securemark 0.231.0 → 0.231.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/CHANGELOG.md +5 -0
  2. package/dist/securemark.js +75 -53
  3. package/gulpfile.js +21 -1
  4. package/package-lock.json +919 -190
  5. package/package.json +9 -7
  6. package/src/debug.test.ts +1 -0
  7. package/src/parser/api/header.ts +1 -1
  8. package/src/parser/inline/bracket.ts +1 -4
  9. package/src/parser/inline/comment.test.ts +2 -0
  10. package/src/parser/inline/comment.ts +2 -2
  11. package/src/parser/inline/html.ts +1 -1
  12. package/src/parser/inline/link.ts +1 -1
  13. package/src/parser/inline/ruby.ts +2 -2
  14. package/src/parser/util.ts +2 -2
  15. package/src/renderer/render/media/youtube.ts +4 -4
package/CHANGELOG.md CHANGED
@@ -1,5 +1,10 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.231.1
4
+
5
+ - Fix comment syntax.
6
+ - Fix ReDoS.
7
+
3
8
  ## 0.231.0
4
9
 
5
10
  - Refine hashtag syntax.
package/dist/securemark.js CHANGED
@@ -1,4 +1,4 @@
1
- /*! securemark v0.231.0 https://github.com/falsandtru/securemark | (c) 2017, falsandtru | UNLICENSED */
1
+ /*! securemark v0.231.1 https://github.com/falsandtru/securemark | (c) 2017, falsandtru | UNLICENSED */
2
2
  require = function () {
3
3
  function r(e, n, t) {
4
4
  function o(i, f) {
@@ -896,12 +896,16 @@ require = function () {
896
896
  var __createBinding = this && this.__createBinding || (Object.create ? function (o, m, k, k2) {
897
897
  if (k2 === undefined)
898
898
  k2 = k;
899
- Object.defineProperty(o, k2, {
900
- enumerable: true,
901
- get: function () {
902
- return m[k];
903
- }
904
- });
899
+ var desc = Object.getOwnPropertyDescriptor(m, k);
900
+ if (!desc || ('get' in desc ? !m.__esModule : desc.writable || desc.configurable)) {
901
+ desc = {
902
+ enumerable: true,
903
+ get: function () {
904
+ return m[k];
905
+ }
906
+ };
907
+ }
908
+ Object.defineProperty(o, k2, desc);
905
909
  } : function (o, m, k, k2) {
906
910
  if (k2 === undefined)
907
911
  k2 = k;
@@ -1147,12 +1151,16 @@ require = function () {
1147
1151
  var __createBinding = this && this.__createBinding || (Object.create ? function (o, m, k, k2) {
1148
1152
  if (k2 === undefined)
1149
1153
  k2 = k;
1150
- Object.defineProperty(o, k2, {
1151
- enumerable: true,
1152
- get: function () {
1153
- return m[k];
1154
- }
1155
- });
1154
+ var desc = Object.getOwnPropertyDescriptor(m, k);
1155
+ if (!desc || ('get' in desc ? !m.__esModule : desc.writable || desc.configurable)) {
1156
+ desc = {
1157
+ enumerable: true,
1158
+ get: function () {
1159
+ return m[k];
1160
+ }
1161
+ };
1162
+ }
1163
+ Object.defineProperty(o, k2, desc);
1156
1164
  } : function (o, m, k, k2) {
1157
1165
  if (k2 === undefined)
1158
1166
  k2 = k;
@@ -2502,7 +2510,7 @@ require = function () {
2502
2510
  [privates.scope](child) {
2503
2511
  if (child.element.tagName !== 'STYLE')
2504
2512
  return;
2505
- const target = /(^|[,}])(\s*)\$scope(?![\w-])(?=[^;{}]*{)/g;
2513
+ const target = /(^|[,}]|\*\/)(\s*)\$scope(?=[\s~+[{:>,])/g;
2506
2514
  const style = child.element.innerHTML;
2507
2515
  if (!target.test(style))
2508
2516
  return;
@@ -3081,12 +3089,16 @@ require = function () {
3081
3089
  var __createBinding = this && this.__createBinding || (Object.create ? function (o, m, k, k2) {
3082
3090
  if (k2 === undefined)
3083
3091
  k2 = k;
3084
- Object.defineProperty(o, k2, {
3085
