@lwrjs/client-modules 0.5.11-alpha.2 → 0.5.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -96,13 +96,11 @@ const {
|
|
|
96
96
|
|
|
97
97
|
const FunctionBind = (func, thisArg) => ReflectApply$3(FunctionProtoBind, func, [thisArg]);
|
|
98
98
|
|
|
99
|
-
const {
|
|
100
|
-
create: ObjectCreate$1
|
|
101
|
-
} = Object;
|
|
102
99
|
const {
|
|
103
100
|
ownKeys: ReflectOwnKeys$2,
|
|
104
101
|
setPrototypeOf: ReflectSetPrototypeOf$2
|
|
105
102
|
} = Reflect;
|
|
103
|
+
const getTimestamp = typeof performance === 'undefined' ? DateNow : FunctionBind(performance.now, performance);
|
|
106
104
|
|
|
107
105
|
function isObject(value) {
|
|
108
106
|
return typeof value === 'object' && value !== null;
|
|
@@ -113,17 +111,24 @@ function isObjectLike(value) {
|
|
|
113
111
|
}
|
|
114
112
|
|
|
115
113
|
function shallowCloneOptions(options) {
|
|
116
|
-
const
|
|
117
|
-
const clone =
|
|
114
|
+
const ownKeys = ReflectOwnKeys$2(options);
|
|
115
|
+
const clone = {
|
|
116
|
+
__proto__: null
|
|
117
|
+
};
|
|
118
118
|
|
|
119
|
-
for (let i = 0, len =
|
|
120
|
-
const key =
|
|
119
|
+
for (let i = 0, len = ownKeys.length; i < len; i += 1) {
|
|
120
|
+
const key = ownKeys[i];
|
|
121
121
|
clone[key] = options[key];
|
|
122
122
|
}
|
|
123
123
|
|
|
124
124
|
return clone;
|
|
125
125
|
}
|
|
126
126
|
|
|
127
|
+
function toSafeDescriptor(desc) {
|
|
128
|
+
ReflectSetPrototypeOf$2(desc, null);
|
|
129
|
+
return desc;
|
|
130
|
+
}
|
|
131
|
+
|
|
127
132
|
function toSafeDescriptorMap(descriptorMap) {
|
|
128
133
|
// Descriptor maps are not susceptible to Object.prototype pollution because
|
|
129
134
|
// the internal operation uses [[OwnPropertyKeys]]:
|
|
@@ -131,17 +136,20 @@ function toSafeDescriptorMap(descriptorMap) {
|
|
|
131
136
|
//
|
|
132
137
|
// However, their descriptors are because the internal operation uses
|
|
133
138
|
// [[HasProperty]]: https://tc39.es/ecma262/#sec-topropertydescriptor.
|
|
134
|
-
const
|
|
139
|
+
const ownKeys = ReflectOwnKeys$2(descriptorMap);
|
|
135
140
|
|
|
136
|
-
for (let i = 0, len =
|
|
137
|
-
|
|
141
|
+
for (let i = 0, len = ownKeys.length; i < len; i += 1) {
|
|
142
|
+
toSafeDescriptor(descriptorMap[ownKeys[i]]);
|
|
138
143
|
}
|
|
139
144
|
|
|
140
145
|
return descriptorMap;
|
|
141
146
|
}
|
|
142
147
|
|
|
143
|
-
const
|
|
144
|
-
|
|
148
|
+
const ZERO_WIDTH_JOINER = '\u200D';
|
|
149
|
+
const LOCKER_IDENTIFIER_MARKER = `$LWS${ZERO_WIDTH_JOINER}`;
|
|
150
|
+
const SANDBOX_EVAL_CONTEXT_NAME = '$lockerEvalContext$';
|
|
151
|
+
const SANDBOX_EVAL_HELPERS_NAME = '$lockerEvalHelpers$';
|
|
152
|
+
const UNCOMPILED_LOCATION_NAME = `uncompiledLocation${LOCKER_IDENTIFIER_MARKER}`;
|
|
145
153
|
const {
|
|
146
154
|
// eslint-disable-next-line @typescript-eslint/naming-convention
|
|
147
155
|
__lookupGetter__: ObjectProto__lookupGetter__$1,
|
|
@@ -219,20 +227,20 @@ function maskDistortion(distortedFunc, rawFunc) {
|
|
|
219
227
|
}
|
|
220
228
|
|
|
221
229
|
function createRevokedProxy(object) {
|
|
222
|
-
|
|
230
|
+
// @ts-ignore: TS doesn't like null as a ProxyHandler.
|
|
231
|
+
const revocable = ProxyRevocable(object, {
|
|
232
|
+
__proto__: null
|
|
233
|
+
});
|
|
223
234
|
revocable.revoke();
|
|
224
235
|
return revocable.proxy;
|
|
225
236
|
}
|
|
226
|
-
/* eslint-disable max-classes-per-file */
|
|
227
|
-
|
|
228
237
|
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
class LockerSecurityError extends Error {}
|
|
238
|
+
class LockerSecurityError extends Error {
|
|
239
|
+
constructor(message) {
|
|
240
|
+
super(`Lightning Web Security: ${message}`);
|
|
241
|
+
}
|
|
234
242
|
|
|
235
|
-
|
|
243
|
+
}
|
|
236
244
|
|
|
237
245
|
const {
|
|
238
246
|
parse: JSONParse,
|
|
@@ -246,10 +254,9 @@ const LIVE_OBJECT_SYMBOL = SymbolFor('@@lockerLiveValue'); // This is used by pa
|
|
|
246
254
|
|
|
247
255
|
function markLiveObject$1(object) {
|
|
248
256
|
ReflectDefineProperty(object, LIVE_OBJECT_SYMBOL, {
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
writable: false
|
|
257
|
+
// @ts-ignore: TS doesn't like __proto__ on property descriptors.
|
|
258
|
+
__proto__: null,
|
|
259
|
+
value: undefined
|
|
253
260
|
});
|
|
254
261
|
return object;
|
|
255
262
|
}
|
|
@@ -257,12 +264,23 @@ function markLiveObject$1(object) {
|
|
|
257
264
|
function isLiveObject(object) {
|
|
258
265
|
return ObjectHasOwnProperty(object, LIVE_OBJECT_SYMBOL);
|
|
259
266
|
}
|
|
267
|
+
|
|
268
|
+
function liveObjectFromGetter(originalGetter, target) {
|
|
269
|
+
const object = ReflectApply$3(originalGetter, target, []);
|
|
270
|
+
|
|
271
|
+
if (isLiveObject(object)) {
|
|
272
|
+
return object;
|
|
273
|
+
}
|
|
274
|
+
|
|
275
|
+
return markLiveObject$1(object);
|
|
276
|
+
}
|
|
260
277
|
/**
|
|
261
|
-
*
|
|
262
|
-
* when setting properties, which would be broken by a Define Property
|
|
263
|
-
*
|
|
264
|
-
*
|
|
265
|
-
*
|
|
278
|
+
* MAGIC_OBJECT_SYMBOL is used to mark objects that have magical side effects
|
|
279
|
+
* when setting properties, which would be broken by a Define Property operation.
|
|
280
|
+
* For example, the `style` object of an HTMLElement in Safari <= 14. This marker
|
|
281
|
+
* is a signal to the membrane that it must use a Set operation, instead of a
|
|
282
|
+
* Define Property operation.
|
|
283
|
+
*
|
|
266
284
|
*/
|
|
267
285
|
|
|
268
286
|
|
|
@@ -270,10 +288,9 @@ const MAGIC_OBJECT_SYMBOL = SymbolFor('@@lockerMagicValue');
|
|
|
270
288
|
|
|
271
289
|
function markMagicObject(object) {
|
|
272
290
|
ReflectDefineProperty(object, MAGIC_OBJECT_SYMBOL, {
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
writable: false
|
|
291
|
+
// @ts-ignore: TS doesn't like __proto__ on property descriptors.
|
|
292
|
+
__proto__: null,
|
|
293
|
+
value: undefined
|
|
277
294
|
});
|
|
278
295
|
return object;
|
|
279
296
|
}
|
|
@@ -304,12 +321,14 @@ function MapSet(map, key, value) {
|
|
|
304
321
|
}
|
|
305
322
|
|
|
306
323
|
const MathMin = Math.min;
|
|
324
|
+
|
|
307
325
|
const {
|
|
308
326
|
then: PromiseProtoThen
|
|
309
327
|
} = Promise.prototype;
|
|
328
|
+
const PromiseReject = Promise.reject.bind(Promise);
|
|
310
329
|
|
|
311
330
|
function PromiseThen(promise, ...args) {
|
|
312
|
-
return ReflectApply$3(PromiseProtoThen, promise,
|
|
331
|
+
return ReflectApply$3(PromiseProtoThen, promise, args);
|
|
313
332
|
}
|
|
314
333
|
|
|
315
334
|
const StringCtor = String;
|
|
@@ -320,7 +339,6 @@ const {
|
|
|
320
339
|
replace: StringProtoReplace,
|
|
321
340
|
slice: StringProtoSlice$1,
|
|
322
341
|
split: StringProtoSplit,
|
|
323
|
-
substring: StringProtoSubstring,
|
|
324
342
|
startsWith: StringProtoStartsWith,
|
|
325
343
|
toLowerCase: StringProtoToLowerCase,
|
|
326
344
|
toUpperCase: StringProtoToUpperCase$1
|
|
@@ -350,27 +368,32 @@ function StringSplit(str, ...args) {
|
|
|
350
368
|
return ReflectApply$3(StringProtoSplit, str, args);
|
|
351
369
|
}
|
|
352
370
|
|
|
353
|
-
function StringSubstring(str, ...args) {
|
|
354
|
-
return ReflectApply$3(StringProtoSubstring, str, args);
|
|
355
|
-
}
|
|
356
|
-
|
|
357
371
|
function StringStartsWith(str, ...args) {
|
|
358
372
|
return ReflectApply$3(StringProtoStartsWith, str, args);
|
|
359
373
|
}
|
|
360
374
|
|
|
361
375
|
function StringToLowerCase(str) {
|
|
362
|
-
return ReflectApply$3(StringProtoToLowerCase, str,
|
|
376
|
+
return ReflectApply$3(StringProtoToLowerCase, str, []);
|
|
363
377
|
}
|
|
364
378
|
|
|
365
379
|
function StringToUpperCase(str) {
|
|
366
|
-
return ReflectApply$3(StringProtoToUpperCase$1, str,
|
|
380
|
+
return ReflectApply$3(StringProtoToUpperCase$1, str, []);
|
|
367
381
|
}
|
|
368
382
|
|
|
369
|
-
function
|
|
370
|
-
|
|
383
|
+
function capitalizeFirstChar$1(str) {
|
|
384
|
+
const {
|
|
385
|
+
length
|
|
386
|
+
} = str;
|
|
387
|
+
|
|
388
|
+
if (!length) {
|
|
389
|
+
return str;
|
|
390
|
+
}
|
|
391
|
+
|
|
392
|
+
const upper = StringToUpperCase(str[0]);
|
|
393
|
+
return length === 1 ? upper : upper + StringSlice(str, 1);
|
|
371
394
|
}
|
|
372
395
|
|
|
373
|
-
function toString(value) {
|
|
396
|
+
function toString$1(value) {
|
|
374
397
|
try {
|
|
375
398
|
return StringCtor(value);
|
|
376
399
|
} catch (_unused) {
|
|
@@ -379,7 +402,7 @@ function toString(value) {
|
|
|
379
402
|
}
|
|
380
403
|
|
|
381
404
|
function toStringIfNotNullOrUndefined(value) {
|
|
382
|
-
return value === null || value === undefined ? value : toString(value);
|
|
405
|
+
return value === null || value === undefined ? value : toString$1(value);
|
|
383
406
|
}
|
|
384
407
|
|
|
385
408
|
const {
|
|
@@ -387,7 +410,7 @@ const {
|
|
|
387
410
|
} = RegExp.prototype;
|
|
388
411
|
|
|
389
412
|
function RegExpTest(regexp, content) {
|
|
390
|
-
return ReflectApply$3(RegExpProtoTest, regexp, [toString(content)]);
|
|
413
|
+
return ReflectApply$3(RegExpProtoTest, regexp, [toString$1(content)]);
|
|
391
414
|
}
|
|
392
415
|
|
|
393
416
|
|
|
@@ -440,7 +463,7 @@ function WeakMapGet(weakMap, key) {
|
|
|
440
463
|
function WeakMapSet(weakMap, key, value) {
|
|
441
464
|
return ReflectApply$3(WeakMapProtoSet$1, weakMap, [key, value]);
|
|
442
465
|
}
|
|
443
|
-
/*! version: 0.14.
|
|
466
|
+
/*! version: 0.14.26 */
|
|
444
467
|
|
|
445
468
|
/*!
|
|
446
469
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -472,6 +495,34 @@ function AttrValueGetter(attr) {
|
|
|
472
495
|
function AttrValueSetter(attr, value) {
|
|
473
496
|
ReflectApply$3(AttrProtoValueSetter, attr, [value]);
|
|
474
497
|
}
|
|
498
|
+
/*! *****************************************************************************
|
|
499
|
+
Copyright (c) Microsoft Corporation.
|
|
500
|
+
|
|
501
|
+
Permission to use, copy, modify, and/or distribute this software for any
|
|
502
|
+
purpose with or without fee is hereby granted.
|
|
503
|
+
|
|
504
|
+
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
|
|
505
|
+
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
506
|
+
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
507
|
+
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
508
|
+
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
|
|
509
|
+
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
510
|
+
PERFORMANCE OF THIS SOFTWARE.
|
|
511
|
+
***************************************************************************** */
|
|
512
|
+
|
|
513
|
+
|
|
514
|
+
function __classPrivateFieldGet$1(receiver, state, kind, f) {
|
|
515
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
516
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
517
|
+
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
518
|
+
}
|
|
519
|
+
|
|
520
|
+
function __classPrivateFieldSet$1(receiver, state, value, kind, f) {
|
|
521
|
+
if (kind === "m") throw new TypeError("Private method is not writable");
|
|
522
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
|
|
523
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
|
|
524
|
+
return kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value), value;
|
|
525
|
+
}
|
|
475
526
|
|
|
476
527
|
const {
|
|
477
528
|
get: DocumentProtoCookieGetter,
|
|
@@ -484,7 +535,9 @@ const {
|
|
|
484
535
|
getElementById: DocumentProtoGetElementById
|
|
485
536
|
} = Document.prototype;
|
|
486
537
|
const DocumentProtoBodyGetter$1 = ObjectLookupOwnGetter$1(Document.prototype, 'body');
|
|
538
|
+
const DocumentProtoDocumentElementGetter = ObjectLookupOwnGetter$1(Document.prototype, 'documentElement');
|
|
487
539
|
const DocumentProtoHeadGetter = ObjectLookupOwnGetter$1(Document.prototype, 'head');
|
|
540
|
+
const DocumentProtoImplementationGetter = ObjectLookupOwnGetter$1(Document.prototype, 'implementation');
|
|
488
541
|
const {
|
|
489
542
|
execCommand: DocumentProtoExecCommand
|
|
490
543
|
} = Document.prototype;
|
|
@@ -501,6 +554,10 @@ function DocumentCookieSetter(doc, newCookie) {
|
|
|
501
554
|
ReflectApply$3(DocumentProtoCookieSetter, doc, [newCookie]);
|
|
502
555
|
}
|
|
503
556
|
|
|
557
|
+
function DocumentImplementation(doc) {
|
|
558
|
+
return ReflectApply$3(DocumentProtoImplementationGetter, doc, emptyArray$1);
|
|
559
|
+
}
|
|
560
|
+
|
|
504
561
|
function DocumentCreateComment(doc, data = '') {
|
|
505
562
|
return ReflectApply$3(DocumentProtoCreateComment, doc, [data]);
|
|
506
563
|
}
|
|
@@ -513,6 +570,10 @@ function DocumentCreateElementNS(doc, ...args) {
|
|
|
513
570
|
return ReflectApply$3(DocumentProtoCreateElementNS, doc, args);
|
|
514
571
|
}
|
|
515
572
|
|
|
573
|
+
function DocumentDocumentElementGetter(doc) {
|
|
574
|
+
return ReflectApply$3(DocumentProtoDocumentElementGetter, doc, emptyArray$1);
|
|
575
|
+
}
|
|
576
|
+
|
|
516
577
|
function DocumentGetElementById(doc, id) {
|
|
517
578
|
return ReflectApply$3(DocumentProtoGetElementById, doc, [id]);
|
|
518
579
|
}
|
|
@@ -531,7 +592,6 @@ function nsCookieRootKey(ns) {
|
|
|
531
592
|
|
|
532
593
|
const {
|
|
533
594
|
attachShadow: ElementProtoAttachShadow,
|
|
534
|
-
insertAdjacentHTML: ElementProtoInsertAdjacentHTML,
|
|
535
595
|
setAttribute: ElementProtoSetAttribute$1,
|
|
536
596
|
setAttributeNS: ElementProtoSetAttributeNS,
|
|
537
597
|
setAttributeNode: ElementProtoSetAttributeNode
|
|
@@ -554,6 +614,7 @@ const {
|
|
|
554
614
|
set: ElementProtoOuterHTMLSetter
|
|
555
615
|
} = ReflectGetOwnPropertyDescriptor$1(Element.prototype, 'outerHTML');
|
|
556
616
|
const ElementProtoAttributesGetter = ObjectLookupOwnGetter$1(Element.prototype, 'attributes');
|
|
617
|
+
const ElementProtoGetNamespaceURI = ObjectLookupOwnGetter$1(Element.prototype, 'namespaceURI');
|
|
557
618
|
|
|
558
619
|
function ElementClosest(el, selectors) {
|
|
559
620
|
return ReflectApply$3(ElementProtoClosest, el, [selectors]);
|
|
@@ -615,6 +676,10 @@ function ElementSetAttributeNS(el, namespace, name, value) {
|
|
|
615
676
|
return ReflectApply$3(ElementProtoSetAttributeNS, el, [namespace, name, value]);
|
|
616
677
|
}
|
|
617
678
|
|
|
679
|
+
function ElementGetNamespaceURI(el) {
|
|
680
|
+
return ReflectApply$3(ElementProtoGetNamespaceURI, el, emptyArray$1);
|
|
681
|
+
}
|
|
682
|
+
|
|
618
683
|
const HTMLTemplateElementProtoContentGetter = ObjectLookupOwnGetter$1(HTMLTemplateElement.prototype, 'content');
|
|
619
684
|
|
|
620
685
|
function HTMLTemplateElementContentGetter(template) {
|
|
@@ -671,11 +736,7 @@ function NodeTextContentSetter(node, textContent) {
|
|
|
671
736
|
ReflectApply$3(NodeProtoTextContentSetter, node, [textContent]);
|
|
672
737
|
}
|
|
673
738
|
|
|
674
|
-
|
|
675
|
-
document: document$1$1
|
|
676
|
-
} = window;
|
|
677
|
-
const leftTpl = DocumentCreateElement$1(document$1$1, 'template');
|
|
678
|
-
const rightTpl = DocumentCreateElement$1(document$1$1, 'template');
|
|
739
|
+
var _Validator_document, _Validator_constructors, _Validator_templates;
|
|
679
740
|
|
|
680
741
|
function deepIsEqualNode(leftRoot, rightRoot) {
|
|
681
742
|
const leftRootNode = leftRoot instanceof HTMLTemplateElement ? HTMLTemplateElementContentGetter(leftRoot) : leftRoot;
|
|
@@ -701,14 +762,63 @@ function deepIsEqualNode(leftRoot, rightRoot) {
|
|
|
701
762
|
return false;
|
|
702
763
|
}
|
|
703
764
|
|
|
704
|
-
|
|
705
|
-
|
|
706
|
-
|
|
707
|
-
|
|
765
|
+
const globalObjectToValidatorMap = new WeakMapCtor();
|
|
766
|
+
|
|
767
|
+
class Validator {
|
|
768
|
+
constructor(globalObject) {
|
|
769
|
+
_Validator_document.set(this, void 0);
|
|
770
|
+
|
|
771
|
+
_Validator_constructors.set(this, void 0);
|
|
772
|
+
|
|
773
|
+
_Validator_templates.set(this, void 0);
|
|
774
|
+
|
|
775
|
+
this.isEqualDomString = (leftString, rightString) => {
|
|
776
|
+
ElementInnerHTMLSetter(__classPrivateFieldGet$1(this, _Validator_templates, "f").left, leftString);
|
|
777
|
+
ElementInnerHTMLSetter(__classPrivateFieldGet$1(this, _Validator_templates, "f").right, rightString);
|
|
778
|
+
return deepIsEqualNode(__classPrivateFieldGet$1(this, _Validator_templates, "f").left, __classPrivateFieldGet$1(this, _Validator_templates, "f").right);
|
|
779
|
+
};
|
|
780
|
+
|
|
781
|
+
this.isSharedElement = element => element === DocumentHeadGetter(__classPrivateFieldGet$1(this, _Validator_document, "f")) || element === DocumentBodyGetter(__classPrivateFieldGet$1(this, _Validator_document, "f")) || element === DocumentDocumentElementGetter(__classPrivateFieldGet$1(this, _Validator_document, "f"));
|
|
782
|
+
|
|
783
|
+
this.isSharedElementChild = element => element instanceof __classPrivateFieldGet$1(this, _Validator_constructors, "f").HTMLLinkElement || element instanceof __classPrivateFieldGet$1(this, _Validator_constructors, "f").HTMLScriptElement;
|
|
784
|
+
|
|
785
|
+
this.isMediaSourceObject = object => // MediaSource may not be defined in some browsers
|
|
786
|
+
__classPrivateFieldGet$1(this, _Validator_constructors, "f").MediaSource && object instanceof __classPrivateFieldGet$1(this, _Validator_constructors, "f").MediaSource;
|
|
787
|
+
|
|
788
|
+
const {
|
|
789
|
+
document,
|
|
790
|
+
HTMLLinkElement,
|
|
791
|
+
HTMLScriptElement,
|
|
792
|
+
MediaSource
|
|
793
|
+
} = globalObject;
|
|
794
|
+
|
|
795
|
+
__classPrivateFieldSet$1(this, _Validator_constructors, {
|
|
796
|
+
HTMLLinkElement,
|
|
797
|
+
HTMLScriptElement,
|
|
798
|
+
MediaSource
|
|
799
|
+
}, "f");
|
|
800
|
+
|
|
801
|
+
__classPrivateFieldSet$1(this, _Validator_document, document, "f");
|
|
802
|
+
|
|
803
|
+
__classPrivateFieldSet$1(this, _Validator_templates, {
|
|
804
|
+
left: DocumentCreateElement$1(__classPrivateFieldGet$1(this, _Validator_document, "f"), 'template'),
|
|
805
|
+
right: DocumentCreateElement$1(__classPrivateFieldGet$1(this, _Validator_document, "f"), 'template')
|
|
806
|
+
}, "f");
|
|
807
|
+
}
|
|
808
|
+
|
|
708
809
|
}
|
|
709
810
|
|
|
710
|
-
|
|
711
|
-
|
|
811
|
+
_Validator_document = new WeakMap(), _Validator_constructors = new WeakMap(), _Validator_templates = new WeakMap();
|
|
812
|
+
|
|
813
|
+
function getValidator(globalObject) {
|
|
814
|
+
let validator = WeakMapGet(globalObjectToValidatorMap, globalObject);
|
|
815
|
+
|
|
816
|
+
if (!validator) {
|
|
817
|
+
validator = new Validator(globalObject);
|
|
818
|
+
WeakMapSet(globalObjectToValidatorMap, globalObject, validator);
|
|
819
|
+
}
|
|
820
|
+
|
|
821
|
+
return validator;
|
|
712
822
|
}
|
|
713
823
|
|
|
714
824
|
function JSONClone(value) {
|
|
@@ -742,9 +852,9 @@ CookieStore.prototype; // This has to be done 1-by-1 because putting a a full fi
|
|
|
742
852
|
|
|
743
853
|
const CookieStoreProtoDelete = ObjectLookupOwnValue(CookieStoreProto, 'delete'); // istanbul ignore next
|
|
744
854
|
|
|
745
|
-
|
|
855
|
+
ObjectLookupOwnValue(CookieStoreProto, 'get'); // istanbul ignore next
|
|
746
856
|
|
|
747
|
-
|
|
857
|
+
ObjectLookupOwnValue(CookieStoreProto, 'getAll'); // istanbul ignore next
|
|
748
858
|
|
|
749
859
|
const CookieStoreProtoSet = ObjectLookupOwnValue(CookieStoreProto, 'set');
|
|
750
860
|
const {
|
|
@@ -759,6 +869,17 @@ function DocumentFragmentGetElementById(fragment, id) {
|
|
|
759
869
|
return ReflectApply$3(DocumentFragmentProtoGetElementById, fragment, [id]);
|
|
760
870
|
}
|
|
761
871
|
|
|
872
|
+
const {
|
|
873
|
+
createDocument: DOMImplementationProtoCreateDocument
|
|
874
|
+
} = DOMImplementation.prototype;
|
|
875
|
+
|
|
876
|
+
function DOMImplementationCreateDocument(domImplementation, ...args) {
|
|
877
|
+
return ReflectApply$3(DOMImplementationProtoCreateDocument, domImplementation, args);
|
|
878
|
+
}
|
|
879
|
+
|
|
880
|
+
const {
|
|
881
|
+
parseFromString: DOMParserProtoParseFromString
|
|
882
|
+
} = DOMParser.prototype;
|
|
762
883
|
const DOMTokenListProtoValueGetter = ObjectLookupOwnGetter$1(DOMTokenList.prototype, 'value');
|
|
763
884
|
|
|
764
885
|
function DOMTokenListValueGetter(tokenList) {
|
|
@@ -898,10 +1019,10 @@ const MessageEventProtoSourceGetter = ObjectLookupOwnGetter$1(MessageEvent.proto
|
|
|
898
1019
|
function MessageEventSourceGetter(messageEvent) {
|
|
899
1020
|
return ReflectApply$3(MessageEventProtoSourceGetter, messageEvent, emptyArray$1);
|
|
900
1021
|
}
|
|
901
|
-
|
|
902
|
-
const
|
|
903
|
-
|
|
904
|
-
|
|
1022
|
+
const NAMESPACE_DEFAULT = 'default';
|
|
1023
|
+
const NAMESPACE_SVG = 'http://www.w3.org/2000/svg';
|
|
1024
|
+
const NAMESPACE_XHTML = 'http://www.w3.org/1999/xhtml';
|
|
1025
|
+
const NAMESPACE_XLINK = 'http://www.w3.org/1999/xlink';
|
|
905
1026
|
const {
|
|
906
1027
|
createContextualFragment: RangeProtoCreateContextualFragment
|
|
907
1028
|
} = Range.prototype;
|
|
@@ -913,6 +1034,14 @@ function RequestURLGetter(request) {
|
|
|
913
1034
|
return ReflectApply$3(RequestProtoURLGetter, request, emptyArray$1);
|
|
914
1035
|
}
|
|
915
1036
|
|
|
1037
|
+
const {
|
|
1038
|
+
set: ShadowRootProtoInnerHTMLSetter
|
|
1039
|
+
} = ReflectGetOwnPropertyDescriptor$1(ShadowRoot.prototype, 'innerHTML');
|
|
1040
|
+
|
|
1041
|
+
function ShadowRootInnerHTMLSetter(el, html) {
|
|
1042
|
+
ReflectApply$3(ShadowRootProtoInnerHTMLSetter, el, [html]);
|
|
1043
|
+
}
|
|
1044
|
+
|
|
916
1045
|
const {
|
|
917
1046
|
key: StorageProtoKey,
|
|
918
1047
|
getItem: StorageProtoGetItem,
|
|
@@ -920,22 +1049,23 @@ const {
|
|
|
920
1049
|
setItem: StorageProtoSetItem
|
|
921
1050
|
} = Storage.prototype;
|
|
922
1051
|
/**
|
|
923
|
-
* The following
|
|
924
|
-
* "Magic Object" behavior in Safari
|
|
1052
|
+
* The following detection is part of a temporary solution to handle
|
|
1053
|
+
* "Magic Object" behavior in Safari <= 14.
