@blamejs/blamejs-shop 0.4.56 → 0.4.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (397) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/lib/asset-manifest.json +1 -1
  3. package/lib/vendor/MANIFEST.json +426 -366
  4. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  5. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  6. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  7. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  8. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  9. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  10. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  11. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  12. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  13. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  14. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  15. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  16. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  17. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  18. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  19. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  20. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  21. package/lib/vendor/blamejs/index.js +2 -0
  22. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  23. package/lib/vendor/blamejs/lib/acme.js +6 -5
  24. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  25. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  26. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  27. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  28. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  29. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  30. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  31. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  32. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  33. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  34. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  35. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  36. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  37. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  38. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  39. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  40. package/lib/vendor/blamejs/lib/archive.js +2 -10
  41. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  42. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  43. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  44. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  45. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  46. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  47. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  48. package/lib/vendor/blamejs/lib/audit.js +84 -0
  49. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  50. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  51. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  52. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  53. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  54. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  55. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  56. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  57. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  58. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  59. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  60. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  61. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  62. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  63. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  64. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  65. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  66. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  67. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  68. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  69. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  70. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  71. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  72. package/lib/vendor/blamejs/lib/cache.js +7 -18
  73. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  74. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  75. package/lib/vendor/blamejs/lib/cert.js +3 -10
  76. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  77. package/lib/vendor/blamejs/lib/cli.js +5 -1
  78. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  79. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  80. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  81. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  82. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  83. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  84. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  85. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  86. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  87. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  88. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  89. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  90. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  91. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  92. package/lib/vendor/blamejs/lib/cose.js +19 -11
  93. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  94. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  95. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  96. package/lib/vendor/blamejs/lib/csp.js +235 -3
  97. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  98. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  99. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  100. package/lib/vendor/blamejs/lib/db.js +34 -12
  101. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  102. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  103. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  104. package/lib/vendor/blamejs/lib/did.js +6 -2
  105. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  106. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  107. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  108. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  109. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  110. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  111. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  112. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  113. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  114. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  115. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  116. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  117. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  118. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  119. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  120. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  121. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  122. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  123. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  124. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  125. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  126. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  127. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  128. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  129. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  130. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  131. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  132. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  133. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  134. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  135. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  136. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  137. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  138. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  139. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  140. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  141. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  142. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  143. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  144. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  145. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  146. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  147. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  148. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  149. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  150. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  151. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  152. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  153. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  154. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  155. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  156. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  157. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  158. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  159. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  160. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  161. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  162. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  163. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  164. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  165. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  166. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  167. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  168. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  169. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  170. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  171. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  172. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  173. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  174. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  175. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  176. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  177. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  178. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  179. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  180. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  181. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  182. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  183. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  184. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  185. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  186. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  187. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  188. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  189. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  190. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  191. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  192. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  193. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  194. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  195. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  196. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  197. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  198. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  199. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  200. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  201. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  202. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  203. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  204. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  205. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  206. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  207. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  208. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  209. package/lib/vendor/blamejs/lib/mail.js +6 -11
  210. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  211. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  212. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  213. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  214. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  215. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  216. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  217. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  218. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  219. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  220. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  221. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  222. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  223. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  224. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  225. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  226. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  227. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  228. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  229. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  230. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  231. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  232. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  233. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  234. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  235. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  236. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  237. package/lib/vendor/blamejs/lib/money.js +105 -0
  238. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  239. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  240. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  241. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  242. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  243. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  244. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  245. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  246. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  247. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  248. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  249. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  250. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  251. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  252. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  253. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  254. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  255. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  256. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  257. package/lib/vendor/blamejs/lib/observability.js +95 -0
  258. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  259. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  260. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  261. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  262. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  263. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  264. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  265. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  266. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  267. package/lib/vendor/blamejs/lib/pick.js +63 -5
  268. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  269. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  270. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  271. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  272. package/lib/vendor/blamejs/lib/redact.js +2 -1
  273. package/lib/vendor/blamejs/lib/render.js +4 -2
  274. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  275. package/lib/vendor/blamejs/lib/restore.js +5 -22
  276. package/lib/vendor/blamejs/lib/retention.js +3 -5
  277. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  278. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  279. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  280. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  281. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  282. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  283. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  284. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  285. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  286. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  287. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  288. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  289. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  290. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  291. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  292. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  293. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  294. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  295. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  296. package/lib/vendor/blamejs/lib/session.js +194 -6
  297. package/lib/vendor/blamejs/lib/sql.js +225 -78
  298. package/lib/vendor/blamejs/lib/sse.js +6 -10
  299. package/lib/vendor/blamejs/lib/static.js +136 -98
  300. package/lib/vendor/blamejs/lib/storage.js +4 -2
  301. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  302. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  303. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  304. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  305. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  306. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  307. package/lib/vendor/blamejs/lib/vc.js +2 -7
  308. package/lib/vendor/blamejs/lib/vex.js +35 -13
  309. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  310. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  311. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  312. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  313. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  314. package/lib/vendor/blamejs/lib/worm.js +2 -3
  315. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  316. package/lib/vendor/blamejs/package.json +1 -1
  317. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  318. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  319. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  320. package/lib/vendor/blamejs/test/10-state.js +9 -3
  321. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  322. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  323. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  324. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  325. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  326. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  327. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  328. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  329. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  330. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  331. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  332. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  333. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  334. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  335. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  336. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  337. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  338. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  340. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  341. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  342. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  344. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  345. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  346. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  347. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  348. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  349. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  351. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  352. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  387. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  388. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  389. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  390. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  391. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  392. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  393. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  395. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  396. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  397. package/package.json +1 -1
@@ -81,7 +81,7 @@ var codepointClass = require("./codepoint-class");
81
81
  var lazyRequire = require("./lazy-require");
82
82
  var gateContract = require("./gate-contract");
83
83
  var C = require("./constants");
84
- var numericBounds = require("./numeric-bounds");
84
+ var pick = require("./pick");
85
85
  var { GuardGraphqlError } = require("./framework-error");
86
86
 