- enumerable: true,
3086
- get: function () {
3087
- return m[k];
3088
- }
3089
- });
3092
+ var desc = Object.getOwnPropertyDescriptor(m, k);
3093
+ if (!desc || ('get' in desc ? !m.__esModule : desc.writable || desc.configurable)) {
3094
+ desc = {
3095
+ enumerable: true,
3096
+ get: function () {
3097
+ return m[k];
3098
+ }
3099
+ };
3100
+ }
3101
+ Object.defineProperty(o, k2, desc);
3090
3102
  } : function (o, m, k, k2) {
3091
3103
  if (k2 === undefined)
3092
3104
  k2 = k;
@@ -4015,12 +4027,16 @@ require = function () {
4015
4027
  var __createBinding = this && this.__createBinding || (Object.create ? function (o, m, k, k2) {
4016
4028
  if (k2 === undefined)
4017
4029
  k2 = k;
4018
- Object.defineProperty(o, k2, {
4019
- enumerable: true,
4020
- get: function () {
4021
- return m[k];
4022
- }
4023
- });
4030
+ var desc = Object.getOwnPropertyDescriptor(m, k);
4031
+ if (!desc || ('get' in desc ? !m.__esModule : desc.writable || desc.configurable)) {
4032
+ desc = {
4033
+ enumerable: true,
4034
+ get: function () {
4035
+ return m[k];
4036
+ }
4037
+ };
4038
+ }
4039
+ Object.defineProperty(o, k2, desc);
4024
4040
  } : function (o, m, k, k2) {
4025
4041
  if (k2 === undefined)
4026
4042
  k2 = k;
@@ -4329,7 +4345,7 @@ require = function () {
4329
4345
  function headers(source) {
4330
4346
  var _a;
4331
4347
  const [el] = parse(source);
4332
- return (_a = el === null || el === void 0 ? void 0 : el.textContent.trimEnd().slice(el.firstChild.textContent.length).split(/[^\S\n]*\n/)) !== null && _a !== void 0 ? _a : [];
4348
+ return (_a = el === null || el === void 0 ? void 0 : el.textContent.trimEnd().slice(el.firstChild.textContent.length).split('\n')) !== null && _a !== void 0 ? _a : [];
4333
4349
  }
4334
4350
  exports.headers = headers;
4335
4351
  function parse(source) {
@@ -6501,10 +6517,7 @@ require = function () {
6501
6517
  const source_1 = _dereq_('../source');
6502
6518
  const typed_dom_1 = _dereq_('typed-dom');
6503
6519
  const array_1 = _dereq_('spica/array');
6504
- const index = new RegExp(`^(?:${ [
6505
- /(?:0|[1-9]\d*)(?:\.(?:0|[1-9]\d*))+/,
6506
- /[0-9]{1,4}|[A-Za-z]/
6507
- ].map(r => r.source).join('|') })`);
6520
+ const index = /^(?:[0-9]+(?:\.[0-9]+)*|[A-Za-z])/;
6508
6521
  const indexFW = new RegExp(index.source.replace(/[019AZaz](?!,)/g, c => String.fromCharCode(c.charCodeAt(0) + 65248)));
6509
6522
  exports.bracket = (0, combinator_1.lazy)(() => (0, combinator_1.union)([
6510
6523
  (0, combinator_1.surround)((0, source_1.str)('('), (0, source_1.str)(index), (0, source_1.str)(')'), false, ([as, bs = [], cs], rest) => [
@@ -6582,8 +6595,8 @@ require = function () {
6582
6595
  const htmlentity_1 = _dereq_('./htmlentity');
6583
6596
  const source_1 = _dereq_('../source');
6584
6597
  const typed_dom_1 = _dereq_('typed-dom');
6585
- exports.comment = (0, combinator_1.creator)((0, combinator_1.validate)('[#', (0, combinator_1.match)(/^\[(#+)\s+(?!\s|\1\]|\[\1\s)((?:\S+\s+)+?)(\1\]|(?=\[\1(?:$|\s)))/, ([whole, , body, closer]) => (rest, context) => {
6586
- [whole, body] = `${ whole }\0${ body.trimEnd() }`.replace(/\x1B/g, '').split('\0', 2);
6598
+ exports.comment = (0, combinator_1.creator)((0, combinator_1.validate)('[#', (0, combinator_1.match)(/^\[(#+)(?!\S|\s+\1\]|\s*\[\1(?:$|\s))((?:\s+\S+)+?)(?:\s+(\1\])|\s*(?=\[\1(?:$|\s)))/, ([whole, , body, closer]) => (rest, context) => {