|
|
925
1054
|
*
|
|
926
|
-
* Properties of HTMLElement.prototype.style
|
|
927
|
-
* "magic" (
|
|
928
|
-
* a style property is
|
|
1055
|
+
* Properties of HTMLElement.prototype.style, and other CSS style declaration
|
|
1056
|
+
* objects, will lose their "magic" (i.e. updating the element's style="" attribute)
|
|
1057
|
+
* if a style property is assigned by a Define Property operation.
|
|
929
1058
|
*
|
|
930
|
-
*
|
|
931
|
-
*
|
|
932
|
-
* limited special cases.
|
|
1059
|
+
* This marker will signal to the membrane that it must use a Set operation,
|
|
1060
|
+
* instead of a Define Property operation.
|
|
933
1061
|
*
|
|
934
1062
|
*/
|
|
935
1063
|
|
|
936
1064
|
const HAS_BREAKABLE_CSS_STYLE_DECLARATION_MAGIC_OBJECT = (() => {
|
|
937
1065
|
const div = document.createElement('div');
|
|
938
1066
|
ReflectDefineProperty(div.style, 'color', {
|
|
1067
|
+
// @ts-ignore: TS doesn't like __proto__ on property descriptors.
|
|
1068
|
+
__proto__: null,
|
|
939
1069
|
value: 'red'
|
|
940
1070
|
});
|
|
941
1071
|
return div.getAttribute('style') === '';
|
|
@@ -951,7 +1081,7 @@ const {
|
|
|
951
1081
|
createObjectURL: URLCreateObjectURL,
|
|
952
1082
|
revokeObjectURL: URLRevokeObjectURL
|
|
953
1083
|
} = URL;
|
|
954
|
-
const ALLOW_LIST_PATCHED = ['opener', 'parent'
|
|
1084
|
+
const ALLOW_LIST_PATCHED = ['opener', 'parent'];
|
|
955
1085
|
const ALLOW_LIST_RAW = ['close', 'closed', 'focus'];
|
|
956
1086
|
const DEFAULT_OVERWRITTEN_VALUE = {};
|
|
957
1087
|
const {
|
|
@@ -986,79 +1116,94 @@ function createPatchedWindow(rawWindow) {
|
|
|
986
1116
|
|
|
987
1117
|
for (let i = 0, len = ALLOW_LIST_RAW.length; i < len; i += 1) {
|
|
988
1118
|
const key = ALLOW_LIST_RAW[i];
|
|
989
|
-
const
|
|
1119
|
+
const unsafeDesc = ReflectGetOwnPropertyDescriptor$1(rawWindow, key);
|
|
990
1120
|
|
|
991
|
-
if (
|
|
992
|
-
|
|
1121
|
+
if (unsafeDesc) {
|
|
1122
|
+
const safeDesc = toSafeDescriptor(unsafeDesc);
|
|
993
1123
|
const {
|
|
994
1124
|
value: originalValue
|
|
995
|
-
} =
|
|
1125
|
+
} = safeDesc;
|
|
996
1126
|
|
|
997
1127
|
if (typeof originalValue === 'function') {
|
|
998
1128
|
const bound = FunctionBind(originalValue, rawWindow);
|
|
999
|
-
|
|
1000
|
-
|
|
1129
|
+
const unsafeNameDesc = ReflectGetOwnPropertyDescriptor$1(originalValue, 'name');
|
|
1130
|
+
|
|
1131
|
+
if (unsafeNameDesc) {
|
|
1132
|
+
ReflectDefineProperty(bound, 'name', toSafeDescriptor(unsafeNameDesc));
|
|
1133
|
+
}
|
|
1134
|
+
|
|
1135
|
+
unsafeDesc.value = bound;
|
|
1001
1136
|
} else {
|
|
1002
1137
|
const {
|
|
1003
|
-
get:
|
|
1004
|
-
set:
|
|
1005
|
-
} =
|
|
1138
|
+
get: getter,
|
|
1139
|
+
set: setter
|
|
1140
|
+
} = safeDesc;
|
|
1006
1141
|
let overwrittenValue = DEFAULT_OVERWRITTEN_VALUE;
|
|
1007
1142
|
|
|
1008
|
-
if (typeof
|
|
1009
|
-
|
|
1010
|
-
return overwrittenValue === DEFAULT_OVERWRITTEN_VALUE ? ReflectApply$3(
|
|
1143
|
+
if (typeof getter === 'function') {
|
|
1144
|
+
safeDesc.get = function get() {
|
|
1145
|
+
return overwrittenValue === DEFAULT_OVERWRITTEN_VALUE ? ReflectApply$3(getter, rawWindow, emptyArray$1) : overwrittenValue;
|
|
1011
1146
|
};
|
|
1012
1147
|
}
|
|
1013
1148
|
|
|
1014
|
-
if (typeof
|
|
1015
|
-
|
|
1149
|
+
if (typeof setter === 'function') {
|
|
1150
|
+
safeDesc.set = function set(value) {
|
|
1016
1151
|
overwrittenValue = value;
|
|
1017
1152
|
};
|
|
1018
1153
|
}
|
|
1019
1154
|
}
|
|
1020
1155
|
|
|
1021
|
-
ReflectDefineProperty(patchedWindow, key,
|
|
1156
|
+
ReflectDefineProperty(patchedWindow, key, safeDesc);
|
|
1022
1157
|
}
|
|
1023
1158
|
}
|
|
1024
1159
|
|
|
1025
1160
|
for (let i = 0, len = ALLOW_LIST_PATCHED.length; i < len; i += 1) {
|
|
1026
1161
|
const key = ALLOW_LIST_PATCHED[i];
|
|
1027
|
-
const
|
|
1162
|
+
const unsafeDesc = ReflectGetOwnPropertyDescriptor$1(rawWindow, key);
|
|
1028
1163
|
|
|
1029
|
-
if (
|
|
1030
|
-
|
|
1164
|
+
if (unsafeDesc) {
|
|
1165
|
+
const safeDesc = toSafeDescriptor(unsafeDesc);
|
|
1031
1166
|
const {
|
|
1032
|
-
get:
|
|
1033
|
-
set:
|
|
1034
|
-
|
|
1035
|
-
} = originalDescriptor;
|
|
1167
|
+
get: getter,
|
|
1168
|
+
set: setter
|
|
1169
|
+
} = safeDesc;
|
|
1036
1170
|
let overwrittenValue = DEFAULT_OVERWRITTEN_VALUE;
|
|
1037
1171
|
|
|
1038
|
-
if (typeof
|
|
1039
|
-
|
|
1172
|
+
if (typeof getter === 'function') {
|
|
1173
|
+
safeDesc.get = function get() {
|
|
1040
1174
|
if (overwrittenValue === DEFAULT_OVERWRITTEN_VALUE) {
|
|
1041
|
-
return getPatchedWindow(ReflectApply$3(
|
|
1175
|
+
return getPatchedWindow(ReflectApply$3(getter, rawWindow, emptyArray$1));
|
|
1042
1176
|
}
|
|
1043
1177
|
|
|
1044
1178
|
return overwrittenValue;
|
|
1045
1179
|
};
|
|
1046
1180
|
}
|
|
1047
1181
|
|
|
1048
|
-
if (typeof
|
|
1049
|
-
|
|
1182
|
+
if (typeof setter === 'function') {
|
|
1183
|
+
safeDesc.set = function set(value) {
|
|
1050
1184
|
overwrittenValue = value;
|
|
1051
1185
|
};
|
|
1052
1186
|
}
|
|
1053
1187
|
|
|
1054
|
-
|
|
1055
|
-
|
|
1056
|
-
|
|
1057
|
-
|
|
1058
|
-
|
|
1188
|
+
ReflectDefineProperty(patchedWindow, key, safeDesc);
|
|
1189
|
+
}
|
|
1190
|
+
}
|
|
1191
|
+
|
|
1192
|
+
const unsafePostMessageDesc = ReflectGetOwnPropertyDescriptor$1(rawWindow, 'postMessage');
|
|
1193
|
+
|
|
1194
|
+
if (unsafePostMessageDesc) {
|
|
1195
|
+
const safeDesc = toSafeDescriptor(unsafePostMessageDesc);
|
|
1196
|
+
const {
|
|
1197
|
+
value: originalValue
|
|
1198
|
+
} = safeDesc;
|
|
1059
1199
|
|
|
1060
|
-
|
|
1200
|
+
if (typeof originalValue === 'function') {
|
|
1201
|
+
safeDesc.value = function postMessage(...args) {
|
|
1202
|
+
return ReflectApply$3(patchedWindowPostMessageValue, rawWindow, args);
|
|
1203
|
+
};
|
|
1061
1204
|
}
|
|
1205
|
+
|
|
1206
|
+
ReflectDefineProperty(patchedWindow, 'postMessage', safeDesc);
|
|
1062
1207
|
}
|
|
1063
1208
|
|
|
1064
1209
|
return patchedWindow;
|
|
@@ -1177,7 +1322,7 @@ function XhrStatusGetter(xhr) {
|
|
|
1177
1322
|
function XhrWithCredentialsSetter(xhr, bool) {
|
|
1178
1323
|
ReflectApply$3(XhrProtoWithCredentialsSetter, xhr, [bool]);
|
|
1179
1324
|
}
|
|
1180
|
-
/*! version: 0.14.
|
|
1325
|
+
/*! version: 0.14.26 */
|
|
1181
1326
|
|
|
1182
1327
|
/*!
|
|
1183
1328
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -1215,7 +1360,7 @@ function sanitizeURLForElement(url) {
|
|
|
1215
1360
|
function sanitizeURLString(urlString) {
|
|
1216
1361
|
return urlString === '' ? urlString : StringReplace(urlString, REMOVE_URL_CHARS_REGEXP, '');
|
|
1217
1362
|
}
|
|
1218
|
-
/*! version: 0.14.
|
|
1363
|
+
/*! version: 0.14.26 */
|
|
1219
1364
|
|
|
1220
1365
|
/*! @license DOMPurify | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.2.2/LICENSE */
|
|
1221
1366
|
|
|
@@ -2612,7 +2757,7 @@ function sanitizer(config, hooks) {
|
|
|
2612
2757
|
}
|
|
2613
2758
|
|
|
2614
2759
|
const ATTRIBUTES = ['href', 'xlink:href'];
|
|
2615
|
-
const SANITIZER_HOOKS = new MapCtor([['uponSanitizeAttribute', sanitizeHrefAttributeHook]]);
|
|
2760
|
+
const SANITIZER_HOOKS = new MapCtor([['uponSanitizeAttribute', sanitizeHrefAttributeHook], ['uponSanitizeElement', allowCustomTagHook]]);
|
|
2616
2761
|
const URL_SCHEMES = ['http:', 'https:'];
|
|
2617
2762
|
const {
|
|
2618
2763
|
document: document$1
|
|
@@ -2622,7 +2767,11 @@ const normalizerAnchor = DocumentCreateElement$1(document$1, 'a'); // Queue for
|
|
|
2622
2767
|
|
|
2623
2768
|
const queue = new SetCtor(); // Regex to find all non lowercase alphanumeric.
|
|
2624
2769
|
|
|
2625
|
-
const urlReplacer = /[^a-z0-9]+/gi;
|
|
2770
|
+
const urlReplacer = /[^a-z0-9]+/gi; // The Regex is based on the WHATWG spec:
|
|
2771
|
+
// https://html.spec.whatwg.org/multipage/custom-elements.html#valid-custom-element-name
|
|
2772
|
+
// However, DOMPurify sanitizes unicode characters (\u0000-\uFFFF) in tag name.
|
|
2773
|
+
|
|
2774
|
+
const customTagRegex = /^[a-z]([-_.\w])*-([-.0-9_a-z\xB7\xC0-\xD6\xD8-\xF6\xF8-\u37D0\u37F-\u1FFF\u200C-\u200D\u203F-\u2040\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\u10000-\uEFFFF])*/;
|
|
2626
2775
|
|
|
2627
2776
|
function checkExistingAndDequeue(container, normalizedHref) {
|
|
2628
2777
|
if (SetHas(queue, normalizedHref.normalizedUrl)) {
|
|
@@ -2729,14 +2878,26 @@ function sanitize(dirty) {
|
|
|
2729
2878
|
const sanitizer$1 = sanitizer(NODE_ALL_IN_PLACE, SANITIZER_HOOKS);
|
|
2730
2879
|
sanitizer$1.sanitize(content);
|
|
2731
2880
|
return ElementInnerHTMLGetter(htmlTemplate);
|
|
2881
|
+
}
|
|
2882
|
+
|
|
2883
|
+
function sanitizeDocument(doc) {
|
|
2884
|
+
const content = ElementOuterHTMLGetter(DocumentDocumentElementGetter(doc));
|
|
2885
|
+
const contentSanitized = sanitize(content);
|
|
2886
|
+
const newDoc = DOMImplementationCreateDocument(DocumentImplementation(doc), NAMESPACE_XHTML, 'html');
|
|
2887
|
+
ElementInnerHTMLSetter(DocumentDocumentElementGetter(newDoc), contentSanitized);
|
|
2888
|
+
return newDoc;
|
|
2732
2889
|
} // Sanitize a URL representing a SVG href attribute value.
|
|
2733
2890
|
|
|
2734
2891
|
|
|
2735
|
-
function sanitizeHrefAttributeHook(node, data) {
|
|
2892
|
+
function sanitizeHrefAttributeHook(node, data, _config) {
|
|
2893
|
+
const {
|
|
2894
|
+
attrValue,
|
|
2895
|
+
attrName
|
|
2896
|
+
} = data;
|
|
2736
2897
|
const nodeName = NodeNameGetter(node);
|
|
2737
2898
|
|
|
2738
|
-
if (
|
|
2739
|
-
data.attrValue = sanitizeSvgHrefValue(
|
|
2899
|
+
if (attrValue && nodeName === 'USE' && ArrayIncludes(ATTRIBUTES, attrName)) {
|
|
2900
|
+
data.attrValue = sanitizeSvgHrefValue(attrValue);
|
|
2740
2901
|
}
|
|
2741
2902
|
|
|
2742
2903
|
return data;
|
|
@@ -2766,11 +2927,23 @@ function sanitizeSvgHrefValue(url) {
|
|
|
2766
2927
|
return url;
|
|
2767
2928
|
}
|
|
2768
2929
|
|
|
2769
|
-
function
|
|
2770
|
-
|
|
2930
|
+
function createSvgContainer(ownerDoc) {
|
|
2931
|
+
return DocumentCreateElementNS(ownerDoc, NAMESPACE_SVG, 'svg');
|
|
2932
|
+
}
|
|
2933
|
+
|
|
2934
|
+
function sanitizeSvgInnerHtml(stringOrSvg, dirty = '') {
|
|
2935
|
+
let container;
|
|
2936
|
+
const ownerDoc = typeof stringOrSvg === 'string' ? document$1 : NodeOwnerDocumentGetter(stringOrSvg);
|
|
2771
2937
|
const comment = DocumentCreateComment(ownerDoc, '');
|
|
2772
|
-
|
|
2773
|
-
|
|
2938
|
+
|
|
2939
|
+
if (typeof stringOrSvg === 'string') {
|
|
2940
|
+
dirty = stringOrSvg;
|
|
2941
|
+
container = createSvgContainer(ownerDoc);
|
|
2942
|
+
} else {
|
|
2943
|
+
const closestSvg = ElementClosest(stringOrSvg, 'svg');
|
|
2944
|
+
container = closestSvg ? NodeClone(closestSvg, false) : createSvgContainer(ownerDoc);
|
|
2945
|
+
}
|
|
2946
|
+
|
|
2774
2947
|
NodeAppendChild$1(container, comment);
|
|
2775
2948
|
const outerHTML = ElementOuterHTMLGetter(container);
|
|
2776
2949
|
const replacedOuterHTML = StringReplace(outerHTML, '<!---->', dirty);
|
|
@@ -2783,7 +2956,18 @@ function sanitizeSvgTextReturnDOM(dirty) {
|
|
|
2783
2956
|
const sanitizer = svgSanitizer();
|
|
2784
2957
|
return sanitizer.sanitize(dirty);
|
|
2785
2958
|
}
|
|
2786
|
-
|
|
2959
|
+
|
|
2960
|
+
function allowCustomTagHook(node, data, _config) {
|
|
2961
|
+
const {
|
|
2962
|
+
allowedTags,
|
|
2963
|
+
tagName
|
|
2964
|
+
} = data;
|
|
2965
|
+
|
|
2966
|
+
if (!allowedTags[tagName] && customTagRegex.test(tagName)) {
|
|
2967
|
+
allowedTags[tagName] = true;
|
|
2968
|
+
}
|
|
2969
|
+
}
|
|
2970
|
+
/*! version: 0.14.26 */
|
|
2787
2971
|
|
|
2788
2972
|
/*!
|
|
2789
2973
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -2793,11 +2977,15 @@ function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (O
|
|
|
2793
2977
|
function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i] != null ? arguments[i] : {}; if (i % 2) { ownKeys(Object(source), true).forEach(function (key) { _defineProperty(target, key, source[key]); }); } else if (Object.getOwnPropertyDescriptors) { Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)); } else { ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } } return target; }
|
|
2794
2978
|
|
|
2795
2979
|
function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
|
|
2980
|
+
const CustomElementRegistryBlockedProperties = ['define'];
|
|
2796
2981
|
/**
|
|
2797
2982
|
* this registry is going to be used by Attr, NameNodeMap, setAttribute* distortions
|
|
2798
2983
|
*/
|
|
2984
|
+
// @ts-ignore: TS doesn't like null as a AttributeDistortionRegistry.
|
|
2799
2985
|
|
|
2800
|
-
const distortionsBySandboxKey =
|
|
2986
|
+
const distortionsBySandboxKey = {
|
|
2987
|
+
__proto__: null
|
|
2988
|
+
}; // we hold an array of factories
|
|
2801
2989
|
// this array will be traversed when we create a new sandbox
|
|
2802
2990
|
// the result of parsing this registry will be a new registry with initialized distortions
|
|
2803
2991
|
|
|
@@ -2806,25 +2994,15 @@ const factories = []; // symbol for Locker to lookup attribute distortions on El
|
|
|
2806
2994
|
const lookupSymbol = Symbol('@@HasLockerElementAttributeDistortion');
|
|
2807
2995
|
|
|
2808
2996
|
function storeDistortionInRegistry(registry, ElementCtor, attributeName, attributeNamespace, distortion) {
|
|
2809
|
-
|
|
2810
|
-
|
|
2811
|
-
|
|
2812
|
-
|
|
2813
|
-
}
|
|
2814
|
-
|
|
2815
|
-
let byElementCtor = byAttributeNamespace[attributeNamespace];
|
|
2816
|
-
|
|
2817
|
-
if (!byElementCtor) {
|
|
2818
|
-
byElementCtor = new MapCtor();
|
|
2819
|
-
}
|
|
2820
|
-
|
|
2997
|
+
const byAttributeNamespace = registry[attributeName] || {
|
|
2998
|
+
__proto__: null
|
|
2999
|
+
};
|
|
3000
|
+
const byElementCtor = byAttributeNamespace[attributeNamespace] || new MapCtor();
|
|
2821
3001
|
MapSet(byElementCtor, ElementCtor, distortion);
|
|
2822
3002
|
byAttributeNamespace[attributeNamespace] = byElementCtor;
|
|
2823
3003
|
registry[attributeName] = byAttributeNamespace;
|
|
2824
3004
|
}
|
|
2825
3005
|
|
|
2826
|
-
const DEFAULT_ELEMENT_NAMESPACE = 'default';
|
|
2827
|
-
|
|
2828
3006
|
function getAttributeDistortion(element, key, attributeName, attributeNamespace) {
|
|
2829
3007
|
if (!(lookupSymbol in element)) {
|
|
2830
3008
|
return undefined;
|
|
@@ -2862,8 +3040,11 @@ function getAttributeDistortion(element, key, attributeName, attributeNamespace)
|
|
|
2862
3040
|
}
|
|
2863
3041
|
|
|
2864
3042
|
function makeElementDistortionsForSandboxKey(key) {
|
|
2865
|
-
//
|
|
2866
|
-
|
|
3043
|
+
// This registry is created per sandbox.
|
|
3044
|
+
// @ts-ignore: TS doesn't like null as a DistortionEntryByAttributeNamespace.
|
|
3045
|
+
const registry = {
|
|
3046
|
+
__proto__: null
|
|
3047
|
+
};
|
|
2867
3048
|
const entries = [];
|
|
2868
3049
|
const {
|
|
2869
3050
|
length
|
|
@@ -2883,11 +3064,10 @@ function makeElementDistortionsForSandboxKey(key) {
|
|
|
2883
3064
|
} // utility for normalizing namespaces which default to HTML behavior
|
|
2884
3065
|
// script.setAttributeNS(null, 'src', 'foo.js') has the same behavior as
|
|
2885
3066
|
// script.setAttribute('src', 'foo.js')
|
|
2886
|
-
// eslint-disable-next-line arrow-body-style
|
|
2887
3067
|
|
|
2888
3068
|
|
|
2889
3069
|
function normalizeNamespace(ns) {
|
|
2890
|
-
return ns === null || ns === undefined || ns === '' ?
|
|
3070
|
+
return ns === null || ns === undefined || ns === '' ? NAMESPACE_DEFAULT : ns;
|
|
2891
3071
|
}
|
|
2892
3072
|
|
|
2893
3073
|
function registerElementSetDistortion(ElementCtor, options) {
|
|
@@ -2905,7 +3085,11 @@ function registerElementSetDistortion(ElementCtor, options) {
|
|
|
2905
3085
|
storeDistortionInRegistry(registry, ElementCtor, attributeName, attributeNamespace, distortion);
|
|
2906
3086
|
|
|
2907
3087
|
if (!(lookupSymbol in ElementProto)) {
|
|
2908
|
-
ReflectDefineProperty(ElementProto, lookupSymbol,
|
|
3088
|
+
ReflectDefineProperty(ElementProto, lookupSymbol, {
|
|
3089
|
+
// @ts-ignore: TS doesn't like __proto__ on property descriptors.
|
|
3090
|
+
__proto__: null,
|
|
3091
|
+
value: undefined
|
|
3092
|
+
});
|
|
2909
3093
|
}
|
|
2910
3094
|
|
|
2911
3095
|
return null;
|
|
@@ -2919,7 +3103,7 @@ function abstractFactoryValueThrower(proto, propName) {
|
|
|
2919
3103
|
const originalValue = ObjectLookupOwnValue(proto, propName);
|
|
2920
3104
|
|
|
2921
3105
|
function value() {
|
|
2922
|
-
throw new
|
|
3106
|
+
throw new LockerSecurityError(`Cannot access ${propName}.`);
|
|
2923
3107
|
}
|
|
2924
3108
|
|
|
2925
3109
|
return [originalValue, value];
|
|
@@ -2931,7 +3115,7 @@ function abstractFactoryGetThrower(proto, propName) {
|
|
|
2931
3115
|
const originalGet = ObjectLookupOwnGetter$1(proto, propName);
|
|
2932
3116
|
|
|
2933
3117
|
function get() {
|
|
2934
|
-
throw new
|
|
3118
|
+
throw new LockerSecurityError(`Cannot access ${propName}.`);
|
|
2935
3119
|
}
|
|
2936
3120
|
|
|
2937
3121
|
return [originalGet, get];
|
|
@@ -2943,12 +3127,43 @@ function abstractFactorySetThrower(proto, propName) {
|
|
|
2943
3127
|
const originalSet = ObjectLookupOwnSetter(proto, propName);
|
|
2944
3128
|
|
|
2945
3129
|
function set() {
|
|
2946
|
-
throw new
|
|
3130
|
+
throw new LockerSecurityError(`Cannot access ${propName}.`);
|
|
2947
3131
|
}
|
|
2948
3132
|
|
|
2949
3133
|
return [originalSet, set];
|
|
2950
3134
|
};
|
|
2951
3135
|
}
|
|
3136
|
+
|
|
3137
|
+
function transformUncompiledSource(source) {
|
|
3138
|
+
// Input `source` is uncompiled, so window.location returns null inside the sandbox. Our
|
|
3139
|
+
// compiler solves this problem by transforming the red location reference into a blue location
|
|
3140
|
+
// reference. The solution below emulates what our compiler does, but using a simple string
|
|
3141
|
+
// replacement.
|
|
3142
|
+
if (StringIncludes(source, SANDBOX_EVAL_CONTEXT_NAME)) {
|
|
3143
|
+
// To avoid conflicts with anyone else using SANDBOX_EVAL_CONTEXT_NAME, we sniff the source code
|
|
3144
|
+
// to see if it is present, and in that case we don't proceed with the string replacement.
