+
} = parsedURL$LWS;
|
|
9793
|
+
throw new LockerSecurityError$LWS(`Cannot request disallowed endpoint: ${toSafeTemplateStringValue$LWS(normalizedURL$LWS)}`);
|
|
9794
|
+
}
|
|
9795
|
+
}
|
|
9796
|
+
return ReflectApply$LWS$1(originalFetchLater$LWS, this, args$LWS);
|
|
9797
|
+
}];
|
|
9798
|
+
return function distortionWindowFetchLater$LWS() {
|
|
9799
|
+
return distortionEntry$LWS;
|
|
9800
|
+
};
|
|
9801
|
+
}
|
|
9802
|
+
|
|
9780
9803
|
// The rules for this proxy are as follows:
|
|
9781
9804
|
//
|
|
9782
9805
|
// If the key is a string...
|
|
@@ -10050,7 +10073,7 @@ function initDistortionWindowOpen$LWS({
|
|
|
10050
10073
|
} = normalizedArgs$LWS;
|
|
10051
10074
|
// In 256, limit this restriction to urls that can be treated as same-origin
|
|
10052
10075
|
// istanbul ignore else: previous behavior will not be tested in collection coverage
|
|
10053
|
-
if (isGaterEnabledFeature$LWS('
|
|
10076
|
+
if (isGaterEnabledFeature$LWS('changesSince.256')) {
|
|
10054
10077
|
// This CANNOT be combined with the above condition, because doing so
|
|
10055
10078
|
// will result in the else consequent body being executed in the case
|
|
10056
10079
|
// where the gate is enabled and the url is not same origin,
|
|
@@ -10150,7 +10173,7 @@ function initDistortionWindowSetInterval$LWS({
|
|
|
10150
10173
|
sandboxEvaluator$LWS(transformSourceText$LWS(sourceText$LWS), UNCOMPILED_CONTEXT$LWS);
|
|
10151
10174
|
};
|
|
10152
10175
|
} else {
|
|
10153
|
-
if (isGaterEnabledFeature$LWS('
|
|
10176
|
+
if (isGaterEnabledFeature$LWS('changesSince.256') &&
|
|
10154
10177
|
// @ts-ignore callback and eval have different type defs, but that's ok for this condition
|
|
10155
10178
|
callback$LWS === eval) {
|
|
10156
10179
|
throw new LockerSecurityError$LWS('Cannot pass unsafe eval reference.');
|
|
@@ -10188,7 +10211,7 @@ function initDistortionWindowSetTimeout$LWS({
|
|
|
10188
10211
|
sandboxEvaluator$LWS(transformSourceText$LWS(sourceText$LWS), UNCOMPILED_CONTEXT$LWS);
|
|
10189
10212
|
};
|
|
10190
10213
|
} else {
|
|
10191
|
-
if (isGaterEnabledFeature$LWS('
|
|
10214
|
+
if (isGaterEnabledFeature$LWS('changesSince.256') &&
|
|
10192
10215
|
// @ts-ignore callback and eval have different type defs, but that's ok for this condition
|
|
10193
10216
|
callback$LWS === eval) {
|
|
10194
10217
|
throw new LockerSecurityError$LWS('Cannot pass unsafe eval reference.');
|
|
@@ -10423,14 +10446,12 @@ initDistortionSVGUseElementHrefAttribute$LWS, initDistortionSVGUseElementXlinkHr
|
|
|
10423
10446
|
// TrustedTypePolicyFactory
|
|
10424
10447
|
initDistortionTrustedTypePolicyFactoryCreatePolicy$LWS,
|
|
10425
10448
|
// Window
|
|
10426
|
-
initDistortionWindowFetch$LWS, initDistortionWindowFramesGetter$LWS, initDistortionWindowGetComputedStyle$LWS, initDistortionWindowLengthGetter$LWS, initDistortionWindowOpen$LWS, initDistortionWindowPostMessage$LWS, initDistortionWindowStructuredClone$LWS,
|
|
10449
|
+
