npm - @blazedpath/commons - Versions diffs - 0.0.4 - Mend

@blazedpath/commons 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (224) hide show

package/README.md +3 -0
package/blz-base/health/index.js +215 -0
package/blz-base/index.js +1466 -0
package/blz-cache/LruCache.js +44 -0
package/blz-cache/index.js +29 -0
package/blz-config/index.js +434 -0
package/blz-core/index.js +364 -0
package/blz-cryptography/index.js +54 -0
package/blz-datetimes/index.js +356 -0
package/blz-file/example.dat +2545 -0
package/blz-file/fileService.js +205 -0
package/blz-file/index.js +94 -0
package/blz-file/index.test.js +31 -0
package/blz-file/lab.js +33 -0
package/blz-hazelcast/index.js +189 -0
package/blz-hazelcast/lib/credentials.js +25 -0
package/blz-hazelcast/lib/credentialsFactory.js +12 -0
package/blz-hazelcast/lib/hazelcastCache.js +234 -0
package/blz-iterable/index.js +446 -0
package/blz-json-schema/index.js +11 -0
package/blz-jwt/index.js +121 -0
package/blz-kafka/index.js +522 -0
package/blz-math/index.js +131 -0
package/blz-mongodb/index.js +326 -0
package/blz-rds/__test__/scape.test.js +58 -0
package/blz-rds/blz-rds-executor.js +578 -0
package/blz-rds/blz-rds-helper.js +310 -0
package/blz-rds/commands/core/add.js +13 -0
package/blz-rds/commands/core/and.js +18 -0
package/blz-rds/commands/core/asc.js +10 -0
package/blz-rds/commands/core/avg.js +10 -0
package/blz-rds/commands/core/column-ref.js +8 -0
package/blz-rds/commands/core/count-distinct.js +10 -0
package/blz-rds/commands/core/count.js +10 -0
package/blz-rds/commands/core/decimal.js +8 -0
package/blz-rds/commands/core/desc.js +10 -0
package/blz-rds/commands/core/distinct.js +10 -0
package/blz-rds/commands/core/divide.js +11 -0
package/blz-rds/commands/core/embedded-exists.js +17 -0
package/blz-rds/commands/core/embedded-select.js +17 -0
package/blz-rds/commands/core/equals.js +9 -0
package/blz-rds/commands/core/false.js +8 -0
package/blz-rds/commands/core/greater-or-equal.js +9 -0
package/blz-rds/commands/core/greater.js +9 -0
package/blz-rds/commands/core/in.js +9 -0
package/blz-rds/commands/core/integer.js +8 -0
package/blz-rds/commands/core/is-not-null.js +11 -0
package/blz-rds/commands/core/is-null-or-value.js +10 -0
package/blz-rds/commands/core/is-null.js +11 -0
package/blz-rds/commands/core/less-or-equal.js +9 -0
package/blz-rds/commands/core/less-unary.js +12 -0
package/blz-rds/commands/core/less.js +9 -0
package/blz-rds/commands/core/like.js +12 -0
package/blz-rds/commands/core/max.js +10 -0
package/blz-rds/commands/core/min.js +10 -0
package/blz-rds/commands/core/multiply.js +13 -0
package/blz-rds/commands/core/not-equals.js +9 -0
package/blz-rds/commands/core/not-in.js +9 -0
package/blz-rds/commands/core/not.js +13 -0
package/blz-rds/commands/core/null.js +8 -0
package/blz-rds/commands/core/nvl.js +11 -0
package/blz-rds/commands/core/or.js +13 -0
package/blz-rds/commands/core/parameter.js +34 -0
package/blz-rds/commands/core/remainder.js +16 -0
package/blz-rds/commands/core/string.js +8 -0
package/blz-rds/commands/core/subtract.js +13 -0
package/blz-rds/commands/core/sum.js +10 -0
package/blz-rds/commands/core/true.js +8 -0
package/blz-rds/commands/core/tuple.js +13 -0
package/blz-rds/commands/datetimes/add-days.js +11 -0
package/blz-rds/commands/datetimes/add-hours.js +11 -0
package/blz-rds/commands/datetimes/add-milliseconds.js +11 -0
package/blz-rds/commands/datetimes/add-minutes.js +11 -0
package/blz-rds/commands/datetimes/add-months.js +11 -0
package/blz-rds/commands/datetimes/add-seconds.js +11 -0
package/blz-rds/commands/datetimes/add-years.js +11 -0
package/blz-rds/commands/datetimes/date-diff.js +11 -0
package/blz-rds/commands/datetimes/date.js +12 -0
package/blz-rds/commands/datetimes/datetime-diff.js +11 -0
package/blz-rds/commands/datetimes/datetime.js +15 -0
package/blz-rds/commands/datetimes/day.js +10 -0
package/blz-rds/commands/datetimes/hour.js +10 -0
package/blz-rds/commands/datetimes/millisecond.js +10 -0