|
|
3145
|
+
return source;
|
|
3146
|
+
}
|
|
3147
|
+
|
|
3148
|
+
let locationTransformed = false;
|
|
3149
|
+
source = StringReplace(source, /\b(?:document|self|window)\.location(\s*[?*/%&^|+-]*=(?=[^=]))?/g, (_match, assignmentOperator) => {
|
|
3150
|
+
locationTransformed = true;
|
|
3151
|
+
|
|
3152
|
+
if (assignmentOperator) {
|
|
3153
|
+
return `${UNCOMPILED_LOCATION_NAME}.href${assignmentOperator}`;
|
|
3154
|
+
}
|
|
3155
|
+
|
|
3156
|
+
return UNCOMPILED_LOCATION_NAME;
|
|
3157
|
+
});
|
|
3158
|
+
|
|
3159
|
+
if (locationTransformed) {
|
|
3160
|
+
// Prepend the SANDBOX_EVAL_CONTEXT_NAME to pluck the UNCOMPILED_LOCATION_NAME only if the
|
|
3161
|
+
// source code actually uses (document|self|window).location
|
|
3162
|
+
source = `const { ${UNCOMPILED_LOCATION_NAME} } = ${SANDBOX_EVAL_CONTEXT_NAME};${source}`;
|
|
3163
|
+
}
|
|
3164
|
+
|
|
3165
|
+
return source;
|
|
3166
|
+
}
|
|
2952
3167
|
/**
|
|
2953
3168
|
* Wraps the source content of a script tag in the evaluator
|
|
2954
3169
|
* Creates a blob: url with the wrapped content
|
|
@@ -2959,13 +3174,14 @@ function abstractFactorySetThrower(proto, propName) {
|
|
|
2959
3174
|
|
|
2960
3175
|
|
|
2961
3176
|
function createScriptUrl(text, key) {
|
|
2962
|
-
const
|
|
3177
|
+
const transformedText = transformUncompiledSource(text);
|
|
3178
|
+
const payload = WindowStaticEncodeURIComponent(transformedText);
|
|
2963
3179
|
const blobScript = `
|
|
2964
3180
|
{
|
|
2965
3181
|
const { $evaluator$ } = document.currentScript;
|
|
2966
3182
|
const text = decodeURIComponent(\`${payload}\`);
|
|
2967
3183
|
delete document.currentScript.$evaluator$;
|
|
2968
|
-
$evaluator$('${toString(key)}', text);
|
|
3184
|
+
$evaluator$('${toString$1(key)}', text, { ${UNCOMPILED_LOCATION_NAME}: location });
|
|
2969
3185
|
}`;
|
|
2970
3186
|
return URLCreateObjectURL(new BlobCtor([blobScript], {
|
|
2971
3187
|
type: 'text/javascript'
|
|
@@ -2980,9 +3196,11 @@ function scriptDistortion(attributeName, options, datasetGetter) {
|
|
|
2980
3196
|
const normalizerAnchor = DocumentCreateElement$1(document, 'a');
|
|
2981
3197
|
return function distortion(value) {
|
|
2982
3198
|
const originalValue = value;
|
|
3199
|
+
const elementNamespaceURI = ElementGetNamespaceURI(this);
|
|
3200
|
+
const attributeNamespaceURI = elementNamespaceURI === NAMESPACE_XHTML ? '' : NAMESPACE_XLINK;
|
|
2983
3201
|
|
|
2984
3202
|
if (value === '') {
|
|
2985
|
-
|
|
3203
|
+
ElementSetAttributeNS(this, attributeNamespaceURI, attributeName, value);
|
|
2986
3204
|
return;
|
|
2987
3205
|
} // Normalize Value
|
|
2988
3206
|
|
|
@@ -2991,7 +3209,7 @@ function scriptDistortion(attributeName, options, datasetGetter) {
|
|
|
2991
3209
|
value = HTMLAnchorElementHrefGetter(normalizerAnchor); // Create Synthetic Attribute
|
|
2992
3210
|
|
|
2993
3211
|
const dataset = datasetGetter(this);
|
|
2994
|
-
dataset[`distorted${
|
|
3212
|
+
dataset[`distorted${capitalizeFirstChar$1(attributeName)}`] = originalValue; // Create XHR
|
|
2995
3213
|
|
|
2996
3214
|
const hostname = HTMLAnchorElementHostnameGetter(normalizerAnchor);
|
|
2997
3215
|
const xhr = new XhrCtor();
|
|
@@ -3005,13 +3223,15 @@ function scriptDistortion(attributeName, options, datasetGetter) {
|
|
|
3005
3223
|
|
|
3006
3224
|
if (status === 200) {
|
|
3007
3225
|
const responseText = XhrResponseTextGetter(xhr);
|
|
3008
|
-
|
|
3009
|
-
|
|
3010
|
-
|
|
3011
|
-
|
|
3012
|
-
|
|
3226
|
+
ReflectDefineProperty(this, '$evaluator$', {
|
|
3227
|
+
// @ts-ignore: TS doesn't like __proto__ on property descriptors.
|
|
3228
|
+
__proto__: null,
|
|
3229
|
+
configurable: true,
|
|
3230
|
+
value: evaluator
|
|
3231
|
+
});
|
|
3232
|
+
ElementSetAttributeNS(this, attributeNamespaceURI, attributeName, createScriptUrl(responseText, key));
|
|
3013
3233
|
} else if (status === 404) {
|
|
3014
|
-
|
|
3234
|
+
ElementSetAttributeNS(this, attributeNamespaceURI, attributeName, 'blob:http://localhost/not-found');
|
|
3015
3235
|
}
|
|
3016
3236
|
});
|
|
3017
3237
|
XhrOpen(xhr, 'GET', value);
|
|
@@ -3048,7 +3268,7 @@ function distortBlockedProperties(proto, propertyList) {
|
|
|
3048
3268
|
return entries;
|
|
3049
3269
|
}
|
|
3050
3270
|
|
|
3051
|
-
function distortBlockedAttributes(ctor, attributes, elNamespace =
|
|
3271
|
+
function distortBlockedAttributes(ctor, attributes, elNamespace = NAMESPACE_DEFAULT) {
|
|
3052
3272
|
for (let i = 0, len = attributes.length; i < len; i += 1) {
|
|
3053
3273
|
const attributeName = attributes[i];
|
|
3054
3274
|
registerElementSetDistortion(ctor, {
|
|
@@ -3056,7 +3276,7 @@ function distortBlockedAttributes(ctor, attributes, elNamespace = DEFAULT_ELEMEN
|
|
|
3056
3276
|
attributeNamespace: elNamespace,
|
|
3057
3277
|
|
|
3058
3278
|
distortion() {
|
|
3059
|
-
throw new
|
|
3279
|
+
throw new LockerSecurityError(`Attribute "${attributeName}" not allowed on ${ctor.name}`);
|
|
3060
3280
|
}
|
|
3061
3281
|
|
|
3062
3282
|
});
|
|
@@ -3088,7 +3308,7 @@ function withInstrumentation(fn, instrumentation, activityName, key) {
|
|
|
3088
3308
|
};
|
|
3089
3309
|
}
|
|
3090
3310
|
|
|
3091
|
-
function
|
|
3311
|
+
function distortionAttrValueSetter(globalObject, options) {
|
|
3092
3312
|
const {
|
|
3093
3313
|
Attr
|
|
3094
3314
|
} = globalObject;
|
|
@@ -3122,7 +3342,7 @@ function factoryPatchedAttrProtoValueSetter(globalObject, options) {
|
|
|
3122
3342
|
return [originalAttributeValueSetter, value];
|
|
3123
3343
|
}
|
|
3124
3344
|
|
|
3125
|
-
function
|
|
3345
|
+
function distortionAuraUtilGlobalEval(globalObject, options) {
|
|
3126
3346
|
var _globalObject$aura, _globalObject$aura$ut;
|
|
3127
3347
|
|
|
3128
3348
|
const originalGlobalEval = (_globalObject$aura = globalObject.aura) === null || _globalObject$aura === void 0 ? void 0 : (_globalObject$aura$ut = _globalObject$aura.util) === null || _globalObject$aura$ut === void 0 ? void 0 : _globalObject$aura$ut.globalEval;
|
|
@@ -3151,6 +3371,9 @@ function patchAuraUtilGlobalEval(globalObject, options) {
|
|
|
3151
3371
|
return [originalGlobalEval, globalEval];
|
|
3152
3372
|
}
|
|
3153
3373
|
|
|
3374
|
+
const CHAR_CODE_EQUALS = 61;
|
|
3375
|
+
const COOKIE_DELIMITER = '; ';
|
|
3376
|
+
|
|
3154
3377
|
function prefixCookieName(detailsOrName, key) {
|
|
3155
3378
|
if (isObjectLike(detailsOrName)) {
|
|
3156
3379
|
const clonedDetails = shallowCloneOptions(detailsOrName);
|
|
@@ -3162,10 +3385,49 @@ function prefixCookieName(detailsOrName, key) {
|
|
|
3162
3385
|
|
|
3163
3386
|
return detailsOrName;
|
|
3164
3387
|
}
|
|
3388
|
+
|
|
3389
|
+
var CookieSameSite;
|
|
3390
|
+
|
|
3391
|
+
(function (CookieSameSite) {
|
|
3392
|
+
CookieSameSite[CookieSameSite["strict"] = 0] = "strict";
|
|
3393
|
+
CookieSameSite[CookieSameSite["lax"] = 1] = "lax";
|
|
3394
|
+
CookieSameSite[CookieSameSite["none"] = 2] = "none";
|
|
3395
|
+
})(CookieSameSite || (CookieSameSite = {}));
|
|
3396
|
+
|
|
3397
|
+
function unprefixCookieName(name, key) {
|
|
3398
|
+
const rootKey = nsCookieRootKey(key); // First check that this cookie belongs to this sandbox,
|
|
3399
|
+
// if not then return null.
|
|
3400
|
+
|
|
3401
|
+
if (!StringStartsWith(name, rootKey)) {
|
|
3402
|
+
return null;
|
|
3403
|
+
} // If this cookie belongs to this sandbox, remove the prefix key
|
|
3404
|
+
|
|
3405
|
+
|
|
3406
|
+
const {
|
|
3407
|
+
length: rootKeyLength
|
|
3408
|
+
} = rootKey;
|
|
3409
|
+
const rootKeySubstringLength = StringCharCodeAt(name, rootKeyLength) === CHAR_CODE_EQUALS ? rootKeyLength + 1 : rootKeyLength;
|
|
3410
|
+
return StringSlice(name, rootKeySubstringLength);
|
|
3411
|
+
}
|
|
3412
|
+
|
|
3413
|
+
function normalizeCookieListItem(cookie, key) {
|
|
3414
|
+
if (cookie) {
|
|
3415
|
+
const unprefixedCookieName = unprefixCookieName(cookie.name, key); // If unprefixCookieName() returns null, that means this cookie
|
|
3416
|
+
// doesn't belong to the provided sandbox (based on the key)
|
|
3417
|
+
|
|
3418
|
+
if (unprefixedCookieName === null) {
|
|
3419
|
+
return null;
|
|
3420
|
+
}
|
|
3421
|
+
|
|
3422
|
+
cookie.name = unprefixedCookieName;
|
|
3423
|
+
}
|
|
3424
|
+
|
|
3425
|
+
return cookie;
|
|
3426
|
+
}
|
|
3165
3427
|
/* istanbul ignore next: only available in secure context */
|
|
3166
3428
|
|
|
3167
3429
|
|
|
3168
|
-
function
|
|
3430
|
+
function distortionCookieStoreDelete(globalObject, options) {
|
|
3169
3431
|
const {
|
|
3170
3432
|
CookieStore
|
|
3171
3433
|
} = globalObject;
|
|
@@ -3199,7 +3461,7 @@ function factoryPatchedDeleteValue(globalObject, options) {
|
|
|
3199
3461
|
/* istanbul ignore next: only available in secure context */
|
|
3200
3462
|
|
|
3201
3463
|
|
|
3202
|
-
function
|
|
3464
|
+
function distortionCookieStoreGet(globalObject, options) {
|
|
3203
3465
|
const {
|
|
3204
3466
|
CookieStore
|
|
3205
3467
|
} = globalObject;
|
|
@@ -3208,9 +3470,9 @@ function factoryPatchedGetValue(globalObject, options) {
|
|
|
3208
3470
|
return null;
|
|
3209
3471
|
}
|
|
3210
3472
|
|
|
3211
|
-
const
|
|
3473
|
+
const originalGet = ObjectLookupOwnValue(CookieStore.prototype, 'get');
|
|
3212
3474
|
|
|
3213
|
-
if (!
|
|
3475
|
+
if (!originalGet) {
|
|
3214
3476
|
return null;
|
|
3215
3477
|
}
|
|
3216
3478
|
|
|
@@ -3225,15 +3487,15 @@ function factoryPatchedGetValue(globalObject, options) {
|
|
|
3225
3487
|
args[0] = prefixCookieName(detailsOrName, key);
|
|
3226
3488
|
}
|
|
3227
3489
|
|
|
3228
|
-
return ReflectApply$3(
|
|
3490
|
+
return PromiseThen(ReflectApply$3(originalGet, this, args), result => normalizeCookieListItem(result, key));
|
|
3229
3491
|
};
|
|
3230
3492
|
|
|
3231
|
-
return [
|
|
3493
|
+
return [originalGet, get];
|
|
3232
3494
|
}
|
|
3233
3495
|
/* istanbul ignore next: only available in secure context */
|
|
3234
3496
|
|
|
3235
3497
|
|
|
3236
|
-
function
|
|
3498
|
+
function distortionCookieStoreGetAll(globalObject, options) {
|
|
3237
3499
|
const {
|
|
3238
3500
|
CookieStore
|
|
3239
3501
|
} = globalObject;
|
|
@@ -3242,9 +3504,9 @@ function factoryPatchedGetAllValue(globalObject, options) {
|
|
|
3242
3504
|
return null;
|
|
3243
3505
|
}
|
|
3244
3506
|
|
|
3245
|
-
const
|
|
3507
|
+
const originalGetAll = ObjectLookupOwnValue(CookieStore.prototype, 'getAll');
|
|
3246
3508
|
|
|
3247
|
-
if (!
|
|
3509
|
+
if (!originalGetAll) {
|
|
3248
3510
|
return null;
|
|
3249
3511
|
}
|
|
3250
3512
|
|
|
@@ -3257,32 +3519,55 @@ function factoryPatchedGetAllValue(globalObject, options) {
|
|
|
3257
3519
|
|
|
3258
3520
|
if (detailsOrName !== null && detailsOrName !== undefined) {
|
|
3259
3521
|
args[0] = prefixCookieName(args[0], key);
|
|
3260
|
-
return ReflectApply$3(CookieStoreProtoGetAll, this, args);
|
|
3261
3522
|
}
|
|
3262
3523
|
|
|
3263
|
-
return PromiseThen(ReflectApply$3(
|
|
3264
|
-
const
|
|
3265
|
-
const cookiesSandbox = [];
|
|
3524
|
+
return PromiseThen(ReflectApply$3(originalGetAll, this, args), result => {
|
|
3525
|
+
const sandboxedCookies = [];
|
|
3266
3526
|
|
|
3267
|
-
for (let i = 0,
|
|
3268
|
-
|
|
3269
|
-
|
|
3527
|
+
for (let i = 0, {
|
|
3528
|
+
length
|
|
3529
|
+
} = result; i < length; i += 1) {
|
|
3530
|
+
const cookie = normalizeCookieListItem(result[i], key);
|
|
3270
3531
|
|
|
3271
|
-
if (
|
|
3272
|
-
ArrayPush(
|
|
3532
|
+
if (cookie) {
|
|
3533
|
+
ArrayPush(sandboxedCookies, cookie);
|
|
3273
3534
|
}
|
|
3274
3535
|
}
|
|
3275
3536
|
|
|
3276
|
-
return
|
|
3537
|
+
return sandboxedCookies;
|
|
3277
3538
|
});
|
|
3278
3539
|
};
|
|
3279
3540
|
|
|
3280
|
-
return [
|
|
3541
|
+
return [originalGetAll, getAll];
|
|
3281
3542
|
}
|
|
3282
3543
|
/* istanbul ignore next: only available in secure context */
|
|
3283
3544
|
|
|
3284
3545
|
|
|
3285
|
-
function
|
|
3546
|
+
function distortionCookieStoreOnChange(globalObject, _options) {
|
|
3547
|
+
const {
|
|
3548
|
+
CookieStore
|
|
3549
|
+
} = globalObject;
|
|
3550
|
+
|
|
3551
|
+
if (CookieStore === undefined) {
|
|
3552
|
+
return null;
|
|
3553
|
+
}
|
|
3554
|
+
|
|
3555
|
+
const originalOnChangeSetter = ObjectLookupOwnSetter(CookieStore.prototype, 'onchange');
|
|
3556
|
+
|
|
3557
|
+
if (originalOnChangeSetter === undefined) {
|
|
3558
|
+
return null;
|
|
3559
|
+
}
|
|
3560
|
+
|
|
3561
|
+
function onchange() {
|
|
3562
|
+
throw new LockerSecurityError('Cannot set cookieStore.onchange.');
|
|
3563
|
+
}
|
|
3564
|
+
|
|
3565
|
+
return [originalOnChangeSetter, onchange];
|
|
3566
|
+
}
|
|
3567
|
+
/* istanbul ignore next: only available in secure context */
|
|
3568
|
+
|
|
3569
|
+
|
|
3570
|
+
function distortionCookieStoreSet(globalObject, options) {
|
|
3286
3571
|
const {
|
|
3287
3572
|
CookieStore
|
|
3288
3573
|
} = globalObject;
|
|
@@ -3321,34 +3606,7 @@ function factoryPatchedSetValue(globalObject, options) {
|
|
|
3321
3606
|
return [originalSetValue, set];
|
|
3322
3607
|
}
|
|
3323
3608
|
|
|
3324
|
-
function
|
|
3325
|
-
const {
|
|
3326
|
-
key
|
|
3327
|
-
} = options;
|
|
3328
|
-
const LOWER_CASED_NS = StringToLowerCase(key);
|
|
3329
|
-
const {
|
|
3330
|
-
CustomElementRegistry
|
|
3331
|
-
} = globalObject;
|
|
3332
|
-
const {
|
|
3333
|
-
define: originalDefineValue
|
|
3334
|
-
} = CustomElementRegistry.prototype;
|
|
3335
|
-
|
|
3336
|
-
function define(_name, _constructor, _options) {
|
|
3337
|
-
const args = sanitizeArguments(arguments, [toString]);
|
|
3338
|
-
const sanitizedName = args[0];
|
|
3339
|
-
const lowerCasedName = StringToLowerCase(sanitizedName);
|
|
3340
|
-
|
|
3341
|
-
if (!StringStartsWith(lowerCasedName, `${LOWER_CASED_NS}-`)) {
|
|
3342
|
-
throw new RangeErrorCtor('Disallowed name when calling customElements.define() ' + `with name "${sanitizedName}". Only names prefixed with ` + `"${LOWER_CASED_NS}-" are allowed.`);
|
|
3343
|
-
}
|
|
3344
|
-
|
|
3345
|
-
ReflectApply$3(CustomElementRegistryProtoDefine, this, args);
|
|
3346
|
-
}
|
|
3347
|
-
|
|
3348
|
-
return [originalDefineValue, define];
|
|
3349
|
-
}
|
|
3350
|
-
|
|
3351
|
-
function patchedGetValue(globalObject, options) {
|
|
3609
|
+
function distortionCustomElementRegistryGet(globalObject, options) {
|
|
3352
3610
|
const {
|
|
3353
3611
|
key
|
|
3354
3612
|
} = options;
|
|
@@ -3361,12 +3619,12 @@ function patchedGetValue(globalObject, options) {
|
|
|
3361
3619
|
} = CustomElementRegistry.prototype;
|
|
3362
3620
|
|
|
3363
3621
|
function get(_name) {
|
|
3364
|
-
const args = sanitizeArguments(arguments, [toString]);
|
|
3622
|
+
const args = sanitizeArguments(arguments, [toString$1]);
|
|
3365
3623
|
const sanitizedName = args[0];
|
|
3366
3624
|
const lowerCasedName = StringToLowerCase(sanitizedName);
|
|
3367
3625
|
|
|
3368
3626
|
if (!StringStartsWith(lowerCasedName, `${LOWER_CASED_NS}-`)) {
|
|
3369
|
-
throw new
|
|
3627
|
+
throw new LockerSecurityError('Disallowed name when calling customElements.get() ' + `with name "${sanitizedName}". Only names prefixed with ` + `"${LOWER_CASED_NS}-" are allowed.`);
|
|
3370
3628
|
}
|
|
3371
3629
|
|
|
3372
3630
|
return ReflectApply$3(CustomElementRegistryProtoGet, this, args);
|
|
@@ -3374,8 +3632,6 @@ function patchedGetValue(globalObject, options) {
|
|
|
3374
3632
|
|
|
3375
3633
|
return [originalGetValue, get];
|
|
3376
3634
|
}
|
|
3377
|
-
|
|
3378
|
-
const CHAR_CODE_EQUALS = 61;
|
|
3379
3635
|
/**
|
|
3380
3636
|
* Factory patched cookie getter. Must be invoked with namespace argument.
|
|
3381
3637
|
* Will return a patched cookie getter bound to the namespace.
|
|
@@ -3383,7 +3639,8 @@ const CHAR_CODE_EQUALS = 61;
|
|
|
3383
3639
|
* @returns Distortion: string
|
|
3384
3640
|
*/
|
|
3385
3641
|
|
|
3386
|
-
|
|
3642
|
+
|
|
3643
|
+
function distortionDocumentCookieGetter(globalObject, options) {
|
|
3387
3644
|
const {
|
|
3388
3645
|
Document
|
|
3389
3646
|
} = globalObject;
|
|
@@ -3393,25 +3650,21 @@ function factoryPatchedCookieGetter(globalObject, options) {
|
|
|
3393
3650
|
const originalCookieGetter = ObjectLookupOwnGetter$1(Document.prototype, 'cookie');
|
|
3394
3651
|
|
|
3395
3652
|
function get() {
|
|
3396
|
-
const
|
|
3397
|
-
const cookies = StringSplit(
|
|
3398
|
-
const
|
|
3399
|
-
|
|
3400
|
-
|
|
3401
|
-
|
|
3402
|
-
|
|
3403
|
-
const cookie = cookies[i];
|
|
3404
|
-
|
|
3405
|
-
if (
|
|
3406
|
-
|
|
3407
|
-
ArrayPush(nsCookies, StringSubstring(cookie, rootKeyLength));
|
|
3408
|
-
} else if (StringCharCodeAt(cookie, rootKeyLength) === CHAR_CODE_EQUALS) {
|
|
3409
|
-
ArrayPush(nsCookies, StringSubstring(cookie, rootKeyLength + 1));
|
|
3410
|
-
}
|
|
3653
|
+
const documentCookieValue = DocumentCookieGetter(this);
|
|
3654
|
+
const cookies = StringSplit(documentCookieValue, COOKIE_DELIMITER);
|
|
3655
|
+
const sandboxedCookies = [];
|
|
3656
|
+
|
|
3657
|
+
for (let i = 0, {
|
|
3658
|
+
length
|
|
3659
|
+
} = cookies; i < length; i += 1) {
|
|
3660
|
+
const cookie = unprefixCookieName(cookies[i], key);
|
|
3661
|
+
|
|
3662
|
+
if (cookie) {
|
|
3663
|
+
ArrayPush(sandboxedCookies, cookie);
|
|
3411
3664
|
}
|
|
3412
3665
|
}
|
|
3413
3666
|
|
|
3414
|
-
return ArrayJoin(
|
|
3667
|
+
return ArrayJoin(sandboxedCookies, COOKIE_DELIMITER);
|
|
3415
3668
|
}
|
|
3416
3669
|
|
|
3417
3670
|
return [originalCookieGetter, get];
|
|
@@ -3424,7 +3677,7 @@ function factoryPatchedCookieGetter(globalObject, options) {
|
|
|
3424
3677
|
*/
|
|
3425
3678
|
|
|
3426
3679
|
|
|
3427
|
-
function
|
|
3680
|
+
function distortionDocumentCookieSetter(globalObject, options) {
|
|
3428
3681
|
const {
|
|
3429
3682
|
Document
|
|
3430
3683
|
} = globalObject;
|
|
@@ -3434,34 +3687,36 @@ function factoryPatchedCookieSetter(globalObject, options) {
|
|
|
3434
3687
|
const originalCookieSetter = ObjectLookupOwnSetter(Document.prototype, 'cookie');
|
|
3435
3688
|
|
|
3436
3689
|
function set(value) {
|
|
3437
|
-
const cookieEntries = StringSplit(value,
|
|
3438
|
-
let
|
|
3690
|
+
const cookieEntries = StringSplit(value, COOKIE_DELIMITER);
|
|
3691
|
+
let {
|
|
3692
|
+
0: newCookieEntry
|
|
3693
|
+
} = cookieEntries;
|
|
3439
3694
|
|
|
3440
|
-
if (
|
|
3441
|
-
newCookieEntry =
|
|
3695
|
+
if (StringCharCodeAt(newCookieEntry, 0) === CHAR_CODE_EQUALS) {
|
|
3696
|
+
newCookieEntry = StringSlice(newCookieEntry, 1);
|
|
3442
3697
|
}
|
|
3443
3698
|
|
|
3444
3699
|
cookieEntries[0] = nsCookieKey(newCookieEntry, key);
|
|
3445
|
-
DocumentCookieSetter(this, ArrayJoin(cookieEntries,
|
|
3700
|
+
DocumentCookieSetter(this, ArrayJoin(cookieEntries, COOKIE_DELIMITER));
|
|
3446
3701
|
}
|
|
3447
3702
|
|
|
3448
3703
|
return [originalCookieSetter, set];
|
|
3449
3704
|
}
|
|
3450
3705
|
|
|
3451
|
-
function
|
|
3706
|
+
function distortionDocumentDomainSetter(globalObject) {
|
|
3452
3707
|
const {
|
|
3453
3708
|
Document
|
|
3454
3709
|
} = globalObject;
|
|
3455
3710
|
const originalDomainSetter = ObjectLookupOwnSetter(Document.prototype, 'domain');
|
|
3456
3711
|
|
|
3457
3712
|
function domain() {
|
|
3458
|
-
throw new LockerSecurityError('
|
|
3713
|
+
throw new LockerSecurityError('Cannot set document.domain.');
|
|
3459
3714
|
}
|
|
3460
3715
|
|
|
3461
3716
|
return [originalDomainSetter, domain];
|
|
3462
3717
|
}
|
|
3463
3718
|
|
|
3464
|
-
function
|
|
3719
|
+
function distortionDocumentExecCommand(globalObject) {
|
|
3465
3720
|
const {
|
|
3466
3721
|
Document
|
|
3467
3722
|
} = globalObject;
|
|
@@ -3474,7 +3729,7 @@ function patchedExecCommandValue(globalObject) {
|
|
|
3474
3729
|
const unsanitizedValue = args[2];
|
|
3475
3730
|
|
|
3476
3731
|
if (unsanitizedValue !== null && unsanitizedValue !== undefined) {
|
|
3477
|
-
args = sanitizeArguments(args, [toString]);
|
|
3732
|
+
args = sanitizeArguments(args, [toString$1]);
|
|
3478
3733
|
const command = args[0];
|
|
3479
3734
|
|
|
3480
3735
|
if (StringToLowerCase(command) === 'inserthtml') {
|
|
@@ -3487,9 +3742,160 @@ function patchedExecCommandValue(globalObject) {
|
|
|
3487
3742
|
}
|
|
3488
3743
|
|
|
3489
3744
|
return [originalExecCommandValue, execCommand];
|
|
3745
|
+
} // Check for the noopener feature being enabled:
|
|
3746
|
+
// - noopener
|
|
3747
|
+
// - noopener=1
|
|
3748
|
+
// - noopener=yes
|
|
3749
|
+
|
|
3750
|
+
|
|
3751
|
+
const noopenerRegExp = /(^|,)(\s*noopener\s*=\s*(?:yes|1)\s*)(,|$)/g;
|
|
3752
|
+
|
|
3753
|
+
function sanitizeWindowOpenArguments(args) {
|
|
3754
|
+
const sanitizedArgs = sanitizeArguments(args, [toIgnore, toIgnore, toString$1]);
|
|
3755
|
+
|
|
3756
|
+
if (sanitizedArgs.length > 2) {
|
|
3757
|
+
// Lowercase the features string because it is case insensitive.
