Move js types to separate package

dennisleung · Dec 3, 2020 · 1d7d7e9 · 1d7d7e9
1 parent 3c69cc7
commit 1d7d7e9
Show file tree

Hide file tree

Showing 64 changed files with 163 additions and 766 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [4.0.0] - WIP
+### Changed
+- Removed functions `safeLoad`, `safeLoadAll`, `safeDump`, `safeDumpAll`.
+  Use `load`, `loadAll`, `dump`, `dumpAll` instead which are all now safe by default.
+- `yaml.DEFAULT_SAFE_SCHEMA` and `yaml.DEFAULT_FULL_SCHEMA` are removed, use
+  `yaml.DEFAULT_SCHEMA` instead.
+- `yaml.Schema.create(schema, tags)` is removed, use `schema.extend(tags)` instead.
+- `!!js/function`, `!!js/regexp`, `!!js/undefined` are moved to a separate package
+  [js-yaml-js-types](https://github.com/nodeca/js-yaml-js-types).
+
 ### Fixed
 - Astral characters are no longer encoded by dump/safeDump, #587.
 - Removed `bower.json`.

diff --git a/README.md b/README.md
@@ -85,37 +85,35 @@ const fs   = require('fs');
 
 // Get document, or throw exception on error
 try {
-  const doc = yaml.safeLoad(fs.readFileSync('/home/ixti/example.yml', 'utf8'));
+  const doc = yaml.load(fs.readFileSync('/home/ixti/example.yml', 'utf8'));
   console.log(doc);
 } catch (e) {
   console.log(e);
 }
 ```
 
 
-### safeLoad (string [ , options ])
+### load (string [ , options ])
 
-**Recommended loading way.** Parses `string` as single YAML document. Returns either a
+Parses `string` as single YAML document. Returns either a
 plain object, a string, a number, `null` or `undefined`, or throws `YAMLException` on error. By default, does
-not support regexps, functions and undefined. This method is safe for untrusted data.
+not support regexps, functions and undefined.
 
 options:
 
 - `filename` _(default: null)_ - string to be used as a file path in
   error/warning messages.
 - `onWarning` _(default: null)_ - function to call on warning messages.
   Loader will call this function with an instance of `YAMLException` for each warning.
-- `schema` _(default: `DEFAULT_SAFE_SCHEMA`)_ - specifies a schema to use.
+- `schema` _(default: `DEFAULT_SCHEMA`)_ - specifies a schema to use.
   - `FAILSAFE_SCHEMA` - only strings, arrays and plain objects:
     http://www.yaml.org/spec/1.2/spec.html#id2802346
   - `JSON_SCHEMA` - all JSON-supported types:
     http://www.yaml.org/spec/1.2/spec.html#id2803231
   - `CORE_SCHEMA` - same as `JSON_SCHEMA`:
     http://www.yaml.org/spec/1.2/spec.html#id2804923
-  - `DEFAULT_SAFE_SCHEMA` - all supported YAML types, without unsafe ones
-    (`!!js/undefined`, `!!js/regexp` and `!!js/function`):
-    http://yaml.org/type/
-  - `DEFAULT_FULL_SCHEMA` - all supported YAML types.
+  - `DEFAULT_SCHEMA` - all supported YAML types, without unsafe ones
+    (`!!js/undefined`, `!!js/regexp` and `!!js/function` are moved to [separate package](https://github.com/nodeca/js-yaml-js-types)).
 - `json` _(default: false)_ - compatibility with JSON.parse behaviour. If true, then duplicate keys in a mapping will override values rather than throwing an error.
 
 NOTE: This function **does not** understand multi-document sources, it throws
@@ -127,43 +125,23 @@ It allows numbers in any notation, use `Null` and `NULL` as `null`, etc.
 The core schema also has no such restrictions. It allows binary notation for integers.
 
 
-### load (string [ , options ])
-
-**Use with care with untrusted sources**. The same as `safeLoad()` but uses
-`DEFAULT_FULL_SCHEMA` by default - adds some JavaScript-specific types:
-`!!js/function`, `!!js/regexp` and `!!js/undefined`. For untrusted sources, you
-must additionally validate object structure to avoid injections:
-
-``` javascript
-const untrusted_code = '"toString": !<tag:yaml.org,2002:js/function> "function (){very_evil_thing();}"';
-
-// I'm just converting that string, what could possibly go wrong?
-require('js-yaml').load(untrusted_code) + ''
-```
-
-
-### safeLoadAll (string [, iterator] [, options ])
+### loadAll (string [, iterator] [, options ])
 
-Same as `safeLoad()`, but understands multi-document sources. Applies
+Same as `load()`, but understands multi-document sources. Applies
 `iterator` to each document if specified, or returns array of documents.
 
