Update fork #2
Update fork #2
Conversation
[angular-snippet]drop the watchers on the console as well as their number
WalkthroughThe updates involve enhancements to various configuration and script files in a Node.js project. Key changes include modifications to Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant BuildSystem
participant Repository
User->>BuildSystem: Trigger build
BuildSystem->>Repository: Fetch code
BuildSystem->>BuildSystem: Cache node_modules
BuildSystem->>BuildSystem: Install npm@^2.0.0
BuildSystem->>BuildSystem: Run tests
BuildSystem->>BuildSystem: Execute npm run semantic-release
BuildSystem->>User: Notify build success
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configuration File (
|
Hard-Coded Secrets (1)
More info on how to fix Hard-Coded Secrets in General. 👉 Go to the dashboard for detailed results. 📥 Happy? Share your feedback with us. |
|
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/grunt-deps-ok@0.8.0), npm/grunt-nice-package@0.9.6), npm/pre-git@1.4.0) |
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat are git dependencies?Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install. Publish the git dependency to npm or a private package repository and consume it from there. What is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
There was a problem hiding this comment.
Actionable comments posted: 3
Outside diff range, codebase verification and nitpick comments (2)
remove-all-but.js (1)
1-21: Documentation: Clear and detailed commentsThe comments provide a clear and detailed explanation of the function's purpose and usage, which is helpful for understanding the code.
Consider adding an example of the function call in the comments for better clarity.
README.md (1)
11-11: Nitpick: Remove spaces inside link text.Spaces inside link text should be removed for consistency.
Apply this diff to remove spaces inside link text:
- [![semantic-release][semantic-image] ][semantic-url] + [![semantic-release][semantic-image]][semantic-url]Tools
Markdownlint
11-11: null
Spaces inside link text(MD039, no-space-in-links)
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (9)
- .travis.yml (1 hunks)
- README.md (5 hunks)
- bower.json (1 hunks)
- css-layout.js (1 hunks)
- harlem-shake-xss.js (1 hunks)
- ng-count-watchers.js (1 hunks)
- package.json (2 hunks)
- remove-all-but.js (1 hunks)
- utils/.jshintrc (1 hunks)
Files skipped from review due to trivial changes (1)
- css-layout.js
Additional context used
Biome
remove-all-but.js
[error] 23-23: Redundant use strict directive.
The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.(lint/suspicious/noRedundantUseStrict)
ng-count-watchers.js
[error] 55-55: Change to an optional chain.
Unsafe fix: Change to an optional chain.
(lint/complexity/useOptionalChain)
harlem-shake-xss.js
[error] 4-5: eval() exposes to security risks and performance issues.
See the MDN web docs for more details.
Refactor the code so that it doesn't need to call eval().(lint/security/noGlobalEval)
Markdownlint
README.md
11-11: null
Spaces inside link text(MD039, no-space-in-links)
47-47: null
Link fragments should be valid(MD051, link-fragments)
LanguageTool
README.md
[uncategorized] ~57-~57: Possible missing article found.
Context: ... * css-layout.js draws boundary around every DOM element for clarity....(AI_HYDRA_LEO_MISSING_A)
[style] ~102-~102: To form a complete sentence, be sure to include a subject.
Context: ... in the trees with specified selectors. Can be used to quickly clean up the page an...(MISSING_IT_THERE)
[uncategorized] ~111-~111: Did you mean the adverb “anymore”?
Context: ... Note: the approach below does not work any more, see [the open issue](https://github.co...(ANY_MORE)
Additional comments not posted (34)
.travis.yml (7)
2-5: Enhancement: Cache node_modules to optimize build timesCaching
node_moduleswill help in reducing build times by reusing previously installed dependencies.The code changes are approved.
6-7: Improvement: Disable email notificationsDisabling email notifications will streamline communication during the build process.
The code changes are approved.
9-9: Upgrade: Update Node.js versionUpdating the Node.js version from
0.12to4reflects a significant upgrade in the runtime environment, ensuring compatibility with newer features.The code changes are approved.
10-11: Enhancement: Install specific npm version globallyInstalling a specific version of npm globally ensures that the build uses a compatible package manager version.
The code changes are approved.
12-13: Enhancement: Add npm prune commandAdding
npm prunein thebefore_scriptstep cleans up unnecessary packages before the main script runs, ensuring a clean environment.The code changes are approved.
14-15: Enhancement: Automate release processAdding
npm run semantic-releasein theafter_successsection automates the release process, improving the overall development workflow.The code changes are approved.
17-18: Enhancement: Flexible branch managementExcluding versioned branches that match the regex pattern for semantic versioning allows for more flexible branch management during the CI process.
The code changes are approved.
bower.json (1)
4-4: Update: Shift to semantic versioningUpdating the version to "0.0.0-semantic-release" indicates a shift to semantic versioning, which emphasizes the significance of version numbers in relation to changes made to the codebase.
