Skip to content

Commit

Permalink
test: include all dompurify test cases (#37)
Browse files Browse the repository at this point in the history
  • Loading branch information
JounQin authored Dec 14, 2023
1 parent daaacaf commit 462eac0
Show file tree
Hide file tree
Showing 26 changed files with 1,216 additions and 48 deletions.
5 changes: 5 additions & 0 deletions .changeset/rich-plants-call.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"domiso": minor
---

feat: better compatibility with `dompurify`, prevent many more XSS cases
2 changes: 2 additions & 0 deletions .codesandbox/ci.json
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
{
"node": "18",
"installCommand": "codesandbox:install",
"buildCommand": "codesandbox:build",
"sandboxes": []
}
1 change: 1 addition & 0 deletions .eslintignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ coverage
dist
lib
CHANGELOG.md
/DOMPurify
/auto-imports.d.ts
/pnpm-lock.yaml
!/.github
Expand Down
1 change: 1 addition & 0 deletions .eslintrc
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"root": true,
"extends": "@1stg",
"rules": {
"unicorn/prefer-set-has": "off",
"unicorn/template-indent": "off"
},
"overrides": [
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ jobs:
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
submodules: true

- name: Setup pnpm
uses: pnpm/action-setup@v2
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/size-limit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ jobs:
CI_JOB_NUMBER: 1
steps:
- uses: actions/checkout@v4
with:
submodules: true

- name: Setup pnpm
uses: pnpm/action-setup@v2
Expand Down
3 changes: 3 additions & 0 deletions .gitmodules
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
[submodule "DOMPurify"]
path = DOMPurify
url = https://github.com/cure53/DOMPurify.git
1 change: 0 additions & 1 deletion .npmrc
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
auto-install-peers=true
enable-pre-post-scripts=true
public-hoist-pattern[]=@1stg/*
public-hoist-pattern[]=@commitlint/*
Expand Down
2 changes: 2 additions & 0 deletions .prettierignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,6 @@
coverage
dist
lib
/DOMPurify
/auto-imports.d.ts
/pnpm-lock.yaml
3 changes: 3 additions & 0 deletions .stylelintignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,11 @@ coverage
dist
lib
LICENSE
fixtures
/DOMPurify
*.json
*.log
*.mts
*.patch
*.snap
*.svg
Expand Down
1 change: 1 addition & 0 deletions DOMPurify
Submodule DOMPurify added at d1e4f2
11 changes: 11 additions & 0 deletions dompurify.fixtures.d.mts
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
declare module 'DOMPurify/test/fixtures/expect.mjs' {
export interface Fixture {
title?: string
payload: string
expected: string[] | string
}

const fixtures: Fixture[]

export default fixtures
}
14 changes: 10 additions & 4 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
"author": "JounQin (https://www.1stG.me) <admin@1stg.me>",
"funding": "https://opencollective.com/unts",
"license": "MIT",
"packageManager": "pnpm@8.12.0",
"packageManager": "pnpm@8.12.1",
"engines": {
"node": "^12.20.0 || ^14.18.0 || >=16.0.0"
},
Expand All @@ -34,14 +34,17 @@
"build": "pnpm test && run-p build:*",
"build:r": "r -f cjs",
"build:tsc": "tsc -p src",
"codesandbox:build": "yarn test -u && yarn run-p build:*",
"codesandbox:install": "git submodule update --init && yarn",
"dev": "vitest",
"docs:build": "w -e docs -p --publicPath /",
"docs:dev": "w -e docs",
"limit": "pnpm build && size-limit",
"lint": "run-p lint:*",
"lint:es": "eslint . --cache -f friendly --max-warnings 10",
"lint:style": "stylelint . --cache",
"lint:tsc": "tsc --noEmit",
"prepare": "simple-git-hooks",
"prepare": "simple-git-hooks || exit 0",
"release": "pnpm build && changeset publish",
"serve": "sirv dist -s",
"test": "vitest run --coverage",
Expand All @@ -63,7 +66,7 @@
"@types/react-dom": "^18.2.17",
"@types/web": "^0.0.127",
"@vitest/coverage-istanbul": "^1.0.4",
"domiso": "link:",
"domiso": "link:.",
"github-markdown-css": "^5.5.0",
"jsdom": "^23.0.1",
"react": "^18.2.0",
Expand All @@ -89,12 +92,15 @@
"pnpm": {
"overrides": {
"sh-syntax": "^0.4.1"
},
"patchedDependencies": {
"jsdom@23.0.1": "patches/jsdom@23.0.1.patch"
}
},
"size-limit": [
{
"path": "lib/index.js",
"limit": "410B"
"limit": "1KB"
}
],
"typeCoverage": {
Expand Down
29 changes: 29 additions & 0 deletions patches/jsdom@23.0.1.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
diff --git a/lib/jsdom/living/helpers/stylesheets.js b/lib/jsdom/living/helpers/stylesheets.js
index 9b44b6dba9a74495f880e6a6fe53ffbc9bf8a5d6..cb536fc5b11ca1eb0c5f98e9292ce46f63c03290 100644
--- a/lib/jsdom/living/helpers/stylesheets.js
+++ b/lib/jsdom/living/helpers/stylesheets.js
@@ -43,6 +43,11 @@ exports.createStylesheet = (sheetText, elementImpl, baseURL) => {
return;
}

+ if (!elementImpl._ownerDocument._defaultView) {
+ elementImpl.sheet = sheet;
+ return;
+ }
+
scanForImportRules(elementImpl, sheet.cssRules, baseURL);

addStylesheet(sheet, elementImpl);
diff --git a/lib/jsdom/living/nodes/HTMLStyleElement-impl.js b/lib/jsdom/living/nodes/HTMLStyleElement-impl.js
index 7dcc6fbd453ec5edda80f07c0e79a2fe6e6c9906..2116266218ca6420457518595cdd4f3f73eea966 100644
--- a/lib/jsdom/living/nodes/HTMLStyleElement-impl.js
+++ b/lib/jsdom/living/nodes/HTMLStyleElement-impl.js
@@ -52,7 +52,7 @@ class HTMLStyleElementImpl extends HTMLElementImpl {
}

// Browsing-context connected, per https://github.com/whatwg/html/issues/4547
- if (!this.isConnected || !this._ownerDocument._defaultView) {
+ if (!this.isConnected) {
return;
}

15 changes: 11 additions & 4 deletions pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 462eac0

Please sign in to comment.