Improvements:

  * Make all string identifiers importable
  * Use Google Closure Compiler for all inlined scripts

@types/legacy/index.d.ts

@@ -0,0 +1,19 @@
+/* Copyright © 2024 Exact Realty Limited. All rights reserved.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+declare module 'legacy:*' {
+	const content: string;
+	export const contentBase64: string;
+	export const path: string;
+	export const sri: string;
+
+	export default content;
+}

esbuild.mjs

@@ -195,7 +195,31 @@ const exactRealtyBuilderPlugin = (
 
 (async () => {
 	const plugins = [
-		inlineScripts({ target: 'es2015', format: 'cjs' }),
+		inlineScripts(
+			{
+				target: 'es2015',
+				format: 'iife',
+				plugins: [
+					cc({
+						env: 'BROWSER',
+						compilation_level: 'ADVANCED',
+						language_out: 'ECMASCRIPT5',
+					}),
+				],
+			},
+			/^legacy:/,
+		),
+		inlineScripts({
+			target: 'es2020',
+			format: 'cjs',
+			plugins: [
+				cc({
+					env: 'BROWSER',
+					compilation_level: 'ADVANCED',
+					language_out: 'ECMASCRIPT_2020',
+				}),
+			],
+		}),
 		sveltePlugin({
 			preprocess: sveltePreprocess({
 				typescript: {},

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@exact-realty/cms-ep-sfx",
-	"version": "1.0.4",
+	"version": "1.0.5",
 	"description": "Secure File Sharing Utility",
 	"type": "module",
 	"main": "-",
@@ -13,7 +13,7 @@
 		"@exact-realty/asn1-der": "^1.0.1",
 		"@exact-realty/cms-classes": "^1.0.0",
 		"@exact-realty/crypto-oids": "^20240221.0.0",
-		"@exact-realty/esbuild-plugin-closure-compiler": "^1.0.4",
+		"@exact-realty/esbuild-plugin-closure-compiler": "^1.0.5",
 		"@exact-realty/esbuild-plugin-inline-js": "^1.1.7",
 		"@exact-realty/lot": "^0.0.26",
 		"@exact-realty/routemate": "^1.0.5",

src/App.css

@@ -136,7 +136,7 @@
 		sans-serif;
 }
 
-#error {
+#ERROR_ELEMENT__ {
 	display: none;
 }
 

src/fallbackMessage.inline.ts

@@ -13,6 +13,8 @@
  * limitations under the License.
  */
 
+import { ERROR_ELEMENT_ID_ } from '~/lib/elementIds.js';
+
 type CSSProperty = keyof Omit<
 	Partial<CSSStyleDeclaration>,
 	| 'length'
@@ -24,7 +26,7 @@ type CSSProperty = keyof Omit<
 	| 'setProperty'
 >;
 
-onerror = function (
+self.onerror = function (
 	event: ErrorEvent | string,
 	_document: Document,
 	_e$: HTMLElement | null,
@@ -36,7 +38,7 @@ onerror = function (
 	void _paragraph$;
 
 	_document = document;
-	_e$ = _document.getElementById('error');
+	_e$ = _document.getElementById(ERROR_ELEMENT_ID_);
 	if (_e$) {
 		_e$.style['display'] = 'block';
 		if (event) {
@@ -62,10 +64,10 @@ onerror = function (
 		}
 	}
 	return false;
-} as unknown as typeof onerror;
+} as unknown as Window['onerror'];
 
 if (typeof Reflect === [] + [][0])
-	onload = function (
+	self.onload = function (
 		_document: Document,
 		_body$: HTMLElement,
 		_createElement: Document['createElement'],
@@ -110,4 +112,4 @@ if (typeof Reflect === [] + [][0])
 		);
 		_div$.appendChild(_paragraph$);
 		_body$.insertBefore(_div$, _body$.firstChild);
-	} as unknown as typeof onload;
+	} as unknown as Window['onload'];

