fix(deps): update @xmldom/xmldom to ^0.9.10 for spec-compliant DOM

lib/saml11.js

@@ -218,7 +218,7 @@ function addSubjectConfirmation(encryptOptions, doc, randomBytes, callback) {
     for (var i=0; i<subjectConfirmationNodes.length; i++) {
       var keyinfoDom;
       try {
-        keyinfoDom = new Parser().parseFromString(keyinfo);
+        keyinfoDom = new Parser().parseFromString(keyinfo, 'text/xml');
       } catch(error){
         return utils.reportError(error, callback);
       }

lib/utils.js

@@ -69,7 +69,7 @@ function getRandomInt(min, max) {
  */
 exports.factoryForNode = function factoryForNode(pathToTemplate) {
   const template = fs.readFileSync(pathToTemplate);
-  const prototypeDoc = new Parser().parseFromString(template.toString());
+  const prototypeDoc = new Parser().parseFromString(template.toString(), 'text/xml');
 
   return function () {
     return prototypeDoc.cloneNode(true);

package.json

@@ -28,7 +28,7 @@
   "author": "Matias Woloski (Auth0)",
   "license": "MIT",
   "dependencies": {
-    "@xmldom/xmldom": "^0.7.4",
+    "@xmldom/xmldom": "^0.9.10",
     "async": "^3.2.4",
     "moment": "^2.29.4",
     "valid-url": "~1.0.9",

test/saml11.tests.js

@@ -304,7 +304,7 @@ describe('saml 1.1', function () {
           xpathToNodeBeforeSignature: "//*[local-name(.)='Conditions']"
         };
         var signedAssertion = saml11[createAssertion](options);
-        var doc = new xmldom.DOMParser().parseFromString(signedAssertion);
+        var doc = new xmldom.DOMParser().parseFromString(signedAssertion, 'text/xml');
 
         var signature = doc.documentElement.getElementsByTagName('Signature');
 
@@ -438,7 +438,7 @@ describe('saml 1.1', function () {
             xmlenc.decrypt(encrypted, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function(err, decrypted) {
               if (err) return done(err);
 
-              var doc = new xmldom.DOMParser().parseFromString(decrypted);
+              var doc = new xmldom.DOMParser().parseFromString(decrypted, 'text/xml');
               var subjectConfirmationNodes = doc.documentElement.getElementsByTagName('saml:SubjectConfirmation');
               assert.equal(2, subjectConfirmationNodes.length);
               for (var i=0;i<subjectConfirmationNodes.length;i++) {
@@ -503,7 +503,7 @@ describe('saml 1.1', function () {
 
           saml11[createAssertion](options, function (err, encrypted) {
             if (err) return done(err);
-            var doc = new xmldom.DOMParser().parseFromString(encrypted);
+            var doc = new xmldom.DOMParser().parseFromString(encrypted, 'text/xml');
             var encryptionMethod = doc.getElementsByTagName('xenc:EncryptionMethod')[0];
             assert.equal('http://www.w3.org/2009/xmlenc11#aes256-gcm', encryptionMethod.getAttribute('Algorithm'));
             done();
@@ -523,7 +523,7 @@ describe('saml 1.1', function () {
 
           saml11[createAssertion](options, function (err, encrypted) {
             if (err) return done(err);
-            var doc = new xmldom.DOMParser().parseFromString(encrypted);
+            var doc = new xmldom.DOMParser().parseFromString(encrypted, 'text/xml');
             var encryptionMethod = doc.getElementsByTagName('xenc:EncryptionMethod')[0];
             assert.equal('http://www.w3.org/2001/04/xmlenc#aes256-cbc', encryptionMethod.getAttribute('Algorithm'));
             assert.equal(consoleSpy.called, true);