The code changes are approved.
remove-all-but.js (5)
25-28: Validation: Ensure at least one selector is providedThe code correctly throws an error if no selectors are provided, ensuring proper validation.
The code changes are approved.
30-32: Optimization: Efficiently gather elements to keepThe code efficiently gathers elements to keep using
querySelectorAllandreduce.The code changes are approved.
34-38: Functionality: Correctly determine elements to keepThe
shouldKeepfunction correctly determines whether an element should be kept based on its relationship to the elements in thekeeparray.The code changes are approved.
40-48: Functionality: Remove elements not in the keep listThe code correctly removes elements that are not in the
keeplist, ensuring the desired functionality.The code changes are approved.
50-50: Logging: Informative log messageThe log message provides useful information about the number of elements removed.
The code changes are approved.
utils/.jshintrc (1)
33-33: LGTM!The change to enable ESNext features is appropriate and will allow the use of modern JavaScript syntax and functionalities.
The code changes are approved.
package.json (9)
4-4: LGTM!The change to semantic versioning is a good practice and will enhance clarity regarding the nature of changes in future releases.
The code changes are approved.
11-11: LGTM!The simplification of the commit message validation process is appropriate.
The code changes are approved.
13-14: LGTM!The simplification of the pre-commit process is appropriate.
The code changes are approved.
15-16: LGTM!The introduction of the pre-push hook to check the package size is a good practice.
The code changes are approved.
30-39: LGTM!The updates to the devDependencies are appropriate and ensure that the project uses the latest versions of these dependencies.
The code changes are approved.
44-47: LGTM!The addition of the files property enhances the clarity of the package structure.
The code changes are approved.
63-63: LGTM!The update to the repository URL improves accessibility for users cloning the repository.
The code changes are approved.
70-70: LGTM!The update to the semantic-release script ensures that the release process is automated and streamlined.
The code changes are approved.
71-71: LGTM!The addition of the size script to check the package size is a good practice.
The code changes are approved.
ng-count-watchers.js (10)
2-9: LGTM!The usage comments enhance the documentation and usability of the script.
The code changes are approved.
10-10: LGTM!The addition of the
startparameter enhances the functionality of the script by allowing targeted analysis of specific sections of the DOM.The code changes are approved.
13-18: LGTM!The allDescendents helper function is correctly implemented and enhances the control flow of the script.
The code changes are approved.
21-24: LGTM!The variable initialization is appropriate and supports the new functionality.
The code changes are approved.
26-29: LGTM!The conditional check for the
startparameter is appropriate and enhances the functionality of the script.The code changes are approved.
30-31: LGTM!The logging enhances the debugging capabilities of the script.
The code changes are approved.
34-34: LGTM!The addition of the maxWatchersToPrint variable is appropriate and enhances the script's debugging capabilities.
The code changes are approved.
40-47: LGTM!The countScopeWatchers function is correctly updated and enhances the tracking and reporting of individual watchers.
The code changes are approved.
51-58: LGTM!The countWatchersInData function is correctly updated and enhances the functionality of the script.
The code changes are approved.
Tools
Biome
[error] 55-55: Change to an optional chain.
Unsafe fix: Change to an optional chain.
(lint/complexity/useOptionalChain)
63-71: LGTM!The main loop is correctly updated and enhances the functionality of the script.
The code changes are approved.
README.md (1)
23-24: LGTM!The new badge for
semantic-releasehas been added correctly.The code changes are approved.
| hello | ||
| */ | ||
| (function hideAllBut() { | ||
| 'use strict'; |
There was a problem hiding this comment.
Remove redundant 'use strict' directive
The 'use strict' directive is redundant in JavaScript modules as they are automatically in strict mode.
Apply this diff to remove the redundant 'use strict' directive:
- 'use strict';Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| 'use strict'; |
Tools
Biome
[error] 23-23: Redundant use strict directive.