initDistortionWindowFetch$LWS, initDistortionWindowFetchLater$LWS, initDistortionWindowFramesGetter$LWS, initDistortionWindowGetComputedStyle$LWS, initDistortionWindowLengthGetter$LWS, initDistortionWindowOpen$LWS, initDistortionWindowPostMessage$LWS, initDistortionWindowStructuredClone$LWS,
|
|
10427
10450
|
// Worker
|
|
10428
10451
|
initDistortionWorkerCtor$LWS, initDistortionWorkerProto$LWS,
|
|
10429
10452
|
// XHR
|
|
10430
10453
|
initDistortionXMLHttpRequestOpen$LWS];
|
|
10431
10454
|
const internalKeyedDistortionFactoryInitializers$LWS = [
|
|
10432
|
-
// AbstractRange
|
|
10433
|
-
initDistortionAbstractRangeEndContainerGetter$LWS, initDistortionAbstractRangeStartContainerGetter$LWS,
|
|
10434
10455
|
// Attr
|
|
10435
10456
|
initDistortionAttrValueSetter$LWS,
|
|
10436
10457
|
// Aura
|
|
@@ -10494,26 +10515,28 @@ initDistortionElementAfter$LWS, initDistortionElementAppend$LWS, initDistortionE
|
|
|
10494
10515
|
// initDistortionNodeAppendChild,
|
|
10495
10516
|
initDistortionNodeInsertBefore$LWS]);
|
|
10496
10517
|
const externalKeyedDistortionFactoryInitializers$LWS = internalKeyedDistortionFactoryInitializers$LWS;
|
|
10497
|
-
const distortionFactoryInitializerToggleSwitches$LWS = toSafeMap$LWS$1(new MapCtor$LWS$1([[initDistortionCacheStorageDelete$LWS, 'caches'], [initDistortionCacheStorageHas$LWS, 'caches'], [initDistortionCacheStorageKeys$LWS, 'caches'], [initDistortionCacheStorageMatch$LWS, 'caches'], [initDistortionCacheStorageOpen$LWS, 'caches'], [initDistortionCookieStoreDelete$LWS, 'cookieStore'], [initDistortionCookieStoreGet$LWS, 'cookieStore'], [initDistortionCookieStoreGetAll$LWS, 'cookieStore'], [initDistortionCookieStoreOnChange$LWS, 'cookieStore'], [initDistortionCookieStoreSet$LWS, 'cookieStore'], [initDistortionCSSStyleRuleStyleGetter$LWS, 'style'], [initDistortionCustomElementRegistryDefine$LWS, 'customElements'], [initDistortionCustomElementRegistryGet$LWS, 'customElements'], [initDistortionCustomElementRegistryUpgrade$LWS, 'customElements'], [initDistortionCustomElementRegistryWhenDefined$LWS, 'customElements'], [initDistortionDocumentCookieGetter$LWS, 'documentCookie'], [initDistortionDocumentCookieSetter$LWS, 'documentCookie'], [initDistortionDocumentDomainSetter$LWS, 'documentDomain'], [initDistortionDocumentExecCommand$LWS, 'documentExecCommand'], [initDistortionDOMParserParseFromString$LWS, 'domParserParseFromString'], [initDistortionElementAfter$LWS, 'element'], [initDistortionElementAppend$LWS, 'element'], [initDistortionElementAttributesGetter$LWS, 'attributes'], [initDistortionElementBefore$LWS, 'element'], [initDistortionElementGetInnerHTML$LWS, 'innerHTML'], [initDistortionElementInnerHTMLSetter$LWS, 'innerHTML'], [initDistortionElementInsertAdjacentElement$LWS, 'element'], [initDistortionElementInsertAdjacentHTML$LWS, 'element'], [initDistortionElementOuterHTMLSetter$LWS, 'element'], [initDistortionElementPrepend$LWS, 'element'], [initDistortionElementRemove$LWS, 'element'], [initDistortionElementReplaceChildren$LWS, 'element'], [initDistortionElementReplaceWith$LWS, 