test/saml20.tests.js

@@ -337,19 +337,19 @@ describe('saml 2.0', function () {
         var attributes = utils.getAttributes(signedAssertion);
         assert.equal(5, attributes.length);
         assert.equal('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress', attributes[0].getAttribute('Name'));
-        assert.equal('', attributes[0].getAttribute('NameFormat'));
+        assert.equal(null, attributes[0].getAttribute('NameFormat'));
         assert.equal('foo@bar.com', attributes[0].textContent);
         assert.equal('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name', attributes[1].getAttribute('Name'));
-        assert.equal('', attributes[1].getAttribute('NameFormat'));
+        assert.equal(null, attributes[1].getAttribute('NameFormat'));
         assert.equal('Foo Bar', attributes[1].textContent);
         assert.equal('testaccent', attributes[2].getAttribute('Name'));
-        assert.equal('', attributes[2].getAttribute('NameFormat'));
+        assert.equal(null, attributes[2].getAttribute('NameFormat'));
         assert.equal('fóo', attributes[2].textContent);
         assert.equal('urn:test:1:2:3', attributes[3].getAttribute('Name'));
-        assert.equal('', attributes[3].getAttribute('NameFormat'));
+        assert.equal(null, attributes[3].getAttribute('NameFormat'));
         assert.equal('true', attributes[3].textContent);
         assert.equal('123~oo', attributes[4].getAttribute('Name'));
-        assert.equal('', attributes[4].getAttribute('NameFormat'));
+        assert.equal(null, attributes[4].getAttribute('NameFormat'));
         assert.equal('123', attributes[4].textContent);
       });
 
@@ -461,7 +461,7 @@ describe('saml 2.0', function () {
 
         assertSignature(signedAssertion, options);
 
-        var doc = new xmldom.DOMParser().parseFromString(signedAssertion);
+        var doc = new xmldom.DOMParser().parseFromString(signedAssertion, 'text/xml');
         var signature = doc.documentElement.getElementsByTagName('Signature');
 
         assert.equal('saml:Conditions', signature[0].previousSibling.nodeName);
@@ -486,7 +486,7 @@ describe('saml 2.0', function () {
 
         assertSignature(signedAssertion, options);
 
-        var doc = new xmldom.DOMParser().parseFromString(signedAssertion);
+        var doc = new xmldom.DOMParser().parseFromString(signedAssertion, 'text/xml');
         var signature = doc.documentElement.getElementsByTagName(options.signatureNamespacePrefix + ':Signature');
         assert.equal('saml:Conditions', signature[0].previousSibling.nodeName);
       });
@@ -510,7 +510,7 @@ describe('saml 2.0', function () {
 
         assertSignature(signedAssertion, options);
 
-        var doc = new xmldom.DOMParser().parseFromString(signedAssertion);
+        var doc = new xmldom.DOMParser().parseFromString(signedAssertion, 'text/xml');
         var signature = doc.documentElement.getElementsByTagName(options.prefix + ':Signature');
         assert.equal('saml:Conditions', signature[0].previousSibling.nodeName);
       });
@@ -534,7 +534,7 @@ describe('saml 2.0', function () {
 
         assertSignature(signedAssertion, options);
 
-        var doc = new xmldom.DOMParser().parseFromString(signedAssertion);
+        var doc = new xmldom.DOMParser().parseFromString(signedAssertion, 'text/xml');
         var signature = doc.documentElement.getElementsByTagName('Signature');
         assert.equal('saml:Conditions', signature[0].previousSibling.nodeName);
       });
@@ -559,7 +559,7 @@ describe('saml 2.0', function () {
 
         assertSignature(signedAssertion, options);
 
-        var doc = new xmldom.DOMParser().parseFromString(signedAssertion);
+        var doc = new xmldom.DOMParser().parseFromString(signedAssertion, 'text/xml');
         var audienceRestriction = doc.documentElement.getElementsByTagName('saml:AudienceRestriction');
         assert.equal(audienceRestriction.length, 0);
       });
@@ -576,7 +576,7 @@ describe('saml 2.0', function () {
 
         assertSignature(signedAssertion, options);
 
