@lwrjs/client-modules 0.23.4 → 0.23.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -590,6 +590,7 @@ const {
|
|
|
590
590
|
substring: StringProtoSubstring$LWS,
|
|
591
591
|
toLowerCase: StringProtoToLowerCase$LWS,
|
|
592
592
|
toUpperCase: StringProtoToUpperCase$LWS,
|
|
593
|
+
trim: StringProtoTrim$LWS,
|
|
593
594
|
valueOf: StringProtoValueOf$LWS$1
|
|
594
595
|
} = StringProto$LWS$1;
|
|
595
596
|
const quoteCharRegExpRegistry$LWS = {
|
|
@@ -1510,7 +1511,7 @@ const {
|
|
|
1510
1511
|
const PromiseResolve$LWS = PromiseCtor$LWS.resolve.bind(PromiseCtor$LWS);
|
|
1511
1512
|
const PromiseReject$LWS = PromiseCtor$LWS.reject.bind(PromiseCtor$LWS);
|
|
1512
1513
|
const trustedResources$LWS = toSafeSet$LWS(new SetCtor$LWS$1());
|
|
1513
|
-
/*! version: 0.28.
|
|
1514
|
+
/*! version: 0.28.2 */
|
|
1514
1515
|
|
|
1515
1516
|
/*!
|
|
1516
1517
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -1553,6 +1554,8 @@ const {
|
|
|
1553
1554
|
open: DocumentProtoOpen$LWS$1
|
|
1554
1555
|
} = DocumentProto$LWS$1;
|
|
1555
1556
|
const {
|
|
1557
|
+
createAttribute: DocumentProtoCreateAttribute$LWS,
|
|
1558
|
+
createAttributeNS: DocumentProtoCreateAttributeNS$LWS,
|
|
1556
1559
|
createComment: DocumentProtoCreateComment$LWS,
|
|
1557
1560
|
createDocumentFragment: DocumentProtoCreateDocumentFragment$LWS,
|
|
1558
1561
|
createElement: DocumentProtoCreateElement$LWS$1,
|
|
@@ -1578,6 +1581,13 @@ const {
|
|
|
1578
1581
|
// - noopener=1
|
|
1579
1582
|
// - noopener=yes
|
|
1580
1583
|
const noopenerRegExp$LWS = /(^|,)(\s*noopener\s*=\s*(?:yes|1)\s*)(,|$)/g;
|
|
1584
|
+
// Detects whether a (lowercased) features string contains any form of "noopener",
|
|
1585
|
+
// including bare "noopener", "noopener=yes", "noopener=1", etc.
|
|
1586
|
+
// Used by the window.open distortion to avoid double-injection.
|
|
1587
|
+
const noopenerPresentRegExp$LWS = /(^|,)\s*noopener\s*(=\s*[^,]*)?\s*(,|$)/;
|
|
1588
|
+
function isNoopenerPresent$LWS(lowercasedFeatures$LWS) {
|
|
1589
|
+
return ReflectApply$LWS$1(RegExpProtoTest$LWS$1, noopenerPresentRegExp$LWS, [lowercasedFeatures$LWS]);
|
|
1590
|
+
}
|
|
1581
1591
|
const rootWindow$LWS$1 = window;
|
|
1582
1592
|
// These properties are part of the WindowOrGlobalScope mixin and not on
|
|
1583
1593
|
// Window.prototype.
|
|
@@ -1910,6 +1920,16 @@ const HTMLElementGlobalAttributesToPropertyName$LWS = {
|
|
|
1910
1920
|
inputmode: 'inputMode',
|
|
1911
1921
|
tabindex: 'tabIndex'
|
|
1912
1922
|
};
|
|
1923
|
+
const {
|
|
1924
|
+
prototype: HTMLIFrameElementProto$LWS
|
|
1925
|
+
} = HTMLIFrameElement;
|
|
1926
|
+
// Used by '@locker/near-membrane-dom'.
|
|
1927
|
+
ObjectLookupOwnGetter$LWS$1(HTMLIFrameElementProto$LWS, 'contentWindow');
|
|
1928
|
+
const HTMLIFrameElementProtoSandboxGetter$LWS = ObjectLookupOwnGetter$LWS$1(HTMLIFrameElementProto$LWS, 'sandbox');
|
|
1929
|
+
const HTMLIFrameElementProtoSandboxSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLIFrameElementProto$LWS, 'sandbox');
|
|
1930
|
+
const HTMLIFrameElementProtoSrcGetter$LWS = ObjectLookupOwnGetter$LWS$1(HTMLIFrameElementProto$LWS, 'src');
|
|
1931
|
+
const HTMLIFrameElementProtoSrcSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLIFrameElementProto$LWS, 'src');
|
|
1932
|
+
const HTMLIFrameElementProtoSrcdocGetter$LWS = ObjectLookupOwnGetter$LWS$1(HTMLIFrameElementProto$LWS, 'srcdoc');
|
|
1913
1933
|
const HTMLTemplateElementProtoContentGetter$LWS = ObjectLookupOwnGetter$LWS$1(HTMLTemplateElement.prototype, 'content');
|
|
1914
1934
|
const {
|
|
1915
1935
|
prototype: NodeProto$LWS$1
|
|
@@ -1994,24 +2014,52 @@ class Validator$LWS {
|
|
|
1994
2014
|
const normalizedInput$LWS = normalizeInput$LWS(input$LWS);
|
|
1995
2015
|
return hasTag$LWS(normalizedInput$LWS, 'script') && ReflectApply$LWS$1(StringProtoIncludes$LWS, normalizedInput$LWS, ['xmlns']);
|
|
1996
2016
|
};
|
|
1997
|
-
//
|
|
2017
|
+
// Detects the iframe+srcdoc substring combination in raw input.
|
|
2018
|
+
// Any HTML or XML containing both <iframe> and the substring
|
|
2019
|
+
// 'srcdoc' is considered hostile, regardless of where the
|
|
2020
|
+
// substrings appear (markup, attribute value, script string
|
|
2021
|
+
// literal, etc.). Sufficient by itself: scanners that rely on
|
|
2022
|
+
// splitting an attacker-supplied iframe+srcdoc into separate
|
|
2023
|
+
// tokens (e.g. via DOM-mutation tricks or string concatenation
|
|
2024
|
+
// at runtime) cannot evade a pure substring check on the served
|
|
2025
|
+
// body. Cheap (no DOM parse), safe to call on any iframe.src body
|
|
2026
|
+
// in particular, where bodies routinely contain legitimate
|
|
2027
|
+
// <script> elements but never need to embed a child iframe with
|
|
2028
|
+
// srcdoc.
|
|
1998
2029
|
// eslint-disable-next-line class-methods-use-this
|
|
2030
|
+
this.isIframeSrcdocAttack = input$LWS => {
|
|
2031
|
+
const normalizedInput$LWS = normalizeInput$LWS(input$LWS);
|
|
2032
|
+
return hasTag$LWS(normalizedInput$LWS, 'iframe') && ReflectApply$LWS$1(StringProtoIncludes$LWS, normalizedInput$LWS, ['srcdoc']);
|
|
2033
|
+
};
|
|
2034
|
+
// Detects (a) the iframe+srcdoc substring combination, OR (b) a
|
|
2035
|
+
// hidden <script> element — markup whose innerHTML contains a
|
|
2036
|
+
// script tag while innerText does not, indicating the script was
|
|
2037
|
+
// obfuscated to evade a sanitizer's text-level inspection.
|
|
2038
|
+
// Suitable for HTML-handling APIs (innerHTML, setHTMLUnsafe,
|
|
2039
|
+
// outerHTML, DOMParser, etc.) that should never accept any
|
|
2040
|
+
// <script>-bearing input from sandboxed code.
|
|
2041
|
+
//
|
|
2042
|
+
// NOT suitable for iframe.src body inspection: existing test
|
|
2043
|
+
// fixtures and component code rely on iframe.src loading same-
|
|
2044
|
+
// origin pages that contain <script> elements (legacy contract
|
|
2045
|
+
// we are stuck with — the iframe sandbox is the layer that
|
|
2046
|
+
// contains their execution). The path-2 obfuscated-script check
|
|
2047
|
+
// would reject those bodies and break the contract. For iframe.src
|
|
2048
|
+
// body inspection use `isIframeSrcdocAttack` instead, which covers
|
|
2049
|
+
// only the path-1 substring check.
|
|
1999
2050
|
this.isIframeSrcdocScriptAttack = input$LWS => {
|
|
2051
|
+
if (this.isIframeSrcdocAttack(input$LWS)) {
|
|
2052
|
+
return true;
|
|
2053
|
+
}
|
|
2000
2054
|
const normalizedInput$LWS = normalizeInput$LWS(input$LWS);
|
|
2001
|
-
const hasIframe$LWS = hasTag$LWS(normalizedInput$LWS, 'iframe') && ReflectApply$LWS$1(StringProtoIncludes$LWS, normalizedInput$LWS, ['srcdoc']);
|
|
2002
2055
|
const hasScript$LWS = hasTag$LWS(normalizedInput$LWS, 'script');
|
|
2003
|
-
// If
|
|
2056
|
+
// If no script was detected, the input is safe.
|
|
2004
2057
|
// istanbul ignore else: returns immediately
|
|
2005
|
-
if (!
|
|
2058
|
+
if (!hasScript$LWS) {
|
|
2006
2059
|
return false;
|
|
2007
2060
|
}
|
|
2008
|
-
// If the string contains both the words iframe and srcdoc, it is unsafe
|
|
2009
|
-
// istanbul ignore else: returns immediately
|
|
2010
|
-
if (hasIframe$LWS) {
|
|
2011
|
-
return true;
|
|
2012
|
-
}
|
|
2013
2061
|
// This is obnoxious... jsdom doesn't implement HTMLElement.prototype.innerText
|
|
2014
|
-
if (!HTMLElementProtoInnerTextGetter$LWS
|
|
2062
|
+
if (!HTMLElementProtoInnerTextGetter$LWS) {
|
|
2015
2063
|
return true;
|
|
2016
2064
|
}
|
|
2017
2065
|
// If the input contained the word "script", then we need to confirm that the string
|
|
@@ -2039,6 +2087,64 @@ class Validator$LWS {
|
|
|
2039
2087
|
return hasTag$LWS(innerHTML$LWS, 'script') && !hasTag$LWS(checkableInnerText$LWS, 'script');
|
|
2040
2088
|
};
|
|
2041
2089
|
this.isSharedElement = element$LWS => element$LWS === ReflectApply$LWS$1(DocumentProtoHeadGetter$LWS, this._document, []) || element$LWS === ReflectApply$LWS$1(DocumentProtoBodyGetter$LWS$1, this._document, []) || element$LWS === ReflectApply$LWS$1(DocumentProtoDocumentElementGetter$LWS, this._document, []);
|
|
2090
|
+
// Detects whether `node` belongs to a document that an attacker
|
|
2091
|
+
// could have populated with content bypassing LWS distortions.
|
|
2092
|
+
// Used to gate cross-document node-movement APIs (Document.adoptNode,
|
|
2093
|
+
// Document.importNode) against the W-22382462 chain shape.
|
|
2094
|
+
//
|
|
2095
|
+
// Returns true when the source document's browsing context is
|
|
2096
|
+
// wrapped in an iframe loaded from a non-blank URL or carrying a
|
|
2097
|
+
// `srcdoc` attribute. In those cases the document was loaded
|
|
2098
|
+
// through the browser's native parser (HTML or XML); for XHTML
|
|
2099
|
+
// resources, that includes DOCTYPE/ATTLIST processing that runs
|
|
2100
|
+
// below the JS layer where no LWS distortion can intercept it.
|
|
2101
|
+
//
|
|
2102
|
+
// Returns false (benign) for:
|
|
2103
|
+
// - Same-document operations (`node.ownerDocument === currentDocument`).
|
|
2104
|
+
// - Detached documents (`defaultView === null`) — created via
|
|
2105
|
+
// `document.implementation.createHTMLDocument()` or
|
|
2106
|
+
// `DOMParser.parseFromString()`. These have no browsing context
|
|
2107
|
+
// and can only be populated via prototype-distorted APIs that
|
|
2108
|
+
// LWS already validates at insertion time.
|
|
2109
|
+
// - Documents hosted by the sandbox's own host window
|
|
2110
|
+
// (`defaultView === rootWindow`). LWS itself runs sandboxed
|
|
2111
|
+
// code inside a bootstrap iframe whose `src` is non-blank, so
|
|
2112
|
+
// the sandbox's view of `document` would otherwise be
|
|
2113
|
+
// unconditionally refused. The sandbox's own host iframe is
|
|
2114
|
+
// not user-controlled.
|
|
2115
|
+
// - Top-level documents (`defaultView.frameElement === null`).
|
|
2116
|
+
// - Iframe-hosted documents whose iframe has empty/about:blank
|
|
2117
|
+
// `src` AND empty `srcdoc` — never loaded a network resource.
|
|
2118
|
+
// eslint-disable-next-line class-methods-use-this
|
|
2119
|
+
this.isAttackerOwnedNode = (node$LWS, currentDocument$LWS) => {
|
|
2120
|
+
const sourceDocument$LWS = ReflectApply$LWS$1(NodeProtoOwnerDocumentGetter$LWS, node$LWS, []);
|
|
2121
|
+
if (sourceDocument$LWS === null || sourceDocument$LWS === currentDocument$LWS) {
|
|
2122
|
+
return false;
|
|
2123
|
+
}
|
|
2124
|
+
const view$LWS = ReflectApply$LWS$1(DocumentProtoDefaultViewGetter$LWS, sourceDocument$LWS, []);
|
|
2125
|
+
if (view$LWS === null || view$LWS === rootWindow$LWS$1) {
|
|
2126
|
+
return false;
|
|
2127
|
+
}
|
|
2128
|
+
const frame$LWS = ReflectApply$LWS$1(WindowFrameElementGetter$LWS, view$LWS, []);
|
|
2129
|
+
if (frame$LWS === null) {
|
|
2130
|
+
return false;
|
|
2131
|
+
}
|
|
2132
|
+
if (frame$LWS instanceof HTMLIFrameElement) {
|
|
2133
|
+
const src$LWS = ReflectApply$LWS$1(HTMLIFrameElementProtoSrcGetter$LWS, frame$LWS, []);
|
|
2134
|
+
if (src$LWS !== '' && src$LWS !== 'about:blank') {
|
|
2135
|
+
return true;
|
|
2136
|
+
}
|
|
2137
|
+
const srcdoc$LWS = ReflectApply$LWS$1(HTMLIFrameElementProtoSrcdocGetter$LWS, frame$LWS, []);
|
|
2138
|
+
if (srcdoc$LWS) {
|
|
2139
|
+
return true;
|
|
2140
|
+
}
|
|
2141
|
+
return false;
|
|
2142
|
+
}
|
|
2143
|
+
// Other frame-hosting elements (HTMLFrameElement, HTMLObjectElement)
|
|
2144
|
+
// can carry network-loaded documents too. Conservative posture:
|
|
2145
|
+
// refuse, since these are uncommon legitimate ownership chains.
|
|
2146
|
+
return true;
|
|
2147
|
+
};
|
|
2042
2148
|
this._constructors = {
|
|
2043
2149
|
HTMLLinkElement: HTMLLinkElement$LWS,
|
|
2044
2150
|
HTMLScriptElement: HTMLScriptElement$LWS,
|
|
@@ -2124,10 +2230,13 @@ const {
|
|
|
2124
2230
|
const {
|
|
2125
2231
|
add: DOMTokenListProtoAdd$LWS,
|
|
2126
2232
|
contains: DOMTokenListProtoContains$LWS,
|
|
2127
|
-
remove: DOMTokenListProtoRemove$LWS
|
|
2233
|
+
remove: DOMTokenListProtoRemove$LWS,
|
|
2234
|
+
replace: DOMTokenListProtoReplace$LWS,
|
|
2235
|
+
toggle: DOMTokenListProtoToggle$LWS
|
|
2128
2236
|
} = DOMTokenListProto$LWS;
|
|
2129
2237
|
const DOMTokenListProtoLengthGetter$LWS = ObjectLookupOwnGetter$LWS$1(DOMTokenListProto$LWS, 'length');
|
|
2130
2238
|
const DOMTokenListProtoValueGetter$LWS = ObjectLookupOwnGetter$LWS$1(DOMTokenListProto$LWS, 'value');
|
|
2239
|
+
const DOMTokenListProtoValueSetter$LWS = ObjectLookupOwnSetter$LWS(DOMTokenListProto$LWS, 'value');
|
|
2131
2240
|
const EventCtor$LWS = Event;
|
|
2132
2241
|
const {
|
|
2133
2242
|
prototype: EventProto$LWS
|
|
@@ -2136,6 +2245,7 @@ const {
|
|
|
2136
2245
|
stopPropagation: EventProtoStopPropagation$LWS
|
|
2137
2246
|
} = EventProto$LWS;
|
|
2138
2247
|
const EventProtoCurrentTargetGetter$LWS = ObjectLookupOwnGetter$LWS$1(EventProto$LWS, 'currentTarget');
|
|
2248
|
+
const EventProtoTypeGetter$LWS = ObjectLookupOwnGetter$LWS$1(EventProto$LWS, 'type');
|
|
2139
2249
|
const {
|
|
2140
2250
|
addEventListener: EventTargetProtoAddEventListener$LWS,
|
|
2141
2251
|
dispatchEvent: EventTargetProtoDispatchEvent$LWS,
|
|
@@ -2166,14 +2276,10 @@ const {
|
|
|
2166
2276
|
set: HTMLFormElementProtoActionSetter$LWS
|
|
2167
2277
|
} = ReflectGetOwnPropertyDescriptor$LWS(HTMLFormElementProto$LWS, 'action');
|
|
2168
2278
|
const {
|
|
2169
|
-
prototype:
|
|
2170
|
-
} =
|
|
2171
|
-
|
|
2172
|
-
|
|
2173
|
-
const HTMLIFrameElementProtoSandboxGetter$LWS = ObjectLookupOwnGetter$LWS$1(HTMLIFrameElementProto$LWS, 'sandbox');
|
|
2174
|
-
const HTMLIFrameElementProtoSandboxSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLIFrameElementProto$LWS, 'sandbox');
|
|
2175
|
-
const HTMLIFrameElementProtoSrcGetter$LWS = ObjectLookupOwnGetter$LWS$1(HTMLIFrameElementProto$LWS, 'src');
|
|
2176
|
-
const HTMLIFrameElementProtoSrcSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLIFrameElementProto$LWS, 'src');
|
|
2279
|
+
prototype: HTMLImageElementProto$LWS
|
|
2280
|
+
} = HTMLImageElement;
|
|
2281
|
+
const HTMLImageElementProtoSrcSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLImageElementProto$LWS, 'src');
|
|
2282
|
+
const HTMLImageElementProtoSrcsetSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLImageElementProto$LWS, 'srcset');
|
|
2177
2283
|
const {
|
|
2178
2284
|
prototype: HTMLInputElementProto$LWS
|
|
2179
2285
|
} = HTMLInputElement;
|
|
@@ -2181,6 +2287,14 @@ const {
|
|
|
2181
2287
|
get: HTMLInputElementProtoFormActionGetter$LWS,
|
|
2182
2288
|
set: HTMLInputElementProtoFormActionSetter$LWS
|
|
2183
2289
|
} = ReflectGetOwnPropertyDescriptor$LWS(HTMLInputElementProto$LWS, 'formAction');
|
|
2290
|
+
const {
|
|
2291
|
+
prototype: HTMLLinkElementProto$LWS
|
|
2292
|
+
} = HTMLLinkElement;
|
|
2293
|
+
const HTMLLinkElementProtoHrefSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLLinkElementProto$LWS, 'href');
|
|
2294
|
+
const {
|
|
2295
|
+
prototype: HTMLMediaElementProto$LWS
|
|
2296
|
+
} = HTMLMediaElement;
|
|
2297
|
+
const HTMLMediaElementProtoSrcSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLMediaElementProto$LWS, 'src');
|
|
2184
2298
|
const HTMLScriptElementCtor$LWS = HTMLScriptElement;
|
|
2185
2299
|
const {
|
|
2186
2300
|
prototype: HTMLScriptElementProto$LWS
|
|
@@ -2189,6 +2303,24 @@ const {
|
|
|
2189
2303
|
get: HTMLScriptElementProtoSrcGetter$LWS,
|
|
2190
2304
|
set: HTMLScriptElementProtoSrcSetter$LWS
|
|
2191
2305
|
} = ReflectGetOwnPropertyDescriptor$LWS(HTMLScriptElementProto$LWS, 'src');
|
|
2306
|
+
const {
|
|
2307
|
+
prototype: HTMLSourceElementProto$LWS
|
|
2308
|
+
} = HTMLSourceElement;
|
|
2309
|
+
const HTMLSourceElementProtoSrcSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLSourceElementProto$LWS, 'src');
|
|
2310
|
+
const HTMLSourceElementProtoSrcsetSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLSourceElementProto$LWS, 'srcset');
|
|
2311
|
+
const {
|
|
2312
|
+
prototype: HTMLTrackElementProto$LWS
|
|
2313
|
+
} = HTMLTrackElement;
|
|
2314
|
+
const HTMLTrackElementProtoSrcSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLTrackElementProto$LWS, 'src');
|
|
2315
|
+
const MutationObserverCtor$LWS = MutationObserver;
|
|
2316
|
+
const {
|
|
2317
|
+
prototype: MutationObserverProto$LWS
|
|
2318
|
+
} = MutationObserverCtor$LWS;
|
|
2319
|
+
const {
|
|
2320
|
+
disconnect: MutationObserverProtoDisconnect$LWS,
|
|
2321
|
+
observe: MutationObserverProtoObserve$LWS,
|
|
2322
|
+
takeRecords: MutationObserverProtoTakeRecords$LWS
|
|
2323
|
+
} = MutationObserverProto$LWS;
|
|
2192
2324
|
const NAMESPACE_DEFAULT$LWS = 'default';
|
|
2193
2325
|
const NAMESPACE_SVG$LWS = 'http://www.w3.org/2000/svg';
|
|
2194
2326
|
const NAMESPACE_XHTML$LWS = 'http://www.w3.org/1999/xhtml';
|
|
@@ -2382,7 +2514,7 @@ const {
|
|
|
2382
2514
|
const XhrProtoResponseTextGetter$LWS = ObjectLookupOwnGetter$LWS$1(XhrProto$LWS, 'responseText');
|
|
2383
2515
|
const XhrProtoStatusGetter$LWS = ObjectLookupOwnGetter$LWS$1(XhrProto$LWS, 'status');
|
|
2384
2516
|
ObjectLookupOwnSetter$LWS(XhrProto$LWS, 'withCredentials');
|
|
2385
|
-
/*! version: 0.28.
|
|
2517
|
+
/*! version: 0.28.2 */
|
|
2386
2518
|
|
|
2387
2519
|
/*!
|
|
2388
2520
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -2493,7 +2625,45 @@ function sanitizeURLForElement$LWS(url$LWS) {
|
|
|
2493
2625
|
function sanitizeURLString$LWS(urlString$LWS) {
|
|
2494
2626
|
return urlString$LWS === '' ? urlString$LWS : ReflectApply$LWS$1(StringProtoReplace$LWS, urlString$LWS, [newlinesAndTabsRegExp$LWS, '']);
|
|
2495
2627
|
}
|
|
2496
|
-
|
|
2628
|
+
// Per the HTML spec, srcset candidates are comma-delimited. A candidate is a
|
|
2629
|
+
// URL optionally followed by whitespace and a width/density descriptor like
|
|
2630
|
+
// "480w" or "2x". URLs are unlikely to contain commas (they would have to be
|
|
2631
|
+
// percent-encoded to be spec-valid), so a simple comma split is sufficient
|
|
2632
|
+
// for LWS's validation needs — the browser will do its own spec-compliant
|
|
2633
|
+
// parse when it actually dispatches requests. We just need to ensure every
|
|
2634
|
+
// candidate URL clears isAllowedEndpointURL() before the browser sees it.
|
|
2635
|
+
const srcsetLeadingWhitespaceRegExp$LWS = /^[\s,]+/;
|
|
2636
|
+
const srcsetTrailingWhitespaceRegExp$LWS = /[\s,]+$/;
|
|
2637
|
+
const srcsetCandidateSplitRegExp$LWS = /\s*,\s*/;
|
|
2638
|
+
const srcsetWhitespaceSplitRegExp$LWS = /\s+/;
|
|
2639
|
+
function sanitizeSrcsetAndValidateEndpoints$LWS(rawSrcset$LWS) {
|
|
2640
|
+
const sanitized$LWS = sanitizeURLString$LWS(rawSrcset$LWS);
|
|
2641
|
+
const trimmed$LWS = ReflectApply$LWS$1(StringProtoReplace$LWS, sanitized$LWS, [srcsetLeadingWhitespaceRegExp$LWS, '']);
|
|
2642
|
+
const normalized$LWS = ReflectApply$LWS$1(StringProtoReplace$LWS, trimmed$LWS, [srcsetTrailingWhitespaceRegExp$LWS, '']);
|
|
2643
|
+
if (normalized$LWS === '') {
|
|
2644
|
+
return sanitized$LWS;
|
|
2645
|
+
}
|
|
2646
|
+
const candidates$LWS = ReflectApply$LWS$1(StringProtoSplit$LWS, normalized$LWS, [srcsetCandidateSplitRegExp$LWS]);
|
|
2647
|
+
for (let i$LWS = 0, {
|
|
2648
|
+
length: length$LWS
|
|
2649
|
+
} = candidates$LWS; i$LWS < length$LWS; i$LWS += 1) {
|
|
2650
|
+
const candidate$LWS = candidates$LWS[i$LWS];
|
|
2651
|
+
if (candidate$LWS === '') {
|
|
2652
|
+
continue;
|
|
2653
|
+
}
|
|
2654
|
+
const parts$LWS = ReflectApply$LWS$1(StringProtoSplit$LWS, candidate$LWS, [srcsetWhitespaceSplitRegExp$LWS]);
|
|
2655
|
+
const url$LWS = parts$LWS[0];
|
|
2656
|
+
if (!url$LWS) {
|
|
2657
|
+
continue;
|
|
2658
|
+
}
|
|
2659
|
+
const parsedURL$LWS = parseURL$LWS(url$LWS);
|
|
2660
|
+
if (!isAllowedEndpointURL$LWS(parsedURL$LWS)) {
|
|
2661
|
+
throw new LockerSecurityError$LWS(`Cannot request disallowed endpoint: ${toSafeTemplateStringValue$LWS(parsedURL$LWS.normalizedURL)}`);
|
|
2662
|
+
}
|
|
2663
|
+
}
|
|
2664
|
+
return sanitized$LWS;
|
|
2665
|
+
}
|
|
2666
|
+
/*! version: 0.28.2 */
|
|
2497
2667
|
|
|
2498
2668
|
/*! @license DOMPurify 3.2.4 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.4/LICENSE */
|
|
2499
2669
|
|
|
@@ -3905,7 +4075,7 @@ try {
|
|
|
3905
4075
|
// swallow
|
|
3906
4076
|
}
|
|
3907
4077
|
const trusted = createPolicy('trusted', policyOptions);
|
|
3908
|
-
/*! version: 0.28.
|
|
4078
|
+
/*! version: 0.28.2 */
|
|
3909
4079
|
|
|
3910
4080
|
/*!
|
|
3911
4081
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -3973,11 +4143,17 @@ ReflectApply$LWS$1(DocumentProtoCreateElement$LWS$1, document, ['template']);
|
|
|
3973
4143
|
const queue$LWS = toSafeSet$LWS(new SetCtor$LWS$1());
|
|
3974
4144
|
// A regexp to find all non lowercase alphanumeric.
|
|
3975
4145
|
const urlReplacerRegExp$LWS = /[^a-z0-9]+/gi;
|
|
3976
|
-
function createSantizerHooksRegistry$LWS(sandboxKey$LWS) {
|
|
4146
|
+
function createSantizerHooksRegistry$LWS(sandboxKey$LWS, dompurifyInstance$LWS) {
|
|
3977
4147
|
return {
|
|
3978
4148
|
__proto__: null,
|
|
3979
|
-
// uponSanitizeAttribute
|
|
3980
|
-
|
|
4149
|
+
// uponSanitizeAttribute closes over the DOMPurify instance so it can
|
|
4150
|
+
// ask `isValidAttribute` whether the un-suffixed base of a Lit
|
|
4151
|
+
// placeholder (e.g. `src$lit$` → `src`) would have been admitted by
|
|
4152
|
+
// DOMPurify's own allowlist. That makes the `$lit$` bypass strictly
|
|
4153
|
+
// narrower than DOMPurify's primary allowlist: anything the allowlist
|
|
4154
|
+
// would reject, the bypass also rejects — preserving the positive-list
|
|
4155
|
+
// invariant even for attributes the suffix would otherwise smuggle in.
|
|
4156
|
+
uponSanitizeAttribute: createUponSanitizeAttribute$LWS(dompurifyInstance$LWS),
|
|
3981
4157
|
// uponSanitizeElement is sandbox-key-specific
|
|
3982
4158
|
uponSanitizeElement(node$LWS, data$LWS, config$LWS) {
|
|
3983
4159
|
var _config$CUSTOM_ELEMEN$LWS;
|
|
@@ -4022,7 +4198,7 @@ function getSanitizerForConfig$LWS(sandboxKey$LWS, configName$LWS) {
|
|
|
4022
4198
|
const config$LWS = CONFIG$LWS[configName$LWS];
|
|
4023
4199
|
configuredDOMPurifyInstance$LWS = purify();
|
|
4024
4200
|
configuredDOMPurifyInstance$LWS.setConfig(config$LWS);
|
|
4025
|
-
const hooksRegistry$LWS = createSantizerHooksRegistry$LWS(sandboxKey$LWS);
|
|
4201
|
+
const hooksRegistry$LWS = createSantizerHooksRegistry$LWS(sandboxKey$LWS, configuredDOMPurifyInstance$LWS);
|
|
4026
4202
|
for (const hookName$LWS in hooksRegistry$LWS) {
|
|
4027
4203
|
if (hookName$LWS === 'uponSanitizeElement') {
|
|
4028
4204
|
configuredDOMPurifyInstance$LWS.addHook('uponSanitizeElement', hooksRegistry$LWS[hookName$LWS]);
|
|
@@ -4145,36 +4321,62 @@ function parseHref$LWS(url$LWS) {
|
|
|
4145
4321
|
requestedURL: requestedURL$LWS
|
|
4146
4322
|
};
|
|
4147
4323
|
}
|
|
4148
|
-
//
|
|
4149
|
-
|
|
4150
|
-
|
|
4151
|
-
|
|
4152
|
-
|
|
4153
|
-
|
|
4154
|
-
|
|
4155
|
-
|
|
4156
|
-
|
|
4157
|
-
|
|
4158
|
-
|
|
4159
|
-
|
|
4160
|
-
|
|
4161
|
-
|
|
4162
|
-
|
|
4163
|
-
|
|
4164
|
-
|
|
4165
|
-
|
|
4324
|
+
// Length of Lit's attribute-name placeholder suffix ("$lit$").
|
|
4325
|
+
const LIT_ATTR_SUFFIX_LENGTH$LWS = 5;
|
|
4326
|
+
// Factory: returns a DOMPurify `uponSanitizeAttribute` hook bound to the
|
|
4327
|
+
// given sanitizer instance. Binding to the instance is how the `$lit$`
|
|
4328
|
+
// bypass below asks DOMPurify's own `isValidAttribute` whether the
|
|
4329
|
+
// un-suffixed base name would have been accepted by the configured
|
|
4330
|
+
// allowlist (ARIA_ATTR / DATA_ATTR regex or ALLOWED_ATTR \ FORBID_ATTR).
|
|
4331
|
+
// That check keeps the bypass strictly narrower than DOMPurify's primary
|
|
4332
|
+
// allowlist, so we don't smuggle through names like `onerror`, `style`,
|
|
4333
|
+
// `srcdoc`, or any future sink DOMPurify rejects by default.
|
|
4334
|
+
function createUponSanitizeAttribute$LWS(dompurifyInstance$LWS) {
|
|
4335
|
+
return function uponSanitizeAttribute$LWS(node$LWS, data$LWS, _config$LWS) {
|
|
4336
|
+
const {
|
|
4337
|
+
attrValue: attrValue$LWS,
|
|
4338
|
+
attrName: attrName$LWS
|
|
4339
|
+
} = data$LWS;
|
|
4340
|
+
const nodeName$LWS = ReflectApply$LWS$1(StringProtoToUpperCase$LWS, getNodeName$LWS(node$LWS), []);
|
|
4341
|
+
if (attrValue$LWS && nodeName$LWS === 'USE' && SANITIZE_USE_ELEMENT_ATTRIBUTES_LIST$LWS.includes(attrName$LWS)) {
|
|
4342
|
+
data$LWS.attrValue = sanitizeSvgHref$LWS(attrValue$LWS);
|
|
4343
|
+
}
|
|
4344
|
+
// Remove action/formaction attributes pointing to disallowed endpoints.