'element'], [initDistortionElementSetAttribute$LWS, 'attributes'], [initDistortionElementSetAttributeNode$LWS, 'attributes'], [initDistortionElementSetAttributeNodeNS$LWS, 'attributes'], [initDistortionElementSetAttributeNS$LWS, 'attributes'], [initDistortionElementSetHTML$LWS, 'element'], [initDistortionElementToggleAttribute$LWS, 'attributes'], [initDistortionHistoryPushState$LWS, 'history'], [initDistortionHistoryReplaceState$LWS, 'history'], [initDistortionHTMLElementDatasetGetter$LWS, 'dataset'], [initDistortionHTMLElementStyleGetter$LWS, 'style'], [initDistortionHTMLScriptElementSrcGetter$LWS, 'script'], [initDistortionHTMLScriptElementSrcSetter$LWS, 'script'], [initDistortionHTMLScriptElementTextSetter$LWS, 'script'], [initDistortionIDBObjectStoreAdd$LWS, 'indexedDB'], [initDistortionIDBObjectStorePut$LWS, 'indexedDB'], [initDistortionLocalStorage$LWS, 'storage'], [initDistortionMessagePortPostMessage$LWS, 'postMessage'], [initDistortionNamedNodeMapSetNamedItem$LWS, 'attributes'], [initDistortionNamedNodeMapSetNamedItemNS$LWS, 'attributes'], [initDistortionNavigatorSendBeacon$LWS, 'navigatorSendBeacon'], [initDistortionNodeInsertBefore$LWS, 'node'], [initDistortionNodeRemoveChild$LWS, 'node'], [initDistortionNodeReplaceChild$LWS, 'node'], [initDistortionNodeTextContentGetter$LWS, 'node'], [initDistortionNodeTextContentSetter$LWS, 'node'], [initDistortionNodeValueSetter$LWS, 'node'], [initDistortionNotificationCtor$LWS, 'notification'], [initDistortionPerformanceMark$LWS, 'performance'], [initDistortionPerformanceMarkCtor$LWS, 'performance'], [initDistortionPerformanceMeasure$LWS, 'performance'], [initDistortionRangeCreateContextualFragment$LWS, 'range'], [initDistortionRangeDeleteContents$LWS, 'range'], [initDistortionRangeExtractContents$LWS, 'range'], [initDistortionRangeInsertNode$LWS, 'range'], [initDistortionRangeSelectNode$LWS, 'range'], [initDistortionRangeSelectNodeContents$LWS, 'range'], [initDistortionRangeSetEnd$LWS, 'range'], [initDistortionRangeSetEndAfter$LWS, 'range'], [initDistortionRangeSetEndBefore$LWS, 'range'], [initDistortionRangeSetStart$LWS, 'range'], [initDistortionRangeSetStartAfter$LWS, 'range'], [initDistortionRangeSetStartBefore$LWS, 'range'], [initDistortionRangeSurroundContents$LWS, 'range'], [initDistortionSelectionCollapse$LWS, 'selection'], [initDistortionSelectionExtend$LWS, 'selection'], [initDistortionSelectionSelectAllChildren$LWS, 'selection'], [initDistortionSelectionSetBaseAndExtent$LWS, 'selection'], [initDistortionSelectionSetPosition$LWS, 'selection'], [initDistortionSessionStorage$LWS, 'storage'], [initDistortionShadowRootInnerHTMLSetter$LWS, 'innerHTML'], [initDistortionStorage$LWS, 'storage'], [initDistortionStorageClear$LWS, 'storage'], [initDistortionStorageGetItem$LWS, 'storage'], [initDistortionStorageKey$LWS, 'storage'], [initDistortionStorageLength$LWS, 'storage'], [initDistortionStorageRemoveItem$LWS, 'storage'], [initDistortionStorageSetItem$LWS, 'storage'], [initDistortionSVGElementDatasetGetter$LWS, 