Updating index.js to patch the TT violation using the Function workaround
Change-Id: I857bf52804157c537cd1eabe5091c6929983e55d
diff --git a/index.js b/index.js
index 253d574..ed5bb1d 100644
--- a/index.js
+++ b/index.js
@@ -5,17 +5,42 @@
var isFnRegex = /^\s*(?:function)?\*/;
var hasToStringTag = require('has-tostringtag/shams')();
var getProto = Object.getPrototypeOf;
+
+class TrustedFunction {
+ static policy = trustedTypes.createPolicy('TrustedFunctionWorkaround', {
+ createScript: (_, ...args) => {
+ args.forEach( (arg) => {
+ if (!trustedTypes.isScript(arg)) {
+ throw new Error("TrustedScripts only, please");
+ }
+ });
+
+ // NOTE: This is insecure without parsing the arguments and body,
+ // Malicious inputs can escape the function body and execute immediately!
+
+ const fnArgs = args.slice(0, -1).join(',');
+ const fnBody = args.pop().toString();
+ const body = `(function anonymous(
+ ${fnArgs}
+ ) {
+ ${fnBody}
+ })`;
+ return body;
+ }
+ });
+
+ constructor(...args) {
+ return (window || self).eval(TrustedFunction.policy.createScript('', ...args));
+ }
+}
+
var getGeneratorFunc = function () { // eslint-disable-line consistent-return
if (!hasToStringTag) {
return false;
}
try {
if (self.trustedTypes && self.trustedTypes.createPolicy) {
- const policy = trustedTypes.createPolicy("myEscapePolicy", {
- createScript: (_ignored) => "return function*() {}",
- });
- const safeScript = policy.createScript("_ignored");
- return Function(safeScript);
+ return TrustedFunction('return function*() {}');
}
else {
return Function('return function*() {}')();
