Skip to content

Commit

Permalink
review the dependencies list to elimiate security issue
Browse files Browse the repository at this point in the history 
migrate some cheerio to support new version
  • Loading branch information
@gaplo917
gaplo917 committed Sep 9, 2019
1 parent 719f9ac commit cfffb67
Show file tree
Hide file tree
Showing 4 changed files with 550 additions and 1,792 deletions.
14 changes: 5 additions & 9 deletions gulpfile.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,9 @@ const stripDebug = require('gulp-strip-debug')
const sass = require('gulp-sass')
const source = require('vinyl-source-stream')
const buffer = require('vinyl-buffer')
const uglify = require('gulp-uglify')
const terser = require('gulp-terser')
const sourcemaps = require('gulp-sourcemaps')
const ngAnnotate = require('gulp-ng-annotate')
const minifyCss = require('gulp-minify-css')
const cleanCSS = require('gulp-clean-css')
const browserSync = require('browser-sync').create()

function onError (err) {
Expand Down Expand Up @@ -107,17 +106,14 @@ gulp.task('watchAsset', function () {
gulp.task('watch', gulp.parallel(['watchDependencies', 'watchJs', 'watchSass', 'watchAsset']))

gulp.task('compressCss', function () {
return gulp.src(['./www/css/ionic.app.css', './www/css/ionic.app.dark.css'])
.pipe(minifyCss({
keepSpecialComments: 0
}))
return gulp.src(['./www/css/ionic.app.css', './www/css/ionic.app.dark.css', './www/css/ionic.app.oled.dark.css'])
.pipe(cleanCSS())
.pipe(gulp.dest('./www/css/'))
})
gulp.task('compressJs', function () {
return gulp.src(['./www/js/app.js', './www/js/dependencies.js'])
.pipe(ngAnnotate())
.pipe(stripDebug())
.pipe(uglify({ mangle: false }))
.pipe(terser({ mangle: false }))
.pipe(gulp.dest('./www/js/'))
})

Expand Down
24 changes: 11 additions & 13 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,24 +13,24 @@
"angular-localforage": "^1.3.8",
"angular-sanitize": "1.7.8",
"angular-ui-router": "0.4.3",
"babel-plugin-transform-async-to-generator": "^6.24.1",
"cheerio": "^0.19.0",
"cheerio": "^1.0.0-rc.3",
"csshake": "^1.5.3",
"localforage": "^1.7.3",
"lodash": "^4.17.15",
"moment": "^2.11.2",
"ng-toast": "^2.0.0",
"node-sass": "^4.10.0",
"node-sass": "^4.12.0",
"rx-angular": "^1.1.3",
"showdown": "^1.8.0",
"sweetalert2": "^7.18.0",
"showdown": "^1.9.0",
"sweetalert2": "^7.33.1",
"uuid-v4": "^0.1.0",
"webworkify": "^1.4.0"
"webworkify": "^1.5.0"
},
"devDependencies": {
"@babel/core": "^7.0.0",
"@babel/preset-env": "^7.0.0",
"babel-cli": "^6.10.1",
"babel-plugin-transform-async-to-generator": "^6.24.1",
"babel-plugin-transform-object-rest-spread": "^6.26.0",
"babel-polyfill": "^6.26.0",
"babel-preset-es2015": "^6.24.1",
Expand All @@ -44,14 +44,12 @@
"eslint-plugin-promise": "^4.2.1",
"eslint-plugin-standard": "^4.0.0",
"gulp": "^4.0.2",
"gulp-browserify": "^0.5.1",
"gulp-minify-css": "^0.5.1",
"gulp-ng-annotate": "^2.0.0",
"gulp-clean-css": "^4.2.0",
"gulp-sass": "^4.0.0",
"gulp-sourcemaps": "^1.6.0",
"gulp-strip-debug": "^1.1.0",
"gulp-uglify": "^2.0.0",
"sass": "^1.1.1",
"gulp-sourcemaps": "^2.6.5",
"gulp-strip-debug": "^3.0.0",
"gulp-terser": "^1.2.0",
"sass": "^1.22.10",
"vinyl-buffer": "^1.0.1",
"vinyl-source-stream": "^2.0.0"
}
Expand Down
97 changes: 47 additions & 50 deletions src/es6/core/mapper/mapper.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -271,19 +271,17 @@ export default class Mapper {
const postSource = $(elem)
const hasEdit = !!postSource.find('a.editpost').text()

const content = new HKEPCHtml(
cheerio.load(postSource.find('.postcontent > .defaultpost > .postmessage > .t_msgfontfix').html() ||
postSource.find('.postcontent > .defaultpost > .postmessage').html())
).getCheerio()
const content = postSource.find('.postcontent > .defaultpost > .postmessage > .t_msgfontfix') ||
postSource.find('.postcontent > .defaultpost > .postmessage')

content('#threadtitle').remove()
content('.useraction').remove()
content('blockquote').attr('ng-click', content('blockquote a').attr('ng-click'))
content('blockquote a').attr('ng-click', '')
content('blockquote img').html('<div class="message-resolve"><i class="ion-ios-search-strong"></i> 點擊查看原文</div>')
content.find('#threadtitle').remove()
content.find('.useraction').remove()
content.find('blockquote').attr('ng-click', content.find('blockquote a').attr('ng-click'))
content.find('blockquote a').attr('ng-click', '')
content.find('blockquote img').html('<div class="message-resolve"><i class="ion-ios-search-strong"></i> 點擊查看原文</div>')

// auto add embedded youtube before the link
content('a[youtube-embed]').each((i, e) => {
content.find('a[youtube-embed]').each((i, e) => {
const elm = $(e)
elm.before(elm.attr('youtube-embed'))
})
Expand All @@ -295,7 +293,7 @@ export default class Mapper {

