From 1ced9aafc00c10992bab8bd3f1b6b1397f05b7b9 Mon Sep 17 00:00:00 2001 From: toasted-nutbread Date: Tue, 19 Dec 2023 00:33:38 -0500 Subject: Make JSON.parse usage safer (#373) * Make JSON.parse usage safer * Fix any type * Add readResponseJson * Use readResponseJson * Additional updates * Rename files * Add types --- ext/js/comm/anki-connect.js | 3 ++- ext/js/comm/api.js | 11 ++++++++--- ext/js/comm/cross-frame-api.js | 4 +++- 3 files changed, 13 insertions(+), 5 deletions(-) (limited to 'ext/js/comm') diff --git a/ext/js/comm/anki-connect.js b/ext/js/comm/anki-connect.js index bd9a69a2..fa5543d5 100644 --- a/ext/js/comm/anki-connect.js +++ b/ext/js/comm/anki-connect.js @@ -17,6 +17,7 @@ */ import {ExtensionError} from '../core/extension-error.js'; +import {parseJson} from '../core/json.js'; import {AnkiUtil} from '../data/anki-util.js'; /** @@ -419,7 +420,7 @@ export class AnkiConnect { let result; try { responseText = await response.text(); - result = JSON.parse(responseText); + result = parseJson(responseText); } catch (e) { const error = new ExtensionError('Invalid Anki response'); error.data = {action, params, status: response.status, responseText, originalError: e}; diff --git a/ext/js/comm/api.js b/ext/js/comm/api.js index 35a66d9e..43f707e2 100644 --- a/ext/js/comm/api.js +++ b/ext/js/comm/api.js @@ -18,6 +18,7 @@ import {deferPromise} from '../core.js'; import {ExtensionError} from '../core/extension-error.js'; +import {parseJson} from '../core/json.js'; export class API { /** @@ -433,6 +434,7 @@ export class API { return new Promise((resolve, reject) => { /** @type {?import('core').Timeout} */ let timer = null; + /** @type {import('core').DeferredPromiseDetails} */ const portDetails = deferPromise(); /** @@ -441,8 +443,9 @@ export class API { const onConnect = async (port) => { try { const {name: expectedName, id: expectedId} = await portDetails.promise; - const {name, id} = JSON.parse(port.name); - if (name !== expectedName || id !== expectedId || timer === null) { return; } + /** @type {import('cross-frame-api').PortDetails} */ + const portDetails2 = parseJson(port.name); + if (portDetails2.name !== expectedName || portDetails2.id !== expectedId || timer === null) { return; } } catch (e) { return; } @@ -470,7 +473,9 @@ export class API { timer = setTimeout(() => onError(new Error('Timeout')), timeout); chrome.runtime.onConnect.addListener(onConnect); - this._invoke('createActionPort').then(portDetails.resolve, onError); + /** @type {Promise} */ + const createActionPortResult = this._invoke('createActionPort'); + createActionPortResult.then(portDetails.resolve, onError); }); } diff --git a/ext/js/comm/cross-frame-api.js b/ext/js/comm/cross-frame-api.js index 3ac38cf2..0d3f3275 100644 --- a/ext/js/comm/cross-frame-api.js +++ b/ext/js/comm/cross-frame-api.js @@ -18,6 +18,7 @@ import {EventDispatcher, EventListenerCollection, invokeMessageHandler, log} from '../core.js'; import {ExtensionError} from '../core/extension-error.js'; +import {parseJson} from '../core/json.js'; import {yomitan} from '../yomitan.js'; /** @@ -377,9 +378,10 @@ export class CrossFrameAPI { */ _onConnect(port) { try { + /** @type {import('cross-frame-api').PortDetails} */ let details; try { - details = JSON.parse(port.name); + details = parseJson(port.name); } catch (e) { return; } -- cgit v1.2.3