|
|
3758
|
+
// https://html.spec.whatwg.org/multipage/window-object.html#normalizing-the-feature-name
|
|
3759
|
+
let windowFeatures = StringToLowerCase(sanitizedArgs[2]);
|
|
3760
|
+
|
|
3761
|
+
if (RegExpTest(noopenerRegExp, windowFeatures)) {
|
|
3762
|
+
noopenerRegExp.lastIndex = 0; // Replacing noopener with an enabled state that is supported
|
|
3763
|
+
// across all browsers. Firefox Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1566619
|
|
3764
|
+
|
|
3765
|
+
windowFeatures = StringReplace(windowFeatures, noopenerRegExp, (match, leading, feature, ending) => `${leading}noopener${ending}`);
|
|
3766
|
+
}
|
|
3767
|
+
|
|
3768
|
+
sanitizedArgs[2] = windowFeatures;
|
|
3769
|
+
}
|
|
3770
|
+
|
|
3771
|
+
return sanitizedArgs;
|
|
3772
|
+
}
|
|
3773
|
+
|
|
3774
|
+
function distortionDocumentOpen(globalObject) {
|
|
3775
|
+
const {
|
|
3776
|
+
Document
|
|
3777
|
+
} = globalObject;
|
|
3778
|
+
const originalDocumentOpen = ObjectLookupOwnValue(Document.prototype, 'open');
|
|
3779
|
+
|
|
3780
|
+
function open(...args) {
|
|
3781
|
+
if (args.length >= 3) {
|
|
3782
|
+
// Distort three-argument document.open calls which is an alias for window.open
|
|
3783
|
+
// https://developer.mozilla.org/en-US/docs/Web/API/Document/open#three-argument_document.open
|
|
3784
|
+
const sanitizedArgs = sanitizeWindowOpenArguments(args);
|
|
3785
|
+
const rawOpenWindow = ReflectApply$3(originalDocumentOpen, this, sanitizedArgs);
|
|
3786
|
+
return getPatchedWindow(rawOpenWindow);
|
|
3787
|
+
}
|
|
3788
|
+
|
|
3789
|
+
return ReflectApply$3(originalDocumentOpen, this, args);
|
|
3790
|
+
}
|
|
3791
|
+
|
|
3792
|
+
return [originalDocumentOpen, open];
|
|
3490
3793
|
}
|
|
3491
3794
|
|
|
3492
|
-
function
|
|
3795
|
+
function distortionDOMParserParseFromString(globalObject) {
|
|
3796
|
+
const {
|
|
3797
|
+
DOMParser
|
|
3798
|
+
} = globalObject;
|
|
3799
|
+
const {
|
|
3800
|
+
parseFromString: originalParseFromString
|
|
3801
|
+
} = DOMParser.prototype;
|
|
3802
|
+
|
|
3803
|
+
function parseFromString(...args) {
|
|
3804
|
+
args = sanitizeArguments(args, [toString$1]); // DOMParser.prototype.parseFromString can only be called with exactly
|
|
3805
|
+
// two arguments. If it receives one argument, it will fail. Some implementations
|
|
3806
|
+
// will also fail if it receives more than two arguments. Since any call that does
|
|
3807
|
+
// not have at least two arguments will fail no matter what, we only need to
|
|
3808
|
+
// expend effort to sanitize when we know that the operation is definitely
|
|
3809
|
+
// NOT going to fail.
|
|
3810
|
+
|
|
3811
|
+
if (args.length >= 2) {
|
|
3812
|
+
// Override the value of the first argument with a sanitized version
|
|
3813
|
+
// of that argument. If the provided mimeType indicates that the
|
|
3814
|
+
// first argument is an svg, use the svg sanitizer instead of the
|
|
3815
|
+
// default sanitizer.
|
|
3816
|
+
args[0] = args[1] === 'image/svg+xml' ? sanitizeSvgInnerHtml(args[0]) : sanitize(args[0]);
|
|
3817
|
+
}
|
|
3818
|
+
|
|
3819
|
+
return ReflectApply$3(DOMParserProtoParseFromString, this, args);
|
|
3820
|
+
}
|
|
3821
|
+
|
|
3822
|
+
return [originalParseFromString, parseFromString];
|
|
3823
|
+
}
|
|
3824
|
+
|
|
3825
|
+
function distortionElementAfter(globalObject) {
|
|
3826
|
+
const {
|
|
3827
|
+
Element
|
|
3828
|
+
} = globalObject;
|
|
3829
|
+
const {
|
|
3830
|
+
after: originalAfter
|
|
3831
|
+
} = Element.prototype;
|
|
3832
|
+
const {
|
|
3833
|
+
isSharedElement,
|
|
3834
|
+
isSharedElementChild
|
|
3835
|
+
} = getValidator(globalObject);
|
|
3836
|
+
|
|
3837
|
+
function after(...args) {
|
|
3838
|
+
if (isSharedElement(this)) {
|
|
3839
|
+
for (let i = 0, {
|
|
3840
|
+
length
|
|
3841
|
+
} = args; i < length; i += 1) {
|
|
3842
|
+
const argValue = args[i];
|
|
3843
|
+
|
|
3844
|
+
if (!isSharedElementChild(argValue)) {
|
|
3845
|
+
var _argValue$nodeName;
|
|
3846
|
+
|
|
3847
|
+
// @ts-ignore: .nodeName is definitely a property of Node.prototype
|
|
3848
|
+
const nodeNameOrString = (_argValue$nodeName = argValue === null || argValue === void 0 ? void 0 : argValue.nodeName) !== null && _argValue$nodeName !== void 0 ? _argValue$nodeName : toString(argValue);
|
|
3849
|
+
throw new LockerSecurityError(`Cannot insert ${nodeNameOrString} after ${this.nodeName}.`);
|
|
3850
|
+
}
|
|
3851
|
+
}
|
|
3852
|
+
}
|
|
3853
|
+
|
|
3854
|
+
return ReflectApply$3(originalAfter, this, args);
|
|
3855
|
+
}
|
|
3856
|
+
|
|
3857
|
+
return [originalAfter, after];
|
|
3858
|
+
}
|
|
3859
|
+
|
|
3860
|
+
function distortionElementAppend(globalObject) {
|
|
3861
|
+
const {
|
|
3862
|
+
Element
|
|
3863
|
+
} = globalObject;
|
|
3864
|
+
const {
|
|
3865
|
+
append: originalAppend
|
|
3866
|
+
} = Element.prototype;
|
|
3867
|
+
const {
|
|
3868
|
+
isSharedElement,
|
|
3869
|
+
isSharedElementChild
|
|
3870
|
+
} = getValidator(globalObject);
|
|
3871
|
+
|
|
3872
|
+
function append(...args) {
|
|
3873
|
+
if (isSharedElement(this)) {
|
|
3874
|
+
// Element.prototype.append(...args) accepts an arbitrary number of arguments
|
|
3875
|
+
// which can be comprised of Nodes and DOMStrings.
|
|
3876
|
+
for (let i = 0, {
|
|
3877
|
+
length
|
|
3878
|
+
} = args; i < length; i += 1) {
|
|
3879
|
+
const argValue = args[i]; // ...If any of the provided arguments is NOT a valid shared element child,
|
|
3880
|
+
// which is limited to script and link, an exception is thrown.
|
|
3881
|
+
|
|
3882
|
+
if (!isSharedElementChild(argValue)) {
|
|
3883
|
+
var _argValue$nodeName2;
|
|
3884
|
+
|
|
3885
|
+
// @ts-ignore: .nodeName is definitely a property of Node.prototype
|
|
3886
|
+
const nodeNameOrString = (_argValue$nodeName2 = argValue === null || argValue === void 0 ? void 0 : argValue.nodeName) !== null && _argValue$nodeName2 !== void 0 ? _argValue$nodeName2 : toString$1(argValue);
|
|
3887
|
+
throw new LockerSecurityError(`Cannot append ${nodeNameOrString} to ${this.nodeName}.`);
|
|
3888
|
+
}
|
|
3889
|
+
}
|
|
3890
|
+
}
|
|
3891
|
+
|
|
3892
|
+
return ReflectApply$3(originalAppend, this, args);
|
|
3893
|
+
}
|
|
3894
|
+
|
|
3895
|
+
return [originalAppend, append];
|
|
3896
|
+
}
|
|
3897
|
+
|
|
3898
|
+
function distortionElementAttachShadow(globalObject) {
|
|
3493
3899
|
const {
|
|
3494
3900
|
Element
|
|
3495
3901
|
} = globalObject;
|
|
@@ -3508,7 +3914,7 @@ function patchedAttachShadow(globalObject) {
|
|
|
3508
3914
|
} = originalShadowRootInit;
|
|
3509
3915
|
|
|
3510
3916
|
if (mode !== 'closed') {
|
|
3511
|
-
throw new
|
|
3917
|
+
throw new LockerSecurityError(`Shadow root mode cannot be 'open'`);
|
|
3512
3918
|
} // Assign own properties and set prototype of shadowRootInit because
|
|
3513
3919
|
// attachShadow() accepts inherited shadowRootInit properties.
|
|
3514
3920
|
|
|
@@ -3543,78 +3949,280 @@ function getPairedElement(attrInstance) {
|
|
|
3543
3949
|
return WeakMapGet(registry, attrInstance);
|
|
3544
3950
|
}
|
|
3545
3951
|
|
|
3546
|
-
function
|
|
3952
|
+
function setNamedItemWithAttr(originalMethod, nodeNameMap, attr, options) {
|
|
3953
|
+
const element = getPairedElement(nodeNameMap);
|
|
3954
|
+
|
|
3955
|
+
if (element) {
|
|
3956
|
+
const {
|
|
3957
|
+
key
|
|
3958
|
+
} = options;
|
|
3959
|
+
const attrName = AttrNameGetter(attr);
|
|
3960
|
+
const attrNamespace = AttrNamespaceURIGetter(attr);
|
|
3961
|
+
const normalizedNamespace = normalizeNamespace(attrNamespace);
|
|
3962
|
+
const distortion = getAttributeDistortion(element, key, attrName, normalizedNamespace);
|
|
3963
|
+
|
|
3964
|
+
if (distortion) {
|
|
3965
|
+
const attrValue = AttrValueGetter(attr);
|
|
3966
|
+
return ReflectApply$3(distortion, element, [attrValue]);
|
|
3967
|
+
}
|
|
3968
|
+
}
|
|
3969
|
+
|
|
3970
|
+
return ReflectApply$3(originalMethod, nodeNameMap, [attr]);
|
|
3971
|
+
}
|
|
3972
|
+
|
|
3973
|
+
function distortionElementAttributesGetter(globalObject) {
|
|
3547
3974
|
const {
|
|
3548
3975
|
Element
|
|
3549
3976
|
} = globalObject;
|
|
3550
3977
|
const originalAttributesGetter = ObjectLookupOwnGetter$1(Element.prototype, 'attributes');
|
|
3551
3978
|
|
|
3552
|
-
function attributes() {
|
|
3553
|
-
const attrs = ElementAttributesGetter(this);
|
|
3554
|
-
pairElement(attrs, this);
|
|
3555
|
-
return attrs;
|
|
3979
|
+
function attributes() {
|
|
3980
|
+
const attrs = ElementAttributesGetter(this);
|
|
3981
|
+
pairElement(attrs, this);
|
|
3982
|
+
return attrs;
|
|
3983
|
+
}
|
|
3984
|
+
|
|
3985
|
+
return [originalAttributesGetter, attributes];
|
|
3986
|
+
}
|
|
3987
|
+
|
|
3988
|
+
function distortionElementBefore(globalObject) {
|
|
3989
|
+
const {
|
|
3990
|
+
Element
|
|
3991
|
+
} = globalObject;
|
|
3992
|
+
const {
|
|
3993
|
+
before: originalBefore
|
|
3994
|
+
} = Element.prototype;
|
|
3995
|
+
const {
|
|
3996
|
+
isSharedElement,
|
|
3997
|
+
isSharedElementChild
|
|
3998
|
+
} = getValidator(globalObject);
|
|
3999
|
+
|
|
4000
|
+
function before(...args) {
|
|
4001
|
+
if (isSharedElement(this)) {
|
|
4002
|
+
for (let i = 0, {
|
|
4003
|
+
length
|
|
4004
|
+
} = args; i < length; i += 1) {
|
|
4005
|
+
const argValue = args[i];
|
|
4006
|
+
|
|
4007
|
+
if (!isSharedElementChild(argValue)) {
|
|
4008
|
+
var _argValue$nodeName3;
|
|
4009
|
+
|
|
4010
|
+
// @ts-ignore: .nodeName is definitely a property of Node.prototype
|
|
4011
|
+
const nodeNameOrString = (_argValue$nodeName3 = argValue === null || argValue === void 0 ? void 0 : argValue.nodeName) !== null && _argValue$nodeName3 !== void 0 ? _argValue$nodeName3 : toString(argValue);
|
|
4012
|
+
throw new LockerSecurityError(`Cannot insert ${nodeNameOrString} before ${this.nodeName}.`);
|
|
4013
|
+
}
|
|
4014
|
+
}
|
|
4015
|
+
}
|
|
4016
|
+
|
|
4017
|
+
return ReflectApply$3(originalBefore, this, args);
|
|
4018
|
+
}
|
|
4019
|
+
|
|
4020
|
+
return [originalBefore, before];
|
|
4021
|
+
}
|
|
4022
|
+
|
|
4023
|
+
function distortionElementInnerHTMLSetter(globalObject) {
|
|
4024
|
+
const {
|
|
4025
|
+
Element,
|
|
4026
|
+
SVGElement
|
|
4027
|
+
} = globalObject;
|
|
4028
|
+
const originalInnerHTMLSetter = ObjectLookupOwnSetter(Element.prototype, 'innerHTML');
|
|
4029
|
+
const {
|
|
4030
|
+
isSharedElement
|
|
4031
|
+
} = getValidator(globalObject);
|
|
4032
|
+
|
|
4033
|
+
function innerHTML(value) {
|
|
4034
|
+
if (isSharedElement(this)) {
|
|
4035
|
+
throw new LockerSecurityError(`Cannot set innerHTML of ${this.nodeName}.`);
|
|
4036
|
+
}
|
|
4037
|
+
|
|
4038
|
+
value = this instanceof SVGElement ? sanitizeSvgInnerHtml(this, value) : sanitize(value);
|
|
4039
|
+
ElementInnerHTMLSetter(this, value);
|
|
4040
|
+
}
|
|
4041
|
+
|
|
4042
|
+
return [originalInnerHTMLSetter, innerHTML];
|
|
4043
|
+
}
|
|
4044
|
+
|
|
4045
|
+
function distortionElementInsertAdjacentElement(globalObject) {
|
|
4046
|
+
const {
|
|
4047
|
+
Element
|
|
4048
|
+
} = globalObject;
|
|
4049
|
+
const {
|
|
4050
|
+
insertAdjacentElement: originalInsertAdjacentElementValue
|
|
4051
|
+
} = Element.prototype;
|
|
4052
|
+
const {
|
|
4053
|
+
isSharedElement,
|
|
4054
|
+
isSharedElementChild
|
|
4055
|
+
} = getValidator(globalObject);
|
|
4056
|
+
|
|
4057
|
+
function insertAdjacentElement(...args) {
|
|
4058
|
+
if (args.length > 1) {
|
|
4059
|
+
const element = args[1];
|
|
4060
|
+
|
|
4061
|
+
if (isSharedElement(this) && !isSharedElementChild(element)) {
|
|
4062
|
+
throw new LockerSecurityError(`Cannot insert ${element.nodeName} adjacent to ${this.nodeName}.`);
|
|
4063
|
+
}
|
|
4064
|
+
}
|
|
4065
|
+
|
|
4066
|
+
return ReflectApply$3(originalInsertAdjacentElementValue, this, args);
|
|
4067
|
+
}
|
|
4068
|
+
|
|
4069
|
+
return [originalInsertAdjacentElementValue, insertAdjacentElement];
|
|
4070
|
+
}
|
|
4071
|
+
|
|
4072
|
+
function distortionElementInsertAdjacentHTML(globalObject) {
|
|
4073
|
+
const {
|
|
4074
|
+
Element
|
|
4075
|
+
} = globalObject;
|
|
4076
|
+
const {
|
|
4077
|
+
insertAdjacentHTML: originalInsertAdjacentHTMLValue
|
|
4078
|
+
} = Element.prototype;
|
|
4079
|
+
const {
|
|
4080
|
+
isSharedElement
|
|
4081
|
+
} = getValidator(globalObject);
|
|
4082
|
+
|
|
4083
|
+
function insertAdjacentHTML(...args) {
|
|
4084
|
+
if (isSharedElement(this)) {
|
|
4085
|
+
throw new LockerSecurityError(`Cannot insert adjacent HTML to ${this.nodeName}.`);
|
|
4086
|
+
}
|
|
4087
|
+
|
|
4088
|
+
if (args.length > 1) {
|
|
4089
|
+
args[1] = sanitize(args[1]);
|
|
4090
|
+
}
|
|
4091
|
+
|
|
4092
|
+
ReflectApply$3(originalInsertAdjacentHTMLValue, this, args);
|
|
4093
|
+
}
|
|
4094
|
+
|
|
4095
|
+
return [originalInsertAdjacentHTMLValue, insertAdjacentHTML];
|
|
4096
|
+
}
|
|
4097
|
+
|
|
4098
|
+
function distortionElementOuterHTMLSetter(globalObject) {
|
|
4099
|
+
const {
|
|
4100
|
+
Element
|
|
4101
|
+
} = globalObject;
|
|
4102
|
+
const originalOuterHTMLSetter = ObjectLookupOwnSetter(Element.prototype, 'outerHTML');
|
|
4103
|
+
const {
|
|
4104
|
+
isSharedElement
|
|
4105
|
+
} = getValidator(globalObject);
|
|
4106
|
+
|
|
4107
|
+
function outerHTML(value) {
|
|
4108
|
+
if (isSharedElement(this)) {
|
|
4109
|
+
throw new LockerSecurityError(`Cannot set outerHTML of ${this.nodeName}.`);
|
|
4110
|
+
}
|
|
4111
|
+
|
|
4112
|
+
value = sanitize(value);
|
|
4113
|
+
ElementOuterHTMLSetter(this, value);
|
|
4114
|
+
}
|
|
4115
|
+
|
|
4116
|
+
return [originalOuterHTMLSetter, outerHTML];
|
|
4117
|
+
}
|
|
4118
|
+
|
|
4119
|
+
function distortionElementPrepend(globalObject) {
|
|
4120
|
+
const {
|
|
4121
|
+
Element
|
|
4122
|
+
} = globalObject;
|
|
4123
|
+
const {
|
|
4124
|
+
prepend: originalPrepend
|
|
4125
|
+
} = Element.prototype;
|
|
4126
|
+
const {
|
|
4127
|
+
isSharedElement,
|
|
4128
|
+
isSharedElementChild
|
|
4129
|
+
} = getValidator(globalObject);
|
|
4130
|
+
|
|
4131
|
+
function prepend(...args) {
|
|
4132
|
+
if (isSharedElement(this)) {
|
|
4133
|
+
// Element.prototype.prepend(...args) accepts an arbitrary number of arguments
|
|
4134
|
+
// which can be comprised of Nodes and DOMStrings.
|
|
4135
|
+
for (let i = 0, {
|
|
4136
|
+
length
|
|
4137
|
+
} = args; i < length; i += 1) {
|
|
4138
|
+
const argValue = args[i]; // ...If any of the provided arguments is NOT a valid shared element child,
|
|
4139
|
+
// which is limited to script and link, an exception is thrown.
