Moves the main file to project root and removes build (#380)

* Moves the main file to project root and removes build

* Replaces test reference to dist file

* Removes dist dir

Author: abea

.eslintignore

@@ -1,2 +1 @@
 node_modules
-dist

.gitignore

@@ -2,6 +2,5 @@ package-lock.json
 npm-debug.log
 *.DS_Store
 node_modules
-dist
 # We do not commit CSS, only LESS
 public/css/*.css

CHANGELOG.md

@@ -1,6 +1,7 @@
 ## Changelog
 
 2.0.0-beta:
+- Moves the `index.js` file to the project root and removes all build steps within the package. Going forward, it is up to the developer to include sanitize-html in their project builds as-needed. This removes major points of conflict with project code and frees this module to not worry about myriad build-related questions.
 - Replaces lodash with utility packages: klona, is-plain-object, deepmerge, escape-string-regexp.
 
 1.27.1 (2020-07-15):

src/index.js renamed to index.js

@@ -164,7 +164,7 @@ function sanitizeHtml(html, options, _recursing) {
     var transFun;
     if (typeof transform === 'function') {
       transFun = transform;
-    } else if (typeof transform === "string") {
+    } else if (typeof transform === 'string') {
       transFun = sanitizeHtml.simpleTransform(transform);
     }
     if (tag === '*') {
@@ -306,7 +306,7 @@ function sanitizeHtml(html, options, _recursing) {
                 if (isRelativeUrl) {
                   // default value of allowIframeRelativeUrls is true
                   // unless allowedIframeHostnames or allowedIframeDomains specified
-                  allowed = has(options, "allowIframeRelativeUrls")
+                  allowed = has(options, 'allowIframeRelativeUrls')
                     ? options.allowIframeRelativeUrls
                     : (!options.allowedIframeHostnames && !options.allowedIframeDomains);
                 } else if (options.allowedIframeHostnames || options.allowedIframeDomains) {
@@ -362,7 +362,7 @@ function sanitizeHtml(html, options, _recursing) {
             }
             if (a === 'style') {
               try {
-                var abstractSyntaxTree = postcss.parse(name + " {" + value + "}");
+                var abstractSyntaxTree = postcss.parse(name + ' {' + value + '}');
                 var filteredAST = filterCss(abstractSyntaxTree, options.allowedStyles);
 
                 value = stringifyStyleAttributes(filteredAST);
@@ -386,9 +386,9 @@ function sanitizeHtml(html, options, _recursing) {
         });
       }
       if (options.selfClosing.indexOf(name) !== -1) {
-        result += " />";
+        result += ' />';
       } else {
-        result += ">";
+        result += '>';
         if (frame.innerText && !hasText && !options.textFilter) {
           result += frame.innerText;
         }
@@ -481,7 +481,7 @@ function sanitizeHtml(html, options, _recursing) {
         return;
       }
 
-      result += "</" + name + ">";
+      result += '</' + name + '>';
       if (skip) {
         result = tempResult + escapeHtml(result);
         tempResult = '';

package.json

@@ -3,15 +3,9 @@
   "version": "1.27.1",
   "description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis",
   "sideEffects": false,
-  "main": "dist/sanitize-html.js",
-  "files": [
-    "dist/"
-  ],
+  "main": "index.js",
   "scripts": {
-    "build": "mkdir -p dist && browserify src/index.js > dist/sanitize-html-es2015.js --standalone 'sanitizeHtml' && babel dist/sanitize-html-es2015.js --out-file dist/sanitize-html.js --presets=@babel/preset-env",
-    "minify": "npm run build && uglifyjs dist/sanitize-html.js > dist/sanitize-html.min.js",
-    "prepublishOnly": "npm run minify",
-    "test": "npx eslint . && npm run prepublishOnly && mocha test/test.js"
+    "test": "npx eslint . && mocha test/test.js"
   },
   "repository": {
     "type": "git",
@@ -35,11 +29,6 @@
     "srcset": "^2.0.1"
   },
   "devDependencies": {
-    "@babel/cli": "^7.8.4",
-    "@babel/core": "^7.8.4",
-    "@babel/preset-env": "^7.8.4",
-    "babelify": "^10.0.0",
-    "browserify": "^16.2.3",
     "eslint": "^4.0.0",
     "eslint-config-apostrophe": "^3.1.0",
     "eslint-config-standard": "^11.0.0",
@@ -48,7 +37,6 @@
     "eslint-plugin-promise": "^3.8.0",
     "eslint-plugin-standard": "^3.1.0",
     "mocha": "^5.2.0",
-    "sinon": "^9.0.2",
-    "uglify-js": "^3.8.0"
+    "sinon": "^9.0.2"
   }
-}
+}

test/test.js

@@ -1,11 +1,11 @@
 /* eslint-disable no-useless-escape */
-var assert = require("assert");
+var assert = require('assert');
 const sinon = require('sinon');
 
 describe('sanitizeHtml', function() {
   var sanitizeHtml;
   it('should be successfully initialized', function() {
-    sanitizeHtml = require('../dist/sanitize-html.js');
+    sanitizeHtml = require('../index.js');
   });
   it('should escape self closing tags', () => {
     assert.equal(sanitizeHtml('before <img src="test.png" /> after', {
@@ -241,7 +241,7 @@ describe('sanitizeHtml', function() {
     );
   });
 