 ``` javascript
 const yaml = require('js-yaml');
 
-yaml.safeLoadAll(data, function (doc) {
+yaml.loadAll(data, function (doc) {
   console.log(doc);
 });
 ```
 
 
-### loadAll (string [, iterator] [ , options ])
-
-Same as `safeLoadAll()` but uses `DEFAULT_FULL_SCHEMA` by default.
-
-
-### safeDump (object [ , options ])
+### dump (object [ , options ])
 
-Serializes `object` as a YAML document. Uses `DEFAULT_SAFE_SCHEMA`, so it will
+Serializes `object` as a YAML document. Uses `DEFAULT_SCHEMA`, so it will
 throw an exception if you try to dump regexps or functions. However, you can
 disable exceptions by setting the `skipInvalid` option to `true`.
 
@@ -176,7 +154,7 @@ options:
 - `flowLevel` (default: -1) - specifies level of nesting, when to switch from
   block to flow style for collections. -1 means block style everwhere
 - `styles` - "tag" => "style" map. Each tag may have own set of styles.
-- `schema` _(default: `DEFAULT_SAFE_SCHEMA`)_ specifies a schema to use.
+- `schema` _(default: `DEFAULT_SCHEMA`)_ specifies a schema to use.
 - `sortKeys` _(default: `false`)_ - if `true`, sort keys when dumping YAML. If a
   function, use the function to sort the keys.
 - `lineWidth` _(default: `80`)_ - set max line width.
@@ -216,19 +194,14 @@ output is shown on the right side after `=>` (default setting) or `->`:
 Example:
 