|
|
4140
|
+
|
|
4141
|
+
if (!isSharedElementChild(argValue)) {
|
|
4142
|
+
var _argValue$nodeName4;
|
|
4143
|
+
|
|
4144
|
+
// @ts-ignore: .nodeName is definitely a property of Node.prototype
|
|
4145
|
+
const nodeNameOrString = (_argValue$nodeName4 = argValue === null || argValue === void 0 ? void 0 : argValue.nodeName) !== null && _argValue$nodeName4 !== void 0 ? _argValue$nodeName4 : toString(argValue);
|
|
4146
|
+
throw new LockerSecurityError(`Cannot prepend ${nodeNameOrString} to ${this.nodeName}.`);
|
|
4147
|
+
}
|
|
4148
|
+
}
|
|
4149
|
+
}
|
|
4150
|
+
|
|
4151
|
+
return ReflectApply$3(originalPrepend, this, args);
|
|
3556
4152
|
}
|
|
3557
4153
|
|
|
3558
|
-
return [
|
|
4154
|
+
return [originalPrepend, prepend];
|
|
3559
4155
|
}
|
|
3560
4156
|
|
|
3561
|
-
function
|
|
4157
|
+
function distortionElementRemove(globalObject) {
|
|
3562
4158
|
const {
|
|
3563
|
-
Element
|
|
3564
|
-
SVGElement
|
|
4159
|
+
Element
|
|
3565
4160
|
} = globalObject;
|
|
3566
|
-
const
|
|
4161
|
+
const {
|
|
4162
|
+
remove: originalRemove
|
|
4163
|
+
} = Element.prototype;
|
|
4164
|
+
const {
|
|
4165
|
+
isSharedElement
|
|
4166
|
+
} = getValidator(globalObject);
|
|
3567
4167
|
|
|
3568
|
-
function
|
|
4168
|
+
function remove() {
|
|
3569
4169
|
if (isSharedElement(this)) {
|
|
3570
|
-
throw new LockerSecurityError(`
|
|
4170
|
+
throw new LockerSecurityError(`Cannot remove ${this.nodeName}.`);
|
|
3571
4171
|
}
|
|
3572
4172
|
|
|
3573
|
-
|
|
3574
|
-
ElementInnerHTMLSetter(this, value);
|
|
4173
|
+
ReflectApply$3(originalRemove, this, emptyArray$1);
|
|
3575
4174
|
}
|
|
3576
4175
|
|
|
3577
|
-
return [
|
|
4176
|
+
return [originalRemove, remove];
|
|
3578
4177
|
}
|
|
3579
4178
|
|
|
3580
|
-
function
|
|
4179
|
+
function distortionElementReplaceChildren(globalObject) {
|
|
3581
4180
|
const {
|
|
3582
4181
|
Element
|
|
3583
4182
|
} = globalObject;
|
|
3584
4183
|
const {
|
|
3585
|
-
|
|
4184
|
+
replaceChildren: originalReplaceChildren
|
|
3586
4185
|
} = Element.prototype;
|
|
4186
|
+
const {
|
|
4187
|
+
isSharedElement
|
|
4188
|
+
} = getValidator(globalObject);
|
|
4189
|
+
|
|
4190
|
+
function replaceChildren(...args) {
|
|
4191
|
+
if (isSharedElement(this)) {
|
|
4192
|
+
throw new LockerSecurityError(`Cannot replace children of ${this.nodeName}.`);
|
|
4193
|
+
}
|
|
3587
4194
|
|
|
3588
|
-
|
|
3589
|
-
const lowerCasedPosition = StringToLowerCase(toString(position));
|
|
3590
|
-
const sanitizedValue = sanitize(value);
|
|
3591
|
-
ReflectApply$3(ElementProtoInsertAdjacentHTML, this, [lowerCasedPosition, sanitizedValue]);
|
|
4195
|
+
return ReflectApply$3(originalReplaceChildren, this, args);
|
|
3592
4196
|
}
|
|
3593
4197
|
|
|
3594
|
-
return [
|
|
4198
|
+
return [originalReplaceChildren, replaceChildren];
|
|
3595
4199
|
}
|
|
3596
4200
|
|
|
3597
|
-
function
|
|
4201
|
+
function distortionElementReplaceWith(globalObject) {
|
|
3598
4202
|
const {
|
|
3599
4203
|
Element
|
|
3600
4204
|
} = globalObject;
|
|
3601
|
-
const
|
|
4205
|
+
const {
|
|
4206
|
+
replaceWith: originalReplaceWith
|
|
4207
|
+
} = Element.prototype;
|
|
4208
|
+
const {
|
|
4209
|
+
isSharedElement
|
|
4210
|
+
} = getValidator(globalObject);
|
|
3602
4211
|
|
|
3603
|
-
function
|
|
4212
|
+
function replaceWith(...args) {
|
|
3604
4213
|
if (isSharedElement(this)) {
|
|
3605
|
-
throw new LockerSecurityError(`
|
|
4214
|
+
throw new LockerSecurityError(`Cannot replace ${this.nodeName}.`);
|
|
3606
4215
|
}
|
|
3607
4216
|
|
|
3608
|
-
|
|
3609
|
-
ElementOuterHTMLSetter(this, value);
|
|
4217
|
+
return ReflectApply$3(originalReplaceWith, this, args);
|
|
3610
4218
|
}
|
|
3611
4219
|
|
|
3612
|
-
return [
|
|
4220
|
+
return [originalReplaceWith, replaceWith];
|
|
3613
4221
|
}
|
|
3614
4222
|
|
|
3615
4223
|
function sanitizeAttrName(value) {
|
|
3616
|
-
value = toString(value);
|
|
3617
|
-
return StringToLowerCase(toString(value));
|
|
4224
|
+
value = toString$1(value);
|
|
4225
|
+
return StringToLowerCase(toString$1(value));
|
|
3618
4226
|
}
|
|
3619
4227
|
|
|
3620
4228
|
function sanitizeAttributeNode(attr) {
|
|
@@ -3626,7 +4234,7 @@ function sanitizeAttributeNode(attr) {
|
|
|
3626
4234
|
}
|
|
3627
4235
|
}
|
|
3628
4236
|
|
|
3629
|
-
function
|
|
4237
|
+
function distortionElementSetAttribute(globalObject, options) {
|
|
3630
4238
|
const {
|
|
3631
4239
|
key
|
|
3632
4240
|
} = options;
|
|
@@ -3638,14 +4246,14 @@ function factorySetAttribute(globalObject, options) {
|
|
|
3638
4246
|
} = Element.prototype;
|
|
3639
4247
|
|
|
3640
4248
|
let setAttribute = function setAttribute(_attrName, _attrValue) {
|
|
3641
|
-
const args = sanitizeArguments(arguments, [sanitizeAttrName, toString]);
|
|
4249
|
+
const args = sanitizeArguments(arguments, [sanitizeAttrName, toString$1]);
|
|
3642
4250
|
|
|
3643
4251
|
if (args.length < 2) {
|
|
3644
4252
|
ReflectApply$3(ElementProtoSetAttribute$1, this, args);
|
|
3645
4253
|
}
|
|
3646
4254
|
|
|
3647
4255
|
const [attrName, attrValue] = args;
|
|
3648
|
-
const distortion = getAttributeDistortion(this, key, attrName,
|
|
4256
|
+
const distortion = getAttributeDistortion(this, key, attrName, NAMESPACE_DEFAULT);
|
|
3649
4257
|
|
|
3650
4258
|
if (distortion) {
|
|
3651
4259
|
ReflectApply$3(distortion, this, [attrValue]);
|
|
@@ -3662,7 +4270,7 @@ function factorySetAttribute(globalObject, options) {
|
|
|
3662
4270
|
return [originalSetAttributeValue, setAttribute];
|
|
3663
4271
|
}
|
|
3664
4272
|
|
|
3665
|
-
function
|
|
4273
|
+
function distortionElementSetAttributeNode(globalObject, options) {
|
|
3666
4274
|
const {
|
|
3667
4275
|
key
|
|
3668
4276
|
} = options;
|
|
@@ -3732,7 +4340,7 @@ function factoryPatchedSetAttributeNode(globalObject, options) {
|
|
|
3732
4340
|
return [originalSetAttributeNodeValue, setAttributeNode];
|
|
3733
4341
|
}
|
|
3734
4342
|
|
|
3735
|
-
function
|
|
4343
|
+
function distortionElementSetAttributeNodeNS(globalObject, options) {
|
|
3736
4344
|
const {
|
|
3737
4345
|
key
|
|
3738
4346
|
} = options;
|
|
@@ -3771,7 +4379,7 @@ function factoryPatchedSetAttributeNodeNS(globalObject, options) {
|
|
|
3771
4379
|
ElementRemoveAttributeNode(this, oldAttr);
|
|
3772
4380
|
}
|
|
3773
4381
|
|
|
3774
|
-
const attrValue = toString(AttrValueGetter(attr));
|
|
4382
|
+
const attrValue = toString$1(AttrValueGetter(attr));
|
|
3775
4383
|
ReflectApply$3(distortion, this, [attrValue]);
|
|
3776
4384
|
const newAttr = ElementGetAttributeNodeNS(this, attrNamespace, attrName); // remove distorted attribute
|
|
3777
4385
|
|
|
@@ -3802,7 +4410,7 @@ function factoryPatchedSetAttributeNodeNS(globalObject, options) {
|
|
|
3802
4410
|
return [originalSetAttributeNodeNSValue, setAttributeNodeNS];
|
|
3803
4411
|
}
|
|
3804
4412
|
|
|
3805
|
-
function
|
|
4413
|
+
function distortionElementSetAttributeNS(globalObject, options) {
|
|
3806
4414
|
const {
|
|
3807
4415
|
key
|
|
3808
4416
|
} = options;
|
|
@@ -3819,7 +4427,7 @@ function factoryPatchedSetAttributeNSValue(globalObject, options) {
|
|
|
3819
4427
|
return;
|
|
3820
4428
|
}
|
|
3821
4429
|
|
|
3822
|
-
const sanitizedArguments = sanitizeArguments(args, [toStringIfNotNullOrUndefined, sanitizeAttrName, toString]);
|
|
4430
|
+
const sanitizedArguments = sanitizeArguments(args, [toStringIfNotNullOrUndefined, sanitizeAttrName, toString$1]);
|
|
3823
4431
|
const sanitizedAttrNamespace = sanitizedArguments[0];
|
|
3824
4432
|
const sanitizedAttrName = sanitizedArguments[1];
|
|
3825
4433
|
const lookupNamespace = normalizeNamespace(sanitizedAttrNamespace);
|
|
@@ -3837,7 +4445,7 @@ function factoryPatchedSetAttributeNSValue(globalObject, options) {
|
|
|
3837
4445
|
return [originalSetAttributeNSValue, setAttributeNS];
|
|
3838
4446
|
}
|
|
3839
4447
|
|
|
3840
|
-
function
|
|
4448
|
+
function distortionElementShadowRootGetter(globalObject) {
|
|
3841
4449
|
const {
|
|
3842
4450
|
Element
|
|
3843
4451
|
} = globalObject;
|
|
@@ -3871,7 +4479,7 @@ function createDistortedComposedPath(event) {
|
|
|
3871
4479
|
return distortedComposedPath;
|
|
3872
4480
|
}
|
|
3873
4481
|
|
|
3874
|
-
function
|
|
4482
|
+
function distortionEventComposedPath(globalObject) {
|
|
3875
4483
|
const {
|
|
3876
4484
|
Event
|
|
3877
4485
|
} = globalObject;
|
|
@@ -3886,7 +4494,7 @@ function patchEventProtoComposedPath(globalObject) {
|
|
|
3886
4494
|
return [originalComposedPathValue, composedPath];
|
|
3887
4495
|
}
|
|
3888
4496
|
|
|
3889
|
-
function
|
|
4497
|
+
function distortionEventPathGetter(globalObject) {
|
|
3890
4498
|
const {
|
|
3891
4499
|
Event
|
|
3892
4500
|
} = globalObject;
|
|
@@ -3903,11 +4511,50 @@ function patchEventProtoPathGetter(globalObject) {
|
|
|
3903
4511
|
return [originalPathGetter, path];
|
|
3904
4512
|
}
|
|
3905
4513
|
|
|
3906
|
-
function
|
|
4514
|
+
function distortionEventTargetAddEventListener(globalObject) {
|
|
4515
|
+
const {
|
|
4516
|
+
EventTarget,
|
|
4517
|
+
CookieStore
|
|
4518
|
+
} = globalObject;
|
|
4519
|
+
|
|
4520
|
+
if (CookieStore === undefined) {
|
|
4521
|
+
return null;
|
|
4522
|
+
}
|
|
4523
|
+
|
|
4524
|
+
const originalAddEventListener = ObjectLookupOwnValue(EventTarget.prototype, 'addEventListener');
|
|
4525
|
+
|
|
4526
|
+
function addEventListener(...args) {
|
|
4527
|
+
if (this instanceof CookieStore) {
|
|
4528
|
+
throw new LockerSecurityError('Cannot call cookieStore.addEventListener.');
|
|
4529
|
+
}
|
|
4530
|
+
|
|
4531
|
+
return ReflectApply$3(originalAddEventListener, this, args);
|
|
4532
|
+
}
|
|
4533
|
+
|
|
4534
|
+
return [originalAddEventListener, addEventListener];
|
|
4535
|
+
}
|
|
4536
|
+
|
|
4537
|
+
function distortionHTMLElementDatasetGetter(globalObject) {
|
|
4538
|
+
const {
|
|
4539
|
+
HTMLElement
|
|
4540
|
+
} = globalObject;
|
|
4541
|
+
const originalDatasetGetter = ObjectLookupOwnGetter$1(HTMLElement.prototype, 'dataset');
|
|
4542
|
+
|
|
4543
|
+
function dataset() {
|
|
4544
|
+
return liveObjectFromGetter(originalDatasetGetter, this);
|
|
4545
|
+
}
|
|
4546
|
+
|
|
4547
|
+
return [originalDatasetGetter, dataset];
|
|
4548
|
+
}
|
|
4549
|
+
|
|
4550
|
+
function distortionHTMLElementInnerTextSetter(globalObject) {
|
|
3907
4551
|
const {
|
|
3908
4552
|
HTMLElement
|
|
3909
4553
|
} = globalObject;
|
|
3910
4554
|
const originalInnerTextSetter = ObjectLookupOwnSetter(HTMLElement.prototype, 'innerText');
|
|
4555
|
+
const {
|
|
4556
|
+
isSharedElement
|
|
4557
|
+
} = getValidator(globalObject);
|
|
3911
4558
|
|
|
3912
4559
|
if (!originalInnerTextSetter) {
|
|
3913
4560
|
return null;
|
|
@@ -3915,7 +4562,7 @@ function patchedInnerTextSetter(globalObject) {
|
|
|
3915
4562
|
|
|
3916
4563
|
const innerText = function innerText(value) {
|
|
3917
4564
|
if (isSharedElement(this)) {
|
|
3918
|
-
throw new LockerSecurityError(`
|
|
4565
|
+
throw new LockerSecurityError(`Cannot set innerText of ${this.nodeName}.`);
|
|
3919
4566
|
}
|
|
3920
4567
|
|
|
3921
4568
|
HTMLElementInnerTextSetter(this, value);
|
|
@@ -3927,11 +4574,14 @@ function patchedInnerTextSetter(globalObject) {
|
|
|
3927
4574
|
// https://developer.mozilla.org/en-US/docs/Web/API/HTMLElement/outerText#Browser_compatibility
|
|
3928
4575
|
|
|
3929
4576
|
|
|
3930
|
-
function
|
|
4577
|
+
function distortionHTMLElementOuterTextSetter(globalObject) {
|
|
3931
4578
|
const {
|
|
3932
4579
|
HTMLElement
|
|
3933
4580
|
} = globalObject;
|
|
3934
4581
|
const originalOuterTextSetter = ObjectLookupOwnSetter(HTMLElement.prototype, 'outerText');
|
|
4582
|
+
const {
|
|
4583
|
+
isSharedElement
|
|
4584
|
+
} = getValidator(globalObject);
|
|
3935
4585
|
|
|
3936
4586
|
if (!originalOuterTextSetter) {
|
|
3937
4587
|
return null;
|
|
@@ -3939,7 +4589,7 @@ function patchedOuterTextSetter(globalObject) {
|
|
|
3939
4589
|
|
|
3940
4590
|
const outerText = function outerText(value) {
|
|
3941
4591
|
if (isSharedElement(this)) {
|
|
3942
|
-
throw new LockerSecurityError(`
|
|
4592
|
+
throw new LockerSecurityError(`Cannot set outerText of ${this.nodeName}.`);
|
|
3943
4593
|
}
|
|
3944
4594
|
|
|
3945
4595
|
HTMLElementOuterTextSetter(this, value);
|
|
@@ -3948,7 +4598,7 @@ function patchedOuterTextSetter(globalObject) {
|
|
|
3948
4598
|
return [originalOuterTextSetter, outerText];
|
|
3949
4599
|
}
|
|
3950
4600
|
|
|
3951
|
-
function
|
|
4601
|
+
function distortionHTMLElementStyleGetter(globalObject) {
|
|
3952
4602
|
const {
|
|
3953
4603
|
HTMLElement
|
|
3954
4604
|
} = globalObject;
|
|
@@ -3972,7 +4622,7 @@ function factoryPatchedStyleGetter(globalObject) {
|
|
|
3972
4622
|
return [originalStyleGetter, style];
|
|
3973
4623
|
}
|
|
3974
4624
|
|
|
3975
|
-
function
|
|
4625
|
+
function distortionHTMLFrameElementContentDocumentGetter(globalObject) {
|
|
3976
4626
|
const {
|
|
3977
4627
|
HTMLFrameElement
|
|
3978
4628
|
} = globalObject;
|
|
@@ -3988,7 +4638,7 @@ function patchedContentDocumentGetter$2(globalObject) {
|
|
|
3988
4638
|
return [originalContentDocumentGetter, contentDocument];
|
|
3989
4639
|
}
|
|
3990
4640
|
|
|
3991
|
-
function
|
|
4641
|
+
function distortionHTMLFrameElemenentContentWindowGetter(globalObject) {
|
|
3992
4642
|
const {
|
|
3993
4643
|
HTMLFrameElement
|
|
3994
4644
|
} = globalObject;
|
|
@@ -4002,7 +4652,7 @@ function patchedContentWindowGetter$2(globalObject) {
|
|
|
4002
4652
|
return [originalContentWindowGetter, contentWindow];
|
|
4003
4653
|
}
|
|
4004
4654
|
|
|
4005
|
-
function
|
|
4655
|
+
function distortionHTMLIFrameElementContentDocumentGetter(globalObject) {
|
|
4006
4656
|
const {
|
|
4007
4657
|
HTMLIFrameElement
|
|
4008
4658
|
} = globalObject;
|
|
@@ -4018,7 +4668,7 @@ function patchedContentDocumentGetter$1(globalObject) {
|
|
|
4018
4668
|
return [originalContentDocumentGetter, contentDocument];
|
|
4019
4669
|
}
|
|
4020
4670
|
|
|
4021
|
-
function
|
|
4671
|
+
function distortionHTMLIFrameElementContentWindowGetter(globalObject) {
|
|
4022
4672
|
const {
|
|
4023
4673
|
HTMLIFrameElement
|
|
4024
4674
|
} = globalObject;
|
|
@@ -4032,7 +4682,7 @@ function patchedContentWindowGetter$1(globalObject) {
|
|
|
4032
4682
|
return [originalContentWindowGetter, contentWindow];
|
|
4033
4683
|
}
|
|
4034
4684
|
|
|
4035
|
-
function
|
|
4685
|
+
function distortionHTMLIFrameElementSrcSetter(globalObject) {
|
|
4036
4686
|
const {
|
|
4037
4687
|
HTMLIFrameElement
|
|
4038
4688
|
} = globalObject;
|
|
@@ -4050,7 +4700,7 @@ function factoryPatchedSrcSetter$1(globalObject) {
|
|
|
4050
4700
|
|
|
4051
4701
|
registerElementSetDistortion(HTMLIFrameElement, {
|
|
4052
4702
|
attributeName: 'src',
|
|
4053
|
-
attributeNamespace:
|
|
4703
|
+
attributeNamespace: NAMESPACE_DEFAULT,
|
|
4054
4704
|
distortion: src
|
|
4055
4705
|
});
|
|
4056
4706
|
return [originalSrcSetter, src];
|
|
@@ -4063,14 +4713,14 @@ function isValidRelValue(value) {
|
|
|
4063
4713
|
return !RegExpTest(IMPORT, value);
|
|
4064
4714
|
}
|
|
4065
4715
|
|
|
4066
|
-
function
|
|
4716
|
+
function distortionHTMLLinkElementRelSetter(globalObject) {
|
|
4067
4717
|
const {
|
|
4068
4718
|
HTMLLinkElement
|
|
4069
4719
|
} = globalObject;
|
|
4070
4720
|
const originalRelSetter = ObjectLookupOwnSetter(HTMLLinkElement.prototype, 'rel');
|
|
4071
4721
|
|
|
4072
4722
|
function rel(value) {
|
|
4073
|
-
value = toString(value);
|
|
4723
|
+
value = toString$1(value);
|
|
4074
4724
|
|
|
4075
4725
|
if (isValidRelValue(value)) {
|
|
4076
4726
|
HTMLLinkElementRelSetter(this, value);
|
|
@@ -4083,13 +4733,13 @@ function factoryPatchedRelSetter(globalObject) {
|
|
|
4083
4733
|
|
|
4084
4734
|
registerElementSetDistortion(HTMLLinkElement, {
|
|
4085
4735
|
attributeName: 'rel',
|
|
4086
|
-
attributeNamespace:
|
|
4736
|
+
attributeNamespace: NAMESPACE_DEFAULT,
|
|
4087
4737
|
distortion: rel
|
|
4088
4738
|
});
|
|
4089
4739
|
return [originalRelSetter, rel];
|
|
4090
4740
|
}
|
|
4091
4741
|
|
|
4092
|
-
function
|
|
4742
|
+
function distortionHTMLLinkElementRelListSetter(globalObject) {
|
|
4093
4743
|
const {
|
|
4094
4744
|
DOMTokenList,
|
|
4095
4745
|
HTMLLinkElement
|
|
@@ -4097,7 +4747,7 @@ function patchedRelListSetter(globalObject) {
|
|
|
4097
4747
|
const originalRelListSetter = ObjectLookupOwnSetter(HTMLLinkElement.prototype, 'relList');
|
|
4098
4748
|
|
|
4099
4749
|
function relList(relListValue) {
|
|
4100
|
-
const value = relList instanceof DOMTokenList ? DOMTokenListValueGetter(relListValue) : toString(relListValue);
|
|
4750
|
+
const value = relList instanceof DOMTokenList ? DOMTokenListValueGetter(relListValue) : toString$1(relListValue);
|
|
4101
4751
|
|
|
4102
4752
|
if (isValidRelValue(value)) {
|
|
4103
4753
|
HTMLLinkElementRelListSetter(this, value);
|
|
@@ -4113,7 +4763,7 @@ function patchedRelListSetter(globalObject) {
|
|
|
4113
4763
|
return [originalRelListSetter, relList];
|
|
4114
4764
|
}
|
|
4115
4765
|
|
|
4116
|
-
function
|
|
4766
|
+
function distortionHTMLObjectElementContentDocumentGetter(globalObject) {
|
|
4117
4767
|
const {
|
|
4118
4768
|
HTMLObjectElement
|
|
4119
4769
|
} = globalObject;
|
|
@@ -4129,7 +4779,7 @@ function patchedContentDocumentGetter(globalObject) {
|
|
|
4129
4779
|
return [originalContentDocumentGetter, contentDocument];
|
|
4130
4780
|
}
|
|
4131
4781
|
|
|
4132
|
-
function
|
|
4782
|
+
function distortionHTMLObjectElementContentWindowGetter(globalObject) {
|
|
4133
4783
|
const {
|
|
4134
4784
|
HTMLObjectElement
|
|
4135
4785
|
} = globalObject;
|
|
@@ -4154,7 +4804,7 @@ function getDatasetSrcValue(el) {
|
|
|
4154
4804
|
return distortedSrc === undefined ? '' : distortedSrc;
|
|
4155
4805
|
}
|
|
4156
4806
|
|
|
4157
|
-
function
|
|
4807
|
+
function distortionHTMLScriptElementSrcGetter(globalObject) {
|
|
4158
4808
|
const {
|
|
4159
4809
|
HTMLScriptElement
|
|
4160
4810
|
} = globalObject;
|
|
@@ -4167,7 +4817,7 @@ function patchedSrcGetter(globalObject) {
|
|
|
4167
4817
|
return [originalSrcGetter, src];
|
|
4168
4818
|
}
|
|
4169
4819
|
|
|
4170
|
-
function
|
|
4820
|
+
function distortionHTMLScriptElementSrcSetter(globalObject, options) {
|
|
4171
4821
|
const {
|
|
4172
4822
|
HTMLScriptElement
|
|
4173
4823
|
} = globalObject;
|
|
@@ -4175,13 +4825,13 @@ function factoryPatchedSrcSetter(globalObject, options) {
|
|
|
4175
4825
|
const src = scriptDistortion('src', options, HTMLElementDatasetGetter);
|
|
4176
4826
|
registerElementSetDistortion(HTMLScriptElement, {
|
|
4177
4827
|
attributeName: 'src',
|
|
4178
|
-
attributeNamespace:
|
|
4828
|
+
attributeNamespace: NAMESPACE_DEFAULT,
|
|
4179
4829
|
distortion: src
|
|
4180
4830
|
});
|
|
4181
4831
|
return [originalSrcSetter, src];
|
|
4182
4832
|
}
|
|
4183
4833
|
|
|
4184
|
-
function
|
|
4834
|
+
function distortionMessageEventSourceGetter(globalObject) {
|
|
4185
4835
|
const {
|
|
4186
4836
|
MessageEvent
|
|
4187
4837
|
} = globalObject;
|
|
@@ -4189,45 +4839,43 @@ function patchedSourceGetter(globalObject) {
|
|
|
4189
4839
|
|
|
4190
4840
|
function source() {
|
|
4191
4841
|
const rawSource = MessageEventSourceGetter(this);
|
|
4192
|
-
return toString(rawSource) === '[object Window]' ? getPatchedWindow(rawSource) : rawSource;
|
|
4842
|
+
return toString$1(rawSource) === '[object Window]' ? getPatchedWindow(rawSource) : rawSource;
|
|
4193
4843
|
}
|
|
4194
4844
|
|
|
4195
4845
|
return [originalSourceGetter, source];
|
|
4196
4846
|
}
|
|
4197
4847
|
|
|
4198
|
-
function
|
|
4199
|
-
const {
|
|
4200
|
-
key
|
|
4201
|
-
} = options;
|
|
4848
|
+
function distortionNamedNodeMapSetNamedItem(globalObject, options) {
|
|
4202
4849
|
const {
|
|
4203
4850
|
NamedNodeMap
|
|
4204
4851
|
} = globalObject;
|
|
4205
4852
|
const {
|
|
4206
|
-
setNamedItem:
|
|
4853
|
+
setNamedItem: originalSetNamedItem
|
|
4207
4854
|
} = NamedNodeMap.prototype;
|
|
4208
4855
|
|
|
4209
4856
|
function setNamedItem(attr) {
|
|
4210
|
-
|
|
4857
|
+
return setNamedItemWithAttr(originalSetNamedItem, this, attr, options);
|
|
4858
|
+
}
|
|
4211
4859
|
|
|
4212
|
-
|
|
4213
|
-
|
|
4214
|
-
const attrNamespace = AttrNamespaceURIGetter(attr);
|
|
4215
|
-
const normalizedNamespace = normalizeNamespace(attrNamespace);
|
|
4216
|
-
const distortion = getAttributeDistortion(element, key, attrName, normalizedNamespace);
|
|
4860
|
+
return [originalSetNamedItem, setNamedItem];
|
|
4861
|
+
}
|
|
4217
4862
|
|
|
4218
|
-
|
|
4219
|
-
|
|
4220
|
-
|
|
4221
|
-
|
|
4222
|
-
|
|
4863
|
+
function distortionNamedNodeMapSetNamedItemNS(globalObject, options) {
|
|
4864
|
+
const {
|
|
4865
|
+
NamedNodeMap
|
|
4866
|
+
} = globalObject;
|
|
4867
|
+
const {
|
|
4868
|
+
setNamedItemNS: originalSetNamedItemNS
|
|
4869
|
+
} = NamedNodeMap.prototype;
|
|
4223
4870
|
|
|
4224
|
-
|
|
4871
|
+
function setNamedItemNS(attr) {
|
|
4872
|
+
return setNamedItemWithAttr(originalSetNamedItemNS, this, attr, options);
|
|
4225
4873
|
}
|
|
4226
4874
|
|
|
4227
|
-
return [
|
|
4875
|
+
return [originalSetNamedItemNS, setNamedItemNS];
|
|
4228
4876
|
}
|
|
4229
4877
|
|
|
4230
|
-
function
|
|
4878
|
+
function distortionNavigatorServiceWorkerGetter(globalObject) {
|
|
4231
4879
|
const {
|
|
4232
4880
|
Navigator
|
|
4233
4881
|
} = globalObject;
|
|