|
|
4345
|
+
// Using keepAttr=false rather than blanking the value so that formaction
|
|
4346
|
+
// removal falls back to the form's own (already validated) action attribute
|
|
4347
|
+
// instead of overriding it with the current page URL.
|
|
4348
|
+
if (isGaterEnabledFeature$LWS('changesSince.262') && attrValue$LWS && (attrName$LWS === 'action' || attrName$LWS === 'formaction') && (nodeName$LWS === 'FORM' || nodeName$LWS === 'BUTTON' || nodeName$LWS === 'INPUT')) {
|
|
4349
|
+
const parsedURL$LWS = parseURL$LWS(attrValue$LWS);
|
|
4350
|
+
if (!isAllowedEndpointURL$LWS(parsedURL$LWS)) {
|
|
4351
|
+
data$LWS.keepAttr = false;
|
|
4352
|
+
}
|
|
4166
4353
|
}
|
|
4167
|
-
|
|
4168
|
-
|
|
4169
|
-
|
|
4170
|
-
|
|
4171
|
-
|
|
4172
|
-
|
|
4173
|
-
|
|
4174
|
-
|
|
4175
|
-
|
|
4176
|
-
|
|
4177
|
-
|
|
4354
|
+
// To support Lit, we must tell DOMPurify that attributes starting with "@", ".", or "?" are allowed.
|
|
4355
|
+
// Ref:
|
|
4356
|
+
// https://lit.dev/docs/components/events/
|
|
4357
|
+
// https://lit.dev/docs/templates/expressions/#property-expressions
|
|
4358
|
+
// https://lit.dev/docs/templates/expressions/#boolean-attribute-expressions
|
|
4359
|
+
//
|
|
4360
|
+
// Lit also rewrites plain attribute bindings (e.g. `src="${…}"`) by appending
|
|
4361
|
+
// its marker suffix "$lit$" to the attribute name during HTML generation. The
|
|
4362
|
+
// suffixed attribute is only a placeholder that Lit removes immediately after
|
|
4363
|
+
// registering its AttributePart; the real value is later committed through
|
|
4364
|
+
// Element.prototype.setAttribute, which remains subject to the per-element
|
|
4365
|
+
// attribute distortion registry.
|
|
4366
|
+
//
|
|
4367
|
+
// We only force-keep the suffixed placeholder when the un-suffixed base
|
|
4368
|
+
// name would *also* pass DOMPurify's allowlist. Without that second
|
|
4369
|
+
// check, the bypass would admit any attribute ending in `$lit$` —
|
|
4370
|
+
// including `onerror$lit$`, `style$lit$`, `srcdoc$lit$` — and Lit would
|
|
4371
|
+
// then strip the suffix and commit the real value via setAttribute,
|
|
4372
|
+
// with no `on*` / style / srcdoc distortion to catch it. Delegating to
|
|
4373
|
+
// DOMPurify.isValidAttribute keeps the positive-list invariant.
|
|
4374
|
+
// istanbul ignore next: this is tested under all normal CI runs, but is not included in coverage
|
|
4375
|
+
if (attrName$LWS && (ReflectApply$LWS$1(StringProtoStartsWith$LWS, attrName$LWS, ['@']) || ReflectApply$LWS$1(StringProtoStartsWith$LWS, attrName$LWS, ['.']) || ReflectApply$LWS$1(StringProtoStartsWith$LWS, attrName$LWS, ['?']) || isGaterEnabledFeature$LWS('changesSince.264') && ReflectApply$LWS$1(StringProtoEndsWith$LWS, attrName$LWS, ['$lit$']) && dompurifyInstance$LWS.isValidAttribute(nodeName$LWS, ReflectApply$LWS$1(StringProtoSlice$LWS$1, attrName$LWS, [0, attrName$LWS.length - LIT_ATTR_SUFFIX_LENGTH$LWS]), attrValue$LWS))) {
|
|
4376
|
+
data$LWS.forceKeepAttr = true;
|
|
4377
|
+
}
|
|
4378
|
+
return data$LWS;
|
|
4379
|
+
};
|
|
4178
4380
|
}
|
|
4179
4381
|
function blobSanitizer$LWS(sandboxKey$LWS) {
|
|
4180
4382
|
if (typeof sandboxKey$LWS !== 'string') {
|
|
@@ -4182,7 +4384,7 @@ function blobSanitizer$LWS(sandboxKey$LWS) {
|
|
|
4182
4384
|
}
|
|
4183
4385
|
return getSanitizerForConfig$LWS(sandboxKey$LWS, 'STRING_BLOB_HTML');
|
|
4184
4386
|
}
|
|
4185
|
-
/*! version: 0.28.
|
|
4387
|
+
/*! version: 0.28.2 */
|
|
4186
4388
|
|
|
4187
4389
|
/*!
|
|
4188
4390
|
* Copyright (C) 2023 salesforce.com, inc.
|
|
@@ -4391,7 +4593,7 @@ function createScriptSrcURLSetter$LWS(targetElement$LWS) {
|
|
|
4391
4593
|
ReflectApply$LWS$1(ElementProtoSetAttributeNS$LWS, targetElement$LWS, [attributeNamespaceURI$LWS, attributeName$LWS, src$LWS]);
|
|
4392
4594
|
};
|
|
4393
4595
|
}
|
|
4394
|
-
/*! version: 0.28.
|
|
4596
|
+
/*! version: 0.28.2 */
|
|
4395
4597
|
|
|
4396
4598
|
/*!
|
|
4397
4599
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -5137,31 +5339,9 @@ function setCustomElementsRegistry$LWS(document$LWS, key$LWS) {
|
|
|
5137
5339
|
currentRegistry$LWS = getSandboxCustomElementRegistry$LWS(document$LWS, key$LWS);
|
|
5138
5340
|
}
|
|
5139
5341
|
const DataTransferProtoBlockedProperties$LWS = ['mozCursor', 'mozSourceNode', 'mozUserCancelled'];
|
|
5140
|
-
|
|
5141
|
-
/**
|
|
5142
|
-
* Blocks read access to the 'nonce' attribute.
|
|
5143
|
-
*
|
|
5144
|
-
* The 'nonce' attribute contains a cryptographic token used by Content Security Policy
|
|
5145
|
-
* to allow specific inline scripts/styles to execute. If malicious code can read this
|
|
5146
|
-
* value, it can bypass CSP by injecting scripts with the stolen nonce.
|
|
5147
|
-
*
|
|
5148
|
-
* This function is intentionally separate from the general attribute distortion registry
|
|
5149
|
-
* (registerAttributeDistortion/getAttributeDistortion) because that registry is designed
|
|
5150
|
-
* for setter distortions that validate/sanitize values being set. Most blocked attributes
|
|
5151
|
-
* (like 'srcdoc' on iframes) only need to block writes while allowing reads. The 'nonce'
|
|
5152
|
-
* attribute is unique in that it must block both reads AND writes.
|
|
5153
|
-
*
|
|
5154
|
-
* By using a dedicated function, we avoid incorrectly applying setter distortions when
|
|
5155
|
-
* reading attributes, which would cause errors for attributes like 'src' and 'href'.
|
|
5156
|
-
*/
|
|
5157
|
-
function blockAccessToNonce$LWS(attrName$LWS) {
|
|
5158
|
-
if (attrName$LWS === 'nonce') {
|
|
5159
|
-
throw new LockerSecurityError$LWS("Attribute 'nonce' not accessible");
|
|
5160
|
-
}
|
|
5161
|
-
}
|
|
5162
5342
|
const attributeDistortionFactoriesCache$LWS = toSafeMap$LWS$1(new MapCtor$LWS$1());
|
|
5163
5343
|
const sandboxAttributeDistortionRegistryCache$LWS = toSafeWeakMap$LWS$1(new WeakMapCtor$LWS$1());
|
|
5164
|
-
function
|
|
5344
|
+
function finalizeAttributeSetterDistortions$LWS(record$LWS) {
|
|
5165
5345
|
const attributeFactories$LWS = attributeDistortionFactoriesCache$LWS.get(record$LWS);
|
|
5166
5346
|
// istanbul ignore if: currently unreachable via tests
|
|
5167
5347
|
if (attributeFactories$LWS === undefined) {
|
|
@@ -5221,7 +5401,7 @@ function lookupAttributeDistortion$LWS(document$LWS, key$LWS, element$LWS, attrN
|
|
|
5221
5401
|
}
|
|
5222
5402
|
return undefined;
|
|
5223
5403
|
}
|
|
5224
|
-
function
|
|
5404
|
+
function getAttributeSetterDistortion$LWS(record$LWS, element$LWS, attrName$LWS, attributeNamespace$LWS = NAMESPACE_DEFAULT$LWS) {
|
|
5225
5405
|
const {
|
|
5226
5406
|
document: document$LWS,
|
|
5227
5407
|
key: key$LWS
|
|
@@ -5236,6 +5416,11 @@ function getAttributeDistortion$LWS(record$LWS, element$LWS, attrName$LWS, attri
|
|
|
5236
5416
|
// to the function's realm, not the element's. Fall back to the element's
|
|
5237
5417
|
// ownerDocument registry where constructors match the element's prototype
|
|
5238
5418
|
// chain.
|
|
5419
|
+
//
|
|
5420
|
+
// Gated changesSince.262 because the cross-realm fallback was introduced
|
|
5421
|
+
// in the 262 train alongside the other cross-realm hardening; lowering
|
|
5422
|
+
// the gate here would re-expose 262 sandboxes to the cross-realm
|
|
5423
|
+
// bypass class this fallback closes.
|
|
5239
5424
|
if (isGaterEnabledFeature$LWS('changesSince.262')) {
|
|
5240
5425
|
const elementDocument$LWS = ReflectApply$LWS$1(NodeProtoOwnerDocumentGetter$LWS, element$LWS, []);
|
|
5241
5426
|
if (elementDocument$LWS && elementDocument$LWS !== document$LWS) {
|
|
@@ -5250,7 +5435,7 @@ function getAttributeDistortion$LWS(record$LWS, element$LWS, attrName$LWS, attri
|
|
|
5250
5435
|
function normalizeNamespace$LWS(ns$LWS) {
|
|
5251
5436
|
return ns$LWS === null || ns$LWS === undefined || ns$LWS === '' ? NAMESPACE_DEFAULT$LWS : ns$LWS;
|
|
5252
5437
|
}
|
|
5253
|
-
function
|
|
5438
|
+
function registerAttributeSetterDistortion$LWS(record$LWS, ElementCtor$LWS, attributeName$LWS, attributeNamespace$LWS, distortion$LWS) {
|
|
5254
5439
|
let attributeFactories$LWS = attributeDistortionFactoriesCache$LWS.get(record$LWS);
|
|
5255
5440
|
if (attributeFactories$LWS === undefined) {
|
|
5256
5441
|
attributeFactories$LWS = [];
|
|
@@ -5273,6 +5458,137 @@ function registerAttributeDistortion$LWS(record$LWS, ElementCtor$LWS, attributeN
|
|
|
5273
5458
|
elementCtorMap$LWS.set(ElementCtor$LWS, distortion$LWS);
|
|
5274
5459
|
};
|
|
5275
5460
|
}
|
|
5461
|
+
const attributeGetterFactoriesCache$LWS = toSafeMap$LWS$1(new MapCtor$LWS$1());
|
|
5462
|
+
const sandboxAttributeGetterRegistryCache$LWS = toSafeWeakMap$LWS$1(new WeakMapCtor$LWS$1());
|
|
5463
|
+
function finalizeAttributeGetterDistortions$LWS(record$LWS) {
|
|
5464
|
+
const factories$LWS = attributeGetterFactoriesCache$LWS.get(record$LWS);
|
|
5465
|
+
if (factories$LWS === undefined) {
|
|
5466
|
+
return;
|
|
5467
|
+
}
|
|
5468
|
+
attributeGetterFactoriesCache$LWS.delete(record$LWS);
|
|
5469
|
+
const {
|
|
5470
|
+
document: document$LWS,
|
|
5471
|
+
key: key$LWS
|
|
5472
|
+
} = record$LWS;
|
|
5473
|
+
let sandboxRegistry$LWS = sandboxAttributeGetterRegistryCache$LWS.get(document$LWS);
|
|
5474
|
+
if (sandboxRegistry$LWS === undefined) {
|
|
5475
|
+
sandboxRegistry$LWS = {
|
|
5476
|
+
__proto__: null
|
|
5477
|
+
};
|
|
5478
|
+
sandboxAttributeGetterRegistryCache$LWS.set(document$LWS, sandboxRegistry$LWS);
|
|
5479
|
+
}
|
|
5480
|
+
const registry$LWS = {
|
|
5481
|
+
__proto__: null
|
|
5482
|
+
};
|
|
5483
|
+
sandboxRegistry$LWS[key$LWS] = registry$LWS;
|
|
5484
|
+
for (let i$LWS = 0, {
|
|
5485
|
+
length: length$LWS
|
|
5486
|
+
} = factories$LWS; i$LWS < length$LWS; i$LWS += 1) {
|
|
5487
|
+
factories$LWS[i$LWS](registry$LWS);
|
|
5488
|
+
}
|
|
5489
|
+
}
|
|
5490
|
+
function lookupAttributeGetterIn$LWS(document$LWS, key$LWS, element$LWS, attrName$LWS, attributeNamespace$LWS) {
|
|
5491
|
+
const sandboxRegistry$LWS = sandboxAttributeGetterRegistryCache$LWS.get(document$LWS);
|
|
5492
|
+
if (sandboxRegistry$LWS === undefined) {
|
|
5493
|
+
return undefined;
|
|
5494
|
+
}
|
|
5495
|
+
const registry$LWS = sandboxRegistry$LWS[key$LWS];
|
|
5496
|
+
if (registry$LWS === undefined) {
|
|
5497
|
+
return undefined;
|
|
5498
|
+
}
|
|
5499
|
+
const byNamespace$LWS = registry$LWS[ReflectApply$LWS$1(StringProtoToLowerCase$LWS, attrName$LWS, [])];
|
|
5500
|
+
if (byNamespace$LWS === undefined) {
|
|
5501
|
+
return undefined;
|
|
5502
|
+
}
|
|
5503
|
+
const ctorMap$LWS = byNamespace$LWS[attributeNamespace$LWS];
|
|
5504
|
+
if (ctorMap$LWS === undefined) {
|
|
5505
|
+
return undefined;
|
|
5506
|
+
}
|
|
5507
|
+
const it$LWS = ctorMap$LWS.entries();
|
|
5508
|
+
for (const {
|
|
5509
|
+
0: Ctor$LWS,
|
|
5510
|
+
1: getter$LWS
|
|
5511
|
+
} of it$LWS) {
|
|
5512
|
+
if (element$LWS instanceof Ctor$LWS) {
|
|
5513
|
+
return getter$LWS;
|
|
5514
|
+
}
|
|
5515
|
+
}
|
|
5516
|
+
return undefined;
|
|
5517
|
+
}
|
|
5518
|
+
function getAttributeGetterDistortion$LWS(record$LWS, element$LWS, attrName$LWS, attributeNamespace$LWS = NAMESPACE_DEFAULT$LWS) {
|
|
5519
|
+
// Callers pass the already-TOCTOU-coerced string; normalize here so every
|
|
5520
|
+
// read path looks up against a consistent (lowercased, namespace-stripped)
|
|
5521
|
+
// attribute-name key without each caller re-running the same transform.
|
|
5522
|
+
const normalizedName$LWS = normalizeNamespacedAttributeName$LWS(attrName$LWS);
|
|
5523
|
+
const {
|
|
5524
|
+
document: document$LWS,
|
|
5525
|
+
key: key$LWS
|
|
5526
|
+
} = record$LWS;
|
|
5527
|
+
const direct$LWS = lookupAttributeGetterIn$LWS(document$LWS, key$LWS, element$LWS, normalizedName$LWS, attributeNamespace$LWS);
|
|
5528
|
+
if (direct$LWS !== undefined) {
|
|
5529
|
+
return direct$LWS;
|
|
5530
|
+
}
|
|
5531
|
+
// Cross-realm fallback: same shape as the setter registry's, gated 262
|
|
5532
|
+
// for the same reason. Nonce protection on the getter side relies on
|
|
5533
|
+
// this fallback firing for cross-realm reads at 262 sandboxes;
|
|
5534
|
+
// raising this gate would re-leak nonce through cross-realm Element
|
|
5535
|
+
// instances on that gate.
|
|
5536
|
+
if (isGaterEnabledFeature$LWS('changesSince.262')) {
|
|
5537
|
+
const elementDocument$LWS = ReflectApply$LWS$1(NodeProtoOwnerDocumentGetter$LWS, element$LWS, []);
|
|
5538
|
+
if (elementDocument$LWS && elementDocument$LWS !== document$LWS) {
|
|
5539
|
+
return lookupAttributeGetterIn$LWS(elementDocument$LWS, key$LWS, element$LWS, normalizedName$LWS, attributeNamespace$LWS);
|
|
5540
|
+
}
|
|
5541
|
+
}
|
|
5542
|
+
return undefined;
|
|
5543
|
+
}
|
|
5544
|
+
function registerAttributeGetterDistortion$LWS(record$LWS, ElementCtor$LWS, attributeName$LWS, attributeNamespace$LWS, getter$LWS) {
|
|
5545
|
+
let factories$LWS = attributeGetterFactoriesCache$LWS.get(record$LWS);
|
|
5546
|
+
if (factories$LWS === undefined) {
|
|
5547
|
+
factories$LWS = [];
|
|
5548
|
+
attributeGetterFactoriesCache$LWS.set(record$LWS, factories$LWS);
|
|
5549
|
+
}
|
|
5550
|
+
const loweredAttributeName$LWS = ReflectApply$LWS$1(StringProtoToLowerCase$LWS, attributeName$LWS, []);
|
|
5551
|
+
factories$LWS[factories$LWS.length] = registry$LWS => {
|
|
5552
|
+
let byNamespace$LWS = registry$LWS[loweredAttributeName$LWS];
|
|
5553
|
+
if (byNamespace$LWS === undefined) {
|
|
5554
|
+
byNamespace$LWS = {
|
|
5555
|
+
__proto__: null
|
|
5556
|
+
};
|
|
5557
|
+
registry$LWS[loweredAttributeName$LWS] = byNamespace$LWS;
|
|
5558
|
+
}
|
|
5559
|
+
let ctorMap$LWS = byNamespace$LWS[attributeNamespace$LWS];
|
|
5560
|
+
if (ctorMap$LWS === undefined) {
|
|
5561
|
+
ctorMap$LWS = toSafeMap$LWS$1(new MapCtor$LWS$1());
|
|
5562
|
+
byNamespace$LWS[attributeNamespace$LWS] = ctorMap$LWS;
|
|
5563
|
+
}
|
|
5564
|
+
ctorMap$LWS.set(ElementCtor$LWS, getter$LWS);
|
|
5565
|
+
};
|
|
5566
|
+
}
|
|
5567
|
+
function initDistortionAttrValueGetter$LWS({
|
|
5568
|
+
globalObject: {
|
|
5569
|
+
Attr: Attr$LWS
|
|
5570
|
+
}
|
|
5571
|
+
}) {
|
|
5572
|
+
const originalAttrValueGetter$LWS = ObjectLookupOwnGetter$LWS$1(Attr$LWS.prototype, 'value');
|
|
5573
|
+
return function distortionAttrValueGetter$LWS(record$LWS) {
|
|
5574
|
+
return [originalAttrValueGetter$LWS, function value$LWS() {
|
|
5575
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
5576
|
+
const ownerElement$LWS = ReflectApply$LWS$1(AttrProtoOwnerElementGetter$LWS, this, []);
|
|
5577
|
+
if (ownerElement$LWS) {
|
|
5578
|
+
const attrName$LWS = ReflectApply$LWS$1(AttrProtoNameGetter$LWS, this, []);
|
|
5579
|
+
const attrNamespace$LWS = ReflectApply$LWS$1(AttrProtoNamespaceURIGetter$LWS, this, []);
|
|
5580
|
+
const normalizedNamespace$LWS = normalizeNamespace$LWS(attrNamespace$LWS);
|
|
5581
|
+
const override$LWS = getAttributeGetterDistortion$LWS(record$LWS, ownerElement$LWS, attrName$LWS, normalizedNamespace$LWS);
|
|
5582
|
+
if (override$LWS !== undefined) {
|
|
5583
|
+
const result$LWS = ReflectApply$LWS$1(override$LWS, ownerElement$LWS, []);
|
|
5584
|
+
return result$LWS === null ? '' : result$LWS;
|
|
5585
|
+
}
|
|
5586
|
+
}
|
|
5587
|
+
}
|
|
5588
|
+
return ReflectApply$LWS$1(originalAttrValueGetter$LWS, this, []);
|
|
5589
|
+
}];
|
|
5590
|
+
};
|
|
5591
|
+
}
|
|
5276
5592
|
function initDistortionAttrValueSetter$LWS({
|
|
5277
5593
|
globalObject: {
|
|
5278
5594
|
Attr: Attr$LWS
|
|
@@ -5287,7 +5603,7 @@ function initDistortionAttrValueSetter$LWS({
|
|
|
5287
5603
|
const attrName$LWS = ReflectApply$LWS$1(AttrProtoNameGetter$LWS, this, []);
|
|
5288
5604
|
const attrNamespace$LWS = ReflectApply$LWS$1(AttrProtoNamespaceURIGetter$LWS, this, []);
|
|
5289
5605
|
const normalizedNamespace$LWS = normalizeNamespace$LWS(attrNamespace$LWS);
|
|
5290
|
-
const distortion$LWS =
|
|
5606
|
+
const distortion$LWS = getAttributeSetterDistortion$LWS(record$LWS, ownerElement$LWS, attrName$LWS, normalizedNamespace$LWS);
|
|
5291
5607
|
// istanbul ignore if: coverage missing, needs investigation
|
|
5292
5608
|
if (distortion$LWS) {
|
|
5293
5609
|
ReflectApply$LWS$1(distortion$LWS, ownerElement$LWS, [val$LWS]);
|
|
@@ -5328,6 +5644,65 @@ function initDistortionAuraUtilGlobalEval$LWS({
|
|
|
5328
5644
|
}];
|
|
5329
5645
|
};
|
|
5330
5646
|
}
|
|
5647
|
+
function initDistortionBroadcastChannelCtor$LWS({
|
|
5648
|
+
globalObject: {
|
|
5649
|
+
BroadcastChannel: originalBroadcastChannelCtor$LWS
|
|
5650
|
+
}
|
|
5651
|
+
}) {
|
|
5652
|
+
// istanbul ignore if: this is a safety precaution, but currently unreachable via tests
|
|
5653
|
+
if (typeof originalBroadcastChannelCtor$LWS !== 'function') {
|
|
5654
|
+
return noop$LWS$1;
|
|
5655
|
+
}
|
|
5656
|
+
return function distortionBroadcastChannelCtor$LWS({
|
|
5657
|
+
key: key$LWS
|
|
5658
|
+
}) {
|
|
5659
|
+
return [originalBroadcastChannelCtor$LWS, function BroadcastChannel$LWS(...args$LWS) {
|
|
5660
|
+
// Namespace-prefix the channel name with the sandbox key so
|
|
5661
|
+
// that channels created in different sandboxes bind to
|
|
5662
|
+
// distinct native channel names, even when the caller
|
|
5663
|
+
// supplies the same visible name. Mirrors the approach used
|
|
5664
|
+
// for `localStorage` / `sessionStorage` / `CacheStorage` /
|
|
5665
|
+
// cookies.
|
|
5666
|
+
if (isGaterEnabledFeature$LWS('changesSince.264') && args$LWS.length) {
|
|
5667
|
+
args$LWS[0] = prependNamespaceMarker$LWS(toSafeStringValue$LWS(args$LWS[0]), key$LWS);
|
|
5668
|
+
}
|
|
5669
|
+
return ReflectConstruct$LWS(originalBroadcastChannelCtor$LWS, args$LWS);
|
|
5670
|
+
}];
|
|
5671
|
+
};
|
|
5672
|
+
}
|
|
5673
|
+
function initDistortionBroadcastChannelNameGetter$LWS({
|
|
5674
|
+
globalObject: {
|
|
5675
|
+
BroadcastChannel: originalBroadcastChannelCtor$LWS
|
|
5676
|
+
}
|
|
5677
|
+
}) {
|
|
5678
|
+
// istanbul ignore if: this is a safety precaution, but currently unreachable via tests
|
|
5679
|
+
if (typeof originalBroadcastChannelCtor$LWS !== 'function') {
|
|
5680
|
+
return noop$LWS$1;
|
|
5681
|
+
}
|
|
5682
|
+
const originalNameGetter$LWS = ObjectLookupOwnGetter$LWS$1(originalBroadcastChannelCtor$LWS.prototype, 'name');
|
|
5683
|
+
// istanbul ignore if: this is a safety precaution, but currently unreachable via tests
|
|
5684
|
+
if (typeof originalNameGetter$LWS !== 'function') {
|
|
5685
|
+
return noop$LWS$1;
|
|
5686
|
+
}
|
|
5687
|
+
return function distortionBroadcastChannelNameGetter$LWS({
|
|
5688
|
+
key: key$LWS
|
|
5689
|
+
}) {
|
|
5690
|
+
return [originalNameGetter$LWS, function name$LWS() {
|
|
5691
|
+
const originalName$LWS = ReflectApply$LWS$1(originalNameGetter$LWS, this, []);
|
|
5692
|
+
// Strip the sandbox-key namespace marker that
|
|
5693
|
+
// `initDistortionBroadcastChannelCtor` prepended so that the
|
|
5694
|
+
// visible `.name` matches the string the caller passed to
|
|
5695
|
+
// `new BroadcastChannel(name)` and does not leak the sandbox
|
|
5696
|
+
// key (via the instance or via `event.target.name` on
|
|
5697
|
+
// received messages).
|
|
5698
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
5699
|
+
return removeNamespaceMarker$LWS(originalName$LWS, key$LWS);
|
|
5700
|
+
}
|
|
5701
|
+
// istanbul ignore next: ungated return is not reachable in coverage runs
|
|
5702
|
+
return originalName$LWS;
|
|
5703
|
+
}];
|
|
5704
|
+
};
|
|
5705
|
+
}
|
|
5331
5706
|
function initDistortionBroadcastChannelPostMessage$LWS({
|
|
5332
5707
|
globalObject: globalObject$LWS
|
|
5333
5708
|
}) {
|
|
@@ -5931,6 +6306,48 @@ function initDistortionCustomElementRegistryWhenDefined$LWS({
|
|
|
5931
6306
|
}];
|
|
5932
6307
|
};
|
|
5933
6308
|
}
|
|
6309
|
+
const {
|
|
6310
|
+
isAttackerOwnedNode: isAttackerOwnedNode$1$LWS
|
|
6311
|
+
} = rootValidator$LWS;
|
|
6312
|
+
// W-22382462: gate `document.adoptNode` against the source-document
|
|
6313
|
+
// shape that the chain depends on.
|
|
6314
|
+
//
|
|
6315
|
+
// `adoptNode` moves a node from a *different* document into the
|
|
6316
|
+
// current one (transferring ownership; unlike `importNode` which
|
|
6317
|
+
// copies). The W-22382462 chain abuses this to lift a hostile iframe
|
|
6318
|
+
// (with browser-XML-parser-synthesized `srcdoc`) out of a same-origin
|
|
6319
|
+
// iframe contentDocument into the top-level document.
|
|
6320
|
+
//
|
|
6321
|
+
// Refusal is delegated to `rootValidator.isAttackerOwnedNode`, which
|
|
6322
|
+
// returns true only when the source node belongs to a document whose
|
|
6323
|
+
// browsing context was loaded from a non-blank URL or has a `srcdoc`
|
|
6324
|
+
// attribute set. Same-document adoption, adoption from detached
|
|
6325
|
+
// documents (`createHTMLDocument`, `DOMParser`), and adoption from
|
|
6326
|
+
// blank-iframed documents proceed normally.
|
|
6327
|
+
function initDistortionDocumentAdoptNode$LWS({
|
|
6328
|
+
globalObject: {
|
|
6329
|
+
Document: {
|
|
6330
|
+
prototype: {
|
|
6331
|
+
adoptNode: originalAdoptNode$LWS
|
|
6332
|
+
}
|
|
6333
|
+
}
|
|
6334
|
+
}
|
|
6335
|
+
}) {
|
|
6336
|
+
const distortionEntry$LWS = [originalAdoptNode$LWS, function adoptNode$LWS(...args$LWS) {
|
|
6337
|
+
if (isGaterEnabledFeature$LWS('changesSince.264') && args$LWS.length > 0) {
|
|
6338
|
+
const node$LWS = args$LWS[0];
|
|
6339
|
+
if (node$LWS !== null && node$LWS !== undefined) {
|
|
6340
|
+
if (isAttackerOwnedNode$1$LWS(node$LWS, this)) {
|
|
6341
|
+
throw new LockerSecurityError$LWS("Cannot use 'adoptNode'.");
|
|
6342
|
+
}
|
|
6343
|
+
}
|
|
6344
|
+
}
|
|
6345
|
+
return ReflectApply$LWS$1(originalAdoptNode$LWS, this, args$LWS);
|
|
6346
|
+
}];
|
|
6347
|
+
return function distortionDocumentAdoptNode$LWS() {
|
|
6348
|
+
return distortionEntry$LWS;
|
|
6349
|
+
};
|
|
6350
|
+
}
|
|
5934
6351
|
function initDistortionDocumentCookieGetter$LWS({
|
|
5935
6352
|
globalObject: {
|
|
5936
6353
|
Document: Document$LWS
|
|
@@ -6196,6 +6613,48 @@ function initDistortionDocumentExecCommand$LWS({
|
|
|
6196
6613
|
}];
|
|
6197
6614
|
};
|
|
6198
6615
|
}
|
|
6616
|
+
const {
|
|
6617
|
+
isAttackerOwnedNode: isAttackerOwnedNode$LWS
|
|
6618
|
+
} = rootValidator$LWS;
|
|
6619
|
+
// W-22382462 Stage 3: gate `document.importNode` against the same
|
|
6620
|
+
// source-document shape that `adoptNode` is gated against.
|
|
6621
|
+
//
|
|
6622
|
+
// `importNode` copies a node from a *different* document into the
|
|
6623
|
+
// current one. The W-22382462 chain shape is identical to the
|
|
6624
|
+
// adoptNode case — a hostile iframe (with browser-XML-parser-
|
|
6625
|
+
// synthesized `srcdoc`) being lifted out of a same-origin iframe
|
|
6626
|
+
// contentDocument into the top-level document.
|
|
6627
|
+
//
|
|
6628
|
+
// Refusal is delegated to `rootValidator.isAttackerOwnedNode`, which
|
|
6629
|
+
// returns true only when the source node belongs to a document whose
|
|
6630
|
+
// browsing context was loaded from a non-blank URL or has a `srcdoc`
|
|
6631
|
+
// attribute set. Same-document import, import from detached documents
|
|
6632
|
+
// (`createHTMLDocument`, `DOMParser`), and import from blank-iframed
|
|
6633
|
+
// documents proceed normally.
|
|
6634
|
+
function initDistortionDocumentImportNode$LWS({
|
|
6635
|
+
globalObject: {
|
|
6636
|
+
Document: {
|
|
6637
|
+
prototype: {
|
|
6638
|
+
importNode: originalImportNode$LWS
|
|
6639
|
+
}
|
|
6640
|
+
}
|
|
6641
|
+
}
|
|
6642
|
+
}) {
|
|
6643
|
+
const distortionEntry$LWS = [originalImportNode$LWS, function importNode$LWS(...args$LWS) {
|
|
6644
|
+
if (isGaterEnabledFeature$LWS('changesSince.264') && args$LWS.length > 0) {
|
|
6645
|
+
const node$LWS = args$LWS[0];
|
|
6646
|
+
if (node$LWS !== null && node$LWS !== undefined) {
|
|
6647
|
+
if (isAttackerOwnedNode$LWS(node$LWS, this)) {
|
|
6648
|
+
throw new LockerSecurityError$LWS("Cannot use 'importNode'.");
|
|
6649
|
+
}
|
|
6650
|
+
}
|
|
6651
|
+
}
|
|
6652
|
+
return ReflectApply$LWS$1(originalImportNode$LWS, this, args$LWS);
|
|
6653
|
+
}];
|
|
6654
|
+
return function distortionDocumentImportNode$LWS() {
|
|
6655
|
+
return distortionEntry$LWS;
|
|
6656
|
+
};
|
|
6657
|
+
}
|
|
6199
6658
|
function initDistortionDocumentOnsecuritypolicyviolation$LWS({
|
|
6200
6659
|
globalObject: {
|
|
6201
6660
|
Document: {
|
|
@@ -6350,6 +6809,96 @@ function initDistortionDOMParserParseFromString$LWS({
|
|
|
6350
6809
|
}];
|
|
6351
6810
|
};
|
|
6352
6811
|
}
|
|
6812
|
+
const ALLOW_SAME_ORIGIN_TOKEN$1$LWS = 'allow-same-origin';
|
|
6813
|
+
// Tokens whose addition to any DOMTokenList would relax sandbox-escape
|
|
6814
|
+
// boundaries. These are only meaningful on `iframe.sandbox`; on non-sandbox
|
|
6815
|
+
// token lists (classList, relList, etc.) they are no-ops, so a global
|
|
6816
|
+
// blocklist is the simplest enforcement boundary that closes the iframe
|
|
6817
|
+
// bypass without enumerating every host-element pairing.