The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.(lint/suspicious/noRedundantUseStrict)
| // ready to dance, from https://github.com/DinisCruz/XSS-Pocs/blob/master/pocs/dance-xss.js | ||
| /* jshint -W101 */ | ||
| /* jshint -W061 */ | ||
| /* eslint no-eval:0 */ | ||
| eval(atob('IWZ1bmN0aW9uKCl7ZnVuY3Rpb24gYSgpe3ZhciBhPWRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoImxpbmsiKTthLnNldEF0dHJpYnV0ZSgidHlwZSIsInRleHQvY3NzIiksYS5zZXRBdHRyaWJ1dGUoInJlbCIsInN0eWxlc2hlZXQiKSxhLnNldEF0dHJpYnV0ZSgiaHJlZiIsdyksYS5zZXRBdHRyaWJ1dGUoImNsYXNzIix4KSxkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpfWZ1bmN0aW9uIGIoKXtmb3IodmFyIGE9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeUNsYXNzTmFtZSh4KSxiPTA7YjxhLmxlbmd0aDtiKyspZG9jdW1lbnQuYm9keS5yZW1vdmVDaGlsZChhW2JdKX1mdW5jdGlvbiBjKCl7dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iik7YS5zZXRBdHRyaWJ1dGUoImNsYXNzIix2KSxkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpLHNldFRpbWVvdXQoZnVuY3Rpb24oKXtkb2N1bWVudC5ib2R5LnJlbW92ZUNoaWxkKGEpfSwxMDApfWZ1bmN0aW9uIGQoYSl7cmV0dXJue2hlaWdodDphLm9mZnNldEhlaWdodCx3aWR0aDphLm9mZnNldFdpZHRofX1mdW5jdGlvbiBlKGEpe3ZhciBiPWQoYSk7cmV0dXJuIGIuaGVpZ2h0Pm4mJmIuaGVpZ2h0PHAmJmIud2lkdGg+byYmYi53aWR0aDxxfWZ1bmN0aW9uIGYoYSl7Zm9yKHZhciBiPWEsYz0wO2I7KWMrPWIub2Zmc2V0VG9wLGI9Yi5vZmZzZXRQYXJlbnQ7cmV0dXJuIGN9ZnVuY3Rpb24gZygpe3ZhciBhPWRvY3VtZW50LmRvY3VtZW50RWxlbWVudDtyZXR1cm4gd2luZG93LmlubmVyV2lkdGg/d2luZG93LmlubmVySGVpZ2h0OmEmJiFpc05hTihhLmNsaWVudEhlaWdodCk/YS5jbGllbnRIZWlnaHQ6MH1mdW5jdGlvbiBoKCl7cmV0dXJuIHdpbmRvdy5wYWdlWU9mZnNldD93aW5kb3cucGFnZVlPZmZzZXQ6TWF0aC5tYXgoZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnNjcm9sbFRvcCxkb2N1bWVudC5ib2R5LnNjcm9sbFRvcCl9ZnVuY3Rpb24gaShhKXt2YXIgYj1mKGEpO3JldHVybiBiPj16JiZiPD15K3p9ZnVuY3Rpb24gaigpe3ZhciBhPWRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoImF1ZGlvIik7YS5zZXRBdHRyaWJ1dGUoImNsYXNzIix4KSxhLnNyYz1yLGEubG9vcD0hMSxhLmFkZEV2ZW50TGlzdGVuZXIoImNhbnBsYXkiLGZ1bmN0aW9uKCl7c2V0VGltZW91dChmdW5jdGlvbigpe2soQil9LDUwMCksc2V0VGltZW91dChmdW5jdGlvbigpe20oKSxjKCk7Zm9yKHZhciBhPTA7YTxFLmxlbmd0aDthKyspbChFW2FdKX0sMTU1MDApfSwhMCksYS5hZGRFdmVudExpc3RlbmVyKCJlbmRlZCIsZnVuY3Rpb24oKXttKCksYigpfSwhMCksYS5pbm5lckhUTUw9IiA8cD5JZiB5b3UgYXJlIHJlYWRpbmcgdGhpcywgaXQgaXMgYmVjYXVzZSB5b3VyIGJyb3dzZXIgZG9lcyBub3Qgc3VwcG9ydCB0aGUgYXVkaW8gZWxlbWVudC4gV2UgcmVjb21tZW5kIHRoYXQgeW91IGdldCBhIG5ldyBicm93c2VyLjwvcD4gPHA+Iixkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpLGEucGxheSgpfWZ1bmN0aW9uIGsoYSl7YS5jbGFzc05hbWUrPSIgIitzKyIgIit0fWZ1bmN0aW9uIGwoYSl7YS5jbGFzc05hbWUrPSIgIitzKyIgIit1W01hdGguZmxvb3IoTWF0aC5yYW5kb20oKSp1Lmxlbmd0aCldfWZ1bmN0aW9uIG0oKXtmb3IodmFyIGE9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeUNsYXNzTmFtZShzKSxiPW5ldyBSZWdFeHAoIlxiIitzKyJcYiIpLGM9MDtjPGEubGVuZ3RoOylhW2NdLmNsYXNzTmFtZT1hW2NdLmNsYXNzTmFtZS5yZXBsYWNlKGIsIiIpfWZvcih2YXIgbj0zMCxvPTMwLHA9MzUwLHE9MzUwLHI9Ii8vczMuYW1hem9uYXdzLmNvbS9tb292d2ViLW1hcmtldGluZy9wbGF5Z3JvdW5kL2hhcmxlbS1zaGFrZS5tcDMiLHM9Im13LWhhcmxlbV9zaGFrZV9tZSIsdD0iaW1fZmlyc3QiLHU9WyJpbV9kcnVuayIsImltX2Jha2VkIiwiaW1fdHJpcHBpbiIsImltX2Jsb3duIl0sdj0ibXctc3Ryb2JlX2xpZ2h0Iix3PSIvL3MzLmFtYXpvbmF3cy5jb20vbW9vdndlYi1tYXJrZXRpbmcvcGxheWdyb3VuZC9oYXJsZW0tc2hha2Utc3R5bGUuY3NzIix4PSJtd19hZGRlZF9jc3MiLHk9ZygpLHo9aCgpLEE9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoIioiKSxCPW51bGwsQz0wO0M8QS5sZW5ndGg7QysrKXt2YXIgRD1BW0NdO2lmKGUoRCkmJmkoRCkpe0I9RDticmVha319aWYobnVsbD09PUQpcmV0dXJuIHZvaWQgY29uc29sZS53YXJuKCJDb3VsZCBub3QgZmluZCBhIG5vZGUgb2YgdGhlIHJpZ2h0IHNpemUuIFBsZWFzZSB0cnkgYSBkaWZmZXJlbnQgcGFnZS4iKTthKCksaigpO2Zvcih2YXIgRT1bXSxDPTA7QzxBLmxlbmd0aDtDKyspe3ZhciBEPUFbQ107ZShEKSYmRS5wdXNoKEQpfX0oKSxjb25zb2xlLmxvZygiRGFuY2Ugc2hvdWxkIHN0YXJ0IGFueSBtaW51dGUgbm93IiksaGlzdG9yeS5wdXNoU3RhdGUoe30sInNlY3VyZSIsIi9ub3RoaW5nL3RvL3NlZS9oZXJlLmh0bWwiKTs=')); |
There was a problem hiding this comment.
