feat: secure wrap xlink #875

apapko · 2018-12-04T02:01:31Z

Details

Wrap the xlink:href into 'sanitize' function which will get patched by locker during runtime. When ran off-core, the function simply returns incoming value.

template compiler snippet for svg:

attrs: {
     "xlink:href": sanitizeAttribute("use", "http://www.w3.org/2000/svg", "xlink:href", "value")
}

TODO: still need to handle expression values and check for svg

Does this PR introduce a breaking change?

Yes
No

salesforce-best-lwc-internal · 2018-12-04T02:16:29Z

Benchmark results

Base commit: 94e6d2f | Target commit: 2cd29ab

lwc-engine-benchmark

table-append-1k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table/append/1k	duration	151.90 (±5.40 ms)	157.60 (±3.90 ms)	+5.7ms (3.8%) 👎

table-clear-1k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table/clear/1k	duration	6.50 (±0.40 ms)	6.80 (±0.30 ms)	+0.3ms (4.6%) 👎

table-create-10k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table/create/10k	duration	887.65 (±6.45 ms)	894.45 (±6.65 ms)	+6.8ms (0.8%) 👎

table-create-1k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table/create/1k	duration	118.65 (±2.70 ms)	121.35 (±3.40 ms)	+2.7ms (2.3%) 👎

table-update-10th-1k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table/update-10th/1k	duration	83.35 (±5.85 ms)	78.55 (±2.10 ms)	-4.8ms (5.8%) 👌

tablecmp-append-1k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table-component/append/1k	duration	255.20 (±5.15 ms)	258.55 (±5.20 ms)	+3.4ms (1.3%) 👎

tablecmp-clear-1k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table-component/clear/1k	duration	12.60 (±1.80 ms)	13.25 (±1.70 ms)	+0.7ms (5.2%) 👌

tablecmp-create-10k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table-component/create/10k	duration	1742.85 (±17.90 ms)	1757.80 (±12.45 ms)	+15.0ms (0.9%) 👎

tablecmp-create-1k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table-component/create/1k	duration	210.15 (±6.10 ms)	211.35 (±4.90 ms)	+1.2ms (0.6%) 👌

tablecmp-update-10th-1k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table-component/update-10th/1k	duration	74.85 (±5.55 ms)	73.65 (±4.55 ms)	-1.2ms (1.6%) 👌

wc-append-1k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table-wc/append/1k	duration	257.55 (±8.85 ms)	262.90 (±7.25 ms)	+5.3ms (2.1%) 👎

wc-clear-1k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table-wc/clear/1k	duration	23.60 (±2.25 ms)	24.65 (±2.25 ms)	+1.0ms (4.4%) 👌

wc-create-10k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table-wc/create/10k	duration	1828.95 (±40.60 ms)	1826.75 (±31.35 ms)	-2.2ms (0.1%) 👌

wc-create-1k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table-wc/create/1k	duration	224.05 (±4.00 ms)	228.60 (±4.30 ms)	+4.6ms (2.0%) 👎

wc-update-10th-1k	metric	base(`94e6d2f`)	target(`2cd29ab`)	trend
benchmark-table-wc/update-10th/1k	duration	72.20 (±4.40 ms)	74.35 (±4.65 ms)	+2.2ms (3.0%) 👌

caridy · 2018-12-04T03:41:14Z

packages/@lwc/template-compiler/src/__tests__/fixtures/base/svg/expected.js

@@ -1,4 +1,4 @@
-import { registerTemplate } from "lwc";
+import { registerTemplate, sanitizeXLink } from "lwc";


this should be called sanitize with signature: (tagName: string, attrName: string, value: any)

The tag name is probably not enough here, we also need the namespace as well.

function sanatizeAttribute(tagName: string, namespaceUri: string, attrName: string, attrValue: any): void

since we were only concerned about sanitizing xlink function, i kept it explicit for locker. Do we anticipate more attributes that may need to be sanitized?

caridy · 2018-12-04T03:42:33Z

packages/@lwc/template-compiler/src/__tests__/fixtures/base/svg/expected.js

@@ -20,7 +20,7 @@ function tmpl($api, $cmp, $slotset, $ctx) {
          "use",
          {
            attrs: {
-              "xlink:href": "/x"
+              "xlink:href": sanitizeXLink("/x")


this expression should be sanitize("use", "xlink:href", "/x")

