Fixing a bug in index.js
Change-Id: I780911777af2ff3aada08f0abc12b0ff3c12c333
diff --git a/index.js b/index.js
index ae9515f..7c9fb6e 100644
--- a/index.js
+++ b/index.js
@@ -6,32 +6,34 @@
var hasToStringTag = require('has-tostringtag/shams')();
var getProto = Object.getPrototypeOf;
-class TrustedFunction {
- static policy = self.trustedTypes.createPolicy('TrustedFunctionWorkaround', {
- createScript: (_, ...args) => {
- args.forEach( (arg) => {
- if (!self.trustedTypes.isScript(arg)) {
- throw new Error("TrustedScripts only, please");
- }
- });
+if (self.trustedTypes && self.trustedTypes.createPolicy) {
+ class TrustedFunction {
+ static policy = self.trustedTypes.createPolicy('TrustedFunctionWorkaround', {
+ createScript: (_, ...args) => {
+ args.forEach( (arg) => {
+ if (!self.trustedTypes.isScript(arg)) {
+ throw new Error("TrustedScripts only, please");
+ }
+ });
- // NOTE: This is insecure without parsing the arguments and body,
- // Malicious inputs can escape the function body and execute immediately!
+ // NOTE: This is insecure without parsing the arguments and body,
+ // Malicious inputs can escape the function body and execute immediately!
- const fnArgs = args.slice(0, -1).join(',');
- const fnBody = args.pop().toString();
- const body = `(function anonymous(
- ${fnArgs}
- ) {
- ${fnBody}
- })`;
- return body;
- }
- });
+ const fnArgs = args.slice(0, -1).join(',');
+ const fnBody = args.pop().toString();
+ const body = `(function anonymous(
+ ${fnArgs}
+ ) {
+ ${fnBody}
+ })`;
+ return body;
+ }
+ });
- constructor(...args) {
- return (window || self).eval(TrustedFunction.policy.createScript('', ...args));
- }
+ constructor(...args) {
+ return (window || self).eval(TrustedFunction.policy.createScript('', ...args));
+ }
+ }
}
var getGeneratorFunc = function () { // eslint-disable-line consistent-return