package/blz-rds/commands/datetimes/minute.js +10 -0
package/blz-rds/commands/datetimes/month-text.js +10 -0
package/blz-rds/commands/datetimes/month.js +10 -0
package/blz-rds/commands/datetimes/now.js +9 -0
package/blz-rds/commands/datetimes/second.js +10 -0
package/blz-rds/commands/datetimes/subtract-days.js +11 -0
package/blz-rds/commands/datetimes/subtract-hours.js +11 -0
package/blz-rds/commands/datetimes/subtract-milliseconds.js +11 -0
package/blz-rds/commands/datetimes/subtract-minutes.js +11 -0
package/blz-rds/commands/datetimes/subtract-seconds.js +11 -0
package/blz-rds/commands/datetimes/time-diff.js +11 -0
package/blz-rds/commands/datetimes/time.js +13 -0
package/blz-rds/commands/datetimes/today.js +9 -0
package/blz-rds/commands/datetimes/week-day-text.js +10 -0
package/blz-rds/commands/datetimes/week-day.js +10 -0
package/blz-rds/commands/datetimes/week.js +10 -0
package/blz-rds/commands/datetimes/year.js +10 -0
package/blz-rds/commands/math/abs.js +10 -0
package/blz-rds/commands/math/acos.js +10 -0
package/blz-rds/commands/math/asin.js +10 -0
package/blz-rds/commands/math/atan.js +10 -0
package/blz-rds/commands/math/atan2.js +11 -0
package/blz-rds/commands/math/ceil.js +10 -0
package/blz-rds/commands/math/cos.js +10 -0
package/blz-rds/commands/math/cosh.js +10 -0
package/blz-rds/commands/math/exp.js +10 -0
package/blz-rds/commands/math/floor.js +10 -0
package/blz-rds/commands/math/log.js +18 -0
package/blz-rds/commands/math/log10.js +10 -0
package/blz-rds/commands/math/pow.js +11 -0
package/blz-rds/commands/math/random.js +9 -0
package/blz-rds/commands/math/round.js +18 -0
package/blz-rds/commands/math/sign.js +10 -0
package/blz-rds/commands/math/sin.js +10 -0
package/blz-rds/commands/math/sinh.js +10 -0
package/blz-rds/commands/math/sqrt.js +10 -0
package/blz-rds/commands/math/tan.js +10 -0
package/blz-rds/commands/math/tanh.js +10 -0
package/blz-rds/commands/math/trunc.js +18 -0
package/blz-rds/commands/strings/concat.js +20 -0
package/blz-rds/commands/strings/contains.js +12 -0
package/blz-rds/commands/strings/ends-with.js +12 -0
package/blz-rds/commands/strings/index-of.js +11 -0
package/blz-rds/commands/strings/is-null-or-empty.js +11 -0
package/blz-rds/commands/strings/is-null-or-white-space.js +11 -0
package/blz-rds/commands/strings/join.js +22 -0
package/blz-rds/commands/strings/last-index-of.js +11 -0
package/blz-rds/commands/strings/length.js +10 -0
package/blz-rds/commands/strings/pad-left.js +20 -0
package/blz-rds/commands/strings/pad-right.js +20 -0
package/blz-rds/commands/strings/replace.js +12 -0
package/blz-rds/commands/strings/starts-with.js +12 -0
package/blz-rds/commands/strings/substring.js +12 -0
package/blz-rds/commands/strings/to-lower.js +10 -0
package/blz-rds/commands/strings/to-upper.js +10 -0
package/blz-rds/commands/strings/trim-end.js +10 -0
package/blz-rds/commands/strings/trim-start.js +10 -0
package/blz-rds/commands/strings/trim.js +10 -0
package/blz-rds/index.js +744 -0
package/blz-rds-mysql/base.js +857 -0
package/blz-rds-mysql/connection-manager.js +129 -0
package/blz-rds-mysql/execute-bulk-insert.js +35 -0
package/blz-rds-mysql/execute-bulk-merge.js +45 -0
package/blz-rds-mysql/execute-non-query.js +34 -0
package/blz-rds-mysql/execute-query.js +50 -0
package/blz-rds-mysql/index.js +41 -0
package/blz-rds-mysql/stored-procedure.js +207 -0
package/blz-rds-mysql/syntaxis.json +114 -0
package/blz-rds-mysqlx/base.js +846 -0
package/blz-rds-mysqlx/connection-manager.js +141 -0
package/blz-rds-mysqlx/execute-bulk-insert.js +35 -0
package/blz-rds-mysqlx/execute-bulk-merge.js +45 -0
package/blz-rds-mysqlx/execute-non-query.js +29 -0
package/blz-rds-mysqlx/execute-query.js +39 -0
package/blz-rds-mysqlx/index.js +41 -0
package/blz-rds-mysqlx/stored-procedure.js +179 -0
package/blz-rds-mysqlx/syntaxis.json +105 -0
package/blz-rds-oracle/index.js +540 -0
package/blz-rds-oracle/syntaxis.json +112 -0
