From 11eb817cdfacf56c02d7005cbe520ffbeb0fe59a Mon Sep 17 00:00:00 2001 From: Benjamin Tan Date: Sat, 20 Feb 2021 23:33:13 +0800 Subject: [PATCH] Bump to v4.17.21 --- README.md | 4 ++-- _baseTrim.js | 19 +++++++++++++++++++ _trimmedEndIndex.js | 19 +++++++++++++++++++ lodash.default.js | 2 +- package.json | 2 +- parseInt.js | 2 +- template.js | 21 +++++++++++++++++++++ toNumber.js | 6 ++---- trim.js | 6 ++---- trimEnd.js | 6 ++---- trimStart.js | 2 +- 11 files changed, 71 insertions(+), 18 deletions(-) create mode 100644 _baseTrim.js create mode 100644 _trimmedEndIndex.js diff --git a/README.md b/README.md index aea0080cd..48ef00164 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# lodash-es v4.17.20 +# lodash-es v4.17.21 The [Lodash](https://lodash.com/) library exported as [ES](http://www.ecma-international.org/ecma-262/6.0/) modules. @@ -7,4 +7,4 @@ Generated using [lodash-cli](https://www.npmjs.com/package/lodash-cli): $ lodash modularize exports=es -o ./ ``` -See the [package source](https://github.com/lodash/lodash/tree/4.17.20-es) for more details. +See the [package source](https://github.com/lodash/lodash/tree/4.17.21-es) for more details. diff --git a/_baseTrim.js b/_baseTrim.js new file mode 100644 index 000000000..669f793a3 --- /dev/null +++ b/_baseTrim.js @@ -0,0 +1,19 @@ +import trimmedEndIndex from './_trimmedEndIndex.js'; + +/** Used to match leading whitespace. */ +var reTrimStart = /^\s+/; + +/** + * The base implementation of `_.trim`. + * + * @private + * @param {string} string The string to trim. + * @returns {string} Returns the trimmed string. + */ +function baseTrim(string) { + return string + ? string.slice(0, trimmedEndIndex(string) + 1).replace(reTrimStart, '') + : string; +} + +export default baseTrim; diff --git a/_trimmedEndIndex.js b/_trimmedEndIndex.js new file mode 100644 index 000000000..5f92fbe7f --- /dev/null +++ b/_trimmedEndIndex.js @@ -0,0 +1,19 @@ +/** Used to match a single whitespace character. */ +var reWhitespace = /\s/; + +/** + * Used by `_.trim` and `_.trimEnd` to get the index of the last non-whitespace + * character of `string`. + * + * @private + * @param {string} string The string to inspect. + * @returns {number} Returns the index of the last non-whitespace character. + */ +function trimmedEndIndex(string) { + var index = string.length; + + while (index-- && reWhitespace.test(string.charAt(index))) {} + return index; +} + +export default trimmedEndIndex; diff --git a/lodash.default.js b/lodash.default.js index 9772408bb..0e2529d8e 100644 --- a/lodash.default.js +++ b/lodash.default.js @@ -45,7 +45,7 @@ import toInteger from './toInteger.js'; import lodash from './wrapperLodash.js'; /** Used as the semantic version number. */ -var VERSION = '4.17.20'; +var VERSION = '4.17.21'; /** Used to compose bitmasks for function metadata. */ var WRAP_BIND_KEY_FLAG = 2; diff --git a/package.json b/package.json index 31d0df655..b9fed9bb6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "lodash-es", - "version": "4.17.20", + "version": "4.17.21", "description": "Lodash exported as ES modules.", "keywords": "es6, modules, stdlib, util", "homepage": "https://lodash.com/custom-builds", diff --git a/parseInt.js b/parseInt.js index 3400b6b9e..d7a8ec1bb 100644 --- a/parseInt.js +++ b/parseInt.js @@ -1,7 +1,7 @@ import root from './_root.js'; import toString from './toString.js'; -/** Used to match leading and trailing whitespace. */ +/** Used to match leading whitespace. */ var reTrimStart = /^\s+/; /* Built-in method references for those with the same name as other `lodash` methods. */ diff --git a/template.js b/template.js index a746c3268..769e1b30f 100644 --- a/template.js +++ b/template.js @@ -10,11 +10,26 @@ import reInterpolate from './_reInterpolate.js'; import templateSettings from './templateSettings.js'; import toString from './toString.js'; +/** Error message constants. */ +var INVALID_TEMPL_VAR_ERROR_TEXT = 'Invalid `variable` option passed into `_.template`'; + /** Used to match empty string literals in compiled template source. */ var reEmptyStringLeading = /\b__p \+= '';/g, reEmptyStringMiddle = /\b(__p \+=) '' \+/g, reEmptyStringTrailing = /(__e\(.