From 2038a66f8f2ee36cd9b5c5f339d0c9619701707a Mon Sep 17 00:00:00 2001
From: Christian Bewernitz <coder@karfau.de>
Date: Sat, 25 Dec 2021 22:42:34 +0100
Subject: [PATCH 1/2] Update dependency xmldom

Switching from package `xmldom` to `@xmldom/xmldom`, which resolves the security issue present in latest xmldom version 0.6.0:
https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q

The reason is that the maintainers were forced to switch to a scoped package since 0.7.0:
 https://github.com/xmldom/xmldom/issues/271

- I used node 12 to run `npm install`.
- I executed `npm run test` on my machine without failure
- `npm run build:types` failed since `@xmldom/xmldom` ships with types. I will push a separate commit to fix that.
- all other steps of `npm run prepublishOnly` work fine

I'm one of the xmldom maintainers. Don't hesitate to ask me questions.
---
 package-lock.json | 10 +++++-----
 package.json      |  4 ++--
 src/utils-js.js   |  4 ++--
 webpack.config.js |  2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ba5fbda07..998a93747 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1740,6 +1740,11 @@
       "integrity": "sha512-ZkVeqEmRpBV2GHvjjUZqEai2PpUbuq8Bqd//vEYsp63J8WyexI8ppCqVS3Zs0QADf6aWuPdU+0XsPI647PVlQA==",
       "dev": true
     },
+    "@xmldom/xmldom": {
+      "version": "0.8.0",
+      "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.0.tgz",
+      "integrity": "sha512-7wVnF+rKrVDEo1xjzkkidTG0grclaVnX0vKa0z9JSXcEdtftUJjvU33jLGg6SHyvs3eeqEsI7jZ6NxYfRypEEg=="
+    },
     "@xtuc/ieee754": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/@xtuc/ieee754/-/ieee754-1.2.0.tgz",
@@ -9244,11 +9249,6 @@
       "integrity": "sha512-wBuoj1BDpC6ZQ1B7DWQBYVLphPWkm8i9Y0/3YdHjHKHiohOJ1ws+3OccDWtH+PoC9DZD5WOTrJvNbWvjS6JWaA==",
       "dev": true
     },
-    "xmldom": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.6.0.tgz",
-      "integrity": "sha512-iAcin401y58LckRZ0TkI4k0VSM1Qg0KGSc3i8rU+xrxe19A/BN1zHyVSJY7uoutVlaTSzYyk/v5AmkewAP7jtg=="
-    },
     "xtend": {
       "version": "4.0.2",
       "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz",
diff --git a/package.json b/package.json
index 580432ae6..5af24300f 100644
--- a/package.json
+++ b/package.json
@@ -45,12 +45,12 @@
   "bugs": "http://github.com/linkeddata/rdflib.js/issues",
   "dependencies": {
     "@babel/runtime": "^7.16.0",
+    "@xmldom/xmldom": "^0.8.0",
     "async": "^3.2.2",
     "cross-fetch": "^3.1.4",
     "jsonld": "^5.2.0",
     "n3": "^1.12.2",
-    "solid-namespace": "^0.5.2",
-    "xmldom": "^0.6.0"
+    "solid-namespace": "^0.5.2"
   },
   "devDependencies": {
     "@babel/cli": "^7.16.0",
diff --git a/src/utils-js.js b/src/utils-js.js
index 68fae11ed..25e7f5930 100644
--- a/src/utils-js.js
+++ b/src/utils-js.js
@@ -245,10 +245,10 @@ export function output (o) {
   document.body.appendChild(k)
 }
 
-import { DOMParser } from 'xmldom'
+import { DOMParser } from '@xmldom/xmldom'
 
 /**
- * Returns a DOM from parsex XML.
+ * Returns a DOM from parsed XML.
  */
 export function parseXML (str, options) {
   var dparser
diff --git a/webpack.config.js b/webpack.config.js
index 70f04f1f2..340037514 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -29,13 +29,13 @@ module.exports = (env, args) => {
     resolve: { extensions: ['.js', '.ts'] },
     externals: {
       '@trust/webcrypto': 'crypto',
+      '@xmldom/xmldom': 'window',
       'child_process': 'null',
       'node-fetch': 'fetch',
       'text-encoding': 'TextEncoder',
       'whatwg-url': 'window',
       'isomorphic-fetch': 'fetch',
       'fs': 'null',
-      'xmldom': 'window'
     },
     devtool: 'source-map'
   }

From 0909dbfe916cff5f31cb8fdb63bd575a3d5656a1 Mon Sep 17 00:00:00 2001
From: Christian Bewernitz <coder@karfau.de>
Date: Sat, 25 Dec 2021 22:45:45 +0100
Subject: [PATCH 2/2] test(ts): Infer type by using a type checker for Element

`namepsaceUri` is only present on the `Element` type.
By using a type checker ts knows that we have the right type.
---
 src/fetcher.ts | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/fetcher.ts b/src/fetcher.ts
index 67ca1c7d7..f52f7f07a 100644
--- a/src/fetcher.ts
+++ b/src/fetcher.ts
@@ -343,6 +343,11 @@ class XMLHandler extends Handler {
     fetcher.mediatypes['application/xml'] = { 'q': 0.5 }
   }
 
+  static isElement(node: Node): node is Element {
+    return node.nodeType === Node.ELEMENT_NODE;
+  }
+
+
   parse (
     fetcher: Fetcher,
     responseText: string,
@@ -357,10 +362,12 @@ class XMLHandler extends Handler {
     // XML Semantics defined by root element namespace
     // figure out the root element
     for (let c = 0; c < dom.childNodes.length; c++) {
+      const node = dom.childNodes[c]
       // is this node an element?
-      if (dom.childNodes[c].nodeType === 1) {
+      if (XMLHandler.isElement(node)) {
+
         // We've found the first element, it's the root
-        let ns = dom.childNodes[c].namespaceURI
+        let ns = node.namespaceURI
 
         // Is it RDF/XML?
         if (ns && ns === ns['rdf']) {