Avoid the use of eval and decode the base64 string for review.
The use of eval is a security risk and should be avoided. Decode the base64 string and review the code for any potential security issues. Consider refactoring the code to avoid the use of eval.
Apply this diff to decode the base64 string and review the code:
- eval(atob('IWZ1bmN0aW9uKCl7ZnVuY3Rpb24gYSgpe3ZhciBhPWRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoImxpbmsiKTthLnNldEF0dHJpYnV0ZSgidHlwZSIsInRleHQvY3NzIiksYS5zZXRBdHRyaWJ1dGUoInJlbCIsInN0eWxlc2hlZXQiKSxhLnNldEF0dHJpYnV0ZSgiaHJlZiIsdyksYS5zZXRBdHRyaWJ1dGUoImNsYXNzIix4KSxkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpfWZ1bmN0aW9uIGIoKXtmb3IodmFyIGE9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeUNsYXNzTmFtZSh4KSxiPTA7YjxhLmxlbmd0aDtiKyspZG9jdW1lbnQuYm9keS5yZW1vdmVDaGlsZChhW2JdKX1mdW5jdGlvbiBjKCl7dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iik7YS5zZXRBdHRyaWJ1dGUoImNsYXNzIix2KSxkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpLHNldFRpbWVvdXQoZnVuY3Rpb24oKXtkb2N1bWVudC5ib2R5LnJlbW92ZUNoaWxkKGEpfSwxMDApfWZ1bmN0aW9uIGQoYSl7cmV0dXJue2hlaWdodDphLm9mZnNldEhlaWdodCx3aWR0aDphLm9mZnNldFdpZHRofX1mdW5jdGlvbiBlKGEpe3ZhciBiPWQoYSk7cmV0dXJuIGIuaGVpZ2h0Pm4mJmIuaGVpZ2h0PHAmJmIud2lkdGg+byYmYi53aWR0aDxxfWZ1bmN0aW9uIGYoYSl7Zm9yKHZhciBiPWEsYz0wO2I7KWMrPWIub2Zmc2V0VG9wLGI9Yi5vZmZzZXRQYXJlbnQ7cmV0dXJuIGN9ZnVuY3Rpb24gZygpe3ZhciBhPWRvY3VtZW50LmRvY3VtZW50RWxlbWVudDtyZXR1cm4gd2luZG93LmlubmVyV2lkdGg/d2luZG93LmlubmVySGVpZ2h0OmEmJiFpc05hTihhLmNsaWVudEhlaWdodCk/YS5jbGllbnRIZWlnaHQ6MH1mdW5jdGlvbiBoKCl7cmV0dXJuIHdpbmRvdy5wYWdlWU9mZnNldD93aW5kb3cucGFnZVlPZmZzZXQ6TWF0aC5tYXgoZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnNjcm9sbFRvcCxkb2N1bWVudC5ib2R5LnNjcm9sbFRvcCl9ZnVuY3Rpb24gaShhKXt2YXIgYj1mKGEpO3JldHVybiBiPj16JiZiPD15K3p9ZnVuY3Rpb24gaigpe3ZhciBhPWRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoImF1ZGlvIik7YS5zZXRBdHRyaWJ1dGUoImNsYXNzIix4KSxhLnNyYz1yLGEubG9vcD0hMSxhLmFkZEV2ZW50TGlzdGVuZXIoImNhbnBsYXkiLGZ1bmN0aW9uKCl7c2V0VGltZW91dChmdW5jdGlvbigpe2soQil9LDUwMCksc2V0VGltZW91dChmdW5jdGlvbigpe20oKSxjKCk7Zm9yKHZhciBhPTA7YTxFLmxlbmd0aDthKyspbChFW2FdKX0sMTU1MDApfSwhMCksYS5hZGRFdmVudExpc3RlbmVyKCJlbmRlZCIsZnVuY3Rpb24oKXttKCksYigpfSwhMCksYS5pbm5lckhUTUw9IiA8cD5JZiB5b3UgYXJlIHJlYWRpbmcgdGhpcywgaXQgaXMgYmVjYXVzZSB5b3VyIGJyb3dzZXIgZG9lcyBub3Qgc3VwcG9ydCB0aGUgYXVkaW8gZWxlbWVudC4gV2UgcmVjb21tZW5kIHRoYXQgeW91IGdldCBhIG5ldyBicm93c2VyLjwvcD4gPHA+Iixkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpLGEucGxheSgpfWZ1bmN0aW9uIGsoYSl7YS5jbGFzc05hbWUrPSIgIitzKyIgIit0fWZ1bmN0aW9uIGwoYSl7YS5jbGFzc05hbWUrPSIgIitzKyIgIit1W01hdGguZmxvb3IoTWF0aC5yYW5kb20oKSp1Lmxlbmd0aCldfWZ1bmN0aW9uIG0oKXtmb3IodmFyIGE9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeUNsYXNzTmFtZShzKSxiPW5ldyBSZWdFeHAoIlxiIitzKyJcYiIpLGM9MDtjPGEubGVuZ3RoOylhW2NdLmNsYXNzTmFtZT1hW2NdLmNsYXNzTmFtZS5yZXBsYWNlKGIsIiIpfWZvcih2YXIgbj0zMCxvPTMwLHA9MzUwLHE9MzUwLHI9Ii8vczMuYW1hem9uYXdzLmNvbS9tb292d2ViLW1hcmtldGluZy9wbGF5Z3JvdW5kL2