6599
+ [whole, body] = `${ whole }\0${ body.trimStart() }`.replace(/\x1B/g, '').split('\0', 2);
6587
6600
  if (!closer)
6588
6601
  return [
6589
6602
  [(0, typed_dom_1.html)('sup', {
@@ -7124,7 +7137,7 @@ require = function () {
7124
7137
  rest
7125
7138
  ] : global_1.undefined)), ([, tag]) => tag, new cache_1.Cache(1000)))
7126
7139
  ])))));
7127
- exports.attribute = (0, combinator_1.union)([(0, source_1.str)(/^[^\S\n]+[a-z]+(?:-[a-z]+)*(?:="(?:\\[^\n]|[^\n"])*")?(?=[^\S\n]|>)/)]);
7140
+ exports.attribute = (0, combinator_1.union)([(0, source_1.str)(/^[^\S\n]+[a-z]+(?:-[a-z]+)*(?:="(?:\\[^\n]|[^\\\n"])*")?(?=[^\S\n]|>)/)]);
7128
7141
  function elem(tag, as, bs, cs, context) {
7129
7142
  var _a, _b, _c, _d, _e, _f;
7130
7143
  if (!tags.includes(tag))
@@ -7322,7 +7335,7 @@ require = function () {
7322
7335
  ]);
7323
7336
  exports.option = (0, combinator_1.union)([
7324
7337
  (0, combinator_1.fmap)((0, source_1.str)(/^[^\S\n]+nofollow(?=[^\S\n]|})/), () => [` rel="nofollow"`]),
7325
- (0, source_1.str)(/^[^\S\n]+[a-z]+(?:-[a-z]+)*(?:="(?:\\[^\n]|[^\n"])*")?(?=[^\S\n]|})/),
7338
+ (0, source_1.str)(/^[^\S\n]+[a-z]+(?:-[a-z]+)*(?:="(?:\\[^\n]|[^\\\n"])*")?(?=[^\S\n]|})/),
7326
7339
  (0, combinator_1.fmap)((0, source_1.str)(/^[^\S\n]+(?=})/), () => []),
7327
7340
  (0, combinator_1.fmap)((0, source_1.str)(/^[^\S\n]+[^\n{}]+/), opt => [` \\${ opt.slice(1) }`])
7328
7341
  ]);
@@ -7700,8 +7713,8 @@ require = function () {
7700
7713
  const typed_dom_1 = _dereq_('typed-dom');
7701
7714
  const array_1 = _dereq_('spica/array');
7702
7715
  exports.ruby = (0, combinator_1.lazy)(() => (0, combinator_1.creator)((0, combinator_1.bind)((0, combinator_1.verify)((0, combinator_1.validate)('[', ')', '\n', (0, combinator_1.sequence)([
7703
- (0, combinator_1.surround)('[', (0, combinator_1.focus)(/^(?:\\[^\n]|[^\[\]\n])+(?=]\()/, text), ']'),
7704
- (0, combinator_1.surround)('(', (0, combinator_1.focus)(/^(?:\\[^\n]|[^\(\)\n])+(?=\))/, text), ')')
7716
+ (0, combinator_1.surround)('[', (0, combinator_1.focus)(/^(?:\\[^\n]|[^\\\[\]\n])+(?=]\()/, text), ']'),
7717
+ (0, combinator_1.surround)('(', (0, combinator_1.focus)(/^(?:\\[^\n]|[^\\\(\)\n])+(?=\))/, text), ')')
7705
7718
  ])), ([texts]) => (0, util_1.isStartTightNodes)(texts)), ([texts, rubies], rest) => {
7706
7719
  const tail = typeof texts[texts.length - 1] === 'object' ? [texts.pop()] : [];
7707
7720
  tail.length === 0 && texts[texts.length - 1] === '' && texts.pop();
@@ -8667,10 +8680,10 @@ require = function () {
8667
8680
  'InvisibleComma',
8668
8681
  'ic'
8669
8682
  ];
8670
- const blankline = new RegExp(String.raw`^(?!$|\n)(?:\\?\s|&(?:${ invisibleHTMLEntityNames.join('|') });|<wbr>|\[(#+)\s+(?!\s|\1\]|\[\1\s)(?:\S+\s+)+?(?:\1\]|(?=\[\1(?:$|\s))))*\\?(?:$|\n)`, 'gm');
8683
+ const blankline = new RegExp(String.raw`^(?!$|\n)(?:\\?[^\S\n]|&(?:${ invisibleHTMLEntityNames.join('|') });|<wbr>|\[(#+)(?!\S|\s+\1\]|\s*\[\1(?:$|\s))((?:\s+\S+)+?)(?:\s+(\1\])|\s*(?=\[\1(?:$|\s))))*(?:\\?(?:$|\n)|(\S))`, 'gm');
8671
8684
  function visualize(parser) {
8672
8685
  return (0, combinator_1.union)([
8673
- (0, combinator_1.convert)(source => source.replace(blankline, line => line.replace(/[\\&<\[]/g, '\x1B$&')), (0, combinator_1.verify)(parser, (ns, rest, context) => !rest && hasVisible(ns, context))),
8686
