npm - @saltcorn/markup - Versions diffs - 1.6.0-rc.3 → 1.6.0-rc.4 - Mend

@saltcorn/markup 1.6.0-rc.3 → 1.6.0-rc.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/mktag.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"mktag.d.ts","sourceRoot":"","sources":["../mktag.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAGV,OAAO,EACP,UAAU,EAEX,MAAM,SAAS,CAAC;~~AAsEjB~~;;;;GAIG;AACH,QAAA,MAAM,KAAK,GACR,KAAK,MAAM,EAAE,UAAU,OAAO,MAE7B,4BAA4B,UAAU,GAAG,OAAO,EAChD,GAAG,UAAU,OAAO,EAAE,KACrB,MA8BF,CAAC;AAEJ,SAAS,KAAK,CAAC"}
1	+ {"version":3,"file":"mktag.d.ts","sourceRoot":"","sources":["../mktag.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAGV,OAAO,EACP,UAAU,EAEX,MAAM,SAAS,CAAC;AAqFjB;;;;GAIG;AACH,QAAA,MAAM,KAAK,GACR,KAAK,MAAM,EAAE,UAAU,OAAO,MAE7B,4BAA4B,UAAU,GAAG,OAAO,EAChD,GAAG,UAAU,OAAO,EAAE,KACrB,MA8BF,CAAC;AAEJ,SAAS,KAAK,CAAC"}

package/dist/mktag.js CHANGED Viewed

@@ -36,6 +36,16 @@ const ppStyle = (cs) => {
                     : "";
     return clss ? `style="${clss}"` : "";
 };
+/**
+ * Escape a value for use inside a double-quoted HTML attribute. Escapes the
+ * quote (to prevent breaking out of the attribute) as well as angle brackets
+ * (so attacker-controlled markup cannot be injected raw). & is intentionally
+ * left alone: upstream callers already emit entities (e.g. &quot;, &lt;), and
+ * escaping & here would double-encode them.
+ * @param {string} s
+ * @returns {string}
+ */
+const escAttrVal = (s) => s.replaceAll('"', "&quot;").replaceAll("<", "&lt;").replaceAll(">", "&gt;");
 /**
  * @param {object[]} opts
  * @param {string} opts.k
@@ -53,8 +63,11 @@ const ppAttrib = ([k, v]) => typeof v === "boolean"
             : k === "style"
                 ? ppStyle(v)
                 : typeof v === "string"
-                    ? `${k}="${v.replaceAll('"', "&quot;")}"`
-                    : `${k}="${v}"`;
+                    ? `${k}="${escAttrVal(v)}"`
+                    : // non-string values (e.g. arrays/numbers) are stringified into
+                        // the attribute; escape so a value such as an array of JSON
+                        // literals cannot break out of the attribute context.
+                        `${k}="${escAttrVal(String(v))}"`;
 /**
  * @param {string} tnm
  * @param {boolean} voidTag