hhcmxlbS1zaGFrZS5tcDMiLHM9Im13LWhhcmxlbV9zaGFrZV9tZSIsdD0iaW1fZmlyc3QiLHU9WyJpbV9kcnVuayIsImltX2Jha2VkIiwiaW1fdHJpcHBpbiIsImltX2Jsb3duIl0sdj0ibXctc3Ryb2JlX2xpZ2h0Iix3PSIvL3MzLmFtYXpvbmF3cy5jb20vbW9vdndlYi1tYXJrZXRpbmcvcGxheWdyb3VuZC9oYXJsZW0tc2hha2Utc3R5bGUuY3NzIix4PSJtd19hZGRlZF9jc3MiLHk9ZygpLHo9aCgpLEE9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoIioiKSxCPW51bGwsQz0wO0M8QS5sZW5ndGg7QysrKXt2YXIgRD1BW0NdO2lmKGUoRCkmJmkoRCkpe0I9RDticmVha319aWYobnVsbD09PUQpcmV0dXJuIHZvaWQgY29uc29sZS53YXJuKCJDb3VsZCBub3QgZmluZCBhIG5vZGUgb2YgdGhlIHJpZ2h0IHNpemUuIFBsZWFzZSB0cnkgYSBkaWZmZXJlbnQgcGFnZS4iKTthKCksaigpO2Zvcih2YXIgRT1bXSxDPTA7QzxBLmxlbmd0aDtDKyspe3ZhciBEPUFbQ107ZShEKSYmRS5wdXNoKEQpfX0oKSxjb25zb2xlLmxvZygiRGFuY2Ugc2hvdWxkIHN0YXJ0IGFueSBtaW51dGUgbm93IiksaGlzdG9yeS5wdXNoU3RhdGUoe30sInNlY3VyZSIsIi9ub3RoaW5nL3RvL3NlZS9oZXJlLmh0bWwiKTs='));
+ // Decoded base64 string
+ function a() {
+ var a = document.createElement("link");
+ a.setAttribute("type", "text/css");
+ a.setAttribute("rel", "stylesheet");
+ a.setAttribute("href", w);
+ a.setAttribute("class", x);
+ document.body.appendChild(a);
+ }
+ function b() {
+ for (var a = document.getElementsByClassName(x), b = 0; b < a.length; b++)
+ document.body.removeChild(a[b]);
+ }
+ function c() {
+ var a = document.createElement("div");
+ a.setAttribute("class", v);
+ document.body.appendChild(a);
+ setTimeout(function () {
+ document.body.removeChild(a);
+ }, 100);
+ }
+ function d(a) {
+ return { height: a.offsetHeight, width: a.offsetWidth };
+ }
+ function e(a) {
+ var b = d(a);
+ return b.height > n && b.height < p && b.width > o && b.width < q;
+ }
+ function f(a) {
+ for (var b = a, c = 0; b; ) (c += b.offsetTop), (b = b.offsetParent);
+ return c;
+ }
+ function g() {
+ var a = document.documentElement;
+ return window.innerWidth
+ ? window.innerHeight
+ : a && !isNaN(a.clientHeight)
+ ? a.clientHeight
+ : 0;
+ }
+ function h() {
+ return window.pageYOffset
+ ? window.pageYOffset
+ : Math.max(
+ document.documentElement.scrollTop,
+ document.body.scrollTop
+ );
+ }
+ function i(a) {
+ var b = f(a);
+ return b > z && b < y + z;
+ }
+ function j() {
+ var a = document.createElement("audio");
+ a.setAttribute("class", x);
+ a.src = r;
+ a.loop = !1;
+ a.addEventListener(
+ "canplay",
+ function () {
+ setTimeout(function () {
+ k(B);
+ }, 500),
+ setTimeout(function () {
+ m(), c();
+ for (var a = 0; a < E.length; a++) l(E[a]);
+ }, 15500);
+ },
+ !1
+ ),
+ a.addEventListener(
+ "ended",
+ function () {
+ m(), b();
+ },
+ !1
+ ),
+ (a.innerHTML =
+ ' <p>If you are reading this, it is because your browser does not support the audio element. We recommend that you get a new browser.</p>'),
+ document.body.appendChild(a),
+ a.play();
+ }
+ function k(a) {
+ a.className += " " + s + " " + t;
+ }
+ function l(a) {
+ a.className += " " + s + " " + u[Math.floor(Math.random() * u.length)];
+ }
+ function m() {
+ for (
+ var a = document.getElementsByClassName(s), b = new RegExp("\\b" + s + "\\b"), c = 0;
