npm - @01.software/sdk - Versions diffs - 0.5.3 → 0.5.4 - Mend

@01.software/sdk 0.5.3 → 0.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/ui/flow.cjs CHANGED Viewed

@@ -472,6 +472,7 @@ function ensureQuickJSLoaded() {
     _notify();
   }).catch(() => {
     _state = { status: "failed", module: null };
+    _notify();
   });
 }
 function useQuickJS() {
@@ -616,7 +617,11 @@ function sanitizeStyle(style) {
   for (const [k, v] of Object.entries(style)) {
     if (BLOCKED_STYLE_PROPS.has(k)) continue;
     if (typeof v === "string" && /url\s*\(/i.test(v)) continue;
-    if (k === "position" && typeof v === "string" && /fixed|absolute/i.test(v)) continue;
+    if (k === "position" && typeof v === "string" && /fixed|sticky/i.test(v)) continue;
+    if (k === "zIndex") {
+      const n = typeof v === "number" ? v : parseInt(String(v), 10);
+      if (isNaN(n) || n > 9998) continue;
+    }
     safe[k] = v;
   }
   return safe;
@@ -712,10 +717,10 @@ function compileTemplate(code, slug) {
   if (!qjs) return null;
   const cacheKey = `${slug}:${code.length}:${hashCode(code)}`;
   if (rendererCache.has(cacheKey)) {
-    const renderer2 = rendererCache.get(cacheKey);
+    const entry = rendererCache.get(cacheKey);
     rendererCache.delete(cacheKey);
-    rendererCache.set(cacheKey, renderer2);
-    return makeReactFC(renderer2, qjs);
+    rendererCache.set(cacheKey, entry);
+    return entry.fc;
   }
   let jsCode;
   try {
@@ -730,12 +735,13 @@ function compileTemplate(code, slug) {
     return null;
   }
   const renderer = makeRenderer(jsCode);
+  const fc = makeReactFC(renderer, qjs);
   if (rendererCache.size >= MAX_CACHE_SIZE) {
     const oldest = rendererCache.keys().next().value;
     if (oldest) rendererCache.delete(oldest);
   }
-  rendererCache.set(cacheKey, renderer);
-  return makeReactFC(renderer, qjs);
+  rendererCache.set(cacheKey, { renderer, fc });
+  return fc;
 }
 function clearTemplateCache() {
   rendererCache.clear();
@@ -932,6 +938,11 @@ var import_postcss = __toESM(require("postcss"), 1);
 var ALLOWED_AT_RULES = /* @__PURE__ */ new Set(["keyframes", "media", "supports", "container", "layer"]);
 var BLOCKED_VALUE_PATTERNS = [/url\s*\(/i, /expression\s*\(/i, /paint\s*\(/i, /-moz-binding/i];
 var DANGEROUS_SELECTOR = /(?:^|[\s,])(?::root|html|body)\b/;
+var BLOCKED_PROPERTY_VALUES = {
+  // absolute is allowed — contained by nearest positioned ancestor (node wrapper)
+  position: /fixed|sticky/i
+};
+var Z_INDEX_MAX = 9998;
 function sanitizeCSS(css, scopeClass) {
   let root;
   try {
@@ -939,14 +950,66 @@ function sanitizeCSS(css, scopeClass) {
   } catch (e) {
     return "";
   }
+  const safeScopeClass = scopeClass ? scopeClass.replace(/[{}()[\];,'"\\<>\s]/g, "") : "";
+  const keyframeNameMap = /* @__PURE__ */ new Map();
+  if (safeScopeClass) {
+    root.walkAtRules(/^keyframes$/i, (node) => {
+      const rawName = node.params.trim().replace(/^['"]|['"]$/g, "");
+      const originalName = rawName;
+      const scopedName = `${safeScopeClass}__${rawName.replace(/\s+/g, "_")}`;
+      keyframeNameMap.set(originalName, scopedName);
+      node.params = scopedName;
+    });
+  }
+  if (safeScopeClass && keyframeNameMap.size > 0) {
+    const ANIM_KEYWORDS = /* @__PURE__ */ new Set(["none", "initial", "inherit", "unset", "revert"]);
+    const replaceAnimName = (token) => {
+      var _a;
+      const t = token.trim().replace(/^['"]|['"]$/g, "");
+      return ANIM_KEYWORDS.has(t) ? token : (_a = keyframeNameMap.get(t)) != null ? _a : token;
+    };
+    root.walkDecls(/^animation-name$/i, (node) => {
+      node.value = node.value.split(",").map(replaceAnimName).join(", ");
+    });
+    root.walkDecls(/^animation$/i, (node) => {
+      node.value = node.value.split(",").map(
+        (anim) => anim.split(/(\s+)/).map((token) => /\s/.test(token) ? token : replaceAnimName(token)).join("")
+      ).join(",");
+    });
+  }
   root.walkAtRules((node) => {
     if (!ALLOWED_AT_RULES.has(node.name.toLowerCase())) {
       node.remove();
     }
   });
   root.walkDecls((node) => {
-    if (BLOCKED_VALUE_PATTERNS.some((p) => p.test(node.value))) {
+    const normalizedValue = node.value.replace(/\/\*[\s\S]*?\*\//g, "");
+    if (BLOCKED_VALUE_PATTERNS.some((p) => p.test(normalizedValue))) {
       node.remove();
+      return;
+    }
+    const propLower = node.prop.toLowerCase();
+    const blockedValuePattern = BLOCKED_PROPERTY_VALUES[propLower];
+    if (blockedValuePattern) {
+      const deescaped = normalizedValue.replace(
+        /\\([0-9a-fA-F]{1,6})\s?/g,
+        (_, hex) => String.fromCodePoint(parseInt(hex, 16))
+      );
+      if (blockedValuePattern.test(deescaped)) {
+        node.remove();
+        return;
+      }
+    }
+    if (propLower === "z-index") {
+      const zv = node.value.trim();
+      if (zv === "auto" || zv === "initial" || zv === "inherit" || zv === "unset" || zv === "revert") {
+      } else {
+        const val = parseInt(zv, 10);
+        if (isNaN(val) || String(val) !== zv || val > Z_INDEX_MAX) {
+          node.remove();
+          return;
+        }
+      }
     }
   });
   root.walkRules((rule) => {
@@ -956,7 +1019,6 @@ function sanitizeCSS(css, scopeClass) {
       return;
     }
     if (scopeClass) {
-      const safeScopeClass = scopeClass.replace(/[{}()[\];,'"\\<>]/g, "");
       if (!safeScopeClass) {
         rule.remove();
         return;