package/blz-rds-postgres/base.js +861 -0
package/blz-rds-postgres/connection-manager.js +225 -0
package/blz-rds-postgres/execute-bulk-insert.js +81 -0
package/blz-rds-postgres/execute-bulk-merge.js +93 -0
package/blz-rds-postgres/execute-non-query.js +23 -0
package/blz-rds-postgres/execute-query.js +37 -0
package/blz-rds-postgres/index.js +41 -0
package/blz-rds-postgres/result-set.js +51 -0
package/blz-rds-postgres/stored-procedure.js +116 -0
package/blz-rds-postgres/syntaxis.json +114 -0
package/blz-redis/index.js +217 -0
package/blz-redis/lib/redisCache.js +265 -0
package/blz-regex/index.js +25 -0
package/blz-security/.eslintrc.js +15 -0
package/blz-security/__test__/AuthorizationKpn.yaml +1043 -0
package/blz-security/__test__/FinancingSetting.yaml +177 -0
package/blz-security/__test__/KpnConfigPortal.yaml +330 -0
package/blz-security/__test__/OrderManagement.yaml +5190 -0
package/blz-security/__test__/Security.yaml +128 -0
package/blz-security/__test__/autorization.test.js +105 -0
package/blz-security/__test__/orderManagement.test.js +26 -0
package/blz-security/__test__/secureUrl.test.js +79 -0
package/blz-security/__test__/solveMergeRule.test.js +109 -0
package/blz-security/__test__/sqlInjectionGuard.test.js +203 -0
package/blz-security/__test__/xssGuard.test.js +204 -0
package/blz-security/authorizationService.js +536 -0
package/blz-security/config/global.js +8 -0
package/blz-security/config/welcome +8 -0
package/blz-security/doc/README.md +75 -0
package/blz-security/filescanner/index.js +46 -0
package/blz-security/helpers/consts.js +229 -0
package/blz-security/helpers/utils.js +267 -0
package/blz-security/implementations/cache.js +90 -0
package/blz-security/implementations/oidc.js +404 -0
package/blz-security/implementations/pkceCacheStore.js +23 -0
package/blz-security/implementations/saml.js +10 -0
package/blz-security/implementations/uma.js +63 -0
package/blz-security/implementations/webAuthn.js +9 -0
package/blz-security/implementations/wstg.js +72 -0
package/blz-security/index.js +77 -0
package/blz-security/lab/index.js +27 -0
package/blz-security/middleware/HapiServerAzureAd.js +641 -0
package/blz-security/middleware/HapiServerKeycloak.js +840 -0
package/blz-security/middleware/HapiServerSimToken.js +247 -0
package/blz-security/middleware/hapi.js +515 -0
package/blz-security/middleware/hapiServer.js +974 -0
package/blz-security/navigationMemoryRepository.js +15 -0
package/blz-security/navigationMongoDbRepository.js +73 -0
package/blz-security/secureUrlService.js +47 -0
package/blz-security/securityService.js +409 -0
package/blz-security/sqlInjectionGuard.js +162 -0
package/blz-security/templates/forbidden.html +0 -0
package/blz-security/templates/session-iframe-azure-ad.html +7 -0
package/blz-security/templates/session-iframe.html +73 -0
package/blz-security/templates/unauthorized.html +1 -0
package/blz-security/xssGuard.js +87 -0
package/blz-strings/index.js +167 -0
package/blz-uuid/index.js +7 -0
package/blz-yaml/index.js +19 -0
package/index.js +84 -0
package/package.json +97 -0
package/process-managers/index.js +422 -0

package/blz-security/__test__/xssGuard.test.js ADDED Viewed

@@ -0,0 +1,204 @@
+const XssGuard = require('../xssGuard');
+const logger = require('pino');
+describe('XssGuard', () => {
+  let guard;
+  beforeEach(() => {
+    guard = new XssGuard(logger({ level: 'silent' }));
+  });
+  test('sanitizes buffer as String', () => {