Do you foresee do that for all the attributes? Or only the one that we flagged as potential security issues?

at this point i was only implementing the flagged one, wasn't sure there was more?

caridy · 2018-12-04T03:43:40Z

packages/@lwc/template-compiler/src/parser/attribute.ts

@@ -60,6 +61,10 @@ export function isIdReferencingAttribute(attrName: string): boolean {
    return ID_REFERENCING_ATTRIBUTES_SET.has(attrName);
 }

+export function isXLinkAttribute(attrName: string): boolean {


make this a generic method that receives the tagName and the attrName, and determine if that requires sanitizing

i made the sanitizeAttribute function generic as requested. However, this particular function merely checks if this attribute is indeed a 'xlink:href'.

caridy · 2018-12-04T03:44:25Z

packages/@lwc/template-compiler/src/__tests__/fixtures/attributes/mixed-props-attrs/expected.js

@@ -3,7 +3,7 @@ import _nsBar from "ns/bar";
 import _nsBuzz from "ns/buzz";
 import _nsTable from "ns/table";
 import _nsInput from "ns/input";
-import { registerTemplate } from "lwc";
+import { registerTemplate, sanitizeXLink } from "lwc";


how is this going to work? who is responsible to populate this function? aura loader?

Locker will be responsible for overriding the value.

We also are going to add a sanitizeXLink no-op function on the lwc in the event of off-core usage where locker won't be available.

caridy · 2018-12-04T18:52:20Z

packages/@lwc/template-compiler/src/__tests__/fixtures/attributes/mixed-props-attrs/expected.js

@@ -77,7 +77,7 @@ function tmpl($api, $cmp, $slotset, $ctx) {
          "use",
          {
            attrs: {
-              "xlink:href": "xx"
+              "xlink:href": sanitizeAttribute("use", "http://www.w3.org/2000/svg", "xlink:href", "xx")


how are you planning to resolve the namespaceUri?

Is that something that the parser is producing already?

yes this information is already collected.

caridy · 2018-12-04T18:53:24Z

packages/@lwc/template-compiler/src/codegen/index.ts

@@ -386,6 +397,13 @@ function transform(
                if (isIdReferencingAttribute(attr.name)) {
                    return generateScopedIdFunctionForIdRefAttr(attr.value);
                }
+
+                if (isXLinkAttribute(attr.name) && namespaceURI === SVG_NAMESPACE_URI) {


eventually this should be abstracted, but I'm fine with this

salesforce-best-lwc-internal · 2018-12-04T21:01:48Z

Benchmark results

Base commit: 94e6d2f | Target commit: 3268718

lwc-engine-benchmark

table-append-1k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table/append/1k	duration	151.90 (±5.40 ms)	151.95 (±5.35 ms)	+0.0ms (0.0%) 👌

table-clear-1k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table/clear/1k	duration	6.50 (±0.40 ms)	6.40 (±0.40 ms)	-0.1ms (1.5%) 👌

table-create-10k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table/create/10k	duration	887.65 (±6.45 ms)	877.85 (±7.10 ms)	-9.8ms (1.1%) 👍

table-create-1k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table/create/1k	duration	118.65 (±2.70 ms)	119.55 (±2.85 ms)	+0.9ms (0.8%) 👌

table-update-10th-1k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table/update-10th/1k	duration	83.35 (±5.85 ms)	76.50 (±1.50 ms)	-6.8ms (8.2%) 👍

tablecmp-append-1k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table-component/append/1k	duration	255.20 (±5.15 ms)	252.20 (±5.00 ms)	-3.0ms (1.2%) 👌

tablecmp-clear-1k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table-component/clear/1k	duration	12.60 (±1.80 ms)	12.60 (±1.85 ms)	0.0ms (0.0%) 👌

tablecmp-create-10k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table-component/create/10k	duration	1742.85 (±17.90 ms)	1748.00 (±10.00 ms)	+5.2ms (0.3%) 👌

tablecmp-create-1k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table-component/create/1k	duration	210.15 (±6.10 ms)	209.40 (±6.50 ms)	-0.8ms (0.4%) 👌

tablecmp-update-10th-1k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table-component/update-10th/1k	duration	74.85 (±5.55 ms)	69.80 (±6.20 ms)	-5.0ms (6.7%) 👍