@@ -4244,25 +4892,28 @@ function patchedServiceWorkerGetter(globalObject) {
|
|
|
4244
4892
|
return [originalServiceWorkerGetter, get];
|
|
4245
4893
|
}
|
|
4246
4894
|
|
|
4247
|
-
function
|
|
4895
|
+
function distortionNodeTextContentSetter(globalObject) {
|
|
4248
4896
|
const {
|
|
4249
4897
|
Node
|
|
4250
4898
|
} = globalObject;
|
|
4251
4899
|
const originalTextContentSetter = ObjectLookupOwnSetter(Node.prototype, 'textContent');
|
|
4900
|
+
const {
|
|
4901
|
+
isSharedElement
|
|
4902
|
+
} = getValidator(globalObject);
|
|
4252
4903
|
|
|
4253
4904
|
function textContent(value) {
|
|
4254
4905
|
if (isSharedElement(this)) {
|
|
4255
|
-
throw new LockerSecurityError(`
|
|
4906
|
+
throw new LockerSecurityError(`Cannot set textContent of ${this.nodeName} elements.`);
|
|
4256
4907
|
}
|
|
4257
4908
|
|
|
4258
|
-
value = toString(value);
|
|
4909
|
+
value = toString$1(value);
|
|
4259
4910
|
NodeTextContentSetter(this, value);
|
|
4260
4911
|
}
|
|
4261
4912
|
|
|
4262
4913
|
return [originalTextContentSetter, textContent];
|
|
4263
4914
|
}
|
|
4264
4915
|
|
|
4265
|
-
function
|
|
4916
|
+
function distortionRangeCreateContextualFragment(globalObject) {
|
|
4266
4917
|
const {
|
|
4267
4918
|
Range
|
|
4268
4919
|
} = globalObject;
|
|
@@ -4285,7 +4936,7 @@ function patchedCreateContextualFragmentValue(globalObject) {
|
|
|
4285
4936
|
return [originalCreateContextualFragmentValue, createContextualFragment];
|
|
4286
4937
|
}
|
|
4287
4938
|
|
|
4288
|
-
function
|
|
4939
|
+
function distortionServiceWorkerContainer(globalObject) {
|
|
4289
4940
|
const {
|
|
4290
4941
|
ServiceWorkerContainer
|
|
4291
4942
|
} = globalObject;
|
|
@@ -4300,7 +4951,20 @@ function patchedServiceWorkerPrototype(globalObject) {
|
|
|
4300
4951
|
return [originalPrototype, createRevokedProxy(originalPrototype)];
|
|
4301
4952
|
}
|
|
4302
4953
|
|
|
4303
|
-
function
|
|
4954
|
+
function distortionShadowRootInnerHTMLSetter(globalObject) {
|
|
4955
|
+
const {
|
|
4956
|
+
ShadowRoot
|
|
4957
|
+
} = globalObject;
|
|
4958
|
+
const originalInnerHTMLSetter = ObjectLookupOwnSetter(ShadowRoot.prototype, 'innerHTML');
|
|
4959
|
+
|
|
4960
|
+
function innerHTML(value) {
|
|
4961
|
+
ShadowRootInnerHTMLSetter(this, sanitize(value));
|
|
4962
|
+
}
|
|
4963
|
+
|
|
4964
|
+
return [originalInnerHTMLSetter, innerHTML];
|
|
4965
|
+
}
|
|
4966
|
+
|
|
4967
|
+
function distortionShadowRootModeGetter(globalObject) {
|
|
4304
4968
|
const {
|
|
4305
4969
|
ShadowRoot
|
|
4306
4970
|
} = globalObject;
|
|
@@ -4313,7 +4977,7 @@ function patchedModeGetter(globalObject) {
|
|
|
4313
4977
|
return [originalModeGetter, mode];
|
|
4314
4978
|
}
|
|
4315
4979
|
|
|
4316
|
-
function
|
|
4980
|
+
function distortionSharedWorkerCtor(globalObject) {
|
|
4317
4981
|
const {
|
|
4318
4982
|
SharedWorker: SharedWorkerCtor
|
|
4319
4983
|
} = globalObject;
|
|
@@ -4326,13 +4990,13 @@ function patchedConstructor$1(globalObject) {
|
|
|
4326
4990
|
}
|
|
4327
4991
|
|
|
4328
4992
|
const SharedWorker = function SharedWorker(url) {
|
|
4329
|
-
throw new
|
|
4993
|
+
throw new LockerSecurityError(`Cannot create SharedWorker with ${url}.`);
|
|
4330
4994
|
};
|
|
4331
4995
|
|
|
4332
4996
|
return [originalSharedWorkerConstructor, SharedWorker];
|
|
4333
4997
|
}
|
|
4334
4998
|
|
|
4335
|
-
function
|
|
4999
|
+
function distortionSharedWorkerProto(globalObject) {
|
|
4336
5000
|
const {
|
|
4337
5001
|
SharedWorker: SharedWorkerCtor
|
|
4338
5002
|
} = globalObject;
|
|
@@ -4390,7 +5054,7 @@ function getStorageMetaOrThrowInvalidInvocation(storage) {
|
|
|
4390
5054
|
const storageMeta = WeakMapGet(meta, storage);
|
|
4391
5055
|
|
|
4392
5056
|
if (storageMeta === undefined) {
|
|
4393
|
-
throw new
|
|
5057
|
+
throw new LockerSecurityError(`Illegal invocation`);
|
|
4394
5058
|
}
|
|
4395
5059
|
|
|
4396
5060
|
return storageMeta;
|
|
@@ -4408,7 +5072,7 @@ function createStorageProxy(s) {
|
|
|
4408
5072
|
return ReflectGet(target, key, receiver);
|
|
4409
5073
|
}
|
|
4410
5074
|
|
|
4411
|
-
const keyForNamespace = getStorageKeyForNamespace(storageRootKey, toString(key));
|
|
5075
|
+
const keyForNamespace = getStorageKeyForNamespace(storageRootKey, toString$1(key));
|
|
4412
5076
|
|
|
4413
5077
|
if (ObjectHasOwnProperty(storage, keyForNamespace)) {
|
|
4414
5078
|
return ReflectGet(storage, keyForNamespace);
|
|
@@ -4428,7 +5092,7 @@ function createStorageProxy(s) {
|
|
|
4428
5092
|
return ReflectSet(target, key, value);
|
|
4429
5093
|
}
|
|
4430
5094
|
|
|
4431
|
-
const keyForNamespace = getStorageKeyForNamespace(storageRootKey, toString(key));
|
|
5095
|
+
const keyForNamespace = getStorageKeyForNamespace(storageRootKey, toString$1(key));
|
|
4432
5096
|
ReflectApply$3(StorageProtoSetItem, storage, [keyForNamespace, value]);
|
|
4433
5097
|
return true;
|
|
4434
5098
|
},
|
|
@@ -4438,13 +5102,14 @@ function createStorageProxy(s) {
|
|
|
4438
5102
|
storage,
|
|
4439
5103
|
storageRootKey
|
|
4440
5104
|
} = getStorageMetaOrThrowInvalidInvocation(target);
|
|
5105
|
+
const safeDesc = toSafeDescriptor(descriptor);
|
|
4441
5106
|
|
|
4442
5107
|
if (typeof key === 'symbol') {
|
|
4443
|
-
return
|
|
5108
|
+
return ReflectDefineProperty(target, key, safeDesc);
|
|
4444
5109
|
}
|
|
4445
5110
|
|
|
4446
|
-
const keyForNamespace = getStorageKeyForNamespace(storageRootKey, toString(key));
|
|
4447
|
-
return ReflectDefineProperty(storage, keyForNamespace,
|
|
5111
|
+
const keyForNamespace = getStorageKeyForNamespace(storageRootKey, toString$1(key));
|
|
5112
|
+
return ReflectDefineProperty(storage, keyForNamespace, safeDesc);
|
|
4448
5113
|
},
|
|
4449
5114
|
|
|
4450
5115
|
deleteProperty(target, key) {
|
|
@@ -4457,7 +5122,7 @@ function createStorageProxy(s) {
|
|
|
4457
5122
|
return ReflectDeleteProperty(target, key);
|
|
4458
5123
|
}
|
|
4459
5124
|
|
|
4460
|
-
const keyForNamespace = getStorageKeyForNamespace(storageRootKey, toString(key));
|
|
5125
|
+
const keyForNamespace = getStorageKeyForNamespace(storageRootKey, toString$1(key));
|
|
4461
5126
|
return ReflectDeleteProperty(storage, keyForNamespace);
|
|
4462
5127
|
},
|
|
4463
5128
|
|
|
@@ -4471,7 +5136,7 @@ function createStorageProxy(s) {
|
|
|
4471
5136
|
return ReflectGetOwnPropertyDescriptor$1(target, key);
|
|
4472
5137
|
}
|
|
4473
5138
|
|
|
4474
|
-
const keyForNamespace = getStorageKeyForNamespace(storageRootKey, toString(key));
|
|
5139
|
+
const keyForNamespace = getStorageKeyForNamespace(storageRootKey, toString$1(key));
|
|
4475
5140
|
return ReflectGetOwnPropertyDescriptor$1(storage, keyForNamespace);
|
|
4476
5141
|
},
|
|
4477
5142
|
|
|
@@ -4496,7 +5161,7 @@ function createStorageProxy(s) {
|
|
|
4496
5161
|
return ReflectHas(target, key);
|
|
4497
5162
|
}
|
|
4498
5163
|
|
|
4499
|
-
const keyForNamespace = getStorageKeyForNamespace(storageRootKey, toString(key));
|
|
5164
|
+
const keyForNamespace = getStorageKeyForNamespace(storageRootKey, toString$1(key));
|
|
4500
5165
|
|
|
4501
5166
|
if (ObjectHasOwnProperty(storage, keyForNamespace)) {
|
|
4502
5167
|
return true;
|
|
@@ -4520,7 +5185,7 @@ function createStorageProxy(s) {
|
|
|
4520
5185
|
|
|
4521
5186
|
class PatchedStorage {
|
|
4522
5187
|
constructor() {
|
|
4523
|
-
throw new
|
|
5188
|
+
throw new LockerSecurityError(`Illegal constructor`);
|
|
4524
5189
|
}
|
|
4525
5190
|
|
|
4526
5191
|
get length() {
|
|
@@ -4564,7 +5229,7 @@ class PatchedStorage {
|
|
|
4564
5229
|
let args = arguments;
|
|
4565
5230
|
|
|
4566
5231
|
if (args.length) {
|
|
4567
|
-
args = sanitizeArguments(args, [toString]);
|
|
5232
|
+
args = sanitizeArguments(args, [toString$1]);
|
|
4568
5233
|
args[0] = getStorageKeyForNamespace(storageRootKey, args[0]);
|
|
4569
5234
|
}
|
|
4570
5235
|
|
|
@@ -4579,7 +5244,7 @@ class PatchedStorage {
|
|
|
4579
5244
|
let args = arguments;
|
|
4580
5245
|
|
|
4581
5246
|
if (args.length > 1) {
|
|
4582
|
-
args = sanitizeArguments(args, [toString, toString]);
|
|
5247
|
+
args = sanitizeArguments(args, [toString$1, toString$1]);
|
|
4583
5248
|
args[0] = getStorageKeyForNamespace(storageRootKey, args[0]);
|
|
4584
5249
|
}
|
|
4585
5250
|
|
|
@@ -4594,7 +5259,7 @@ class PatchedStorage {
|
|
|
4594
5259
|
let args = arguments;
|
|
4595
5260
|
|
|
4596
5261
|
if (args.length) {
|
|
4597
|
-
args = sanitizeArguments(args, [toString]);
|
|
5262
|
+
args = sanitizeArguments(args, [toString$1]);
|
|
4598
5263
|
args[0] = getStorageKeyForNamespace(storageRootKey, args[0]);
|
|
4599
5264
|
}
|
|
4600
5265
|
|
|
@@ -4617,7 +5282,9 @@ class PatchedStorage {
|
|
|
4617
5282
|
}
|
|
4618
5283
|
|
|
4619
5284
|
function createStorage(storage, storageRootKey) {
|
|
4620
|
-
const obj =
|
|
5285
|
+
const obj = {
|
|
5286
|
+
__proto__: PatchedStorage.prototype
|
|
5287
|
+
};
|
|
4621
5288
|
markLiveObject$1(obj);
|
|
4622
5289
|
const proxy = createStorageProxy(obj);
|
|
4623
5290
|
const storageMeta = {
|
|
@@ -4639,8 +5306,8 @@ const {
|
|
|
4639
5306
|
} = PatchedStorage.prototype;
|
|
4640
5307
|
const patchedStorageProtoLengthGetter = ObjectLookupOwnGetter$1(PatchedStorage.prototype, 'length');
|
|
4641
5308
|
|
|
4642
|
-
function
|
|
4643
|
-
return function
|
|
5309
|
+
function createDistortionStorageFactory(storageName) {
|
|
5310
|
+
return function distortionStorageFactory(globalObject, options) {
|
|
4644
5311
|
// @ts-ignore
|
|
4645
5312
|
const storageObject = globalObject[storageName];
|
|
4646
5313
|
|
|
@@ -4658,7 +5325,7 @@ function patchedStorageFactory(storageName) {
|
|
|
4658
5325
|
};
|
|
4659
5326
|
}
|
|
4660
5327
|
|
|
4661
|
-
function
|
|
5328
|
+
function distortionStorageLength(globalObject) {
|
|
4662
5329
|
const {
|
|
4663
5330
|
Storage
|
|
4664
5331
|
} = globalObject;
|
|
@@ -4666,7 +5333,7 @@ function storagePropertyLength(globalObject) {
|
|
|
4666
5333
|
return [originalLengthGetter, patchedStorageProtoLengthGetter];
|
|
4667
5334
|
}
|
|
4668
5335
|
|
|
4669
|
-
function
|
|
5336
|
+
function distortionStorageGetItem(globalObject) {
|
|
4670
5337
|
const {
|
|
4671
5338
|
Storage
|
|
4672
5339
|
} = globalObject;
|
|
@@ -4676,7 +5343,7 @@ function storageGetItemValue(globalObject) {
|
|
|
4676
5343
|
return [originalStorageGetItemValue, patchedStorageProtoGetItem];
|
|
4677
5344
|
}
|
|
4678
5345
|
|
|
4679
|
-
function
|
|
5346
|
+
function distortionStorageSetItem(globalObject) {
|
|
4680
5347
|
const {
|
|
4681
5348
|
Storage
|
|
4682
5349
|
} = globalObject;
|
|
@@ -4686,7 +5353,7 @@ function storageSetItemValue(globalObject) {
|
|
|
4686
5353
|
return [originalStorageSetItemValue, patchedStorageProtoSetItem];
|
|
4687
5354
|
}
|
|
4688
5355
|
|
|
4689
|
-
function
|
|
5356
|
+
function distortionStorageKey(globalObject) {
|
|
4690
5357
|
const {
|
|
4691
5358
|
Storage
|
|
4692
5359
|
} = globalObject;
|
|
@@ -4696,7 +5363,7 @@ function storageKeyValue(globalObject) {
|
|
|
4696
5363
|
return [originalStorageKeyValue, patchedStorageProtoKey];
|
|
4697
5364
|
}
|
|
4698
5365
|
|
|
4699
|
-
function
|
|
5366
|
+
function distortionStorageRemoveItem(globalObject) {
|
|
4700
5367
|
const {
|
|
4701
5368
|
Storage
|
|
4702
5369
|
} = globalObject;
|
|
@@ -4706,7 +5373,7 @@ function storageRemoveItemValue(globalObject) {
|
|
|
4706
5373
|
return [originalStorageRemoveItemValue, patchedStorageProtoRemoveItem];
|
|
4707
5374
|
}
|
|
4708
5375
|
|
|
4709
|
-
function
|
|
5376
|
+
function distortionStorageClear(globalObject) {
|
|
4710
5377
|
const {
|
|
4711
5378
|
Storage
|
|
4712
5379
|
} = globalObject;
|
|
@@ -4716,52 +5383,68 @@ function storageClearValue(globalObject) {
|
|
|
4716
5383
|
return [originalStorageClearValue, patchedStorageProtoClear];
|
|
4717
5384
|
}
|
|
4718
5385
|
|
|
4719
|
-
function
|
|
5386
|
+
function distortionStorage(globalObject) {
|
|
4720
5387
|
const {
|
|
4721
5388
|
Storage
|
|
4722
5389
|
} = globalObject;
|
|
4723
5390
|
return [Storage, PatchedStorage];
|
|
4724
5391
|
}
|
|
4725
5392
|
|
|
4726
|
-
const
|
|
4727
|
-
const
|
|
5393
|
+
const distortionLocalStorage = createDistortionStorageFactory('localStorage');
|
|
5394
|
+
const distortionSessionStorage = createDistortionStorageFactory('sessionStorage');
|
|
5395
|
+
|
|
5396
|
+
function distortionSVGElementDatasetGetter(globalObject) {
|
|
5397
|
+
const {
|
|
5398
|
+
SVGElement
|
|
5399
|
+
} = globalObject;
|
|
5400
|
+
const originalDatasetGetter = ObjectLookupOwnGetter$1(SVGElement.prototype, 'dataset');
|
|
5401
|
+
|
|
5402
|
+
function dataset() {
|
|
5403
|
+
return liveObjectFromGetter(originalDatasetGetter, this);
|
|
5404
|
+
}
|
|
5405
|
+
|
|
5406
|
+
return [originalDatasetGetter, dataset];
|
|
5407
|
+
}
|
|
4728
5408
|
|
|
4729
|
-
function
|
|
5409
|
+
function distortionSVGScriptElementHrefAttribute(globalObject, options) {
|
|
4730
5410
|
const {
|
|
4731
5411
|
SVGScriptElement
|
|
4732
5412
|
} = globalObject;
|
|
4733
5413
|
registerElementSetDistortion(SVGScriptElement, {
|
|
4734
5414
|
attributeName: 'href',
|
|
4735
|
-
attributeNamespace:
|
|
5415
|
+
attributeNamespace: NAMESPACE_XLINK,
|
|
4736
5416
|
distortion: scriptDistortion('href', options, SVGElementDatasetGetter)
|
|
4737
5417
|
});
|
|
5418
|
+
registerElementSetDistortion(SVGScriptElement, {
|
|
5419
|
+
attributeName: 'xlink:href',
|
|
5420
|
+
attributeNamespace: NAMESPACE_XLINK,
|
|
5421
|
+
distortion: scriptDistortion('xlink:href', options, SVGElementDatasetGetter)
|
|
5422
|
+
});
|
|
4738
5423
|
return null;
|
|
4739
5424
|
}
|
|
4740
5425
|
|
|
4741
|
-
|
|
4742
|
-
|
|
4743
|
-
function makeFactoryPatchedHrefAttribute(attributeName) {
|
|
4744
|
-
return function factoryPatchedHrefAttribute(globalObject) {
|
|
5426
|
+
function createDistortionHrefAttributeFactory(attributeName) {
|
|
5427
|
+
return function distortionHrefAttributeFactory(globalObject) {
|
|
4745
5428
|
const {
|
|
4746
5429
|
SVGUseElement
|
|
4747
5430
|
} = globalObject;
|
|
4748
5431
|
|
|
4749
5432
|
function distortion(value) {
|
|
4750
5433
|
const sanitized = value === null || value === undefined || value === '' ? value : sanitizeSvgHrefValue(value);
|
|
4751
|
-
ElementSetAttributeNS(this,
|
|
5434
|
+
ElementSetAttributeNS(this, NAMESPACE_XLINK, attributeName, sanitized);
|
|
4752
5435
|
}
|
|
4753
5436
|
|
|
4754
5437
|
registerElementSetDistortion(SVGUseElement, {
|
|
4755
5438
|
attributeName,
|
|
4756
|
-
attributeNamespace:
|
|
5439
|
+
attributeNamespace: NAMESPACE_XLINK,
|
|
4757
5440
|
distortion
|
|
4758
5441
|
});
|
|
4759
5442
|
return null;
|
|
4760
5443
|
};
|
|
4761
5444
|
}
|
|
4762
5445
|
|
|
4763
|
-
const
|
|
4764
|
-
const
|
|
5446
|
+
const distortionSVGUseElementHrefAttribute = createDistortionHrefAttributeFactory('href');
|
|
5447
|
+
const distortionSVGUseElementXlinkHrefAttribute = createDistortionHrefAttributeFactory('xlink:href');
|
|
4765
5448
|
const ALLOWED_MIME_TYPES = ['application/octet-stream', 'application/json', 'application/pdf', 'video/', 'audio/', 'image/', 'font/', 'text/plain', 'text/markdown', 'application/zip', 'application/x-bzip', 'application/x-rar-compressed', 'application/x-tar']; // alphanumeric characters only plus '-' and '+' characters
|
|
4766
5449
|
// i.e text/xml, application/x-bzip, application/octet-stream, image/svg+xml
|
|
4767
5450
|
|
|
@@ -4782,21 +5465,41 @@ function isMIMETypeAllowed(type) {
|
|
|
4782
5465
|
return false;
|
|
4783
5466
|
}
|
|
4784
5467
|
|
|
4785
|
-
function
|
|
5468
|
+
function distortionURLCreateObjectURL(globalObject) {
|
|
4786
5469
|
const {
|
|
4787
5470
|
URL
|
|
4788
5471
|
} = globalObject;
|
|
4789
5472
|
const {
|
|
4790
5473
|
createObjectURL: originalCreateObjectURL
|
|
4791
5474
|
} = URL;
|
|
5475
|
+
const {
|
|
5476
|
+
isEqualDomString,
|
|
5477
|
+
isMediaSourceObject
|
|
5478
|
+
} = getValidator(globalObject);
|
|
4792
5479
|
|
|
4793
5480
|
function createObjectURL(blobObject) {
|
|
4794
5481
|
// Create a URL object first using the native APIs.
|
|
4795
5482
|
// This will ensure native validation against undefined and other
|
|
4796
5483
|
// non-accepted types.
|
|
4797
|
-
let outURL = URLCreateObjectURL(blobObject);
|
|
5484
|
+
let outURL = URLCreateObjectURL(blobObject); // MediaSource does not share the same proto object as Blob or File.
|
|
5485
|
+
// It can still be used with createObjectURL however we need to treat it separately.
|
|
5486
|
+
// MediaSource does not accept plain text input as Blob and File and does not have a MIME type.
|
|
5487
|
+
|
|
5488
|
+
if (isMediaSourceObject(blobObject)) {
|
|
5489
|
+
return outURL;
|
|
5490
|
+
}
|
|
5491
|
+
|
|
4798
5492
|
const type = BlobTypeGetter(blobObject);
|
|
4799
5493
|
|
|
5494
|
+
if (type === '') {
|
|
5495
|
+
// browsers interpret the empty MIME type differently.
|
|
5496
|
+
// Chrome makes it text/plain.
|
|
5497
|
+
// Firefox attempts to guess the content.
|
|
5498
|
+
// Safari makes it application/octet-stream effectively forcing a download of the content.
|
|
5499
|
+
// We need to normalize the behavior here.
|
|
5500
|
+
return URLCreateObjectURL(BlobSlice(blobObject, 0, undefined, 'text/plain'));
|
|
5501
|
+
}
|
|
5502
|
+
|
|
4800
5503
|
if (ArrayIncludes(HTML_MIME_TYPES, type)) {
|
|
4801
5504
|
const normalizedBlob = BlobSlice(blobObject, 0, BlobSizeGetter(blobObject), `${type};charset=utf-8`);
|
|
4802
5505
|
URLRevokeObjectURL(outURL);
|
|
@@ -4810,24 +5513,24 @@ function patchedCreateObjectURL(globalObject) {
|
|
|
4810
5513
|
|
|
4811
5514
|
if (!isEqualDomString(responseText, sanitized)) {
|
|
4812
5515
|
URLRevokeObjectURL(outURL);
|
|
4813
|
-
throw new LockerSecurityError(`
|
|
5516
|
+
throw new LockerSecurityError(`Cannot "createObjectURL" using a unsecure ${blobObject}!`);
|
|
4814
5517
|
}
|
|
4815
5518
|
|
|
4816
5519
|
return outURL;
|
|
4817
5520
|
}
|
|
4818
5521
|
|
|
4819
|
-
if (
|
|
5522
|
+
if (isMIMETypeAllowed(type)) {
|
|
4820
5523
|
return outURL;
|
|
4821
5524
|
}
|
|
4822
5525
|
|
|
4823
5526
|
URLRevokeObjectURL(outURL);
|
|
4824
|
-
throw new LockerSecurityError('
|
|
5527
|
+
throw new LockerSecurityError('Unsupported MIME type.');
|
|
4825
5528
|
}
|
|
4826
5529
|
|
|
4827
5530
|
return [originalCreateObjectURL, createObjectURL];
|
|
4828
5531
|
}
|
|
4829
5532
|
|
|
4830
|
-
function
|
|
5533
|
+
function distortionWindowFetch(globalObject, options) {
|
|
4831
5534
|
const {
|
|
4832
5535
|
fetch: originalFetchValue
|
|
4833
5536
|
} = globalObject;
|
|
@@ -4844,14 +5547,14 @@ function patchedFetchValue(globalObject, options) {
|
|
|
4844
5547
|
// similar to link element's href.
|
|
4845
5548
|
parsedURL = parseURL(RequestURLGetter(url));
|
|
4846
5549
|
} else {
|
|
4847
|
-
const sanitizedURL = toString(url);
|
|
5550
|
+
const sanitizedURL = toString$1(url);
|
|
4848
5551
|
parsedURL = parseURL(sanitizedURL);
|
|
4849
5552
|
url = parsedURL.normalizedURL;
|
|
4850
5553
|
args[0] = url;
|
|
4851
5554
|
}
|
|
4852
5555
|
|
|
4853
5556
|
if (isInvalidURL(parsedURL)) {
|
|
4854
|
-
const promise =
|
|
5557
|
+
const promise = PromiseReject(new LockerSecurityError(`Cannot request disallowed endpoint: ${url}`));
|
|
4855
5558
|
return promise;
|
|
4856
5559
|
}
|
|
4857
5560
|
}
|
|
@@ -4868,7 +5571,7 @@ function patchedFetchValue(globalObject, options) {
|
|
|
4868
5571
|
/* eslint-disable class-methods-use-this, max-classes-per-file */
|
|
4869
5572
|
|
|
4870
5573
|
|
|
4871
|
-
function
|
|
5574
|
+
function distortionWindowFramesGetter(globalObject) {
|
|
4872
5575
|
const originalWindowFramesGetter = ObjectLookupOwnGetter$1(globalObject, 'frames');
|
|
4873
5576
|
|
|
4874
5577
|
if (originalWindowFramesGetter === undefined) {
|
|
@@ -5074,7 +5777,7 @@ function factoryPatchedFrames(globalObject) {
|
|
|
5074
5777
|
|
|
5075
5778
|
for (const key in descriptors) {
|
|
5076
5779
|
if (typeof key === 'string' && isFrame(descriptors[key].value)) {
|
|
5077
|
-
keys
|
|
5780
|
+
ArrayPush(keys, key);
|
|
5078
5781
|
}
|
|
5079
5782
|
}
|
|
5080
5783
|
|
|
@@ -5105,7 +5808,7 @@ function factoryPatchedFrames(globalObject) {
|
|
|
5105
5808
|
return [originalWindowFramesGetter, frames];
|
|
5106
5809
|
}
|
|
5107
5810
|
|
|
5108
|
-
function
|
|
5811
|
+
function distortionWindowLengthGetter(globalObject) {
|
|
5109
5812
|
const originalLengthGetter = ObjectLookupOwnGetter$1(globalObject, 'length');
|
|
5110
5813
|
|
|
5111
5814
|
if (originalLengthGetter === undefined) {
|
|
@@ -5117,37 +5820,15 @@ function factoryPatchedLength(globalObject) {
|
|
|
5117
5820
|
}
|
|
5118
5821
|
|
|
5119
5822
|
return [originalLengthGetter, length];
|
|
5120
|
-
}
|
|
5121
|
-
// - noopener
|
|
5122
|
-
// - noopener=1
|
|
5123
|
-
// - noopener=yes
|
|
5124
|
-
|
|
5125
|
-
|
|
5126
|
-
const noopenerRegExp = /(^|,)(\s*noopener\s*=\s*(?:yes|1)\s*)(,|$)/g;
|
|
5823
|
+
}
|
|
5127
5824
|
|
|
5128
|
-
function
|
|
5825
|
+
function distortionWindowOpen(globalObject) {
|
|
5129
5826
|
const {
|
|
5130
5827
|
open: originalOpenValue
|
|
5131
5828
|
} = globalObject;
|
|
5132
5829
|
|
|
5133
5830
|
function open(...args) {
|
|
5134
|
-
const sanitizedArgs =
|
|
5135
|
-
|
|
5136
|
-
if (sanitizedArgs.length > 2) {
|
|
5137
|
-
// Lowercase the features string because it is case insensitive.
