@blamejs/core 0.16.7 → 0.16.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -872,6 +872,41 @@ function assertHeaderSafe(value, label, ErrorClass, code) {
872
872
  return value;
873
873
  }
874
874
 
875
+ /**
876
+ * @primitive b.safeBuffer.quoteString
877
+ * @signature b.safeBuffer.quoteString(s)
878
+ * @since 0.16.9
879
+ * @status stable
880
+ * @related b.safeBuffer.assertHeaderSafe, b.safeBuffer.foldHeaderText
881
+ *
882
+ * Serialize a value as an RFC quoted-string: coerce to string, escape
883
+ * every backslash and DQUOTE with a leading backslash, and wrap the
884
+ * result in DQUOTEs. One serializer for the quoted-string grammars the
885
+ * framework emits — RFC 8941 §3.3.3 Structured Fields sf-string
886
+ * (Cache-Status, Signature-Input, Server-Timing desc), RFC 8288 Link
887
+ * header parameters, RFC 8601 §2.2 Authentication-Results reason,
888
+ * RFC 3501 §4.3 IMAP quoted strings, and RFC 5804 §1.2 ManageSieve
889
+ * strings — so an unescaped quote can never terminate the string early
890
+ * and smuggle extra parameters into the protocol line.
891
+ *
892
+ * Escaping only — it does not validate a grammar's character range. A
893
+ * grammar that forbids bytes a quoted-string cannot carry (sf-string is
894
+ * printable-ASCII only; IMAP quoted strings cannot carry CR / LF)
895
+ * enforces its range check before calling this.
896
+ *
897
+ * @example
898
+ * var b = require("blamejs");
899
+ * b.safeBuffer.quoteString("cache miss");
900
+ * // → "\"cache miss\""
901
+ *
902
+ * // A quote or backslash in the value cannot break out of the string.
903
+ * b.safeBuffer.quoteString('say "hi"');
904
+ * // → "\"say \\\"hi\\\"\""
905
+ */
906
+ function quoteString(s) {
907
+ return "\"" + String(s).replace(/\\/g, "\\\\").replace(/"/g, "\\\"") + "\""; // allow:regex-no-length-cap — fixed-char-set escape on caller-bounded input
908
+ }
909
+
875
910
  module.exports = {
876
911
  normalizeText: normalizeText,
877
912
  toBuffer: toBuffer,
@@ -885,6 +920,7 @@ module.exports = {
885
920
  stripCrlf: stripCrlf,
886
921
  foldHeaderText: foldHeaderText,
887
922
  assertHeaderSafe: assertHeaderSafe,
923
+ quoteString: quoteString,
888
924
  stripTrailingHspace: stripTrailingHspace,
889
925
  indexAfterOpenTag: indexAfterOpenTag,
890
926
  HEX_RE: HEX_RE,
@@ -37,6 +37,7 @@
37
37
  * W3C Server-Timing response header builder — per-request timing-metric collector that surfaces server-side latency in the browser's Performance API.
38
38
  */
39
39
 
40
+ var safeBuffer = require("./safe-buffer");
40
41
  var validateOpts = require("./validate-opts");
41
42
  var { defineClass } = require("./framework-error");
42
43
 
@@ -46,9 +47,6 @@ var ServerTimingError = defineClass("ServerTimingError", { alwaysPermanent: true
46
47
  // at 128 chars for sanity; operator-supplied desc is sf-string.
47
48
  var METRIC_NAME_RE = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]{1,128}$/; // RFC 7230 token shape + length cap
48
49
 
49
- function _quoteDesc(s) {
50
- return "\"" + String(s).replace(/\\/g, "\\\\").replace(/"/g, "\\\"") + "\"";
51
- }
52
50
 
