diff --git a/packages/auth/tsconfig.json b/packages/auth/tsconfig.json index 9264e1461f0..f100c88aea0 100644 --- a/packages/auth/tsconfig.json +++ b/packages/auth/tsconfig.json @@ -6,7 +6,6 @@ { "name": "tsec", "reportTsecDiagnosticsOnly": true, - "exemptionConfig": "./tsec-exemptions.json" } ] }, diff --git a/packages/auth/tsec-exemptions.json b/packages/auth/tsec-exemptions.json deleted file mode 100644 index e366beec368..00000000000 --- a/packages/auth/tsec-exemptions.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "ban-element-setattribute": ["src/platform_browser/index.ts", "src/platform_browser/load_js.test.ts"] -} diff --git a/packages/database-compat/tsconfig.json b/packages/database-compat/tsconfig.json index 891c6ae01f5..e2f493565c5 100644 --- a/packages/database-compat/tsconfig.json +++ b/packages/database-compat/tsconfig.json @@ -8,7 +8,6 @@ { "name": "tsec", "reportTsecDiagnosticsOnly": true, - "exemptionConfig": "./tsec-exemptions.json" } ] }, diff --git a/packages/database-compat/tsec-exemptions.json b/packages/database-compat/tsec-exemptions.json deleted file mode 100644 index 126a0ce25f9..00000000000 --- a/packages/database-compat/tsec-exemptions.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "ban-script-src-assignments": ["../database/src/realtime/BrowserPollConnection.ts"] -} diff --git a/packages/database/src/realtime/BrowserPollConnection.ts b/packages/database/src/realtime/BrowserPollConnection.ts index 4dcb7dd641d..d8c32665721 100644 --- a/packages/database/src/realtime/BrowserPollConnection.ts +++ b/packages/database/src/realtime/BrowserPollConnection.ts @@ -16,8 +16,6 @@ */ import { base64Encode, isNodeSdk, stringify } from '@firebase/util'; -import { sanitizeHtml } from 'safevalues'; -import { safeDocument } from 'safevalues/dom'; import { RepoInfo, repoInfoConnectionURL } from '../core/RepoInfo'; import { StatsCollection } from '../core/stats/StatsCollection'; @@ -477,7 +475,8 @@ export class FirebaseIFrameScriptHolder { const iframeContents = '
' + script + ''; try { this.myIFrame.doc.open(); - safeDocument.write(this.myIFrame.doc, sanitizeHtml(iframeContents)); + // FIXME: Use the safevalues library to sanitize this + this.myIFrame.doc.write(iframeContents); this.myIFrame.doc.close(); } catch (e) { log('frame writing exception'); diff --git a/packages/database/tsconfig.json b/packages/database/tsconfig.json index 891c6ae01f5..e2f493565c5 100644 --- a/packages/database/tsconfig.json +++ b/packages/database/tsconfig.json @@ -8,7 +8,6 @@ { "name": "tsec", "reportTsecDiagnosticsOnly": true, - "exemptionConfig": "./tsec-exemptions.json" } ] }, diff --git a/packages/database/tsec-exemptions.json b/packages/database/tsec-exemptions.json deleted file mode 100644 index 39e700cb0cd..00000000000 --- a/packages/database/tsec-exemptions.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "ban-script-src-assignments": ["src/realtime/BrowserPollConnection.ts"] -} diff --git a/packages/messaging/src/helpers/registerDefaultSw.ts b/packages/messaging/src/helpers/registerDefaultSw.ts index dd27943eb1c..3ab4dd870f5 100644 --- a/packages/messaging/src/helpers/registerDefaultSw.ts +++ b/packages/messaging/src/helpers/registerDefaultSw.ts @@ -15,10 +15,7 @@ * limitations under the License. */ -import { trustedResourceUrl } from 'safevalues'; -import { safeServiceWorkerContainer } from 'safevalues/dom'; - -import { DEFAULT_SW_SCOPE } from '../util/constants'; +import { DEFAULT_SW_PATH, DEFAULT_SW_SCOPE } from '../util/constants'; import { ERROR_FACTORY, ErrorCode } from '../util/errors'; import { MessagingService } from '../messaging-service'; @@ -27,10 +24,9 @@ export async function registerDefaultSw( messaging: MessagingService ): Promise