From 6707a79eb43d48701f9793c311f2891956843881 Mon Sep 17 00:00:00 2001 From: cchang-vassar <79338042+cchang-vassar@users.noreply.github.com> Date: Wed, 8 Jan 2025 15:52:14 -0500 Subject: [PATCH] put DOM fix modify with citations modify --- packages/config/rollup.js | 66 +++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 30 deletions(-) diff --git a/packages/config/rollup.js b/packages/config/rollup.js index 2f8b96f7..39cdc1ea 100644 --- a/packages/config/rollup.js +++ b/packages/config/rollup.js @@ -76,20 +76,22 @@ const makeConfig = ({ input, plugins: [ externals(), - modify({ - // prettier-ignore - find: /'__CITATIONS__'/g, - replace: JSON.stringify(citationData, null, 2), - }), - modify({ - // Patch to mitigate DOM Clobbering vulnerability - find: /document\.currentScript/g, - replace: `(typeof document !== 'undefined' && + modify( + { + // prettier-ignore + find: /'__CITATIONS__'/g, + replace: JSON.stringify(citationData, null, 2), + }, + { + // Patch to mitigate DOM Clobbering vulnerability + find: /document\.currentScript/g, + replace: `(typeof document !== 'undefined' && document.currentScript && document.currentScript.tagName && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript)`, - }), + } + ), esbuild({ ...esBuildPluginOptions, target: "node18" }), commonjs(commonjsPluginOptions), ], @@ -115,20 +117,22 @@ const makeConfig = ({ input, plugins: [ externals({ deps: false }), - modify({ - // prettier-ignore - find: /'__CITATIONS__'/g, - replace: JSON.stringify(citationData, null, 2), - }), - modify({ - // Patch to mitigate DOM Clobbering vulnerability - find: /document\.currentScript/g, - replace: `(typeof document !== 'undefined' && + modify( + { + // prettier-ignore + find: /'__CITATIONS__'/g, + replace: JSON.stringify(citationData, null, 2), + }, + { + // Patch to mitigate DOM Clobbering vulnerability + find: /document\.currentScript/g, + replace: `(typeof document !== 'undefined' && document.currentScript && document.currentScript.tagName && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript)`, - }), + } + ), resolve({ preferBuiltins: false }), esbuild({ ...esBuildPluginOptions, target: "esnext" }), commonjs(commonjsPluginOptions), @@ -148,20 +152,22 @@ const makeConfig = ({ input, plugins: [ externals({ deps: false }), - modify({ - // prettier-ignore - find: /'__CITATIONS__'/g, - replace: JSON.stringify(citationData, null, 2), - }), - modify({ - // Patch to mitigate DOM Clobbering vulnerability - find: /document\.currentScript/g, - replace: `(typeof document !== 'undefined' && + modify( + { + // prettier-ignore + find: /'__CITATIONS__'/g, + replace: JSON.stringify(citationData, null, 2), + }, + { + // Patch to mitigate DOM Clobbering vulnerability + find: /document\.currentScript/g, + replace: `(typeof document !== 'undefined' && document.currentScript && document.currentScript.tagName && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript)`, - }), + } + ), resolve({ preferBuiltins: false }), esbuild({ ...esBuildPluginOptions, target: "es2015", minify: true }), commonjs(commonjsPluginOptions),