|
|
6818
|
+
const blockedTokens$LWS = toSafeSet$LWS(new SetCtor$LWS$1([ALLOW_SAME_ORIGIN_TOKEN$1$LWS]));
|
|
6819
|
+
function normalizeToken$LWS(token$LWS) {
|
|
6820
|
+
return ReflectApply$LWS$1(StringProtoToLowerCase$LWS, toSafeStringValue$LWS(token$LWS), []);
|
|
6821
|
+
}
|
|
6822
|
+
function enforceBlockedSandboxTokenList$LWS(tokens$LWS) {
|
|
6823
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
6824
|
+
for (let i$LWS = 0, {
|
|
6825
|
+
length: length$LWS
|
|
6826
|
+
} = tokens$LWS; i$LWS < length$LWS; i$LWS += 1) {
|
|
6827
|
+
const normalized$LWS = normalizeToken$LWS(tokens$LWS[i$LWS]);
|
|
6828
|
+
if (blockedTokens$LWS.has(normalized$LWS)) {
|
|
6829
|
+
throw new LockerSecurityError$LWS(`DOMTokenList cannot accept "${normalized$LWS}" token`);
|
|
6830
|
+
}
|
|
6831
|
+
}
|
|
6832
|
+
}
|
|
6833
|
+
}
|
|
6834
|
+
function initDistortionDOMTokenListAdd$LWS({
|
|
6835
|
+
globalObject: {
|
|
6836
|
+
DOMTokenList: {
|
|
6837
|
+
prototype: {
|
|
6838
|
+
add: originalAdd$LWS
|
|
6839
|
+
}
|
|
6840
|
+
}
|
|
6841
|
+
}
|
|
6842
|
+
}) {
|
|
6843
|
+
const distortionEntry$LWS = [originalAdd$LWS, function add$LWS(...tokens$LWS) {
|
|
6844
|
+
enforceBlockedSandboxTokenList$LWS(tokens$LWS);
|
|
6845
|
+
return ReflectApply$LWS$1(DOMTokenListProtoAdd$LWS, this, tokens$LWS);
|
|
6846
|
+
}];
|
|
6847
|
+
return function distortionDOMTokenListAdd$LWS() {
|
|
6848
|
+
return distortionEntry$LWS;
|
|
6849
|
+
};
|
|
6850
|
+
}
|
|
6851
|
+
function initDistortionDOMTokenListReplace$LWS({
|
|
6852
|
+
globalObject: {
|
|
6853
|
+
DOMTokenList: {
|
|
6854
|
+
prototype: {
|
|
6855
|
+
replace: originalReplace$LWS
|
|
6856
|
+
}
|
|
6857
|
+
}
|
|
6858
|
+
}
|
|
6859
|
+
}) {
|
|
6860
|
+
const distortionEntry$LWS = [originalReplace$LWS, function replace$LWS(oldToken$LWS, newToken$LWS) {
|
|
6861
|
+
enforceBlockedSandboxTokenList$LWS([newToken$LWS]);
|
|
6862
|
+
return ReflectApply$LWS$1(DOMTokenListProtoReplace$LWS, this, [oldToken$LWS, newToken$LWS]);
|
|
6863
|
+
}];
|
|
6864
|
+
return function distortionDOMTokenListReplace$LWS() {
|
|
6865
|
+
return distortionEntry$LWS;
|
|
6866
|
+
};
|
|
6867
|
+
}
|
|
6868
|
+
function initDistortionDOMTokenListToggle$LWS({
|
|
6869
|
+
globalObject: {
|
|
6870
|
+
DOMTokenList: {
|
|
6871
|
+
prototype: {
|
|
6872
|
+
toggle: originalToggle$LWS
|
|
6873
|
+
}
|
|
6874
|
+
}
|
|
6875
|
+
}
|
|
6876
|
+
}) {
|
|
6877
|
+
const distortionEntry$LWS = [originalToggle$LWS, function toggle$LWS(token$LWS, force$LWS) {
|
|
6878
|
+
enforceBlockedSandboxTokenList$LWS([token$LWS]);
|
|
6879
|
+
return ReflectApply$LWS$1(DOMTokenListProtoToggle$LWS, this, arguments.length < 2 ? [token$LWS] : [token$LWS, force$LWS]);
|
|
6880
|
+
}];
|
|
6881
|
+
return function distortionDOMTokenListToggle$LWS() {
|
|
6882
|
+
return distortionEntry$LWS;
|
|
6883
|
+
};
|
|
6884
|
+
}
|
|
6885
|
+
const ASCII_WHITESPACE_REGEXP$LWS = /[\t\n\f\r ]+/;
|
|
6886
|
+
function initDistortionDOMTokenListValueSetter$LWS({
|
|
6887
|
+
globalObject: {
|
|
6888
|
+
DOMTokenList: DOMTokenList$LWS
|
|
6889
|
+
}
|
|
6890
|
+
}) {
|
|
6891
|
+
const originalValueSetter$LWS = ObjectLookupOwnSetter$LWS(DOMTokenList$LWS.prototype, 'value');
|
|
6892
|
+
const distortionEntry$LWS = [originalValueSetter$LWS, function value$LWS(newValue$LWS) {
|
|
6893
|
+
const normalized$LWS = toSafeStringValue$LWS(newValue$LWS);
|
|
6894
|
+
const tokens$LWS = ReflectApply$LWS$1(StringProtoSplit$LWS, normalized$LWS, [ASCII_WHITESPACE_REGEXP$LWS]);
|
|
6895
|
+
enforceBlockedSandboxTokenList$LWS(tokens$LWS);
|
|
6896
|
+
ReflectApply$LWS$1(DOMTokenListProtoValueSetter$LWS, this, [normalized$LWS]);
|
|
6897
|
+
}];
|
|
6898
|
+
return function distortionDOMTokenListValueSetter$LWS() {
|
|
6899
|
+
return distortionEntry$LWS;
|
|
6900
|
+
};
|
|
6901
|
+
}
|
|
6353
6902
|
const {
|
|
6354
6903
|
isSharedElement: isSharedElement$B$LWS,
|
|
6355
6904
|
isAllowedSharedElementChild: isAllowedSharedElementChild$6$LWS
|
|
@@ -6463,6 +7012,9 @@ const namedNodeMapToElementCache$LWS = toSafeWeakMap$LWS$1(new WeakMapCtor$LWS$1
|
|
|
6463
7012
|
function pairElement$LWS(attrInstance$LWS, element$LWS) {
|
|
6464
7013
|
namedNodeMapToElementCache$LWS.set(attrInstance$LWS, element$LWS);
|
|
6465
7014
|
}
|
|
7015
|
+
function getOwnerElement$LWS(nodeNameMap$LWS) {
|
|
7016
|
+
return namedNodeMapToElementCache$LWS.get(nodeNameMap$LWS);
|
|
7017
|
+
}
|
|
6466
7018
|
function setNamedItemWithAttr$LWS(record$LWS, originalMethod$LWS, nodeNameMap$LWS, attr$LWS) {
|
|
6467
7019
|
const element$LWS = namedNodeMapToElementCache$LWS.get(nodeNameMap$LWS);
|
|
6468
7020
|
// istanbul ignore else: nothing to do if there's no element
|
|
@@ -6470,7 +7022,7 @@ function setNamedItemWithAttr$LWS(record$LWS, originalMethod$LWS, nodeNameMap$LW
|
|
|
6470
7022
|
const attrName$LWS = ReflectApply$LWS$1(AttrProtoNameGetter$LWS, attr$LWS, []);
|
|
6471
7023
|
const attrNamespace$LWS = ReflectApply$LWS$1(AttrProtoNamespaceURIGetter$LWS, attr$LWS, []);
|
|
6472
7024
|
const normalizedNamespace$LWS = normalizeNamespace$LWS(attrNamespace$LWS);
|
|
6473
|
-
const distortion$LWS =
|
|
7025
|
+
const distortion$LWS = getAttributeSetterDistortion$LWS(record$LWS, element$LWS, attrName$LWS, normalizedNamespace$LWS);
|
|
6474
7026
|
// istanbul ignore else: nothing to do if there's no distortion
|
|
6475
7027
|
if (distortion$LWS) {
|
|
6476
7028
|
const attrValue$LWS = ReflectApply$LWS$1(AttrProtoValueGetter$LWS, attr$LWS, []);
|
|
@@ -6538,13 +7090,21 @@ function initDistortionElementGetAttribute$LWS({
|
|
|
6538
7090
|
}
|
|
6539
7091
|
}
|
|
6540
7092
|
}) {
|
|
6541
|
-
return function distortionElementGetAttribute$LWS() {
|
|
7093
|
+
return function distortionElementGetAttribute$LWS(record$LWS) {
|
|
6542
7094
|
return [originalGetAttribute$LWS, function getAttribute$LWS(...args$LWS) {
|
|
6543
7095
|
const {
|
|
6544
7096
|
length: length$LWS
|
|
6545
7097
|
} = args$LWS;
|
|
6546
7098
|
if (isGaterEnabledFeature$LWS('changesSince.262') && length$LWS > 0) {
|
|
6547
|
-
|
|
7099
|
+
// Guard against TOCTOU attacks (e.g. shape-shifting
|
|
7100
|
+
// toString): force the native call to see the same
|
|
7101
|
+
// value our checks ran against.
|
|
7102
|
+
const coerced$LWS = toSafeStringValue$LWS(args$LWS[0]);
|
|
7103
|
+
args$LWS[0] = coerced$LWS;
|
|
7104
|
+
const override$LWS = getAttributeGetterDistortion$LWS(record$LWS, this, coerced$LWS);
|
|
7105
|
+
if (override$LWS !== undefined) {
|
|
7106
|
+
return ReflectApply$LWS$1(override$LWS, this, []);
|
|
7107
|
+
}
|
|
6548
7108
|
}
|
|
6549
7109
|
return ReflectApply$LWS$1(originalGetAttribute$LWS, this, args$LWS);
|
|
6550
7110
|
}];
|
|
@@ -6552,6 +7112,7 @@ function initDistortionElementGetAttribute$LWS({
|
|
|
6552
7112
|
}
|
|
6553
7113
|
function initDistortionElementGetAttributeNode$LWS({
|
|
6554
7114
|
globalObject: {
|
|
7115
|
+
document: sandboxDocument$LWS,
|
|
6555
7116
|
Element: {
|
|
6556
7117
|
prototype: {
|
|
6557
7118
|
getAttributeNode: originalGetAttributeNode$LWS
|
|
@@ -6559,13 +7120,38 @@ function initDistortionElementGetAttributeNode$LWS({
|
|
|
6559
7120
|
}
|
|
6560
7121
|
}
|
|
6561
7122
|
}) {
|
|
6562
|
-
return function distortionElementGetAttributeNode$LWS() {
|
|
7123
|
+
return function distortionElementGetAttributeNode$LWS(record$LWS) {
|
|
6563
7124
|
return [originalGetAttributeNode$LWS, function getAttributeNode$LWS(...args$LWS) {
|
|
6564
7125
|
const {
|
|
6565
7126
|
length: length$LWS
|
|
6566
7127
|
} = args$LWS;
|
|
6567
7128
|
if (isGaterEnabledFeature$LWS('changesSince.262') && length$LWS > 0) {
|
|
6568
|
-
|
|
7129
|
+
// Guard against TOCTOU attacks: force the native call
|
|
7130
|
+
// to see the same value our checks ran against.
|
|
7131
|
+
const coerced$LWS = toSafeStringValue$LWS(args$LWS[0]);
|
|
7132
|
+
args$LWS[0] = coerced$LWS;
|
|
7133
|
+
// Consult the read-side registry. A throwing
|
|
7134
|
+
// registered getter (e.g. nonce) refuses the read
|
|
7135
|
+
// by propagating its exception. A value-substituting
|
|
7136
|
+
// getter (e.g. iframe.src pending URL) returns a
|
|
7137
|
+
// string; if the native attribute store has no Attr
|
|
7138
|
+
// for this name, synthesize a detached Attr carrying
|
|
7139
|
+
// the substituted value so sandbox code can read
|
|
7140
|
+
// .value as expected. If the native store already
|
|
7141
|
+
// has an Attr, prefer it.
|
|
7142
|
+
const override$LWS = getAttributeGetterDistortion$LWS(record$LWS, this, coerced$LWS);
|
|
7143
|
+
if (override$LWS !== undefined) {
|
|
7144
|
+
const overrideValue$LWS = ReflectApply$LWS$1(override$LWS, this, []);
|
|
7145
|
+
if (overrideValue$LWS !== null && overrideValue$LWS !== undefined) {
|
|
7146
|
+
const nativeAttr$LWS = ReflectApply$LWS$1(originalGetAttributeNode$LWS, this, args$LWS);
|
|
7147
|
+
if (nativeAttr$LWS !== null) {
|
|
7148
|
+
return nativeAttr$LWS;
|
|
7149
|
+
}
|
|
7150
|
+
const synth$LWS = ReflectApply$LWS$1(DocumentProtoCreateAttribute$LWS, sandboxDocument$LWS, [coerced$LWS]);
|
|
7151
|
+
synth$LWS.value = overrideValue$LWS;
|
|
7152
|
+
return synth$LWS;
|
|
7153
|
+
}
|
|
7154
|
+
}
|
|
6569
7155
|
}
|
|
6570
7156
|
return ReflectApply$LWS$1(originalGetAttributeNode$LWS, this, args$LWS);
|
|
6571
7157
|
}];
|
|
@@ -6573,6 +7159,7 @@ function initDistortionElementGetAttributeNode$LWS({
|
|
|
6573
7159
|
}
|
|
6574
7160
|
function initDistortionElementGetAttributeNodeNS$LWS({
|
|
6575
7161
|
globalObject: {
|
|
7162
|
+
document: sandboxDocument$LWS,
|
|
6576
7163
|
Element: {
|
|
6577
7164
|
prototype: {
|
|
6578
7165
|
getAttributeNodeNS: originalGetAttributeNodeNS$LWS
|
|
@@ -6580,13 +7167,41 @@ function initDistortionElementGetAttributeNodeNS$LWS({
|
|
|
6580
7167
|
}
|
|
6581
7168
|
}
|
|
6582
7169
|
}) {
|
|
6583
|
-
return function distortionElementGetAttributeNodeNS$LWS() {
|
|
7170
|
+
return function distortionElementGetAttributeNodeNS$LWS(record$LWS) {
|
|
6584
7171
|
return [originalGetAttributeNodeNS$LWS, function getAttributeNodeNS$LWS(...args$LWS) {
|
|
6585
7172
|
const {
|
|
6586
7173
|
length: length$LWS
|
|
6587
7174
|
} = args$LWS;
|
|
6588
7175
|
if (isGaterEnabledFeature$LWS('changesSince.262') && length$LWS >= 2) {
|
|
6589
|
-
|
|
7176
|
+
// Guard against TOCTOU attacks: force the native call
|
|
7177
|
+
// to see the same values our checks ran against.
|
|
7178
|
+
const coercedNS$LWS = args$LWS[0] === null || args$LWS[0] === undefined ? args$LWS[0] : toSafeStringValue$LWS(args$LWS[0]);
|
|
7179
|
+
const coercedName$LWS = toSafeStringValue$LWS(args$LWS[1]);
|
|
7180
|
+
args$LWS[0] = coercedNS$LWS;
|
|
7181
|
+
args$LWS[1] = coercedName$LWS;
|
|
7182
|
+
const ns$LWS = normalizeNamespace$LWS(coercedNS$LWS);
|
|
7183
|
+
// Consult the read-side registry. A throwing
|
|
7184
|
+
// registered getter (e.g. nonce) refuses the read
|
|
7185
|
+
// by propagating its exception. A value-substituting
|
|
7186
|
+
// getter (e.g. iframe.src pending URL) returns a
|
|
7187
|
+
// string; if the native attribute store has no Attr
|
|
7188
|
+
// for this name+namespace, synthesize a detached
|
|
7189
|
+
// Attr carrying the substituted value so sandbox
|
|
7190
|
+
// code can read .value as expected. If the native
|
|
7191
|
+
// store already has an Attr, prefer it.
|
|
7192
|
+
const override$LWS = getAttributeGetterDistortion$LWS(record$LWS, this, coercedName$LWS, ns$LWS);
|
|
7193
|
+
if (override$LWS !== undefined) {
|
|
7194
|
+
const overrideValue$LWS = ReflectApply$LWS$1(override$LWS, this, []);
|
|
7195
|
+
if (overrideValue$LWS !== null && overrideValue$LWS !== undefined) {
|
|
7196
|
+
const nativeAttr$LWS = ReflectApply$LWS$1(originalGetAttributeNodeNS$LWS, this, args$LWS);
|
|
7197
|
+
if (nativeAttr$LWS !== null) {
|
|
7198
|
+
return nativeAttr$LWS;
|
|
7199
|
+
}
|
|
7200
|
+
const synth$LWS = ReflectApply$LWS$1(DocumentProtoCreateAttributeNS$LWS, sandboxDocument$LWS, [ns$LWS, coercedName$LWS]);
|
|
7201
|
+
synth$LWS.value = overrideValue$LWS;
|
|
7202
|
+
return synth$LWS;
|
|
7203
|
+
}
|
|
7204
|
+
}
|
|
6590
7205
|
}
|
|
6591
7206
|
return ReflectApply$LWS$1(originalGetAttributeNodeNS$LWS, this, args$LWS);
|
|
6592
7207
|
}];
|
|
@@ -6601,13 +7216,23 @@ function initDistortionElementGetAttributeNS$LWS({
|
|
|
6601
7216
|
}
|
|
6602
7217
|
}
|
|
6603
7218
|
}) {
|
|
6604
|
-
return function distortionElementGetAttributeNS$LWS() {
|
|
7219
|
+
return function distortionElementGetAttributeNS$LWS(record$LWS) {
|
|
6605
7220
|
return [originalGetAttributeNS$LWS, function getAttributeNS$LWS(...args$LWS) {
|
|
6606
7221
|
const {
|
|
6607
7222
|
length: length$LWS
|
|
6608
7223
|
} = args$LWS;
|
|
6609
7224
|
if (isGaterEnabledFeature$LWS('changesSince.262') && length$LWS >= 2) {
|
|
6610
|
-
|
|
7225
|
+
// Guard against TOCTOU attacks: force the native call
|
|
7226
|
+
// to see the same values our checks ran against.
|
|
7227
|
+
const coercedNS$LWS = args$LWS[0] === null || args$LWS[0] === undefined ? args$LWS[0] : toSafeStringValue$LWS(args$LWS[0]);
|
|
7228
|
+
const coercedName$LWS = toSafeStringValue$LWS(args$LWS[1]);
|
|
7229
|
+
args$LWS[0] = coercedNS$LWS;
|
|
7230
|
+
args$LWS[1] = coercedName$LWS;
|
|
7231
|
+
const ns$LWS = normalizeNamespace$LWS(coercedNS$LWS);
|
|
7232
|
+
const override$LWS = getAttributeGetterDistortion$LWS(record$LWS, this, coercedName$LWS, ns$LWS);
|
|
7233
|
+
if (override$LWS !== undefined) {
|
|
7234
|
+
return ReflectApply$LWS$1(override$LWS, this, []);
|
|
7235
|
+
}
|
|
6611
7236
|
}
|
|
6612
7237
|
return ReflectApply$LWS$1(originalGetAttributeNS$LWS, this, args$LWS);
|
|
6613
7238
|
}];
|
|
@@ -6713,7 +7338,7 @@ function scriptPropertySetters$LWS(incomingThis$LWS, property$LWS, valueAsTruste
|
|
|
6713
7338
|
return false;
|
|
6714
7339
|
}
|
|
6715
7340
|
const {
|
|
6716
|
-
isIframeSrcdocScriptAttack: isIframeSrcdocScriptAttack$
|
|
7341
|
+
isIframeSrcdocScriptAttack: isIframeSrcdocScriptAttack$7$LWS,
|
|
6717
7342
|
isSharedElement: isSharedElement$y$LWS
|
|
6718
7343
|
} = rootValidator$LWS;
|
|
6719
7344
|
function initDistortionElementInnerHTMLSetter$LWS({
|
|
@@ -6768,7 +7393,7 @@ function initDistortionElementInnerHTMLSetter$LWS({
|
|
|
6768
7393
|
// malicious markup on a later engine coercion (see toSafeStringValue() docs).
|
|
6769
7394
|
value$LWS = toSafeStringValue$LWS(value$LWS);
|
|
6770
7395
|
}
|
|
6771
|
-
if (isIframeSrcdocScriptAttack$
|
|
7396
|
+
if (isIframeSrcdocScriptAttack$7$LWS(value$LWS)) {
|
|
6772
7397
|
throw new LockerSecurityError$LWS(`Cannot set 'innerHTML' using an unsecure ${toSafeTemplateStringValue$LWS(value$LWS)}.`);
|
|
6773
7398
|
}
|
|
6774
7399
|
ReflectApply$LWS$1(originalInnerHTMLSetter$LWS, this, [value$LWS]);
|
|
@@ -6806,7 +7431,7 @@ function initDistortionElementInsertAdjacentElement$LWS({
|
|
|
6806
7431
|
};
|
|
6807
7432
|
}
|
|
6808
7433
|
const {
|
|
6809
|
-
isIframeSrcdocScriptAttack: isIframeSrcdocScriptAttack$
|
|
7434
|
+
isIframeSrcdocScriptAttack: isIframeSrcdocScriptAttack$6$LWS,
|
|
6810
7435
|
isSharedElement: isSharedElement$w$LWS
|
|
6811
7436
|
} = rootValidator$LWS;
|
|
6812
7437
|
const allowedElementHTMLRegExp$LWS = /^\s*<(link|script|style)/i;
|
|
@@ -6838,7 +7463,7 @@ function initDistortionElementInsertAdjacentHTML$LWS({
|
|
|
6838
7463
|
const contentType$LWS = this instanceof SVGElement ? ContentType$LWS.SVG : ContentType$LWS.HTML;
|
|
6839
7464
|
args$LWS[1] = lwsInternalPolicy$LWS.createHTML(args$LWS[1], key$LWS, contentType$LWS);
|
|
6840
7465
|
// If the sanitized string is still insecure, throw an exception
|
|
6841
|
-
if (isIframeSrcdocScriptAttack$
|
|
7466
|
+
if (isIframeSrcdocScriptAttack$6$LWS(args$LWS[1])) {
|
|
6842
7467
|
throw new LockerSecurityError$LWS(`Cannot set 'insertAdjacentHTML' using an unsecure ${toSafeTemplateStringValue$LWS(args$LWS[1])}.`);
|
|
6843
7468
|
}
|
|
6844
7469
|
}
|
|
@@ -6865,7 +7490,7 @@ function initDistortionElementOuterHTMLGetter$LWS({
|
|
|
6865
7490
|
};
|
|
6866
7491
|
}
|
|
6867
7492
|
const {
|
|
6868
|
-
isIframeSrcdocScriptAttack: isIframeSrcdocScriptAttack$
|
|
7493
|
+
isIframeSrcdocScriptAttack: isIframeSrcdocScriptAttack$5$LWS,
|
|
6869
7494
|
isSharedElement: isSharedElement$v$LWS
|
|
6870
7495
|
} = rootValidator$LWS;
|
|
6871
7496
|
function initDistortionElementOuterHTMLSetter$LWS({
|
|
@@ -6891,7 +7516,7 @@ function initDistortionElementOuterHTMLSetter$LWS({
|
|
|
6891
7516
|
const html$LWS = lwsInternalPolicy$LWS.createHTML(value$LWS, key$LWS, ContentType$LWS.HTML);
|
|
6892
7517
|
// Ensure that the created html snippet is secure (no mXSS)
|
|
6893
7518
|
if (isGaterEnabledFeature$LWS('changesSince.260')) {
|
|
6894
|
-
if (isIframeSrcdocScriptAttack$
|
|
7519
|
+
if (isIframeSrcdocScriptAttack$5$LWS(html$LWS)) {
|
|
6895
7520
|
throw new LockerSecurityError$LWS(`Cannot set 'outerHTML' using an unsecure ${toSafeTemplateStringValue$LWS(value$LWS)}.`);
|
|
6896
7521
|
}
|
|
6897
7522
|
}
|
|
@@ -6961,6 +7586,89 @@ function initDistortionElementRemove$LWS({
|
|
|
6961
7586
|
return distortionEntry$LWS;
|
|
6962
7587
|
};
|
|
6963
7588
|
}
|
|
7589
|
+
|
|
7590
|
+
// Intentionally narrow: only 'sandbox' needs protection today. If more iframe
|
|
7591
|
+
// attributes require removal-blocking in the future, generalize to a Set.
|
|
7592
|
+
const SANDBOX_ATTR$4$LWS = 'sandbox';
|
|
7593
|
+
function initDistortionElementRemoveAttribute$LWS({
|
|
7594
|
+
globalObject: {
|
|
7595
|
+
Element: {
|
|
7596
|
+
prototype: {
|
|
7597
|
+
removeAttribute: originalRemoveAttribute$LWS
|
|
7598
|
+
}
|
|
7599
|
+
},
|
|
7600
|
+
HTMLIFrameElement: HTMLIFrameElement$LWS
|
|
7601
|
+
}
|
|
7602
|
+
}) {
|
|
7603
|
+
const distortionEntry$LWS = [originalRemoveAttribute$LWS, function removeAttribute$LWS(...args$LWS) {
|
|
7604
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
7605
|
+
if (args$LWS.length > 0) {
|
|
7606
|
+
const attrName$LWS = ReflectApply$LWS$1(StringProtoToLowerCase$LWS, toSafeStringValue$LWS(args$LWS[0]), []);
|
|
7607
|
+
if (attrName$LWS === SANDBOX_ATTR$4$LWS && this instanceof HTMLIFrameElement$LWS) {
|
|
7608
|
+
throw new LockerSecurityError$LWS("Cannot remove 'sandbox' attribute from HTMLIFrameElement.");
|
|
7609
|
+
}
|
|
7610
|
+
}
|
|
7611
|
+
}
|
|
7612
|
+
return ReflectApply$LWS$1(ElementProtoRemoveAttribute$LWS, this, args$LWS);
|
|
7613
|
+
}];
|
|
7614
|
+
return function distortionElementRemoveAttribute$LWS() {
|
|
7615
|
+
return distortionEntry$LWS;
|
|
7616
|
+
};
|
|
7617
|
+
}
|
|
7618
|
+
const SANDBOX_ATTR$3$LWS = 'sandbox';
|
|
7619
|
+
function initDistortionElementRemoveAttributeNode$LWS({
|
|
7620
|
+
globalObject: {
|
|
7621
|
+
Attr: Attr$LWS,
|
|
7622
|
+
Element: {
|
|
7623
|
+
prototype: {
|
|
7624
|
+
removeAttributeNode: originalRemoveAttributeNode$LWS
|
|
7625
|
+
}
|
|
7626
|
+
},
|
|
7627
|
+
HTMLIFrameElement: HTMLIFrameElement$LWS
|
|
7628
|
+
}
|
|
7629
|
+
}) {
|
|
7630
|
+
const distortionEntry$LWS = [originalRemoveAttributeNode$LWS, function removeAttributeNode$LWS(...args$LWS) {
|
|
7631
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
7632
|
+
const attr$LWS = args$LWS.length ? args$LWS[0] : undefined;
|
|
7633
|
+
if (attr$LWS instanceof Attr$LWS) {
|
|
7634
|
+
const attrName$LWS = ReflectApply$LWS$1(StringProtoToLowerCase$LWS, ReflectApply$LWS$1(AttrProtoNameGetter$LWS, attr$LWS, []), []);
|
|
7635
|
+
if (attrName$LWS === SANDBOX_ATTR$3$LWS && this instanceof HTMLIFrameElement$LWS) {
|
|
7636
|
+
throw new LockerSecurityError$LWS("Cannot remove 'sandbox' attribute from HTMLIFrameElement.");
|
|
7637
|
+
}
|
|
7638
|
+
}
|
|
7639
|
+
}
|
|
7640
|
+
return ReflectApply$LWS$1(ElementProtoRemoveAttributeNode$LWS, this, args$LWS);
|
|
7641
|
+
}];
|
|
7642
|
+
return function distortionElementRemoveAttributeNode$LWS() {
|
|
7643
|
+
return distortionEntry$LWS;
|
|
7644
|
+
};
|
|
7645
|
+
}
|
|
7646
|
+
const SANDBOX_ATTR$2$LWS = 'sandbox';
|
|
7647
|
+
function initDistortionElementRemoveAttributeNS$LWS({
|
|
7648
|
+
globalObject: {
|
|
7649
|
+
Element: {
|
|
7650
|
+
prototype: {
|
|
7651
|
+
removeAttributeNS: originalRemoveAttributeNS$LWS
|
|
7652
|
+
}
|
|
7653
|
+
},
|
|
7654
|
+
HTMLIFrameElement: HTMLIFrameElement$LWS
|
|
7655
|
+
}
|
|
7656
|
+
}) {
|
|
7657
|
+
const distortionEntry$LWS = [originalRemoveAttributeNS$LWS, function removeAttributeNS$LWS(...args$LWS) {
|
|
7658
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
7659
|
+
if (args$LWS.length > 1) {
|
|
7660
|
+
const attrName$LWS = ReflectApply$LWS$1(StringProtoToLowerCase$LWS, toSafeStringValue$LWS(args$LWS[1]), []);
|
|
7661
|
+
if (attrName$LWS === SANDBOX_ATTR$2$LWS && this instanceof HTMLIFrameElement$LWS) {
|
|
7662
|
+
throw new LockerSecurityError$LWS("Cannot remove 'sandbox' attribute from HTMLIFrameElement.");
|
|
7663
|
+
}
|
|
7664
|
+
}
|
|
7665
|
+
}
|
|
7666
|
+
return ReflectApply$LWS$1(ElementProtoRemoveAttributeNS$LWS, this, args$LWS);
|
|
7667
|
+
}];
|
|
7668
|
+
return function distortionElementRemoveAttributeNS$LWS() {
|
|
7669
|
+
return distortionEntry$LWS;
|
|
7670
|
+
};
|
|
7671
|
+
}
|
|
6964
7672
|
const {
|
|
6965
7673
|
isSharedElement: isSharedElement$s$LWS
|
|
6966
7674
|
} = rootValidator$LWS;
|
|
@@ -7021,7 +7729,7 @@ function initDistortionElementSetAttribute$LWS({
|
|
|
7021
7729
|
if (args$LWS.length > 1) {
|
|
7022
7730
|
const attrName$LWS = normalizeNamespacedAttributeName$LWS(toSafeStringValue$LWS(args$LWS[0]));
|
|
7023
7731
|
const attrValue$LWS = toSafeStringValue$LWS(args$LWS[1]);
|
|
7024
|
-
const distortion$LWS =
|
|
7732
|
+
const distortion$LWS = getAttributeSetterDistortion$LWS(record$LWS, this, attrName$LWS);
|
|
7025
7733
|
if (distortion$LWS) {
|
|
7026
7734
|
ReflectApply$LWS$1(distortion$LWS, this, [attrValue$LWS]);
|
|
7027
7735
|
return;
|
|
@@ -7064,7 +7772,7 @@ function initDistortionElementSetAttributeNode$LWS({
|
|
|
7064
7772
|
const attrName$LWS = normalizeNamespacedAttributeName$LWS(ReflectApply$LWS$1(AttrProtoNameGetter$LWS, attr$LWS, []));
|
|
7065
7773
|
const attrNamespace$LWS = ReflectApply$LWS$1(AttrProtoNamespaceURIGetter$LWS, attr$LWS, []);
|
|
7066
7774
|
const normalizedNamespace$LWS = normalizeNamespace$LWS(attrNamespace$LWS);
|
|
7067
|
-
const distortion$LWS =
|
|
7775
|
+
const distortion$LWS = getAttributeSetterDistortion$LWS(record$LWS, this, attrName$LWS, normalizedNamespace$LWS);
|
|
7068
7776
|
if (distortion$LWS) {
|
|
7069
7777
|
const oldAttr$LWS = ReflectApply$LWS$1(ElementProtoGetAttributeNode$LWS, this, [attrName$LWS]);
|
|
7070
7778
|
if (oldAttr$LWS) {
|
|
@@ -7122,7 +7830,7 @@ function initDistortionElementSetAttributeNodeNS$LWS({
|
|
|
7122
7830
|
const attrName$LWS = normalizeNamespacedAttributeName$LWS(ReflectApply$LWS$1(AttrProtoNameGetter$LWS, attr$LWS, []));
|
|
7123
7831
|
const attrNamespace$LWS = ReflectApply$LWS$1(AttrProtoNamespaceURIGetter$LWS, attr$LWS, []);
|
|
7124
7832
|
const normalizedNamespace$LWS = normalizeNamespace$LWS(attrNamespace$LWS);
|
|
7125
|
-
const distortion$LWS =
|
|
7833
|
+
const distortion$LWS = getAttributeSetterDistortion$LWS(record$LWS, this, attrName$LWS, normalizedNamespace$LWS);
|
|
7126
7834
|
if (distortion$LWS) {
|
|
7127
7835
|
const oldAttr$LWS = ReflectApply$LWS$1(ElementProtoGetAttributeNodeNS$LWS, this, [attrNamespace$LWS, attrName$LWS]);
|
|
7128
7836
|
if (oldAttr$LWS) {
|
|
@@ -7178,7 +7886,7 @@ function initDistortionElementSetAttributeNS$LWS({
|
|
|
7178
7886
|
const attrName$LWS = normalizeNamespacedAttributeName$LWS(toSafeStringValue$LWS(args$LWS[1]));
|
|
7179
7887
|
const attrValue$LWS = toSafeStringValue$LWS(args$LWS[2]);
|
|
7180
7888
|
const normalizedNamespace$LWS = normalizeNamespace$LWS(attrNamespace$LWS);
|
|
7181
|
-
const distortion$LWS =
|
|
7889
|
+
const distortion$LWS = getAttributeSetterDistortion$LWS(record$LWS, this, attrName$LWS, normalizedNamespace$LWS);
|
|
7182
7890
|
// istanbul ignore else: needs default platform behavior test
|
|
7183
7891
|
if (distortion$LWS) {
|
|
7184
7892
|
ReflectApply$LWS$1(distortion$LWS, this, [attrValue$LWS]);
|
|
@@ -7204,7 +7912,7 @@ function initDistortionElementSetAttributeNS$LWS({
|
|
|
7204
7912
|
};
|
|
7205
7913
|
}
|
|
7206
7914
|
const {
|
|
7207
|
-
isIframeSrcdocScriptAttack: isIframeSrcdocScriptAttack$
|
|
7915
|
+
isIframeSrcdocScriptAttack: isIframeSrcdocScriptAttack$4$LWS,
|
|
7208
7916
|
isSharedElement: isSharedElement$q$LWS
|
|
7209
7917
|
} = rootValidator$LWS;
|
|
7210
7918
|
function initDistortionElementSetHTML$LWS({
|
|
@@ -7249,7 +7957,7 @@ function initDistortionElementSetHTML$LWS({
|
|
|
7249
7957
|
// This will be in addition to the sanitization we have.