+    const input = {"zipBinaryString":"PK\u0003\u0004\u0014\u0000\b\u0000\b\u0000ÝîZ\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000:\u0000\u0000\u0000criteria-set-11-exported-2025-07-14T16:38:58.967Z1073.jsoníÝmS\u001ai¢\u0006à¿bñéLU3E7/B¾ùÆZ\u0010J\u00187ÍVÊ\u0018vg3£fÏLmí?\u0005´³Aeiºyë±Û\u0006ZáÊs?Ý÷óÏÒåíÕýèöêb0º/½úç×ÿ<ùXz\u0015ÇQéîþâþË]éU©}º·ßi\u001f¢ÒõÅ¯£Ò«R÷âöê®Ë;\u001f.îF\u001fwn®w\u0006¿Þü}´3\u001cÝÝï4wÊ;ÿuõëçÛûÑÇ\u001f¾ùG)*}\u001cÝ]Þ^}¾¿º¹.½*=þ±ÑoÓ=ÇL*I\\i+É0_ÅÍWIëÇÝVóçhçáx÷J^Õv_%\u001f\u001bÕúÏ?Ì>\\«\u001c7IåU%~U¯ÿØ¨$3\u000f÷Ç^»¯âÆI¥ñó\u000f¥E¢Ò«¿üq¾n®'g«Ö¬D³NáÕÝÞçÏ®./>|\u001a·áÙOíRTú|q;º¾?øú\b×_>}\u001aïÞþíòÓ»éÙI÷þp;ºøûÇÿ~kït°w0<é¢ÒßnGÿûet}ùûð÷ÏãÃ\u001fîtÞ¢Òè\u001fãÃß|\u001cïM¹R)¿)ÿ¹wtôþðaÛá7¿?HùæoÛ\u0019ïpùåöv|Ì»ñ¯þ§³RTº¹ý%=\\y¼ÇíèãÕýñ§½ËË/×÷éw?>|ÿÍ«»£«Ëû«û«/w\u00077×\u001f¯¦\u000f9}µ\u0017Ó]ÇOþ»m÷·\u0017×w\u0017ão=Ú^úË»ÒôÕ¼+ýµ\u0014în¾Ü^f\u001eäÃË¿f\u001fÿãèÃýÍí`ò\u0017~t{óë³;\foÞüËèù\u001fÿeôäO]Ýý}üä9ÀÃ.O?Ñ/¿®ï{\u000eÓ=<Âáëë«ë_9BºÇ#Üÿ¾Ì>ù£ß>®ïfoKóÏþoöñÈÿÞþÄ/àë\u001dþùg\u0005öyæY<óKøv§ñÜ¯áÛ]f\u001cã«wË3çô»½f=On./^8Ðãf\u001cçòËÝýÍ¯ãÓ\u0016?³-yf[õmµg¶Õ¿Ûvu·ÿÇ\u0007Áàó§«ñÓÑ^gÐ|@\u001düû>·1yncõ¹µç6Ö\u001fo¼\u001d}\u001a>ùÙ7~=ÿ¾Ãg·U\b>û?\u001dü©=ÛV;~þð¨3þ4øÃ\u001fþl?Í5\u0018ü\u001c¼ÐÁ:!t`ð\u0003\u001føÀ\u0007>»a\u000f~¸cðÃ\u001fþðgCýi\u0004ëÏÑéÁûãÙü\u001c]]_\\_^]ÿ²s<º\u001eÝ^]î\u001cLY\u0013&¯\fE(BÑ:R4~\u000fþ©Û¾\u0005´lê\u0001t8¿HcPÖ\u0006¤C \u0001\tH@\u0002Òw ÕÂ\u001f2N2U#\u001cáh;8ªÎA\u0012hD#\u001amFIØ\u001auú{o{GG³=z=øÓNÿâ÷ñe\fÿu?\u001aßHuqûû\u000fkÂQúÊ\u0004$ ¹Dñò%zx>\u000bO\u001cí'NËGy0\u0014WwëñL¤ÒªT*³@Jjeºé\tÆ´OÒÔÅy:9=|ð®\u0014½+íu:½éWý÷íýáäëL~uâ\u0018ÇÂulüþ\u001ct¼Ñ_·÷:Ã×/\u0007o\u0007ÃvwçätØ>>Û\u001böÎ¦\u0004\u0007íÇ£3î=ó©:9i\u000f¯-Í²0ð>þÛîðýÉa{¯3[Ä«ñ¦Ï\u0017¿ßfïB\b\bÇ'ÿ¤Ó99M#Àçõû÷\u000b4>ã\u001a×Ï¶~|Ö\b·æ!Üp2ï4>éYcF[T¢\u0012¨ôH¥f©áY©a³Y\u0005\u001ab\nSÚàPð +ê[\u001c«ÝÐ/¶è\u001d½?\u0019\ffÕ¹¹¸NÅZK,¦¯G!\f¹èC©C£<\u0004\u0019\u0011¡\bE(Ú\nÂmp\u0003èD'ÓJ[ÈRi¥£ºÉÇv\u000ev®®?Ü|¹þø\"OoÞ¼yóÄ¼ÒÃäÑwNÅøùy¥´:8k\u001fL®#}«éKå!\nQBTÆ\u001e¸V¯åpåCR+ÿ¹|Þ(4Û§þø9|¼ºÜ9¹þÇÍÕåh§¼3ý]í|¸øtq}9ÚùòùãÅýè.ÃÅ\u0010ñ\u0004¦Õ^\fñÇÝR\u000e®Î÷\f®\u0002kÒMv2\u001c¶OßÿqåËÓ½°;×^vmòÖº¹»\u001f}üîOð¯÷Î?,Üï?\u001b\u0016º\"+|\tøÀ\u0007>ð/(øþtÜ\u0001_ðÅà\u0003\u001føÀ\u0007¾ à\u001böúàË\u0013¾\nøÀ\u0007>ð/(øú!ør¯Þ\u0002\u001føÀ\u0007>ð\u0005\u0005_§}\f¾<ák\u000f|à\u0003\u001føÂãëwÁ'|»à\u0003\u001føÀ\u0007¾°àk»¸%Wø\u001aà\u0003\u001føÀ\u0007¾ à{}¾\u000f¾<á«\u000f|à\u0003\u001føÂ\u001añuÝÇ+|su¬<<BqÝýä#\u001fùÈ·åòEéÐ/J³Ï(üÒ«_¢ôòÏ(½ÿ!Jo\u0000Öï\u000eøtpµ6pfn~I\u001a9¬]¬O.\u001dWë\rnrÜ\f¯ù¥EµÇÓ¬Tâ¤Ò¨5«²#Í\u0004À\u0004&0\tÌÙ`Æqe·^KâF\u0002ÌZ=\u0006&0\tL`\u0002s6ÆøC0N\u0015`Öê\u0015`\u0002\u0013À\u0004æºudW\u0000f\u0005L`\u0002\u0013À\u0004¦Höe0À\u0004&0\tL`d_\u0006s\u0017À\u0004&0¹n«edW\u0001f\u0003À\u0004&0\tLìË`Ö\tL`\u0002\u0013À\u0014É¾\ff\rÀ\u0004&0¹në8dW\u0001¦¦\u001f`\u0002\u0013À\u0004¦Hv\u000e05ý\u0000\u0013À\u0004&0E²s©é\u0007À\u0004&0Ã\u0002sÒ±.\r\u000fLM?À\u0004&0\tLìË`V5ý\u0000\u0013À\u0004&0E²s©é\u0007À\u0004&0\u0003kúéwE²!©é\u0007À\u0004&0)\u0003LM?À\u0004&0\tLì\u001c`jú\u0001&0\tÌÀÀl[Þ+H05ý\u0000\u0013À\u0004&0E²s©é\u0007À\u0004&0)\u0003LM?À\u0004&0\u0019\u0016¯Ï÷E²!©é\u0007À\u0004&0)\u0003LM?À\u0004&0\tLìË`&~\tL`\u00023°9ÌnO$\u001b\"~\tL`\u0002\u0013\"Ù9ÀÔô\u0003L`\u0002\u0013À\u0014ÉÎ\u0001æ\\M?\u000f0CÌóDLb\u0012Ä\\¦Q:\u0019¥÷Di\u0005P¶³GéÂÑ»Ò°×n?î·ß\u000fRÜèÛ\u0011ksâ\u000eõÌñ£.GãÌ5Bñò¯gå$)\u0012ãf³Zq\\©¬=Æ\tÆÑ»Ò1©Lå5Sy\u000eU\u000fºZùxÛ6Gk\u0004$ \u0001\tHÀ@Ç¥Ç\u001d\u0002æ)`\u0004$ \u0001\t\u0018¦¤ù\t\u0010\u0004$ \u0001Ã\u0014p2çHÀü\u0004\tH@\u0002\u0012a\n8¹úù\tX! \u0001\tH@\u0002®íR\u0004Ì `Ü\" \u0001\tH@\u0002®íÊ\u001f\u0004Ì\"`\u0004$ \u0001\t¸¶E«\u0004Ì\"à.\u0001\tH@\u0002\u0012pm{m\bEÀ ûi\u0010@\u0004\"\u0010Å\u0014Õ\u0004Eh>2ù\t½S&É£à\u001aFÁÛ&\u0000Úá&7¹¹y7Ò[tc\u0015`Ö\tL`\u0002\u0013À´èÆË`V\tL`\u0002\u0013À´èÆË`&.ºALb\u0012ÄÜêE3rò4¯U3âm9y]\"Tu\u0010MiJSº86\u0017ø²äTÕ\u001c±aäòÖnl·\u0007à\u0003\u001fø6l(ö¬\u0000ÌJ\u000bÀ\u0004&0\tLö¼\ff\u0013À\u0004&0\tLö¼\fæ.0\tL`\u0002Ó=\"ÙÁl\u0000\u0013À\u0004&0)}\u0019Ì:0\tL`\u0002\u0013\"ÙÁ¬\u0001\u0013À\u0004&0\u0002sR\u0004+\r\u000fÌ*0\tL`\u0002\u0013\"ÙÁL\tL`\u0002\u0013À\u0014É¾\ff\fL`\u0002\u0013À\f\nÌÉ\u001a]\"ÙðÀÔô\u0003L`\u0002\u0013À\u0014É¾\bfµ¥é\u0007À\u0004&0)\u0003LM?À\u0004&0\u0019\u0016ö±H6D05ý\u0000\u0013À\u0004&0E²s©é\u0007À\u0004&0)\u0003LM?À\u0004&0\u0019XÓO¿+\r\u0011LM?À\u0004&0\tLì\u001c`jú\u0001&0\tL`dç\u0000SÓ\u000f0\tL`\u0006\u0006fÛò^A©é\u0007À\u0004&0)\u0003LM?