87
87
  var observability = lazyRequire(function () { return require("./observability"); });
@@ -100,10 +100,7 @@ var PROTO_POISON_QUERY_RE = /[\s,({:]\$?(?:__proto__|constructor|prototype)\b/;
100
100
 
101
101
  var PROFILES = Object.freeze({
102
102
  "strict": {
103
- bidiPolicy: "reject",
104
- controlPolicy: "reject",
105
- nullBytePolicy: "reject",
106
- zeroWidthPolicy: "reject",
103
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
107
104
  introspectionPolicy: "reject",
108
105
  persistedQueryPolicy: "audit",
109
106
  operationNamePolicy: "audit",
@@ -120,10 +117,7 @@ var PROFILES = Object.freeze({
120
117
  maxRuntimeMs: C.TIME.seconds(2),
121
118
  },
122
119
  "balanced": {
123
- bidiPolicy: "reject",
124
- controlPolicy: "reject",
125
- nullBytePolicy: "reject",
126
- zeroWidthPolicy: "reject",
120
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
127
121
  introspectionPolicy: "audit",
128
122
  persistedQueryPolicy: "audit",
129
123
  operationNamePolicy: "audit",
@@ -140,10 +134,7 @@ var PROFILES = Object.freeze({
140
134
  maxRuntimeMs: C.TIME.seconds(2),
141
135
  },
142
136
  "permissive": {
143
- bidiPolicy: "reject", // BIDI refused at every profile
144
- controlPolicy: "reject", // controls refused at every profile
145
- nullBytePolicy: "reject", // null refused at every profile
146
- zeroWidthPolicy: "reject", // zero-width refused at every profile
137
+ ...gateContract.CHAR_THREATS_REJECT_ALL,
147
138
  introspectionPolicy: "allow",
148
139
  persistedQueryPolicy: "allow",
149
140
  operationNamePolicy: "allow",
@@ -161,35 +152,6 @@ var PROFILES = Object.freeze({
161
152
  },
162
153
  });
163
154
 