'dataset'], [initDistortionSVGElementStyleGetter$LWS, 'style'], [initDistortionSVGScriptElementHrefGetter$LWS, 'script'], [initDistortionSVGScriptElementHrefSetter$LWS, 'script'], [initDistortionWindowFetch$LWS, 'windowFetch'], [initDistortionWindowFramesGetter$LWS, 'windowFrames'], [initDistortionWindowGetComputedStyle$LWS, 'style'], [initDistortionWindowLengthGetter$LWS, 'windowFrames'], [initDistortionWindowPostMessage$LWS, 'postMessage'], [initDistortionWindowSetInterval$LWS, 'setInterval'], [initDistortionWindowSetTimeout$LWS, 'setTimeout'], [initDistortionXMLHttpRequestResponseGetter$LWS, 'xhr'], [initDistortionXMLHttpRequestResponseXMLGetter$LWS, 'xhr']]));
|
|
10498
|
-
const DocumentBlockedProperties$LWS = ['
|
|
10499
|
-
const
|
|
10500
|
-
const
|
|
10518
|
+
const distortionFactoryInitializerToggleSwitches$LWS = toSafeMap$LWS$1(new MapCtor$LWS$1([[initDistortionCacheStorageDelete$LWS, 'caches'], [initDistortionCacheStorageHas$LWS, 'caches'], [initDistortionCacheStorageKeys$LWS, 'caches'], [initDistortionCacheStorageMatch$LWS, 'caches'], [initDistortionCacheStorageOpen$LWS, 'caches'], [initDistortionCookieStoreDelete$LWS, 'cookieStore'], [initDistortionCookieStoreGet$LWS, 'cookieStore'], [initDistortionCookieStoreGetAll$LWS, 'cookieStore'], [initDistortionCookieStoreOnChange$LWS, 'cookieStore'], [initDistortionCookieStoreSet$LWS, 'cookieStore'], [initDistortionCSSStyleRuleStyleGetter$LWS, 'style'], [initDistortionCustomElementRegistryDefine$LWS, 'customElements'], [initDistortionCustomElementRegistryGet$LWS, 'customElements'], [initDistortionCustomElementRegistryUpgrade$LWS, 'customElements'], [initDistortionCustomElementRegistryWhenDefined$LWS, 'customElements'], [initDistortionDocumentCookieGetter$LWS, 'documentCookie'], [initDistortionDocumentCookieSetter$LWS, 'documentCookie'], [initDistortionDocumentDomainSetter$LWS, 'documentDomain'], [initDistortionDocumentExecCommand$LWS, 'documentExecCommand'], [initDistortionDOMParserParseFromString$LWS, 'domParserParseFromString'], [initDistortionElementAfter$LWS, 'element'], [initDistortionElementAppend$LWS, 'element'], [initDistortionElementAttributesGetter$LWS, 'attributes'], [initDistortionElementBefore$LWS, 'element'], [initDistortionElementGetInnerHTML$LWS, 'innerHTML'], [initDistortionElementInnerHTMLSetter$LWS, 'innerHTML'], [initDistortionElementInsertAdjacentElement$LWS, 'element'], [initDistortionElementInsertAdjacentHTML$LWS, 'element'], [initDistortionElementOuterHTMLSetter$LWS, 'element'], [initDistortionElementPrepend$LWS, 'element'], [initDistortionElementRemove$LWS, 'element'], [initDistortionElementReplaceChildren$LWS, 'element'], [initDistortionElementReplaceWith$LWS, 'element'], [initDistortionElementSetAttribute$LWS, 'attributes'], [initDistortionElementSetAttributeNode$LWS, 'attributes'], [initDistortionElementSetAttributeNodeNS$LWS, 'attributes'], [initDistortionElementSetAttributeNS$LWS, 'attributes'], [initDistortionElementSetHTML$LWS, 'element'], [initDistortionElementToggleAttribute$LWS, 