@next-core/cook 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/cjs/sanitize.js +1 -1
  2. package/dist/cjs/sanitize.js.map +1 -1
  3. package/dist/esm/sanitize.js +1 -1
  4. package/dist/esm/sanitize.js.map +1 -1
  5. package/package.json +6 -6
package/dist/cjs/sanitize.js CHANGED
@@ -48,7 +48,7 @@ function sanitize(cooked) {
48
48
  throw new TypeError("Cannot access reserved objects such as `Function`.");
49
49
  }
50
50
  }
51
- const allowedConstructors = new WeakSet([Array, Map, Set, URLSearchParams, WeakMap, WeakSet]);
51
+ const allowedConstructors = new WeakSet([Array, Map, Set, URLSearchParams, WeakMap, WeakSet, RegExp]);
52
52
  function isAllowedConstructor(constructor) {
53
53
  // `Date` maybe mocked when running tests for storyboard functions.
54
54
  return allowedConstructors.has(constructor) || constructor === Date;
package/dist/cjs/sanitize.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sanitize.js","names":["getGlobal","self","window","global","Error","reservedObjects","WeakSet","Function","Object","prototype","sanitize","cooked","has","TypeError","allowedConstructors","Array","Map","Set","URLSearchParams","WeakMap","isAllowedConstructor","constructor","Date"],"sources":["../../src/sanitize.ts"],"sourcesContent":["// Ref https://github.com/tc39/proposal-global\n// In addition, the es6-shim had to switch from Function('return this')()\n// due to CSP concerns, such that the current check to handle browsers,\n// node, web workers, and frames is:\n// istanbul ignore next\n// eslint-disable-next-line @typescript-eslint/ban-types\nfunction getGlobal(): object {\n // the only reliable means to get the global object is\n // `Function('return this')()`\n // However, this causes CSP violations in Chrome apps.\n if (typeof self !== \"undefined\") {\n return self;\n }\n if (typeof window !== \"undefined\") {\n return window;\n }\n if (typeof global !== \"undefined\") {\n return global;\n }\n throw new Error(\"unable to locate global object\");\n}\n\n/**\n * There are chances to construct a `Function` from a string, etc.\n * ```\n * ((a,b)=>a[b])(()=>1, 'constructor')('console.log(`yo`)')()\n * ```\n */\nconst reservedObjects = new WeakSet([\n // `Function(\"...\")` is considered *extremely vulnerable*.\n Function,\n // `Object.assign()` is considered vulnerable.\n Object,\n // `prototype` is considered vulnerable.\n Function.prototype,\n Object.prototype,\n // Global `window` is considered vulnerable, too.\n getGlobal(),\n]);\n\nexport function sanitize(cooked: unknown): void {\n // eslint-disable-next-line @typescript-eslint/ban-types\n if (reservedObjects.has(cooked as object)) {\n throw new TypeError(\"Cannot access reserved objects such as `Function`.\");\n }\n}\n\nconst allowedConstructors = new WeakSet([\n Array,\n Map,\n Set,\n URLSearchParams,\n WeakMap,\n WeakSet,\n]);\n\nexport function isAllowedConstructor(constructor: unknown): boolean {\n // `Date` maybe mocked when running tests for storyboard functions.\n return (\n allowedConstructors.has(constructor as ArrayConstructor) ||\n constructor === Date\n );\n}\n"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,SAASA,CAAA,EAAW;EAC3B;EACA;EACA;EACA,IAAI,OAAOC,IAAI,KAAK,WAAW,EAAE;IAC/B,OAAOA,IAAI;EACb;EACA,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE;IACjC,OAAOA,MAAM;EACf;EACA,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE;IACjC,OAAOA,MAAM;EACf;EACA,MAAM,IAAIC,KAAK,CAAC,gCAAgC,CAAC;AACnD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,eAAe,GAAG,IAAIC,OAAO,CAAC;AAClC;AACAC,QAAQ;AACR;AACAC,MAAM;AACN;AACAD,QAAQ,CAACE,SAAS,EAClBD,MAAM,CAACC,SAAS;AAChB;AACAT,SAAS,EAAE,CACZ,CAAC;AAEK,SAASU,QAAQA,CAACC,MAAe,EAAQ;EAC9C;EACA,IAAIN,eAAe,CAACO,GAAG,CAACD,MAAM,CAAW,EAAE;IACzC,MAAM,IAAIE,SAAS,CAAC,oDAAoD,CAAC;EAC3E;AACF;AAEA,MAAMC,mBAAmB,GAAG,IAAIR,OAAO,CAAC,CACtCS,KAAK,EACLC,GAAG,EACHC,GAAG,EACHC,eAAe,EACfC,OAAO,EACPb,OAAO,CACR,CAAC;AAEK,SAASc,oBAAoBA,CAACC,WAAoB,EAAW;EAClE;EACA,OACEP,mBAAmB,CAACF,GAAG,CAACS,WAAW,CAAqB,IACxDA,WAAW,KAAKC,IAAI;AAExB"}
