@bquery/bquery 1.3.0 → 1.5.0

package/src/reactive/signal.ts

@@ -1,20 +1,29 @@
-/**
- * Reactive primitives inspired by fine-grained reactivity.
- *
- * @module bquery/reactive
- */
-
-export { batch } from './batch';
-export { Computed, computed } from './computed';
-export { Signal, signal } from './core';
-export { effect } from './effect';
-export { linkedSignal } from './linked';
-export { persistedSignal } from './persisted';
-export { readonly } from './readonly';
-export { isComputed, isSignal } from './type-guards';
-export { untrack } from './untrack';
-export { watch } from './watch';
-
-export type { CleanupFn, Observer } from './internals';
-export type { LinkedSignal } from './linked';
-export type { ReadonlySignal } from './readonly';
+/**
+ * Reactive primitives inspired by fine-grained reactivity.
+ *
+ * @module bquery/reactive
+ */
+
+export { batch } from './batch';
+export { createUseFetch, useAsyncData, useFetch } from './async-data';
+export { Computed, computed } from './computed';
+export { Signal, signal } from './core';
+export { effect } from './effect';
+export { linkedSignal } from './linked';
+export { persistedSignal } from './persisted';
+export { readonly } from './readonly';
+export { isComputed, isSignal } from './type-guards';
+export { untrack } from './untrack';
+export { watch } from './watch';
+
+export type { CleanupFn, Observer } from './internals';
+export type {
+  AsyncDataState,
+  AsyncDataStatus,
+  AsyncWatchSource,
+  FetchInput,
+  UseAsyncDataOptions,
+  UseFetchOptions,
+} from './async-data';
+export type { LinkedSignal } from './linked';
+export type { ReadonlySignal } from './readonly';