wc-append-1k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table-wc/append/1k	duration	257.55 (±8.85 ms)	258.95 (±8.90 ms)	+1.4ms (0.5%) 👌

wc-clear-1k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table-wc/clear/1k	duration	23.60 (±2.25 ms)	23.45 (±2.55 ms)	-0.2ms (0.6%) 👌

wc-create-10k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table-wc/create/10k	duration	1828.95 (±40.60 ms)	1846.55 (±34.60 ms)	+17.6ms (1.0%) 👌

wc-create-1k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table-wc/create/1k	duration	224.05 (±4.00 ms)	225.95 (±5.75 ms)	+1.9ms (0.8%) 👌

wc-update-10th-1k	metric	base(`94e6d2f`)	target(`3268718`)	trend
benchmark-table-wc/update-10th/1k	duration	72.20 (±4.40 ms)	71.65 (±4.20 ms)	-0.5ms (0.8%) 👌

salesforce-best-lwc-internal · 2018-12-04T22:27:07Z

Benchmark results

Base commit: 5010713 | Target commit: 3268718

lwc-engine-benchmark

table-append-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/append/1k	duration	152.75 (±3.65 ms)	151.15 (±4.60 ms)	-1.6ms (1.0%) 👌

table-clear-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/clear/1k	duration	6.35 (±0.35 ms)	6.30 (±0.30 ms)	-0.0ms (0.8%) 👌

table-create-10k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/create/10k	duration	888.50 (±5.60 ms)	884.55 (±4.85 ms)	-4.0ms (0.4%) 👌

table-create-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/create/1k	duration	118.45 (±3.50 ms)	119.10 (±2.80 ms)	+0.6ms (0.5%) 👌

table-update-10th-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/update-10th/1k	duration	77.20 (±2.55 ms)	77.45 (±2.60 ms)	+0.3ms (0.3%) 👌

tablecmp-append-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/append/1k	duration	258.50 (±4.95 ms)	259.60 (±7.10 ms)	+1.1ms (0.4%) 👌

tablecmp-clear-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/clear/1k	duration	11.90 (±1.50 ms)	12.50 (±1.40 ms)	+0.6ms (5.0%) 👎

tablecmp-create-10k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/create/10k	duration	1756.05 (±11.55 ms)	1751.25 (±14.10 ms)	-4.8ms (0.3%) 👍

tablecmp-create-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/create/1k	duration	213.35 (±5.30 ms)	210.85 (±4.85 ms)	-2.5ms (1.2%) 👌

tablecmp-update-10th-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/update-10th/1k	duration	72.30 (±7.60 ms)	71.80 (±3.95 ms)	-0.5ms (0.7%) 👌

wc-append-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/append/1k	duration	261.25 (±8.45 ms)	259.45 (±13.15 ms)	-1.8ms (0.7%) 👌

wc-clear-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/clear/1k	duration	23.30 (±2.00 ms)	24.80 (±2.45 ms)	+1.5ms (6.4%) 👎

wc-create-10k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/create/10k	duration	1970.40 (±10.85 ms)	1828.95 (±51.45 ms)	-141.5ms (7.2%) 👍

wc-create-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/create/1k	duration	226.70 (±5.15 ms)	225.00 (±6.00 ms)	-1.7ms (0.7%) 👌

wc-update-10th-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/update-10th/1k	duration	71.55 (±3.70 ms)	72.30 (±5.50 ms)	+0.7ms (1.0%) 👌

salesforce-best-lwc-internal · 2018-12-04T22:47:46Z

Benchmark results

Base commit: 5010713 | Target commit: 3268718

lwc-engine-benchmark

table-append-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/append/1k	duration	152.75 (±3.65 ms)	151.60 (±4.65 ms)	-1.2ms (0.8%) 👌

table-clear-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/clear/1k	duration	6.35 (±0.35 ms)	6.45 (±0.35 ms)	+0.1ms (1.6%) 👌

table-create-10k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/create/10k	duration	888.50 (±5.60 ms)	903.00 (±5.60 ms)	+14.5ms (1.6%) 👎

table-create-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/create/1k	duration	118.45 (±3.50 ms)	119.50 (±2.15 ms)	+1.0ms (0.9%) 👌

table-update-10th-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/update-10th/1k	duration	77.20 (±2.55 ms)	77.50 (±2.50 ms)	+0.3ms (0.4%) 👌