|
|
5138
|
-
// https://html.spec.whatwg.org/multipage/window-object.html#normalizing-the-feature-name
|
|
5139
|
-
let windowFeatures = StringToLowerCase(sanitizedArgs[2]);
|
|
5140
|
-
|
|
5141
|
-
if (RegExpTest(noopenerRegExp, windowFeatures)) {
|
|
5142
|
-
noopenerRegExp.lastIndex = 0; // Replacing noopener with an enabled state that is supported
|
|
5143
|
-
// across all browsers. Firefox Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1566619
|
|
5144
|
-
|
|
5145
|
-
windowFeatures = StringReplace(windowFeatures, noopenerRegExp, (match, leading, feature, ending) => `${leading}noopener${ending}`);
|
|
5146
|
-
}
|
|
5147
|
-
|
|
5148
|
-
sanitizedArgs[2] = windowFeatures;
|
|
5149
|
-
}
|
|
5150
|
-
|
|
5831
|
+
const sanitizedArgs = sanitizeWindowOpenArguments(args);
|
|
5151
5832
|
const rawOpenWindow = ReflectApply$3(WindowStaticOpen, this, sanitizedArgs);
|
|
5152
5833
|
return getPatchedWindow(rawOpenWindow);
|
|
5153
5834
|
}
|
|
@@ -5155,7 +5836,7 @@ function patchedOpenValue$1(globalObject) {
|
|
|
5155
5836
|
return [originalOpenValue, open];
|
|
5156
5837
|
}
|
|
5157
5838
|
|
|
5158
|
-
function
|
|
5839
|
+
function distortionWindowOpenerGetter(globalObject) {
|
|
5159
5840
|
const originalOpenerGetter = ObjectLookupOwnGetter$1(globalObject, 'opener');
|
|
5160
5841
|
|
|
5161
5842
|
if (originalOpenerGetter === undefined) {
|
|
@@ -5170,7 +5851,7 @@ function factoryPatchedOpener(globalObject) {
|
|
|
5170
5851
|
return [originalOpenerGetter, opener];
|
|
5171
5852
|
}
|
|
5172
5853
|
|
|
5173
|
-
function
|
|
5854
|
+
function distortionWindowParentGetter(globalObject) {
|
|
5174
5855
|
const originalParentGetter = ObjectLookupOwnGetter$1(globalObject, 'parent');
|
|
5175
5856
|
|
|
5176
5857
|
if (originalParentGetter === undefined) {
|
|
@@ -5185,7 +5866,7 @@ function factoryPatchedParent(globalObject) {
|
|
|
5185
5866
|
return [originalParentGetter, parent];
|
|
5186
5867
|
}
|
|
5187
5868
|
|
|
5188
|
-
function
|
|
5869
|
+
function distortionWindowPostMessage(globalObject) {
|
|
5189
5870
|
const originalPostMessageValue = ObjectLookupOwnValue(globalObject, 'postMessage');
|
|
5190
5871
|
|
|
5191
5872
|
function postMessage(...args) {
|
|
@@ -5195,7 +5876,7 @@ function factoryPatchedPostMessage(globalObject) {
|
|
|
5195
5876
|
return [originalPostMessageValue, postMessage];
|
|
5196
5877
|
}
|
|
5197
5878
|
|
|
5198
|
-
function
|
|
5879
|
+
function distortionWindowSetInterval(globalObject, options) {
|
|
5199
5880
|
const {
|
|
5200
5881
|
evaluator,
|
|
5201
5882
|
key
|
|
@@ -5210,7 +5891,7 @@ function patchedSetIntervalValue(globalObject, options) {
|
|
|
5210
5891
|
|
|
5211
5892
|
if (myFunction !== null && myFunction !== undefined && typeof myFunction !== 'function') {
|
|
5212
5893
|
// Snapshot myFunction source to prevent shapeshifting.
|
|
5213
|
-
const myStringFunction = toString(myFunction); // Replace myFunction parameter.
|
|
5894
|
+
const myStringFunction = toString$1(myFunction); // Replace myFunction parameter.
|
|
5214
5895
|
|
|
5215
5896
|
args[0] = () => {
|
|
5216
5897
|
evaluator(key, myStringFunction);
|
|
@@ -5224,7 +5905,7 @@ function patchedSetIntervalValue(globalObject, options) {
|
|
|
5224
5905
|
return [originalSetIntervalValue, setInterval];
|
|
5225
5906
|
}
|
|
5226
5907
|
|
|
5227
|
-
function
|
|
5908
|
+
function distortionWindowSetTimeout(globalObject, options) {
|
|
5228
5909
|
const {
|
|
5229
5910
|
evaluator,
|
|
5230
5911
|
key
|
|
@@ -5238,7 +5919,7 @@ function patchedSetTimeoutValue(globalObject, options) {
|
|
|
5238
5919
|
const myFunction = args[0];
|
|
5239
5920
|
|
|
5240
5921
|
if (myFunction !== null && myFunction !== undefined && typeof myFunction !== 'function') {
|
|
5241
|
-
const myStringFunction = toString(myFunction);
|
|
5922
|
+
const myStringFunction = toString$1(myFunction);
|
|
5242
5923
|
|
|
5243
5924
|
args[0] = () => {
|
|
5244
5925
|
evaluator(key, myStringFunction);
|
|
@@ -5256,19 +5937,19 @@ function patchedSetTimeoutValue(globalObject, options) {
|
|
|
5256
5937
|
return [originalSetTimeoutValue, setTimeout];
|
|
5257
5938
|
}
|
|
5258
5939
|
|
|
5259
|
-
function
|
|
5940
|
+
function distortionWorkerCtor(globalObject) {
|
|
5260
5941
|
const {
|
|
5261
5942
|
Worker: originalWorkerConstructor
|
|
5262
5943
|
} = globalObject;
|
|
5263
5944
|
|
|
5264
5945
|
function Worker(url) {
|
|
5265
|
-
throw new
|
|
5946
|
+
throw new LockerSecurityError(`Cannot create Worker with ${url}`);
|
|
5266
5947
|
}
|
|
5267
5948
|
|
|
5268
5949
|
return [originalWorkerConstructor, Worker];
|
|
5269
5950
|
}
|
|
5270
5951
|
|
|
5271
|
-
function
|
|
5952
|
+
function distortionWorkerProto(globalObject) {
|
|
5272
5953
|
const {
|
|
5273
5954
|
Worker: {
|
|
5274
5955
|
prototype: originalPrototype
|
|
@@ -5277,7 +5958,7 @@ function patchedPrototype(globalObject) {
|
|
|
5277
5958
|
return [originalPrototype, createRevokedProxy(originalPrototype)];
|
|
5278
5959
|
}
|
|
5279
5960
|
|
|
5280
|
-
function
|
|
5961
|
+
function distortionXMLHttpRequestOpen(globalObject, options) {
|
|
5281
5962
|
const {
|
|
5282
5963
|
XMLHttpRequest
|
|
5283
5964
|
} = globalObject;
|
|
@@ -5292,12 +5973,12 @@ function patchedOpenValue(globalObject, options) {
|
|
|
5292
5973
|
return;
|
|
5293
5974
|
}
|
|
5294
5975
|
|
|
5295
|
-
const sanitizedArgs = sanitizeArguments(arguments, [toIgnore, toString]);
|
|
5976
|
+
const sanitizedArgs = sanitizeArguments(arguments, [toIgnore, toString$1]);
|
|
5296
5977
|
const sanitizedURL = sanitizedArgs[1];
|
|
5297
5978
|
const parsedURL = parseURL(sanitizedURL);
|
|
5298
5979
|
|
|
5299
5980
|
if (isInvalidURL(parsedURL)) {
|
|
5300
|
-
throw new
|
|
5981
|
+
throw new LockerSecurityError(`Cannot request disallowed endpoint: ${parsedURL.normalizedURL}`);
|
|
5301
5982
|
} // Replace url parameter.
|
|
5302
5983
|
|
|
5303
5984
|
|
|
@@ -5312,42 +5993,88 @@ function patchedOpenValue(globalObject, options) {
|
|
|
5312
5993
|
return [originalOpenValue, open];
|
|
5313
5994
|
}
|
|
5314
5995
|
|
|
5996
|
+
function distortionXMLHttpRequestResponseGetter(globalObject) {
|
|
5997
|
+
const {
|
|
5998
|
+
Document,
|
|
5999
|
+
XMLHttpRequest
|
|
6000
|
+
} = globalObject;
|
|
6001
|
+
const originalResponseGetter = ObjectLookupOwnGetter$1(XMLHttpRequest.prototype, 'response');
|
|
6002
|
+
|
|
6003
|
+
function response() {
|
|
6004
|
+
const responseValue = ReflectApply$3(originalResponseGetter, this, emptyArray$1);
|
|
6005
|
+
return response instanceof Document ? sanitizeDocument(responseValue) : responseValue;
|
|
6006
|
+
}
|
|
6007
|
+
|
|
6008
|
+
return [originalResponseGetter, response];
|
|
6009
|
+
}
|
|
6010
|
+
|
|
6011
|
+
function distortionXMLHttpRequestResponseXMLGetter(globalObject) {
|
|
6012
|
+
const {
|
|
6013
|
+
XMLHttpRequest
|
|
6014
|
+
} = globalObject;
|
|
6015
|
+
const originalResponseXMLGetter = ObjectLookupOwnGetter$1(XMLHttpRequest.prototype, 'responseXML');
|
|
6016
|
+
|
|
6017
|
+
function responseXML() {
|
|
6018
|
+
const responseValue = ReflectApply$3(originalResponseXMLGetter, this, emptyArray$1);
|
|
6019
|
+
return sanitizeDocument(responseValue);
|
|
6020
|
+
}
|
|
6021
|
+
|
|
6022
|
+
return [originalResponseXMLGetter, responseXML];
|
|
6023
|
+
}
|
|
6024
|
+
/*
|
|
6025
|
+
Naming convention for DistortionFactory function types:
|
|
6026
|
+
|
|
6027
|
+
distortion[ObjectName][PropertyName] : used for property values
|
|
6028
|
+
distortion[ObjectName][PropertyName]Getter : used for property getters
|
|
6029
|
+
distortion[ObjectName][PropertyName]Setter : used for property setters
|
|
6030
|
+
distortion[ObjectName]Ctor : used for object constructors
|
|
6031
|
+
distortion[ObjectName]Proto : used for the object prototype itself
|
|
6032
|
+
*/
|
|
6033
|
+
|
|
6034
|
+
|
|
5315
6035
|
const fundamentalDistortionFactories = [// Document
|
|
5316
|
-
|
|
5317
|
-
|
|
5318
|
-
|
|
5319
|
-
|
|
5320
|
-
|
|
5321
|
-
|
|
5322
|
-
|
|
5323
|
-
|
|
5324
|
-
|
|
5325
|
-
|
|
5326
|
-
|
|
5327
|
-
|
|
5328
|
-
|
|
5329
|
-
|
|
5330
|
-
|
|
5331
|
-
|
|
5332
|
-
|
|
5333
|
-
|
|
5334
|
-
|
|
5335
|
-
|
|
5336
|
-
|
|
5337
|
-
|
|
6036
|
+
distortionDocumentDomainSetter, distortionDocumentExecCommand, distortionDocumentOpen, // DOMParser
|
|
6037
|
+
distortionDOMParserParseFromString, // Element
|
|
6038
|
+
distortionElementAttachShadow, distortionElementAttributesGetter, distortionElementInnerHTMLSetter, distortionElementOuterHTMLSetter, distortionElementInsertAdjacentHTML, distortionElementRemove, distortionElementReplaceChildren, distortionElementReplaceWith, distortionElementShadowRootGetter, // Event
|
|
6039
|
+
distortionEventComposedPath, distortionEventPathGetter, // EventTarget
|
|
6040
|
+
distortionEventTargetAddEventListener, // HTMLElement
|
|
6041
|
+
distortionHTMLElementDatasetGetter, distortionHTMLElementInnerTextSetter, distortionHTMLElementOuterTextSetter, distortionHTMLElementStyleGetter, // HTMLFrameElement
|
|
6042
|
+
distortionHTMLFrameElementContentDocumentGetter, distortionHTMLFrameElemenentContentWindowGetter, // HTMLIFrameElement
|
|
6043
|
+
distortionHTMLIFrameElementSrcSetter, distortionHTMLIFrameElementContentDocumentGetter, distortionHTMLIFrameElementContentWindowGetter, // HTMLLinkElement
|
|
6044
|
+
distortionHTMLLinkElementRelSetter, distortionHTMLLinkElementRelListSetter, // HTMLObjectElement
|
|
6045
|
+
distortionHTMLObjectElementContentDocumentGetter, distortionHTMLObjectElementContentWindowGetter, // HTMLScriptElement
|
|
6046
|
+
distortionHTMLScriptElementSrcGetter, // MessageEvent
|
|
6047
|
+
distortionMessageEventSourceGetter, // Navigator
|
|
6048
|
+
distortionNavigatorServiceWorkerGetter, // Node
|
|
6049
|
+
distortionNodeTextContentSetter, // Range
|
|
6050
|
+
distortionRangeCreateContextualFragment, // ServiceWorkerContainer
|
|
6051
|
+
distortionServiceWorkerContainer, // ShadowRoot
|
|
6052
|
+
distortionShadowRootInnerHTMLSetter, distortionShadowRootModeGetter, // SharedWorker
|
|
6053
|
+
distortionSharedWorkerCtor, distortionSharedWorkerProto, // Storage
|
|
6054
|
+
distortionStorageLength, distortionStorageGetItem, distortionStorageSetItem, distortionStorageKey, distortionStorageRemoveItem, distortionStorageClear, distortionStorage, // SVGElement
|
|
6055
|
+
distortionSVGElementDatasetGetter, // SVGUseElement
|
|
6056
|
+
distortionSVGUseElementHrefAttribute, distortionSVGUseElementXlinkHrefAttribute, // URL
|
|
6057
|
+
distortionURLCreateObjectURL, // Window
|
|
6058
|
+
distortionWindowFetch, distortionWindowFramesGetter, distortionWindowLengthGetter, distortionWindowOpen, distortionWindowOpenerGetter, distortionWindowParentGetter, distortionWindowPostMessage, // Worker
|
|
6059
|
+
distortionWorkerCtor, distortionWorkerProto, // XHR
|
|
6060
|
+
distortionXMLHttpRequestOpen, distortionXMLHttpRequestResponseGetter, distortionXMLHttpRequestResponseXMLGetter];
|
|
5338
6061
|
const fundamentalKeyedDistortionFactories = [// Aura
|
|
5339
|
-
|
|
5340
|
-
|
|
5341
|
-
|
|
5342
|
-
|
|
5343
|
-
|
|
5344
|
-
|
|
5345
|
-
|
|
5346
|
-
|
|
5347
|
-
|
|
5348
|
-
|
|
5349
|
-
|
|
5350
|
-
const secondaryExternalDistortionFactories = [
|
|
6062
|
+
distortionAuraUtilGlobalEval, // Attr
|
|
6063
|
+
distortionAttrValueSetter, // CookieStore
|
|
6064
|
+
distortionCookieStoreDelete, distortionCookieStoreGet, distortionCookieStoreGetAll, distortionCookieStoreOnChange, distortionCookieStoreSet, // Document
|
|
6065
|
+
distortionDocumentCookieGetter, distortionDocumentCookieSetter, // CustomElementRegistry
|
|
6066
|
+
distortionCustomElementRegistryGet, // Element
|
|
6067
|
+
distortionElementSetAttribute, distortionElementSetAttributeNS, distortionElementSetAttributeNode, distortionElementSetAttributeNodeNS, // HTMLScriptElement,
|
|
6068
|
+
distortionHTMLScriptElementSrcSetter, // NamedNodeMap
|
|
6069
|
+
distortionNamedNodeMapSetNamedItem, distortionNamedNodeMapSetNamedItemNS, // SVGScriptElement
|
|
6070
|
+
distortionSVGScriptElementHrefAttribute, // Window
|
|
6071
|
+
distortionWindowSetInterval, distortionWindowSetTimeout, // Storage
|
|
6072
|
+
distortionLocalStorage, distortionSessionStorage];
|
|
6073
|
+
const secondaryExternalDistortionFactories = [// Element
|
|
6074
|
+
distortionElementAfter, distortionElementAppend, distortionElementBefore, distortionElementInsertAdjacentElement, distortionElementPrepend // Node
|
|
6075
|
+
// The distortionNodeAppendChild distortion is temporarily disabled until W-10409618 is resolved
|
|
6076
|
+
// distortionNodeAppendChild,
|
|
6077
|
+
];
|
|
5351
6078
|
const secondaryExternalKeyedDistortionFactories = [];
|
|
5352
6079
|
const secondaryInternalDistortionsFactories = [];
|
|
5353
6080
|
const secondaryInternalKeyedDistortionFactories = [];
|
|
@@ -5355,14 +6082,15 @@ const externalDistortionFactories = ArrayConcat(fundamentalDistortionFactories,
|
|
|
5355
6082
|
const externalKeyedDistortionFactories = ArrayConcat(fundamentalKeyedDistortionFactories, secondaryExternalKeyedDistortionFactories);
|
|
5356
6083
|
ArrayConcat(fundamentalDistortionFactories, secondaryInternalDistortionsFactories);
|
|
5357
6084
|
ArrayConcat(fundamentalKeyedDistortionFactories, secondaryInternalKeyedDistortionFactories);
|
|
5358
|
-
|
|
5359
|
-
|
|
5360
|
-
|
|
5361
|
-
|
|
5362
|
-
|
|
5363
|
-
|
|
5364
|
-
|
|
5365
|
-
|
|
6085
|
+
const DocumentBlockedProperties = ['createProcessingInstruction', 'exitFullscreen', 'fullscreen', 'fullscreenElement', 'fullscreenEnabled', 'mozCancelFullScreen', 'mozFullScreen', 'mozFullScreenElement', 'mozFullScreenEnabled', 'onfullscreenchange', 'onfullscreenerror', 'onmozfullscreenchange', 'onmozfullscreenerror', 'onrejectionhandled', 'onsecuritypolicyviolation', 'onunhandledrejection', 'releaseCapture', 'releaseEvents', 'webkitFullScreenKeyboardInputAllowed', 'write', 'writeln'];
|
|
6086
|
+
const ElementBlockedProperties = ['mozRequestFullScreen', 'onfullscreenchange', 'onfullscreenerror', 'requestFullscreen', 'webkitRequestFullScreen', 'webkitRequestFullscreen'];
|
|
6087
|
+
const HTMLElementBlockedProperties = ['nonce', 'onrejectionhandled', 'onunhandledrejection'];
|
|
6088
|
+
const HTMLEmbedElementBlockedProperties = ['getSVGDocument']; // https://www.w3schools.com/tags/tag_iframe.asp
|
|
6089
|
+
|
|
6090
|
+
const HTMLIFrameElementBlockedAttributes = ['allowpaymentrequest', 'referrerpolicy', 'sandbox', 'srcdoc'];
|
|
6091
|
+
const HTMLIFrameElementBlockedProperties = ['allowPaymentRequest', 'csp', 'featurePolicy', 'getSVGDocument', 'referrerPolicy', 'sandbox', 'srcdoc'];
|
|
6092
|
+
const HTMLObjectElementBlockedProperties = ['getSVGDocument'];
|
|
6093
|
+
const HTMLScriptElementBlockedProperties = ['nonce'];
|
|
5366
6094
|
const externalDistortionCache = new WeakMapCtor();
|
|
5367
6095
|
|
|
5368
6096
|
function makeBlockedPropertyDistortionFactories(globalObject) {
|
|
@@ -5373,31 +6101,20 @@ function makeBlockedPropertyDistortionFactories(globalObject) {
|
|
|
5373
6101
|
HTMLIFrameElement
|
|
5374
6102
|
} = globalObject;
|
|
5375
6103
|
const blockedPropertyDistortionFactories = [];
|
|
5376
|
-
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(
|
|
5377
|
-
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(
|
|
5378
|
-
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(
|
|
5379
|
-
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(
|
|
5380
|
-
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(
|
|
5381
|
-
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(
|
|
5382
|
-
|
|
6104
|
+
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(CustomElementRegistry.prototype, CustomElementRegistryBlockedProperties));
|
|
6105
|
+
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(Document.prototype, DocumentBlockedProperties));
|
|
6106
|
+
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(Element.prototype, ElementBlockedProperties));
|
|
6107
|
+
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(HTMLElement.prototype, HTMLElementBlockedProperties));
|
|
6108
|
+
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(HTMLIFrameElement.prototype, HTMLIFrameElementBlockedProperties));
|
|
6109
|
+
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(HTMLEmbedElement.prototype, HTMLEmbedElementBlockedProperties));
|
|
6110
|
+
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(HTMLObjectElement.prototype, HTMLObjectElementBlockedProperties));
|
|
6111
|
+
ReflectApply$3(ArrayProtoPush, blockedPropertyDistortionFactories, distortBlockedProperties(HTMLScriptElement.prototype, HTMLScriptElementBlockedProperties));
|
|
6112
|
+
distortBlockedAttributes(HTMLIFrameElement, HTMLIFrameElementBlockedAttributes);
|
|
6113
|
+
distortBlockedAttributes(HTMLScriptElement, HTMLScriptElementBlockedProperties);
|
|
5383
6114
|
return blockedPropertyDistortionFactories;
|
|
5384
6115
|
}
|
|
5385
6116
|
|
|
5386
|
-
|
|
5387
|
-
try {
|
|
5388
|
-
return ReflectApply$3(value, this, args);
|
|
5389
|
-
} catch (e) {
|
|
5390
|
-
errorBeacon({
|
|
5391
|
-
sandboxKey,
|
|
5392
|
-
error: e
|
|
5393
|
-
});
|
|
5394
|
-
throw e;
|
|
5395
|
-
}
|
|
5396
|
-
}; // @TODO: [Issue #373] Abstract common code in sandbox and distortion packages
|
|
5397
|
-
|
|
5398
|
-
|
|
5399
|
-
function createExternalDistortionEntries(globalObject, key, evaluator, config) {
|
|
5400
|
-
const entries = [];
|
|
6117
|
+
function addDistortionEntry(globalObject, key, evaluator, config, entries, factory) {
|
|
5401
6118
|
const {
|
|
5402
6119
|
instrumentation,
|
|
5403
6120
|
verboseInstrumentation
|
|
@@ -5407,9 +6124,43 @@ function createExternalDistortionEntries(globalObject, key, evaluator, config) {
|
|
|
5407
6124
|
key,
|
|
5408
6125
|
instrumentation: verboseInstrumentation ? instrumentation : undefined
|
|
5409
6126
|
};
|
|
5410
|
-
const
|
|
5411
|
-
|
|
5412
|
-
|
|
6127
|
+
const pair = factory(globalObject, options);
|
|
6128
|
+
|
|
6129
|
+
if (pair) {
|
|
6130
|
+
const [rawValue, distortedValue] = pair;
|
|
6131
|
+
|
|
6132
|
+
if (rawValue) {
|
|
6133
|
+
let maybeInstrumentedDistortedValue = distortedValue;
|
|
6134
|
+
|
|
6135
|
+
if (typeof distortedValue === 'function') {
|
|
6136
|
+
const {
|
|
6137
|
+
error: errorBeacon
|
|
6138
|
+
} = instrumentation;
|
|
6139
|
+
maybeInstrumentedDistortedValue = instrumentDistortionForSandbox(key, distortedValue, errorBeacon);
|
|
6140
|
+
}
|
|
6141
|
+
|
|
6142
|
+
ArrayPush(entries, [rawValue, maybeMaskDistortion(maybeInstrumentedDistortedValue, rawValue)]);
|
|
6143
|
+
}
|
|
6144
|
+
}
|
|
6145
|
+
}
|
|
6146
|
+
|
|
6147
|
+
function instrumentDistortionForSandbox(sandboxKey, fn, errorBeacon) {
|
|
6148
|
+
return function instrumentedDistortionWrapper(...args) {
|
|
6149
|
+
try {
|
|
6150
|
+
return ReflectApply$3(fn, this, args);
|
|
6151
|
+
} catch (e) {
|
|
6152
|
+
errorBeacon({
|
|
6153
|
+
sandboxKey,
|
|
6154
|
+
error: e
|
|
6155
|
+
});
|
|
6156
|
+
throw e;
|
|
6157
|
+
}
|
|
6158
|
+
};
|
|
6159
|
+
} // @TODO: [Issue #373] Abstract common code in sandbox and distortion packages
|
|
6160
|
+
|
|
6161
|
+
|
|
6162
|
+
function createExternalDistortionEntries(globalObject, key, evaluator, config) {
|
|
6163
|
+
const entries = [];
|
|
5413
6164
|
const cached = WeakMapGet(externalDistortionCache, globalObject);
|
|
5414
6165
|
|
|
5415
6166
|
if (cached) {
|
|
@@ -5419,24 +6170,12 @@ function createExternalDistortionEntries(globalObject, key, evaluator, config) {
|
|
|
5419
6170
|
|
|
5420
6171
|
for (let i = 0, len = blockedPropertyDistortions.length; i < len; i += 1) {
|
|
5421
6172
|
const factory = blockedPropertyDistortions[i];
|
|
5422
|
-
|
|
5423
|
-
|
|
5424
|
-
if (pair !== null) {
|
|
5425
|
-
const [rawValue, distortedValue] = pair;
|
|
5426
|
-
const instrumentedDistortedValue = typeof distortedValue === 'function' ? instrumentDistortionForSandbox(key, distortedValue, errorBeacon) : distortedValue;
|
|
5427
|
-
ArrayPush(entries, [rawValue, maybeMaskDistortion(instrumentedDistortedValue, rawValue)]);
|
|
5428
|
-
}
|
|
6173
|
+
addDistortionEntry(globalObject, key, evaluator, config, entries, factory);
|
|
5429
6174
|
}
|
|
5430
6175
|
|
|
5431
6176
|
for (let i = 0, len = externalDistortionFactories.length; i < len; i += 1) {
|
|
5432
6177
|
const factory = externalDistortionFactories[i];
|
|
5433
|
-
|
|
5434
|
-
|
|
5435
|
-
if (pair !== null) {
|
|
5436
|
-
const [rawValue, distortedValue] = pair;
|
|
5437
|
-
const instrumentedDistortedValue = typeof distortedValue === 'function' ? instrumentDistortionForSandbox(key, distortedValue, errorBeacon) : distortedValue;
|
|
5438
|
-
ArrayPush(entries, [rawValue, maybeMaskDistortion(instrumentedDistortedValue, rawValue)]);
|
|
5439
|
-
}
|
|
6178
|
+
addDistortionEntry(globalObject, key, evaluator, config, entries, factory);
|
|
5440
6179
|
}
|
|
5441
6180
|
|
|
5442
6181
|
WeakMapSet(externalDistortionCache, globalObject, ArrayShallowClone(entries));
|
|
@@ -5444,19 +6183,13 @@ function createExternalDistortionEntries(globalObject, key, evaluator, config) {
|
|
|
5444
6183
|
|
|
5445
6184
|
for (let i = 0, len = externalKeyedDistortionFactories.length; i < len; i += 1) {
|
|
5446
6185
|
const factory = externalKeyedDistortionFactories[i];
|
|
5447
|
-
|
|
5448
|
-
|
|
5449
|
-
if (pair !== null) {
|
|
5450
|
-
const [rawValue, distortedValue] = pair;
|
|
5451
|
-
const instrumentedDistortedValue = typeof distortedValue === 'function' ? instrumentDistortionForSandbox(key, distortedValue, errorBeacon) : distortedValue;
|
|
5452
|
-
ArrayPush(entries, [rawValue, maybeMaskDistortion(instrumentedDistortedValue, rawValue)]);
|
|
5453
|
-
}
|
|
6186
|
+
addDistortionEntry(globalObject, key, evaluator, config, entries, factory);
|
|
5454
6187
|
}
|
|
5455
6188
|
|
|
5456
6189
|
ReflectApply$3(ArrayProtoPush, entries, makeElementDistortionsForSandboxKey(key));
|
|
5457
6190
|
return entries;
|
|
5458
6191
|
} // @TODO: [Issue #373] Abstract common code in sandbox and distortion packages
|
|
5459
|
-
/*! version: 0.14.