package/src/security/constants.ts

@@ -1,209 +1,211 @@
-/**
- * Security constants and safe lists.
- *
- * @module bquery/security
- */
-
-/**
- * Trusted Types policy name.
- */
-export const POLICY_NAME = 'bquery-sanitizer';
-
-/**
- * Default allowed HTML tags considered safe.
- */
-export const DEFAULT_ALLOWED_TAGS = new Set([
-  'a',
-  'abbr',
-  'address',
-  'article',
-  'aside',
-  'b',
-  'bdi',
-  'bdo',
-  'blockquote',
-  'br',
-  'button',
-  'caption',
-  'cite',
-  'code',
-  'col',
-  'colgroup',
-  'data',
-  'dd',
-  'del',
-  'details',
-  'dfn',
-  'div',
-  'dl',
-  'dt',
-  'em',
-  'figcaption',
-  'figure',
-  'footer',
-  'form',
-  'h1',
-  'h2',
-  'h3',
-  'h4',
-  'h5',
-  'h6',
-  'header',
-  'hgroup',
-  'hr',
-  'i',
-  'img',
-  'input',
-  'ins',
-  'kbd',
-  'label',
-  'legend',
-  'li',
-  'main',
-  'mark',
-  'nav',
-  'ol',
-  'optgroup',
-  'option',
-  'p',
-  'picture',
-  'pre',
-  'progress',
-  'q',
-  'rp',
-  'rt',
-  'ruby',
-  's',
-  'samp',
-  'section',
-  'select',
-  'small',
-  'source',
-  'span',
-  'strong',
-  'sub',
-  'summary',
-  'sup',
-  'table',
-  'tbody',
-  'td',
-  'textarea',
-  'tfoot',
-  'th',
-  'thead',
-  'time',
-  'tr',
-  'u',
-  'ul',
-  'var',
-  'wbr',
-]);
-
-/**
- * Explicitly dangerous tags that should never be allowed.
- * These are checked even if somehow added to allowTags.
- */
-export const DANGEROUS_TAGS = new Set([
-  'script',
-  'iframe',
-  'frame',
-  'frameset',
-  'object',
-  'embed',
-  'applet',
-  'link',
-  'meta',
-  'style',
-  'base',
-  'template',
-  'slot',
-  'math',
-  'svg',
-  'foreignobject',
-  'noscript',
-]);
-
-/**
- * Reserved IDs that could cause DOM clobbering attacks.
- * These are prevented to avoid overwriting global browser objects.
- */
-export const RESERVED_IDS = new Set([
-  // Global objects
-  'document',
-  'window',
-  'location',
-  'top',
-  'self',
-  'parent',
-  'frames',
-  'history',
-  'navigator',
-  'screen',
-  // Dangerous functions
-  'alert',
-  'confirm',
-  'prompt',
-  'eval',
-  'function',
-  // Document properties
-  'cookie',
-  'domain',
-  'referrer',
-  'body',
-  'head',
-  'forms',
-  'images',
-  'links',
-  'scripts',
-  // DOM traversal properties
-  'children',
-  'parentnode',
-  'firstchild',
-  'lastchild',
-  // Content manipulation
-  'innerhtml',
-  'outerhtml',
-  'textcontent',
-]);
-
-/**
- * Default allowed attributes considered safe.
- * Note: 'style' is excluded by default because inline CSS can be abused for:
- * - UI redressing attacks
- * - Data exfiltration via url() in CSS
- * - CSS injection vectors
- * If you need to allow inline styles, add 'style' to allowAttributes in your
- * sanitizeHtml options, but ensure you implement proper CSS value validation.
- */
-export const DEFAULT_ALLOWED_ATTRIBUTES = new Set([
-  'alt',
-  'class',
-  'dir',
-  'height',
-  'hidden',
-  'href',
-  'id',
-  'lang',
-  'loading',
-  'name',
-  'rel',
-  'role',
-  'src',
-  'srcset',
-  'tabindex',
-  'target',
-  'title',
-  'type',
-  'width',
-  'aria-*',
-]);
-
-/**
- * Dangerous attribute prefixes to always remove.
- */
-export const DANGEROUS_ATTR_PREFIXES = ['on', 'formaction', 'xlink:', 'xmlns:'];
-
-/**
- * Dangerous URL protocols to block.
- */
-export const DANGEROUS_PROTOCOLS = ['javascript:', 'data:', 'vbscript:', 'file:'];
+/**
+ * Security constants and safe lists.
+ *
+ * @module bquery/security
+ */
+
+/**
+ * Trusted Types policy name.
+ */
+export const POLICY_NAME = 'bquery-sanitizer';
+
+/**
+ * Default allowed HTML tags considered safe.
+ */
+export const DEFAULT_ALLOWED_TAGS = new Set([
+  'a',
+  'abbr',
+  'address',
+  'article',
+  'aside',
+  'b',
+  'bdi',
+  'bdo',
+  'blockquote',
+  'br',
+  'button',
+  'caption',
+  'cite',
+  'code',
+  'col',
+  'colgroup',
+  'data',
+  'dd',
+  'del',
+  'details',
+  'dfn',
+  'div',
+  'dl',
+  'dt',
+  'em',
+  'figcaption',
+  'figure',
+  'footer',
+  'form',
+  'h1',
+  'h2',
+  'h3',
+  'h4',
+  'h5',
+  'h6',
+  'header',
+  'hgroup',
+  'hr',
+  'i',
+  'img',
+  'input',
+  'ins',
+  'kbd',
+  'label',
+  'legend',
+  'li',
+  'main',
+  'mark',
+  'nav',
+  'ol',
+  'optgroup',
+  'option',
+  'p',
+  'picture',
+  'pre',
+  'progress',
+  'q',
+  'rp',
+  'rt',
+  'ruby',
+  's',
+  'samp',
+  'section',
+  'select',
+  'small',
+  'source',
+  'span',
+  'strong',
+  'sub',
+  'summary',
+  'sup',
+  'table',
+  'tbody',
+  'td',
+  'textarea',
+  'tfoot',
+  'th',
+  'thead',
+  'time',
+  'tr',
+  'u',
+  'ul',
+  'var',
+  'wbr',
+]);
+
+/**
+ * Explicitly dangerous tags that should never be allowed.
+ * These are checked even if somehow added to allowTags.
+ */
+export const DANGEROUS_TAGS = new Set([
+  'script',
+  'iframe',
+  'frame',
+  'frameset',
+  'object',
+  'embed',
+  'applet',
+  'link',
+  'meta',
+  'style',
+  'base',
+  'template',
+  // 'slot' is intentionally excluded here so component shadow markup can opt in
+  // via sanitizeHtml(..., { allowTags: ['slot'] }). It remains disallowed by default
+  // for general HTML writes, because DEFAULT_ALLOWED_TAGS does not include it.
+  'math',
+  'svg',
+  'foreignobject',
+  'noscript',
+]);
+
+/**
+ * Reserved IDs that could cause DOM clobbering attacks.
+ * These are prevented to avoid overwriting global browser objects.
+ */
+export const RESERVED_IDS = new Set([
+  // Global objects
+  'document',
+  'window',
+  'location',
+  'top',
+  'self',
+  'parent',
+  'frames',
+  'history',
+  'navigator',
+  'screen',
+  // Dangerous functions
+  'alert',
+  'confirm',
+  'prompt',
+  'eval',
+  'function',
+  // Document properties
+  'cookie',
+  'domain',
+  'referrer',
+  'body',
+  'head',
+  'forms',
+  'images',
+  'links',
+  'scripts',
+  // DOM traversal properties
+  'children',
+  'parentnode',
+  'firstchild',
+  'lastchild',
+  // Content manipulation
+  'innerhtml',
+  'outerhtml',
+  'textcontent',
+]);
+
+/**
+ * Default allowed attributes considered safe.
+ * Note: 'style' is excluded by default because inline CSS can be abused for:
+ * - UI redressing attacks
+ * - Data exfiltration via url() in CSS
+ * - CSS injection vectors
+ * If you need to allow inline styles, add 'style' to allowAttributes in your
+ * sanitizeHtml options, but ensure you implement proper CSS value validation.
+ */
+export const DEFAULT_ALLOWED_ATTRIBUTES = new Set([
+  'alt',
+  'class',
+  'dir',
+  'height',
+  'hidden',
+  'href',
+  'id',
+  'lang',
+  'loading',
+  'name',
+  'rel',
+  'role',
+  'src',
+  'srcset',
+  'tabindex',
+  'target',
+  'title',
+  'type',
+  'width',
+  'aria-*',
+]);
+
+/**
+ * Dangerous attribute prefixes to always remove.
+ */
+export const DANGEROUS_ATTR_PREFIXES = ['on', 'formaction', 'xlink:', 'xmlns:'];
+
+/**
+ * Dangerous URL protocols to block.
+ */
+export const DANGEROUS_PROTOCOLS = ['javascript:', 'data:', 'vbscript:', 'file:'];