|
|
7250
7958
|
const contentType$LWS = isSVGElement$LWS ? ContentType$LWS.SVG : ContentType$LWS.HTML;
|
|
7251
7959
|
args$LWS[0] = lwsInternalPolicy$LWS.createHTML(normalizedValue$LWS, key$LWS, contentType$LWS);
|
|
7252
|
-
if (isIframeSrcdocScriptAttack$
|
|
7960
|
+
if (isIframeSrcdocScriptAttack$4$LWS(args$LWS[0])) {
|
|
7253
7961
|
throw new LockerSecurityError$LWS(`Cannot 'setHTML' using an unsecure ${toSafeTemplateStringValue$LWS(args$LWS[0])}.`);
|
|
7254
7962
|
}
|
|
7255
7963
|
}
|
|
@@ -7258,7 +7966,7 @@ function initDistortionElementSetHTML$LWS({
|
|
|
7258
7966
|
};
|
|
7259
7967
|
}
|
|
7260
7968
|
const {
|
|
7261
|
-
isIframeSrcdocScriptAttack: isIframeSrcdocScriptAttack$
|
|
7969
|
+
isIframeSrcdocScriptAttack: isIframeSrcdocScriptAttack$3$LWS,
|
|
7262
7970
|
isSharedElement: isSharedElement$p$LWS
|
|
7263
7971
|
} = rootValidator$LWS;
|
|
7264
7972
|
function initDistortionElementSetHTMLUnsafe$LWS({
|
|
@@ -7319,7 +8027,7 @@ function initDistortionElementSetHTMLUnsafe$LWS({
|
|
|
7319
8027
|
const contentType$LWS = isSVGElement$LWS ? ContentType$LWS.SVG : ContentType$LWS.HTML;
|
|
7320
8028
|
normalizedValue$LWS = lwsInternalPolicy$LWS.createHTML(normalizedValue$LWS, key$LWS, contentType$LWS);
|
|
7321
8029
|
}
|
|
7322
|
-
if (isIframeSrcdocScriptAttack$
|
|
8030
|
+
if (isIframeSrcdocScriptAttack$3$LWS(normalizedValue$LWS)) {
|
|
7323
8031
|
throw new LockerSecurityError$LWS(`Cannot 'setHTMLUnsafe' using an unsecure ${toSafeTemplateStringValue$LWS(normalizedValue$LWS)}.`);
|
|
7324
8032
|
}
|
|
7325
8033
|
ReflectApply$LWS$1(originalSetHTMLUnsafe$LWS, this, [normalizedValue$LWS]);
|
|
@@ -7362,7 +8070,7 @@ function initDistortionElementToggleAttribute$LWS({
|
|
|
7362
8070
|
// istanbul ignore else: needs default platform behavior test
|
|
7363
8071
|
if (length$LWS > 0) {
|
|
7364
8072
|
const attrName$LWS = toSafeStringValue$LWS(args$LWS[0]);
|
|
7365
|
-
const distortion$LWS =
|
|
8073
|
+
const distortion$LWS = getAttributeSetterDistortion$LWS(record$LWS, this, attrName$LWS);
|
|
7366
8074
|
// istanbul ignore else: needs default platform behavior test
|
|
7367
8075
|
if (distortion$LWS) {
|
|
7368
8076
|
const distortionArgs$LWS = length$LWS > 1 ? [args$LWS[1]] : [];
|
|
@@ -7496,6 +8204,39 @@ function initDistortionEventTargetAddEventListener$LWS({
|
|
|
7496
8204
|
return [originalAddEventListener$LWS, addEventListener$LWS];
|
|
7497
8205
|
};
|
|
7498
8206
|
}
|
|
8207
|
+
|
|
8208
|
+
// @W-18977628 — Reserved event types that sandboxed code must never dispatch.
|
|
8209
|
+
// These are internal Aura framework events whose listeners run outside the
|
|
8210
|
+
// sandbox and pass privileged unsandboxed references to the caller.
|
|
8211
|
+
const BLOCKED_DISPATCH_EVENT_TYPES$LWS = toSafeSet$LWS(new SetCtor$LWS$1(['aurainteropfindowner']));
|
|
8212
|
+
function initDistortionEventTargetDispatchEvent$LWS({
|
|
8213
|
+
globalObject: {
|
|
8214
|
+
EventTarget: {
|
|
8215
|
+
prototype: {
|
|
8216
|
+
dispatchEvent: originalDispatchEvent$LWS
|
|
8217
|
+
}
|
|
8218
|
+
}
|
|
8219
|
+
}
|
|
8220
|
+
}) {
|
|
8221
|
+
return function distortionEventTargetDispatchEvent$LWS() {
|
|
8222
|
+
function dispatchEvent$LWS(...args$LWS) {
|
|
8223
|
+
const {
|
|
8224
|
+
length: length$LWS
|
|
8225
|
+
} = args$LWS;
|
|
8226
|
+
// Ensure that we fallback to the default platform behavior which
|
|
8227
|
+
// should fail if less than 1 argument is provided.
|
|
8228
|
+
// istanbul ignore else: needs default platform behavior test
|
|
8229
|
+
if (length$LWS > 0 && isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
8230
|
+
const eventType$LWS = toSafeStringValue$LWS(ReflectApply$LWS$1(EventProtoTypeGetter$LWS, args$LWS[0], []));
|
|
8231
|
+
if (BLOCKED_DISPATCH_EVENT_TYPES$LWS.has(eventType$LWS)) {
|
|
8232
|
+
throw new LockerSecurityError$LWS(`Cannot dispatch '${eventType$LWS}' event.`);
|
|
8233
|
+
}
|
|
8234
|
+
}
|
|
8235
|
+
return ReflectApply$LWS$1(originalDispatchEvent$LWS, this, args$LWS);
|
|
8236
|
+
}
|
|
8237
|
+
return [originalDispatchEvent$LWS, dispatchEvent$LWS];
|
|
8238
|
+
};
|
|
8239
|
+
}
|
|
7499
8240
|
function initDistortionFunction$LWS({
|
|
7500
8241
|
UNCOMPILED_CONTEXT: UNCOMPILED_CONTEXT$LWS,
|
|
7501
8242
|
globalObject: {
|
|
@@ -7610,15 +8351,21 @@ function initDistortionHTMLAnchorElementHrefSetter$LWS({
|
|
|
7610
8351
|
const originalHrefSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLAnchorElement$LWS.prototype, 'href');
|
|
7611
8352
|
function href$LWS(value$LWS) {
|
|
7612
8353
|
const urlString$LWS = sanitizeURLForElement$LWS(value$LWS);
|
|
7613
|
-
if (isGaterEnabledFeature$LWS('
|
|
7614
|
-
|
|
8354
|
+
if (isGaterEnabledFeature$LWS('htmlAnchorElementHrefValidation')) {
|
|
8355
|
+
if (!isValidAnchorURLScheme$LWS(urlString$LWS)) {
|
|
8356
|
+
throw new LockerSecurityError$LWS('HTMLAnchorElement.href supports http://, https://, blob: schemes, relative urls and about:blank.');
|
|
8357
|
+
}
|
|
8358
|
+
const parsedURL$LWS = parseURL$LWS(urlString$LWS);
|
|
8359
|
+
if (!isAllowedEndpointURL$LWS(parsedURL$LWS)) {
|
|
8360
|
+
throw new LockerSecurityError$LWS(`Cannot request disallowed endpoint: ${toSafeTemplateStringValue$LWS(parsedURL$LWS.normalizedURL)}`);
|
|
8361
|
+
}
|
|
7615
8362
|
}
|
|
7616
8363
|
ReflectApply$LWS$1(HTMLAnchorElementProtoHrefSetter$LWS, this, [urlString$LWS]);
|
|
7617
8364
|
}
|
|
7618
8365
|
const distortionEntry$LWS = [originalHrefSetter$LWS, href$LWS];
|
|
7619
8366
|
return function distortionHTMLAnchorElementHrefSetter$LWS(record$LWS) {
|
|
7620
|
-
if (isGaterEnabledFeature$LWS('
|
|
7621
|
-
|
|
8367
|
+
if (isGaterEnabledFeature$LWS('htmlAnchorElementHrefValidation')) {
|
|
8368
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLAnchorElement$LWS, 'href', NAMESPACE_DEFAULT$LWS, href$LWS);
|
|
7622
8369
|
}
|
|
7623
8370
|
// This will fall back to the original href setter if the gate is not enabled
|
|
7624
8371
|
return distortionEntry$LWS;
|
|
@@ -7686,7 +8433,7 @@ function initDistortionHTMLButtonElementFormActionSetter$LWS({
|
|
|
7686
8433
|
}
|
|
7687
8434
|
ReflectApply$LWS$1(HTMLButtonElementProtoFormActionSetter$LWS, this, [urlString$LWS]);
|
|
7688
8435
|
}
|
|
7689
|
-
|
|
8436
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLButtonElement$LWS, 'formaction', NAMESPACE_DEFAULT$LWS, formAction$LWS);
|
|
7690
8437
|
return [originalFormActionSetter$LWS, formAction$LWS];
|
|
7691
8438
|
}
|
|
7692
8439
|
// istanbul ignore next: ungated return is not reachable in coverage runs
|
|
@@ -7865,7 +8612,7 @@ function initDistortionHTMLFormElementActionSetter$LWS({
|
|
|
7865
8612
|
}
|
|
7866
8613
|
ReflectApply$LWS$1(HTMLFormElementProtoActionSetter$LWS, this, [urlString$LWS]);
|
|
7867
8614
|
}
|
|
7868
|
-
|
|
8615
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLFormElement$LWS, 'action', NAMESPACE_DEFAULT$LWS, action$LWS);
|
|
7869
8616
|
return [originalActionSetter$LWS, action$LWS];
|
|
7870
8617
|
}
|
|
7871
8618
|
// istanbul ignore next: ungated return is not reachable in coverage runs
|
|
@@ -7942,13 +8689,145 @@ function initDistortionHTMLIFrameElementSandboxGetter$LWS({
|
|
|
7942
8689
|
}];
|
|
7943
8690
|
};
|
|
7944
8691
|
}
|
|
8692
|
+
|
|
8693
|
+
// Provenance: the design for this pipeline (per-iframe pending-URL
|
|
8694
|
+
const pendingURLs$LWS = toSafeWeakMap$LWS$1(new WeakMapCtor$LWS$1());
|
|
8695
|
+
const inflightControllers$LWS = toSafeWeakMap$LWS$1(new WeakMapCtor$LWS$1());
|
|
8696
|
+
// W-22382462: iframes whose pre-flight detected an attack pattern in the
|
|
8697
|
+
// fetched response body. The setter checks this set at entry and throws
|
|
8698
|
+
// synchronously on any subsequent write attempt, so the violation is
|
|
8699
|
+
// observable from sandboxed code on the *next* sync touchpoint after
|
|
8700
|
+
// the async pre-flight resolved hostile.
|
|
8701
|
+
const poisonedIframes$LWS = toSafeWeakSet$LWS$1(new WeakSetCtor$LWS$1());
|
|
8702
|
+
// W-22382462: cross-iframe URL rejection cache. When a pre-flight
|
|
8703
|
+
// detects hostile, the URL's pathname is added here. Any subsequent
|
|
8704
|
+
// iframe.src assignment to a URL with the same pathname (regardless of
|
|
8705
|
+
// the iframe instance, query string, or fragment) throws synchronously
|
|
8706
|
+
// without re-fetching. Rationale: in this threat model attacker-
|
|
8707
|
+
// controllable content surfaces are deployable static resources whose
|
|
8708
|
+
// pathname maps 1:1 to their body. Re-fetching the same hostile body
|
|
8709
|
+
// for every fresh iframe is wasted work and provides an attacker a
|
|
8710
|
+
// re-attempt window if a transient network failure lets the second
|
|
8711
|
+
// fetch succeed where the first failed; pathname-keyed rejection
|
|
8712
|
+
// closes both.
|
|
8713
|
+
const rejectedPathnames$LWS = toSafeSet$LWS(new SetCtor$LWS$1());
|
|
8714
|
+
const detachedPending$LWS = toSafeMap$LWS$1(new MapCtor$LWS$1());
|
|
8715
|
+
function getPendingURL$LWS(iframe$LWS) {
|
|
8716
|
+
return pendingURLs$LWS.get(iframe$LWS);
|
|
8717
|
+
}
|
|
8718
|
+
function setPendingURL$LWS(iframe$LWS, url$LWS) {
|
|
8719
|
+
pendingURLs$LWS.set(iframe$LWS, url$LWS);
|
|
8720
|
+
}
|
|
8721
|
+
function clearPendingURL$LWS(iframe$LWS) {
|
|
8722
|
+
pendingURLs$LWS.delete(iframe$LWS);
|
|
8723
|
+
}
|
|
8724
|
+
function abortInflightPreflight$LWS(iframe$LWS) {
|
|
8725
|
+
const controller$LWS = inflightControllers$LWS.get(iframe$LWS);
|
|
8726
|
+
if (controller$LWS !== undefined) {
|
|
8727
|
+
ReflectApply$LWS$1(AbortControllerProtoAbort$LWS, controller$LWS, []);
|
|
8728
|
+
inflightControllers$LWS.delete(iframe$LWS);
|
|
8729
|
+
}
|
|
8730
|
+
}
|
|
8731
|
+
function trackInflightPreflight$LWS(iframe$LWS, controller$LWS) {
|
|
8732
|
+
inflightControllers$LWS.set(iframe$LWS, controller$LWS);
|
|
8733
|
+
}
|
|
8734
|
+
function clearInflightPreflight$LWS(iframe$LWS) {
|
|
8735
|
+
inflightControllers$LWS.delete(iframe$LWS);
|
|
8736
|
+
}
|
|
8737
|
+
function poisonIframe$LWS(iframe$LWS) {
|
|
8738
|
+
poisonedIframes$LWS.add(iframe$LWS);
|
|
8739
|
+
}
|
|
8740
|
+
function isPoisonedIframe$LWS(iframe$LWS) {
|
|
8741
|
+
return poisonedIframes$LWS.has(iframe$LWS);
|
|
8742
|
+
}
|
|
8743
|
+
function rejectPathname$LWS(pathname$LWS) {
|
|
8744
|
+
rejectedPathnames$LWS.add(pathname$LWS);
|
|
8745
|
+
}
|
|
8746
|
+
function isRejectedPathname$LWS(pathname$LWS) {
|
|
8747
|
+
return rejectedPathnames$LWS.has(pathname$LWS);
|
|
8748
|
+
}
|
|
8749
|
+
function setDetachedPending$LWS(iframe$LWS, entry$LWS) {
|
|
8750
|
+
detachedPending$LWS.set(iframe$LWS, entry$LWS);
|
|
8751
|
+
}
|
|
8752
|
+
function clearDetachedPending$LWS(iframe$LWS) {
|
|
8753
|
+
detachedPending$LWS.delete(iframe$LWS);
|
|
8754
|
+
}
|
|
8755
|
+
function forEachDetachedPending$LWS(callback$LWS) {
|
|
8756
|
+
detachedPending$LWS.forEach((entry$LWS, iframe$LWS) => {
|
|
8757
|
+
callback$LWS(iframe$LWS, entry$LWS);
|
|
8758
|
+
});
|
|
8759
|
+
}
|
|
8760
|
+
|
|
8761
|
+
// Provenance: the W-22382462 same-origin async pre-flight pipeline added
|
|
8762
|
+
const {
|
|
8763
|
+
isIframeSrcdocAttack: isIframeSrcdocAttack$LWS,
|
|
8764
|
+
isXMLEntityAttack: isXMLEntityAttack$LWS,
|
|
8765
|
+
isXMLNamespacedScriptAttack: isXMLNamespacedScriptAttack$LWS
|
|
8766
|
+
} = rootValidator$LWS;
|
|
7945
8767
|
const ABOUT_BLANK_TOKEN$LWS = 'about:blank';
|
|
7946
8768
|
const ALLOW_SAME_ORIGIN_TOKEN$LWS = 'allow-same-origin';
|
|
7947
8769
|
const ALLOW_SCRIPTS_TOKEN$LWS = 'allow-scripts';
|
|
7948
8770
|
const sameOriginSandboxedByLWS$LWS = toSafeWeakSet$LWS$1(new WeakSetCtor$LWS$1());
|
|
7949
|
-
|
|
8771
|
+
// W-22382462: connection observer for detached iframes with pending
|
|
8772
|
+
// same-origin URLs. The browser only fetches an iframe's src when the
|
|
8773
|
+
// iframe is connected to a document; setting src on a detached iframe
|
|
8774
|
+
// records the attribute but does not initiate any network activity
|
|
8775
|
+
// until attachment. The original pre-flight implementation skipped
|
|
8776
|
+
// detached iframes and wrote the native attribute eagerly, which left
|
|
8777
|
+
// a hole: a hostile URL set on a detached iframe and then attached
|
|
8778
|
+
// via `appendChild` would auto-fetch and parse before any LWS check
|
|
8779
|
+
// ran. The fix: defer both the native write AND the pre-flight until
|
|
8780
|
+
// the iframe is observed to enter a connected subtree, then run the
|
|
8781
|
+
// existing pre-flight pipeline at that moment. The native attribute
|
|
8782
|
+
// stays unwritten through the inspection window, so the browser never
|
|
8783
|
+
// auto-fetches a hostile body without our approval.
|
|
8784
|
+
//
|
|
8785
|
+
// One observer at module scope handles all detached-pending iframes
|
|
8786
|
+
// regardless of which sandbox set their src. The observer's callback
|
|
8787
|
+
// iterates the small detached-pending Map (typically empty or 1-2
|
|
8788
|
+
// entries) and dispatches the deferred pre-flight for any iframe
|
|
8789
|
+
// that is now connected. Lazy registration: the observer is wired up
|
|
8790
|
+
// the first time any setter parks a URL on a detached iframe, so
|
|
8791
|
+
// sandboxes that never use detached iframes pay no observer cost.
|
|
8792
|
+
let connectionObserverRegistered$LWS = false;
|
|
8793
|
+
function ensureConnectionObserverRegistered$LWS() {
|
|
8794
|
+
if (connectionObserverRegistered$LWS) {
|
|
8795
|
+
return;
|
|
8796
|
+
}
|
|
8797
|
+
connectionObserverRegistered$LWS = true;
|
|
8798
|
+
const observer$LWS = new MutationObserverCtor$LWS(() => {
|
|
8799
|
+
forEachDetachedPending$LWS((iframe$LWS, entry$LWS) => {
|
|
8800
|
+
if (ReflectApply$LWS$1(NodeProtoIsConnectedGetter$LWS, iframe$LWS, [])) {
|
|
8801
|
+
clearDetachedPending$LWS(iframe$LWS);
|
|
8802
|
+
entry$LWS.runDeferredPreflight();
|
|
8803
|
+
}
|
|
8804
|
+
});
|
|
8805
|
+
});
|
|
8806
|
+
ReflectApply$LWS$1(MutationObserverProtoObserve$LWS, observer$LWS, [rootDocument$LWS, {
|
|
8807
|
+
__proto__: null,
|
|
8808
|
+
childList: true,
|
|
8809
|
+
subtree: true
|
|
8810
|
+
}]);
|
|
8811
|
+
}
|
|
8812
|
+
function enforceSandboxAllowScriptsForSameOriginIframeRealm$LWS(iframe$LWS, srcValueOverride$LWS) {
|
|
7950
8813
|
const sandboxTokenList$LWS = ReflectApply$LWS$1(HTMLIFrameElementProtoSandboxGetter$LWS, iframe$LWS, []);
|
|
7951
|
-
|
|
8814
|
+
// Source of truth for the iframe's effective src, in priority order:
|
|
8815
|
+
// 1. Explicit override from the caller (the pre-flight setter's
|
|
8816
|
+
// synchronous call passes the queued URL).
|
|
8817
|
+
// 2. Pending URL from the registry-backed bookkeeping (any other
|
|
8818
|
+
// caller, e.g. iframe.sandbox = '...', running while a
|
|
8819
|
+
// pre-flight is in flight: the queued URL is the URL the
|
|
8820
|
+
// iframe will end up at when the pre-flight commits, so the
|
|
8821
|
+
// sandbox classification must reflect that, not the native
|
|
8822
|
+
// attribute store which is still empty).
|
|
8823
|
+
// 3. The native src getter (fall-through; no pending state).
|
|
8824
|
+
let srcValue$LWS;
|
|
8825
|
+
if (srcValueOverride$LWS !== undefined) {
|
|
8826
|
+
srcValue$LWS = srcValueOverride$LWS;
|
|
8827
|
+
} else {
|
|
8828
|
+
const pending$LWS = getPendingURL$LWS(iframe$LWS);
|
|
8829
|
+
srcValue$LWS = pending$LWS !== undefined ? pending$LWS : ReflectApply$LWS$1(HTMLIFrameElementProtoSrcGetter$LWS, iframe$LWS, []);
|
|
8830
|
+
}
|
|
7952
8831
|
// Before adding "allow-scripts", check that "allow-same-origin" isn't present. If it is,
|
|
7953
8832
|
// throw an exception because LWS cannot allow an iframe created by component code to
|
|
7954
8833
|
// have sandbox="allow-same-origin allow-scripts", because that would enable access to
|
|
@@ -7994,12 +8873,23 @@ function enforceSandboxAllowScriptsForSameOriginIframeRealm$LWS(iframe$LWS) {
|
|
|
7994
8873
|
}
|
|
7995
8874
|
function initDistortionHTMLIFrameElementSrcSetter$LWS({
|
|
7996
8875
|
globalObject: {
|
|
7997
|
-
HTMLIFrameElement: HTMLIFrameElement$LWS
|
|
8876
|
+
HTMLIFrameElement: HTMLIFrameElement$LWS,
|
|
8877
|
+
fetch: originalFetch$LWS
|
|
7998
8878
|
}
|
|
7999
8879
|
}) {
|
|
8000
8880
|
const originalSrcSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLIFrameElement$LWS.prototype, 'src');
|
|
8001
8881
|
return function distortionHTMLIFrameElementSrcSetter$LWS(record$LWS) {
|
|
8002
8882
|
function src$LWS(value$LWS) {
|
|
8883
|
+
// If a prior async pre-flight on this iframe detected an
|
|
8884
|
+
// attack-pattern in the fetched body, the iframe is permanently
|
|
8885
|
+
// poisoned. Any subsequent synchronous write attempt throws,
|
|
8886
|
+
// so the security violation surfaces at the call site of the
|
|
8887
|
+
// FOLLOWING `iframe.src = ...` (or setAttribute('src',...) etc.)
|
|
8888
|
+
// even though we cannot synchronously propagate the original
|
|
8889
|
+
// hostile-detection back to its triggering setter call.
|
|
8890
|
+
if (isGaterEnabledFeature$LWS('changesSince.264') && isPoisonedIframe$LWS(this)) {
|
|
8891
|
+
throw new LockerSecurityError$LWS('HTMLIFrameElement is poisoned: a prior src assignment fetched a body containing an attack pattern. The iframe cannot be reused.');
|
|
8892
|
+
}
|
|
8003
8893
|
const normalizedSrcValue$LWS = toSafeStringValue$LWS(value$LWS);
|
|
8004
8894
|
// This must be done on the raw value before sanitization, because sanitization can
|
|
8005
8895
|
// remove the exploit pattern.
|
|
@@ -8024,12 +8914,208 @@ function initDistortionHTMLIFrameElementSrcSetter$LWS({
|
|
|
8024
8914
|
throw new LockerSecurityError$LWS(`Cannot request disallowed endpoint: ${toSafeTemplateStringValue$LWS(normalizedURL$LWS)}`);
|
|
8025
8915
|
}
|
|
8026
8916
|
}
|
|
8917
|
+
// Same-origin URLs go through an async pre-flight that fetches
|
|
8918
|
+
// the resource and runs its body through the rootValidator
|
|
8919
|
+
// attack-pattern checks. Any future-added pattern (XML entity
|
|
8920
|
+
// smuggling, iframe-srcdoc script injection, namespaced-script
|
|
8921
|
+
// payloads, etc.) is automatically picked up by virtue of going
|
|
8922
|
+
// through the same validators every other HTML-handling
|
|
8923
|
+
// distortion does. Same-origin guarantees the pre-flight body
|
|
8924
|
+
// is byte-identical to what the iframe load would receive
|
|
8925
|
+
// (attacker-controllable content surfaces in this threat model
|
|
8926
|
+
// are deployable static resources, which serve identical bytes
|
|
8927
|
+
// for every request). Cross-origin URLs proceed through the
|
|
8928
|
+
// existing pipeline unchanged because the JS layer cannot
|
|
8929
|
+
// inspect cross-origin response bodies and SOP already contains
|
|
8930
|
+
// the cross-origin contentDocument.
|
|
8931
|
+
//
|
|
8932
|
+
// Detached iframes can't pre-flight at set-time (the browser
|
|
8933
|
+
// hasn't queued any load), but they MUST NOT have their native
|
|
8934
|
+
// src written eagerly either: the moment such an iframe is
|
|
8935
|
+
// attached, the browser would auto-fetch and parse the body
|
|
8936
|
+
// before any LWS check could run. Instead, the URL is parked
|
|
8937
|
+
// in a detached-pending map and a connection observer dispatches
|
|
8938
|
+
// the deferred pre-flight when the iframe enters a connected
|
|
8939
|
+
// subtree. Native attribute stays unwritten until pre-flight
|
|
8940
|
+
// resolves. Pending URL is recorded normally so read paths
|
|
8941
|
+
// (iframe.src, getAttribute('src'), attributes['src'].value)
|
|
8942
|
+
// surface what sandbox code wrote.
|
|
8943
|
+
if (isGaterEnabledFeature$LWS('changesSince.264') && urlString$LWS !== '' && urlString$LWS !== ABOUT_BLANK_TOKEN$LWS && isSameOriginURL$LWS(urlString$LWS)) {
|
|
8944
|
+
// Cross-iframe rejection cache: if any prior pre-flight
|
|
8945
|
+
// (on this iframe or any other) detected an attack
|
|
8946
|
+
// pattern at this URL's pathname, refuse the assignment
|
|
8947
|
+
// synchronously without re-fetching. Runs regardless of
|
|
8948
|
+
// attached/detached state — a known-hostile pathname
|
|
8949
|
+
// is rejected at the call site.
|
|
8950
|
+
const parsedURL$LWS = parseURL$LWS(urlString$LWS);
|
|
8951
|
+
if (isRejectedPathname$LWS(parsedURL$LWS.pathname)) {
|
|
8952
|
+
throw new LockerSecurityError$LWS(`Cannot set src to "${toSafeTemplateStringValue$LWS(urlString$LWS)}": pathname previously rejected as containing an attack pattern.`);
|
|
8953
|
+
}
|
|
8954
|
+
if (ReflectApply$LWS$1(NodeProtoIsConnectedGetter$LWS, this, [])) {
|
|
8955
|
+
preflightSameOriginAndCommit$LWS(this, urlString$LWS, parsedURL$LWS.pathname, record$LWS);
|
|
8956
|
+
// Sandbox enforcement is deferred to onSafe so that
|
|
8957
|
+
// navigation occurs with the iframe's original sandbox
|
|
8958
|
+
// state. Adding `allow-scripts` synchronously here would
|
|
8959
|
+
// mark the iframe `sandbox="allow-scripts"` (without
|
|
8960
|
+
// `allow-same-origin`) at navigation time, which per
|
|
8961
|
+
// spec yields an opaque cross-origin browsing context
|
|
8962
|
+
// even for same-origin URLs. onSafe runs the helper
|
|
8963
|
+
// after the native src setter, matching the
|
|
8964
|
+
// legacy-path order where the iframe navigates with the
|
|
8965
|
+
// pre-existing sandbox state and `allow-scripts` is
|
|
8966
|
+
// added afterward.
|
|
8967
|
+
return;
|
|
8968
|
+
}
|
|
8969
|
+
// Detached: write native and run sandbox enforcement
|
|
8970
|
+
// synchronously (preserves the legacy-path
|
|
8971
|
+
// `setAttributeNodeNS` Attr-replacement semantics and
|
|
8972
|
+
// the synchronous read of `iframe.sandbox` after
|
|
8973
|
+
// `iframe.src = ...`). Then park the URL and register
|
|
8974
|
+
// the connection observer. When the iframe is later
|
|
8975
|
+
// attached, the observer reads the native src, clears
|
|
8976
|
+
// it (which aborts the browser's queued navigation per
|
|
8977
|
+
// HTML spec — changing src during a navigate aborts
|
|
8978
|
+
// the in-flight load), and runs the deferred
|
|
8979
|
+
// pre-flight. On safe, native src is written back and
|
|
8980
|
+
// the browser navigates. On hostile, native stays
|
|
8981
|
+
// cleared and the iframe is poisoned.
|
|
8982
|
+
//
|
|
8983
|
+
// The native write is safe while detached: the browser
|
|
8984
|
+
// does not navigate iframes that are not connected to
|
|
8985
|
+
// a document, so no fetch occurs until attachment, at
|
|
8986
|
+
// which point our observer interposes before the
|
|
8987
|
+
// browser's load task runs.
|
|
8988
|
+
const iframe$LWS = this;
|
|
8989
|
+
ReflectApply$LWS$1(HTMLIFrameElementProtoSrcSetter$LWS, iframe$LWS, [urlString$LWS]);
|
|
8990
|
+
if (isGaterEnabledFeature$LWS(ENABLE_SANDBOXED_SAMEORIGIN_IFRAME_GATE$LWS) && isNotAllowedToOverrideGaterEnabledFeature$LWS(record$LWS.key, ENABLE_SANDBOXED_SAMEORIGIN_IFRAME_GATE$LWS)) {
|
|
8991
|
+
enforceSandboxAllowScriptsForSameOriginIframeRealm$LWS(iframe$LWS);
|
|
8992
|
+
}
|
|
8993
|
+
setDetachedPending$LWS(iframe$LWS, {
|
|
8994
|
+
url: urlString$LWS,
|
|
8995
|
+
pathname: parsedURL$LWS.pathname,
|
|
8996
|
+
runDeferredPreflight: () => {
|
|
8997
|
+
// Clear the native src to abort the navigation
|
|
8998
|
+
// the browser queued at attach time. HTML spec:
|
|
8999
|
+
// when src changes during a navigation, the
|
|
9000
|
+
// prior navigation is aborted. After clearing,
|
|
9001
|
+
// the pre-flight runs against the saved URL
|
|
9002
|
+
// and writes native back on safe.