|
|
6192
|
+
/*! version: 0.14.26 */
|
|
5460
6193
|
|
|
5461
6194
|
/*!
|
|
5462
6195
|
* Copyright (C) 2021 salesforce.com, inc.
|
|
@@ -5489,7 +6222,7 @@ function __classPrivateFieldSet(receiver, state, value, kind, f) {
|
|
|
5489
6222
|
return kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value), value;
|
|
5490
6223
|
}
|
|
5491
6224
|
|
|
5492
|
-
var
|
|
6225
|
+
var _LockerActivity_startCallback, _LockerActivity_stopCallback, _LockerActivity_ended, _LockerActivity_activityStart, _LockerActivity_activityStop, _LockerActivity_captureTimestamps;
|
|
5493
6226
|
|
|
5494
6227
|
let ticketSequence = 0;
|
|
5495
6228
|
|
|
@@ -5504,49 +6237,49 @@ class LockerActivity {
|
|
|
5504
6237
|
/*
|
|
5505
6238
|
private reference to external instrumentation service to start an activity.
|
|
5506
6239
|
*/
|
|
5507
|
-
|
|
6240
|
+
_LockerActivity_startCallback.set(this, void 0);
|
|
5508
6241
|
/*
|
|
5509
6242
|
private reference to external instrumentation service to stop an activity.
|
|
5510
6243
|
*/
|
|
5511
6244
|
|
|
5512
6245
|
|
|
5513
|
-
|
|
6246
|
+
_LockerActivity_stopCallback.set(this, void 0);
|
|
5514
6247
|
/*
|
|
5515
6248
|
flag to indicate that stop() or error() has been called for the activity.
|
|
5516
6249
|
*/
|
|
5517
6250
|
|
|
5518
6251
|
|
|
5519
|
-
|
|
6252
|
+
_LockerActivity_ended.set(this, void 0);
|
|
5520
6253
|
/*
|
|
5521
6254
|
activity start timestamp. Can be used for data aggregation.
|
|
5522
6255
|
*/
|
|
5523
6256
|
|
|
5524
6257
|
|
|
5525
|
-
|
|
6258
|
+
_LockerActivity_activityStart.set(this, void 0);
|
|
5526
6259
|
/*
|
|
5527
6260
|
activity stop timestamp. Can be used for data aggregation.
|
|
5528
6261
|
*/
|
|
5529
6262
|
|
|
5530
6263
|
|
|
5531
|
-
|
|
6264
|
+
_LockerActivity_activityStop.set(this, void 0);
|
|
5532
6265
|
/*
|
|
5533
6266
|
flag for recording the timestamps of start and stop.
|
|
5534
6267
|
*/
|
|
5535
6268
|
|
|
5536
6269
|
|
|
5537
|
-
|
|
6270
|
+
_LockerActivity_captureTimestamps.set(this, void 0);
|
|
5538
6271
|
|
|
5539
|
-
__classPrivateFieldSet(this,
|
|
6272
|
+
__classPrivateFieldSet(this, _LockerActivity_startCallback, startCallback, "f");
|
|
5540
6273
|
|
|
5541
|
-
__classPrivateFieldSet(this,
|
|
6274
|
+
__classPrivateFieldSet(this, _LockerActivity_stopCallback, stopCallback, "f");
|
|
5542
6275
|
|
|
5543
|
-
__classPrivateFieldSet(this,
|
|
6276
|
+
__classPrivateFieldSet(this, _LockerActivity_activityStart, 0, "f");
|
|
5544
6277
|
|
|
5545
|
-
__classPrivateFieldSet(this,
|
|
6278
|
+
__classPrivateFieldSet(this, _LockerActivity_activityStop, 0, "f");
|
|
5546
6279
|
|
|
5547
|
-
__classPrivateFieldSet(this,
|
|
6280
|
+
__classPrivateFieldSet(this, _LockerActivity_captureTimestamps, captureTimestamps, "f");
|
|
5548
6281
|
|
|
5549
|
-
__classPrivateFieldSet(this,
|
|
6282
|
+
__classPrivateFieldSet(this, _LockerActivity_ended, false, "f");
|
|
5550
6283
|
|
|
5551
6284
|
this.activityName = activityName;
|
|
5552
6285
|
this.activityId = `${activityName}-${getActivityId()}`;
|
|
@@ -5557,12 +6290,12 @@ class LockerActivity {
|
|
|
5557
6290
|
|
|
5558
6291
|
|
|
5559
6292
|
start(data) {
|
|
5560
|
-
if (__classPrivateFieldGet(this,
|
|
5561
|
-
__classPrivateFieldSet(this,
|
|
6293
|
+
if (__classPrivateFieldGet(this, _LockerActivity_captureTimestamps, "f")) {
|
|
6294
|
+
__classPrivateFieldSet(this, _LockerActivity_activityStart, getTimestamp(), "f");
|
|
5562
6295
|
}
|
|
5563
6296
|
|
|
5564
|
-
if (typeof __classPrivateFieldGet(this,
|
|
5565
|
-
__classPrivateFieldGet(this,
|
|
6297
|
+
if (typeof __classPrivateFieldGet(this, _LockerActivity_startCallback, "f") === 'function') {
|
|
6298
|
+
__classPrivateFieldGet(this, _LockerActivity_startCallback, "f").call(this, this, data);
|
|
5566
6299
|
}
|
|
5567
6300
|
}
|
|
5568
6301
|
/*
|
|
@@ -5571,12 +6304,12 @@ class LockerActivity {
|
|
|
5571
6304
|
|
|
5572
6305
|
|
|
5573
6306
|
stop(data) {
|
|
5574
|
-
if (__classPrivateFieldGet(this,
|
|
5575
|
-
__classPrivateFieldSet(this,
|
|
6307
|
+
if (__classPrivateFieldGet(this, _LockerActivity_captureTimestamps, "f")) {
|
|
6308
|
+
__classPrivateFieldSet(this, _LockerActivity_activityStop, getTimestamp(), "f");
|
|
5576
6309
|
}
|
|
5577
6310
|
|
|
5578
|
-
if (!__classPrivateFieldGet(this,
|
|
5579
|
-
__classPrivateFieldGet(this,
|
|
6311
|
+
if (!__classPrivateFieldGet(this, _LockerActivity_ended, "f") && typeof __classPrivateFieldGet(this, _LockerActivity_stopCallback, "f") === 'function') {
|
|
6312
|
+
__classPrivateFieldGet(this, _LockerActivity_stopCallback, "f").call(this, this, data);
|
|
5580
6313
|
}
|
|
5581
6314
|
}
|
|
5582
6315
|
/*
|
|
@@ -5594,12 +6327,12 @@ class LockerActivity {
|
|
|
5594
6327
|
}
|
|
5595
6328
|
|
|
5596
6329
|
get duration() {
|
|
5597
|
-
return __classPrivateFieldGet(this,
|
|
6330
|
+
return __classPrivateFieldGet(this, _LockerActivity_activityStop, "f") > __classPrivateFieldGet(this, _LockerActivity_activityStart, "f") ? __classPrivateFieldGet(this, _LockerActivity_activityStop, "f") - __classPrivateFieldGet(this, _LockerActivity_activityStart, "f") : 0;
|
|
5598
6331
|
}
|
|
5599
6332
|
|
|
5600
6333
|
}
|
|
5601
6334
|
|
|
5602
|
-
|
|
6335
|
+
_LockerActivity_startCallback = new WeakMap(), _LockerActivity_stopCallback = new WeakMap(), _LockerActivity_ended = new WeakMap(), _LockerActivity_activityStart = new WeakMap(), _LockerActivity_activityStop = new WeakMap(), _LockerActivity_captureTimestamps = new WeakMap(); // creates a new no-op InstrumentationHooks instance with methods mapped to Instrumentation Service.
|
|
5603
6336
|
|
|
5604
6337
|
class DefaultInstrumentation {
|
|
5605
6338
|
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
@@ -5617,7 +6350,7 @@ class DefaultInstrumentation {
|
|
|
5617
6350
|
|
|
5618
6351
|
|
|
5619
6352
|
const defaultInstrumentation = new DefaultInstrumentation();
|
|
5620
|
-
/*! version: 0.14.
|
|
6353
|
+
/*! version: 0.14.26 */
|
|
5621
6354
|
|
|
5622
6355
|
/*!
|
|
5623
6356
|
* Copyright (C) 2019 salesforce.com, inc.
|
|
@@ -7726,7 +8459,7 @@ function setEvalHelpers(helpers) {
|
|
|
7726
8459
|
}
|
|
7727
8460
|
|
|
7728
8461
|
function toModuleSource(value) {
|
|
7729
|
-
let source = toString(value);
|
|
8462
|
+
let source = toString$1(value);
|
|
7730
8463
|
|
|
7731
8464
|
if (typeof value === 'function') {
|
|
7732
8465
|
// Extract the function body with the regexp:
|
|
@@ -7761,21 +8494,30 @@ function toModuleSource(value) {
|
|
|
7761
8494
|
return `'use strict';${source}`;
|
|
7762
8495
|
}
|
|
7763
8496
|
|
|
7764
|
-
const defaultEndowmentsDescriptors =
|
|
7765
|
-
|
|
8497
|
+
const defaultEndowmentsDescriptors = {
|
|
8498
|
+
[SANDBOX_EVAL_CONTEXT_NAME]: {
|
|
8499
|
+
// @ts-ignore: TS doesn't like __proto__ on property descriptors.
|
|
8500
|
+
__proto__: null,
|
|
8501
|
+
|
|
7766
8502
|
get() {
|
|
7767
8503
|
return clearEvalContext();
|
|
7768
8504
|
}
|
|
7769
8505
|
|
|
7770
8506
|
},
|
|
7771
|
-
|
|
8507
|
+
[SANDBOX_EVAL_HELPERS_NAME]: {
|
|
8508
|
+
// @ts-ignore: TS doesn't like __proto__ on property descriptors.
|
|
8509
|
+
__proto__: null,
|
|
8510
|
+
|
|
7772
8511
|
get() {
|
|
7773
8512
|
return clearEvalHelpers();
|
|
7774
8513
|
}
|
|
7775
8514
|
|
|
7776
8515
|
}
|
|
7777
|
-
}
|
|
7778
|
-
|
|
8516
|
+
}; // @ts-ignore: TS doesn't like null as a SandboxRecord.
|
|
8517
|
+
|
|
8518
|
+
const sandboxes = {
|
|
8519
|
+
__proto__: null
|
|
8520
|
+
};
|
|
7779
8521
|
|
|
7780
8522
|
function getSandbox(key) {
|
|
7781
8523
|
return sandboxes[key];
|
|
@@ -7839,7 +8581,9 @@ function createSandbox(key, distortionFactory, endowments, instrumentation) {
|
|
|
7839
8581
|
ObjectDefineProperties(normalizedEndowments, toSafeDescriptorMap(ObjectGetOwnPropertyDescriptors$1(endowments)));
|
|
7840
8582
|
}
|
|
7841
8583
|
|
|
7842
|
-
const record =
|
|
8584
|
+
const record = {
|
|
8585
|
+
__proto__: null
|
|
8586
|
+
};
|
|
7843
8587
|
const distortionCallback = createDistortionCallback(record);
|
|
7844
8588
|
|
|
7845
8589
|
if (!lockerBlueRealmGlobalObjectShape) {
|
|
@@ -7864,7 +8608,7 @@ function createSandbox(key, distortionFactory, endowments, instrumentation) {
|
|
|
7864
8608
|
// ignore the entry and continue.
|
|
7865
8609
|
|
|
7866
8610
|
if (descriptor) {
|
|
7867
|
-
descriptorMap[key] = descriptor;
|
|
8611
|
+
descriptorMap[key] = toSafeDescriptor(descriptor);
|
|
7868
8612
|
}
|
|
7869
8613
|
}
|
|
7870
8614
|
|
|
@@ -7884,7 +8628,9 @@ function createSandbox(key, distortionFactory, endowments, instrumentation) {
|
|
|
7884
8628
|
instrumentation
|
|
7885
8629
|
});
|
|
7886
8630
|
record.env = environment;
|
|
7887
|
-
record.helpers =
|
|
8631
|
+
record.helpers = {
|
|
8632
|
+
__proto__: null
|
|
8633
|
+
};
|
|
7888
8634
|
setEvalContext(redHelpersFactory => {
|
|
7889
8635
|
ObjectAssign$3(record.helpers, redHelpersFactory({
|
|
7890
8636
|
loadingPromises
|
|
@@ -7893,8 +8639,9 @@ function createSandbox(key, distortionFactory, endowments, instrumentation) {
|
|
|
7893
8639
|
// istanbul ignore next
|
|
7894
8640
|
|
|
7895
8641
|
record.env.evaluate(`'use strict';
|
|
7896
|
-
$
|
|
8642
|
+
${SANDBOX_EVAL_CONTEXT_NAME}(${function redHelpersFactory(context) {
|
|
7897
8643
|
/* eslint-disable prefer-object-spread */
|
|
8644
|
+
// eslint-disable-next-line @typescript-eslint/no-shadow, no-shadow
|
|
7898
8645
|
const {
|
|
7899
8646
|
loadingPromises
|
|
7900
8647
|
} = context;
|
|
@@ -7926,14 +8673,26 @@ function createSandbox(key, distortionFactory, endowments, instrumentation) {
|
|
|
7926
8673
|
} = Event.prototype;
|
|
7927
8674
|
const {
|
|
7928
8675
|
addEventListener: EventTargetProtoAddEventListener
|
|
7929
|
-
} = EventTarget.prototype;
|
|
8676
|
+
} = EventTarget.prototype; // The Generator prototype object is %GeneratorFunction.prototype.prototype%.
|
|
8677
|
+
// https://tc39.es/ecma262/#sec-generatorfunction.prototype.prototype
|
|
8678
|
+
// eslint-disable-next-line @typescript-eslint/no-empty-function, func-names
|
|
8679
|
+
|
|
8680
|
+
const GeneratorProto = function* () {}.constructor.prototype.prototype;
|
|
8681
|
+
|
|
8682
|
+
const {
|
|
8683
|
+
next: GeneratorProtoNext,
|
|
8684
|
+
throw: GeneratorProtoThrow
|
|
8685
|
+
} = GeneratorProto;
|
|
7930
8686
|
const {
|
|
7931
8687
|
appendChild: NodeProtoAppendChild
|
|
7932
8688
|
} = Node.prototype;
|
|
7933
8689
|
const {
|
|
7934
8690
|
get: WeakMapProtoGet,
|
|
7935
8691
|
set: WeakMapProtoSet
|
|
7936
|
-
} = WeakMap.prototype;
|
|
8692
|
+
} = WeakMap.prototype; // Generate a UID for this sandbox run for <script> elements
|
|
8693
|
+
|
|
8694
|
+
const LOCKER_ID_DATA_NAME = 'data-locker-id';
|
|
8695
|
+
const LOCKER_ID_DATA_VALUE = `${crypto.getRandomValues(new Uint32Array(1))[0]}`;
|
|
7937
8696
|
const docRef = document;
|
|
7938
8697
|
const emptyArray = [];
|
|
7939
8698
|
const headRef = docRef.head;
|
|
@@ -7958,6 +8717,14 @@ function createSandbox(key, distortionFactory, endowments, instrumentation) {
|
|
|
7958
8717
|
return ReflectApply(EventTargetProtoAddEventListener, target, args);
|
|
7959
8718
|
}
|
|
7960
8719
|
|
|
8720
|
+
function GeneratorNext(gen, value) {
|
|
8721
|
+
return ReflectApply(GeneratorProtoNext, gen, [value]);
|
|
8722
|
+
}
|
|
8723
|
+
|
|
8724
|
+
function GeneratorThrow(gen, value) {
|
|
8725
|
+
return ReflectApply(GeneratorProtoThrow, gen, [value]);
|
|
8726
|
+
}
|
|
8727
|
+
|
|
7961
8728
|
function NodeAppendChild(node, childNode) {
|
|
7962
8729
|
return ReflectApply(NodeProtoAppendChild, node, [childNode]);
|
|
7963
8730
|
} // eslint-disable-next-line @typescript-eslint/no-shadow, no-shadow
|
|
@@ -7972,21 +8739,27 @@ function createSandbox(key, distortionFactory, endowments, instrumentation) {
|
|
|
7972
8739
|
function WeakMapSet(weakMap, // eslint-disable-next-line @typescript-eslint/no-shadow, no-shadow
|
|
7973
8740
|
key, value) {
|
|
7974
8741
|
return ReflectApply(WeakMapProtoSet, weakMap, [key, value]);
|
|
7975
|
-
} //
|
|
7976
|
-
//
|
|
7977
|
-
//
|
|
8742
|
+
} // This helper is used to wrap the bodies of async functions
|
|
8743
|
+
// that are transformed into generator functions. It's based
|
|
8744
|
+
// on @babel/helpers `helpers.asyncToGenerator()`:
|
|
8745
|
+
// https://github.com/babel/babel/blob/a967910/packages/babel-helpers/src/helpers.js#L255-L288
|
|
7978
8746
|
|
|
7979
8747
|
|
|
7980
|
-
|
|
8748
|
+
function asyncToGen(func, thisArg, args) {
|
|
8749
|
+
return new PromiseCtor((resolve, reject) => {
|
|
8750
|
+
const gen = ReflectApply(func, thisArg, args);
|
|
7981
8751
|
|
|
7982
|
-
|
|
7983
|
-
|
|
7984
|
-
|
|
7985
|
-
} = GeneratorProto;
|
|
8752
|
+
function next(value) {
|
|
8753
|
+
genStep(gen, resolve, reject, next, thrower, GeneratorNext, value);
|
|
8754
|
+
}
|
|
7986
8755
|
|
|
7987
|
-
|
|
8756
|
+
function thrower(error) {
|
|
8757
|
+
genStep(gen, resolve, reject, next, thrower, GeneratorThrow, error);
|
|
8758
|
+
}
|
|
7988
8759
|
|
|
7989
|
-
|
|
8760
|
+
next(undefined);
|
|
8761
|
+
});
|
|
8762
|
+
}
|
|
7990
8763
|
|
|
7991
8764
|
function genStep(gen, resolve, reject, next, thrower, GeneratorMethod, arg) {
|
|
7992
8765
|
let info;
|
|
@@ -8005,26 +8778,6 @@ function createSandbox(key, distortionFactory, endowments, instrumentation) {
|
|
|
8005
8778
|
} else {
|
|
8006
8779
|
PromiseResolve(value).then(next, thrower);
|
|
8007
8780
|
}
|
|
8008
|
-
} // This helper is used to wrap the bodies of async functions
|
|
8009
|
-
// that are transformed into generator functions. It's based
|
|
8010
|
-
// on @babel/helpers `helpers.asyncToGenerator()`:
|
|
8011
|
-
// https://github.com/babel/babel/blob/a967910/packages/babel-helpers/src/helpers.js#L255-L288
|
|
8012
|
-
|
|
8013
|
-
|
|
8014
|
-
function asyncToGen(func, thisArg, args) {
|
|
8015
|
-
return new PromiseCtor((resolve, reject) => {
|
|
8016
|
-
const gen = ReflectApply(func, thisArg, args);
|
|
8017
|
-
|
|
8018
|
-
function next(value) {
|
|
8019
|
-
genStep(gen, resolve, reject, next, thrower, GeneratorNext, value);
|
|
8020
|
-
}
|
|
8021
|
-
|
|
8022
|
-
function thrower(error) {
|
|
8023
|
-
genStep(gen, resolve, reject, next, thrower, GeneratorThrow, error);
|
|
8024
|
-
}
|
|
8025
|
-
|
|
8026
|
-
next(undefined);
|
|
8027
|
-
});
|
|
8028
8781
|
}
|
|
8029
8782
|
|
|
8030
8783
|
function namespace(object) {
|
|
@@ -8041,14 +8794,8 @@ function createSandbox(key, distortionFactory, endowments, instrumentation) {
|
|
|
8041
8794
|
const superProto = ReflectGetPrototypeOf(clazz.prototype);
|
|
8042
8795
|
const superMethod = superProto[methodName];
|
|
8043
8796
|
return ReflectApply(superMethod, thisArg, args);
|
|
8044
|
-
} //
|
|
8045
|
-
|
|
8046
|
-
|
|
8047
|
-
const dataLockerId = 'data-locker-id';
|
|
8797
|
+
} // loadPromise returns a promise to load the given element.
|
|
8048
8798
|
|
|
8049
|
-
const loadingError = url => `[Locker] resource loader error loading "${url}"`;
|
|
8050
|
-
|
|
8051
|
-
const lockerIdScript = `${crypto.getRandomValues(new Uint32Array(1))[0]}`; // loadPromise returns a promise to load the given element.
|
|
8052
8799
|
|
|
8053
8800
|
function loadPromise(element, url) {
|
|
8054
8801
|
const promise = new PromiseCtor((resolve, reject) => {
|
|
@@ -8057,7 +8804,7 @@ function createSandbox(key, distortionFactory, endowments, instrumentation) {
|
|
|
8057
8804
|
});
|
|
8058
8805
|
EventTargetAddEventListener(element, 'error', evt => {
|
|
8059
8806
|
EventStopPropagation(evt);
|
|
8060
|
-
reject(
|
|
8807
|
+
reject(`[Locker] resource loader error loading "${url}"`);
|
|
8061
8808
|
});
|
|
8062
8809
|
});
|
|
8063
8810
|
WeakMapSet(loadingPromises, element, promise);
|
|
@@ -8068,14 +8815,14 @@ function createSandbox(key, distortionFactory, endowments, instrumentation) {
|
|
|
8068
8815
|
|
|
8069
8816
|
|
|
8070
8817
|
function loadScript(_thisArg, url) {
|
|
8071
|
-
let script = ElementQuerySelector(headRef, `script[data-distorted-src='${url}'][${
|
|
8818
|
+
let script = ElementQuerySelector(headRef, `script[data-distorted-src='${url}'][${LOCKER_ID_DATA_NAME}='${LOCKER_ID_DATA_VALUE}']`);
|
|
8072
8819
|
|
|
8073
8820
|
if (script) {
|
|
8074
8821
|
return WeakMapGet(loadingPromises, script) || PromiseResolve();
|
|
8075
8822
|
}
|
|
8076
8823
|
|
|
8077
8824
|
script = DocumentCreateElement(docRef, 'script');
|
|
8078
|
-
ElementSetAttribute(script,
|
|
8825
|
+
ElementSetAttribute(script, LOCKER_ID_DATA_NAME, LOCKER_ID_DATA_VALUE);
|
|
8079
8826
|
script.type = 'text/javascript';
|
|
8080
8827
|
script.src = url;
|
|
8081
8828
|
return loadPromise(script, url);
|
|
@@ -8112,7 +8859,7 @@ function createSandbox(key, distortionFactory, endowments, instrumentation) {
|
|
|
8112
8859
|
} // @TODO: [Issue #373] Abstract common code in sandbox and distortion packages
|
|
8113
8860
|
|
|
8114
8861
|
|
|
8115
|
-
function evaluateInSandbox(key,
|
|
8862
|
+
function evaluateInSandbox(key, source, context, endowments, instrumentationService, verboseInstrumentation) {
|
|
8116
8863
|
const instrumentation = instrumentationService || defaultInstrumentation;
|
|
8117
8864
|
const {
|
|
8118
8865
|
startActivity
|
|
@@ -8121,23 +8868,22 @@ function evaluateInSandbox(key, sourceText, context, endowments, instrumentation
|
|
|
8121
8868
|
sandboxKey: key
|
|
8122
8869
|
};
|
|
8123
8870
|
const activityEvaluateInSandbox = startActivity('EvaluateInSandboxDuration', basicInstrumentationData);
|
|
8124
|
-
|
|
8125
|
-
if (typeof sourceText !== 'string') {
|
|
8126
|
-
sourceText = toModuleSource(sourceText);
|
|
8127
|
-
}
|
|
8128
|
-
|
|
8129
8871
|
let record = getSandbox(key);
|
|
8130
8872
|
|
|
8131
|
-
if (
|
|
8873
|
+
if (record === undefined) {
|
|
8132
8874
|
if (!isObjectLike(endowments)) {
|
|
8133
8875
|
endowments = undefined;
|
|
8134
8876
|
}
|
|
8135
8877
|
|
|
8136
8878
|
const config = ObjectCreate(null, {
|
|
8137
8879
|
instrumentation: {
|
|
8880
|
+
// @ts-ignore: TS doesn't like __proto__ on property descriptors.
|
|
8881
|
+
__proto__: null,
|
|
8138
8882
|
value: instrumentation
|
|
8139
8883
|
},
|
|
8140
8884
|
verboseInstrumentation: {
|
|
8885
|
+
// @ts-ignore: TS doesn't like __proto__ on property descriptors.
|
|
8886
|
+
__proto__: null,
|
|
8141
8887
|
value: verboseInstrumentation
|
|
8142
8888
|
}
|
|
8143
8889
|
});
|
|
@@ -8160,12 +8906,13 @@ function evaluateInSandbox(key, sourceText, context, endowments, instrumentation
|
|
|
8160
8906
|
setEvalContext(context);
|
|
8161
8907
|
setEvalHelpers(record.helpers);
|
|
8162
8908
|
let result;
|
|
8909
|
+
const moduleSource = toModuleSource(source);
|
|
8163
8910
|
const activityEvaluator = startActivity('externalEvaluatorDuration', basicInstrumentationData);
|
|
8164
8911
|
|
|
8165
8912
|
try {
|
|
8166
8913
|
// Protecting against errors during evaluation can guarantee
|
|
8167
8914
|
// the state of the EvalContext to avoid leaking context values
|
|
8168
|
-
result = record.env.evaluate(
|
|
8915
|
+
result = record.env.evaluate(moduleSource);
|
|
8169
8916
|
} catch (e) {
|
|
8170
8917
|
activityEvaluator.error({
|
|
8171
8918
|
sandboxKey: key,
|
|
@@ -8181,7 +8928,7 @@ function evaluateInSandbox(key, sourceText, context, endowments, instrumentation
|
|
|
8181
8928
|
activityEvaluateInSandbox.stop();
|
|
8182
8929
|
return result;
|
|
8183
8930
|
}
|
|
8184
|
-
/*! version: 0.14.
|
|
8931
|
+
/*! version: 0.14.26 */
|
|
8185
8932
|
|
|
8186
8933
|
const loaderDefine = globalThis.LWR.define;
|
|
8187
8934
|
/**
|