53
51
  /**
54
52
  * @primitive b.serverTiming.create
@@ -120,7 +118,7 @@ function create() {
120
118
  return entries.map(function (e) {
121
119
  var parts = [e.name];
122
120
  if (e.dur !== null) parts.push("dur=" + _formatDur(e.dur));
123
- if (e.desc !== null) parts.push("desc=" + _quoteDesc(e.desc));
121
+ if (e.desc !== null) parts.push("desc=" + safeBuffer.quoteString(e.desc));
124
122
  return parts.join("; ");
125
123
  }).join(", ");
126
124
  }
@@ -106,7 +106,7 @@ function _resolveTlsSocket(socketOrReq) {
106
106
  * }
107
107
  *
108
108
  * @example
109
- * var b = require("blamejs").create();
109
+ * var b = require("blamejs");
110
110
  * var server = b.https.createServer({ key: KEY, cert: CERT }, function (req, res) {
111
111
  * var exporter = b.tlsExporter.fromSocket(req, { length: 32 });
112
112
  * res.end("exporter bytes: " + exporter.length);
@@ -175,7 +175,7 @@ function fromSocket(socketOrReq, opts) {
175
175
  * compare via `verifyTokenBinding` on the next request.
176
176
  *
177
177
  * @example
178
- * var b = require("blamejs").create();
178
+ * var b = require("blamejs");
179
179
  * b.https.createServer({ key: KEY, cert: CERT }, function (req, res) {
180
180
  * var binding = b.tlsExporter.bindToken(req, "session-token-abc123");
181
181
  * binding.length;
@@ -214,7 +214,7 @@ function bindToken(socketOrReq, token) {
214
214
  * the input shape is wrong.
215
215
  *
216
216
  * @example
217
- * var b = require("blamejs").create();
217
+ * var b = require("blamejs");
218
218
  * b.https.createServer({ key: KEY, cert: CERT }, function (req, res) {
219
219
  * var stored = b.tlsExporter.bindToken(req, "session-token-abc123");
220
220
  * var ok = b.tlsExporter.verifyTokenBinding(req, "session-token-abc123", stored);
@@ -18,7 +18,7 @@
18
18
  "hashes": {
19
19
  "server": "sha256:5d539dfc9ef47121d4c09bd7256d76448a1f5ac47ee09ac44c78ff6a062af9ab"
20
20
  },
21
- "refreshedAt": "2026-07-02T23:54:12.403Z"
21
+ "refreshedAt": "2026-07-10T14:22:17.414Z"
22
22
  },
23
23
  "@noble/curves": {
24
24
  "version": "2.2.0",
@@ -40,7 +40,7 @@
40
40
  "hashes": {
41
41
  "server": "sha256:ebf254d5eb56aef8705a1c4af9603f47987b4870a9bb5e657e06907b701e2731"
42
42
  },
43
- "refreshedAt": "2026-07-02T23:54:12.403Z"
43
+ "refreshedAt": "2026-07-10T14:22:17.414Z"
44
44
  },
45
45
  "@noble/post-quantum": {
46
46
  "version": "0.6.1",
@@ -71,7 +71,7 @@
71
71
  "hashes": {
72
72
  "server": "sha256:f9190309daadca4c2e2cc2b76beaa6b96e463429cc3c390bd9f0ceaf7b588c68"
73
73
  },
74
- "refreshedAt": "2026-07-02T23:54:12.403Z"
74
+ "refreshedAt": "2026-07-10T14:22:17.414Z"
75
75
  },
76
76
  "@simplewebauthn/server": {
77
77
  "version": "13.3.2",
@@ -94,7 +94,7 @@
94
94
  "hashes": {
95
95
  "server": "sha256:49411d893f5e9b0e2fcaa564b4ec7921f73a9a06229b5e53d49c1453ea1a365c"
96
96
  },
97
- "refreshedAt": "2026-07-02T23:54:12.403Z"
97
+ "refreshedAt": "2026-07-10T14:22:17.414Z"
98
98
  },
99
99
  "SecLists-common-passwords-top-10000": {
100
100
  "version": "10k-most-common (master)",
@@ -114,7 +114,7 @@
114
114
  },
115
115
  "runtime_artifact": "lib/vendor/common-passwords-top-10000.data.js",
116
116
  "integrity_layers": "sha256 + sha3-512 + SLH-DSA-SHAKE-256f signature + in-payload canary (where applicable)",
117
- "refreshedAt": "2026-07-02T23:54:12.403Z"
117
+ "refreshedAt": "2026-07-10T14:22:17.414Z"
118
118
  },
119
119
  "bimi-trust-anchors": {
120
120
  "version": "operator-managed",
@@ -139,7 +139,7 @@
139
139
  },
140
140
  "runtime_artifact": "lib/vendor/bimi-trust-anchors.data.js",
141
141
  "integrity_layers": "sha256 + sha3-512 + SLH-DSA-SHAKE-256f signature + in-payload canary (where applicable)",
142
- "refreshedAt": "2026-07-02T23:54:12.403Z"
142
+ "refreshedAt": "2026-07-10T14:22:17.414Z"
143
143
  },
144
144
  "publicsuffix-list": {
145
145
  "version": "master",
@@ -154,12 +154,12 @@
154
154
  "bundler": "curl https://publicsuffix.org/list/public_suffix_list.dat",
155
155
  "bundledAt": "2026-06-24T00:00:00Z",
156
156
  "hashes": {
157
- "server": "sha256:5afbeea28737514a69a0bdca7cd3818979e67c443444de4d19f2f8713cf5372e",
158
- "data_js": "sha256:6ed61937db12f148494db7c336498740bf4458cd9f49ec73d887eda83529f207"
157
+ "server": "sha256:b86d21bda9c627f0fdbb0182a16a441992e53dc74eb3e866e7885660df863dbd",
158
+ "data_js": "sha256:72fb435e03a25bece67f744601e75e3fb7972f264336ddf7cfcb13ddccedb73e"
159
159
  },
160
160
  "runtime_artifact": "lib/vendor/public-suffix-list.data.js",
161
161
  "integrity_layers": "sha256 + sha3-512 + SLH-DSA-SHAKE-256f signature + in-payload canary (where applicable)",
162
- "refreshedAt": "2026-07-02T23:54:12.403Z"
162
+ "refreshedAt": "2026-07-10T14:22:17.414Z"
163
163
  },
164
164
  "peculiar-pki": {
165
165
  "version": "2.0.0+pkijs-3.4.0",
@@ -190,7 +190,7 @@
190
190
  "hashes": {
191
191
  "server": "sha256:9bbc191afaaa2b1e5757f00480457c08134cdc2c55d541df18d9155bba9cbf77"
192
192
  },
193
- "refreshedAt": "2026-07-02T23:54:12.403Z"
193
+ "refreshedAt": "2026-07-10T14:22:17.414Z"
194
194
  }
195
195
  }
196
196
  }
@@ -5,8 +5,8 @@
5
5
  // Please pull this list from, and only from https://publicsuffix.org/list/public_suffix_list.dat,
6
6
  // rather than any other VCS sites. Pulling from any other URL is not guaranteed to be supported.
7
7
 