+ (0, combinator_1.convert)(source => source.replace(blankline, (line, ...$) => !$[3] ? line.replace(/[\\&<\[]/g, '\x1B$&') : line), (0, combinator_1.verify)(parser, (ns, rest, context) => !rest && hasVisible(ns, context))),
8674
8687
  (0, combinator_1.some)((0, combinator_1.union)([
8675
8688
  source_1.linebreak,
8676
8689
  source_1.unescsource
@@ -8950,12 +8963,16 @@ require = function () {
8950
8963
  var __createBinding = this && this.__createBinding || (Object.create ? function (o, m, k, k2) {
8951
8964
  if (k2 === undefined)
8952
8965
  k2 = k;
8953
- Object.defineProperty(o, k2, {
8954
- enumerable: true,
8955
- get: function () {
8956
- return m[k];
8957
- }
8958
- });
8966
+ var desc = Object.getOwnPropertyDescriptor(m, k);
8967
+ if (!desc || ('get' in desc ? !m.__esModule : desc.writable || desc.configurable)) {
8968
+ desc = {
8969
+ enumerable: true,
8970
+ get: function () {
8971
+ return m[k];
8972
+ }
8973
+ };
8974
+ }
8975
+ Object.defineProperty(o, k2, desc);
8959
8976
  } : function (o, m, k, k2) {
8960
8977
  if (k2 === undefined)
8961
8978
  k2 = k;
@@ -9264,11 +9281,12 @@ require = function () {
9264
9281
  }
9265
9282
  exports.youtube = youtube;
9266
9283
  function resolve(url) {
9284
+ var _a;
9267
9285
  switch (url.origin) {
9268
9286
  case 'https://www.youtube.com':
9269
- return url.pathname === '/watch/' ? url.href.replace(/.+?=/, '').replace('&', '?') : undefined;
9287
+ return url.pathname.match(/^\/watch\/?$/) ? (_a = url.searchParams.get('v')) === null || _a === void 0 ? void 0 : _a.concat(url.search.replace(/([?&])v=[^&#]*&?/g, '$1'), url.hash) : undefined;
9270
9288
  case 'https://youtu.be':
9271
- return url.pathname.match(/^\/[\w-]+$/) ? url.href.slice(url.href.indexOf('/', 9) + 1) : undefined;
9289
+ return url.pathname.match(/^\/[\w-]+\/?$/) ? url.href.slice(url.origin.length) : undefined;
9272
9290
  default:
9273
9291
  return;
9274
9292
  }
@@ -9607,12 +9625,16 @@ require = function () {
9607
9625
  var __createBinding = this && this.__createBinding || (Object.create ? function (o, m, k, k2) {
9608
9626
  if (k2 === undefined)
9609
9627
  k2 = k;
9610
- Object.defineProperty(o, k2, {
9611
- enumerable: true,
9612
- get: function () {
9613
- return m[k];
9614
- }
9615
- });
9628
+ var desc = Object.getOwnPropertyDescriptor(m, k);
9629
+ if (!desc || ('get' in desc ? !m.__esModule : desc.writable || desc.configurable)) {
9630
+ desc = {
9631
+ enumerable: true,
9632
+ get: function () {
9633
+ return m[k];
9634
+ }
9635
+ };
9636
+ }
9637
+ Object.defineProperty(o, k2, desc);
9616
9638
  } : function (o, m, k, k2) {
9617
9639
  if (k2 === undefined)
9618
9640
  k2 = k;
package/gulpfile.js CHANGED
@@ -98,7 +98,27 @@ gulp.task('ts:dev', () =>
98
98
  gulp.task('ts:test', () =>
99
99
  compile(config.ts.test.src)
100
100
  .pipe($.rename({ extname: '.test.js' }))
101
- .pipe(gulp.dest(config.ts.test.dest)));
101
+ .pipe(gulp.dest(config.ts.test.dest))
102
+ .pipe($.eslint({
103
+ 'parserOptions': {
104
+ 'ecmaVersion': 2020,
105
+ },
106
+ 'env': {
107
+ 'es2020': true,
108
+ },
109
+ 'plugins': ['redos'],
110
+ 'rules': {
111
+ 'redos/no-vulnerable': [
112
+ 'error',
113
+ {
114
+ ignoreErrors: false,
115
+ timeout: 30000,
116
+ },
117
+ ],
118
+ },
119
+ }))
120
+ .pipe($.eslint.format())
121
+ .pipe($.eslint.failAfterError()));
102
122
 
103
123
  gulp.task('ts:dist', () =>
104
124
  compile(config.ts.dist.src)