src/lib/elementIds.ts

@@ -24,3 +24,4 @@ export const CMS_FILENAME_ELEMENT_ID_ = 'CMS_FILENAME_ELEMENT__';
 export const CMS_HINT_ELEMENT_ID_ = 'CMS_HINT_ELEMENT__';
 export const ENCRYPT_DROPZONE_ELEMENT_ID_ = 'ENCRYPT_DROPZONE_ELEMENT__';
 export const ROOT_ELEMENT_ID_ = 'ROOT_ELEMENT__';
+export const ERROR_ELEMENT_ID_ = 'ERROR_ELEMENT__';

src/lib/generateHtml.ts

@@ -13,13 +13,14 @@
  * limitations under the License.
  */
 
-import * as fallbackMessage from 'inline:~/fallbackMessage.inline.js';
-import * as loader from 'inline:~/loader.inline.js';
+import * as fallbackMessage from 'legacy:~/fallbackMessage.inline.js';
+import * as loader from 'legacy:~/loader.inline.js';
 import chunkString from './chunkString.js';
 import {
 	CMS_DATA_ELEMENT_ID_,
 	CMS_FILENAME_ELEMENT_ID_,
 	CMS_HINT_ELEMENT_ID_,
+	ERROR_ELEMENT_ID_,
 	MAIN_SCRIPT_SRC_ELEMENT_ID_,
 	MAIN_STYLESHEET_ELEMENT_ID_,
 } from './elementIds.js';
@@ -132,7 +133,7 @@ const generateHtml_ = async (
 		'</div>' +
 		'</div>' +
 		'</div>' +
-		'<div id="error">' +
+		`<div id="${xmlEscapeAttr(ERROR_ELEMENT_ID_)}">` +
 		'<div id="ERROR_WARNING_CONTAINER_ELEMENT__">' +
 		'<div id="ERROR_WARNING_TEXT_CONTAINER_ELEMENT__">' +
 		'<p id="ERROR_WARNING_TEXT_ELEMENT__" lang="en" xml:lang="en">' +

src/lib/prepareDownloadableCmsPayload.ts

@@ -14,6 +14,10 @@
  */
 
 import chunkString from './chunkString.js';
+import {
+	constructCmsData$SEP_,
+	fileEncryptionCms$SEP_,
+} from './sandboxEntrypoints.js';
 import type setupConstructCmsSandbox from './setupConstructCmsSandbox.js';
 import type setupEncryptionSandbox from './setupEncryptionSandbox.js';
 import uint8ArrayToBase64 from './uint8ArrayToBase64.js';
@@ -55,12 +59,16 @@ const prepareDownloadableCmsPayload_ = async (
 		throw new TypeError('sandbox is not a function');
 	}
 
-	const data = await encryptionSandbox('fileEncryptionCms', buffer, filename);
+	const data = await encryptionSandbox(
+		fileEncryptionCms$SEP_,
+		buffer,
+		filename,
+	);
 
 	return (
 		await Promise.all([
 			cmsSandbox(
-				'constructCmsData',
+				constructCmsData$SEP_,
 				data[0],
 				data[1],
 				data[2],
@@ -69,7 +77,7 @@ const prepareDownloadableCmsPayload_ = async (
 				data[5],
 			),
 			cmsSandbox(
-				'constructCmsData',
+				constructCmsData$SEP_,
 				data[0],
 				data[1],
 				data[6],

src/lib/sandboxEntrypoints.ts

@@ -0,0 +1,27 @@
+/* Copyright © 2024 Exact Realty Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License") with LLVM
+ * exceptions; you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://llvm.org/foundation/relicensing/LICENSE.txt
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export const constructCmsData$SEP_ = 'constructCmsData';
+export const deriveKEK$SEP_ = 'deriveKEK';
+export const fileDecryptionCms$SEP_ = 'fileDecryptionCms';
+export const fileEncryptionCms$SEP_ = 'fileEncryptionCms';
+export const parseCmsData$SEP_ = 'parseCmsData';
+
+export const external$decrypt$SEP_ = 'external$decrypt';
+export const external$deriveKey$SEP_ = 'external$deriveKey';
+export const external$encrypt$SEP_ = 'external$encrypt';
+export const external$exportKey$SEP_ = 'external$exportKey';
+export const external$generateKey$SEP_ = 'external$generateKey';
+export const external$importKey$SEP_ = 'external$importKey';

