npm - securemark - Versions diffs - 0.231.0 → 0.231.1 - Mend

securemark 0.231.0 → 0.231.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/CHANGELOG.md +5 -0
package/dist/securemark.js +75 -53
package/gulpfile.js +21 -1
package/package-lock.json +919 -190
package/package.json +9 -7
package/src/debug.test.ts +1 -0
package/src/parser/api/header.ts +1 -1
package/src/parser/inline/bracket.ts +1 -4
package/src/parser/inline/comment.test.ts +2 -0
package/src/parser/inline/comment.ts +2 -2
package/src/parser/inline/html.ts +1 -1
package/src/parser/inline/link.ts +1 -1
package/src/parser/inline/ruby.ts +2 -2
package/src/parser/util.ts +2 -2
package/src/renderer/render/media/youtube.ts +4 -4

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "securemark",
-  "version": "0.231.0",
+  "version": "0.231.1",
   "description": "Secure markdown renderer working on browsers for user input data.",
   "private": false,
   "homepage": "https://github.com/falsandtru/securemark",
@@ -31,7 +31,7 @@
   },
   "devDependencies": {
     "@types/dompurify": "2.3.3",
-    "@types/jquery": "3.5.13",
+    "@types/jquery": "3.5.14",
     "@types/mathjax": "0.0.37",
     "@types/mocha": "9.1.0",
     "@types/power-assert": "1.5.8",
@@ -40,15 +40,17 @@
     "browserify-shim": "^3.8.14",
     "concurrently": "^7.0.0",
     "del": "^6.0.0",
+    "eslint-plugin-redos": "^4.3.0",
     "gulp": "^4.0.2",
     "gulp-derequire": "^3.0.0",
+    "gulp-eslint": "^6.0.0",
     "gulp-footer": "^2.1.0",
     "gulp-header": "^2.0.9",
     "gulp-load-plugins": "^2.0.7",
     "gulp-mocha": "^8.0.0",
     "gulp-rename": "^2.0.0",
     "gulp-unassert": "^2.0.0",
-    "karma": "^6.3.16",
+    "karma": "^6.3.17",
     "karma-chrome-launcher": "^3.1.0",
     "karma-coverage-istanbul-instrumenter": "^1.0.4",
     "karma-coverage-istanbul-reporter": "^3.0.3",
@@ -56,13 +58,13 @@
     "karma-firefox-launcher": "^2.1.2",
     "karma-mocha": "^2.0.1",
     "mocha": "^9.2.1",
-    "npm-check-updates": "^12.4.0",
+    "npm-check-updates": "^12.5.2",
     "power-assert": "^1.6.1",
     "semver": "^7.3.5",
-    "spica": "0.0.510",
+    "spica": "0.0.511",
     "tsify": "^5.0.4",
-    "typed-dom": "0.0.248",
-    "typescript": "4.5.5",
+    "typed-dom": "0.0.249",
+    "typescript": "4.6.2",
     "vinyl-buffer": "^1.0.1",
     "vinyl-source-stream": "^2.0.0"
   },

package/src/debug.test.ts CHANGED Viewed

@@ -21,6 +21,7 @@ export function inspect(result: Result<HTMLElement | string>, until: number | st
       el.innerHTML = node.outerHTML.slice(0, until);
       if (node.outerHTML.length <= until) {
         assert(node.outerHTML === el.innerHTML);
+        // eslint-disable-next-line redos/no-vulnerable
         assert(node.childNodes.length === el.firstChild?.childNodes.length || />[^<]{65537}/.test(node.outerHTML));
       }
       else {

package/src/parser/api/header.ts CHANGED Viewed

@@ -8,7 +8,7 @@ export function header(source: string): string {
 export function headers(source: string): string[] {
   const [el] = parse(source);
-  return el?.textContent!.trimEnd().slice(el.firstChild!.textContent!.length).split(/[^\S\n]*\n/) ?? [];
+  return el?.textContent!.trimEnd().slice(el.firstChild!.textContent!.length).split('\n') ?? [];
 }
 function parse(source: string): [HTMLDetailsElement, string] | [] {

