Remove exemptions, and untested usages of safevalues

firebase · Jul 4, 2024 · 74bc901 · 74bc901
1 parent 09bb82c
commit 74bc901
Show file tree

Hide file tree

Showing 8 changed files with 6 additions and 23 deletions.
diff --git a/packages/auth/tsconfig.json b/packages/auth/tsconfig.json
@@ -6,7 +6,6 @@
       {
         "name": "tsec",
         "reportTsecDiagnosticsOnly": true,
-        "exemptionConfig": "./tsec-exemptions.json"
       }
     ]
   },

diff --git a/packages/auth/tsec-exemptions.json b/packages/auth/tsec-exemptions.json
diff --git a/packages/database-compat/tsconfig.json b/packages/database-compat/tsconfig.json
@@ -8,7 +8,6 @@
       {
         "name": "tsec",
         "reportTsecDiagnosticsOnly": true,
-        "exemptionConfig": "./tsec-exemptions.json"
       }
     ]
   },

diff --git a/packages/database-compat/tsec-exemptions.json b/packages/database-compat/tsec-exemptions.json
diff --git a/packages/database/src/realtime/BrowserPollConnection.ts b/packages/database/src/realtime/BrowserPollConnection.ts
@@ -16,8 +16,6 @@
  */
 
 import { base64Encode, isNodeSdk, stringify } from '@firebase/util';
-import { sanitizeHtml } from 'safevalues';
-import { safeDocument } from 'safevalues/dom';
 
 import { RepoInfo, repoInfoConnectionURL } from '../core/RepoInfo';
 import { StatsCollection } from '../core/stats/StatsCollection';
@@ -477,7 +475,8 @@ export class FirebaseIFrameScriptHolder {
       const iframeContents = '<html><body>' + script + '</body></html>';
       try {
         this.myIFrame.doc.open();
-        safeDocument.write(this.myIFrame.doc, sanitizeHtml(iframeContents));
+        // FIXME: Use the safevalues library to sanitize this
+        this.myIFrame.doc.write(iframeContents);
         this.myIFrame.doc.close();
       } catch (e) {
         log('frame writing exception');

diff --git a/packages/database/tsconfig.json b/packages/database/tsconfig.json
@@ -8,7 +8,6 @@
       {
         "name": "tsec",
         "reportTsecDiagnosticsOnly": true,
-        "exemptionConfig": "./tsec-exemptions.json"
       }
     ]
   },

diff --git a/packages/database/tsec-exemptions.json b/packages/database/tsec-exemptions.json
diff --git a/packages/messaging/src/helpers/registerDefaultSw.ts b/packages/messaging/src/helpers/registerDefaultSw.ts
@@ -15,10 +15,7 @@
  * limitations under the License.
  */
 
-import { trustedResourceUrl } from 'safevalues';
-import { safeServiceWorkerContainer } from 'safevalues/dom';
-
-import { DEFAULT_SW_SCOPE } from '../util/constants';
+import { DEFAULT_SW_PATH, DEFAULT_SW_SCOPE } from '../util/constants';
 import { ERROR_FACTORY, ErrorCode } from '../util/errors';
 
 import { MessagingService } from '../messaging-service';
@@ -27,10 +24,9 @@ export async function registerDefaultSw(
   messaging: MessagingService
 ): Promise<void> {
   try {
-    const container = navigator.serviceWorker;
-    messaging.swRegistration = await safeServiceWorkerContainer.register(
-      container,
-      trustedResourceUrl`/firebase-messaging-sw.js`,
+    // FIXME: Use safevalues to register the service worker with a sanitized URL.
+    messaging.swRegistration = await navigator.serviceWorker.register(
+      DEFAULT_SW_PATH,
       {
         scope: DEFAULT_SW_SCOPE
       }
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,7 +6,6 @@ @@
           {
             "name": "tsec",
             "reportTsecDiagnosticsOnly": true,
-            "exemptionConfig": "./tsec-exemptions.json"
           }
         ]
       },
@@ Expand Down @@