 ``` javascript
-safeDump (object, {
+dump(object, {
   'styles': {
     '!!null': 'canonical' // dump null as ~
   },
   'sortKeys': true        // sort object keys
 });
 ```
 
-### dump (object [ , options ])
-
-Same as `safeDump()` but without limits (uses `DEFAULT_FULL_SCHEMA` by default).
-
-
 Supported YAML types
 --------------------
 

diff --git a/examples/custom_types.js b/examples/custom_types.js
@@ -77,7 +77,7 @@ var SpaceYamlType = new yaml.Type('!space', {
 
 // After our types are defined, it's time to join them into a schema.
 
-var SPACE_SCHEMA = yaml.Schema.create([ SpaceYamlType, PointYamlType ]);
+var SPACE_SCHEMA = yaml.DEFAULT_SCHEMA.extend([ SpaceYamlType, PointYamlType ]);
 
 // do not execute the following if file is required (http://stackoverflow.com/a/6398335)
 if (require.main === module) {

diff --git a/lib/js-yaml.js b/lib/js-yaml.js
@@ -5,9 +5,10 @@ var loader = require('./js-yaml/loader');
 var dumper = require('./js-yaml/dumper');
 
 
-function deprecated(name) {
+function renamed(from, to) {
   return function () {
-    throw new Error('Function ' + name + ' is deprecated and cannot be used.');
+    throw new Error('Function yaml.' + from + ' is removed in js-yaml 4. ' +
+      'Use yaml.' + to + ' instead, which is now safe by default.');
   };
 }
 
@@ -17,23 +18,13 @@ module.exports.Schema              = require('./js-yaml/schema');
 module.exports.FAILSAFE_SCHEMA     = require('./js-yaml/schema/failsafe');
 module.exports.JSON_SCHEMA         = require('./js-yaml/schema/json');
 module.exports.CORE_SCHEMA         = require('./js-yaml/schema/core');
-module.exports.DEFAULT_SAFE_SCHEMA = require('./js-yaml/schema/default_safe');
-module.exports.DEFAULT_FULL_SCHEMA = require('./js-yaml/schema/default_full');
+module.exports.DEFAULT_SCHEMA      = require('./js-yaml/schema/default');
 module.exports.load                = loader.load;
 module.exports.loadAll             = loader.loadAll;
-module.exports.safeLoad            = loader.safeLoad;
-module.exports.safeLoadAll         = loader.safeLoadAll;
 module.exports.dump                = dumper.dump;
-module.exports.safeDump            = dumper.safeDump;
 module.exports.YAMLException       = require('./js-yaml/exception');
 
-// Deprecated schema names from JS-YAML 2.0.x
-module.exports.MINIMAL_SCHEMA = require('./js-yaml/schema/failsafe');
-module.exports.SAFE_SCHEMA    = require('./js-yaml/schema/default_safe');
-module.exports.DEFAULT_SCHEMA = require('./js-yaml/schema/default_full');
-
-// Deprecated functions from JS-YAML 1.x.x
-module.exports.scan           = deprecated('scan');
-module.exports.parse          = deprecated('parse');
-module.exports.compose        = deprecated('compose');
-module.exports.addConstructor = deprecated('addConstructor');
+// Removed functions from JS-YAML 3.0.x
+module.exports.safeLoad            = renamed('safeLoad', 'load');
+module.exports.safeLoadAll         = renamed('safeLoadAll', 'loadAll');
+module.exports.safeDump            = renamed('safeDump', 'dump');
diff --git a/lib/js-yaml/dumper.js b/lib/js-yaml/dumper.js
@@ -4,8 +4,7 @@
 
 var common              = require('./common');
 var YAMLException       = require('./exception');
-var DEFAULT_FULL_SCHEMA = require('./schema/default_full');
-var DEFAULT_SAFE_SCHEMA = require('./schema/default_safe');
+var DEFAULT_SCHEMA      = require('./schema/default');
 
 var _toString       = Object.prototype.toString;
 var _hasOwnProperty = Object.prototype.hasOwnProperty;
@@ -107,7 +106,7 @@ function encodeHex(character) {
 }
 
 function State(options) {
-  this.schema        = options['schema'] || DEFAULT_FULL_SCHEMA;
+  this.schema        = options['schema'] || DEFAULT_SCHEMA;
   this.indent        = Math.max(1, (options['indent'] || 2));
   this.noArrayIndent = options['noArrayIndent'] || false;
   this.skipInvalid   = options['skipInvalid'] || false;
@@ -853,9 +852,4 @@ function dump(input, options) {
   return '';
 }
 
-function safeDump(input, options) {
-  return dump(input, common.extend({ schema: DEFAULT_SAFE_SCHEMA }, options));
-}
-
-module.exports.dump     = dump;
-module.exports.safeDump = safeDump;
+module.exports.dump = dump;
diff --git a/lib/js-yaml/loader.js b/lib/js-yaml/loader.js
@@ -5,8 +5,7 @@
 var common              = require('./common');
 var YAMLException       = require('./exception');
 var Mark                = require('./mark');
-var DEFAULT_SAFE_SCHEMA = require('./schema/default_safe');
-var DEFAULT_FULL_SCHEMA = require('./schema/default_full');
+var DEFAULT_SCHEMA      = require('./schema/default');
 
 
 var _hasOwnProperty = Object.prototype.hasOwnProperty;
@@ -133,7 +132,7 @@ function State(input, options) {
   this.input = input;
 
   this.filename  = options['filename']  || null;
-  this.schema    = options['schema']    || DEFAULT_FULL_SCHEMA;
+  this.schema    = options['schema']    || DEFAULT_SCHEMA;
   this.onWarning = options['onWarning'] || null;
   this.legacy    = options['legacy']    || false;
   this.json      = options['json']      || false;
@@ -1623,22 +1622,5 @@ function load(input, options) {
 }
 
 
-function safeLoadAll(input, iterator, options) {