-  it("Should expose a node's inner text and inner HTML to the filter", function() {
+  it('Should expose a node\'s inner text and inner HTML to the filter', function() {
     assert.strictEqual(
       sanitizeHtml('<p>12<a href="http://www.linux.org"><br/>3<br></a><span>4</span></p>', {
         exclusiveFilter: function(frame) {
@@ -390,7 +390,7 @@ describe('sanitizeHtml', function() {
   it('should not crash on bad markup', function() {
     assert.equal(
       sanitizeHtml(
-        "<p a"
+        '<p a'
       ),
       ''
     );
@@ -415,7 +415,7 @@ describe('sanitizeHtml', function() {
 
   it('should deliver a warning if using vulnerable tags', function() {
     const spy = sinon.spy(console, 'warn');
-    const message = `\n\n⚠️ Your \`allowedTags\` option includes, \`style\`, which is inherently\nvulnerable to XSS attacks. Please remove it from \`allowedTags\`.\nOr, to disable this warning, add the \`allowVulnerableTags\` option\nand ensure you are accounting for this risk.\n\n`;
+    const message = '\n\n⚠️ Your `allowedTags` option includes, `style`, which is inherently\nvulnerable to XSS attacks. Please remove it from `allowedTags`.\nOr, to disable this warning, add the `allowVulnerableTags` option\nand ensure you are accounting for this risk.\n\n';
 
     sanitizeHtml(
       '<style></style>',
@@ -618,27 +618,27 @@ describe('sanitizeHtml', function() {
   });
   it('should respect htmlparser2 options when passed in', function() {
     assert.equal(
-      sanitizeHtml("<Archer><Sterling>I am</Sterling></Archer>", {
+      sanitizeHtml('<Archer><Sterling>I am</Sterling></Archer>', {
         allowedTags: false,
         allowedAttributes: false
       }),
-      "<archer><sterling>I am</sterling></archer>"
+      '<archer><sterling>I am</sterling></archer>'
     );
     assert.equal(
-      sanitizeHtml("<Archer><Sterling>I am</Sterling></Archer>", {
+      sanitizeHtml('<Archer><Sterling>I am</Sterling></Archer>', {
         allowedTags: false,
         allowedAttributes: false,
         parser: {
           lowerCaseTags: false
         }
       }),
-      "<Archer><Sterling>I am</Sterling></Archer>"
+      '<Archer><Sterling>I am</Sterling></Archer>'
     );
   });
   it('should not crash due to tag names that are properties of the universal Object prototype', function() {
     assert.equal(
-      sanitizeHtml("!<__proto__>!"),
-      "!!");
+      sanitizeHtml('!<__proto__>!'),
+      '!!');
   });
   it('should correctly maintain escaping when allowing a nonTextTags tag other than script or style', function() {
     assert.equal(
@@ -719,10 +719,10 @@ describe('sanitizeHtml', function() {
       sanitizeHtml(sanitizeString, {
         allowedTags: false,
         allowedAttributes: {
-          '*': ["dir"],
-          p: ["dir", "style"],
-          li: ["style"],
-          span: ["style"]
+          '*': ['dir'],
+          p: ['dir', 'style'],
+          li: ['style'],
+          span: ['style']
         },
         allowedStyles: {
           '*': {
@@ -737,44 +737,44 @@ describe('sanitizeHtml', function() {
   });
   it('Should remove empty style tags', function() {
     assert.equal(
-      sanitizeHtml("<span style=''></span>", {
+      sanitizeHtml('<span style=\'\'></span>', {
         allowedTags: false,
         allowedAttributes: false
       }),
-      "<span></span>"
+      '<span></span>'
     );
   });
   it('Should remote invalid styles', function() {
     assert.equal(
-      sanitizeHtml("<span style='color: blue; text-align: justify'></span>", {
+      sanitizeHtml('<span style=\'color: blue; text-align: justify\'></span>', {
         allowedTags: false,
         allowedAttributes: {
-          "span": ["style"]
+          'span': ['style']
         },
         allowedStyles: {
           'span': {
-            "color": [/blue/],
-            "text-align": [/left/]
+            'color': [/blue/],
+            'text-align': [/left/]
           }
         }
       }), '<span style="color:blue"></span>'
     );
   });
   it('Should allow a specific style from global', function() {
     assert.equal(
-      sanitizeHtml("<span style='color: yellow; text-align: center; font-family: helvetica'></span>", {
+      sanitizeHtml('<span style=\'color: yellow; text-align: center; font-family: helvetica\'></span>', {
         allowedTags: false,
         allowedAttributes: {
-          "span": ["style"]
+          'span': ['style']
         },
         allowedStyles: {
           '*': {
-            "color": [/yellow/],
-            "text-align": [/center/]
+            'color': [/yellow/],
+            'text-align': [/center/]
           },
           'span': {
-            "color": [/green/],
-            "font-family": [/helvetica/]
+            'color': [/green/],
+            'font-family': [/helvetica/]
           }
         }
       }), '<span style="color:yellow;text-align:center;font-family:helvetica"></span>'