À\u0004&0\tLìË`65ý\u0000\u0013À\u0004fX`¾>ß\u0017É\b¦¦\u001f`\u0002\u0013À\u0004¦Hv\u000e05ý\u0000\u0013À\u0004&0E²s©é\u0007À\u0004&0\u0003ÃìöD²!©é\u0007À\u0004&0)\u0003LM?À\u0004&0\tLì\u001c`ÎÕôóð\b3Ä|8OÄ$&1IÌe\u0019¥QzIV\u0000Ei;{.\u0019½+\r{ýéöãé~ûý Å¾\u001d±F9'¾éPoÉ\u001cÏ8êr4ÎX#\u000bÆgåj\\ ÆI<UuC1î\u000e¦ï©~ïhú\u0006Þ{ÛÅ3ñ¼a\u0003Úî¢h>Þ¶\u0003ÓÌ\u0005AõZ\u000eãÒ$1.]\u0016ó½é]\u001f¾8Úßë \u0010(\\'\n\u0003\u001aiºzèkB+\bE(B\u0011Pºh\u0001Bw[\bE(B\u0011PºÂh\u0011B\bE(B\u0011ÐÐç4-\u0012$¡»\bE(B\u0011P\nr\u0017!´P\"\u0014¡\bE¨ w\u0011Bë\bE(B\u0011ÐÀ\tÜ\u000b*È\rÐ\u001aB\u0011P\"\u0014¡ÜE\b\"\u0014¡\bE(B\u0011*È]Ð\u0004¡\bE(B\u0011\u001a8¡r?Anxj'B(B\u0011P\nr\u0017\"T;\u0011B\u0011P\"T»\b¡\ríD\bE(B\u0011\u001a:¡ÕZ\u0004¹á\u0011ª\b¡\bE(B\u0011*È]PíD\bE(B\u0011PAîBj'B(B\u0011ÐàÛú]Anj'B(B\u0011P\nr\u0017\"T;\u0011B\u0011P\"T»\u0010¡Ú\u0010P\"4xBÛ\u0016;\u000bPíD\bE(B\u0011PAîBj'B(B\u0011P\nr\u0017\"T;\u0011B\u0011PNèëó}AnÖµ\u0013!\u0014¡\bE(B\u0005¹\u000b\u0011ª\b¡\bE(B\u0011*È]PíD\bE(B\u0011\u001aü\\h·'È\rPíD\bE(B\u0011PAîBj'B(B\u0011P\nr\u0017\"t®v¢GaèÃyb(C\u0019ÊPækhNFé].QZ[\u0014¥=ôQº°hô®4ìõ§Û§ûí÷48úvT\u001bå\u0013§ÃÁ%\u0003=ã¨Ëñ9sõQmùCÜ³r\\-çf³ZÛ\\Úí\u0001a\fãuÂx\u000eL\u000fº\u0012ùxÛ6\u000eL\u0013ð\u000f|à\u0003_X£Ðã\u000eøò/\u0006\u001føÀ\u0007>ð\u0005\u0005ß$N\u0005_~ðUÀ\u0007>ð\u000f|AÁ7O\u0004_nðÕZà\u0003\u001føÀ\u0007¾ à\\P\u0003¾üàk\u000f|à\u0003\u001føÖm!Lðeo\u0017|à\u0003\u001føÀ·n\u000b/\u000b|\rð\u000f|à\u0003ßº\u0015/\u000b|uð\u000f|à\u0003ßº\u0015Ó/\u000b|A\u0016Ì|ä#:\\ëd3âüàÌØüS1[5\u000e¢Vãúº»Ù99\u001dLßjýÞÑô½¶÷¶KRT¹©Ñæ\u0002hfnë9 \u0019×´.\u000bÍ³ÁùÁ´Í´×;Ôf\nMhnju©VAhP\"\u0014¡\bE¨u©\u0016!´P\"\u0014¡\bE¨u©\u0016 ´ÚB(B\u0011P®!¸ w\u00156\u0011P\"\u0014¡\b\u0015ä.Bè.B\u0011P\"\u0014¡ÜE\bm \u0014¡\bE(B×+Aî*\b#\u0014¡\bE(B\u0011*È]Ð\u001aB\u0011P\"\u0014¡ÜE\b\"\u0014¡\bE(B×ÁfAî*\bÕNP\"\u0014¡\b\u0015ä.D¨v\"\"\u0014¡\bE¨ w!Bµ\u0013!\u0014¡\bEhèN`\u0011ä\u0006Gh¢\b¡\bE(B\u0011*È]PíD\bE(B\u0011PAîBj'B(B\u0011ÐàÛú]Anj'B(B\u0011P\nr\u0017\"T;\u0011B\u0011P\"T»\u0010¡Ú\u0010P\"4xBÛ\u0016;\u000bPíD\bE(B\u0011PAîBj'B(B\u0011P\nr\u0017\"T;\u0011B\u0011PNèëó}Anj'B(B\u0011P\nr\u0017!4ÖNP\"\u0014¡\b\u0015ä.D¨v\"\"\u0014¡\b\r~.´Û\u0013äH¨v\"\"\u0014¡\bE¨ w!Bµ\u0013!\u0014¡\bE(B\u0005¹\u000b\u0011:W;ÑÃ#Ì0ôá<1¡\fe(Có54J'E£ô.(-Ò\u001eú(]X4zW\u001aöúÓíÇÓýöûA\u001a\u001c};ªrÎÓáàqÔåø¹ú¨²ü!îYÁ<7Õ\u001añg<Ëó\u001c¼\u001et\u0017Eóñ¶m\u001cªVQB\u0014¢\u0010¡T;(ÌÂ\u0004(D!\nQ\u00188\u0010\u0016ùQ\u0018£\u0010(D!\n\u0003§p2/Âü(¬ \u0010(D!\n\u0003§pr©\u000e\ns£°ÒB!\nQB\u0014®ÿ¢(ÌBa\u0013(D!\nQ¸þË 0\u000b»(D!\nQÂõ/~Ea\u0016\n\u001b(D!\nQÂõ¯ÎAa\u0016\n¬Àa!\u000bYÈB\u0016\u0016\\\u0013¥ùÕäGiÆ¶ÊäªqùTÜr$í\u000e¦oµ~ïhú^Û{Û%iøî\u001d\fOÎÛé¯l0|øÓô\u001f\u0006ýöéa{úÿ¢ÃöÃ~/cí<Vëº¤J9£Øj%{;N%\u0007z*zFïùÞ\u0010´ \u0005F\u001d«x\u0005Ân]ìb\u0017»ØÅ®¿b7Æ.v±]ìb×jaE±[\tsµ0îr»ÜåîFº[ð\na9©Ó\u0012aI«\u0015àEWg\u0005¼Ù/3ÉLf²Ûrà³\u0019$^³ÄS\u0007]³\fT \u0002Õý´@]\u001cÔ¬-KÉn.s³xY \u000e&ãÑñí´\u0006¦\u001cå¨õ®]\u001c¿\rþò¿üå/]\\¸¿uþò¿üå/]¤\\¸¿5þò¿üå¯åÏû[å/ùË_þòWþ\\¸¿\tùË_þò¿òçÂýùË_þò¿ìïdm!ùsxþVøË_þò¿ü?\u0017ío³Å_þò¿üå¯ü¹püå/ùËßMöw²Æ½ü9<õ_ñ¿üå/åÏÅû«ÿ¿üå/ù+.Þ_ýWüå/ù»ÑþvÚÇòç\u0010ýÕÅ_þò¿ü?\u0017ï¯þ+þò¿üå¯ü¹xõ_ñ¿üåïf÷_õ»òç\u0010ýÕÅ_þò¿ü?\u0017ï¯þ+þò¿üå¯ü¹pwõ_ñ¿üåïfûÛ¶þ`þê¿â/ùË_þÊ÷Wÿ\u0015ùË_þòWþ\\¼¿ú¯øË_þòw£ý}}¾/\u000eÑ_ýWüå/ùË_ùsñþê¿â/ùË_þÊ÷Wÿ\u0015ùË_þnöüo·'\u000eÑ_ýWüå/ùË_ùsñþê¿â/ùË_þÊ÷w®þ«G\u0001ðÃy\u00020\u0001\f`\u0000\u0007\fpN\u0004Gé\rIQZ\u0015¥\u000b4DéBÁÑ»Ò°×n?î·ß\u000f\u0012ðèÛñts¼\u000eD¬û£.\u0005÷FærZí5¶/Ëö#¤#\u001dé[Iz@$SþÝ&v±]ìb\u0017»¦bw\u0017»ØÅ.v±]3ÈE±ÛÀ.v±]ìnâ¼ñ±\u001bd·]ìb\u0017»ØÅ®¹(vkØÅ.v±]ì\nb·]ìb\u0017»ØÝ@v'7\u001b\tÃc7Á.v±]ìbWÈ\\\u0014»1v±]ìb\u0017»Bæ¢Ø`\u0017»ØÅ.v7ÝI³98vëZª°]ìb\u0017»BæÂØÕR]ìb\u0017»Ø\u00152\u0017Æ®*ìb\u0017»ØÝDv'Ë(\bÃcWK\u0015v±]ìbWÈ\\\u0018»Zª°]ìb\u0017»BæÂØÕR]ìb\u0017»\u001bÙR5^³WÈ\u001c\u001e»Zª°]ìb\u0017»BæÂØÕR]ìb\u0017»Ø\u00152\u0017Æ®*ìb\u0017»ØÝHvÛ\u0016þ\u000b]-UØÅ.v±]!sQìÖ´Ta\u0017»ØÅ.vÌ±«¥\n»ØÅ.v7Ý×çûBæ\u0010ÙÕR]ìb\u0017»Ø\u00152\u0017Æ®*ìb\u0017»ØÅ®¹0vµTa\u0017»ØÅîFÎív{Bæ\u0010ÙÕR]ìb\u0017»Ø\u00152\u0017Æ®*ìb\u0017»ØÅ®¹0vçj©zx\u0019î>'îr»ÜånxîFé$oÞQ\u0014¥õUQºVB.