*?\)|\b__t\)) \+\n'';/g; +/** + * Used to validate the `validate` option in `_.template` variable. + * + * Forbids characters which could potentially change the meaning of the function argument definition: + * - "()," (modification of function parameters) + * - "=" (default value) + * - "[]{}" (destructuring of function parameters) + * - "/" (beginning of a comment) + * - whitespace + */ +var reForbiddenIdentifierChars = /[()=,{}\[\]\/\s]/; + /** * Used to match * [ES template delimiters](http://ecma-international.org/ecma-262/7.0/#sec-template-literal-lexical-components). @@ -210,6 +225,12 @@ function template(string, options, guard) { if (!variable) { source = 'with (obj) {\n' + source + '\n}\n'; } + // Throw an error if a forbidden character was found in `variable`, to prevent + // potential command injection attacks. + else if (reForbiddenIdentifierChars.test(variable)) { + throw new Error(INVALID_TEMPL_VAR_ERROR_TEXT); + } + // Cleanup code by stripping empty strings. source = (isEvaluating ? source.replace(reEmptyStringLeading, '') : source) .replace(reEmptyStringMiddle, '$1') diff --git a/toNumber.js b/toNumber.js index 430bf226c..8e59f78cd 100644 --- a/toNumber.js +++ b/toNumber.js @@ -1,12 +1,10 @@ +import baseTrim from './_baseTrim.js'; import isObject from './isObject.js'; import isSymbol from './isSymbol.js'; /** Used as references for various `Number` constants. */ var NAN = 0 / 0; -/** Used to match leading and trailing whitespace. */ -var reTrim = /^\s+|\s+$/g; - /** Used to detect bad signed hexadecimal string values. */ var reIsBadHex = /^[-+]0x[0-9a-f]+$/i; @@ -56,7 +54,7 @@ function toNumber(value) { if (typeof value != 'string') { return value === 0 ? value : +value; } - value = value.replace(reTrim, ''); + value = baseTrim(value); var isBinary = reIsBinary.test(value); return (isBinary || reIsOctal.test(value)) ? freeParseInt(value.slice(2), isBinary ? 2 : 8) diff --git a/trim.js b/trim.js index 11ec4d7d3..55202ffbe 100644 --- a/trim.js +++ b/trim.js @@ -1,13 +1,11 @@ import baseToString from './_baseToString.js'; +import baseTrim from './_baseTrim.js'; import castSlice from './_castSlice.js'; import charsEndIndex from './_charsEndIndex.js'; import charsStartIndex from './_charsStartIndex.js'; import stringToArray from './_stringToArray.js'; import toString from './toString.js'; -/** Used to match leading and trailing whitespace. */ -var reTrim = /^\s+|\s+$/g; - /** * Removes leading and trailing whitespace or specified characters from `string`. * @@ -33,7 +31,7 @@ var reTrim = /^\s+|\s+$/g; function trim(string, chars, guard) { string = toString(string); if (string && (guard || chars === undefined)) { - return string.replace(reTrim, ''); + return baseTrim(string); } if (!string || !(chars = baseToString(chars))) { return string; diff --git a/trimEnd.js b/trimEnd.js index 4215af3d4..a25791828 100644 --- a/trimEnd.js +++ b/trimEnd.js @@ -3,9 +3,7 @@ import castSlice from './_castSlice.js'; import charsEndIndex from './_charsEndIndex.js'; import stringToArray from './_stringToArray.js'; import toString from './toString.js'; - -/** Used to match leading and trailing whitespace. */ -var reTrimEnd = /\s+$/; +import trimmedEndIndex from './_trimmedEndIndex.js'; /** * Removes trailing whitespace or specified characters from `string`. @@ -29,7 +27,7 @@ var reTrimEnd = /\s+$/; function trimEnd(string, chars, guard) { string = toString(string); if (string && (guard || chars === undefined)) { - return string.replace(reTrimEnd, ''); + return string.slice(0, trimmedEndIndex(string) + 1); } if (!string || !(chars = baseToString(chars))) { return string; diff --git a/trimStart.js b/trimStart.js index aa00c50f3..4fe1cae2d 100644 --- a/trimStart.js +++ b/trimStart.js @@ -4,7 +4,7 @@ import charsStartIndex from './_charsStartIndex.js'; import stringToArray from './_stringToArray.js'; import toString from './toString.js'; -/** Used to match leading and trailing whitespace. */ +/** Used to match leading whitespace. */ var reTrimStart = /^\s+/; /**