|
|
9003
|
+
ReflectApply$LWS$1(ElementProtoRemoveAttribute$LWS, iframe$LWS, ['src']);
|
|
9004
|
+
preflightSameOriginAndCommit$LWS(iframe$LWS, urlString$LWS, parsedURL$LWS.pathname, record$LWS);
|
|
9005
|
+
}
|
|
9006
|
+
});
|
|
9007
|
+
ensureConnectionObserverRegistered$LWS();
|
|
9008
|
+
return;
|
|
9009
|
+
}
|
|
9010
|
+
// Any non-pre-flight write (cross-origin, empty, about:blank,
|
|
9011
|
+
// or pre-264) supersedes a pending pre-flight: abort it,
|
|
9012
|
+
// clear pending state, then write native. This guarantees
|
|
9013
|
+
// the helper below sees the actual post-write native src
|
|
9014
|
+
// (not a stale pending URL from the prior assignment).
|
|
9015
|
+
abortInflightPreflight$LWS(this);
|
|
9016
|
+
clearPendingURL$LWS(this);
|
|
9017
|
+
clearDetachedPending$LWS(this);
|
|
9018
|
+
clearInflightPreflight$LWS(this);
|
|
8027
9019
|
ReflectApply$LWS$1(HTMLIFrameElementProtoSrcSetter$LWS, this, [urlString$LWS]);
|
|
8028
9020
|
if (isGaterEnabledFeature$LWS(ENABLE_SANDBOXED_SAMEORIGIN_IFRAME_GATE$LWS) && isNotAllowedToOverrideGaterEnabledFeature$LWS(record$LWS.key, ENABLE_SANDBOXED_SAMEORIGIN_IFRAME_GATE$LWS)) {
|
|
8029
9021
|
enforceSandboxAllowScriptsForSameOriginIframeRealm$LWS(this);
|
|
8030
9022
|
}
|
|
8031
9023
|
}
|
|
8032
|
-
|
|
9024
|
+
// Same-origin async pre-flight pipeline. The setter remains
|
|
9025
|
+
// synchronous from sandboxed code's perspective: it returns after
|
|
9026
|
+
// recording the pending URL and kicking off the fetch. The native
|
|
9027
|
+
// attribute is NOT written until the pre-flight approves the body,
|
|
9028
|
+
// so the browser does not start navigating until then. Read-after-
|
|
9029
|
+
// write surfaces (iframe.src, getAttribute('src'), attributes['src']
|
|
9030
|
+
// via the iframe.src getter distortion + read-side getter registry)
|
|
9031
|
+
// see the pending URL during the inspection window.
|
|
9032
|
+
function preflightSameOriginAndCommit$LWS(iframe$LWS, urlString$LWS, pathname$LWS, sandboxRecord$LWS) {
|
|
9033
|
+
// Re-assignment cancels any prior pre-flight in flight on this
|
|
9034
|
+
// iframe and replaces it with the new URL.
|
|
9035
|
+
abortInflightPreflight$LWS(iframe$LWS);
|
|
9036
|
+
setPendingURL$LWS(iframe$LWS, urlString$LWS);
|
|
9037
|
+
const controller$LWS = new AbortControllerCtor$LWS();
|
|
9038
|
+
const signal$LWS = ReflectApply$LWS$1(AbortControllerProtoSignalGetter$LWS, controller$LWS, []);
|
|
9039
|
+
trackInflightPreflight$LWS(iframe$LWS, controller$LWS);
|
|
9040
|
+
const isSupersededOrAborted$LWS = () => signal$LWS.aborted;
|
|
9041
|
+
const onSafe$LWS = () => {
|
|
9042
|
+
if (isSupersededOrAborted$LWS()) {
|
|
9043
|
+
return;
|
|
9044
|
+
}
|
|
9045
|
+
clearPendingURL$LWS(iframe$LWS);
|
|
9046
|
+
clearInflightPreflight$LWS(iframe$LWS);
|
|
9047
|
+
ReflectApply$LWS$1(HTMLIFrameElementProtoSrcSetter$LWS, iframe$LWS, [urlString$LWS]);
|
|
9048
|
+
if (isGaterEnabledFeature$LWS(ENABLE_SANDBOXED_SAMEORIGIN_IFRAME_GATE$LWS) && isNotAllowedToOverrideGaterEnabledFeature$LWS(sandboxRecord$LWS.key, ENABLE_SANDBOXED_SAMEORIGIN_IFRAME_GATE$LWS)) {
|
|
9049
|
+
enforceSandboxAllowScriptsForSameOriginIframeRealm$LWS(iframe$LWS);
|
|
9050
|
+
}
|
|
9051
|
+
};
|
|
9052
|
+
const onHostile$LWS = () => {
|
|
9053
|
+
if (isSupersededOrAborted$LWS()) {
|
|
9054
|
+
return;
|
|
9055
|
+
}
|
|
9056
|
+
clearPendingURL$LWS(iframe$LWS);
|
|
9057
|
+
clearInflightPreflight$LWS(iframe$LWS);
|
|
9058
|
+
// Native src is intentionally left unwritten; the iframe
|
|
9059
|
+
// never navigates to the hostile URL. Mark the iframe as
|
|
9060
|
+
// poisoned so the next synchronous write attempt throws.
|
|
9061
|
+
// The original iframe.src = url callsite returned long
|
|
9062
|
+
// ago; we cannot synchronously propagate the throw back
|
|
9063
|
+
// to it, but any subsequent setter / setAttribute / etc.
|
|
9064
|
+
// on this iframe will throw at the new call site.
|
|
9065
|
+
poisonIframe$LWS(iframe$LWS);
|
|
9066
|
+
// Add the pathname to the cross-iframe rejection cache
|
|
9067
|
+
// so any future iframe whose src lands at the same
|
|
9068
|
+
// pathname throws synchronously at setter entry without
|
|
9069
|
+
// re-fetching. Pathname-keyed (not full URL) so query-
|
|
9070
|
+
// string rotation can't evade the cache.
|
|
9071
|
+
rejectPathname$LWS(pathname$LWS);
|
|
9072
|
+
};
|
|
9073
|
+
const onAborted$LWS = () => {
|
|
9074
|
+
clearInflightPreflight$LWS(iframe$LWS);
|
|
9075
|
+
};
|
|
9076
|
+
ReflectApply$LWS$1(originalFetch$LWS, undefined, [urlString$LWS, {
|
|
9077
|
+
__proto__: null,
|
|
9078
|
+
credentials: 'same-origin',
|
|
9079
|
+
signal: signal$LWS
|
|
9080
|
+
}]).then(response$LWS => response$LWS.text()).then(body$LWS => {
|
|
9081
|
+
if (isSupersededOrAborted$LWS()) {
|
|
9082
|
+
onAborted$LWS();
|
|
9083
|
+
return;
|
|
9084
|
+
}
|
|
9085
|
+
// Validator union scoped to the patterns that
|
|
9086
|
+
// matter for iframe.src bodies: iframe+srcdoc
|
|
9087
|
+
// substring combo (a child iframe with srcdoc
|
|
9088
|
+
// smuggled into the parent page), XML DOCTYPE
|
|
9089
|
+
// entity expansion (XXE), and XML-namespaced
|
|
9090
|
+
// script elements that execute in XML contexts
|
|
9091
|
+
// but are inert in HTML. The broader
|
|
9092
|
+
// `isIframeSrcdocScriptAttack` (which also flags
|
|
9093
|
+
// any obfuscated <script>) is intentionally NOT
|
|
9094
|
+
// used here — existing test fixtures and component
|
|
9095
|
+
// code rely on iframe.src loading <script>-bearing
|
|
9096
|
+
// same-origin pages (legacy contract; the iframe
|
|
9097
|
+
// sandbox is the layer that contains script
|
|
9098
|
+
// execution). Tightening this would break that
|
|
9099
|
+
// contract.
|
|
9100
|
+
if (isIframeSrcdocAttack$LWS(body$LWS) || isXMLEntityAttack$LWS(body$LWS) || isXMLNamespacedScriptAttack$LWS(body$LWS)) {
|
|
9101
|
+
onHostile$LWS();
|
|
9102
|
+
} else {
|
|
9103
|
+
onSafe$LWS();
|
|
9104
|
+
}
|
|
9105
|
+
}).catch(() => {
|
|
9106
|
+
if (isSupersededOrAborted$LWS()) {
|
|
9107
|
+
onAborted$LWS();
|
|
9108
|
+
return;
|
|
9109
|
+
}
|
|
9110
|
+
// Network error or non-2xx. The browser's own iframe
|
|
9111
|
+
// load would also fail; commit the URL so the iframe's
|
|
9112
|
+
// onerror fires through the normal navigation-failure
|
|
9113
|
+
// path. (We deliberately don't poison on transport
|
|
9114
|
+
// errors — only on attack-pattern detection.)
|
|
9115
|
+
onSafe$LWS();
|
|
9116
|
+
});
|
|
9117
|
+
}
|
|
9118
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLIFrameElement$LWS, 'src', NAMESPACE_DEFAULT$LWS, src$LWS);
|
|
8033
9119
|
return [originalSrcSetter$LWS, src$LWS];
|
|
8034
9120
|
};
|
|
8035
9121
|
}
|
|
@@ -8046,10 +9132,88 @@ function initDistortionHTMLIFrameElementSandboxSetter$LWS({
|
|
|
8046
9132
|
enforceSandboxAllowScriptsForSameOriginIframeRealm$LWS(this);
|
|
8047
9133
|
}
|
|
8048
9134
|
}
|
|
8049
|
-
|
|
9135
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLIFrameElement$LWS, 'sandbox', NAMESPACE_DEFAULT$LWS, sandbox$LWS);
|
|
8050
9136
|
return [originalSandboxSetter$LWS, sandbox$LWS];
|
|
8051
9137
|
};
|
|
8052
9138
|
}
|
|
9139
|
+
|
|
9140
|
+
// HTMLIFrameElement.src getter distortion. Returns the pending URL recorded
|
|
9141
|
+
// by the src setter's pre-flight pipeline (see src-setter.ts) when one
|
|
9142
|
+
// exists, otherwise falls through to the native getter.
|
|
9143
|
+
//
|
|
9144
|
+
// The same getter is registered into the read-side attribute getter
|
|
9145
|
+
// registry under (HTMLIFrameElement, 'src'), so el.getAttribute('src'),
|
|
9146
|
+
// el.getAttributeNS, el.attributes['src'].value, etc. all surface the
|
|
9147
|
+
// pending URL through the registry consultation in those distortions.
|
|
9148
|
+
function initDistortionHTMLIFrameElementSrcGetter$LWS({
|
|
9149
|
+
globalObject: {
|
|
9150
|
+
HTMLIFrameElement: HTMLIFrameElement$LWS
|
|
9151
|
+
}
|
|
9152
|
+
}) {
|
|
9153
|
+
const originalSrcGetter$LWS = ObjectLookupOwnGetter$LWS$1(HTMLIFrameElement$LWS.prototype, 'src');
|
|
9154
|
+
return function distortionHTMLIFrameElementSrcGetter$LWS(record$LWS) {
|
|
9155
|
+
function src$LWS() {
|
|
9156
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9157
|
+
const pending$LWS = getPendingURL$LWS(this);
|
|
9158
|
+
if (pending$LWS !== undefined) {
|
|
9159
|
+
return pending$LWS;
|
|
9160
|
+
}
|
|
9161
|
+
}
|
|
9162
|
+
return ReflectApply$LWS$1(originalSrcGetter$LWS, this, []);
|
|
9163
|
+
}
|
|
9164
|
+
// The pending-URL pipeline that backs this getter is W-22382462
|
|
9165
|
+
// gate-264 work; only register into the read-side attribute
|
|
9166
|
+
// getter registry when the gate is on, otherwise pre-264
|
|
9167
|
+
// sandboxes pay the registry-consultation cost on every
|
|
9168
|
+
// iframe.src read with no behavior change to show for it.
|
|
9169
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9170
|
+
registerAttributeGetterDistortion$LWS(record$LWS, HTMLIFrameElement$LWS, 'src', NAMESPACE_DEFAULT$LWS, src$LWS);
|
|
9171
|
+
}
|
|
9172
|
+
return [originalSrcGetter$LWS, src$LWS];
|
|
9173
|
+
};
|
|
9174
|
+
}
|
|
9175
|
+
function initDistortionHTMLImageElementSrcSetter$LWS({
|
|
9176
|
+
globalObject: {
|
|
9177
|
+
HTMLImageElement: HTMLImageElement$LWS
|
|
9178
|
+
}
|
|
9179
|
+
}) {
|
|
9180
|
+
const originalSrcSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLImageElement$LWS.prototype, 'src');
|
|
9181
|
+
return function distortionHTMLImageElementSrcSetter$LWS(record$LWS) {
|
|
9182
|
+
function src$LWS(value$LWS) {
|
|
9183
|
+
const normalized$LWS = toSafeStringValue$LWS(value$LWS);
|
|
9184
|
+
const urlString$LWS = normalized$LWS === '' ? '' : sanitizeURLForElement$LWS(normalized$LWS);
|
|
9185
|
+
if (urlString$LWS !== '' && isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9186
|
+
const parsedURL$LWS = parseURL$LWS(urlString$LWS);
|
|
9187
|
+
if (!isAllowedEndpointURL$LWS(parsedURL$LWS)) {
|
|
9188
|
+
throw new LockerSecurityError$LWS(`Cannot request disallowed endpoint: ${toSafeTemplateStringValue$LWS(parsedURL$LWS.normalizedURL)}`);
|
|
9189
|
+
}
|
|
9190
|
+
}
|
|
9191
|
+
ReflectApply$LWS$1(HTMLImageElementProtoSrcSetter$LWS, this, [urlString$LWS]);
|
|
9192
|
+
}
|
|
9193
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9194
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLImageElement$LWS, 'src', NAMESPACE_DEFAULT$LWS, src$LWS);
|
|
9195
|
+
}
|
|
9196
|
+
return [originalSrcSetter$LWS, src$LWS];
|
|
9197
|
+
};
|
|
9198
|
+
}
|
|
9199
|
+
function initDistortionHTMLImageElementSrcsetSetter$LWS({
|
|
9200
|
+
globalObject: {
|
|
9201
|
+
HTMLImageElement: HTMLImageElement$LWS
|
|
9202
|
+
}
|
|
9203
|
+
}) {
|
|
9204
|
+
const originalSrcsetSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLImageElement$LWS.prototype, 'srcset');
|
|
9205
|
+
return function distortionHTMLImageElementSrcsetSetter$LWS(record$LWS) {
|
|
9206
|
+
function srcset$LWS(value$LWS) {
|
|
9207
|
+
const normalized$LWS = toSafeStringValue$LWS(value$LWS);
|
|
9208
|
+
const finalValue$LWS = normalized$LWS !== '' && isGaterEnabledFeature$LWS('changesSince.264') ? sanitizeSrcsetAndValidateEndpoints$LWS(normalized$LWS) : normalized$LWS;
|
|
9209
|
+
ReflectApply$LWS$1(HTMLImageElementProtoSrcsetSetter$LWS, this, [finalValue$LWS]);
|
|
9210
|
+
}
|
|
9211
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9212
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLImageElement$LWS, 'srcset', NAMESPACE_DEFAULT$LWS, srcset$LWS);
|
|
9213
|
+
}
|
|
9214
|
+
return [originalSrcsetSetter$LWS, srcset$LWS];
|
|
9215
|
+
};
|
|
9216
|
+
}
|
|
8053
9217
|
function initDistortionHTMLInputElementFormActionSetter$LWS({
|
|
8054
9218
|
globalObject: {
|
|
8055
9219
|
HTMLInputElement: HTMLInputElement$LWS
|
|
@@ -8071,13 +9235,42 @@ function initDistortionHTMLInputElementFormActionSetter$LWS({
|
|
|
8071
9235
|
}
|
|
8072
9236
|
urlString$LWS = normalizedURL$LWS;
|
|
8073
9237
|
}
|
|
8074
|
-
ReflectApply$LWS$1(HTMLInputElementProtoFormActionSetter$LWS, this, [urlString$LWS]);
|
|
9238
|
+
ReflectApply$LWS$1(HTMLInputElementProtoFormActionSetter$LWS, this, [urlString$LWS]);
|
|
9239
|
+
}
|
|
9240
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLInputElement$LWS, 'formaction', NAMESPACE_DEFAULT$LWS, formAction$LWS);
|
|
9241
|
+
return [originalFormActionSetter$LWS, formAction$LWS];
|
|
9242
|
+
}
|
|
9243
|
+
// istanbul ignore next: ungated return is not reachable in coverage runs
|
|
9244
|
+
return [originalFormActionSetter$LWS, originalFormActionSetter$LWS];
|
|
9245
|
+
};
|
|
9246
|
+
}
|
|
9247
|
+
|
|
9248
|
+
// Uniform guard: applied regardless of the `rel` value. A conditional check
|
|
9249
|
+
// (guarded only on fetch-triggering rel values) is unsafe because the attacker
|
|
9250
|
+
// can set href with an innocuous rel and then flip rel to "preload" to kick
|
|
9251
|
+
// off the request later.
|
|
9252
|
+
function initDistortionHTMLLinkElementHrefSetter$LWS({
|
|
9253
|
+
globalObject: {
|
|
9254
|
+
HTMLLinkElement: HTMLLinkElement$LWS
|
|
9255
|
+
}
|
|
9256
|
+
}) {
|
|
9257
|
+
const originalHrefSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLLinkElement$LWS.prototype, 'href');
|
|
9258
|
+
return function distortionHTMLLinkElementHrefSetter$LWS(record$LWS) {
|
|
9259
|
+
function href$LWS(value$LWS) {
|
|
9260
|
+
const normalized$LWS = toSafeStringValue$LWS(value$LWS);
|
|
9261
|
+
const urlString$LWS = normalized$LWS === '' ? '' : sanitizeURLForElement$LWS(normalized$LWS);
|
|
9262
|
+
if (urlString$LWS !== '' && isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9263
|
+
const parsedURL$LWS = parseURL$LWS(urlString$LWS);
|
|
9264
|
+
if (!isAllowedEndpointURL$LWS(parsedURL$LWS)) {
|
|
9265
|
+
throw new LockerSecurityError$LWS(`Cannot request disallowed endpoint: ${toSafeTemplateStringValue$LWS(parsedURL$LWS.normalizedURL)}`);
|
|
9266
|
+
}
|
|
8075
9267
|
}
|
|
8076
|
-
|
|
8077
|
-
return [originalFormActionSetter$LWS, formAction$LWS];
|
|
9268
|
+
ReflectApply$LWS$1(HTMLLinkElementProtoHrefSetter$LWS, this, [urlString$LWS]);
|
|
8078
9269
|
}
|
|
8079
|
-
|
|
8080
|
-
|
|
9270
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9271
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLLinkElement$LWS, 'href', NAMESPACE_DEFAULT$LWS, href$LWS);
|
|
9272
|
+
}
|
|
9273
|
+
return [originalHrefSetter$LWS, href$LWS];
|
|
8081
9274
|
};
|
|
8082
9275
|
}
|
|
8083
9276
|
const importRegExp$LWS = /import/i;
|
|
@@ -8101,7 +9294,7 @@ function initDistortionHTMLLinkElementRelSetter$LWS({
|
|
|
8101
9294
|
}
|
|
8102
9295
|
const distortionEntry$LWS = [originalRelSetter$LWS, rel$LWS];
|
|
8103
9296
|
return function distortionHTMLLinkElementRelSetter$LWS(record$LWS) {
|
|
8104
|
-
|
|
9297
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLLinkElement$LWS, 'rel', NAMESPACE_DEFAULT$LWS, rel$LWS);
|
|
8105
9298
|
return distortionEntry$LWS;
|
|
8106
9299
|
};
|
|
8107
9300
|
}
|
|
@@ -8124,6 +9317,30 @@ function initDistortionHTMLLinkElementRelListSetter$LWS({
|
|
|
8124
9317
|
return distortionEntry$LWS;
|
|
8125
9318
|
};
|
|
8126
9319
|
}
|
|
9320
|
+
function initDistortionHTMLMediaElementSrcSetter$LWS({
|
|
9321
|
+
globalObject: {
|
|
9322
|
+
HTMLMediaElement: HTMLMediaElement$LWS
|
|
9323
|
+
}
|
|
9324
|
+
}) {
|
|
9325
|
+
const originalSrcSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLMediaElement$LWS.prototype, 'src');
|
|
9326
|
+
return function distortionHTMLMediaElementSrcSetter$LWS(record$LWS) {
|
|
9327
|
+
function src$LWS(value$LWS) {
|
|
9328
|
+
const normalized$LWS = toSafeStringValue$LWS(value$LWS);
|
|
9329
|
+
const urlString$LWS = normalized$LWS === '' ? '' : sanitizeURLForElement$LWS(normalized$LWS);
|
|
9330
|
+
if (urlString$LWS !== '' && isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9331
|
+
const parsedURL$LWS = parseURL$LWS(urlString$LWS);
|
|
9332
|
+
if (!isAllowedEndpointURL$LWS(parsedURL$LWS)) {
|
|
9333
|
+
throw new LockerSecurityError$LWS(`Cannot request disallowed endpoint: ${toSafeTemplateStringValue$LWS(parsedURL$LWS.normalizedURL)}`);
|
|
9334
|
+
}
|
|
9335
|
+
}
|
|
9336
|
+
ReflectApply$LWS$1(HTMLMediaElementProtoSrcSetter$LWS, this, [urlString$LWS]);
|
|
9337
|
+
}
|
|
9338
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9339
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLMediaElement$LWS, 'src', NAMESPACE_DEFAULT$LWS, src$LWS);
|
|
9340
|
+
}
|
|
9341
|
+
return [originalSrcSetter$LWS, src$LWS];
|
|
9342
|
+
};
|
|
9343
|
+
}
|
|
8127
9344
|
function initDistortionHTMLMetaElementContentGetter$LWS({
|
|
8128
9345
|
globalObject: {
|
|
8129
9346
|
HTMLMetaElement: HTMLMetaElement$LWS
|
|
@@ -8142,13 +9359,76 @@ function initDistortionHTMLMetaElementContentGetter$LWS({
|
|
|
8142
9359
|
return distortionEntry$LWS;
|
|
8143
9360
|
};
|
|
8144
9361
|
}
|
|
9362
|
+
function initDistortionHTMLObjectElementContentDocumentGetter$LWS({
|
|
9363
|
+
globalObject: {
|
|
9364
|
+
HTMLObjectElement: HTMLObjectElement$LWS
|
|
9365
|
+
}
|
|
9366
|
+
}) {
|
|
9367
|
+
const originalContentDocumentGetter$LWS = ObjectLookupOwnGetter$LWS$1(HTMLObjectElement$LWS.prototype, 'contentDocument');
|
|
9368
|
+
const distortionEntry$LWS = [originalContentDocumentGetter$LWS, function contentDocument$LWS() {
|
|
9369
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9370
|
+
// The <object> element has no sandbox attribute, so its embedded
|
|
9371
|
+
// document runs with full privileges of the parent origin.
|
|
9372
|
+
// Block access to prevent sandbox bypass.
|
|
9373
|
+
return null;
|
|
9374
|
+
}
|
|
9375
|
+
// istanbul ignore next: this line is untested because tests are run with all gates enabled.
|
|
9376
|
+
return ReflectApply$LWS$1(originalContentDocumentGetter$LWS, this, []);
|
|
9377
|
+
}];
|
|
9378
|
+
return function distortionHTMLObjectElementContentDocumentGetter$LWS() {
|
|
9379
|
+
return distortionEntry$LWS;
|
|
9380
|
+
};
|
|
9381
|
+
}
|
|
9382
|
+
function initDistortionHTMLObjectElementContentWindowGetter$LWS({
|
|
9383
|
+
globalObject: {
|
|
9384
|
+
HTMLObjectElement: HTMLObjectElement$LWS
|
|
9385
|
+
}
|
|
9386
|
+
}) {
|
|
9387
|
+
const originalContentWindowGetter$LWS = ObjectLookupOwnGetter$LWS$1(HTMLObjectElement$LWS.prototype, 'contentWindow');
|
|
9388
|
+
const distortionEntry$LWS = [originalContentWindowGetter$LWS, function contentWindow$LWS() {
|
|
9389
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9390
|
+
// The <object> element has no sandbox attribute, so its embedded
|
|
9391
|
+
// document runs with full privileges of the parent origin.
|
|
9392
|
+
// Block access to prevent sandbox bypass.
|
|
9393
|
+
return null;
|
|
9394
|
+
}
|
|
9395
|
+
// istanbul ignore next: this line is untested because tests are run with all gates enabled.
|
|
9396
|
+
return ReflectApply$LWS$1(originalContentWindowGetter$LWS, this, []);
|
|
9397
|
+
}];
|
|
9398
|
+
return function distortionHTMLObjectElementContentWindowGetter$LWS() {
|
|
9399
|
+
return distortionEntry$LWS;
|
|
9400
|
+
};
|
|
9401
|
+
}
|
|
9402
|
+
|
|
9403
|
+
// MIME types that create a browsing context when used with <object>.
|
|
9404
|
+
// Must match the list in type-setter.ts.
|
|
9405
|
+
const BLOCKED_OBJECT_MIME_TYPES$1$LWS = ['text/html', 'application/xhtml+xml'];
|
|
9406
|
+
const ABOUT_BLANK$LWS = 'about:blank';
|
|
8145
9407
|
function initDistortionHTMLObjectElementDataSetter$LWS({
|
|
8146
9408
|
globalObject: {
|
|
8147
9409
|
HTMLObjectElement: HTMLObjectElement$LWS
|
|
8148
9410
|
}
|
|
8149
9411
|
}) {
|
|
8150
9412
|
const originalDataSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLObjectElement$LWS.prototype, 'data');
|
|
9413
|
+
const originalTypeGetter$LWS = ObjectLookupOwnGetter$LWS$1(HTMLObjectElement$LWS.prototype, 'type');
|
|
8151
9414
|
function data$LWS(value$LWS) {
|
|
9415
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9416
|
+
const currentType$LWS = ReflectApply$LWS$1(originalTypeGetter$LWS, this, []);
|
|
9417
|
+
const loweredType$LWS = ReflectApply$LWS$1(StringProtoToLowerCase$LWS, currentType$LWS, []);
|
|
9418
|
+
// Strip MIME parameters before checking (e.g. "text/html;charset=utf-8" → "text/html").
|
|
9419
|
+
const semicolonIndex$LWS = ReflectApply$LWS$1(StringProtoIndexOf$LWS, loweredType$LWS, [';']);
|
|
9420
|
+
const mimeType$LWS = semicolonIndex$LWS === -1 ? loweredType$LWS : ReflectApply$LWS$1(StringProtoTrim$LWS, ReflectApply$LWS$1(StringProtoSlice$LWS$1, loweredType$LWS, [0, semicolonIndex$LWS]), []);
|
|
9421
|
+
// Block if type is explicitly an HTML MIME type.
|
|
9422
|
+
if (BLOCKED_OBJECT_MIME_TYPES$1$LWS.includes(mimeType$LWS)) {
|
|
9423
|
+
throw new LockerSecurityError$LWS('HTMLObjectElement.data cannot be set when type is ' + `"${mimeType$LWS}". HTML content types create an unsandboxed browsing context.`);
|
|
9424
|
+
}
|
|
9425
|
+
// Block if type is empty/absent — the browser will sniff the response
|
|
9426
|
+
// Content-Type, and if it's HTML the embedded document executes scripts
|
|
9427
|
+
// unsandboxed. Only about:blank is safe (empty document, no scripts).
|
|
9428
|
+
if (mimeType$LWS === '' && `${value$LWS}` !== ABOUT_BLANK$LWS) {
|
|
9429
|
+
throw new LockerSecurityError$LWS('HTMLObjectElement.data requires an explicit non-HTML type attribute. ' + 'Without a type, the browser may infer text/html from the response ' + 'and create an unsandboxed browsing context.');
|
|
9430
|
+
}
|
|
9431
|
+
}
|
|
8152
9432
|
const urlString$LWS = sanitizeURLForElement$LWS(value$LWS);
|
|
8153
9433
|
if (!isValidURLScheme$LWS(urlString$LWS)) {
|
|
8154
9434
|
throw new LockerSecurityError$LWS('HTMLObjectElement.data supports http://, https:// schemes, relative urls and about:blank.');
|
|
@@ -8161,7 +9441,38 @@ function initDistortionHTMLObjectElementDataSetter$LWS({
|
|
|
8161
9441
|
}
|
|
8162
9442
|
const distortionEntry$LWS = [originalDataSetter$LWS, data$LWS];
|
|
8163
9443
|
return function distortionHTMLObjectElementDataSetter$LWS(record$LWS) {
|
|
8164
|
-
|
|
9444
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLObjectElement$LWS, 'data', NAMESPACE_DEFAULT$LWS, data$LWS);
|
|
9445
|
+
return distortionEntry$LWS;
|
|
9446
|
+
};
|
|
9447
|
+
}
|
|
9448
|
+
|
|
9449
|
+
// MIME types that create a browsing context when used with <object>.
|
|
9450
|
+
// An embedded browsing context executes scripts with full privileges of the
|
|
9451
|
+
// parent origin — bypassing all LWS sandbox distortions.
|
|
9452
|
+
const BLOCKED_OBJECT_MIME_TYPES$LWS = ['text/html', 'application/xhtml+xml'];
|
|
9453
|
+
function initDistortionHTMLObjectElementTypeSetter$LWS({
|
|
9454
|
+
globalObject: {
|
|
9455
|
+
HTMLObjectElement: HTMLObjectElement$LWS
|
|
9456
|
+
}
|
|
9457
|
+
}) {
|
|
9458
|
+
const originalTypeSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLObjectElement$LWS.prototype, 'type');
|
|
9459
|
+
function type$LWS(value$LWS) {
|
|
9460
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9461
|
+
const stringValue$LWS = `${value$LWS}`;
|
|
9462
|
+
const lowered$LWS = ReflectApply$LWS$1(StringProtoToLowerCase$LWS, stringValue$LWS, []);
|
|
9463
|
+
// Strip MIME parameters (e.g. "text/html;charset=utf-8" → "text/html").
|
|
9464
|
+
// Per RFC 2045 §5.1, parameters follow `;`. We check the type/subtype prefix.
|
|
9465
|
+
const semicolonIndex$LWS = ReflectApply$LWS$1(StringProtoIndexOf$LWS, lowered$LWS, [';']);
|
|
9466
|
+
const mimeType$LWS = semicolonIndex$LWS === -1 ? lowered$LWS : ReflectApply$LWS$1(StringProtoTrim$LWS, ReflectApply$LWS$1(StringProtoSlice$LWS$1, lowered$LWS, [0, semicolonIndex$LWS]), []);
|
|
9467
|
+
if (BLOCKED_OBJECT_MIME_TYPES$LWS.includes(mimeType$LWS)) {
|
|
9468
|
+
throw new LockerSecurityError$LWS(`HTMLObjectElement.type cannot be set to "${mimeType$LWS}". ` + 'HTML content types create an unsandboxed browsing context.');
|
|
9469
|
+
}
|
|
9470
|
+
}
|
|
9471
|
+
ReflectApply$LWS$1(originalTypeSetter$LWS, this, [value$LWS]);
|
|
9472
|
+
}
|
|
9473
|
+
const distortionEntry$LWS = [originalTypeSetter$LWS, type$LWS];
|
|
9474
|
+
return function distortionHTMLObjectElementTypeSetter$LWS(record$LWS) {
|
|
9475
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLObjectElement$LWS, 'type', NAMESPACE_DEFAULT$LWS, type$LWS);
|
|
8165
9476
|
return distortionEntry$LWS;
|
|
8166
9477
|
};
|
|
8167
9478
|
}
|
|
@@ -8230,7 +9541,7 @@ function initDistortionHTMLScriptElementInnerTextSetter$LWS({
|
|
|
8230
9541
|
};
|
|
8231
9542
|
}
|
|
8232
9543
|
const descriptorCaches$LWS = toSafeWeakMap$LWS$1(new WeakMapCtor$LWS$1());
|
|
8233
|
-
function
|
|
9544
|
+
function createBlockedAttributeSetterDistortionFactoryInitializer$LWS(Ctor$LWS, ctorName$LWS, attributeName$LWS) {
|
|
8234
9545
|
return function initDistortionBlockedAttribute$LWS() {
|
|
8235
9546
|
const enquotedAttributeName$LWS = enquote$LWS(attributeName$LWS);
|
|
8236
9547
|
const distortionName$LWS = `blocked${capitalizeFirstChar$LWS(attributeName$LWS)}Attribute`;
|
|
@@ -8244,7 +9555,7 @@ function createBlockedAttributeDistortionFactoryInitializer$LWS(Ctor$LWS, ctorNa
|
|
|
8244
9555
|
}
|
|
8245
9556
|
};
|
|
8246
9557
|
return function distortionBlockedAttribute$LWS(record$LWS) {
|
|
8247
|
-
|
|
9558
|
+
registerAttributeSetterDistortion$LWS(record$LWS, Ctor$LWS, attributeName$LWS, NAMESPACE_DEFAULT$LWS, distortion$LWS);
|
|
8248
9559
|
};
|
|
8249
9560
|
};
|
|
8250
9561
|
}
|
|
@@ -8289,14 +9600,48 @@ function createValueThrowerFactoryInitializer$LWS(proto$LWS, key$LWS) {
|
|
|
8289
9600
|
return valueThrowerDistortionFactory$LWS;
|
|
8290
9601
|
};
|
|
8291
9602
|
}
|
|
8292
|
-
function
|
|
9603
|
+
function addBlockedAttributeSetterDistortionFactoryInitializers$LWS(Ctor$LWS, ctorName$LWS, attributes$LWS, factoryInitializers$LWS) {
|
|
9604
|
+
let {
|
|
9605
|
+
length: factoryInitializersOffset$LWS
|
|
9606
|
+
} = factoryInitializers$LWS;
|
|
9607
|
+
for (let i$LWS = 0, {
|
|
9608
|
+
length: length$LWS
|
|
9609
|
+
} = attributes$LWS; i$LWS < length$LWS; i$LWS += 1) {
|
|
9610
|
+
factoryInitializers$LWS[factoryInitializersOffset$LWS++] = createBlockedAttributeSetterDistortionFactoryInitializer$LWS(Ctor$LWS, ctorName$LWS, attributes$LWS[i$LWS]);
|
|
9611
|
+
}
|
|
9612
|
+
}
|
|
9613
|
+
// Read-side counterpart of createBlockedAttributeSetterDistortionFactoryInitializer:
|
|
9614
|
+
// produce a factory that registers a thrower in the read-side getter registry
|
|
9615
|
+
// for `(Ctor, attributeName)`. When sandboxed code reads the attribute via any
|
|
9616
|
+
// of the distortion-covered read paths (Element.getAttribute family,
|
|
9617
|
+
// NamedNodeMap.getNamedItem family, Attr.value getter), the registered thrower
|
|
9618
|
+
// fires and refuses the read.
