HoshinoKoji/jsPsych
1
0
Fork 0
mirror of https://github.com/jspsych/jsPsych.git synced 2025-05-10 19:20:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add patches to fix DOM clobbering

Browse Source
This commit is contained in:
cchang-vassar 2025-01-08 15:47:27 -05:00
parent 54be7a03c8
commit 80c4989431
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
packages/config/rollup.js
View File

@ -81,6 +81,15 @@ const makeConfig = ({
find: /'__CITATIONS__'/g, find: /'__CITATIONS__'/g,
replace: JSON.stringify(citationData, null, 2), replace: JSON.stringify(citationData, null, 2),
}), }),
modify({
// Patch to mitigate DOM Clobbering vulnerability
find: /document\.currentScript/g,
replace: `(typeof document !== 'undefined' &&
document.currentScript &&
document.currentScript.tagName &&
document.currentScript.tagName.toUpperCase() === 'SCRIPT' &&
document.currentScript)`,
}),
esbuild({ ...esBuildPluginOptions, target: "node18" }), esbuild({ ...esBuildPluginOptions, target: "node18" }),
commonjs(commonjsPluginOptions), commonjs(commonjsPluginOptions),
], ],
@ -111,6 +120,15 @@ const makeConfig = ({
find: /'__CITATIONS__'/g, find: /'__CITATIONS__'/g,
replace: JSON.stringify(citationData, null, 2), replace: JSON.stringify(citationData, null, 2),
}), }),
modify({
// Patch to mitigate DOM Clobbering vulnerability
find: /document\.currentScript/g,
replace: `(typeof document !== 'undefined' &&
document.currentScript &&
document.currentScript.tagName &&
document.currentScript.tagName.toUpperCase() === 'SCRIPT' &&
document.currentScript)`,
}),
resolve({ preferBuiltins: false }), resolve({ preferBuiltins: false }),
esbuild({ ...esBuildPluginOptions, target: "esnext" }), esbuild({ ...esBuildPluginOptions, target: "esnext" }),
commonjs(commonjsPluginOptions), commonjs(commonjsPluginOptions),
@ -135,6 +153,15 @@ const makeConfig = ({
find: /'__CITATIONS__'/g, find: /'__CITATIONS__'/g,
replace: JSON.stringify(citationData, null, 2), replace: JSON.stringify(citationData, null, 2),
}), }),
modify({
// Patch to mitigate DOM Clobbering vulnerability
find: /document\.currentScript/g,
replace: `(typeof document !== 'undefined' &&
document.currentScript &&
document.currentScript.tagName &&
document.currentScript.tagName.toUpperCase() === 'SCRIPT' &&
document.currentScript)`,
}),
resolve({ preferBuiltins: false }), resolve({ preferBuiltins: false }),
esbuild({ ...esBuildPluginOptions, target: "es2015", minify: true }), esbuild({ ...esBuildPluginOptions, target: "es2015", minify: true }),
commonjs(commonjsPluginOptions), commonjs(commonjsPluginOptions),