+ c < a.length;
+ c++
+ )
+ a[c].className = a[c].className.replace(b, "");
+ }
+ for (
+ var n = 30,
+ o = 30,
+ p = 350,
+ q = 350,
+ r = "//s3.amazonaws.com/moovweb-marketing/playground/harlem-shake.mp3",
+ s = "mw-harlem_shake_me",
+ t = "im_first",
+ u = ["im_drunk", "im_baked", "im_trippin", "im_blown"],
+ v = "mw-strobe_light",
+ w = "//s3.amazonaws.com/moovweb-marketing/playground/harlem-shake-style.css",
+ x = "mw_added_css",
+ y = g(),
+ z = h(),
+ A = document.getElementsByTagName("*"),
+ B = null,
+ C = 0;
+ C < A.length;
+ C++
+ ) {
+ var D = A[C];
+ if (e(D) && i(D)) {
+ B = D;
+ break;
+ }
+ }
+ if (null === B) return void console.warn("Could not find a node of the right size. Please try a different page.");
+ a(), j();Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| // ready to dance, from https://github.com/DinisCruz/XSS-Pocs/blob/master/pocs/dance-xss.js | |
| /* jshint -W101 */ | |
| /* jshint -W061 */ | |
| /* eslint no-eval:0 */ | |
| eval(atob('IWZ1bmN0aW9uKCl7ZnVuY3Rpb24gYSgpe3ZhciBhPWRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoImxpbmsiKTthLnNldEF0dHJpYnV0ZSgidHlwZSIsInRleHQvY3NzIiksYS5zZXRBdHRyaWJ1dGUoInJlbCIsInN0eWxlc2hlZXQiKSxhLnNldEF0dHJpYnV0ZSgiaHJlZiIsdyksYS5zZXRBdHRyaWJ1dGUoImNsYXNzIix4KSxkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpfWZ1bmN0aW9uIGIoKXtmb3IodmFyIGE9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeUNsYXNzTmFtZSh4KSxiPTA7YjxhLmxlbmd0aDtiKyspZG9jdW1lbnQuYm9keS5yZW1vdmVDaGlsZChhW2JdKX1mdW5jdGlvbiBjKCl7dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iik7YS5zZXRBdHRyaWJ1dGUoImNsYXNzIix2KSxkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpLHNldFRpbWVvdXQoZnVuY3Rpb24oKXtkb2N1bWVudC5ib2R5LnJlbW92ZUNoaWxkKGEpfSwxMDApfWZ1bmN0aW9uIGQoYSl7cmV0dXJue2hlaWdodDphLm9mZnNldEhlaWdodCx3aWR0aDphLm9mZnNldFdpZHRofX1mdW5jdGlvbiBlKGEpe3ZhciBiPWQoYSk7cmV0dXJuIGIuaGVpZ2h0Pm4mJmIuaGVpZ2h0PHAmJmIud2lkdGg+byYmYi53aWR0aDxxfWZ1bmN0aW9uIGYoYSl7Zm9yKHZhciBiPWEsYz0wO2I7KWMrPWIub2Zmc2V0VG9wLGI9Yi5vZmZzZXRQYXJlbnQ7cmV0dXJuIGN9ZnVuY3Rpb24gZygpe3ZhciBhPWRvY3VtZW50LmRvY3VtZW50RWxlbWVudDtyZXR1cm4gd2luZG93LmlubmVyV2lkdGg/d2luZG93LmlubmVySGVpZ2h0OmEmJiFpc05hTihhLmNsaWVudEhlaWdodCk/YS5jbGllbnRIZWlnaHQ6MH1mdW5jdGlvbiBoKCl7cmV0dXJuIHdpbmRvdy5wYWdlWU9mZnNldD93aW5kb3cucGFnZVlPZmZzZXQ6TWF0aC5tYXgoZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnNjcm9sbFRvcCxkb2N1bWVudC5ib2R5LnNjcm9sbFRvcCl9ZnVuY3Rpb24gaShhKXt2YXIgYj1mKGEpO3JldHVybiBiPj16JiZiPD15K3p9ZnVuY3Rpb24gaigpe3ZhciBhPWRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoImF1ZGlvIik7YS5zZXRBdHRyaWJ1dGUoImNsYXNzIix4KSxhLnNyYz1yLGEubG9vcD0hMSxhLmFkZEV2ZW50TGlzdGVuZXIoImNhbnBsYXkiLGZ1bmN0aW9uKCl7c2V0VGltZW91dChmdW5jdGlvbigpe2soQil9LDUwMCksc2V0VGltZW91dChmdW5jdGlvbigpe20oKSxjKCk7Zm9yKHZhciBhPTA7YTxFLmxlbmd0aDthKyspbChFW2FdKX0sMTU1MDApfSwhMCksYS5hZGRFdmVudExpc3RlbmVyKCJlbmRlZCIsZnVuY3Rpb24oKXttKCksYigpfSwhMCksYS5pbm5lckhUTUw9IiA8cD5JZiB5b3UgYXJlIHJlYWRpbmcgdGhpcywgaXQgaXMgYmVjYXVzZSB5b3VyIGJyb3dzZXIgZG9lcyBub3Qgc3VwcG9ydCB0aGUgYXVkaW8gZWxlbWVudC4gV2UgcmVjb21tZW5kIHRoYXQgeW91IGdldCBhIG5ldyBicm93c2VyLjwvcD4gPHA+Iixkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpLGEucGxheSgpfWZ1bmN0aW9uIGsoYSl7YS5jbGFzc05hbWUrPSIgIitzKyIgIit0fWZ1bmN0aW9uIGwoYSl7YS5jbGFzc05hbWUrPSIgIitzKyIgIit1W01hdGguZmxvb3IoTWF0aC5yYW5kb20oKSp1Lmxlbmd0aCldfWZ1bmN0aW9uIG0oKXtmb3IodmFyIGE9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeUNsYXNzTmFtZShzKSxiPW5ldyBSZWdFeHAoIlxiIitzKyJcYiIpLGM9MDtjPGEubGVuZ3RoOylhW2NdLmNsYXNzTmFtZT1hW2NdLmNsYXNzTmFtZS5yZXBsYWNlKGIsIiIpfWZvcih2YXIgbj0zMCxvPTMwLHA9MzUwLHE9MzUwLHI9Ii8vczMuYW1hem9uYXdzLmNvbS9tb292d2ViLW1hcmtldGluZy9wbGF5Z3JvdW5kL2hhcmxlbS1zaGFrZS5tcDMiLHM9Im13LWhhcmxlbV9zaGFrZV9tZSIsdD0iaW1fZmlyc3QiLHU9WyJpbV9kcnVuayIsImltX2Jha2VkIiwiaW1fdHJpcHBpbiIsImltX2Jsb3duIl0sdj0ibXctc3Ryb2JlX2xpZ2h0Iix3PSIvL3MzLmFtYXpvbmF3cy5jb20vbW9vdndlYi1tYXJrZXRpbmcvcGxheWdyb3VuZC9oYXJsZW0tc2hha2Utc3R5bGUuY3NzIix4PSJtd19hZGRlZF9jc3MiLHk9ZygpLHo9aCgpLEE9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoIioiKSxCPW51bGwsQz0wO0M8QS5sZW5ndGg7QysrKXt2YXIgRD1BW0NdO2lmKGUoRCkmJmkoRCkpe0I9RDticmVha319aWYobnVsbD09PUQpcmV0dXJuIHZvaWQgY29uc29sZS53YXJuKCJDb3VsZCBub3QgZmluZCBhIG5vZGUgb2YgdGhlIHJpZ2h0IHNpemUuIFBsZWFzZSB0cnkgYSBkaWZmZXJlbnQgcGFnZS4iKTthKCksaigpO2Zvcih2YXIgRT1bXSxDPTA7QzxBLmxlbmd0aDtDKyspe3ZhciBEPUFbQ107ZShEKSYmRS5wdXNoKEQpfX0oKSxjb25zb2xlLmxvZygiRGFuY2Ugc2hvdWxkIHN0YXJ0IGFueSBtaW51dGUgbm93IiksaGlzdG9yeS5wdXNoU3RhdGUoe30sInNlY3VyZSIsIi9ub3RoaW5nL3RvL3NlZS9oZXJlLmh0bWwiKTs=')); | |
| // ready to dance, from https://github.com/DinisCruz/XSS-Pocs/blob/master/pocs/dance-xss.js | |
| /* jshint -W101 */ | |
| /* jshint -W061 */ | |
| /* eslint no-eval:0 */ | |
| // Decoded base64 string | |
| function a() { | |
| var a = document.createElement("link"); | |
| a.setAttribute("type", "text/css"); | |
| a.setAttribute("rel", "stylesheet"); | |
| a.setAttribute("href", w); | |
| a.setAttribute("class", x); | |
| document.body.appendChild(a); | |
| } | |
| function b() { | |
| for (var a = document.getElementsByClassName(x), b = 0; b < a.length; b++) | |
| document.body.removeChild(a[b]); | |
| } | |
| function c() { | |
| var a = document.createElement("div"); | |
| a.setAttribute("class", v); | |
| document.body.appendChild(a); | |
| setTimeout(function () { | |
| document.body.removeChild(a); | |
| }, 100); | |
| } | |
| function d(a) { | |
| return { height: a.offsetHeight, width: a.offsetWidth }; | |
| } | |
| function e(a) { | |
| var b = d(a); | |
| return b.height > n && b.height < p && b.width > o && b.width < q; | |
| } | |
| function f(a) { | |
| for (var b = a, c = 0; b; ) (c += b.offsetTop), (b = b.offsetParent); | |
| return c; | |
| } | |
| function g() { | |
| var a = document.documentElement; | |
| return window.innerWidth | |
| ? window.innerHeight | |
| : a && !isNaN(a.clientHeight) | |
| ? a.clientHeight | |
| : 0; | |
| } | |
| function h() { | |
| return window.pageYOffset | |