'attributes'], [initDistortionHistoryPushState$LWS, 'history'], [initDistortionHistoryReplaceState$LWS, 'history'], [initDistortionHTMLElementDatasetGetter$LWS, 'dataset'], [initDistortionHTMLElementStyleGetter$LWS, 'style'], [initDistortionHTMLScriptElementSrcGetter$LWS, 'script'], [initDistortionHTMLScriptElementSrcSetter$LWS, 'script'], [initDistortionHTMLScriptElementTextSetter$LWS, 'script'], [initDistortionIDBObjectStoreAdd$LWS, 'indexedDB'], [initDistortionIDBObjectStorePut$LWS, 'indexedDB'], [initDistortionLocalStorage$LWS, 'storage'], [initDistortionMessagePortPostMessage$LWS, 'postMessage'], [initDistortionNamedNodeMapSetNamedItem$LWS, 'attributes'], [initDistortionNamedNodeMapSetNamedItemNS$LWS, 'attributes'], [initDistortionNavigatorSendBeacon$LWS, 'navigatorSendBeacon'], [initDistortionNodeInsertBefore$LWS, 'node'], [initDistortionNodeRemoveChild$LWS, 'node'], [initDistortionNodeReplaceChild$LWS, 'node'], [initDistortionNodeTextContentGetter$LWS, 'node'], [initDistortionNodeTextContentSetter$LWS, 'node'], [initDistortionNodeValueSetter$LWS, 'node'], [initDistortionNotificationCtor$LWS, 'notification'], [initDistortionPerformanceMark$LWS, 'performance'], [initDistortionPerformanceMarkCtor$LWS, 'performance'], [initDistortionPerformanceMeasure$LWS, 'performance'], [initDistortionRangeCreateContextualFragment$LWS, 'range'], [initDistortionRangeDeleteContents$LWS, 'range'], [initDistortionRangeExtractContents$LWS, 'range'], [initDistortionRangeInsertNode$LWS, 'range'], [initDistortionRangeSelectNode$LWS, 'range'], [initDistortionRangeSelectNodeContents$LWS, 'range'], [initDistortionRangeSetEnd$LWS, 'range'], [initDistortionRangeSetEndAfter$LWS, 'range'], [initDistortionRangeSetEndBefore$LWS, 'range'], [initDistortionRangeSetStart$LWS, 'range'], [initDistortionRangeSetStartAfter$LWS, 'range'], [initDistortionRangeSetStartBefore$LWS, 'range'], [initDistortionRangeSurroundContents$LWS, 'range'], [initDistortionSelectionCollapse$LWS, 'selection'], [initDistortionSelectionExtend$LWS, 'selection'], [initDistortionSelectionSelectAllChildren$LWS, 'selection'], [initDistortionSelectionSetBaseAndExtent$LWS, 'selection'], [initDistortionSelectionSetPosition$LWS, 'selection'], [initDistortionSessionStorage$LWS, 'storage'], [initDistortionShadowRootInnerHTMLSetter$LWS, 'innerHTML'], [initDistortionStorage$LWS, 'storage'], [initDistortionStorageClear$LWS, 'storage'], [initDistortionStorageGetItem$LWS, 'storage'], [initDistortionStorageKey$LWS, 'storage'], [initDistortionStorageLength$LWS, 'storage'], [initDistortionStorageRemoveItem$LWS, 'storage'], [initDistortionStorageSetItem$LWS, 'storage'], [initDistortionSVGElementDatasetGetter$LWS, 'dataset'], [initDistortionSVGElementStyleGetter$LWS, 'style'], [initDistortionSVGScriptElementHrefGetter$LWS, 'script'], [initDistortionSVGScriptElementHrefSetter$LWS, 'script'], [initDistortionWindowFetch$LWS, 'windowFetch'], [initDistortionWindowFetchLater$LWS, 'windowFetchLater'], [initDistortionWindowFramesGetter$LWS, 'windowFrames'], [initDistortionWindowGetComputedStyle$LWS, 'style'], [initDistortionWindowLengthGetter$LWS, 'windowFrames'], [initDistortionWindowPostMessage$LWS, 'postMessage'], [initDistortionWindowSetInterval$LWS, 'setInterval'], [initDistortionWindowSetTimeout$LWS, 'setTimeout'], [initDistortionXMLHttpRequestResponseGetter$LWS, 'xhr'], [initDistortionXMLHttpRequestResponseXMLGetter$LWS, 'xhr']]));