164
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
165
- mode: "enforce",
166
- }));
167
-
168
- var COMPLIANCE_POSTURES = Object.freeze({
169
- "hipaa": Object.assign({}, PROFILES["strict"], {
170
- forensicSnippetBytes: C.BYTES.bytes(512),
171
- }),
172
- "pci-dss": Object.assign({}, PROFILES["strict"], {
173
- forensicSnippetBytes: C.BYTES.bytes(512),
174
- }),
175
- "gdpr": Object.assign({}, PROFILES["balanced"], {
176
- forensicSnippetBytes: C.BYTES.bytes(256),
177
- }),
178
- "soc2": Object.assign({}, PROFILES["strict"], {
179
- forensicSnippetBytes: C.BYTES.bytes(1024),
180
- }),
181
- });
182
-
183
- function _resolveOpts(opts) {
184
- return gateContract.resolveProfileAndPosture(opts, {
185
- profiles: PROFILES,
186
- compliancePostures: COMPLIANCE_POSTURES,
187
- defaults: DEFAULTS,
188
- errorClass: GuardGraphqlError,
189
- errCodePrefix: "graphql",
190
- });
191
- }
192
-
193
155
  // _measureQueryShape — walks the query string and computes
194
156
  // brace-depth + per-selection-set alias counts using simple paren
195
157
  // counting. Not a full GraphQL parser (operator runs the schema-
@@ -333,9 +295,7 @@ function _detectIssues(req, opts) {
333
295
  var pVar = req.variables;
334
296
  var pHas = Object.prototype.hasOwnProperty;
335
297
  var pName = (pVar && typeof pVar === "object" && !Array.isArray(pVar) &&
336
- (pHas.call(pVar, "__proto__") ? "__proto__" :
337
- pHas.call(pVar, "constructor") ? "constructor" :
338
- pHas.call(pVar, "prototype") ? "prototype" : null));
298
+ pick.POISONED_KEYS.find(function (pk) { return pHas.call(pVar, pk); })) || null;
339
299
  if (pName) {
340
300
  issues.push({
341
301
  kind: "variable-prototype-poison", severity: "critical",
@@ -500,14 +460,11 @@ function _detectIssues(req, opts) {
500
460
  * var ok = b.guardGraphql.validate(benign, { profile: "strict" });
501
461
  * ok.ok; // → true
502
462
  */
503
- function validate(input, opts) {
504
- opts = _resolveOpts(opts);
505
- numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
506
- ["maxBytes", "maxQueryBytes", "maxVariableBytes",
507
- "maxDepth", "maxAliasesPerSelection", "maxBatchSize"],
508
- "guardGraphql.validate", GuardGraphqlError, "graphql.bad-opt");
509
- return gateContract.aggregateIssues(_detectIssues(input, opts));
510
- }
463
+ // validate is assembled by gateContract.defineGuard from `detect`
464
+ // (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
465
+ // input, resolveOpts(opts)))`, with the byte / depth / alias / batch caps
466
+ // declared via `intOpts`. The @primitive block above documents the
467
+ // resulting public ABI.
511
468
 
512
469
  /**
513
470
  * @primitive b.guardGraphql.sanitize
@@ -539,10 +496,11 @@ function validate(input, opts) {
539
496
  * e.code; // → "graphql.introspection"
540
497
  * }
541
498
  */
542
- function sanitize(input, opts) {
543
- opts = _resolveOpts(opts);
544
- var issues = _detectIssues(input, opts);
545
- gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardGraphqlError, codePrefix: "graphql" });
499
+ // _sanitizeTransform the guard-specific normalize applied by defineGuard's
500
+ // generated sanitize AFTER resolve → detect → throw-on-refusal. GraphQL
501
+ // request bundles can't be partially repaired; once detection passes with no
502
+ // critical/high issue, the input is returned unchanged.
503
+ function _sanitizeTransform(input) {
546
504
  return input;
547
505
  }
548
506
 
