search

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
http://jsxss.com
Other
5.19k stars 630 forks source link

Allow default imports in TS #200

Closed danvk closed 4 years ago

danvk commented 4 years ago

This makes the ES6 version of the example on the homepage work:

import xss from "xss";
const html = xss('<script>alert("xss");</script>');
console.log(html);

Note that this only works if esModuleInterop is set to true, which is officially recommended (tsc init produces a tsconfig.json file with it set). You can read more about it here.

The existing type tests seemed to be broken before this PR:

$ npm install typescript
$ tsc --version
Version 3.9.7
$ tsc --noEmit -p typings/tsconfig.json
typings/xss-tests.ts:9:22 - error TS2307: Cannot find module 'xss' or its corresponding type declarations.

9 import * as xss from "xss";
                       ~~~~~

typings/xss-tests.ts:30:14 - error TS7006: Parameter 'str' implicitly has an 'any' type.

30   escapeHtml(str) {
                ~~~

typings/xss-tests.ts:34:9 - error TS7006: Parameter 'tag' implicitly has an 'any' type.

34   onTag(tag, html, options) {
           ~~~

typings/xss-tests.ts:34:14 - error TS7006: Parameter 'html' implicitly has an 'any' type.

34   onTag(tag, html, options) {
                ~~~~

typings/xss-tests.ts:34:20 - error TS7006: Parameter 'options' implicitly has an 'any' type.

34   onTag(tag, html, options) {
                      ~~~~~~~

typings/xss-tests.ts:37:15 - error TS7006: Parameter 'tag' implicitly has an 'any' type.

37   onIgnoreTag(tag, html) {}
                 ~~~

typings/xss-tests.ts:37:20 - error TS7006: Parameter 'html' implicitly has an 'any' type.

37   onIgnoreTag(tag, html) {}
                      ~~~~

Found 7 errors.

After it they are not:

$ tsc -p typings/tsconfig.json
danvk commented 4 years ago

The PR Quality Review check is about adding a console.log in a test file:

image

This is done in other test files as well https://github.com/leizongmin/js-xss/blob/b68163f444806cdb65ff64b80b0bc6c43d75d616/typings/xss-tests.ts#L16-L19

continuous-integration/travis-ci/pr is also broken on master.

leizongmin commented 4 years ago

Thank you. This change will be included in the next release version.

leizongmin commented 4 years ago

I just published a new version xss@1.0.8 including this changes. Thanks for your pull request.

danvk commented 4 years ago

Thanks for the quick release, @leizongmin! I merged this update into my project and it works great.