Ì\u001b½+\r{ýéöãé~ûý Ý¾\u001d=G9gØé°sÉ¨Ï8êrLÏ\\U]þPú¬`ÒÍj\réHG:Ò7ô9H>è.\níãmÛ8$®à\u0013øÄ'>7qD|ÜÁg|V[øÄ'>ñÏ\räs\u0012\u0010ã3?>øÄ'>ñÏ\räs2ÏÏüøÜÅ'>ñO|n Ëð\u001f\r|â\u0013øÄçv.ZÏ,|ÖñO|â\u0013Û¹\u001c\u000f>³ðYÃ'>ñO|ngÑ0>³ðYÅ'>ñO|ng\u0012>³ð\u0019d\u0015\u0012?ùÉO~òs\rªò7Ò¢üøÍÜZä2zMè»,}\u0007\u0013}£w¥c\fc\u0018Ãê\fcïh£\u001cå(G9ªÇ£:´8ÊQr£\n8º°£Mr£\u001cå¨f#.ìè.G9ÊQrTÅ\u0011G\u0017v´ÁQr£\u001cÕuÄÑ\u001ds£\u001cå(G\u001eqtaGk\u001cå(G9ÊQíG\u001c]ØÑ*G9ÊQrT\r\u0012G\u0017v4Ô\u001a$\u0014¤ \u0005©>¤-èCJ²ö!ÅÚÒ\u0019Þ/ÇÕ\"\u0019®îÖã\rn#l·\u0007ô¥/}Õ ÍÐsÐýy\nt{¯3|=ýûx;\u0018¶»;'§ÃöñÙÞ°w6ú ½¨³ãÇiV*qRiÔÕÇGÙÆáo\u0005»ØÅ.v±Ý<ÙãÊn½Ä\u0004»IÜÂ.v±]ìb7Ov\u001bFe<àmV°ÄMìb\u0017»ØÅîvv\u0004\u000bWÁî.v±]ìb\u0017»Bæ¢Øm`\u0017»ØÅ.v±+d.Ý:v±]ìbw;\u0017Ð\u00112¯Ý\u001av±]ìb\u0017»Bæ¢Øb\u0017»ØÅ.v±+d.Ý\u0004»ØÅ.v±»«Ë\nWÁ®*ìb\u0017»ØÅ®¹0vµTa\u0017»ØÅ.vÌE±[ÑR]ìb\u0017»ÈîdÅ\u0003!sxìj©Â.v±]ì\n\u000bcWK\u0015v±]ìbWÈ\\\u0018»Zª°]ìbw#[ªú]!sìj©Â.v±]ì\n\u000bcWK\u0015v±]ìbWÈ\\\u0018»Zª°]ìbw#Ùm[ø/HvµTa\u0017»ØÅ.vÌ±«¥\n»ØÅ.v±+d.]-UØÅ.v±»ì¾>ß\u00172ÇnÜÒR]ìb\u0017»Ø\u00152\u0017Æ®*ìb\u0017»ØÅ®¹0vµTa\u0017»ØÅîFÎív{Bæ\u0010ÙÕR]ìb\u0017»Ø\u00152\u0017Æ®*ìb\u0017»ØÅ®¹0vçj©zx\u0019î>'îr»ÜånxîFé$oÞQ\u0014¥õUQºVB.Ì\u001b½+\r{ýéöãé~ûý Ý¾\u001d=G9gØé°sÉ¨Ï8êrLÏ\\Õ\\þPú¬`ÒÍj\réHG:Ò7ô9H>è.\níãmÛ8$NðO|â\u00138\">îà3O>c|â\u0013øÄç\u0006ò9\tñ\u001f\u0015|â\u0013øÄç\u0006ò9gÅgn|6[øÄ'>ñÏ\räsr¹\u0012>óã³O|â\u0013øÜÎEkñÏ]|â\u0013øÄçv.ÇÏ,|6ðO|â\u0013ÛY4Ï,|ÖñO|â\u0013ÛY¡Ï,|\u0006YÄO~òü\\*¤ üÍ§´(?~3·\u0016Õ\u001by\u0014\u0011Ö\u0014\u0011.Kß³ÁùÁätÜëM?oö÷:<æ1õ\u0018Y\u0000'\u0010\u0013\u0010\u0018Ä \u00061-³:c\u0010\u0018Ä \u00061-³:+ \u00061A\fb\u001dÁ¢éA¼Û\u00021A\fb\u0010X4½: \u00061A\fb\u0010¦W\u0007ñ.A\fb\u0010Øú;¢éÕAÜ\u00001A\fb\u0010X4½:ë \u00061A\fb\u0010¦W\u0007q\rÄ \u00061Alm[Ñôê Ö¬\u0005b\u0010\u0018Ä \u0016M¯\u0010bÍZ \u00061A\fbÑô\n!Ö¬\u0005b\u0010\u0018ÄÛ\u0001ñdm\u0007Ñtx\u0010kÖ\u00021A\fb\u0010¦W\u0007qC³\u0016A\fb\u0010X4½B5k\u0018Ä \u0006ñ4kõ»¢é\u0010!Ö¬\u0005b\u0010\u0018Ä \u0016M¯\u0010bÍZ \u00061A\fbÑô\n!Ö¬\u0005b\u0010\u0018Ä[\u0002qÛ2AB¬Y\u000bÄ \u00061A,^!Äµ@\fb\u0010\u0018Ä¢é\u0015B¬Y\u000bÄ \u00061·\u0003â×çû¢é\u0010!Ö¬\u0005b\u0010\u0018Ä \u0016M¯\u0010bÍZ \u00061A\fbÑôê ®kÖ\u00021A\fâ-#îöDÓ!B¬Y\u000bÄ \u00061A,^!Äµ@\fb\u0010\u0018Ä¢é\u0015B<W³ÖÃ#Ìøá<Ä$&1×Aâ(,Òû¢´r+JWÒ£w¥a¯?Ý~<Ýo¿\u001f¤äÑ·#ì(çä;\u001d.ù\u0019G]òk»jË\u001fn\u0015|³YA\u001eòü¦#?\u0007Ò\u0007ÝEé}¼m\u001bÍ5 \u0002\u0015¨@\u0005êv;@Í\u0013Ô*P\nT \u0002u+@ÄÊ@Í\u000fÔ\u0004¨@\u0005*Pº\u0015 Næk\u001f¨1P\nT \u0002u+@\\\b\u0005Ôü@\u0000\u0015¨@\u0005*P-ê\u000bÔÌ ÖZ@\u0005*P\nTK\u0011\u00015;¨M \u0002\u0015¨@\u0005ª\u0002e f\u0007u\u0017¨@\u0005*Pªö\t¨ÙA\r²¾¨D%*QºõMAOÑR~ glZ×ãáÙÞé`ü.ïÎòr¥R~S\u001e\u001c\u001e\u001eÌ\u0006ypx¸óáâþò¿w.o®ÿvuûëäOôE}ûí·ßfâûoa¿Ã7®ÄÙñü©µ\u000fO&mbÞ«3?¯ÿS}¿'±!\u0019;cgäáß<þ=±×¬g«u·%Ïl3`ß§Úò}J÷^x¸ø¦\\ËoþÓábtýñêúÁááFg\u0002UESyFó½á·CÃãïtNN\u0007Ó/ú½£é\u0017\u000fÚíé¦£?¾3\u0019PN\u0006\u0015o»FÔÛÊQßô\u0003eîaß×»³p\u001d-¬ha«U~Sî¿í\u000eßOe{b¤öùâ÷ñû¥ ú¾y¼Ã£Î\u0010L`2\u001c3\u001cÛ$B\bZ8-Ü8Ò×³\u0018Dò@\u0000\u0001\b@\u0004P\u001c8@ÿI&¸\r!\u00061A\fÚ$*Å\\3ñ\u001f^ÃXË§Köçé&¤\u001a?u±Ä\u001f\u00171>3/5y½+ú~ÒÉ\u0012²µ:²\u0002Z{tqµ\u0015 tûyH¤t¤#]0Ò¹Ý,_\u000bQV\u000e~U\u0012#µ<.!|éAØÁ\u000ev«Ân;¹\fëaq\u0017XÄ\"\u0016±¸ú1àË+õb±\u0018\u0016\u001bXÄ\"\u0016±Å³8Çz»X,Å:\u0016±E,bqå,Î±j.\u0016a±E,b\u0011X\\9s¬}ÅbX¬b\u0011XÄ\"\u0016W?·øò\n¶X,Å\u0004XÄ\"\u0016±¸z\u0016Û.¹\tÅ\u0018XÄ\"\u0016±¸r\u0016çXM\u0016Å°XÁ\"\u0016±E,ª£ÁâW¨·z,\u0017¹ÈE.n¥ù®ìº¦®®Ù\u001a°Iæ¸Ci\u001eª>¹ò:U©JUª®CKJ¸,ØíÂ\u000ev°\u001dìÖ¡û\u0006vY°kÀ\u000ev°\u001dìÖ¡Ñ\u0006vY°«Ã\u000ev°\u001dìÖ¡§\u0006vY°«Á\u000ev°\u001dìÖ¡}\u0006vY°«Â\u000ev°\u001dìÖ¡S\u0006vY°K`\u0007;ØÁ\u000evëÐ\u0014\u0003»,ØÅ°\u001dì`\u0007»uè]\u0016ì*°\u001dì`\u0007»uhu]\u0006ìâ »ZhG;ÚÑNWËÒ»ZÒrÍ\u001aXâ\r,³¬L÷^Ê7åV«ü¦Ü99\u001d¼?