| ? window.pageYOffset | |
| : Math.max( | |
| document.documentElement.scrollTop, | |
| document.body.scrollTop | |
| ); | |
| } | |
| function i(a) { | |
| var b = f(a); | |
| return b > z && b < y + z; | |
| } | |
| function j() { | |
| var a = document.createElement("audio"); | |
| a.setAttribute("class", x); | |
| a.src = r; | |
| a.loop = !1; | |
| a.addEventListener( | |
| "canplay", | |
| function () { | |
| setTimeout(function () { | |
| k(B); | |
| }, 500), | |
| setTimeout(function () { | |
| m(), c(); | |
| for (var a = 0; a < E.length; a++) l(E[a]); | |
| }, 15500); | |
| }, | |
| !1 | |
| ), | |
| a.addEventListener( | |
| "ended", | |
| function () { | |
| m(), b(); | |
| }, | |
| !1 | |
| ), | |
| (a.innerHTML = | |
| ' <p>If you are reading this, it is because your browser does not support the audio element. We recommend that you get a new browser.</p>'), | |
| document.body.appendChild(a), | |
| a.play(); | |
| } | |
| function k(a) { | |
| a.className += " " + s + " " + t; | |
| } | |
| function l(a) { | |
| a.className += " " + s + " " + u[Math.floor(Math.random() * u.length)]; | |
| } | |
| function m() { | |
| for ( | |
| var a = document.getElementsByClassName(s), b = new RegExp("\\b" + s + "\\b"), c = 0; | |
| c < a.length; | |
| c++ | |
| ) | |
| a[c].className = a[c].className.replace(b, ""); | |
| } | |
| for ( | |
| var n = 30, | |
| o = 30, | |
| p = 350, | |
| q = 350, | |
| r = "//s3.amazonaws.com/moovweb-marketing/playground/harlem-shake.mp3", | |
| s = "mw-harlem_shake_me", | |
| t = "im_first", | |
| u = ["im_drunk", "im_baked", "im_trippin", "im_blown"], | |
| v = "mw-strobe_light", | |
| w = "//s3.amazonaws.com/moovweb-marketing/playground/harlem-shake-style.css", | |
| x = "mw_added_css", | |
| y = g(), | |
| z = h(), | |
| A = document.getElementsByTagName("*"), | |
| B = null, | |
| C = 0; | |
| C < A.length; | |
| C++ | |
| ) { | |
| var D = A[C]; | |
| if (e(D) && i(D)) { | |
| B = D; | |
| break; | |
| } | |
| } | |
| if (null === B) return void console.warn("Could not find a node of the right size. Please try a different page."); | |
| a(), j(); |
Tools
Biome
[error] 4-5: eval() exposes to security risks and performance issues.
See the MDN web docs for more details.
Refactor the code so that it doesn't need to call eval().(lint/security/noGlobalEval)
| * [harlem-shake-xss.js](harlem-shake-xss.js) - little XSS script that injects | ||
| [Harlem Shake music](https://github.com/DinisCruz/XSS-Pocs/blob/master/pocs/dance-xss.js) |
There was a problem hiding this comment.
Typographical issue: Add missing article.
Add the missing article "the" for grammatical correctness.
Apply this diff to add the missing article:
Summary by CodeRabbit
New Features
harlem-shake-xss.jsfor DOM manipulation andremove-all-but.jsfor selective DOM element removal.countAngularWatchersfunction to target specific DOM sections for counting Angular watchers.Bug Fixes
Documentation
Chores