@schukai/monster 4.25.5 → 4.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,17 @@
|
|
|
2
2
|
|
|
3
3
|
|
|
4
4
|
|
|
5
|
+
## [4.26.0] - 2025-07-03
|
|
6
|
+
|
|
7
|
+
### Add Features
|
|
8
|
+
|
|
9
|
+
- Improve random UUID generation check [#330](https://gitlab.schukai.com/oss/libraries/javascript/monster/issues/330)
|
|
10
|
+
### Bug Fixes
|
|
11
|
+
|
|
12
|
+
- Add HTML escaping for message headers to prevent XSS
|
|
13
|
+
|
|
14
|
+
|
|
15
|
+
|
|
5
16
|
## [4.25.5] - 2025-07-03
|
|
6
17
|
|
|
7
18
|
### Bug Fixes
|
package/package.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"author":"schukai GmbH","dependencies":{"@floating-ui/dom":"^1.7.2","@popperjs/core":"^2.11.8"},"description":"Monster is a simple library for creating fast, robust and lightweight websites.","homepage":"https://monsterjs.org/","keywords":["framework","web","dom","css","sass","mobile-first","app","front-end","templates","schukai","core","shopcloud","alvine","monster","buildmap","stack","observer","observable","uuid","node","nodelist","css-in-js","logger","log","theme"],"license":"AGPL 3.0","main":"source/monster.mjs","module":"source/monster.mjs","name":"@schukai/monster","repository":{"type":"git","url":"https://gitlab.schukai.com/oss/libraries/javascript/monster.git"},"type":"module","version":"4.
|
|
1
|
+
{"author":"schukai GmbH","dependencies":{"@floating-ui/dom":"^1.7.2","@popperjs/core":"^2.11.8"},"description":"Monster is a simple library for creating fast, robust and lightweight websites.","homepage":"https://monsterjs.org/","keywords":["framework","web","dom","css","sass","mobile-first","app","front-end","templates","schukai","core","shopcloud","alvine","monster","buildmap","stack","observer","observable","uuid","node","nodelist","css-in-js","logger","log","theme"],"license":"AGPL 3.0","main":"source/monster.mjs","module":"source/monster.mjs","name":"@schukai/monster","repository":{"type":"git","url":"https://gitlab.schukai.com/oss/libraries/javascript/monster.git"},"type":"module","version":"4.26.0"}
|
|
@@ -193,6 +193,15 @@ class MessageContent extends CustomElement {
|
|
|
193
193
|
this.setOption("message.subject", message?.subject || null);
|
|
194
194
|
this.setOption("message.messageID", message?.messageID || null);
|
|
195
195
|
|
|
196
|
+
function escapeHTML(str) {
|
|
197
|
+
return str
|
|
198
|
+
.replace(/&/g, "&")
|
|
199
|
+
.replace(/</g, "<")
|
|
200
|
+
.replace(/>/g, ">")
|
|
201
|
+
.replace(/"/g, """)
|
|
202
|
+
.replace(/'/g, "'");
|
|
203
|
+
}
|
|
204
|
+
|
|
196
205
|
const headers = [];
|
|
197
206
|
for (const [key, value] of Object.entries(message?.headers || {})) {
|
|
198
207
|
if (key && value) {
|
|
@@ -200,7 +209,8 @@ class MessageContent extends CustomElement {
|
|
|
200
209
|
if (isArray(valueString)) {
|
|
201
210
|
valueString = "<ul>";
|
|
202
211
|
for (const item of value) {
|
|
203
|
-
|
|
212
|
+
const escapedItem = escapeHTML(item);
|
|
213
|
+
valueString += `<li>${escapedItem}</li>`;
|
|
204
214
|
}
|
|
205
215
|
valueString += "</ul>";
|
|
206
216
|
}
|
package/source/types/uuid.mjs
CHANGED
|
@@ -78,6 +78,6 @@ function createWithRandom() {
|
|
|
78
78
|
function createWithCrypto() {
|
|
79
79
|
const crypt = getGlobalObject("crypto");
|
|
80
80
|
if (!isObject(crypt)) return;
|
|
81
|
-
if (typeof crypt?.["randomUUID"]) return;
|
|
81
|
+
if (typeof crypt?.["randomUUID"] !== "function") return;
|
|
82
82
|
return crypt.randomUUID();
|
|
83
83
|
}
|