// processed by general html (isAutoLoadImage features)
const avatarImageUrl = avatarImage.attr('image-lazy-src')
const pstatus = content('.pstatus').text()
const pstatus = content.find('.pstatus').text()

return {
id: postSource.find('table').attr('id').replace('pid', ''),
Expand Down Expand Up @@ -387,24 +385,24 @@ export default class Mapper {
: Math.max(...pageNumArr)

const posts = $('.datalist table > tbody > tr').map((i, elem) => {
const postSource = cheerio.load($(elem).html())
const postSource = $(elem)

return {
post: {
title: postSource('th a').text(),
url: postSource('th a').attr('href')
title: postSource.find('th a').text(),
url: postSource.find('th a').attr('href')
},
topic: {
url: postSource('.forum a').attr('href'),
title: postSource('.forum a').text() || postSource('td.forum').text()
url: postSource.find('.forum a').attr('href'),
title: postSource.find('.forum a').text() || postSource.find('td.forum').text()
},
status: postSource('.nums').text(),
status: postSource.find('.nums').text(),
lastpost: {
by: postSource('.lastpost cite a').text() || postSource('.lastpost cite').text(),
timestamp: postSource('.lastpost > em > a > span').attr('title') ||
postSource('.lastpost > em > a').text() ||
postSource('.lastpost > em > span').text() ||
postSource('.lastpost > em').text() ||
by: postSource.find('.lastpost cite a').text() || postSource.find('.lastpost cite').text(),
timestamp: postSource.find('.lastpost > em > a > span').attr('title') ||
postSource.find('.lastpost > em > a').text() ||
postSource.find('.lastpost > em > span').text() ||
postSource.find('.lastpost > em').text() ||
0
}
}
Expand Down Expand Up @@ -433,15 +431,15 @@ export default class Mapper {
: Math.max(...pageNumArr)

const chats = $('.pm_list li').map((i, elem) => {
const chatSource = cheerio.load($(elem).html())
const chatSource = $(elem)

const avatarUrl = chatSource('.avatar img').attr('raw-src')
const summary = chatSource('.summary').text()
const username = chatSource('.cite cite a').text()
const isRead = chatSource('.cite img').attr('alt') !== 'NEW'
const avatarUrl = chatSource.find('.avatar img').attr('raw-src')
const summary = chatSource.find('.summary').text()
const username = chatSource.find('.cite cite a').text()
const isRead = chatSource.find('.cite img').attr('alt') !== 'NEW'

chatSource('cite').remove()
const date = chatSource('.cite').text()
chatSource.find('cite').remove()
const date = chatSource.find('.cite').text()

const id = URLUtils.getQueryVariable(avatarUrl, 'uid')
return {
Expand All @@ -462,16 +460,14 @@ export default class Mapper {

static chatDetails (html, opt) {
const $ = html.getCheerio()
const parseChat = (chatHtml, isSelf) => {
const chatSource = cheerio.load(chatHtml)

const avatarUrl = chatSource('.avatar img').attr('raw-src')
const content = chatSource('.summary').html()
const username = chatSource('.cite cite').text()
const parseChat = (chatSource, isSelf) => {
const avatarUrl = chatSource.find('.avatar img').attr('raw-src')
const content = chatSource.find('.summary').html()
const username = chatSource.find('.cite cite').text()

chatSource('cite').remove()
chatSource.find('cite').remove()

const date = chatSource('.cite').text()
const date = chatSource.find('.cite').text()

const id = URLUtils.getQueryVariable(avatarUrl, 'uid')
return {
Expand All @@ -486,7 +482,7 @@ export default class Mapper {
const messages = $('.pm_list li.s_clear').map((i, elem) => {
const isSelf = $(elem).attr('class').indexOf('self') > 0

return parseChat($(elem).html(), isSelf)
return parseChat($(elem), isSelf)
}).get()

const username = $('.itemtitle .left strong').text()
Expand Down Expand Up @@ -569,9 +565,10 @@ export default class Mapper {
: Math.max(...pageNumArr)

const notifications = $('.feed li .f_quote, .feed li .f_reply, .feed li .f_thread').map((i, elem) => {
const source = $(elem)
return {
isRead: $(elem).find('img').attr('alt') !== 'NEW',
content: $(elem).html()
isRead: source.find('img').attr('alt') !== 'NEW',
content: source.html()
}
}).get()

Expand Down Expand Up @@ -664,22 +661,22 @@ export default class Mapper {
: Math.max(...pageNumArr)

const myreplies = $('.datalist > table > tbody > tr').map((i, elem) => {
const postSource = cheerio.load($(elem).html())
const postSource = $(elem)

return {
post: {
title: postSource('th a').text(),
messageId: postSource('th a').attr('pid'),
postId: postSource('th a').attr('ptid'),
inAppUrl: postSource('th a').attr('in-app-url')
title: postSource.find('th a').text(),
messageId: postSource.find('th a').attr('pid'),
postId: postSource.find('th a').attr('ptid'),
inAppUrl: postSource.find('th a').attr('in-app-url')
},
topic: {
url: postSource('.forum a').attr('href'),
title: postSource('.forum a').text()
url: postSource.find('.forum a').attr('href'),
title: postSource.find('.forum a').text()
},
status: postSource('.nums').text(),
timestamp: postSource('.lastpost > em > span').attr('title') || postSource('.lastpost > em').text() || 0,
brief: postSource('.lighttxt').text()
status: postSource.find('.nums').text(),
timestamp: postSource.find('.lastpost > em > span').attr('title') || postSource.find('.lastpost > em').text() || 0,
brief: postSource.find('.lighttxt').text()
}
}).get()

Expand Down
Loading

0 comments on commit cfffb67

Please sign in to comment.