Skip to content

Commit

Permalink
Provide build that with no eval/Function #86
Browse files Browse the repository at this point in the history
  • Loading branch information
kriszyp committed Nov 7, 2022
1 parent 3e1a92d commit 36244ea
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 6 deletions.
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,9 @@ For module-based development, it is recommended that you directly import the mod
import { unpack } from 'msgpackr/unpack' // if you only need to unpack
```

The package also includes a minified bundle in index.min.js.
Additionally, the package includes a version that excludes dynamic code evaluation called index-no-eval.js, for situations where Content Security Policy (CSP) forbids eval/Function in code. The dynamic evaluation provides important performance optimizations (for records), so is not recommended unless required by CSP policy.

## Structured Cloning
You can also use msgpackr for [structured cloning](https://html.spec.whatwg.org/multipage/structured-data.html). By enabling the `structuredClone` option, you can include references to other objects or cyclic references, and object identity will be preserved. Structured cloning also enables preserving certain typed objects like `Error`, `Set`, `RegExp` and TypedArray instances. For example:
```js
Expand Down
5 changes: 3 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -75,14 +75,15 @@
"msgpackr-extract": "^2.1.2"
},
"devDependencies": {
"@rollup/plugin-json": "^4.1.0",
"@rollup/plugin-json": "^5.0.1",
"@rollup/plugin-replace": "^5.0.1",
"@types/node": "latest",
"async": "^3",
"chai": "^4.3.4",
"cpy-cli": "^4.1.0",
"esm": "^3.2.25",
"mocha": "^8.1.3",
"rollup": "^1.20.3",
"rollup": "^3.2.5",
"rollup-plugin-babel-minify": "^9.0.0"
}
}
35 changes: 31 additions & 4 deletions rollup.config.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import minify from "rollup-plugin-babel-minify";
import json from "@rollup/plugin-json";
import json from "@rollup/plugin-json";
import replace from "@rollup/plugin-replace";

export default [
{
Expand All @@ -20,18 +21,44 @@ export default [
name: "msgpackr",
sourcemap: true
}
},
},
{
input: "index.js",
plugins: [
replace({ Function: 'BlockedFunction '})
],
output: {
file: "dist/index-no-eval.js",
format: "umd",
name: "msgpackr",
sourcemap: true
},
},
{
input: "index.js",
plugins: [minify({
})],
plugins: [
minify({})
],
output: {
file: "dist/index.min.js",
format: "umd",
name: "msgpackr",
sourcemap: true
}
},
{
input: "index.js",
plugins: [
replace({ Function: 'BlockedFunction '}),
minify({})
],
output: {
file: "dist/index-no-eval.min.js",
format: "umd",
name: "msgpackr",
sourcemap: true
}
},
{
input: "tests/test.js",
plugins: [json()],
Expand Down
2 changes: 2 additions & 0 deletions unpack.js
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ C1.name = 'MessagePack 0xC1'
var sequentialMode = false
var inlineObjectReadThreshold = 2
var readStruct, onLoadedStructures, onSaveState
var BlockedFunction // we use search and replace to change the next call to BlockedFunction to avoid CSP issues for
// no-eval build
try {
new Function('')
} catch(error) {
Expand Down

0 comments on commit 36244ea

Please sign in to comment.