tablecmp-append-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/append/1k	duration	258.50 (±4.95 ms)	253.15 (±8.65 ms)	-5.3ms (2.1%) 👍

tablecmp-clear-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/clear/1k	duration	11.90 (±1.50 ms)	12.00 (±1.60 ms)	+0.1ms (0.8%) 👌

tablecmp-create-10k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/create/10k	duration	1756.05 (±11.55 ms)	1721.30 (±12.25 ms)	-34.8ms (2.0%) 👍

tablecmp-create-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/create/1k	duration	213.35 (±5.30 ms)	207.45 (±4.60 ms)	-5.9ms (2.8%) 👍

tablecmp-update-10th-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/update-10th/1k	duration	72.30 (±7.60 ms)	69.10 (±5.35 ms)	-3.2ms (4.4%) 👌

wc-append-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/append/1k	duration	261.25 (±8.45 ms)	259.50 (±8.50 ms)	-1.8ms (0.7%) 👌

wc-clear-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/clear/1k	duration	23.30 (±2.00 ms)	22.45 (±2.30 ms)	-0.9ms (3.6%) 👌

wc-create-10k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/create/10k	duration	1970.40 (±10.85 ms)	1849.75 (±50.55 ms)	-120.7ms (6.1%) 👍

wc-create-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/create/1k	duration	226.70 (±5.15 ms)	225.45 (±4.25 ms)	-1.3ms (0.6%) 👌

wc-update-10th-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/update-10th/1k	duration	71.55 (±3.70 ms)	74.95 (±5.25 ms)	+3.4ms (4.8%) 👎

caridy · 2018-12-04T23:25:51Z

LGTM so far

salesforce-best-lwc-internal · 2018-12-04T23:53:04Z

Benchmark results

Base commit: 5010713 | Target commit: 3268718

lwc-engine-benchmark

table-append-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/append/1k	duration	152.75 (±3.65 ms)	149.85 (±4.70 ms)	-2.9ms (1.9%) 👌

table-clear-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/clear/1k	duration	6.35 (±0.35 ms)	6.40 (±0.30 ms)	+0.1ms (0.8%) 👌

table-create-10k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/create/10k	duration	888.50 (±5.60 ms)	879.65 (±5.30 ms)	-8.9ms (1.0%) 👍

table-create-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/create/1k	duration	118.45 (±3.50 ms)	118.80 (±2.90 ms)	+0.4ms (0.3%) 👌

table-update-10th-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table/update-10th/1k	duration	77.20 (±2.55 ms)	77.80 (±2.80 ms)	+0.6ms (0.8%) 👌

tablecmp-append-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/append/1k	duration	258.50 (±4.95 ms)	257.85 (±6.25 ms)	-0.6ms (0.3%) 👌

tablecmp-clear-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/clear/1k	duration	11.90 (±1.50 ms)	12.05 (±1.75 ms)	+0.2ms (1.3%) 👌

tablecmp-create-10k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/create/10k	duration	1756.05 (±11.55 ms)	1709.90 (±13.55 ms)	-46.2ms (2.6%) 👍

tablecmp-create-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/create/1k	duration	213.35 (±5.30 ms)	209.50 (±6.35 ms)	-3.9ms (1.8%) 👍

tablecmp-update-10th-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-component/update-10th/1k	duration	72.30 (±7.60 ms)	73.30 (±5.05 ms)	+1.0ms (1.4%) 👌

wc-append-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/append/1k	duration	261.25 (±8.45 ms)	254.55 (±10.20 ms)	-6.7ms (2.6%) 👍

wc-clear-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/clear/1k	duration	23.30 (±2.00 ms)	23.00 (±2.30 ms)	-0.3ms (1.3%) 👌

wc-create-10k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/create/10k	duration	1970.40 (±10.85 ms)	1838.75 (±44.70 ms)	-131.7ms (6.7%) 👍

wc-create-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/create/1k	duration	226.70 (±5.15 ms)	225.55 (±4.05 ms)	-1.1ms (0.5%) 👌

wc-update-10th-1k	metric	base(`5010713`)	target(`3268718`)	trend
benchmark-table-wc/update-10th/1k	duration	71.55 (±3.70 ms)	73.45 (±4.80 ms)	+1.9ms (2.7%) 👌