@@ -583,25 +541,19 @@ function sanitize(input, opts) {
583
541
  * rv.issues[0].ruleId; // → "graphql.alias-bomb"
584
542
  */
585
543
  function gate(opts) {
586
- opts = _resolveOpts(opts);
544
+ opts = _guard.resolveOpts(opts);
587
545
  return gateContract.buildGuardGate(
588
546
  opts.name || "guardGraphql:" + (opts.profile || "default"),
589
547
  opts,
590
548
  async function (ctx) {
591
549
  var req = ctx && (ctx.graphqlRequest || ctx.gql);
592
550
  if (!req) return { ok: true, action: "serve" };
593
- var rv = validate(req, opts);
594
- if (rv.issues.length === 0) return { ok: true, action: "serve" };
595
- var hasCritical = rv.issues.some(function (i) {
596
- return i.severity === "critical";
597
- });
598
- var hasHigh = rv.issues.some(function (i) {
599
- return i.severity === "high";
600
- });
601
- if (!hasCritical && !hasHigh) {
602
- return { ok: true, action: "audit-only", issues: rv.issues };
603
- }
604
- return { ok: false, action: "refuse", issues: rv.issues };
551
+ // validate is assembled by defineGuard (from `detect` below) and lives
552
+ // on the frozen module.exports; the gate is only invoked at runtime,
553
+ // after the export is assigned. Behaviour is identical to the prior
554
+ // local validate (resolve → intOpts → aggregateIssues(detect)).
555
+ var rv = module.exports.validate(req, opts);
556
+ return gateContract.severityDisposition(rv.issues);
605
557
  });
606
558
  }
607
559
 
@@ -636,15 +588,16 @@ var INTEGRATION_FIXTURES = Object.freeze({
636
588
  // surface (validate / sanitize / bespoke gate) passed through verbatim.
637
589
  // The custom KIND ("graphql-request") is accepted because the bespoke
638
590
  // gate reads its own ctx fields (ctx.graphqlRequest / ctx.gql).
639
- module.exports = gateContract.defineGuard({
591
+ var _guard = module.exports = gateContract.defineGuard({
640
592
  name: "graphql",
641
593
  kind: "graphql-request",
642
594
  errorClass: GuardGraphqlError,
643
595
  profiles: PROFILES,
644
- defaults: DEFAULTS,
645
- postures: COMPLIANCE_POSTURES,
596
+ base: 512,
646
597
  integrationFixtures: INTEGRATION_FIXTURES,
647
- validate: validate,
648
- sanitize: sanitize,
598
+ detect: _detectIssues,
599
+ sanitizeTransform: _sanitizeTransform,
600
+ intOpts: ["maxBytes", "maxQueryBytes", "maxVariableBytes",
601
+ "maxDepth", "maxAliasesPerSelection", "maxBatchSize"],
649
602
  gate: gate,
650
603
  });
@@ -82,6 +82,19 @@ var _TAG_RE = tagwalk.TAG_RE;
82
82
  var _parseAttrs = tagwalk.parseAttrs;
83
83
  var _lineColAt = tagwalk.lineColAt;
84
84
 
85
+ // Strip every HTML tag for plain-text measurement. Re-runs the tag regex
86
+ // until the string is stable so nested-bracket residue (e.g. `<scr<x>ipt>`)
87
+ // cannot survive a single pass. Output is used only for text-length / content
88
+ // checks, never re-emitted as HTML.
89
+ function _stripTags(s) {
90
+ var prev;
91
+ do {
92
+ prev = s;
93
+ s = s.replace(/<[^>]+>/g, "");
94
+ } while (s !== prev);
95
+ return s;
96
+ }
97
+
85
98
  function _innerText(html, tagOpenEnd, tagName) {
86
99
  var lower = tagName.toLowerCase();
87
100
  var closeRe = new RegExp("</\\s*" + lower + "\\s*>", "i"); // allow:dynamic-regex — `lower` is a tag name from the framework's static SC registry, not operator input; `\\s*` and tag name are RegExp-safe (no special chars)
@@ -89,7 +102,7 @@ function _innerText(html, tagOpenEnd, tagName) {
89
102
  var m = closeRe.exec(html);
90
103
  if (!m) return "";
91
104
  var raw = html.slice(tagOpenEnd, m.index);
92
- return raw.replace(/<[^>]+>/g, "").replace(/&[a-z]+;|&#\d+;/gi, "").trim();
105
+ return _stripTags(raw).replace(/&[a-z]+;|&#\d+;/gi, "").trim();
93
106
  }
94
107
 