8
- // VERSION: 2026-07-02_09-58-14_UTC
9
- // COMMIT: d67b6cb8e70e9c76b0803809b66e7ffdd09484bd
8
+ // VERSION: 2026-07-09_11-59-23_UTC
9
+ // COMMIT: b9a86cf0cd115f1e60b5815533f3fcfd2f9e8f4b
10
10
 
11
11
  // Instructions on pulling and using this list can be found at https://publicsuffix.org/list/.
12
12
 
@@ -12751,6 +12751,12 @@ co.ca
12751
12751
  // Submitted by Gavin Brown <gavin.brown@centralnic.com>
12752
12752
  co.com
12753
12753
 
12754
+ // Code For Host Inc Ltd : https://codeforhost.com
12755
+ // Submitted by Mehedi Hasan <support@codeforhost.com>
12756
+ sch.ac
12757
+ dev.cv
12758
+ store.cv
12759
+
12754
12760
  // Codeberg e. V. : https://codeberg.org
12755
12761
  // Submitted by Moritz Marquardt <git@momar.de>
12756
12762
  codeberg.page
@@ -14150,10 +14156,6 @@ in-vpn.org
14150
14156
  // Submitted by Connor McFarlane <noc@inferno.co.uk>
14151
14157
  oninferno.net
14152
14158
 
14153
- // info.at : http://www.info.at/
14154
- biz.at
14155
- info.at
14156
-
14157
14159
  // info.cx : http://info.cx
14158
14160
  // Submitted by June Slater <whois@igloo.to>
14159
14161
  info.cx
@@ -16328,6 +16330,10 @@ weeklylottery.org.uk
16328
16330
  wpenginepowered.com
16329
16331
  js.wpenginepowered.com
16330
16332
 
16333
+ // xAI : https://x.ai/
16334
+ // Submitted by Asim Shrestha <security@x.ai>
16335
+ grok.me
16336
+
16331
16337
  // XenonCloud GbR : https://xenoncloud.net
16332
16338
  // Submitted by Julian Uphoff <publicsuffixlist@xenoncloud.net>
16333
16339
  *.xenonconnect.de