|
|
9619
|
+
function createBlockedAttributeGetterDistortionFactoryInitializer$LWS(Ctor$LWS, attributeName$LWS) {
|
|
9620
|
+
return function initDistortionBlockedAttributeGetter$LWS() {
|
|
9621
|
+
const enquotedAttributeName$LWS = enquote$LWS(attributeName$LWS);
|
|
9622
|
+
const distortionName$LWS = `blocked${capitalizeFirstChar$LWS(attributeName$LWS)}AttributeGetter`;
|
|
9623
|
+
const {
|
|
9624
|
+
[distortionName$LWS]: thrower$LWS
|
|
9625
|
+
} = {
|
|
9626
|
+
[distortionName$LWS]: () => {
|
|
9627
|
+
// Match the message used by the previous blockAccessToNonce
|
|
9628
|
+
// inline call so existing assertions remain valid.
|
|
9629
|
+
throw new LockerSecurityError$LWS(`Attribute ${enquotedAttributeName$LWS} not accessible`);
|
|
9630
|
+
}
|
|
9631
|
+
};
|
|
9632
|
+
return function distortionBlockedAttributeGetter$LWS(record$LWS) {
|
|
9633
|
+
registerAttributeGetterDistortion$LWS(record$LWS, Ctor$LWS, attributeName$LWS, NAMESPACE_DEFAULT$LWS, thrower$LWS);
|
|
9634
|
+
};
|
|
9635
|
+
};
|
|
9636
|
+
}
|
|
9637
|
+
function addBlockedAttributeGetterDistortionFactoryInitializers$LWS(Ctor$LWS, attributes$LWS, factoryInitializers$LWS) {
|
|
8293
9638
|
let {
|
|
8294
9639
|
length: factoryInitializersOffset$LWS
|
|
8295
9640
|
} = factoryInitializers$LWS;
|
|
8296
9641
|
for (let i$LWS = 0, {
|
|
8297
9642
|
length: length$LWS
|
|
8298
9643
|
} = attributes$LWS; i$LWS < length$LWS; i$LWS += 1) {
|
|
8299
|
-
factoryInitializers$LWS[factoryInitializersOffset$LWS++] =
|
|
9644
|
+
factoryInitializers$LWS[factoryInitializersOffset$LWS++] = createBlockedAttributeGetterDistortionFactoryInitializer$LWS(Ctor$LWS, attributes$LWS[i$LWS]);
|
|
8300
9645
|
}
|
|
8301
9646
|
}
|
|
8302
9647
|
function addBlockedPropertyDistortionFactoryInitializers$LWS({
|
|
@@ -8437,7 +9782,7 @@ function initDistortionHTMLScriptElementSrcSetter$LWS({
|
|
|
8437
9782
|
} = ReflectGetOwnPropertyDescriptor$LWS(HTMLScriptElement$LWS.prototype, 'src');
|
|
8438
9783
|
return function distortionHTMLScriptElementSrcSetter$LWS(record$LWS) {
|
|
8439
9784
|
const src$LWS = createScriptDistortion$LWS(record$LWS, 'src');
|
|
8440
|
-
|
|
9785
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLScriptElement$LWS, 'src', NAMESPACE_DEFAULT$LWS, src$LWS);
|
|
8441
9786
|
return [originalSrcSetter$LWS, src$LWS];
|
|
8442
9787
|
};
|
|
8443
9788
|
}
|
|
@@ -8552,6 +9897,72 @@ function initDistortionHTMLScriptElementTextContentSetter$LWS({
|
|
|
8552
9897
|
}];
|
|
8553
9898
|
};
|
|
8554
9899
|
}
|
|
9900
|
+
function initDistortionHTMLSourceElementSrcSetter$LWS({
|
|
9901
|
+
globalObject: {
|
|
9902
|
+
HTMLSourceElement: HTMLSourceElement$LWS
|
|
9903
|
+
}
|
|
9904
|
+
}) {
|
|
9905
|
+
const originalSrcSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLSourceElement$LWS.prototype, 'src');
|
|
9906
|
+
return function distortionHTMLSourceElementSrcSetter$LWS(record$LWS) {
|
|
9907
|
+
function src$LWS(value$LWS) {
|
|
9908
|
+
const normalized$LWS = toSafeStringValue$LWS(value$LWS);
|
|
9909
|
+
const urlString$LWS = normalized$LWS === '' ? '' : sanitizeURLForElement$LWS(normalized$LWS);
|
|
9910
|
+
if (urlString$LWS !== '' && isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9911
|
+
const parsedURL$LWS = parseURL$LWS(urlString$LWS);
|
|
9912
|
+
if (!isAllowedEndpointURL$LWS(parsedURL$LWS)) {
|
|
9913
|
+
throw new LockerSecurityError$LWS(`Cannot request disallowed endpoint: ${toSafeTemplateStringValue$LWS(parsedURL$LWS.normalizedURL)}`);
|
|
9914
|
+
}
|
|
9915
|
+
}
|
|
9916
|
+
ReflectApply$LWS$1(HTMLSourceElementProtoSrcSetter$LWS, this, [urlString$LWS]);
|
|
9917
|
+
}
|
|
9918
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9919
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLSourceElement$LWS, 'src', NAMESPACE_DEFAULT$LWS, src$LWS);
|
|
9920
|
+
}
|
|
9921
|
+
return [originalSrcSetter$LWS, src$LWS];
|
|
9922
|
+
};
|
|
9923
|
+
}
|
|
9924
|
+
function initDistortionHTMLSourceElementSrcsetSetter$LWS({
|
|
9925
|
+
globalObject: {
|
|
9926
|
+
HTMLSourceElement: HTMLSourceElement$LWS
|
|
9927
|
+
}
|
|
9928
|
+
}) {
|
|
9929
|
+
const originalSrcsetSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLSourceElement$LWS.prototype, 'srcset');
|
|
9930
|
+
return function distortionHTMLSourceElementSrcsetSetter$LWS(record$LWS) {
|
|
9931
|
+
function srcset$LWS(value$LWS) {
|
|
9932
|
+
const normalized$LWS = toSafeStringValue$LWS(value$LWS);
|
|
9933
|
+
const finalValue$LWS = normalized$LWS !== '' && isGaterEnabledFeature$LWS('changesSince.264') ? sanitizeSrcsetAndValidateEndpoints$LWS(normalized$LWS) : normalized$LWS;
|
|
9934
|
+
ReflectApply$LWS$1(HTMLSourceElementProtoSrcsetSetter$LWS, this, [finalValue$LWS]);
|
|
9935
|
+
}
|
|
9936
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9937
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLSourceElement$LWS, 'srcset', NAMESPACE_DEFAULT$LWS, srcset$LWS);
|
|
9938
|
+
}
|
|
9939
|
+
return [originalSrcsetSetter$LWS, srcset$LWS];
|
|
9940
|
+
};
|
|
9941
|
+
}
|
|
9942
|
+
function initDistortionHTMLTrackElementSrcSetter$LWS({
|
|
9943
|
+
globalObject: {
|
|
9944
|
+
HTMLTrackElement: HTMLTrackElement$LWS
|
|
9945
|
+
}
|
|
9946
|
+
}) {
|
|
9947
|
+
const originalSrcSetter$LWS = ObjectLookupOwnSetter$LWS(HTMLTrackElement$LWS.prototype, 'src');
|
|
9948
|
+
return function distortionHTMLTrackElementSrcSetter$LWS(record$LWS) {
|
|
9949
|
+
function src$LWS(value$LWS) {
|
|
9950
|
+
const normalized$LWS = toSafeStringValue$LWS(value$LWS);
|
|
9951
|
+
const urlString$LWS = normalized$LWS === '' ? '' : sanitizeURLForElement$LWS(normalized$LWS);
|
|
9952
|
+
if (urlString$LWS !== '' && isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9953
|
+
const parsedURL$LWS = parseURL$LWS(urlString$LWS);
|
|
9954
|
+
if (!isAllowedEndpointURL$LWS(parsedURL$LWS)) {
|
|
9955
|
+
throw new LockerSecurityError$LWS(`Cannot request disallowed endpoint: ${toSafeTemplateStringValue$LWS(parsedURL$LWS.normalizedURL)}`);
|
|
9956
|
+
}
|
|
9957
|
+
}
|
|
9958
|
+
ReflectApply$LWS$1(HTMLTrackElementProtoSrcSetter$LWS, this, [urlString$LWS]);
|
|
9959
|
+
}
|
|
9960
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
9961
|
+
registerAttributeSetterDistortion$LWS(record$LWS, HTMLTrackElement$LWS, 'src', NAMESPACE_DEFAULT$LWS, src$LWS);
|
|
9962
|
+
}
|
|
9963
|
+
return [originalSrcSetter$LWS, src$LWS];
|
|
9964
|
+
};
|
|
9965
|
+
}
|
|
8555
9966
|
function initDistortionIDBFactoryDatabases$LWS({
|
|
8556
9967
|
globalObject: {
|
|
8557
9968
|
IDBFactory: IDBFactory$LWS
|
|
@@ -8808,6 +10219,165 @@ function initDistortionMutationObserverObserve$LWS({
|
|
|
8808
10219
|
return distortionEntry$LWS;
|
|
8809
10220
|
};
|
|
8810
10221
|
}
|
|
10222
|
+
function initDistortionNamedNodeMapGetNamedItem$LWS({
|
|
10223
|
+
globalObject: {
|
|
10224
|
+
document: sandboxDocument$LWS,
|
|
10225
|
+
NamedNodeMap: {
|
|
10226
|
+
prototype: {
|
|
10227
|
+
getNamedItem: originalGetNamedItem$LWS
|
|
10228
|
+
}
|
|
10229
|
+
}
|
|
10230
|
+
}
|
|
10231
|
+
}) {
|
|
10232
|
+
return function distortionNamedNodeMapGetNamedItem$LWS(record$LWS) {
|
|
10233
|
+
return [originalGetNamedItem$LWS, function getNamedItem$LWS(...args$LWS) {
|
|
10234
|
+
const {
|
|
10235
|
+
length: length$LWS
|
|
10236
|
+
} = args$LWS;
|
|
10237
|
+
if (isGaterEnabledFeature$LWS('changesSince.264') && length$LWS > 0) {
|
|
10238
|
+
// Guard against TOCTOU attacks: force the native call
|
|
10239
|
+
// to see the same value our checks ran against.
|
|
10240
|
+
const coerced$LWS = toSafeStringValue$LWS(args$LWS[0]);
|
|
10241
|
+
args$LWS[0] = coerced$LWS;
|
|
10242
|
+
const element$LWS = getOwnerElement$LWS(this);
|
|
10243
|
+
if (element$LWS !== undefined) {
|
|
10244
|
+
// Consult the read-side registry. A throwing
|
|
10245
|
+
// registered getter (e.g. nonce) refuses the
|
|
10246
|
+
// read by propagating its exception. A value-
|
|
10247
|
+
// substituting getter (e.g. iframe.src pending
|
|
10248
|
+
// URL) returns a string; if the native attribute
|
|
10249
|
+
// store has no Attr for this name, synthesize a
|
|
10250
|
+
// detached Attr carrying the substituted value
|
|
10251
|
+
// so sandbox code can read .value as expected.
|
|
10252
|
+
// If the native store already has an Attr,
|
|
10253
|
+
// prefer it.
|
|
10254
|
+
const override$LWS = getAttributeGetterDistortion$LWS(record$LWS, element$LWS, coerced$LWS);
|
|
10255
|
+
if (override$LWS !== undefined) {
|
|
10256
|
+
const overrideValue$LWS = ReflectApply$LWS$1(override$LWS, element$LWS, []);
|
|
10257
|
+
if (overrideValue$LWS !== null && overrideValue$LWS !== undefined) {
|
|
10258
|
+
const nativeAttr$LWS = ReflectApply$LWS$1(originalGetNamedItem$LWS, this, args$LWS);
|
|
10259
|
+
if (nativeAttr$LWS !== null) {
|
|
10260
|
+
return nativeAttr$LWS;
|
|
10261
|
+
}
|
|
10262
|
+
const synth$LWS = ReflectApply$LWS$1(DocumentProtoCreateAttribute$LWS, sandboxDocument$LWS, [coerced$LWS]);
|
|
10263
|
+
synth$LWS.value = overrideValue$LWS;
|
|
10264
|
+
return synth$LWS;
|
|
10265
|
+
}
|
|
10266
|
+
}
|
|
10267
|
+
}
|
|
10268
|
+
}
|
|
10269
|
+
return ReflectApply$LWS$1(originalGetNamedItem$LWS, this, args$LWS);
|
|
10270
|
+
}];
|
|
10271
|
+
};
|
|
10272
|
+
}
|
|
10273
|
+
function initDistortionNamedNodeMapGetNamedItemNS$LWS({
|
|
10274
|
+
globalObject: {
|
|
10275
|
+
document: sandboxDocument$LWS,
|
|
10276
|
+
NamedNodeMap: {
|
|
10277
|
+
prototype: {
|
|
10278
|
+
getNamedItemNS: originalGetNamedItemNS$LWS
|
|
10279
|
+
}
|
|
10280
|
+
}
|
|
10281
|
+
}
|
|
10282
|
+
}) {
|
|
10283
|
+
return function distortionNamedNodeMapGetNamedItemNS$LWS(record$LWS) {
|
|
10284
|
+
return [originalGetNamedItemNS$LWS, function getNamedItemNS$LWS(...args$LWS) {
|
|
10285
|
+
const {
|
|
10286
|
+
length: length$LWS
|
|
10287
|
+
} = args$LWS;
|
|
10288
|
+
if (isGaterEnabledFeature$LWS('changesSince.264') && length$LWS >= 2) {
|
|
10289
|
+
// Guard against TOCTOU attacks: force the native call
|
|
10290
|
+
// to see the same values our checks ran against.
|
|
10291
|
+
const coercedNS$LWS = args$LWS[0] === null || args$LWS[0] === undefined ? args$LWS[0] : toSafeStringValue$LWS(args$LWS[0]);
|
|
10292
|
+
const coercedName$LWS = toSafeStringValue$LWS(args$LWS[1]);
|
|
10293
|
+
args$LWS[0] = coercedNS$LWS;
|
|
10294
|
+
args$LWS[1] = coercedName$LWS;
|
|
10295
|
+
const element$LWS = getOwnerElement$LWS(this);
|
|
10296
|
+
if (element$LWS !== undefined) {
|
|
10297
|
+
const ns$LWS = normalizeNamespace$LWS(coercedNS$LWS);
|
|
10298
|
+
const override$LWS = getAttributeGetterDistortion$LWS(record$LWS, element$LWS, coercedName$LWS, ns$LWS);
|
|
10299
|
+
if (override$LWS !== undefined) {
|
|
10300
|
+
const overrideValue$LWS = ReflectApply$LWS$1(override$LWS, element$LWS, []);
|
|
10301
|
+
if (overrideValue$LWS !== null && overrideValue$LWS !== undefined) {
|
|
10302
|
+
const nativeAttr$LWS = ReflectApply$LWS$1(originalGetNamedItemNS$LWS, this, args$LWS);
|
|
10303
|
+
if (nativeAttr$LWS !== null) {
|
|
10304
|
+
return nativeAttr$LWS;
|
|
10305
|
+
}
|
|
10306
|
+
const synth$LWS = ReflectApply$LWS$1(DocumentProtoCreateAttributeNS$LWS, sandboxDocument$LWS, [ns$LWS, coercedName$LWS]);
|
|
10307
|
+
synth$LWS.value = overrideValue$LWS;
|
|
10308
|
+
return synth$LWS;
|
|
10309
|
+
}
|
|
10310
|
+
}
|
|
10311
|
+
}
|
|
10312
|
+
}
|
|
10313
|
+
return ReflectApply$LWS$1(originalGetNamedItemNS$LWS, this, args$LWS);
|
|
10314
|
+
}];
|
|
10315
|
+
};
|
|
10316
|
+
}
|
|
10317
|
+
const SANDBOX_ATTR$1$LWS = 'sandbox';
|
|
10318
|
+
function initDistortionNamedNodeMapRemoveNamedItem$LWS({
|
|
10319
|
+
globalObject: {
|
|
10320
|
+
HTMLIFrameElement: HTMLIFrameElement$LWS,
|
|
10321
|
+
NamedNodeMap: {
|
|
10322
|
+
prototype: {
|
|
10323
|
+
removeNamedItem: originalRemoveNamedItem$LWS
|
|
10324
|
+
}
|
|
10325
|
+
}
|
|
10326
|
+
}
|
|
10327
|
+
}) {
|
|
10328
|
+
const distortionEntry$LWS = [originalRemoveNamedItem$LWS, function removeNamedItem$LWS(...args$LWS) {
|
|
10329
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
10330
|
+
if (args$LWS.length > 0) {
|
|
10331
|
+
const attrName$LWS = ReflectApply$LWS$1(StringProtoToLowerCase$LWS, toSafeStringValue$LWS(args$LWS[0]), []);
|
|
10332
|
+
if (attrName$LWS === SANDBOX_ATTR$1$LWS) {
|
|
10333
|
+
// getOwnerElement returns undefined if the Element.attributes
|
|
10334
|
+
// getter distortion hasn't run yet; in that case the instanceof
|
|
10335
|
+
// check short-circuits and we fall through to the original method.
|
|
10336
|
+
const element$LWS = getOwnerElement$LWS(this);
|
|
10337
|
+
if (element$LWS instanceof HTMLIFrameElement$LWS) {
|
|
10338
|
+
throw new LockerSecurityError$LWS("Cannot remove 'sandbox' attribute from HTMLIFrameElement.");
|
|
10339
|
+
}
|
|
10340
|
+
}
|
|
10341
|
+
}
|
|
10342
|
+
}
|
|
10343
|
+
return ReflectApply$LWS$1(originalRemoveNamedItem$LWS, this, args$LWS);
|
|
10344
|
+
}];
|
|
10345
|
+
return function distortionNamedNodeMapRemoveNamedItem$LWS() {
|
|
10346
|
+
return distortionEntry$LWS;
|
|
10347
|
+
};
|
|
10348
|
+
}
|
|
10349
|
+
const SANDBOX_ATTR$LWS = 'sandbox';
|
|
10350
|
+
function initDistortionNamedNodeMapRemoveNamedItemNS$LWS({
|
|
10351
|
+
globalObject: {
|
|
10352
|
+
HTMLIFrameElement: HTMLIFrameElement$LWS,
|
|
10353
|
+
NamedNodeMap: {
|
|
10354
|
+
prototype: {
|
|
10355
|
+
removeNamedItemNS: originalRemoveNamedItemNS$LWS
|
|
10356
|
+
}
|
|
10357
|
+
}
|
|
10358
|
+
}
|
|
10359
|
+
}) {
|
|
10360
|
+
const distortionEntry$LWS = [originalRemoveNamedItemNS$LWS, function removeNamedItemNS$LWS(...args$LWS) {
|
|
10361
|
+
if (isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
10362
|
+
if (args$LWS.length > 1) {
|
|
10363
|
+
const attrName$LWS = ReflectApply$LWS$1(StringProtoToLowerCase$LWS, toSafeStringValue$LWS(args$LWS[1]), []);
|
|
10364
|
+
if (attrName$LWS === SANDBOX_ATTR$LWS) {
|
|
10365
|
+
// getOwnerElement returns undefined if the Element.attributes
|
|
10366
|
+
// getter distortion hasn't run yet; in that case the instanceof
|
|
10367
|
+
// check short-circuits and we fall through to the original method.
|
|
10368
|
+
const element$LWS = getOwnerElement$LWS(this);
|
|
10369
|
+
if (element$LWS instanceof HTMLIFrameElement$LWS) {
|
|
10370
|
+
throw new LockerSecurityError$LWS("Cannot remove 'sandbox' attribute from HTMLIFrameElement.");
|
|
10371
|
+
}
|
|
10372
|
+
}
|
|
10373
|
+
}
|
|
10374
|
+
}
|
|
10375
|
+
return ReflectApply$LWS$1(originalRemoveNamedItemNS$LWS, this, args$LWS);
|
|
10376
|
+
}];
|
|
10377
|
+
return function distortionNamedNodeMapRemoveNamedItemNS$LWS() {
|
|
10378
|
+
return distortionEntry$LWS;
|
|
10379
|
+
};
|
|
10380
|
+
}
|
|
8811
10381
|
function initDistortionNamedNodeMapSetNamedItem$LWS({
|
|
8812
10382
|
globalObject: {
|
|
8813
10383
|
Attr: Attr$LWS,
|
|
@@ -8886,6 +10456,27 @@ function initDistortionNavigatorServiceWorkerGetter$LWS({
|
|
|
8886
10456
|
return distortionEntry$LWS;
|
|
8887
10457
|
};
|
|
8888
10458
|
}
|
|
10459
|
+
function initDistortionNodeGetRootNode$LWS({
|
|
10460
|
+
globalObject: {
|
|
10461
|
+
Node: Node$LWS,
|
|
10462
|
+
ShadowRoot: ShadowRoot$LWS,
|
|
10463
|
+
document: document$LWS
|
|
10464
|
+
}
|
|
10465
|
+
}) {
|
|
10466
|
+
const originalGetRootNode$LWS = ObjectLookupOwnValue$LWS(Node$LWS.prototype, 'getRootNode');
|
|
10467
|
+
return function distortionNodeGetRootNode$LWS({
|
|
10468
|
+
key: key$LWS
|
|
10469
|
+
}) {
|
|
10470
|
+
const distortionEntry$LWS = [originalGetRootNode$LWS, function getRootNode$LWS(...args$LWS) {
|
|
10471
|
+
const realRoot$LWS = ReflectApply$LWS$1(originalGetRootNode$LWS, this, args$LWS);
|
|
10472
|
+
if (isGaterEnabledFeature$LWS('changesSince.264') && realRoot$LWS instanceof ShadowRoot$LWS && !isShadowRootAccessibleInThisSandbox$LWS(key$LWS, realRoot$LWS)) {
|
|
10473
|
+
return document$LWS;
|
|
10474
|
+
}
|
|
10475
|
+
return realRoot$LWS;
|
|
10476
|
+
}];
|
|
10477
|
+
return distortionEntry$LWS;
|
|
10478
|
+
};
|
|
10479
|
+
}
|
|
8889
10480
|
const {
|
|
8890
10481
|
isSharedElement: isSharedElement$k$LWS,
|
|
8891
10482
|
isAllowedSharedElementChild: isAllowedSharedElementChild$1$LWS
|
|
@@ -8942,7 +10533,7 @@ function initDistortionNodeValueSetter$LWS({
|
|
|
8942
10533
|
const attrName$LWS = ReflectApply$LWS$1(AttrProtoNameGetter$LWS, this, []);
|
|
8943
10534
|
const attrNamespace$LWS = ReflectApply$LWS$1(AttrProtoNamespaceURIGetter$LWS, this, []);
|
|
8944
10535
|
const normalizedNamespace$LWS = normalizeNamespace$LWS(attrNamespace$LWS);
|
|
8945
|
-
const distortion$LWS =
|
|
10536
|
+
const distortion$LWS = getAttributeSetterDistortion$LWS(record$LWS, ownerEl$LWS, attrName$LWS, normalizedNamespace$LWS);
|
|
8946
10537
|
// istanbul ignore next: needs default platform behavior test
|
|
8947
10538
|
if (distortion$LWS) {
|
|
8948
10539
|
ReflectApply$LWS$1(distortion$LWS, ownerEl$LWS, [value$LWS]);
|
|
@@ -8954,6 +10545,56 @@ function initDistortionNodeValueSetter$LWS({
|
|
|
8954
10545
|
}];
|
|
8955
10546
|
};
|
|
8956
10547
|
}
|
|
10548
|
+
function initDistortionNodeParentElementGetter$LWS({
|
|
10549
|
+
globalObject: {
|
|
10550
|
+
Node: Node$LWS,
|
|
10551
|
+
ShadowRoot: ShadowRoot$LWS
|
|
10552
|
+
}
|
|
10553
|
+
}) {
|
|
10554
|
+
const originalParentElementGetter$LWS = ObjectLookupOwnGetter$LWS$1(Node$LWS.prototype, 'parentElement');
|
|
10555
|
+
const originalGetRootNode$LWS = ObjectLookupOwnValue$LWS(Node$LWS.prototype, 'getRootNode');
|
|
10556
|
+
return function distortionNodeParentElementGetter$LWS({
|
|
10557
|
+
key: key$LWS
|
|
10558
|
+
}) {
|
|
10559
|
+
const distortionEntry$LWS = [originalParentElementGetter$LWS, function parentElement$LWS() {
|
|
10560
|
+
const parent$LWS = ReflectApply$LWS$1(originalParentElementGetter$LWS, this, []);
|
|
10561
|
+
if (parent$LWS === null || !isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
10562
|
+
return parent$LWS;
|
|
10563
|
+
}
|
|
10564
|
+
const parentRoot$LWS = ReflectApply$LWS$1(originalGetRootNode$LWS, parent$LWS, []);
|
|
10565
|
+
if (parentRoot$LWS instanceof ShadowRoot$LWS && !isShadowRootAccessibleInThisSandbox$LWS(key$LWS, parentRoot$LWS)) {
|
|
10566
|
+
return null;
|
|
10567
|
+
}
|
|
10568
|
+
return parent$LWS;
|
|
10569
|
+
}];
|
|
10570
|
+
return distortionEntry$LWS;
|
|
10571
|
+
};
|
|
10572
|
+
}
|
|
10573
|
+
function initDistortionNodeParentNodeGetter$LWS({
|
|
10574
|
+
globalObject: {
|
|
10575
|
+
Node: Node$LWS,
|
|
10576
|
+
ShadowRoot: ShadowRoot$LWS
|
|
10577
|
+
}
|
|
10578
|
+
}) {
|
|
10579
|
+
const originalParentNodeGetter$LWS = ObjectLookupOwnGetter$LWS$1(Node$LWS.prototype, 'parentNode');
|
|
10580
|
+
const originalGetRootNode$LWS = ObjectLookupOwnValue$LWS(Node$LWS.prototype, 'getRootNode');
|
|
10581
|
+
return function distortionNodeParentNodeGetter$LWS({
|
|
10582
|
+
key: key$LWS
|
|
10583
|
+
}) {
|
|
10584
|
+
const distortionEntry$LWS = [originalParentNodeGetter$LWS, function parentNode$LWS() {
|
|
10585
|
+
const parent$LWS = ReflectApply$LWS$1(originalParentNodeGetter$LWS, this, []);
|
|
10586
|
+
if (parent$LWS === null || !isGaterEnabledFeature$LWS('changesSince.264')) {
|
|
10587
|
+
return parent$LWS;
|
|
10588
|
+
}
|
|
10589
|
+
const parentRoot$LWS = ReflectApply$LWS$1(originalGetRootNode$LWS, parent$LWS, []);
|
|
10590
|
+
if (parentRoot$LWS instanceof ShadowRoot$LWS && !isShadowRootAccessibleInThisSandbox$LWS(key$LWS, parentRoot$LWS)) {
|
|
10591
|
+
return null;
|
|
10592
|
+
}
|
|
10593
|
+
return parent$LWS;
|
|
10594
|
+
}];
|
|
10595
|
+
return distortionEntry$LWS;
|
|
10596
|
+
};
|
|
10597
|
+
}
|
|
8957
10598
|
const {
|
|
8958
10599
|
isSharedElement: isSharedElement$j$LWS
|
|
8959
10600
|
} = rootValidator$LWS;
|
|
@@ -9093,7 +10734,7 @@ function initDistortionNodeTextContentSetter$LWS({
|
|
|
9093
10734
|
const attrName$LWS = ReflectApply$LWS$1(AttrProtoNameGetter$LWS, this, []);
|
|
9094
10735
|
const attrNamespace$LWS = ReflectApply$LWS$1(AttrProtoNamespaceURIGetter$LWS, this, []);
|
|
9095
10736
|
const normalizedNamespace$LWS = normalizeNamespace$LWS(attrNamespace$LWS);
|
|
9096
|
-
const distortion$LWS =
|
|
10737
|
+
const distortion$LWS = getAttributeSetterDistortion$LWS(record$LWS, ownerEl$LWS, attrName$LWS, normalizedNamespace$LWS);
|
|
9097
10738
|
// istanbul ignore next: needs default platform behavior test
|
|
9098
10739
|
if (distortion$LWS) {
|
|
9099
10740
|
ReflectApply$LWS$1(distortion$LWS, ownerEl$LWS, [valueAsString$LWS]);
|
|
@@ -9729,6 +11370,9 @@ function initDistortionRangeCloneRange$LWS({
|
|
|
9729
11370
|
return distortionEntry$LWS;
|
|
9730
11371
|
};
|
|
9731
11372
|
}
|
|
11373
|
+
const {
|
|
11374
|
+
isIframeSrcdocScriptAttack: isIframeSrcdocScriptAttack$2$LWS
|
|
11375
|
+
} = rootValidator$LWS;
|
|
9732
11376
|
function initDistortionRangeCreateContextualFragment$LWS({
|
|
9733
11377
|
document: document$LWS,
|
|
9734
11378
|
globalObject: {
|
|
@@ -9754,6 +11398,9 @@ function initDistortionRangeCreateContextualFragment$LWS({
|
|
|
9754
11398
|
// for association to this sandbox.