95
108
  // ---- Per-element checks ----
@@ -270,7 +283,7 @@ function _checkPageTitle(html, report, opts) {
270
283
  });
271
284
  return;
272
285
  }
273
- var title = m[1].replace(/<[^>]+>/g, "").trim();
286
+ var title = _stripTags(m[1]).trim();
274
287
  if (title.length === 0) {
275
288
  var pos2 = _lineColAt(html, m.index);
276
289
  _addFinding(report, {
@@ -93,6 +93,8 @@
93
93
  */
94
94
 
95
95
  var codepointClass = require("./codepoint-class");
96
+ var markupTokenizer = require("./markup-tokenizer");
97
+ var markupEscape = require("./markup-escape").markupEscape;
96
98
  var guardHtmlWcag = require("./guard-html-wcag");
97
99
  var lazyRequire = require("./lazy-require");
98
100
  var gateContract = require("./gate-contract");
@@ -179,16 +181,14 @@ var URL_ATTRS = Object.freeze([
179
181
  ]);
180
182
 
181
183
  // Always-allowed schemes (every profile).
182
- var SAFE_SCHEMES = Object.freeze(["http", "https", "mailto", "tel"]);
184
+ var SAFE_SCHEMES = gateContract.SAFE_URL_SCHEMES;
183
185
 
184
186
  // Schemes denied by default. `data` is dangerous globally except in
185
187
  // image context (data:image/*) which is the only data: payload that
186
188
  // can't directly script the page; the per-attribute check below honours
187
189
  // that exception when allowImageData=true and the host tag is <img>.
188
- var DANGEROUS_SCHEMES = Object.freeze([
189
- "javascript", "vbscript", "livescript", "mocha", "ecmascript",
190
- "file", "mhtml", "jar", "intent", "view-source", "feed", "data",
191
- ]);
190
+ // Markup-attribute scheme denylist — the shared XSS / dangerous-resource set.
191
+ var DANGEROUS_SCHEMES = gateContract.DANGEROUS_URL_SCHEMES;
192
192
 
193
193
  // CSS dangerous tokens — case-insensitive match against attribute
194
194
  // value content.
@@ -291,54 +291,12 @@ var PROFILES = Object.freeze({
291
291
  },
292
292
  });
293
293
 
294
- var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
295
- mode: "enforce",
294
+ var DEFAULTS = gateContract.strictDefaults(PROFILES, {
296
295
  maxRuntimeMs: C.TIME.seconds(30),
297
- }));
298
-
299
- var COMPLIANCE_POSTURES = Object.freeze({
300
- "hipaa": {
301
- allowedTags: STRICT_ALLOWED_TAGS,
302
- bidiPolicy: "reject",
303
- controlPolicy: "reject",
304
- nullBytePolicy: "reject",
305
- cssPolicy: "reject",
306
- domClobberPolicy: "reject",
307
- mxssHintPolicy: "reject",
308
- forensicSnippetBytes: C.BYTES.bytes(256),
309
- },
310
- "pci-dss": {
311
- allowedTags: STRICT_ALLOWED_TAGS,
312
- bidiPolicy: "reject",
313
- controlPolicy: "reject",
314
- nullBytePolicy: "reject",
315
- cssPolicy: "reject",
316
- domClobberPolicy: "reject",
317
- mxssHintPolicy: "reject",
318
- urlSchemes: SAFE_SCHEMES,
319
- forensicSnippetBytes: C.BYTES.bytes(256),
320
- },
321
- "gdpr": {
322
- allowedTags: BALANCED_ALLOWED_TAGS,
323
- bidiPolicy: "strip",
324
- controlPolicy: "strip",
325
- cssPolicy: "strip",
326
- domClobberPolicy: "strip",
327
- mxssHintPolicy: "audit",
328
- forensicSnippetBytes: C.BYTES.bytes(128),
329
- },
330
- "soc2": {
331
- allowedTags: STRICT_ALLOWED_TAGS,
332
- bidiPolicy: "reject",
333
- controlPolicy: "reject",
334
- nullBytePolicy: "reject",
335
- cssPolicy: "reject",
336
- domClobberPolicy: "reject",
337
- mxssHintPolicy: "reject",
338
- forensicSnippetBytes: C.BYTES.bytes(512),
339
- },
340
296
  });
341
297
 