|
|
10519
|
+
const DocumentBlockedProperties$LWS = ['parseHTMLUnsafe'];
|
|
10520
|
+
const DocumentProtoBlockedProperties$LWS = ['createProcessingInstruction', 'exitFullscreen', 'fullscreen', 'fullscreenElement', 'fullscreenEnabled', 'mozCancelFullScreen', 'mozFullScreen', 'mozFullScreenElement', 'mozFullScreenEnabled', 'onfullscreenchange', 'onfullscreenerror', 'onmozfullscreenchange', 'onmozfullscreenerror', 'onrejectionhandled', 'onunhandledrejection', 'parseHTMLUnsafe', 'releaseCapture', 'releaseEvents', 'requestStorageAccess', 'webkitFullScreenKeyboardInputAllowed', 'write', 'writeln'];
|
|
10521
|
+
const ElementProtoBlockedProperties$LWS = ['mozRequestFullScreen', 'onfullscreenchange', 'onfullscreenerror', 'requestFullscreen', 'webkitRequestFullScreen', 'webkitRequestFullscreen'];
|
|
10522
|
+
const EventProtoBlockedProperties$LWS = ['originalTarget', 'explicitOriginalTarget'];
|
|
10501
10523
|
const HTMLElementBlockedAttributes$LWS = ['nonce'];
|
|
10502
|
-
const
|
|
10503
|
-
const
|
|
10524
|
+
const HTMLElementProtoBlockedProperties$LWS = ['nonce', 'onrejectionhandled', 'onunhandledrejection'];
|
|
10525
|
+
const HTMLEmbedElementProtoBlockedProperties$LWS = ['getSVGDocument'];
|
|
10504
10526
|
|
|
10505
10527
|
// https://www.w3schools.com/tags/tag_iframe.asp
|
|
10506
10528
|
const HTMLIFrameElementBlockedAttributes$LWS = ['srcdoc'];
|
|
10507
|
-
const
|
|
10508
|
-
const
|
|
10529
|
+
const HTMLIFrameElementProtoBlockedProperties$LWS = ['getSVGDocument', 'srcdoc'];
|
|
10530
|
+
const HTMLObjectElementProtoBlockedProperties$LWS = ['getSVGDocument'];
|
|
10509
10531
|
const HTMLScriptElementBlockedAttributes$LWS = ['nonce'];
|
|
10510
|
-
const
|
|
10532
|
+
const HTMLScriptElementProtoBlockedProperties$LWS = ['nonce'];
|
|
10511
10533
|
const SVGElementBlockedAttributes$LWS = ['nonce'];
|
|
10512
|
-
const
|
|
10513
|
-
const
|
|
10534
|
+
const SVGElementProtoBlockedProperties$LWS = ['nonce'];
|
|
10535
|
+
const UIEventProtoBlockedProperties$LWS = ['rangeParent'];
|
|
10536
|
+
const WebAssemblyBlockedProperties$LWS = ['CompileError', 'Exception', 'Global', 'Instance', 'instantiate', 'instantiateStreaming', 'LinkError', 'Memory', 'Module', 'RuntimeError', 'Table', 'Tag', 'compile', 'compileStreaming', 'validate'];
|
|
10514
10537
|
const WindowBlockedProperties$LWS = ['find', 'requestFileSystem', 'webkitRequestFileSystem'];
|
|
10515
|
-
const
|
|
10516
|
-
/*! version: 0.
|
|
10538
|
+
const XSLTProcessorProtoBlockedProperties$LWS = ['transformToDocument', 'transformToFragment'];
|
|
10539
|
+
/*! version: 0.25.3 */
|
|
10517
10540
|
|
|
10518
10541
|
/*!