-        var doc = new xmldom.DOMParser().parseFromString(signedAssertion);
+        var doc = new xmldom.DOMParser().parseFromString(signedAssertion, 'text/xml');
         var attributeStatement = doc.documentElement.getElementsByTagName('saml:AttributeStatement');
         assert.equal(attributeStatement.length, 0);
       });

test/utils.js

@@ -26,24 +26,24 @@ exports.isValidSignature = function(assertion, cert) {
  * @return {Element[]}
  */
 exports.getXmlSignatures = function(assertion) {
-  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  var doc = new xmldom.DOMParser().parseFromString(assertion, 'text/xml');
   var signatures = xmlCrypto.xpath(doc, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']");
 
   return signatures;
 }
 
 exports.getIssuer = function(assertion) {
-  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  var doc = new xmldom.DOMParser().parseFromString(assertion, 'text/xml');
   return doc.documentElement.getAttribute('Issuer');
 };
 
 exports.getAssertionID = function(assertion) {
-  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  var doc = new xmldom.DOMParser().parseFromString(assertion, 'text/xml');
   return doc.documentElement.getAttribute('AssertionID');
 };
 
 exports.getIssueInstant = function(assertion) {
-  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  var doc = new xmldom.DOMParser().parseFromString(assertion, 'text/xml');
   return doc.documentElement.getAttribute('IssueInstant');
 };
 
@@ -52,32 +52,32 @@ exports.getAuthenticationInstant = function (assertion) {
 };
 
 exports.getConditions = function(assertion) {
-  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  var doc = new xmldom.DOMParser().parseFromString(assertion, 'text/xml');
   return doc.documentElement.getElementsByTagName('saml:Conditions');
 };
 
 exports.getAudiences = function(assertion) {
-  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  var doc = new xmldom.DOMParser().parseFromString(assertion, 'text/xml');
   return doc.documentElement
             .getElementsByTagName('saml:Conditions')[0]
             .getElementsByTagName('saml:AudienceRestrictionCondition')[0]
             .getElementsByTagName('saml:Audience');
 };
 
 exports.getAuthenticationStatement = function(assertion) {
-  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  var doc = new xmldom.DOMParser().parseFromString(assertion, 'text/xml');
   return doc.documentElement
             .getElementsByTagName('saml:AuthenticationStatement')[0];
 };
 
 exports.getAttributes = function(assertion) {
-  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  var doc = new xmldom.DOMParser().parseFromString(assertion, 'text/xml');
   return doc.documentElement
             .getElementsByTagName('saml:Attribute');
 };
 
 exports.getNameIdentifier = function(assertion) {
-  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  var doc = new xmldom.DOMParser().parseFromString(assertion, 'text/xml');
   return doc.documentElement
             .getElementsByTagName('saml:NameIdentifier')[0];
 };
@@ -86,31 +86,31 @@ exports.getNameIdentifier = function(assertion) {
 //SAML2.0
 
 exports.getNameID = function(assertion) {
-  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  var doc = new xmldom.DOMParser().parseFromString(assertion, 'text/xml');
   return doc.documentElement
             .getElementsByTagName('saml:NameID')[0];
 };
 
 exports.getSaml2Issuer = function(assertion) {
-  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  var doc = new xmldom.DOMParser().parseFromString(assertion, 'text/xml');
   return doc.documentElement
             .getElementsByTagName('saml:Issuer')[0];
 };
 
 exports.getAuthnContextClassRef = function(assertion) {
-  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  var doc = new xmldom.DOMParser().parseFromString(assertion, 'text/xml');
   return doc.documentElement
             .getElementsByTagName('saml:AuthnContextClassRef')[0];
 };
 
 exports.getSubjectConfirmation = function(assertion) {
-  var doc = new xmldom.DOMParser().parseFromString(assertion);
+  var doc = new xmldom.DOMParser().parseFromString(assertion, 'text/xml');
   return doc.documentElement
             .getElementsByTagName('saml:getSubjectConfirmation');
 };
 
 exports.getEncryptedData = function(encryptedAssertion) {
-  var doc = new xmldom.DOMParser().parseFromString(encryptedAssertion);
+  var doc = new xmldom.DOMParser().parseFromString(encryptedAssertion, 'text/xml');
   return doc.documentElement
             .getElementsByTagName('xenc:EncryptedData')[0];
 };