298
+ var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
299
+
342
300
  // ---- Internal helpers ----
343
301
 
344
302
  function _resolveOpts(opts) {
@@ -372,12 +330,7 @@ function _resolveOpts(opts) {
372
330
  */
373
331
  function escapeText(value) {
374
332
  var s = value == null ? "" : String(value);
375
- return s
376
- .replace(/&/g, "&amp;")
377
- .replace(/</g, "&lt;")
378
- .replace(/>/g, "&gt;")
379
- .replace(/"/g, "&quot;")
380
- .replace(/'/g, "&#39;");
333
+ return markupEscape(s, { apos: "&#39;" });
381
334
  }
382
335
 
383
336
  /**
@@ -401,12 +354,9 @@ function escapeText(value) {
401
354
  */
402
355
  function escapeAttr(value) {
403
356
  var s = value == null ? "" : String(value);
404
- return s
405
- .replace(/&/g, "&amp;")
406
- .replace(/</g, "&lt;")
407
- .replace(/>/g, "&gt;")
408
- .replace(/"/g, "&quot;")
409
- .replace(/'/g, "&#39;")
357
+ // Base markup chars + apostrophe via markupEscape; the backtick + "="
358
+ // escapes are the IE attribute-injection hardening unique to this escaper.
359
+ return markupEscape(s, { apos: "&#39;" })
410
360
  .replace(/`/g, "&#96;")
411
361
  .replace(/=/g, "&#61;");
412
362
  }
@@ -511,9 +461,10 @@ function _isCssDangerous(value) {
511
461
 
512
462
  function _tokenize(input, maxBytes) {
513
463
  var s = String(input || "");
514
- if (s.length > maxBytes) {
464
+ var nb = Buffer.byteLength(s, "utf8");
465
+ if (nb > maxBytes) {
515
466
  throw _err("html.too-large",
516
- "input " + s.length + " bytes exceeds maxBytes " + maxBytes);
467
+ "input " + nb + " bytes exceeds maxBytes " + maxBytes);
517
468
  }
518
469
  var tokens = [];
519
470
  var len = s.length;
@@ -567,28 +518,15 @@ function _tokenize(input, maxBytes) {
567
518
 
568
519
  // Start tag — find the matching `>`, but skip over `>` inside
569
520
  // quoted attribute values.
570
- var p = lt + 1;
571
- var inQuote = "";
572
- while (p < len) {
573
- var ch = s.charAt(p);
574
- if (inQuote) {
575
- if (ch === inQuote) inQuote = "";
576
- } else {
577
- if (ch === '"' || ch === "'") inQuote = ch;
578
- else if (ch === ">") break;
579
- }
580
- p += 1;
581
- }
521
+ var p = markupTokenizer.scanToTagEnd(s, lt + 1, len);
582
522
  var endT = p < len ? p + 1 : len;
583
523
  var raw = s.slice(lt, endT);
584
524
  var inner = raw.slice(1, raw.charAt(raw.length - 1) === ">" ? raw.length - 1 : raw.length);
585
525
  if (inner.endsWith("/")) inner = inner.slice(0, inner.length - 1);
586
526
 
587
- var nameMatch = inner.match(/^([A-Za-z][A-Za-z0-9:-]*)/);
588
- var tagName = nameMatch ? nameMatch[1].toLowerCase() : "";
589
- var attrSrc = nameMatch ? inner.slice(nameMatch[0].length) : "";
590
-
591
- var attrs = _parseAttrs(attrSrc);
527
+ var htmlParts = markupTokenizer.splitTagNameAttrs(inner, /^([A-Za-z][A-Za-z0-9:-]*)/);
528
+ var tagName = htmlParts.tagName;
529
+ var attrs = _parseAttrs(htmlParts.attrSrc);
592
530
  tokens.push({
593
531
  type: "tag", name: tagName, attrs: attrs,
594
532
  raw: raw, start: lt, end: endT,
@@ -643,7 +581,7 @@ function _parseAttrs(src) {
643
581
  function _detectIssues(input, opts) {
644
582
  var s = String(input || "");
645
583
  // 1. Whole-input bidi / null-byte / control char threats.
646
- var issues = codepointClass.detectCharThreats(s, opts, "html");
584
+ var issues = codepointClass.detectCharThreats(s, opts, "html", "warn");
647
585
 