|
|
9755
11399
|
setCustomElementsRegistry$LWS(document$LWS, key$LWS);
|
|
9756
11400
|
args$LWS[0] = lwsInternalPolicy$LWS.createHTML(tagString$LWS, key$LWS, ContentType$LWS.HTML);
|
|
11401
|
+
if (isGaterEnabledFeature$LWS('changesSince.264') && isIframeSrcdocScriptAttack$2$LWS(args$LWS[0])) {
|
|
11402
|
+
throw new LockerSecurityError$LWS(`Cannot 'createContextualFragment' using an unsecure ${toSafeTemplateStringValue$LWS(args$LWS[0])}.`);
|
|
11403
|
+
}
|
|
9757
11404
|
}
|
|
9758
11405
|
}
|
|
9759
11406
|
return ReflectApply$LWS$1(originalCreateContextualFragment$LWS, this, args$LWS);
|
|
@@ -10782,7 +12429,7 @@ function initDistortionSVGAnimateElementAttributeNameAttribute$LWS({
|
|
|
10782
12429
|
const originalAttributeValue$LWS = ReflectApply$LWS$1(ElementProtoGetAttribute$LWS, el$LWS, [attrName$LWS]);
|
|
10783
12430
|
// istanbul ignore else: needs default platform behavior test
|
|
10784
12431
|
if (originalAttributeValue$LWS) {
|
|
10785
|
-
const distortion$LWS =
|
|
12432
|
+
const distortion$LWS = getAttributeSetterDistortion$LWS(record$LWS, el$LWS, attrName$LWS);
|
|
10786
12433
|
// istanbul ignore else: needs default platform behavior test
|
|
10787
12434
|
if (distortion$LWS) {
|
|
10788
12435
|
ReflectApply$LWS$1(distortion$LWS, el$LWS, [originalAttributeValue$LWS]);
|
|
@@ -10790,7 +12437,7 @@ function initDistortionSVGAnimateElementAttributeNameAttribute$LWS({
|
|
|
10790
12437
|
}
|
|
10791
12438
|
}
|
|
10792
12439
|
}
|
|
10793
|
-
|
|
12440
|
+
registerAttributeSetterDistortion$LWS(record$LWS, SVGAnimateElement$LWS, 'attributeName', NAMESPACE_DEFAULT$LWS, function attributeName$LWS(value$LWS) {
|
|
10794
12441
|
ReflectApply$LWS$1(originalSetAttribute$LWS, this, ['attributeName', value$LWS]);
|
|
10795
12442
|
if (value$LWS === 'href') {
|
|
10796
12443
|
distortAttribute$LWS(this, 'from');
|
|
@@ -10817,7 +12464,7 @@ function initDistortionSVGAnimateElementFromAttribute$LWS({
|
|
|
10817
12464
|
ReflectApply$LWS$1(originalSetAttribute$LWS, this, ['from', value$LWS]);
|
|
10818
12465
|
}
|
|
10819
12466
|
return function distortionSVGAnimateElementFromAttribute$LWS(record$LWS) {
|
|
10820
|
-
|
|
12467
|
+
registerAttributeSetterDistortion$LWS(record$LWS, SVGAnimateElement$LWS, 'from', NAMESPACE_DEFAULT$LWS, from$LWS);
|
|
10821
12468
|
};
|
|
10822
12469
|
}
|
|
10823
12470
|
function initDistortionSVGAnimateElementToAttribute$LWS({
|
|
@@ -10837,7 +12484,7 @@ function initDistortionSVGAnimateElementToAttribute$LWS({
|
|
|
10837
12484
|
ReflectApply$LWS$1(originalSetAttribute$LWS, this, ['to', value$LWS]);
|
|
10838
12485
|
}
|
|
10839
12486
|
return function distortionSVGAnimateElementToAttribute$LWS(record$LWS) {
|
|
10840
|
-
|
|
12487
|
+
registerAttributeSetterDistortion$LWS(record$LWS, SVGAnimateElement$LWS, 'to', NAMESPACE_DEFAULT$LWS, to$LWS);
|
|
10841
12488
|
};
|
|
10842
12489
|
}
|
|
10843
12490
|
function initDistortionSVGAnimateElementValuesAttribute$LWS({
|
|
@@ -10865,7 +12512,7 @@ function initDistortionSVGAnimateElementValuesAttribute$LWS({
|
|
|
10865
12512
|
ReflectApply$LWS$1(originalSetAttribute$LWS, this, ['values', returnValues$LWS]);
|
|
10866
12513
|
}
|
|
10867
12514
|
return function distortionSVGAnimateElementValuesAttribute$LWS(record$LWS) {
|
|
10868
|
-
|
|
12515
|
+
registerAttributeSetterDistortion$LWS(record$LWS, SVGAnimateElement$LWS, 'values', NAMESPACE_DEFAULT$LWS, values$LWS);
|
|
10869
12516
|
};
|
|
10870
12517
|
}
|
|
10871
12518
|
function initDistortionSVGElementDatasetGetter$LWS({
|
|
@@ -10941,10 +12588,10 @@ function initDistortionSVGScriptElementHrefSetter$LWS({
|
|
|
10941
12588
|
}
|
|
10942
12589
|
}) {
|
|
10943
12590
|
return function distortionSVGScriptElementHrefSetter$LWS(record$LWS) {
|
|
10944
|
-
|
|
10945
|
-
|
|
10946
|
-
|
|
10947
|
-
|
|
12591
|
+
registerAttributeSetterDistortion$LWS(record$LWS, SVGScriptElement$LWS, 'href', NAMESPACE_XLINK$LWS, createScriptDistortion$LWS(record$LWS, 'href'));
|
|
12592
|
+
registerAttributeSetterDistortion$LWS(record$LWS, SVGScriptElement$LWS, 'xlink:href', NAMESPACE_XLINK$LWS, createScriptDistortion$LWS(record$LWS, 'xlink:href'));
|
|
12593
|
+
registerAttributeSetterDistortion$LWS(record$LWS, SVGScriptElement$LWS, 'href', NAMESPACE_DEFAULT$LWS, createScriptDistortion$LWS(record$LWS, 'href'));
|
|
12594
|
+
registerAttributeSetterDistortion$LWS(record$LWS, SVGScriptElement$LWS, 'xlink:href', NAMESPACE_DEFAULT$LWS, createScriptDistortion$LWS(record$LWS, 'xlink:href'));
|
|
10948
12595
|
};
|
|
10949
12596
|
}
|
|
10950
12597
|
function initDistortionSVGSetElementAttributeNameAttribute$LWS({
|
|
@@ -10963,7 +12610,7 @@ function initDistortionSVGSetElementAttributeNameAttribute$LWS({
|
|
|
10963
12610
|
const originalAttributeValue$LWS = ReflectApply$LWS$1(ElementProtoGetAttribute$LWS, el$LWS, [attrName$LWS]);
|
|
10964
12611
|
// istanbul ignore else: needs default platform behavior test
|
|
10965
12612
|
if (originalAttributeValue$LWS) {
|
|
10966
|
-
const distortion$LWS =
|
|
12613
|
+
const distortion$LWS = getAttributeSetterDistortion$LWS(record$LWS, el$LWS, attrName$LWS);
|
|
10967
12614
|
// istanbul ignore else: needs default platform behavior test
|
|
10968
12615
|
if (distortion$LWS) {
|
|
10969
12616
|
ReflectApply$LWS$1(distortion$LWS, el$LWS, [originalAttributeValue$LWS]);
|
|
@@ -10977,7 +12624,7 @@ function initDistortionSVGSetElementAttributeNameAttribute$LWS({
|
|
|
10977
12624
|
distortAttribute$LWS(this, 'to');
|
|
10978
12625
|
}
|
|
10979
12626
|
}
|
|
10980
|
-
|
|
12627
|
+
registerAttributeSetterDistortion$LWS(record$LWS, SVGSetElement$LWS, 'attributeName', NAMESPACE_DEFAULT$LWS, attributeName$LWS);
|
|
10981
12628
|
};
|
|
10982
12629
|
}
|
|
10983
12630
|
function initDistortionSVGSetElementToAttribute$LWS({
|
|
@@ -10997,7 +12644,7 @@ function initDistortionSVGSetElementToAttribute$LWS({
|
|
|
10997
12644
|
ReflectApply$LWS$1(originalSetAttribute$LWS, this, ['to', value$LWS]);
|
|
10998
12645
|
}
|
|
10999
12646
|
return function distortionSVGSetElementToAttribute$LWS(record$LWS) {
|
|
11000
|
-
|
|
12647
|
+
registerAttributeSetterDistortion$LWS(record$LWS, SVGSetElement$LWS, 'to', NAMESPACE_DEFAULT$LWS, to$LWS);
|
|
11001
12648
|
};
|
|
11002
12649
|
}
|
|
11003
12650
|
function createDistortionHrefAttributeFactoryInitializer$LWS(attributeName$LWS) {
|
|
@@ -11017,13 +12664,13 @@ function createDistortionHrefAttributeFactoryInitializer$LWS(attributeName$LWS)
|
|
|
11017
12664
|
ReflectApply$LWS$1(originalSetAttributeNS$LWS, this, [NAMESPACE_XLINK$LWS, attributeName$LWS, returnValue$LWS]);
|
|
11018
12665
|
}
|
|
11019
12666
|
return function distortionHrefAttributeFactory$LWS(record$LWS) {
|
|
11020
|
-
|
|
12667
|
+
registerAttributeSetterDistortion$LWS(record$LWS, SVGUseElement$LWS, attributeName$LWS, NAMESPACE_XLINK$LWS, xlinkNamespaceDistortion$LWS);
|
|
11021
12668
|
if (attributeName$LWS === 'href') {
|
|
11022
12669
|
const defaultNamespaceDistortion$LWS = function defaultNamespaceDistortion$LWS(value$LWS) {
|
|
11023
12670
|
const returnValue$LWS = value$LWS === null || value$LWS === undefined || value$LWS === '' ? /* istanbul ignore next: needs default platform behavior test */value$LWS : sanitizeSvgHref$LWS(value$LWS);
|
|
11024
12671
|
ReflectApply$LWS$1(originalSetAttribute$LWS, this, [attributeName$LWS, returnValue$LWS]);
|
|
11025
12672
|
};
|
|
11026
|
-
|
|
12673
|
+
registerAttributeSetterDistortion$LWS(record$LWS, SVGUseElement$LWS, attributeName$LWS, NAMESPACE_DEFAULT$LWS, defaultNamespaceDistortion$LWS);
|
|
11027
12674
|
}
|
|
11028
12675
|
};
|
|
11029
12676
|
};
|
|
@@ -11046,7 +12693,18 @@ function initDistortionTrustedTypePolicyFactoryCreatePolicy$LWS({
|
|
|
11046
12693
|
return noop$LWS$1;
|
|
11047
12694
|
}
|
|
11048
12695
|
const distortionEntry$LWS = [originalCreatePolicy$LWS, function createPolicy$LWS(...args$LWS) {
|
|
11049
|
-
|
|
12696
|
+
let name$LWS = args$LWS.length ? args$LWS[0] : /* istanbul ignore next: needs default platform behavior test */undefined;
|
|
12697
|
+
// Coerce the policy name before the equality check. Without this,
|
|
12698
|
+
// a value like `{ toString: () => 'default' }` slips past the
|
|
12699
|
+
// strict equality (object !== string) while the native
|
|
12700
|
+
// createPolicy stringifies it per spec — creating a 'default'
|
|
12701
|
+
// policy LWS thought it had blocked. Substitute the coerced
|
|
12702
|
+
// string into args so the native call sees the same value the
|
|
12703
|
+
// guard inspected.
|
|
12704
|
+
if (isGaterEnabledFeature$LWS('changesSince.264') && args$LWS.length) {
|
|
12705
|
+
name$LWS = toSafeStringValue$LWS(args$LWS[0]);
|
|
12706
|
+
args$LWS[0] = name$LWS;
|
|
12707
|
+
}
|
|
11050
12708
|
// istanbul ignore else: needs default platform behavior test
|
|
11051
12709
|
if (name$LWS === 'default') {
|
|
11052
12710
|
throw new LockerSecurityError$LWS(createTrustedTypesExceptionMessage$LWS(name$LWS));
|
|
@@ -11545,6 +13203,44 @@ function initDistortionWindowOpen$LWS({
|
|
|
11545
13203
|
throw new LockerSecurityError$LWS(`Cannot open disallowed endpoint: ${toSafeTemplateStringValue$LWS(parsedURL$LWS.normalizedURL)}`);
|
|
11546
13204
|
}
|
|
11547
13205
|
}
|
|
13206
|
+
// Determine whether the target replaces the current browsing context.
|
|
13207
|
+
const target$LWS = normalizedArgs$LWS.length > 1 ? normalizedArgs$LWS[1] : undefined;
|
|
13208
|
+
const willOpenInSameBrowsingContext$LWS = target$LWS === '_self' || target$LWS === '_parent' || target$LWS === '_top';
|
|
13209
|
+
// W-22297117
|
|
13210
|
+
// Block same-origin window.open() for new browsing contexts and inject
|
|
13211
|
+
// noopener to sever the bidirectional Window reference.
|
|
13212
|
+
//
|
|
13213
|
+
// Threat model: even with noopener (which prevents the *caller* from
|
|
13214
|
+
// getting a child Window handle), a same-origin child page executes
|
|
13215
|
+
// scripts with full system-mode privileges. An attacker can craft a
|
|
13216
|
+
// payload URL (e.g. /resource/...) whose scripts exfiltrate cookies
|
|
13217
|
+
// or session tokens via fetch() without needing a reference back.
|
|
13218
|
+
//
|
|
13219
|
+
// Defence:
|
|
13220
|
+
// 1. Block same-origin URLs for new browsing contexts entirely.
|
|
13221
|
+
// The opened page would run unsandboxed, so navigation to it
|
|
13222
|
+
// must not be allowed from sandboxed code.
|
|
13223
|
+
// 2. Inject "noopener" for any remaining opens (cross-origin, about:
|
|
13224
|
+
// scheme) so the caller never receives a live Window reference.
|
|
13225
|
+
//
|
|
13226
|
+
// Same-browsing-context targets (_self, _parent, _top) are excluded:
|
|
13227
|
+
// they navigate the current context (no new unsandboxed page), and the
|
|
13228
|
+
// existing URL validation (gate 262) already guards them.
|
|
13229
|
+
if (isGaterEnabledFeature$LWS('changesSince.264') && !willOpenInSameBrowsingContext$LWS) {
|
|
13230
|
+
if (isSameOriginURL$LWS(resourceUrl$LWS)) {
|
|
13231
|
+
throw new LockerSecurityError$LWS('Cannot open same-origin URL in a new browsing context.');
|
|
13232
|
+
}
|
|
13233
|
+
// For cross-origin / about: URLs, inject noopener so the caller
|
|
13234
|
+
// receives null and the child has no opener reference.
|
|
13235
|
+
const features$LWS = normalizedArgs$LWS.length > 2 ? normalizedArgs$LWS[2] : undefined;
|
|
13236
|
+
if (typeof features$LWS === 'string' && features$LWS !== '') {
|
|
13237
|
+
if (!isNoopenerPresent$LWS(features$LWS)) {
|
|
13238
|
+
normalizedArgs$LWS[2] = `${features$LWS},noopener`;
|
|
13239
|
+
}
|
|
13240
|
+
} else {
|
|
13241
|
+
normalizedArgs$LWS[2] = 'noopener';
|
|
13242
|
+
}
|
|
13243
|
+
}
|
|
11548
13244
|
const childWindow$LWS = ReflectApply$LWS$1(originalWindowOpen$LWS, this, normalizedArgs$LWS);
|
|
11549
13245
|
// istanbul ignore next: behavior will not be tested in collection coverage
|
|
11550
13246
|
if (!isGaterEnabledFeature$LWS('changesSince.262')) {
|
|
@@ -11558,14 +13254,8 @@ function initDistortionWindowOpen$LWS({
|
|
|
11558
13254
|
}
|
|
11559
13255
|
// W-14218118
|
|
11560
13256
|
// If the target is '_self', '_parent', or '_top', only makes one request
|
|
11561
|
-
if (
|
|
11562
|
-
|
|
11563
|
-
1: target$LWS
|
|
11564
|
-
} = normalizedArgs$LWS;
|
|
11565
|
-
const willOpenInSameBrowsingContext$LWS = target$LWS === '_self' || target$LWS === '_parent' || target$LWS === '_top';
|
|
11566
|
-
if (willOpenInSameBrowsingContext$LWS) {
|
|
11567
|
-
return childWindow$LWS;
|
|
11568
|
-
}
|
|
13257
|
+
if (willOpenInSameBrowsingContext$LWS) {
|
|
13258
|
+
return childWindow$LWS;
|
|
11569
13259
|
}
|
|
11570
13260
|
// W-13552831
|
|
11571
13261
|
// If the target is anything else, two requests are made
|
|
@@ -11878,8 +13568,10 @@ initDistortionBroadcastChannelPostMessage$LWS,
|
|
|
11878
13568
|
initDistortionCSSStyleRuleStyleGetter$LWS,
|
|
11879
13569
|
// Document
|
|
11880
13570
|
initDistortionDocumentCreateNodeIterator$LWS, initDistortionDocumentCreateTreeWalker$LWS, initDistortionDocumentDomainSetter$LWS, initDistortionDocumentOnsecuritypolicyviolation$LWS, initDistortionDocumentOpen$LWS,
|
|
13571
|
+
// DOMTokenList
|
|
13572
|
+
initDistortionDOMTokenListAdd$LWS, initDistortionDOMTokenListReplace$LWS, initDistortionDOMTokenListToggle$LWS, initDistortionDOMTokenListValueSetter$LWS,
|
|
11881
13573
|
// Element
|
|
11882
|
-
initDistortionElementAttributesGetter$LWS, initDistortionElementGetInnerHTML$LWS, initDistortionElementInnerHTMLGetter$LWS, initDistortionElementOuterHTMLGetter$LWS, initDistortionElementRemove$LWS, initDistortionElementReplaceChildren$LWS, initDistortionElementReplaceWith$LWS,
|
|
13574
|
+
initDistortionElementAttributesGetter$LWS, initDistortionElementGetInnerHTML$LWS, initDistortionElementInnerHTMLGetter$LWS, initDistortionElementOuterHTMLGetter$LWS, initDistortionElementRemove$LWS, initDistortionElementRemoveAttribute$LWS, initDistortionElementRemoveAttributeNS$LWS, initDistortionElementRemoveAttributeNode$LWS, initDistortionElementReplaceChildren$LWS, initDistortionElementReplaceWith$LWS,
|
|
11883
13575
|
// Function
|
|
11884
13576
|
initDistortionFunction$LWS,
|
|
11885
13577
|
// History
|
|
@@ -11887,13 +13579,21 @@ initDistortionHistoryPushState$LWS, initDistortionHistoryReplaceState$LWS,
|
|
|
11887
13579
|
// HTMLElement
|
|
11888
13580
|
initDistortionHTMLElementDatasetGetter$LWS, initDistortionHTMLElementInnerTextGetter$LWS, initDistortionHTMLElementInnerTextSetter$LWS, initDistortionHTMLElementOuterTextSetter$LWS, initDistortionHTMLElementStyleGetter$LWS,
|
|
11889
13581
|
// HTMLIFrameElement
|
|
11890
|
-
initDistortionIFrameElementContentDocumentGetter$LWS, initDistortionIFrameElementContentWindowGetter$LWS, initDistortionHTMLIFrameElementSandboxGetter$LWS, initDistortionHTMLIFrameElementSandboxSetter$LWS, initDistortionHTMLIFrameElementSrcSetter$LWS,
|
|
13582
|
+
initDistortionIFrameElementContentDocumentGetter$LWS, initDistortionIFrameElementContentWindowGetter$LWS, initDistortionHTMLIFrameElementSandboxGetter$LWS, initDistortionHTMLIFrameElementSandboxSetter$LWS, initDistortionHTMLIFrameElementSrcGetter$LWS, initDistortionHTMLIFrameElementSrcSetter$LWS,
|
|
13583
|
+
// HTMLImageElement
|
|
13584
|
+
initDistortionHTMLImageElementSrcSetter$LWS, initDistortionHTMLImageElementSrcsetSetter$LWS,
|
|
11891
13585
|
// HTMLLinkElement
|
|
11892
|
-
initDistortionHTMLLinkElementRelSetter$LWS, initDistortionHTMLLinkElementRelListSetter$LWS,
|
|
13586
|
+
initDistortionHTMLLinkElementHrefSetter$LWS, initDistortionHTMLLinkElementRelSetter$LWS, initDistortionHTMLLinkElementRelListSetter$LWS,
|
|
13587
|
+
// HTMLMediaElement
|
|
13588
|
+
initDistortionHTMLMediaElementSrcSetter$LWS,
|
|
11893
13589
|
// HTMLMetaElement
|
|
11894
13590
|
initDistortionHTMLMetaElementContentGetter$LWS,
|
|
11895
13591
|
// HTMLObjectElement
|
|
11896
|
-
initDistortionHTMLObjectElementDataSetter$LWS,
|
|
13592
|
+
initDistortionHTMLObjectElementContentDocumentGetter$LWS, initDistortionHTMLObjectElementContentWindowGetter$LWS, initDistortionHTMLObjectElementDataSetter$LWS, initDistortionHTMLObjectElementTypeSetter$LWS,
|
|
13593
|
+
// HTMLSourceElement
|
|
13594
|
+
initDistortionHTMLSourceElementSrcSetter$LWS, initDistortionHTMLSourceElementSrcsetSetter$LWS,
|
|
13595
|
+
// HTMLTrackElement
|
|
13596
|
+
initDistortionHTMLTrackElementSrcSetter$LWS,
|
|
11897
13597
|
// HTMLScriptElement
|
|
11898
13598
|
initDistortionHTMLScriptElementInnerTextGetter$LWS, initDistortionHTMLScriptElementInnerTextSetter$LWS, initDistortionHTMLScriptElementSrcGetter$LWS, initDistortionHTMLScriptElementTextContentGetter$LWS, initDistortionHTMLScriptElementTextContentSetter$LWS, initDistortionHTMLScriptElementTextGetter$LWS, initDistortionHTMLScriptElementTextSetter$LWS,
|
|
11899
13599
|
// IDBObjectStore
|
|
@@ -11915,7 +13615,7 @@ initDistortionNavigatorSendBeacon$LWS, initDistortionNavigatorServiceWorkerGette
|
|
|
11915
13615
|
// Observable
|
|
11916
13616
|
initDistortionObservableForEach$LWS, initDistortionObservableSubscribe$LWS,
|
|
11917
13617
|
// Node
|
|
11918
|
-
initDistortionNodeRemoveChild$LWS, initDistortionNodeReplaceChild$LWS,
|
|
13618
|
+
initDistortionNodeGetRootNode$LWS, initDistortionNodeParentElementGetter$LWS, initDistortionNodeParentNodeGetter$LWS, initDistortionNodeRemoveChild$LWS, initDistortionNodeReplaceChild$LWS,
|
|
11919
13619
|
// Performance
|
|
11920
13620
|
initDistortionPerformanceMark$LWS, initDistortionPerformanceMeasure$LWS,
|
|
11921
13621
|
// PerformanceMark
|
|
@@ -11954,9 +13654,11 @@ initDistortionWorkerCtor$LWS, initDistortionWorkerProto$LWS,
|
|
|
11954
13654
|
initDistortionXMLHttpRequestOpen$LWS];
|
|
11955
13655
|
const internalKeyedDistortionFactoryInitializers$LWS = [
|
|
11956
13656
|
// Attr
|
|
11957
|
-
initDistortionAttrValueSetter$LWS,
|
|
13657
|
+
initDistortionAttrValueGetter$LWS, initDistortionAttrValueSetter$LWS,
|
|
11958
13658
|
// Aura
|
|
11959
13659
|
initDistortionAuraUtilGlobalEval$LWS,
|
|
13660
|
+
// BroadcastChannel
|
|
13661
|
+
initDistortionBroadcastChannelCtor$LWS, initDistortionBroadcastChannelNameGetter$LWS,
|
|
11960
13662
|
// CacheStorage
|
|
11961
13663
|
initDistortionCacheStorageDelete$LWS, initDistortionCacheStorageHas$LWS, initDistortionCacheStorageKeys$LWS, initDistortionCacheStorageMatch$LWS, initDistortionCacheStorageOpen$LWS,
|
|
11962
13664
|
// CookieStore
|
|
@@ -11964,7 +13666,7 @@ initDistortionCookieStoreDelete$LWS, initDistortionCookieStoreGet$LWS, initDisto
|
|
|
11964
13666
|
// CustomElementRegistry
|
|
11965
13667
|
initDistortionCustomElementRegistryDefine$LWS, initDistortionCustomElementRegistryGet$LWS, initDistortionCustomElementRegistryUpgrade$LWS, initDistortionCustomElementRegistryWhenDefined$LWS,
|
|
11966
13668
|
// Document
|
|
11967
|
-
initDistortionDocumentCookieGetter$LWS, initDistortionDocumentCookieSetter$LWS, initDistortionDocumentCreateElement$LWS, initDistortionDocumentCreateElementNS$LWS, initDistortionDocumentExecCommand$LWS, initDistortionDocumentReplaceChildren$LWS,
|
|
13669
|
+
initDistortionDocumentCookieGetter$LWS, initDistortionDocumentCookieSetter$LWS, initDistortionDocumentCreateElement$LWS, initDistortionDocumentCreateElementNS$LWS, initDistortionDocumentExecCommand$LWS, initDistortionDocumentAdoptNode$LWS, initDistortionDocumentImportNode$LWS, initDistortionDocumentReplaceChildren$LWS,
|
|
11968
13670
|
// DOMParser
|
|
11969
13671
|
initDistortionDOMParserParseFromString$LWS,
|
|
11970
13672
|
// Element
|
|
@@ -11974,7 +13676,7 @@ initDistortionEval$LWS,
|
|
|
11974
13676
|
// Event
|
|
11975
13677
|
initDistortionEventComposedPath$LWS, initDistortionEventPathGetter$LWS,
|
|
11976
13678
|
// EventTarget
|
|
11977
|
-
initDistortionEventTargetAddEventListener$LWS,
|
|
13679
|
+
initDistortionEventTargetAddEventListener$LWS, initDistortionEventTargetDispatchEvent$LWS,
|
|
11978
13680
|
// HTMLAnchorElement
|
|
11979
13681
|
initDistortionHTMLAnchorElementHrefSetter$LWS,
|
|
11980
13682
|
// HTMLBaseElement
|
|
@@ -11998,7 +13700,7 @@ initDistortionIDBFactoryDatabases$LWS, initDistortionIDBFactoryDeleteDatabase$LW
|
|
|
11998
13700
|
// MathMLElement
|
|
11999
13701
|
initDistortionMathMLElementOnsecuritypolicyviolation$LWS,
|
|
12000
13702
|
// NamedNodeMap
|
|
12001
|
-
initDistortionNamedNodeMapSetNamedItem$LWS, initDistortionNamedNodeMapSetNamedItemNS$LWS,
|
|
13703
|
+
initDistortionNamedNodeMapGetNamedItem$LWS, initDistortionNamedNodeMapGetNamedItemNS$LWS, initDistortionNamedNodeMapRemoveNamedItem$LWS, initDistortionNamedNodeMapRemoveNamedItemNS$LWS, initDistortionNamedNodeMapSetNamedItem$LWS, initDistortionNamedNodeMapSetNamedItemNS$LWS,
|
|
12002
13704
|
// Node
|
|
12003
13705
|
initDistortionNodeValueSetter$LWS, initDistortionNodeTextContentGetter$LWS, initDistortionNodeTextContentSetter$LWS,
|
|
12004
13706
|
// Range
|
|
@@ -12028,14 +13730,15 @@ initDistortionElementAfter$LWS, initDistortionElementAppend$LWS, initDistortionE
|
|
|
12028
13730
|
// initDistortionNodeAppendChild,
|
|
12029
13731
|
initDistortionNodeInsertBefore$LWS]);
|
|
12030
13732
|
const externalKeyedDistortionFactoryInitializers$LWS = internalKeyedDistortionFactoryInitializers$LWS;
|
|
12031
|
-
const distortionFactoryInitializerToggleSwitches$LWS = toSafeMap$LWS$1(new MapCtor$LWS$1([[initDistortionCacheStorageDelete$LWS, 'caches'], [initDistortionCacheStorageHas$LWS, 'caches'], [initDistortionCacheStorageKeys$LWS, 'caches'], [initDistortionCacheStorageMatch$LWS, 'caches'], [initDistortionCacheStorageOpen$LWS, 'caches'], [initDistortionCookieStoreDelete$LWS, 'cookieStore'], [initDistortionCookieStoreGet$LWS, 'cookieStore'], [initDistortionCookieStoreGetAll$LWS, 'cookieStore'], [initDistortionCookieStoreOnChange$LWS, 'cookieStore'], [initDistortionCookieStoreSet$LWS, 'cookieStore'], [initDistortionCSSStyleRuleStyleGetter$LWS, 'style'], [initDistortionCustomElementRegistryDefine$LWS, 'customElements'], [initDistortionCustomElementRegistryGet$LWS, 'customElements'], [initDistortionCustomElementRegistryUpgrade$LWS, 'customElements'], [initDistortionCustomElementRegistryWhenDefined$LWS, 'customElements'], [initDistortionDocumentCookieGetter$LWS, 'documentCookie'], [initDistortionDocumentCookieSetter$LWS, 'documentCookie'], [initDistortionDocumentDomainSetter$LWS, 'documentDomain'], [initDistortionDocumentExecCommand$LWS, 'documentExecCommand'], [initDistortionDOMParserParseFromString$LWS, 'domParserParseFromString'], [initDistortionElementAfter$LWS, 'element'], [initDistortionElementAppend$LWS, 'element'], [initDistortionElementAttributesGetter$LWS, 'attributes'], [initDistortionElementBefore$LWS, 'element'], [initDistortionElementGetInnerHTML$LWS, 'innerHTML'], [initDistortionElementInnerHTMLSetter$LWS, 'innerHTML'], [initDistortionElementInsertAdjacentElement$LWS, 'element'], [initDistortionElementInsertAdjacentHTML$LWS, 'element'], [initDistortionElementOuterHTMLSetter$LWS, 'element'], [initDistortionElementPrepend$LWS, 'element'], [initDistortionElementRemove$LWS, 'element'], [initDistortionElementReplaceChildren$LWS, 'element'], [initDistortionElementReplaceWith$LWS, 'element'], [initDistortionElementGetAttribute$LWS, 'attributes'], [initDistortionElementGetAttributeNode$LWS, 'attributes'], [initDistortionElementGetAttributeNodeNS$LWS, 'attributes'], [initDistortionElementGetAttributeNS$LWS, 'attributes'], [initDistortionElementSetAttribute$LWS, 'attributes'], [initDistortionElementSetAttributeNode$LWS, 'attributes'], [initDistortionElementSetAttributeNodeNS$LWS, 'attributes'], [initDistortionElementSetAttributeNS$LWS, 'attributes'], [initDistortionElementSetHTML$LWS, 'element'], [initDistortionElementToggleAttribute$LWS, 'attributes'], [initDistortionHTMLButtonElementFormActionSetter$LWS, 'form'], [initDistortionHTMLFormElementActionSetter$LWS, 'form'], [initDistortionHTMLInputElementFormActionSetter$LWS, 'form'], [initDistortionHistoryPushState$LWS, 'history'], [initDistortionHistoryReplaceState$LWS, 'history'], [initDistortionHTMLElementDatasetGetter$LWS, 'dataset'], [initDistortionHTMLElementStyleGetter$LWS, 'style'], [initDistortionHTMLScriptElementInnerTextGetter$LWS, 'script'], [initDistortionHTMLScriptElementInnerTextSetter$LWS, 'script'], [initDistortionHTMLScriptElementSrcGetter$LWS, 'script'], [initDistortionHTMLScriptElementSrcSetter$LWS, 'script'], [initDistortionHTMLScriptElementTextGetter$LWS, 'script'], [initDistortionHTMLScriptElementTextSetter$LWS, 'script'], [initDistortionIDBFactoryDatabases$LWS, 'indexedDB'], [initDistortionIDBFactoryDeleteDatabase$LWS, 'indexedDB'], [initDistortionIDBFactoryOpen$LWS, 'indexedDB'], [initDistortionIDBObjectStoreAdd$LWS, 'indexedDB'], [initDistortionIDBObjectStorePut$LWS, 'indexedDB'], [initDistortionLocalStorage$LWS, 'storage'], [initDistortionMessagePortPostMessage$LWS, 'postMessage'], [initDistortionIntersectionObserverObserve$LWS, 'observers'], [initDistortionMutationObserverObserve$LWS, 'mutationObserver'], [initDistortionPerformanceObserverObserve$LWS, 'observers'], [initDistortionResizeObserverObserve$LWS, 'observers'], [initDistortionNamedNodeMapSetNamedItem$LWS, 'attributes'], [initDistortionNamedNodeMapSetNamedItemNS$LWS, 'attributes'], [initDistortionNavigatorSendBeacon$LWS, 'navigatorSendBeacon'], [initDistortionObservableForEach$LWS, 'observable'], [initDistortionObservableSubscribe$LWS, 'observable'], [initDistortionNodeInsertBefore$LWS, 'node'], [initDistortionNodeRemoveChild$LWS, 'node'], [initDistortionNodeReplaceChild$LWS, 'node'], [initDistortionNodeTextContentGetter$LWS, 'node'], [initDistortionNodeTextContentSetter$LWS, 'node'], [initDistortionNodeValueSetter$LWS, 'node'], [initDistortionNotificationCtor$LWS, 'notification'], [initDistortionPerformanceMark$LWS, 'performance'], [initDistortionPerformanceMarkCtor$LWS, 'performance'], [initDistortionPerformanceMeasure$LWS, 'performance'], [initDistortionRangeCloneContents$LWS, 'range'], [initDistortionRangeCloneRange$LWS, 'range'], [initDistortionRangeCreateContextualFragment$LWS, 'range'], [initDistortionRangeDeleteContents$LWS, 'range'], [initDistortionRangeExtractContents$LWS, 'range'], [initDistortionRangeGetBoundingClientRect$LWS, 'range'], [initDistortionRangeInsertNode$LWS, 'range'], [initDistortionRangeSelectNode$LWS, 'range'], [initDistortionRangeSelectNodeContents$LWS, 'range'], [initDistortionRangeSetEnd$LWS, 'range'], [initDistortionRangeSetEndAfter$LWS, 'range'], [initDistortionRangeSetEndBefore$LWS, 'range'], [initDistortionRangeSetStart$LWS, 'range'], [initDistortionRangeSetStartAfter$LWS, 'range'], [initDistortionRangeSetStartBefore$LWS, 'range'], [initDistortionRangeSurroundContents$LWS, 'range'], [initDistortionRangeToString$LWS, 'range'], [initDistortionSelectionAnchorNodeGetter$LWS, 'selection'], [initDistortionSelectionCollapse$LWS, 'selection'], [initDistortionSelectionExtend$LWS, 'selection'], [initDistortionSelectionFocusNodeGetter$LWS, 'selection'], [initDistortionSelectionSelectAllChildren$LWS, 'selection'], [initDistortionSelectionSetBaseAndExtent$LWS, 'selection'], [initDistortionSelectionSetPosition$LWS, 'selection'], [initDistortionSelectionToString$LWS, 'selection'], [initDistortionSessionStorage$LWS, 'storage'], [initDistortionShadowRootInnerHTMLSetter$LWS, 'innerHTML'], [initDistortionStorage$LWS, 'storage'], [initDistortionStorageClear$LWS, 'storage'], [initDistortionStorageGetItem$LWS, 'storage'], [initDistortionStorageKey$LWS, 'storage'], [initDistortionStorageLength$LWS, 'storage'], [initDistortionStorageRemoveItem$LWS, 'storage'], [initDistortionStorageSetItem$LWS, 'storage'], [initDistortionSVGElementDatasetGetter$LWS, 'dataset'], [initDistortionSVGElementStyleGetter$LWS, 'style'], [initDistortionSVGAnimatedStringBaseValSetter$LWS, 'script'], [initDistortionSVGScriptElementHrefGetter$LWS, 'script'], [initDistortionSVGScriptElementHrefSetter$LWS, 'script'], [initDistortionWindowFetch$LWS, 'windowFetch'], [initDistortionWindowFetchLater$LWS, 'windowFetchLater'], [initDistortionWindowFramesGetter$LWS, 'windowFrames'], [initDistortionWindowGetComputedStyle$LWS, 'style'], [initDistortionWindowLengthGetter$LWS, 'windowFrames'], [initDistortionWindowNameGetter$LWS, 'windowName'], [initDistortionWindowNameSetter$LWS, 'windowName'], [initDistortionWindowPostMessage$LWS, 'postMessage'], [initDistortionWindowSetInterval$LWS, 'setInterval'], [initDistortionWindowSetTimeout$LWS, 'setTimeout'], [initDistortionXMLHttpRequestResponseGetter$LWS, 'xhr'], [initDistortionXMLHttpRequestResponseXMLGetter$LWS, 'xhr']]));