package/src/parser/inline/bracket.ts CHANGED Viewed

@@ -6,10 +6,7 @@ import { str } from '../source';
 import { html, defrag } from 'typed-dom';
 import { unshift, push } from 'spica/array';
-const index = new RegExp(`^(?:${[
-  /(?:0|[1-9]\d*)(?:\.(?:0|[1-9]\d*))+/,
-  /[0-9]{1,4}|[A-Za-z]/,
-].map(r => r.source).join('|')})`);
+const index = /^(?:[0-9]+(?:\.[0-9]+)*|[A-Za-z])/;
 const indexFW = new RegExp(index.source.replace(/[019AZaz](?!,)/g, c => String.fromCharCode(c.charCodeAt(0) + 0xfee0)));
 export const bracket: BracketParser = lazy(() => union([

package/src/parser/inline/comment.test.ts CHANGED Viewed

@@ -17,8 +17,10 @@ describe('Unit: parser/inline/comment', () => {
       assert.deepStrictEqual(inspect(parser('[# #] #]')), undefined);
       assert.deepStrictEqual(inspect(parser('[#  #]  #]')), undefined);
       assert.deepStrictEqual(inspect(parser('[# [#')), undefined);
+      assert.deepStrictEqual(inspect(parser('[#[#')), undefined);
       assert.deepStrictEqual(inspect(parser('[# [# ')), undefined);
       assert.deepStrictEqual(inspect(parser('[# [# a')), undefined);
+      assert.deepStrictEqual(inspect(parser('[# a[#')), [['<sup class="comment invalid">[# a</sup>'], '[#']);
       assert.deepStrictEqual(inspect(parser('[# a [#')), [['<sup class="comment invalid">[# a </sup>'], '[#']);
       assert.deepStrictEqual(inspect(parser('[# a [# ')), [['<sup class="comment invalid">[# a </sup>'], '[# ']);
       assert.deepStrictEqual(inspect(parser('[# a [#\n')), [['<sup class="comment invalid">[# a </sup>'], '[#\n']);

package/src/parser/inline/comment.ts CHANGED Viewed

@@ -6,9 +6,9 @@ import { unescsource } from '../source';
 import { html } from 'typed-dom';
 export const comment: CommentParser = creator(validate('[#', match(
-  /^\[(#+)\s+(?!\s|\1\]|\[\1\s)((?:\S+\s+)+?)(\1\]|(?=\[\1(?:$|\s)))/,
+  /^\[(#+)(?!\S|\s+\1\]|\s*\[\1(?:$|\s))((?:\s+\S+)+?)(?:\s+(\1\])|\s*(?=\[\1(?:$|\s)))/,
   ([whole, , body, closer]) => (rest, context) => {
-    [whole, body] = `${whole}\0${body.trimEnd()}`.replace(/\x1B/g, '').split('\0', 2);
+    [whole, body] = `${whole}\0${body.trimStart()}`.replace(/\x1B/g, '').split('\0', 2);
     if (!closer) return [[html('sup', {
       class: 'comment invalid',
       'data-invalid-syntax': 'comment',

package/src/parser/inline/html.ts CHANGED Viewed

@@ -88,7 +88,7 @@ export const html: HTMLParser = lazy(() => creator(validate('<', validate(/^<[a-
 ])))));
 export const attribute: HTMLParser.TagParser.AttributeParser = union([
-  str(/^[^\S\n]+[a-z]+(?:-[a-z]+)*(?:="(?:\\[^\n]|[^\n"])*")?(?=[^\S\n]|>)/),
+  str(/^[^\S\n]+[a-z]+(?:-[a-z]+)*(?:="(?:\\[^\n]|[^\\\n"])*")?(?=[^\S\n]|>)/),
 ]);
 function elem(tag: string, as: (HTMLElement | string)[], bs: (HTMLElement | string)[], cs: (HTMLElement | string)[], context: MarkdownParser.Context): HTMLElement {