salesforce-best-lwc-internal · 2018-12-05T00:50:08Z

Benchmark results

Base commit: 041eb1e | Target commit: 9982b45

lwc-engine-benchmark

table-append-1k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table/append/1k	duration	152.25 (±5.30 ms)	151.30 (±3.90 ms)	-0.9ms (0.6%) 👍

table-clear-1k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table/clear/1k	duration	6.50 (±0.35 ms)	6.10 (±0.30 ms)	-0.4ms (6.2%) 👍

table-create-10k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table/create/10k	duration	883.45 (±6.00 ms)	881.65 (±6.75 ms)	-1.8ms (0.2%) 👌

table-create-1k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table/create/1k	duration	118.55 (±2.25 ms)	118.70 (±3.35 ms)	+0.1ms (0.1%) 👌

table-update-10th-1k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table/update-10th/1k	duration	78.90 (±2.50 ms)	84.80 (±5.00 ms)	+5.9ms (7.5%) 👌

tablecmp-append-1k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table-component/append/1k	duration	259.10 (±4.80 ms)	258.00 (±4.60 ms)	-1.1ms (0.4%) 👌

tablecmp-clear-1k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table-component/clear/1k	duration	13.30 (±1.90 ms)	12.05 (±1.90 ms)	-1.3ms (9.4%) 👌

tablecmp-create-10k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table-component/create/10k	duration	1773.85 (±11.75 ms)	1784.90 (±11.50 ms)	+11.1ms (0.6%) 👎

tablecmp-create-1k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table-component/create/1k	duration	211.35 (±6.55 ms)	211.05 (±6.20 ms)	-0.3ms (0.1%) 👌

tablecmp-update-10th-1k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table-component/update-10th/1k	duration	67.95 (±4.50 ms)	70.85 (±5.05 ms)	+2.9ms (4.3%) 👌

wc-append-1k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table-wc/append/1k	duration	263.60 (±7.55 ms)	265.10 (±6.95 ms)	+1.5ms (0.6%) 👌

wc-clear-1k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table-wc/clear/1k	duration	23.95 (±2.20 ms)	23.55 (±2.30 ms)	-0.4ms (1.7%) 👌

wc-create-10k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table-wc/create/10k	duration	1952.60 (±11.35 ms)	1946.05 (±11.25 ms)	-6.5ms (0.3%) 👌

wc-create-1k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table-wc/create/1k	duration	225.70 (±4.75 ms)	225.35 (±5.90 ms)	-0.3ms (0.2%) 👌

wc-update-10th-1k	metric	base(`041eb1e`)	target(`9982b45`)	trend
benchmark-table-wc/update-10th/1k	duration	74.90 (±5.10 ms)	72.75 (±5.15 ms)	-2.2ms (2.9%) 👌

salesforce-best-lwc-internal · 2018-12-06T01:04:02Z

Benchmark results

Base commit: 16a49a3 | Target commit: dff17b8

lwc-engine-benchmark

table-append-1k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table/append/1k	duration	152.65 (±4.05 ms)	153.80 (±4.90 ms)	+1.2ms (0.8%) 👌

table-clear-1k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table/clear/1k	duration	6.45 (±0.35 ms)	6.10 (±0.30 ms)	-0.4ms (5.4%) 👍

table-create-10k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table/create/10k	duration	894.65 (±5.70 ms)	878.35 (±4.50 ms)	-16.3ms (1.8%) 👍

table-create-1k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table/create/1k	duration	119.35 (±2.65 ms)	120.80 (±2.70 ms)	+1.5ms (1.2%) 👌

table-update-10th-1k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table/update-10th/1k	duration	77.15 (±2.80 ms)	78.25 (±3.40 ms)	+1.1ms (1.4%) 👌

tablecmp-append-1k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table-component/append/1k	duration	253.40 (±7.55 ms)	253.75 (±7.75 ms)	+0.4ms (0.1%) 👌

tablecmp-clear-1k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table-component/clear/1k	duration	12.90 (±1.80 ms)	11.75 (±1.25 ms)	-1.2ms (8.9%) 👌

tablecmp-create-10k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table-component/create/10k	duration	1752.10 (±9.90 ms)	1760.45 (±9.50 ms)	+8.3ms (0.5%) 👎

tablecmp-create-1k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table-component/create/1k	duration	211.55 (±5.95 ms)	210.85 (±6.65 ms)	-0.7ms (0.3%) 👌