src/lib/setupConstructCmsSandbox.ts

@@ -15,10 +15,11 @@
 
 import browserSandbox from '@exact-realty/lot/browser';
 import * as constructCmsData from 'inline:~/sandbox/constructCmsData.js';
+import type { constructCmsData$SEP_ } from './sandboxEntrypoints.js';
 
 const setupConstructCmsDataSandbox_ = (signal?: AbortSignal) =>
 	browserSandbox<{
-		['constructCmsData']: {
+		[constructCmsData$SEP_]: {
 			(
 				salt: AllowSharedBufferSource,
 				iterationCount: number,

src/lib/setupDecryptionSandbox.ts

@@ -17,6 +17,13 @@ import browserSandbox from '@exact-realty/lot/browser';
 import * as deriveKEK from 'inline:~/sandbox/deriveKEK.js';
 import * as fileDecryptionCms from 'inline:~/sandbox/fileDecryptionCms.js';
 import getWrappedCryptoFunctions from './getWrappedCryptoFunctions.js';
+import type { fileDecryptionCms$SEP_ } from './sandboxEntrypoints.js';
+import {
+	deriveKEK$SEP_,
+	external$decrypt$SEP_,
+	external$deriveKey$SEP_,
+	external$importKey$SEP_,
+} from './sandboxEntrypoints.js';
 
 const setupDecryptionSandbox_ = (
 	passwordGetter: { (): string },
@@ -26,15 +33,8 @@ const setupDecryptionSandbox_ = (
 ) => {
 	const wrappedCryptoFunctions = getWrappedCryptoFunctions();
 
-	// These keys are here to prevent them from being renamed. Compilation
-	// should inline them.
-	const key$deriveKEK = 'deriveKEK';
-	const key$external$decrypt = 'external$decrypt';
-	const key$external$deriveKey = 'external$deriveKey';
-	const key$external$importKey = 'external$importKey';
-
 	return browserSandbox<{
-		[key$deriveKEK]: {
+		[deriveKEK$SEP_]: {
 			(
 				password: string,
 				iterationCount: number,
@@ -50,13 +50,13 @@ const setupDecryptionSandbox_ = (
 		deriveKEK.default,
 		null,
 		{
-			[key$external$deriveKey]: wrappedCryptoFunctions.deriveKey_,
-			[key$external$importKey]: wrappedCryptoFunctions.importKey_,
+			[external$deriveKey$SEP_]: wrappedCryptoFunctions.deriveKey_,
+			[external$importKey$SEP_]: wrappedCryptoFunctions.importKey_,
 		},
 		signal,
 	).then((sandbox) =>
 		browserSandbox<{
-			['fileDecryptionCms']: {
+			[fileDecryptionCms$SEP_]: {
 				(
 					noncePWRI: AllowSharedBufferSource,
 					encryptedKey: AllowSharedBufferSource,
@@ -74,9 +74,9 @@ const setupDecryptionSandbox_ = (
 			fileDecryptionCms.default,
 			null,
 			{
-				[key$deriveKEK]: async () => {
+				[deriveKEK$SEP_]: async () => {
 					const [KEK] = await sandbox(
-						key$deriveKEK,
+						deriveKEK$SEP_,
 						passwordGetter(),
 						iterationCountGetter(),
 						'decrypt',
@@ -85,8 +85,8 @@ const setupDecryptionSandbox_ = (
 
 					return KEK;
 				},
-				[key$external$decrypt]: wrappedCryptoFunctions.decrypt_,
-				[key$external$importKey]: wrappedCryptoFunctions.importKey_,
+				[external$decrypt$SEP_]: wrappedCryptoFunctions.decrypt_,
+				[external$importKey$SEP_]: wrappedCryptoFunctions.importKey_,
 			},
 			signal,
 		),