|
|
13733
|
+
const distortionFactoryInitializerToggleSwitches$LWS = toSafeMap$LWS$1(new MapCtor$LWS$1([[initDistortionBroadcastChannelCtor$LWS, 'broadcastChannel'], [initDistortionBroadcastChannelNameGetter$LWS, 'broadcastChannel'], [initDistortionCacheStorageDelete$LWS, 'caches'], [initDistortionCacheStorageHas$LWS, 'caches'], [initDistortionCacheStorageKeys$LWS, 'caches'], [initDistortionCacheStorageMatch$LWS, 'caches'], [initDistortionCacheStorageOpen$LWS, 'caches'], [initDistortionCookieStoreDelete$LWS, 'cookieStore'], [initDistortionCookieStoreGet$LWS, 'cookieStore'], [initDistortionCookieStoreGetAll$LWS, 'cookieStore'], [initDistortionCookieStoreOnChange$LWS, 'cookieStore'], [initDistortionCookieStoreSet$LWS, 'cookieStore'], [initDistortionCSSStyleRuleStyleGetter$LWS, 'style'], [initDistortionCustomElementRegistryDefine$LWS, 'customElements'], [initDistortionCustomElementRegistryGet$LWS, 'customElements'], [initDistortionCustomElementRegistryUpgrade$LWS, 'customElements'], [initDistortionCustomElementRegistryWhenDefined$LWS, 'customElements'], [initDistortionDocumentCookieGetter$LWS, 'documentCookie'], [initDistortionDocumentCookieSetter$LWS, 'documentCookie'], [initDistortionDocumentDomainSetter$LWS, 'documentDomain'], [initDistortionDocumentExecCommand$LWS, 'documentExecCommand'], [initDistortionDOMParserParseFromString$LWS, 'domParserParseFromString'], [initDistortionDOMTokenListAdd$LWS, 'domTokenList'], [initDistortionDOMTokenListReplace$LWS, 'domTokenList'], [initDistortionDOMTokenListToggle$LWS, 'domTokenList'], [initDistortionDOMTokenListValueSetter$LWS, 'domTokenList'], [initDistortionElementAfter$LWS, 'element'], [initDistortionElementAppend$LWS, 'element'], [initDistortionElementAttributesGetter$LWS, 'attributes'], [initDistortionElementBefore$LWS, 'element'], [initDistortionElementGetInnerHTML$LWS, 'innerHTML'], [initDistortionElementInnerHTMLSetter$LWS, 'innerHTML'], [initDistortionElementInsertAdjacentElement$LWS, 'element'], [initDistortionElementInsertAdjacentHTML$LWS, 'element'], [initDistortionElementOuterHTMLSetter$LWS, 'element'], [initDistortionElementPrepend$LWS, 'element'], [initDistortionElementRemove$LWS, 'element'], [initDistortionElementReplaceChildren$LWS, 'element'], [initDistortionElementReplaceWith$LWS, 'element'], [initDistortionElementGetAttribute$LWS, 'attributes'], [initDistortionElementGetAttributeNode$LWS, 'attributes'], [initDistortionElementGetAttributeNodeNS$LWS, 'attributes'], [initDistortionElementGetAttributeNS$LWS, 'attributes'], [initDistortionElementSetAttribute$LWS, 'attributes'], [initDistortionElementSetAttributeNode$LWS, 'attributes'], [initDistortionElementSetAttributeNodeNS$LWS, 'attributes'], [initDistortionElementSetAttributeNS$LWS, 'attributes'], [initDistortionElementRemoveAttribute$LWS, 'attributes'], [initDistortionElementRemoveAttributeNS$LWS, 'attributes'], [initDistortionElementRemoveAttributeNode$LWS, 'attributes'], [initDistortionElementSetHTML$LWS, 'element'], [initDistortionElementToggleAttribute$LWS, 'attributes'], [initDistortionHTMLButtonElementFormActionSetter$LWS, 'form'], [initDistortionHTMLFormElementActionSetter$LWS, 'form'], [initDistortionHTMLInputElementFormActionSetter$LWS, 'form'], [initDistortionHistoryPushState$LWS, 'history'], [initDistortionHistoryReplaceState$LWS, 'history'], [initDistortionHTMLElementDatasetGetter$LWS, 'dataset'], [initDistortionHTMLElementStyleGetter$LWS, 'style'], [initDistortionHTMLImageElementSrcSetter$LWS, 'networkSrc'], [initDistortionHTMLImageElementSrcsetSetter$LWS, 'networkSrc'], [initDistortionHTMLLinkElementHrefSetter$LWS, 'networkSrc'], [initDistortionHTMLMediaElementSrcSetter$LWS, 'networkSrc'], [initDistortionHTMLSourceElementSrcSetter$LWS, 'networkSrc'], [initDistortionHTMLSourceElementSrcsetSetter$LWS, 'networkSrc'], [initDistortionHTMLTrackElementSrcSetter$LWS, 'networkSrc'], [initDistortionHTMLScriptElementInnerTextGetter$LWS, 'script'], [initDistortionHTMLScriptElementInnerTextSetter$LWS, 'script'], [initDistortionHTMLScriptElementSrcGetter$LWS, 'script'], [initDistortionHTMLScriptElementSrcSetter$LWS, 'script'], [initDistortionHTMLScriptElementTextGetter$LWS, 'script'], [initDistortionHTMLScriptElementTextSetter$LWS, 'script'], [initDistortionIDBFactoryDatabases$LWS, 'indexedDB'], [initDistortionIDBFactoryDeleteDatabase$LWS, 'indexedDB'], [initDistortionIDBFactoryOpen$LWS, 'indexedDB'], [initDistortionIDBObjectStoreAdd$LWS, 'indexedDB'], [initDistortionIDBObjectStorePut$LWS, 'indexedDB'], [initDistortionLocalStorage$LWS, 'storage'], [initDistortionMessagePortPostMessage$LWS, 'postMessage'], [initDistortionIntersectionObserverObserve$LWS, 'observers'], [initDistortionMutationObserverObserve$LWS, 'mutationObserver'], [initDistortionPerformanceObserverObserve$LWS, 'observers'], [initDistortionResizeObserverObserve$LWS, 'observers'], [initDistortionAttrValueGetter$LWS, 'attributes'], [initDistortionAttrValueSetter$LWS, 'attributes'], [initDistortionNamedNodeMapGetNamedItem$LWS, 'attributes'], [initDistortionNamedNodeMapGetNamedItemNS$LWS, 'attributes'], [initDistortionNamedNodeMapRemoveNamedItem$LWS, 'attributes'], [initDistortionNamedNodeMapRemoveNamedItemNS$LWS, 'attributes'], [initDistortionNamedNodeMapSetNamedItem$LWS, 'attributes'], [initDistortionNamedNodeMapSetNamedItemNS$LWS, 'attributes'], [initDistortionNavigatorSendBeacon$LWS, 'navigatorSendBeacon'], [initDistortionObservableForEach$LWS, 'observable'], [initDistortionObservableSubscribe$LWS, 'observable'], [initDistortionNodeGetRootNode$LWS, 'node'], [initDistortionNodeInsertBefore$LWS, 'node'], [initDistortionNodeParentElementGetter$LWS, 'node'], [initDistortionNodeParentNodeGetter$LWS, 'node'], [initDistortionNodeRemoveChild$LWS, 'node'], [initDistortionNodeReplaceChild$LWS, 'node'], [initDistortionNodeTextContentGetter$LWS, 'node'], [initDistortionNodeTextContentSetter$LWS, 'node'], [initDistortionNodeValueSetter$LWS, 'node'], [initDistortionNotificationCtor$LWS, 'notification'], [initDistortionPerformanceMark$LWS, 'performance'], [initDistortionPerformanceMarkCtor$LWS, 'performance'], [initDistortionPerformanceMeasure$LWS, 'performance'], [initDistortionRangeCloneContents$LWS, 'range'], [initDistortionRangeCloneRange$LWS, 'range'], [initDistortionRangeCreateContextualFragment$LWS, 'range'], [initDistortionRangeDeleteContents$LWS, 'range'], [initDistortionRangeExtractContents$LWS, 'range'], [initDistortionRangeGetBoundingClientRect$LWS, 'range'], [initDistortionRangeInsertNode$LWS, 'range'], [initDistortionRangeSelectNode$LWS, 'range'], [initDistortionRangeSelectNodeContents$LWS, 'range'], [initDistortionRangeSetEnd$LWS, 'range'], [initDistortionRangeSetEndAfter$LWS, 'range'], [initDistortionRangeSetEndBefore$LWS, 'range'], [initDistortionRangeSetStart$LWS, 'range'], [initDistortionRangeSetStartAfter$LWS, 'range'], [initDistortionRangeSetStartBefore$LWS, 'range'], [initDistortionRangeSurroundContents$LWS, 'range'], [initDistortionRangeToString$LWS, 'range'], [initDistortionSelectionAnchorNodeGetter$LWS, 'selection'], [initDistortionSelectionCollapse$LWS, 'selection'], [initDistortionSelectionExtend$LWS, 'selection'], [initDistortionSelectionFocusNodeGetter$LWS, 'selection'], [initDistortionSelectionSelectAllChildren$LWS, 'selection'], [initDistortionSelectionSetBaseAndExtent$LWS, 'selection'], [initDistortionSelectionSetPosition$LWS, 'selection'], [initDistortionSelectionToString$LWS, 'selection'], [initDistortionSessionStorage$LWS, 'storage'], [initDistortionShadowRootInnerHTMLSetter$LWS, 'innerHTML'], [initDistortionStorage$LWS, 'storage'], [initDistortionStorageClear$LWS, 'storage'], [initDistortionStorageGetItem$LWS, 'storage'], [initDistortionStorageKey$LWS, 'storage'], [initDistortionStorageLength$LWS, 'storage'], [initDistortionStorageRemoveItem$LWS, 'storage'], [initDistortionStorageSetItem$LWS, 'storage'], [initDistortionSVGElementDatasetGetter$LWS, 'dataset'], [initDistortionSVGElementStyleGetter$LWS, 'style'], [initDistortionSVGAnimatedStringBaseValSetter$LWS, 'script'], [initDistortionSVGScriptElementHrefGetter$LWS, 'script'], [initDistortionSVGScriptElementHrefSetter$LWS, 'script'], [initDistortionWindowFetch$LWS, 'windowFetch'], [initDistortionWindowFetchLater$LWS, 'windowFetchLater'], [initDistortionWindowFramesGetter$LWS, 'windowFrames'], [initDistortionWindowGetComputedStyle$LWS, 'style'], [initDistortionWindowLengthGetter$LWS, 'windowFrames'], [initDistortionWindowNameGetter$LWS, 'windowName'], [initDistortionWindowNameSetter$LWS, 'windowName'], [initDistortionWindowPostMessage$LWS, 'postMessage'], [initDistortionWindowSetInterval$LWS, 'setInterval'], [initDistortionWindowSetTimeout$LWS, 'setTimeout'], [initDistortionXMLHttpRequestResponseGetter$LWS, 'xhr'], [initDistortionXMLHttpRequestResponseXMLGetter$LWS, 'xhr']]));
|
|
12032
13734
|
const DocumentBlockedProperties$LWS = ['parseHTMLUnsafe'];
|
|
12033
13735
|
const DocumentProtoBlockedProperties$LWS = ['createProcessingInstruction', 'exitFullscreen', 'fullscreen', 'fullscreenElement', 'fullscreenEnabled', 'mozCancelFullScreen', 'mozFullScreen', 'mozFullScreenElement', 'mozFullScreenEnabled', 'onfullscreenchange', 'onfullscreenerror', 'onmozfullscreenchange', 'onmozfullscreenerror', 'onrejectionhandled', 'onunhandledrejection', 'parseHTMLUnsafe', 'releaseCapture', 'releaseEvents', 'requestStorageAccess', 'webkitFullScreenKeyboardInputAllowed', 'write', 'writeln'];
|
|
12034
13736
|
const ElementProtoBlockedProperties$LWS = ['mozRequestFullScreen', 'onfullscreenchange', 'onfullscreenerror', 'requestFullscreen', 'webkitRequestFullScreen', 'webkitRequestFullscreen'];
|
|
12035
13737
|
const EventProtoBlockedProperties$LWS = ['originalTarget', 'explicitOriginalTarget'];
|
|
12036
13738
|
const HTMLElementBlockedAttributes$LWS = ['nonce'];
|
|
12037
13739
|
const HTMLElementProtoBlockedProperties$LWS = ['nonce', 'onrejectionhandled', 'onunhandledrejection'];
|
|
12038
|
-
const
|
|
13740
|
+
const HTMLEmbedElementBlockedAttributes$LWS = ['src'];
|
|
13741
|
+
const HTMLEmbedElementProtoBlockedProperties$LWS = ['getSVGDocument', 'src'];
|
|
12039
13742
|
|
|
12040
13743
|
// https://www.w3schools.com/tags/tag_iframe.asp
|
|
12041
13744
|
const HTMLIFrameElementBlockedAttributes$LWS = ['srcdoc'];
|
|
@@ -12048,7 +13751,7 @@ const SVGElementProtoBlockedProperties$LWS = ['nonce'];
|
|
|
12048
13751
|
const UIEventProtoBlockedProperties$LWS = ['rangeParent'];
|
|
12049
13752
|
const WindowBlockedProperties$LWS = ['find', 'requestFileSystem', 'webkitRequestFileSystem'];
|
|
12050
13753
|
const XSLTProcessorProtoBlockedProperties$LWS = ['transformToDocument', 'transformToFragment'];
|
|
12051
|
-
/*! version: 0.28.
|
|
13754
|
+
/*! version: 0.28.2 */
|
|
12052
13755
|
|
|
12053
13756
|
/*!
|
|
12054
13757
|
* Copyright (C) 2021 salesforce.com, inc.
|
|
@@ -12057,7 +13760,7 @@ let pdpSchema$LWS;
|
|
|
12057
13760
|
function getPdpSchema$LWS() {
|
|
12058
13761
|
return pdpSchema$LWS;
|
|
12059
13762
|
}
|
|
12060
|
-
/*! version: 0.28.
|
|
13763
|
+
/*! version: 0.28.2 */
|
|
12061
13764
|
|
|
12062
13765
|
/*!
|
|
12063
13766
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -12319,10 +14022,21 @@ function getDistortionFactories$LWS(record$LWS) {
|
|
|
12319
14022
|
const initializers$LWS = type$LWS === 1 /* SandboxType.Internal */ ?
|
|
12320
14023
|
// instanbul ignore next: coverage is collected on the external sandbox test run
|
|
12321
14024
|
ArrayConcat$LWS(internalDistortionFactoryInitializers$LWS, internalKeyedDistortionFactoryInitializers$LWS) : ArrayConcat$LWS(externalDistortionFactoryInitializers$LWS, externalKeyedDistortionFactoryInitializers$LWS);
|
|
12322
|
-
|
|
12323
|
-
|
|
12324
|
-
|
|
12325
|
-
|
|
14025
|
+
addBlockedAttributeSetterDistortionFactoryInitializers$LWS(HTMLElement$LWS, 'HTMLElement', HTMLElementBlockedAttributes$LWS, initializers$LWS);
|
|
14026
|
+
addBlockedAttributeSetterDistortionFactoryInitializers$LWS(HTMLEmbedElement, 'HTMLEmbedElement', HTMLEmbedElementBlockedAttributes$LWS, initializers$LWS);
|
|
14027
|
+
addBlockedAttributeSetterDistortionFactoryInitializers$LWS(HTMLIFrameElement$LWS, 'HTMLIFrameElement', HTMLIFrameElementBlockedAttributes$LWS, initializers$LWS);
|
|
14028
|
+
addBlockedAttributeSetterDistortionFactoryInitializers$LWS(HTMLScriptElement$LWS, 'HTMLScriptElement', HTMLScriptElementBlockedAttributes$LWS, initializers$LWS);
|
|
14029
|
+
addBlockedAttributeSetterDistortionFactoryInitializers$LWS(SVGElement$LWS, 'SVGElement', SVGElementBlockedAttributes$LWS, initializers$LWS);
|
|
14030
|
+
// Read-side block list: only the subset of write-blocked attributes that
|
|
14031
|
+
// ALSO must not be readable. Today this is `nonce` only; attributes like
|
|
14032
|
+
// `srcdoc` (HTMLIFrameElement) and `src` (HTMLEmbedElement) are
|
|
14033
|
+
// write-blocked but legitimately readable, so they must NOT be added
|
|
14034
|
+
// here. Closes previously-leaking surfaces (NamedNodeMap subscript,
|
|
14035
|
+
// getNamedItem(NS), Attr.value) for the read-blocked subset.
|
|
14036
|
+
const READ_BLOCKED_NONCE$LWS = ['nonce'];
|
|
14037
|
+
addBlockedAttributeGetterDistortionFactoryInitializers$LWS(HTMLElement$LWS, READ_BLOCKED_NONCE$LWS, initializers$LWS);
|
|
14038
|
+
addBlockedAttributeGetterDistortionFactoryInitializers$LWS(HTMLScriptElement$LWS, READ_BLOCKED_NONCE$LWS, initializers$LWS);
|
|
14039
|
+
addBlockedAttributeGetterDistortionFactoryInitializers$LWS(SVGElement$LWS, READ_BLOCKED_NONCE$LWS, initializers$LWS);
|
|
12326
14040
|
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, DataTransfer.prototype, DataTransferProtoBlockedProperties$LWS, initializers$LWS);
|
|
12327
14041
|
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, Document$LWS, DocumentBlockedProperties$LWS, initializers$LWS);
|
|
12328
14042
|
addBlockedPropertyDistortionFactoryInitializers$LWS(record$LWS, Document$LWS.prototype, DocumentProtoBlockedProperties$LWS, initializers$LWS);
|
|
@@ -12365,7 +14079,9 @@ function getDistortionFactories$LWS(record$LWS) {
|
|
|
12365
14079
|
}
|
|
12366
14080
|
// Finalize attribute distortions last because the attribute registry is
|
|
12367
14081
|
// populated by the other distortion factories.
|
|
12368
|
-
factories$LWS[factories$LWS.length] =
|
|
14082
|
+
factories$LWS[factories$LWS.length] = finalizeAttributeSetterDistortions$LWS;
|
|
14083
|
+
// Finalize attribute getters (read-side registry) for the same reason.
|
|
14084
|
+
factories$LWS[factories$LWS.length] = finalizeAttributeGetterDistortions$LWS;
|
|
12369
14085
|
distortionFactoriesCache$LWS.set(document$LWS, factories$LWS);
|
|
12370
14086
|
return factories$LWS;
|
|
12371
14087
|
}
|
|
@@ -13632,6 +15348,7 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
|
|
|
13632
15348
|
const {
|
|
13633
15349
|
distortionCallback: distortionCallback$LWS,
|
|
13634
15350
|
liveTargetCallback: liveTargetCallback$LWS,
|
|
15351
|
+
protectDistortions: protectDistortions$LWS,
|
|
13635
15352
|
revokedProxyCallback: revokedProxyCallback$LWS
|
|
13636
15353
|
// eslint-disable-next-line prefer-object-spread
|
|
13637
15354
|
} = ObjectAssign$LWS({
|
|
@@ -15767,6 +17484,25 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
|
|
|
15767
17484
|
targetPointer$LWS();
|
|
15768
17485
|
const target$LWS = selectedTarget$LWS;
|
|
15769
17486
|
selectedTarget$LWS = undefined;
|
|
17487
|
+
if (protectDistortions$LWS && distortionCallback$LWS) {
|
|
17488
|
+
let safeDesc$LWS;
|
|
17489
|
+
try {
|
|
17490
|
+
safeDesc$LWS = ReflectGetOwnPropertyDescriptor$LWS(target$LWS, key$LWS);
|
|
17491
|
+
} catch (error) {
|
|
17492
|
+
throw pushErrorAcrossBoundary$LWS(error);
|
|
17493
|
+
}
|
|
17494
|
+
if (safeDesc$LWS) {
|
|
17495
|
+
ReflectSetPrototypeOf$LWS(safeDesc$LWS, null);
|
|
17496
|
+
const {
|
|
17497
|
+
get: getter$LWS,
|
|
17498
|
+
set: setter$LWS,
|
|
17499
|
+
value: value$LWS
|
|
17500
|
+
} = safeDesc$LWS;
|
|
17501
|
+
if (typeof getter$LWS === 'function' && distortionCallback$LWS(getter$LWS) !== getter$LWS || typeof setter$LWS === 'function' && distortionCallback$LWS(setter$LWS) !== setter$LWS || (typeof value$LWS === 'object' && value$LWS !== null || typeof value$LWS === 'function') && distortionCallback$LWS(value$LWS) !== value$LWS) {
|
|
17502
|
+
throw pushErrorAcrossBoundary$LWS(new TypeErrorCtor$LWS('Cannot delete property with a distortion.'));
|
|
17503
|
+
}
|
|
17504
|
+
}
|
|
17505
|
+
}
|
|
15770
17506
|
try {
|
|
15771
17507
|
return ReflectDeleteProperty$LWS(target$LWS, key$LWS);
|
|
15772
17508
|
} catch (error) {
|
|
@@ -16449,6 +18185,7 @@ class VirtualEnvironment$LWS {
|
|
|
16449
18185
|
distortionCallback: distortionCallback$LWS,
|
|
16450
18186
|
instrumentation: instrumentation$LWS,
|
|
16451
18187
|
liveTargetCallback: liveTargetCallback$LWS,
|
|
18188
|
+
protectDistortions: protectDistortions$LWS,
|
|
16452
18189
|
revokedProxyCallback: revokedProxyCallback$LWS,
|
|
16453
18190
|
signSourceCallback: signSourceCallback$LWS
|
|
16454
18191
|
// eslint-disable-next-line prefer-object-spread
|
|
@@ -16462,6 +18199,7 @@ class VirtualEnvironment$LWS {
|
|
|
16462
18199
|
distortionCallback: distortionCallback$LWS,
|
|
16463
18200
|
instrumentation: instrumentation$LWS,
|
|
16464
18201
|
liveTargetCallback: liveTargetCallback$LWS,
|
|
18202
|
+
protectDistortions: protectDistortions$LWS,
|
|
16465
18203
|
revokedProxyCallback: revokedProxyCallback$LWS
|
|
16466
18204
|
});
|
|
16467
18205
|
const {
|
|
@@ -16641,6 +18379,7 @@ class VirtualEnvironment$LWS {
|
|
|
16641
18379
|
}
|
|
16642
18380
|
}
|
|
16643
18381
|
lazyRemapProperties(target$LWS, ownKeys$LWS, unforgeableGlobalThisKeys$LWS) {
|
|
18382
|
+
// istanbul ignore else: primitive targets are silently ignored
|
|
16644
18383
|
if (typeof target$LWS === 'object' && target$LWS !== null || typeof target$LWS === 'function') {
|
|
16645
18384
|
const args$LWS = [this.blueGetTransferableValue(target$LWS)];
|
|
16646
18385
|
ReflectApply$LWS(ArrayProtoPush$LWS, args$LWS, ownKeys$LWS);
|
|
@@ -16807,8 +18546,10 @@ function assignFilteredGlobalDescriptorsFromPropertyDescriptorMap$LWS(descs$LWS,
|
|
|
16807
18546
|
// Avoid overriding ECMAScript global names that correspond to
|
|
16808
18547
|
// global intrinsics. This guarantee that those entries will be
|
|
16809
18548
|
// ignored if present in the source property descriptor map.
|
|
18549
|
+
// istanbul ignore else: ES intrinsic names are intentionally skipped
|
|
16810
18550
|
if (!ESGlobalsAndReflectiveIntrinsicObjectNames$LWS.includes(ownKey$LWS)) {
|
|
16811
18551
|
const unsafeDesc$LWS = source$LWS[ownKey$LWS];
|
|
18552
|
+
// istanbul ignore else: no action needed when unsafeDesc is falsy
|
|
16812
18553
|
if (unsafeDesc$LWS) {
|
|
16813
18554
|
// Avoid poisoning by only installing own properties from
|
|
16814
18555
|
// unsafeDesc. We don't use a toSafeDescriptor() style helper
|
|
@@ -16847,6 +18588,7 @@ function linkIntrinsics$LWS(env$LWS, globalObject$LWS) {
|
|
|
16847
18588
|
} = ReflectiveIntrinsicObjectNames$LWS; i$LWS < length$LWS; i$LWS += 1) {
|
|
16848
18589
|
const globalName$LWS = ReflectiveIntrinsicObjectNames$LWS[i$LWS];
|
|
16849
18590
|
const reflectiveValue$LWS = globalObject$LWS[globalName$LWS];
|
|
18591
|
+
// istanbul ignore else: all standard reflective intrinsics exist at runtime
|
|
16850
18592
|
if (reflectiveValue$LWS) {
|
|
16851
18593
|
// Proxy.prototype is undefined.
|
|
16852
18594
|
if (reflectiveValue$LWS.prototype) {
|
|
@@ -16991,6 +18733,7 @@ function createIframeVirtualEnvironment$LWS(globalObject$LWS, providedOptions$LW
|
|
|
16991
18733
|
keepAlive: keepAlive$LWS = true,
|
|
16992
18734
|
liveTargetCallback: liveTargetCallback$LWS,
|
|
16993
18735
|
maxPerfMode: maxPerfMode$LWS = false,
|
|
18736
|
+
protectDistortions: protectDistortions$LWS = false,
|
|
16994
18737
|
signSourceCallback: signSourceCallback$LWS
|
|
16995
18738
|
// eslint-disable-next-line prefer-object-spread
|
|
16996
18739
|
} = ObjectAssign$LWS({
|
|
@@ -17006,6 +18749,7 @@ function createIframeVirtualEnvironment$LWS(globalObject$LWS, providedOptions$LW
|
|
|
17006
18749
|
blueCreateHooksCallbackCache$LWS.set(blueRefs$LWS.document, blueConnector$LWS);
|
|
17007
18750
|
}
|
|
17008
18751
|
// Install default TrustedTypes policy in the virtual environment.
|
|
18752
|
+
// istanbul ignore next: requires both trustedTypes API (unavailable in jsdom) and a defaultPolicy option
|
|
17009
18753
|
// @ts-ignore trustedTypes does not exist on GlobalObject
|
|
17010
18754
|
if (typeof redWindow$LWS.trustedTypes !== 'undefined' && isObject$LWS(defaultPolicy$LWS)) {
|
|
17011
18755
|
// @ts-ignore trustedTypes does not exist on GlobalObject
|
|
@@ -17020,6 +18764,7 @@ function createIframeVirtualEnvironment$LWS(globalObject$LWS, providedOptions$LW
|
|
|
17020
18764
|
distortionCallback: distortionCallback$LWS,
|
|
17021
18765
|
instrumentation: instrumentation$LWS,
|
|
17022
18766
|
liveTargetCallback: liveTargetCallback$LWS,
|
|
18767
|
+
protectDistortions: protectDistortions$LWS,
|
|
17023
18768
|
revokedProxyCallback: keepAlive$LWS ? revokedProxyCallback$LWS : undefined,
|
|
17024
18769
|
signSourceCallback: signSourceCallback$LWS
|
|
17025
18770
|
});
|
|
@@ -17027,6 +18772,7 @@ function createIframeVirtualEnvironment$LWS(globalObject$LWS, providedOptions$LW
|
|
|
17027
18772
|
// window
|
|
17028
18773
|
// window.document
|
|
17029
18774
|
// In browsers globalThis is === window.
|
|
18775
|
+
// istanbul ignore next: coverage never runs where globalThis !== window
|
|
17030
18776
|
if (typeof globalThis === 'undefined') {
|
|
17031
18777
|
// Support for globalThis was added in Chrome 71.
|
|
17032
18778
|
// However, environments like Android emulators are running Chrome 69.
|
|
@@ -17072,6 +18818,7 @@ function createIframeVirtualEnvironment$LWS(globalObject$LWS, providedOptions$LW
|
|
|
17072
18818
|
ReflectApply$LWS(DocumentProtoOpen$LWS, redDocument$LWS, []);
|
|
17073
18819
|
ReflectApply$LWS(DocumentProtoClose$LWS, redDocument$LWS, []);
|
|
17074
18820
|
} else {
|
|
18821
|
+
// istanbul ignore next: coverage never runs in old Chromium (<v86)
|
|
17075
18822
|
if (IS_OLD_CHROMIUM_BROWSER$LWS) {
|
|
17076
18823
|
// For Chromium < v86 browsers we evaluate the `window` object to
|
|
17077
18824
|
// kickstart the realm so that `window` persists when the iframe is
|
|
@@ -17407,7 +19154,7 @@ function toSourceText$LWS(value$LWS, sourceType$LWS) {
|
|
|
17407
19154
|
// tools from mistaking the regexp or the replacement string for an
|
|
17408
19155
|
// actual source mapping URL.
|
|
17409
19156
|
/\/\/# sandbox(?=MappingURL=.*?\s*$)/, '//# source']);
|
|
17410
|
-
sourceText$LWS = `\n//# LWS Version = "0.28.
|
|
19157
|
+
sourceText$LWS = `\n//# LWS Version = "0.28.2"\n${sourceText$LWS}`;
|
|
17411
19158
|
return sourceType$LWS === 1 /* SourceType.Module */ && indexOfPragma$LWS(sourceText$LWS, 'use strict') === -1 ?
|
|
17412
19159
|
// Append "'use strict'" to the extracted function body so it is
|
|
17413
19160
|
// evaluated in strict mode.
|
|
@@ -18241,7 +19988,7 @@ function wrapPlatformResourceLoader$LWS(dep$LWS, key$LWS) {
|
|
|
18241
19988
|
depRegistry$LWS.set(dep$LWS, secureDep$LWS);
|
|
18242
19989
|
return secureDep$LWS;
|
|
18243
19990
|
}
|
|
18244
|
-
/*! version: 0.28.
|
|
19991
|
+
/*! version: 0.28.2 */
|
|
18245
19992
|
|
|
18246
19993
|
export { $LWS, CORE_SANDBOX_KEY$LWS as CORE_SANDBOX_KEY, createRootWindowSandboxRecord$LWS as createRootWindowSandboxRecord, evaluateFunction$LWS as evaluateFunction, evaluateInCoreSandbox$LWS as evaluateInCoreSandbox, evaluateInSandbox$LWS as evaluateInSandbox, trusted, wrapDependency$LWS as wrapDependency };
|
|
18247
19994
|
//# sourceMappingURL=lockerSandbox.js.map
|