|
|
10519
10542
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -10683,6 +10706,12 @@ function createDistortionToggleSwitchWrapper$LWS(sandboxKey$LWS, toggleSwitchNam
|
|
|
10683
10706
|
return ReflectApply$LWS$1(constructOrApplyTarget$LWS, this, args$LWS);
|
|
10684
10707
|
};
|
|
10685
10708
|
}
|
|
10709
|
+
|
|
10710
|
+
// When this feature is enabled, LWS must call global patching immediately
|
|
10711
|
+
/* istanbul ignore next: unreachable in test env */
|
|
10712
|
+
if (isGaterEnabledFeature$LWS('enableImmediateGlobalObjectPatching')) {
|
|
10713
|
+
patchGlobalObject$LWS(rootWindow$LWS$1, rootDocument$LWS);
|
|
10714
|
+
}
|
|
10686
10715
|
const distortionFactoriesCache$LWS = toSafeWeakMap$LWS$1(new WeakMapCtor$LWS$1());
|
|
10687
10716
|
const opaqueWindowPostMessageDistortionFactoryCache$LWS = toSafeWeakMap$LWS$1(new WeakMapCtor$LWS$1());
|
|
10688
10717
|
// WebKit based browsers have a bug that prematurely removes distortion entries
|
|
@@ -10775,23 +10804,28 @@ function getDistortionFactories$LWS(record$LWS) {
|
|
|
10775
10804
|
addBlockedAttributeDistortionFactoryInitializers$LWS(HTMLIFrameElement$LWS, 'HTMLIFrameElement', HTMLIFrameElementBlockedAttributes$LWS, initializers$LWS);
|
|
10776
10805
|
addBlockedAttributeDistortionFactoryInitializers$LWS(HTMLScriptElement$LWS, 'HTMLScriptElement', HTMLScriptElementBlockedAttributes$LWS, initializers$LWS);
|
|
10777
10806
|
addBlockedAttributeDistortionFactoryInitializers$LWS(SVGElement$LWS, 'SVGElement', SVGElementBlockedAttributes$LWS, initializers$LWS);
|
|
10778
|
-
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, DataTransfer.prototype,
|
|
10779
|
-
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, Document$LWS
|
|
10780
|
-
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS,
|
|
10781
|
-
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS,
|
|
10782
|
-
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS,
|
|
10783
|
-
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS,
|
|
10784
|
-
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS,
|
|
10785
|
-
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS,
|
|
10786
|
-
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS,
|
|
10787
|
-
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS,
|
|
10788
|
-
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS,
|
|
10807
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, DataTransfer.prototype, DataTransferProtoBlockedProperties$LWS, initializers$LWS);
|
|
10808
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, Document$LWS, DocumentBlockedProperties$LWS, initializers$LWS);
|
|
10809
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, Document$LWS.prototype, DocumentProtoBlockedProperties$LWS, initializers$LWS);
|
|
10810
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, Element$LWS.prototype, ElementProtoBlockedProperties$LWS, initializers$LWS);
|
|
10811
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, Event$LWS.prototype, EventProtoBlockedProperties$LWS, initializers$LWS);
|
|
10812
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, HTMLElement$LWS.prototype, HTMLElementProtoBlockedProperties$LWS, initializers$LWS);
|
|
10813
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, HTMLIFrameElement$LWS.prototype, HTMLIFrameElementProtoBlockedProperties$LWS, initializers$LWS);
|
|
10814
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, HTMLEmbedElement.prototype, HTMLEmbedElementProtoBlockedProperties$LWS, initializers$LWS);
|
|
10815