648
586
  var tokens;
649
587
  try { tokens = _tokenize(s, opts.maxBytes); }
@@ -712,7 +650,7 @@ function _detectIssues(input, opts) {
712
650
  for (var ai = 0; ai < attrs.length; ai += 1) {
713
651
  var a = attrs[ai];
714
652
  var an = a.name.toLowerCase();
715
- if (a.value && a.value.length > opts.maxAttrValueBytes) {
653
+ if (a.value && Buffer.byteLength(a.value, "utf8") > opts.maxAttrValueBytes) {
716
654
  issues.push({
717
655
  kind: "attr-value-too-large", severity: "high",
718
656
  ruleId: "html.attr-size",
@@ -814,9 +752,10 @@ function _detectIssues(input, opts) {
814
752
 
815
753
  function _sanitize(input, opts) {
816
754
  var s = String(input || "");
817
- if (s.length > opts.maxBytes) {
755
+ var nb = Buffer.byteLength(s, "utf8");
756
+ if (nb > opts.maxBytes) {
818
757
  throw _err("html.too-large",
819
- "input " + s.length + " bytes exceeds maxBytes " + opts.maxBytes);
758
+ "input " + nb + " bytes exceeds maxBytes " + opts.maxBytes);
820
759
  }
821
760
  codepointClass.assertNoCharThreats(s, opts, _err, "html");
822
761
  s = codepointClass.applyCharStripPolicies(s, opts);
@@ -884,7 +823,7 @@ function _sanitize(input, opts) {
884
823
  if (EVENT_HANDLER_RE.test(an)) continue;
885
824
  if (DANGEROUS_ATTRS.indexOf(an) !== -1) continue;
886
825
  if (Object.keys(allowedAttrs).length > 0 && !allowedAttrs[an]) continue;
887
- if (a.value && a.value.length > opts.maxAttrValueBytes) continue;
826
+ if (a.value && Buffer.byteLength(a.value, "utf8") > opts.maxAttrValueBytes) continue;
888
827
  if (_isUrlAttr(an)) {
889
828
  var scheme = _extractScheme(a.value);
890
829
  if (scheme && DANGEROUS_SCHEMES.indexOf(scheme) !== -1) {
@@ -1061,39 +1000,47 @@ function sanitize(input, opts) {
1061
1000
  * rv.ok; // → false
1062
1001
  * rv.action; // → "refuse"
1063
1002
  */
1003
+ // Disposition of each html finding = what the operator's policy for that class
1004
+ // selected. The configurable classes (CSS injection / DOM-clobbering / mXSS
1005
+ // hint) and the bidi / null / control char threats follow their policies
1006
+ // (sanitize under `strip`, refuse under `reject`, audit under `audit`). The
1007
+ // always-dangerous denylist (dangerous tag / event handler / dangerous attr /
1008
+ // dangerous URL scheme) refuses — stripping a script-equivalent is not a
1009
+ // provable repair (an mXSS / parser-differential vector can survive); a
1010
+ // non-allowlisted but otherwise-benign tag / scheme sanitizes (the allowlist
1011
+ // sanitizer drops it); structural caps and a tokenizer failure refuse.
1012
+ // Exhaustive over every kind the detection pass emits.
1013
+ function _gateDispositionFor(issue, opts) {
1014
+ var shared = gateContract.charThreatDisposition(issue, opts);
1015
+ if (shared) return shared;
1016
+ switch (issue.kind) {
1017
+ case "css-injection": return gateContract.policyDisposition(opts.cssPolicy);
1018
+ case "dom-clobber": return gateContract.policyDisposition(opts.domClobberPolicy);
1019
+ case "mxss-hint": return gateContract.policyDisposition(opts.mxssHintPolicy);
1020
+ case "non-allowlisted-tag":
1021
+ case "non-allowlisted-url-scheme": return "sanitize";
1022
+ case "dangerous-tag":
1023
+ case "event-handler":
1024
+ case "dangerous-attr":
1025
+ case "dangerous-url-scheme": return "refuse";
1026
+ case "tokenize-failed":
1027
+ case "ie-conditional-comment":
1028
+ case "depth-cap":
1029
+ case "attr-count-cap":
1030
+ case "attr-value-too-large": return "refuse";
1031
+ default: return null;
1032
+ }
1033
+ }
1034
+
1064
1035
  function gate(opts) {
1065
1036
  opts = _resolveOpts(opts);
1066
- return gateContract.buildGuardGate(
1067
- opts.name || "guardHtml:" + (opts.profile || "default"),
1068
- opts,
1069
- async function (ctx) {
1070
- var text = gateContract.extractBytesAsText(ctx);
1071
- if (!text) return { ok: true, action: "serve" };
1072
- var rv = validate(text, opts);
1073
- if (rv.issues.length === 0) return { ok: true, action: "serve" };
1074
- var hasCritical = rv.issues.some(function (i) {
1075
- return i.severity === "critical" || i.severity === "high";
1076
- });
1077
- if (!hasCritical) return { ok: true, action: "audit-only", issues: rv.issues };
1078
-
1079
- // Sanitize attempt — only when no policy says reject.
1080
- if (opts.bidiPolicy !== "reject" &&
1081
- opts.controlPolicy !== "reject" &&
1082
- opts.nullBytePolicy !== "reject" &&
1083
- opts.cssPolicy !== "reject" &&
1084
- opts.domClobberPolicy !== "reject" &&
1085
- opts.mxssHintPolicy !== "reject") {
1086
- try {
1087
- var clean = sanitize(text, opts);
1088
- return {
1089
- ok: true, action: "sanitize",
1090
- sanitized: Buffer.from(clean, "utf8"),
1091
- issues: rv.issues,
1092
- };
1093
- } catch (_e) { /* fall through */ }
1094
- }
1095
- return { ok: false, action: "refuse", issues: rv.issues };
1096
- });
1037
+ return gateContract.buildContentGate({
1038
+ name: opts.name || "guardHtml:" + (opts.profile || "default"),
1039
+ opts: opts,
1040
+ validate: validate,
1041
+ dispositionFor: _gateDispositionFor,
1042
+ produceSanitized: function (text, o) { return sanitize(text, o); },
1043
+ });
1097
1044
  }
1098
1045
 