1
+ {"version":3,"file":"sanitize.js","names":["getGlobal","self","window","global","Error","reservedObjects","WeakSet","Function","Object","prototype","sanitize","cooked","has","TypeError","allowedConstructors","Array","Map","Set","URLSearchParams","WeakMap","RegExp","isAllowedConstructor","constructor","Date"],"sources":["../../src/sanitize.ts"],"sourcesContent":["// Ref https://github.com/tc39/proposal-global\n// In addition, the es6-shim had to switch from Function('return this')()\n// due to CSP concerns, such that the current check to handle browsers,\n// node, web workers, and frames is:\n// istanbul ignore next\n// eslint-disable-next-line @typescript-eslint/ban-types\nfunction getGlobal(): object {\n // the only reliable means to get the global object is\n // `Function('return this')()`\n // However, this causes CSP violations in Chrome apps.\n if (typeof self !== \"undefined\") {\n return self;\n }\n if (typeof window !== \"undefined\") {\n return window;\n }\n if (typeof global !== \"undefined\") {\n return global;\n }\n throw new Error(\"unable to locate global object\");\n}\n\n/**\n * There are chances to construct a `Function` from a string, etc.\n * ```\n * ((a,b)=>a[b])(()=>1, 'constructor')('console.log(`yo`)')()\n * ```\n */\nconst reservedObjects = new WeakSet([\n // `Function(\"...\")` is considered *extremely vulnerable*.\n Function,\n // `Object.assign()` is considered vulnerable.\n Object,\n // `prototype` is considered vulnerable.\n Function.prototype,\n Object.prototype,\n // Global `window` is considered vulnerable, too.\n getGlobal(),\n]);\n\nexport function sanitize(cooked: unknown): void {\n // eslint-disable-next-line @typescript-eslint/ban-types\n if (reservedObjects.has(cooked as object)) {\n throw new TypeError(\"Cannot access reserved objects such as `Function`.\");\n }\n}\n\nconst allowedConstructors = new WeakSet([\n Array,\n Map,\n Set,\n URLSearchParams,\n WeakMap,\n WeakSet,\n RegExp,\n]);\n\nexport function isAllowedConstructor(constructor: unknown): boolean {\n // `Date` maybe mocked when running tests for storyboard functions.\n return (\n allowedConstructors.has(constructor as ArrayConstructor) ||\n constructor === Date\n );\n}\n"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,SAASA,CAAA,EAAW;EAC3B;EACA;EACA;EACA,IAAI,OAAOC,IAAI,KAAK,WAAW,EAAE;IAC/B,OAAOA,IAAI;EACb;EACA,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE;IACjC,OAAOA,MAAM;EACf;EACA,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE;IACjC,OAAOA,MAAM;EACf;EACA,MAAM,IAAIC,KAAK,CAAC,gCAAgC,CAAC;AACnD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,eAAe,GAAG,IAAIC,OAAO,CAAC;AAClC;AACAC,QAAQ;AACR;AACAC,MAAM;AACN;AACAD,QAAQ,CAACE,SAAS,EAClBD,MAAM,CAACC,SAAS;AAChB;AACAT,SAAS,EAAE,CACZ,CAAC;AAEK,SAASU,QAAQA,CAACC,MAAe,EAAQ;EAC9C;EACA,IAAIN,eAAe,CAACO,GAAG,CAACD,MAAM,CAAW,EAAE;IACzC,MAAM,IAAIE,SAAS,CAAC,oDAAoD,CAAC;EAC3E;AACF;AAEA,MAAMC,mBAAmB,GAAG,IAAIR,OAAO,CAAC,CACtCS,KAAK,EACLC,GAAG,EACHC,GAAG,EACHC,eAAe,EACfC,OAAO,EACPb,OAAO,EACPc,MAAM,CACP,CAAC;AAEK,SAASC,oBAAoBA,CAACC,WAAoB,EAAW;EAClE;EACA,OACER,mBAAmB,CAACF,GAAG,CAACU,WAAW,CAAqB,IACxDA,WAAW,KAAKC,IAAI;AAExB"}
package/dist/esm/sanitize.js CHANGED
@@ -41,7 +41,7 @@ export function sanitize(cooked) {
41
41
  throw new TypeError("Cannot access reserved objects such as `Function`.");
42
42
  }
43
43
  }
44
- var allowedConstructors = new WeakSet([Array, Map, Set, URLSearchParams, WeakMap, WeakSet]);
44
+ var allowedConstructors = new WeakSet([Array, Map, Set, URLSearchParams, WeakMap, WeakSet, RegExp]);
45
45
  export function isAllowedConstructor(constructor) {
46
46
  // `Date` maybe mocked when running tests for storyboard functions.