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, HTMLObjectElement.prototype, HTMLObjectElementProtoBlockedProperties$LWS, initializers$LWS);
|
|
10816
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, HTMLScriptElement$LWS.prototype, HTMLScriptElementProtoBlockedProperties$LWS, initializers$LWS);
|
|
10817
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, SVGElement$LWS.prototype, SVGElementProtoBlockedProperties$LWS, initializers$LWS);
|
|
10818
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, UIEvent$LWS.prototype, UIEventProtoBlockedProperties$LWS, initializers$LWS);
|
|
10819
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, WebAssembly, WebAssemblyBlockedProperties$LWS, initializers$LWS);
|
|
10789
10820
|
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, globalObject$LWS, WindowBlockedProperties$LWS, initializers$LWS);
|
|
10790
10821
|
// istanbul ignore else: this is a safety precaution that is unreachable via tests
|
|
10791
10822
|
if (typeof XSLTProcessor$LWS === 'function') {
|
|
10792
|
-
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, XSLTProcessor$LWS.prototype,
|
|
10823
|
+
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, XSLTProcessor$LWS.prototype, XSLTProcessorProtoBlockedProperties$LWS, initializers$LWS);
|
|
10824
|
+
}
|
|
10825
|
+
// When this feature is disabled, LWS must call global patching upon creation of first sandbox
|
|
10826
|
+
if (!isGaterEnabledFeature$LWS('enableImmediateGlobalObjectPatching')) {
|
|
10827
|
+
patchGlobalObject$LWS(globalObject$LWS, document$LWS);
|
|
10793
10828
|
}
|
|
10794
|
-
patchGlobalObject$LWS(globalObject$LWS, document$LWS);
|
|
10795
10829
|
// Reuse the `initializers` array as the `factories` array.
|
|
10796
10830
|
factories$LWS = initializers$LWS;
|
|
10797
10831
|
for (let i$LWS = 0, {
|
|
@@ -15853,7 +15887,7 @@ function toSourceText$LWS(value$LWS, sourceType$LWS) {
|
|
|
15853
15887
|
// tools from mistaking the regexp or the replacement string for an
|
|
15854
15888
|
// actual source mapping URL.
|
|
15855
15889
|
/\/\/# sandbox(?=MappingURL=.*?\s*$)/, '//# source']);
|
|
15856
|
-
sourceText$LWS = `\n//# LWS Version = "0.
|
|
15890
|
+
sourceText$LWS = `\n//# LWS Version = "0.25.3"\n${sourceText$LWS}`;
|
|
15857
15891
|
return sourceType$LWS === 1 /* SourceType.Module */ && indexOfPragma$LWS(sourceText$LWS, 'use strict') === -1 ?
|
|
15858
15892
|
// Append "'use strict'" to the extracted function body so it is
|
|
15859
15893
|
// evaluated in strict mode.
|
|
@@ -16518,7 +16552,8 @@ function wrapPlatformResourceLoader$LWS(dep$LWS, key$LWS) {
|
|
|
16518
16552
|
const sandbox$LWS = createRootWindowSandboxRecord$LWS({
|
|
16519
16553
|
key: key$LWS
|
|
16520
16554
|
});
|
|
16521
|
-
|
|
16555
|
+
const resourceName$LWS = ReflectApply$LWS$1(StringProtoSplit$LWS, url$LWS, ['/'])[3];
|
|
16556
|
+
if (config$LWS != null && config$LWS.trustedMode && trustedResources$LWS.has(resourceName$LWS)) {
|
|
16522
16557
|
const trustedGlobals$LWS = config$LWS.trustedGlobals;
|
|
16523
16558
|
if ((trustedGlobals$LWS == null ? void 0 : trustedGlobals$LWS.length) > 0) {
|
|
16524
16559
|
return dep$LWS.loadScript(cmp$LWS, urlResolved$LWS).then(() => {
|
|
@@ -16545,7 +16580,7 @@ function wrapPlatformResourceLoader$LWS(dep$LWS, key$LWS) {
|
|
|
16545
16580
|
depRegistry$LWS.set(dep$LWS, secureDep$LWS);
|
|
16546
16581
|
return secureDep$LWS;
|
|
16547
16582
|
}
|
|
16548
|
-
/*! version: 0.
|
|
16583
|
+
/*! version: 0.25.3 */
|
|
16549
16584
|
|
|
16550
16585
|
const loaderDefine = (globalThis ).LWR.define;
|
|
16551
16586
|
|