tablecmp-update-10th-1k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table-component/update-10th/1k	duration	71.40 (±4.95 ms)	72.20 (±5.45 ms)	+0.8ms (1.1%) 👌

wc-append-1k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table-wc/append/1k	duration	258.70 (±9.75 ms)	261.35 (±8.30 ms)	+2.7ms (1.0%) 👌

wc-clear-1k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table-wc/clear/1k	duration	23.45 (±2.95 ms)	23.60 (±2.15 ms)	+0.2ms (0.6%) 👌

wc-create-10k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table-wc/create/10k	duration	1975.40 (±14.15 ms)	1967.35 (±11.95 ms)	-8.1ms (0.4%) 👍

wc-create-1k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table-wc/create/1k	duration	225.35 (±4.50 ms)	227.10 (±3.90 ms)	+1.8ms (0.8%) 👌

wc-update-10th-1k	metric	base(`16a49a3`)	target(`dff17b8`)	trend
benchmark-table-wc/update-10th/1k	duration	74.50 (±5.35 ms)	75.95 (±5.00 ms)	+1.5ms (1.9%) 👌

apapko added the nomerge label Dec 4, 2018

apapko requested review from caridy and pmdartus December 4, 2018 02:01

caridy reviewed Dec 4, 2018

View reviewed changes

apapko removed the nomerge label Dec 4, 2018

apapko added 3 commits December 4, 2018 16:32

feat: secure wrap xlink

a2a4cb0

wip: make sanitize function generic

7c368b2

wip: remove tests that is covered by fixtures

9982b45

apapko force-pushed the apapko/xlink branch from 3268718 to 9982b45 Compare December 5, 2018 00:32

test: correct failing intergration test

dff17b8

apapko merged commit fcfbe3f into master Dec 6, 2018

apapko deleted the apapko/xlink branch December 6, 2018 01:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: secure wrap xlink #875

feat: secure wrap xlink #875

apapko commented Dec 4, 2018 •

edited

Loading

salesforce-best-lwc-internal bot commented Dec 4, 2018

caridy Dec 4, 2018 •

edited

Loading

pmdartus Dec 4, 2018

apapko Dec 4, 2018

caridy Dec 4, 2018

pmdartus Dec 4, 2018

apapko Dec 4, 2018

caridy Dec 4, 2018

apapko Dec 4, 2018

caridy Dec 4, 2018

caridy Dec 4, 2018

pmdartus Dec 4, 2018

apapko Dec 4, 2018

caridy Dec 4, 2018

caridy Dec 4, 2018

apapko Dec 4, 2018

caridy Dec 4, 2018

salesforce-best-lwc-internal bot commented Dec 4, 2018

salesforce-best-lwc-internal bot commented Dec 4, 2018

salesforce-best-lwc-internal bot commented Dec 4, 2018

caridy commented Dec 4, 2018

salesforce-best-lwc-internal bot commented Dec 4, 2018

salesforce-best-lwc-internal bot commented Dec 5, 2018

salesforce-best-lwc-internal bot commented Dec 6, 2018

		@@ -1,4 +1,4 @@
		import { registerTemplate } from "lwc";
		import { registerTemplate, sanitizeXLink } from "lwc";

feat: secure wrap xlink #875

feat: secure wrap xlink #875

Conversation

apapko commented Dec 4, 2018 • edited Loading

Details

Does this PR introduce a breaking change?

salesforce-best-lwc-internal bot commented Dec 4, 2018

Benchmark results

lwc-engine-benchmark

caridy Dec 4, 2018 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

salesforce-best-lwc-internal bot commented Dec 4, 2018

Benchmark results

lwc-engine-benchmark

salesforce-best-lwc-internal bot commented Dec 4, 2018

Benchmark results

lwc-engine-benchmark

salesforce-best-lwc-internal bot commented Dec 4, 2018

Benchmark results

lwc-engine-benchmark

caridy commented Dec 4, 2018

salesforce-best-lwc-internal bot commented Dec 4, 2018

Benchmark results

lwc-engine-benchmark

salesforce-best-lwc-internal bot commented Dec 5, 2018

Benchmark results

lwc-engine-benchmark

salesforce-best-lwc-internal bot commented Dec 6, 2018

Benchmark results

lwc-engine-benchmark

apapko commented Dec 4, 2018 •

edited

Loading

caridy Dec 4, 2018 •

edited

Loading