1099
1046
  // buildProfile / compliancePosture / loadRulePack are assembled by
@@ -1135,6 +1082,7 @@ module.exports = gateContract.defineGuard({
1135
1082
  sanitize: sanitize,
1136
1083
  gate: gate,
1137
1084
  extra: {
1085
+ _gateDispositionForTest: _gateDispositionFor,
1138
1086
  escapeText: escapeText,
1139
1087
  escapeAttr: escapeAttr,
1140
1088
  DANGEROUS_TAGS: DANGEROUS_TAGS,
@@ -31,6 +31,7 @@
31
31
 
32
32
  var { defineClass } = require("./framework-error");
33
33
  var gateContract = require("./gate-contract");
34
+ var codepointClass = require("./codepoint-class");
34
35
 
35
36
  var GuardIdempotencyKeyError = defineClass("GuardIdempotencyKeyError", { alwaysPermanent: true });
36
37
 
@@ -90,7 +91,7 @@ function validate(value, opts) {
90
91
  // C0 / DEL / slash refusal.
91
92
  for (var i = 0; i < value.length; i += 1) {
92
93
  var c = value.charCodeAt(i);
93
- if (c < 0x20 || c === 0x7F) { // C0 + DEL refusal
94
+ if (codepointClass.isForbiddenControlChar(c, { forbidTab: true })) { // C0 + DEL refusal
94
95
  throw new GuardIdempotencyKeyError("idempotency-key/control-char",
95
96
  "guardIdempotencyKey.validate: control char 0x" + c.toString(16) + " at offset " + i);
96
97
  }