npm package diff

Package: @forge/csp

Versions: 4.2.1 - 5.0.0-next.0

File: package/out/csp/csp-processing-service.js

Index: package/out/csp/csp-processing-service.js
===================================================================
--- package/out/csp/csp-processing-service.js
+++ package/out/csp/csp-processing-service.js
@@ -1,9 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CSPProcessingService = exports.InvalidConnectSrc = void 0;
 const tslib_1 = require("tslib");
-const slim_1 = require("cheerio/slim");
 const content_security_policy_parser_1 = tslib_1.__importDefault(require("content-security-policy-parser"));
 const crypto_1 = tslib_1.__importDefault(require("crypto"));
 class InvalidConnectSrc extends Error {
     constructor() {
@@ -11,10 +10,11 @@
     }
 }
 exports.InvalidConnectSrc = InvalidConnectSrc;
 class CSPProcessingService {
-    constructor(logger) {
+    constructor(logger, cheerioLoader) {
         this.logger = logger;
+        this.cheerioLoader = cheerioLoader;
         this.STYLE_SRC_ALLOWLIST = [`'unsafe-inline'`];
         this.QUOTED_SCRIPT_SRC_ALLOWLIST = ['unsafe-inline', 'unsafe-eval', 'unsafe-hashes'];
         this.UNQUOTED_SCRIPT_SRC_ALLOWLIST = ['blob:'];
         this.SCRIPT_SRC_ALLOWLIST = [...this.QUOTED_SCRIPT_SRC_ALLOWLIST, ...this.UNQUOTED_SCRIPT_SRC_ALLOWLIST];
@@ -27,9 +27,9 @@
     getCspDetails(body, permissions) {
         var _a, _b;
         const { scripts, styles } = (_a = permissions === null || permissions === void 0 ? void 0 : permissions.content) !== null && _a !== void 0 ? _a : { scripts: [], styles: [] };
         const external = (_b = permissions === null || permissions === void 0 ? void 0 : permissions.external) !== null && _b !== void 0 ? _b : {};
-        const $ = (0, slim_1.load)(body, { xml: { xmlMode: false } });
+        const $ = this.cheerioLoader(body, { xml: { xmlMode: false } });
         const { 'script-src': scriptSrc, 'style-src': styleSrc, ...mappedExternalCsp } = this.mapExternalPermissionsToCsp(external);
         return {
             'style-src': [...this.getStyleSrc($, styles), ...styleSrc],
             'script-src': [...this.getScriptSrc($, scripts), ...scriptSrc],