From 5b83deb043296c23ff912a2472703c1f7faddb4b Mon Sep 17 00:00:00 2001 From: Literallie Date: Thu, 19 Oct 2017 22:48:13 +0200 Subject: [PATCH] Load js-url lib using legacy-loader Doesn't use eval, plus no window object access --- package.json | 1 + public/js/history.js | 6 ++++-- public/js/index.js | 7 +++++-- webpackBaseConfig.js | 10 +++++++--- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index 35fe4f9..0d9f501 100644 --- a/package.json +++ b/package.json @@ -56,6 +56,7 @@ "js-yaml": "^3.7.0", "jsdom-nogyp": "^0.8.3", "keymaster": "^1.6.2", + "legacy-loader": "0.0.2", "list.js": "^1.5.0", "lodash": "^4.17.4", "lz-string": "1.4.4", diff --git a/public/js/history.js b/public/js/history.js index e14b80d..da82fd0 100644 --- a/public/js/history.js +++ b/public/js/history.js @@ -12,14 +12,16 @@ import { urlpath } from './lib/config' +var jsUrl = require('js-url') + window.migrateHistoryFromTempCallback = null migrateHistoryFromTemp() function migrateHistoryFromTemp () { - if (window.url('#tempid')) { + if (jsUrl('#tempid')) { $.get(`${serverurl}/temp`, { - tempid: window.url('#tempid') + tempid: jsUrl('#tempid') }) .done(data => { if (data && data.temp) { diff --git a/public/js/index.js b/public/js/index.js index b336af9..25bd1c3 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -3,6 +3,7 @@ modeType, Idle, serverurl, key, gapi, Dropbox, FilePicker ot, MediaUploader, hex2rgb, num_loaded, Visibility */ + require('../vendor/showup/showup') require('../css/index.css') @@ -21,6 +22,8 @@ import _ from 'lodash' import List from 'list.js' +var jsUrl = require('js-url') + import { checkLoginStateChanged, setloginStateChangeEvent @@ -1474,12 +1477,12 @@ $('#gistImportModalConfirm').click(function () { if (!isValidURL(gisturl)) { showMessageModal(' Import from Gist', 'Not a valid URL :(', '', '', false) } else { - var hostname = window.url('hostname', gisturl) + var hostname = jsUrl('hostname', gisturl) if (hostname !== 'gist.github.com') { showMessageModal(' Import from Gist', 'Not a valid Gist URL :(', '', '', false) } else { ui.spinner.show() - $.get('https://api.github.com/gists/' + window.url('-1', gisturl)) + $.get('https://api.github.com/gists/' + jsUrl('-1', gisturl)) .done(function (data) { if (data.files) { var contents = '' diff --git a/webpackBaseConfig.js b/webpackBaseConfig.js index 41a63e7..71a8f2e 100644 --- a/webpackBaseConfig.js +++ b/webpackBaseConfig.js @@ -190,7 +190,7 @@ module.exports = { index: [ 'babel-polyfill', 'script!jquery-ui-resizable', - 'script!js-url', + 'js-url', 'expose?filterXSS!xss', 'script!Idle.Js', 'expose?LZString!lz-string', @@ -241,7 +241,7 @@ module.exports = { 'expose?jsyaml!js-yaml', 'script!mermaid', 'expose?moment!moment', - 'script!js-url', + 'js-url', 'script!handlebars', 'expose?hljs!highlight.js', 'expose?emojify!emojify.js', @@ -374,7 +374,8 @@ module.exports = { 'bootstrap-tooltip': path.join(__dirname, 'public/vendor/bootstrap/tooltip.min.js'), 'headjs': path.join(__dirname, 'node_modules/reveal.js/lib/js/head.min.js'), 'reveal-markdown': path.join(__dirname, 'public/js/reveal-markdown.js'), - abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js') + abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js'), + 'js-url': path.join(__dirname, 'node_modules/js-url/url.js') } }, @@ -429,6 +430,9 @@ module.exports = { }, { test: /\.gif(\?v=\d+\.\d+\.\d+)?$/, loader: 'url?limit=10000&mimetype=image/gif' + }, { + test: /\/node_modules\/js-url\/url.js/, + loader: 'legacy' }] }, node: {