47
47
  return allowedConstructors.has(constructor) || constructor === Date;
package/dist/esm/sanitize.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sanitize.js","names":["getGlobal","self","window","global","Error","reservedObjects","WeakSet","Function","Object","prototype","sanitize","cooked","has","TypeError","allowedConstructors","Array","Map","Set","URLSearchParams","WeakMap","isAllowedConstructor","constructor","Date"],"sources":["../../src/sanitize.ts"],"sourcesContent":["// Ref https://github.com/tc39/proposal-global\n// In addition, the es6-shim had to switch from Function('return this')()\n// due to CSP concerns, such that the current check to handle browsers,\n// node, web workers, and frames is:\n// istanbul ignore next\n// eslint-disable-next-line @typescript-eslint/ban-types\nfunction getGlobal(): object {\n // the only reliable means to get the global object is\n // `Function('return this')()`\n // However, this causes CSP violations in Chrome apps.\n if (typeof self !== \"undefined\") {\n return self;\n }\n if (typeof window !== \"undefined\") {\n return window;\n }\n if (typeof global !== \"undefined\") {\n return global;\n }\n throw new Error(\"unable to locate global object\");\n}\n\n/**\n * There are chances to construct a `Function` from a string, etc.\n * ```\n * ((a,b)=>a[b])(()=>1, 'constructor')('console.log(`yo`)')()\n * ```\n */\nconst reservedObjects = new WeakSet([\n // `Function(\"...\")` is considered *extremely vulnerable*.\n Function,\n // `Object.assign()` is considered vulnerable.\n Object,\n // `prototype` is considered vulnerable.\n Function.prototype,\n Object.prototype,\n // Global `window` is considered vulnerable, too.\n getGlobal(),\n]);\n\nexport function sanitize(cooked: unknown): void {\n // eslint-disable-next-line @typescript-eslint/ban-types\n if (reservedObjects.has(cooked as object)) {\n throw new TypeError(\"Cannot access reserved objects such as `Function`.\");\n }\n}\n\nconst allowedConstructors = new WeakSet([\n Array,\n Map,\n Set,\n URLSearchParams,\n WeakMap,\n WeakSet,\n]);\n\nexport function isAllowedConstructor(constructor: unknown): boolean {\n // `Date` maybe mocked when running tests for storyboard functions.\n return (\n allowedConstructors.has(constructor as ArrayConstructor) ||\n constructor === Date\n );\n}\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,SAASA,CAAA,EAAW;EAC3B;EACA;EACA;EACA,IAAI,OAAOC,IAAI,KAAK,WAAW,EAAE;IAC/B,OAAOA,IAAI;EACb;EACA,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE;IACjC,OAAOA,MAAM;EACf;EACA,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE;IACjC,OAAOA,MAAM;EACf;EACA,MAAM,IAAIC,KAAK,CAAC,gCAAgC,CAAC;AACnD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,eAAe,GAAG,IAAIC,OAAO,CAAC;AAClC;AACAC,QAAQ;AACR;AACAC,MAAM;AACN;AACAD,QAAQ,CAACE,SAAS,EAClBD,MAAM,CAACC,SAAS;AAChB;AACAT,SAAS,EAAE,CACZ,CAAC;AAEF,OAAO,SAASU,QAAQA,CAACC,MAAe,EAAQ;EAC9C;EACA,IAAIN,eAAe,CAACO,GAAG,CAACD,MAAM,CAAW,EAAE;IACzC,MAAM,IAAIE,SAAS,CAAC,oDAAoD,CAAC;EAC3E;AACF;AAEA,IAAMC,mBAAmB,GAAG,IAAIR,OAAO,CAAC,CACtCS,KAAK,EACLC,GAAG,EACHC,GAAG,EACHC,eAAe,EACfC,OAAO,EACPb,OAAO,CACR,CAAC;AAEF,OAAO,SAASc,oBAAoBA,CAACC,WAAoB,EAAW;EAClE;EACA,OACEP,mBAAmB,CAACF,GAAG,CAACS,WAAW,CAAqB,IACxDA,WAAW,KAAKC,IAAI;AAExB"}
1