-  if (typeof iterator === 'object' && iterator !== null && typeof options === 'undefined') {
-    options = iterator;
-    iterator = null;
-  }
-
-  return loadAll(input, iterator, common.extend({ schema: DEFAULT_SAFE_SCHEMA }, options));
-}
-
-
-function safeLoad(input, options) {
-  return load(input, common.extend({ schema: DEFAULT_SAFE_SCHEMA }, options));
-}
-
-
-module.exports.loadAll     = loadAll;
-module.exports.load        = load;
-module.exports.safeLoadAll = safeLoadAll;
-module.exports.safeLoad    = safeLoad;
+module.exports.loadAll = loadAll;
+module.exports.load    = load;
diff --git a/lib/js-yaml/schema.js b/lib/js-yaml/schema.js
@@ -2,18 +2,13 @@
 
 /*eslint-disable max-len*/
 
-var common        = require('./common');
 var YAMLException = require('./exception');
 var Type          = require('./type');
 
 
 function compileList(schema, name, result) {
   var exclude = [];
 
-  schema.include.forEach(function (includedSchema) {
-    result = compileList(includedSchema, name, result);
-  });
-
   schema[name].forEach(function (currentType) {
     result.forEach(function (previousType, previousIndex) {
       if (previousType.tag === currentType.tag && previousType.kind === currentType.kind) {
@@ -50,58 +45,58 @@ function compileMap(/* lists... */) {
 
 
 function Schema(definition) {
-  this.include  = definition.include  || [];
-  this.implicit = definition.implicit || [];
-  this.explicit = definition.explicit || [];
+  return this.extend(definition);
+}
 
-  this.implicit.forEach(function (type) {
-    if (type.loadKind && type.loadKind !== 'scalar') {
-      throw new YAMLException('There is a non-scalar type in the implicit list of a schema. Implicit resolving of such types is not supported.');
-    }
-  });
 
-  this.compiledImplicit = compileList(this, 'implicit', []);
-  this.compiledExplicit = compileList(this, 'explicit', []);
-  this.compiledTypeMap  = compileMap(this.compiledImplicit, this.compiledExplicit);
-}
+Schema.prototype.extend = function extend(definition) {
+  var implicit = [];
+  var explicit = [];
 
+  if (definition instanceof Type) {
+    // Schema.extend(type)
+    explicit.push(definition);
 
-Schema.DEFAULT = null;
+  } else if (Array.isArray(definition)) {
+    // Schema.extend([ type1, type2, ... ])
+    explicit = explicit.concat(definition);
 
+  } else if (definition && (Array.isArray(definition.implicit) || Array.isArray(definition.explicit))) {
+    // Schema.extend({ explicit: [ type1, type2, ... ], implicit: [ type1, type2, ... ] })
+    if (definition.implicit) implicit = implicit.concat(definition.implicit);
+    if (definition.explicit) explicit = explicit.concat(definition.explicit);
 
-Schema.create = function createSchema() {
-  var schemas, types;
+  } else {
+    throw new YAMLException('Schema.extend argument should be a Type, [ Type ], ' +
+      'or a schema definition ({ implicit: [...], explicit: [...] })');
+  }
 
-  switch (arguments.length) {
-    case 1:
-      schemas = Schema.DEFAULT;
-      types = arguments[0];
-      break;
+  implicit.forEach(function (type) {
+    if (!(type instanceof Type)) {
+      throw new YAMLException('Specified list of YAML types (or a single Type object) contains a non-Type object.');
+    }
 
-    case 2:
-      schemas = arguments[0];
-      types = arguments[1];
-      break;
+    if (type.loadKind && type.loadKind !== 'scalar') {
+      throw new YAMLException('There is a non-scalar type in the implicit list of a schema. Implicit resolving of such types is not supported.');
+    }
+  });
 
-    default:
-      throw new YAMLException('Wrong number of arguments for Schema.create function');
-  }
+  explicit.forEach(function (type) {
+    if (!(type instanceof Type)) {
+      throw new YAMLException('Specified list of YAML types (or a single Type object) contains a non-Type object.');
+    }
+  });
 
-  schemas = common.toArray(schemas);
-  types = common.toArray(types);
+  var result = Object.create(Schema.prototype);
 
-  if (!schemas.every(function (schema) { return schema instanceof Schema; })) {
-    throw new YAMLException('Specified list of super schemas (or a single Schema object) contains a non-Schema object.');
-  }
+  result.implicit = (this.implicit || []).concat(implicit);
+  result.explicit = (this.explicit || []).concat(explicit);
 
-  if (!types.every(function (type) { return type instanceof Type; })) {
-    throw new YAMLException('Specified list of YAML types (or a single Type object) contains a non-Type object.');
-  }
+  result.compiledImplicit = compileList(result, 'implicit', []);
+  result.compiledExplicit = compileList(result, 'explicit', []);
+  result.compiledTypeMap  = compileMap(result.compiledImplicit, result.compiledExplicit);
 
-  return new Schema({
-    include: schemas,
-    explicit: types
-  });
+  return result;
 };
 
 

diff --git a/lib/js-yaml/schema/core.js b/lib/js-yaml/schema/core.js
@@ -8,11 +8,4 @@
 'use strict';
 
 
-var Schema = require('../schema');
-
-
-module.exports = new Schema({
-  include: [
-    require('./json')
-  ]
-});
+module.exports = require('./json');