package/dist/mktag.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"mktag.js","sourceRoot":"","sources":["../mktag.ts"],"names":[],"mappings":";AAQA;;;GAGG;AAEH,sCAAsC;AACtC;;;GAGG;AACH,MAAM,cAAc,GAAG,CAAC,GAAW,EAAU,EAAE,CAC7C,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAEhE;;;GAGG;AACH,MAAM,OAAO,GAAG,CAAC,EAAY,EAAU,EAAE;IACvC,MAAM,IAAI,GACR,OAAO,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACzE,OAAO,IAAI,CAAC,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;AACvC,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,GAAG,CAAC,EAAY,EAAU,EAAE;IACvC,MAAM,IAAI,GACR,OAAO,EAAE,KAAK,QAAQ;QACpB,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,CAAC,EAAE;YACH,CAAC,CAAC,EAAE;YACJ,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjB,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;gBAC/B,CAAC,CAAC,OAAO,EAAE,KAAK,QAAQ;oBACtB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;yBACf,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;yBAChC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;yBAC5C,IAAI,CAAC,GAAG,CAAC;oBACd,CAAC,CAAC,EAAE,CAAC;IACf,OAAO,IAAI,CAAC,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;AACvC,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAGtB,EAAU,EAAE,CACX,OAAO,CAAC,KAAK,SAAS;IACpB,CAAC,CAAC,CAAC;QACD,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,EAAE;IACN,CAAC,CAAC,OAAO,CAAC,KAAK,WAAW;QACxB,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,CAAC,KAAK,OAAO;YACb,CAAC,CAAC,OAAO,CAAC,CAAa,CAAC;YACxB,CAAC,CAAC,CAAC,KAAK,OAAO;gBACb,CAAC,CAAC,OAAO,CAAC,CAAa,CAAC;gBACxB,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ;oBACrB,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,~~UAAU,~~CAAC,GAAG,~~EAAE~~,~~QAAQ,~~CAAC,~~GAAG~~;~~oBACzC~~,CAAC,CAAC,~~GAAG~~,CAAC,~~KAAK~~,CAAC,GAAG,CAAC;~~AAE5B~~;;;;GAIG;AACH,MAAM,KAAK,GACT,CAAC,GAAW,EAAE,OAAiB,EAAE,EAAE,CACnC,CACE,yBAAgD,EAChD,GAAG,QAAmB,EACd,EAAE;IACV,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,IAAI,OAAO,GAAG,GAAG,CAAC;IAElB,MAAM,OAAO,GAAG,CAAC,GAAY,EAAE,EAAE;QAC/B,IAAI,OAAO,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;YAChE,YAAY;QACd,CAAC;aAAM,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACnC,IAAI,IAAI,GAAG,CAAC;QACd,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;;YAAM,IAAI,IAAI,GAAG,CAAC;IACrB,CAAC,CAAC;IACF,IACE,OAAO,yBAAyB,KAAK,QAAQ;QAC7C,CAAC,KAAK,CAAC,OAAO,CAAC,yBAAyB,CAAC;QACzC,yBAAyB,KAAK,IAAI,EAClC,CAAC;QACD,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,yBAAuC,CAAC;aAC/D,GAAG,CAAC,QAAQ,CAAC;aACb,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;aAChB,IAAI,CAAC,GAAG,CAAC,CAAC;QACb,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5B,CAAC;SAAM,CAAC;QACN,CAAC,yBAAyB,EAAE,GAAG,QAAQ,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,OAAO,KAAK,GAAG;QAAE,OAAO,GAAG,EAAE,CAAC;IAClC,OAAO,OAAO;QACZ,CAAC,CAAC,IAAI,GAAG,GAAG,OAAO,GAAG;QACtB,CAAC,CAAC,IAAI,GAAG,GAAG,OAAO,IAAI,IAAI,KAAK,GAAG,GAAG,CAAC;AAC3C,CAAC,CAAC;AAEJ,iBAAS,KAAK,CAAC"}
1	+ {"version":3,"file":"mktag.js","sourceRoot":"","sources":["../mktag.ts"],"names":[],"mappings":";AAQA;;;GAGG;AAEH,sCAAsC;AACtC;;;GAGG;AACH,MAAM,cAAc,GAAG,CAAC,GAAW,EAAU,EAAE,CAC7C,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAEhE;;;GAGG;AACH,MAAM,OAAO,GAAG,CAAC,EAAY,EAAU,EAAE;IACvC,MAAM,IAAI,GACR,OAAO,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACzE,OAAO,IAAI,CAAC,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;AACvC,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,GAAG,CAAC,EAAY,EAAU,EAAE;IACvC,MAAM,IAAI,GACR,OAAO,EAAE,KAAK,QAAQ;QACpB,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,CAAC,EAAE;YACH,CAAC,CAAC,EAAE;YACJ,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjB,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;gBAC/B,CAAC,CAAC,OAAO,EAAE,KAAK,QAAQ;oBACtB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;yBACf,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;yBAChC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;yBAC5C,IAAI,CAAC,GAAG,CAAC;oBACd,CAAC,CAAC,EAAE,CAAC;IACf,OAAO,IAAI,CAAC,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;AACvC,CAAC,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,UAAU,GAAG,CAAC,CAAS,EAAU,EAAE,CACvC,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AAE9E;;;;;GAKG;AACH,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAGtB,EAAU,EAAE,CACX,OAAO,CAAC,KAAK,SAAS;IACpB,CAAC,CAAC,CAAC;QACD,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,EAAE;IACN,CAAC,CAAC,OAAO,CAAC,KAAK,WAAW;QACxB,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,CAAC,KAAK,OAAO;YACb,CAAC,CAAC,OAAO,CAAC,CAAa,CAAC;YACxB,CAAC,CAAC,CAAC,KAAK,OAAO;gBACb,CAAC,CAAC,OAAO,CAAC,CAAa,CAAC;gBACxB,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ;oBACrB,CAAC,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG;oBAC3B,CAAC,CAAC,+DAA+D;wBAC/D,4DAA4D;wBAC5D,sDAAsD;wBACtD,GAAG,CAAC,KAAK,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;AAEhD;;;;GAIG;AACH,MAAM,KAAK,GACT,CAAC,GAAW,EAAE,OAAiB,EAAE,EAAE,CACnC,CACE,yBAAgD,EAChD,GAAG,QAAmB,EACd,EAAE;IACV,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,IAAI,OAAO,GAAG,GAAG,CAAC;IAElB,MAAM,OAAO,GAAG,CAAC,GAAY,EAAE,EAAE;QAC/B,IAAI,OAAO,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;YAChE,YAAY;QACd,CAAC;aAAM,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACnC,IAAI,IAAI,GAAG,CAAC;QACd,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;;YAAM,IAAI,IAAI,GAAG,CAAC;IACrB,CAAC,CAAC;IACF,IACE,OAAO,yBAAyB,KAAK,QAAQ;QAC7C,CAAC,KAAK,CAAC,OAAO,CAAC,yBAAyB,CAAC;QACzC,yBAAyB,KAAK,IAAI,EAClC,CAAC;QACD,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,yBAAuC,CAAC;aAC/D,GAAG,CAAC,QAAQ,CAAC;aACb,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;aAChB,IAAI,CAAC,GAAG,CAAC,CAAC;QACb,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5B,CAAC;SAAM,CAAC;QACN,CAAC,yBAAyB,EAAE,GAAG,QAAQ,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,OAAO,KAAK,GAAG;QAAE,OAAO,GAAG,EAAE,CAAC;IAClC,OAAO,OAAO;QACZ,CAAC,CAAC,IAAI,GAAG,GAAG,OAAO,GAAG;QACtB,CAAC,CAAC,IAAI,GAAG,GAAG,OAAO,IAAI,IAAI,KAAK,GAAG,GAAG,CAAC;AAC3C,CAAC,CAAC;AAEJ,iBAAS,KAAK,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@saltcorn/markup",
-  "version": "1.6.0-rc.3",
+  "version": "1.6.0-rc.4",
   "description": "Markup for Saltcorn, open-source no-code platform",
   "homepage": "https://saltcorn.com",
   "main": "./dist/index.js",
@@ -35,7 +35,7 @@
   },
   "repository": "github:saltcorn/saltcorn",
   "devDependencies": {
-    "@saltcorn/types": "1.6.0-rc.3",
+    "@saltcorn/types": "1.6.0-rc.4",
     "@types/escape-html": "^1.0.4",
     "@types/estree": "^1.0.8",
     "@types/jest": "29.5.14",