+ {"version":3,"file":"sanitize.js","names":["getGlobal","self","window","global","Error","reservedObjects","WeakSet","Function","Object","prototype","sanitize","cooked","has","TypeError","allowedConstructors","Array","Map","Set","URLSearchParams","WeakMap","RegExp","isAllowedConstructor","constructor","Date"],"sources":["../../src/sanitize.ts"],"sourcesContent":["// Ref https://github.com/tc39/proposal-global\n// In addition, the es6-shim had to switch from Function('return this')()\n// due to CSP concerns, such that the current check to handle browsers,\n// node, web workers, and frames is:\n// istanbul ignore next\n// eslint-disable-next-line @typescript-eslint/ban-types\nfunction getGlobal(): object {\n // the only reliable means to get the global object is\n // `Function('return this')()`\n // However, this causes CSP violations in Chrome apps.\n if (typeof self !== \"undefined\") {\n return self;\n }\n if (typeof window !== \"undefined\") {\n return window;\n }\n if (typeof global !== \"undefined\") {\n return global;\n }\n throw new Error(\"unable to locate global object\");\n}\n\n/**\n * There are chances to construct a `Function` from a string, etc.\n * ```\n * ((a,b)=>a[b])(()=>1, 'constructor')('console.log(`yo`)')()\n * ```\n */\nconst reservedObjects = new WeakSet([\n // `Function(\"...\")` is considered *extremely vulnerable*.\n Function,\n // `Object.assign()` is considered vulnerable.\n Object,\n // `prototype` is considered vulnerable.\n Function.prototype,\n Object.prototype,\n // Global `window` is considered vulnerable, too.\n getGlobal(),\n]);\n\nexport function sanitize(cooked: unknown): void {\n // eslint-disable-next-line @typescript-eslint/ban-types\n if (reservedObjects.has(cooked as object)) {\n throw new TypeError(\"Cannot access reserved objects such as `Function`.\");\n }\n}\n\nconst allowedConstructors = new WeakSet([\n Array,\n Map,\n Set,\n URLSearchParams,\n WeakMap,\n WeakSet,\n RegExp,\n]);\n\nexport function isAllowedConstructor(constructor: unknown): boolean {\n // `Date` maybe mocked when running tests for storyboard functions.\n return (\n allowedConstructors.has(constructor as ArrayConstructor) ||\n constructor === Date\n );\n}\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,SAASA,CAAA,EAAW;EAC3B;EACA;EACA;EACA,IAAI,OAAOC,IAAI,KAAK,WAAW,EAAE;IAC/B,OAAOA,IAAI;EACb;EACA,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE;IACjC,OAAOA,MAAM;EACf;EACA,IAAI,OAAOC,MAAM,KAAK,WAAW,EAAE;IACjC,OAAOA,MAAM;EACf;EACA,MAAM,IAAIC,KAAK,CAAC,gCAAgC,CAAC;AACnD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,eAAe,GAAG,IAAIC,OAAO,CAAC;AAClC;AACAC,QAAQ;AACR;AACAC,MAAM;AACN;AACAD,QAAQ,CAACE,SAAS,EAClBD,MAAM,CAACC,SAAS;AAChB;AACAT,SAAS,EAAE,CACZ,CAAC;AAEF,OAAO,SAASU,QAAQA,CAACC,MAAe,EAAQ;EAC9C;EACA,IAAIN,eAAe,CAACO,GAAG,CAACD,MAAM,CAAW,EAAE;IACzC,MAAM,IAAIE,SAAS,CAAC,oDAAoD,CAAC;EAC3E;AACF;AAEA,IAAMC,mBAAmB,GAAG,IAAIR,OAAO,CAAC,CACtCS,KAAK,EACLC,GAAG,EACHC,GAAG,EACHC,eAAe,EACfC,OAAO,EACPb,OAAO,EACPc,MAAM,CACP,CAAC;AAEF,OAAO,SAASC,oBAAoBA,CAACC,WAAoB,EAAW;EAClE;EACA,OACER,mBAAmB,CAACF,GAAG,CAACU,WAAW,CAAqB,IACxDA,WAAW,KAAKC,IAAI;AAExB"}
package/package.json CHANGED
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "name": "@next-core/cook",
3
- "version": "2.1.0",
3
+ "version": "2.2.0",
4
4
  "description": "Cook expressions and storyboard functions",
5
- "homepage": "https://github.com/easyops-cn/next-core/tree/master/packages/cook",
5
+ "homepage": "https://github.com/easyops-cn/next-core/tree/v3/packages/cook",
6
6
  "license": "GPL-3.0",
7
7
  "repository": {
8
8
  "type": "git",
@@ -51,10 +51,10 @@
51
51
  "@babel/parser": "^7.21.4"
52
52
  },
53
53
  "devDependencies": {
54
- "@next-core/build-next-libs": "^1.0.3",
55
- "@next-core/supply": "^2.0.4",
56
- "@next-core/test-next": "^1.0.4",
54
+ "@next-core/build-next-libs": "^1.0.4",
55
+ "@next-core/supply": "^2.1.0",
56
+ "@next-core/test-next": "^1.0.5",
57
57
  "lodash": "^4.17.21"
58
58
  },
59
- "gitHead": "125aede7b3cf5fdbb8040326dea72a25cdabc3aa"
59
+ "gitHead": "c3a0f41ea9aae7792dc714b10648381a9ea2d44a"
60
60
  }