\u0019\ff[Ù¹¹¸Þ9¹¾»¿øôiüVÛ9¹»ûrq=\u0007å`gQY~\u001aÉoÞª\u000bØøðê\u0016Çñð¨3¤\u001bÝè\u0016ìXîñ\u001bÅÍ\u000fÓn!0\rÏöN\u0007{\u0007ÃÞéÜ:U*tzV§ïÑ¡\u0012¨D¥µW©\u0011îp©·wú¾÷\fG½Û«_®®'Së¢Ðä%\u0019!±EëhÑãm\u0010Z\u000eBõÀF$2\u001a\"\u0010\b´\u0011\u0002ýuòÞº¹½\u001f}ì?\u000fJR/WvËqm\u00187^U¯êÍ\u001f[õÊÏ¥ý?PK\u0007\bù\u0017þ \u0000\u0000`]\n\u0000PK\u0001\u0002-\u0003\u0014\u0000\b\u0000\b\u0000ÝîZù\u0017þ \u0000\u0000`]\n\u0000:\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000 \u0000¤\u0000\u0000\u0000\u0000criteria-set-11-exported-2025-07-14T16:38:58.967Z1073.jsonPK\u0005\u0006\u0000\u0000\u0000\u0000\u0001\u0000\u0001\u0000h\u0000\u0000\u0000ú \u0000\u0000\u0000\u0000","criteriaSetId":null};
+    const result = guard.sanitizeObject(input);
+    expect(result.zipBinaryString).toBe(input.zipBinaryString);
+  });
+  test('allows clean string without altering it', () => {
+    const input = { comment: 'This is a safe comment.' };
+    const result = guard.sanitizeObject(input);
+    expect(result.comment).toBe('This is a safe comment.');
+  });
+  test('sanitizes basic XSS attempt', () => {
+    const input = { comment: '<script>alert("xss")</script>' };
+    const result = guard.sanitizeObject(input);
+    expect(result.comment).toBe('');
+  });
+  test('sanitizes inline XSS', () => {
+    const input = { title: '<img src=x onerror=alert(1)>' };
+    const result = guard.sanitizeObject(input);
+    expect(result.title).toBe(''); // dompurify removes the dangerous attribute
+  });
+  test('sanitizes encoded XSS attempt', () => {
+    const input = { encoded: '%3Cscript%3Ealert(1)%3C%2Fscript%3E' };
+    const result = guard.sanitizeObject(input);
+    expect(result.encoded).toBe(''); // <script> is decoded and then cleaned
+  });
+  test('sanitizes nested objects', () => {
+    const input = {
+      level1: {
+        level2: {
+          content: '<script>evil()</script>'
+        }
+      }
+    };
+    const result = guard.sanitizeObject(input);
+    expect(result.level1.level2.content).toBe('');
+  });
+  test('sanitizes arrays inside objects', () => {
+    const input = {
+      tags: ['safe', '<img src=x onerror=alert(1)>']
+    };
+    const result = guard.sanitizeObject(input);
+    expect(result.tags[0]).toBe('safe');
+    expect(result.tags[1]).toBe('');
+  });
+  test('preserves clean strings in array', () => {
+    const input = {
+      tags: ['tag1', 'tag2', 'tag3']
+    };
+    const result = guard.sanitizeObject(input);
+    expect(result.tags).toEqual(['tag1', 'tag2', 'tag3']);
+  });
+  test('sanitizes SVG-based XSS', () => {
+    const input = { x: '<svg/onload=alert(1)>' };
+    const result = guard.sanitizeObject(input);
+    expect(result.x).toBe(''); // removes onload attribute
+  });
+  test('sanitizes strings and ignores non-string values', () => {
+    const input = {
+      num: 123,
+      bool: true,
+      nullValue: null,
+      undef: undefined,
+      notReplace: 'a < b'
+    };
+    const result = guard.sanitizeObject(input);
+    expect(result.num).toBe(123);
+    expect(result.bool).toBe(true);
+    expect(result.nullValue).toBeNull();
+    expect(result.undef).toBeUndefined();
+    expect(result.notReplace).toBe('a &lt; b');
+  });
+  test('sanitizes XSS in deep mixed structures', () => {
+    const input = {
+      items: [
+        { safe: 'ok' },
+        { unsafe: '<iframe src="javascript:alert(1)">' }
+      ]
+    };
+    const result = guard.sanitizeObject(input);
+    expect(result.items[1].unsafe).toBe('');
+  });
+  test('sanitizes <a> with javascript href', () => {
+    const input = { link: '<a href="javascript:alert(1)">click</a>' };
+    const result = guard.sanitizeObject(input);
+    expect(result.link).toBe('click');
+  });
+  test('removes unexpected <object> tag', () => {
+    const input = { embed: '<object data="evil.swf"></object>' };
+    const result = guard.sanitizeObject(input);
+    expect(result.embed).toBe('');
+  });
+  test('removes unexpected <iframe> tag', () => {