package/src/parser/inline/link.ts CHANGED Viewed

@@ -71,7 +71,7 @@ export const uri: LinkParser.ParameterParser.UriParser = union([
 export const option: LinkParser.ParameterParser.OptionParser = union([
   fmap(str(/^[^\S\n]+nofollow(?=[^\S\n]|})/), () => [` rel="nofollow"`]),
-  str(/^[^\S\n]+[a-z]+(?:-[a-z]+)*(?:="(?:\\[^\n]|[^\n"])*")?(?=[^\S\n]|})/),
+  str(/^[^\S\n]+[a-z]+(?:-[a-z]+)*(?:="(?:\\[^\n]|[^\\\n"])*")?(?=[^\S\n]|})/),
   fmap(str(/^[^\S\n]+(?=})/), () => []),
   fmap(str(/^[^\S\n]+[^\n{}]+/), opt => [` \\${opt.slice(1)}`]),
 ]);

package/src/parser/inline/ruby.ts CHANGED Viewed

@@ -11,8 +11,8 @@ import { unshift, push, join } from 'spica/array';
 export const ruby: RubyParser = lazy(() => creator(bind(verify(
   validate('[', ')', '\n',
   sequence([
-    surround('[', focus(/^(?:\\[^\n]|[^\[\]\n])+(?=]\()/, text), ']'),
-    surround('(', focus(/^(?:\\[^\n]|[^\(\)\n])+(?=\))/, text), ')'),
+    surround('[', focus(/^(?:\\[^\n]|[^\\\[\]\n])+(?=]\()/, text), ']'),
+    surround('(', focus(/^(?:\\[^\n]|[^\\\(\)\n])+(?=\))/, text), ')'),
   ])),
   ([texts]) => isStartTightNodes(texts)),
   ([texts, rubies], rest) => {

package/src/parser/util.ts CHANGED Viewed

@@ -42,13 +42,13 @@ const invisibleHTMLEntityNames = [
   'InvisibleComma',
   'ic',
 ];
-const blankline = new RegExp(String.raw`^(?!$|\n)(?:\\?\s|&(?:${invisibleHTMLEntityNames.join('|')});|<wbr>|\[(#+)\s+(?!\s|\1\]|\[\1\s)(?:\S+\s+)+?(?:\1\]|(?=\[\1(?:$|\s))))*\\?(?:$|\n)`, 'gm');
+const blankline = new RegExp(String.raw`^(?!$|\n)(?:\\?[^\S\n]|&(?:${invisibleHTMLEntityNames.join('|')});|<wbr>|\[(#+)(?!\S|\s+\1\]|\s*\[\1(?:$|\s))((?:\s+\S+)+?)(?:\s+(\1\])|\s*(?=\[\1(?:$|\s))))*(?:\\?(?:$|\n)|(\S))`, 'gm');
 export function visualize<P extends Parser<HTMLElement | string>>(parser: P): P;
 export function visualize<T extends HTMLElement | string>(parser: Parser<T>): Parser<T> {
   return union([
     convert(
-      source => source.replace(blankline, line => line.replace(/[\\&<\[]/g, '\x1B$&')),
+      source => source.replace(blankline, (line, ...$) => !$[3] ? line.replace(/[\\&<\[]/g, '\x1B$&') : line),
       verify(parser, (ns, rest, context) => !rest && hasVisible(ns, context))),
     some(union([linebreak, unescsource])),
   ]);

package/src/renderer/render/media/youtube.ts CHANGED Viewed

@@ -15,12 +15,12 @@ export function youtube(source: HTMLImageElement, url: URL): HTMLElement | undef
 function resolve(url: URL): string | undefined {
   switch (url.origin) {
     case 'https://www.youtube.com':
-      return url.pathname === '/watch/'
-        ? url.href.replace(/.+?=/, '').replace('&', '?')
+      return url.pathname.match(/^\/watch\/?$/)
+        ? url.searchParams.get('v')?.concat(url.search.replace(/([?&])v=[^&#]*&?/g, '$1'), url.hash)
         : undefined;
     case 'https://youtu.be':
-      return url.pathname.match(/^\/[\w-]+$/)
-        ? url.href.slice(url.href.indexOf('/', 9) + 1)
+      return url.pathname.match(/^\/[\w-]+\/?$/)
+        ? url.href.slice(url.origin.length)
         : undefined;
     default:
       return;