+    const input = { iframe: '<iframe src="http://malicious.com"></iframe>' };
+    const result = guard.sanitizeObject(input);
+    expect(result.iframe).toBe('');
+  });
+  test('removes style attribute with expression()', () => {
+    const input = { style: '<div style="width:expression(alert(1))">' };
+    const result = guard.sanitizeObject(input);
+    expect(result.style).toBe('');
+  });
+  test('encodes < in string', () => {
+    const input = { text: 'a < b' };
+    const result = guard.sanitizeObject(input);
+    expect(result.text).toBe('a &lt; b');
+  });
+  test('allows > in string without encoding', () => {
+    const input = { text: 'a > b' };
+    const result = guard.sanitizeObject(input);
+    expect(result.text).toBe('a > b'); // dompurify leaves this unchanged
+  });
+  test('allows & in string without encoding', () => {
+    const input = { text: 'Tom & Jerry' };
+    const result = guard.sanitizeObject(input);
+    expect(result.text).toBe('Tom & Jerry'); // & is preserved if not HTML
+  });
+  test('allows " in string without encoding', () => {
+    const input = { text: 'She said "hello"' };
+    const result = guard.sanitizeObject(input);
+    expect(result.text).toBe('She said "hello"'); // not encoded
+  });
+  test('allows \' in string without encoding', () => {
+    const input = { text: "It's fine" };
+    const result = guard.sanitizeObject(input);
+    expect(result.text).toBe("It's fine"); // not encoded
+  });
+  test('encodes only special HTML characters like < when needed', () => {
+    const input = { text: 'if (a < b && b > c) { console.log("yes"); }' };
+    const result = guard.sanitizeObject(input);
+    expect(result.text).toBe('if (a &lt; b &amp;&amp; b &gt; c) { console.log("yes"); }');
+  });
+  test('sanitizes special chars inside deeply nested object', () => {
+    const input = {
+      user: {
+        profile: {
+          bio: `I'm <strong>bold</strong> & smart`
+        }
+      }
+    };
+    const result = guard.sanitizeObject(input);
+    expect(result.user.profile.bio).toBe("I'm bold &amp; smart"); // <strong> removed
+  });
+  test('sanitizes array of special char strings', () => {
+    const input = {
+      messages: ['Hello & welcome', 'a < b', 'Use "quotes"', "It's fine"]
+    };
+    const result = guard.sanitizeObject(input);
+    expect(result.messages).toEqual([
+      'Hello & welcome',
+      'a &lt; b',
+      'Use "quotes"',
+      "It's fine"
+    ]);
+  });
+  // test('sanitizes XML Tags', () => {
+  //   const input = {
+  //     messages: [
+  //       '<xml xmlns="https://developers.google.com/blockly/xml"><block type="main_return" id="main-return-block" deletable="false" x="30" y="30"><value name="script"><block type="context_variable" id="[p{VL@_oCmCmgd,dZUh)"><field name="VARIABLENAME">Identifier</field></block></value></block></xml>',
+  //       '&lt;xml xmlns=&quot;https://developers.google.com/blockly/xml&quot;&gt;&lt;block type=&quot;main_return&quot; id=&quot;main-return-block&quot; deletable=&quot;false&quot; x=&quot;30&quot; y=&quot;30&quot;&gt;&lt;value name=&quot;script&quot;&gt;&lt;block type=&quot;context_variable&quot; id=&quot;[p{VL@_oCmCmgd,dZUh)&quot;&gt;&lt;field name=&quot;VARIABLENAME&quot;&gt;Identifier&lt;/field&gt;&lt;/block&gt;&lt;/value&gt;&lt;/block&gt;&lt;/xml&gt;']
+  //   };
+  //   const result = guard.sanitizeObject(input);
+  //   expect(result.messages).toEqual([
+  //     'Identifier',
+  //     '&lt;xml xmlns=&quot;https://developers.google.com/blockly/xml&quot;&gt;&lt;block type=&quot;main_return&quot; id=&quot;main-return-block&quot; deletable=&quot;false&quot; x=&quot;30&quot; y=&quot;30&quot;&gt;&lt;value name=&quot;script&quot;&gt;&lt;block type=&quot;context_variable&quot; id=&quot;[p{VL@_oCmCmgd,dZUh)&quot;&gt;&lt;field name=&quot;VARIABLENAME&quot;&gt;Identifier&lt;/field&gt;&lt;/block&gt;&lt;/value&gt;&lt;/block&gt;&lt;/xml&gt;'
+  //   ]);
+  // });
+});