package/src/security/sanitize-core.ts

@@ -80,6 +80,21 @@ const isSafeUrl = (value: string): boolean => {
   return true;
 };
 
+/**
+ * Check if a srcset attribute value is safe.
+ * srcset contains comma-separated entries of "url [descriptor]".
+ * Each individual URL must be validated.
+ * @internal
+ */
+const isSafeSrcset = (value: string): boolean => {
+  const entries = value.split(',');
+  for (const entry of entries) {
+    const url = entry.trim().split(/\s+/)[0];
+    if (url && !isSafeUrl(url)) return false;
+  }
+  return true;
+};
+
 /**
  * Check if a URL is external (different origin).
  * @internal
@@ -275,10 +290,16 @@ export const sanitizeHtmlCore = (html: string, options: SanitizeOptions = {}): s
 
       // Validate URL attributes
       if (
-        (attrName === 'href' || attrName === 'src' || attrName === 'srcset') &&
+        (attrName === 'href' || attrName === 'src' || attrName === 'action') &&
         !isSafeUrl(attr.value)
       ) {
         attrsToRemove.push(attr.name);
+        continue;
+      }
+
+      // Validate srcset URLs individually
+      if (attrName === 'srcset' && !isSafeSrcset(attr.value)) {
+        attrsToRemove.push(attr.name);
       }
     }
 

package/src/view/evaluate.ts

@@ -188,14 +188,23 @@ export const parseObjectExpression = (expression: string): Record<string, string
 
   for (let i = 0; i < inner.length; i++) {
     const char = inner[i];
-    const prevChar = i > 0 ? inner[i - 1] : '';
 
-    // Handle string literals (including escape sequences)
-    if ((char === '"' || char === "'" || char === '`') && prevChar !== '\\') {
-      if (inString === null) {
-        inString = char;
-      } else if (inString === char) {
-        inString = null;
+    // Handle string literals: count consecutive backslashes before a quote
+    // to correctly distinguish escaped quotes from end-of-string
+    if (char === '"' || char === "'" || char === '`') {
+      let backslashCount = 0;
+      let j = i - 1;
+      while (j >= 0 && inner[j] === '\\') {
+        backslashCount++;
+        j--;
+      }
+      // Quote is escaped only if preceded by an odd number of backslashes
+      if (backslashCount % 2 === 0) {
+        if (inString === null) {
+          inString = char;
+        } else if (inString === char) {
+          inString = null;
+        }
       }
       current += char;
       continue;
@@ -237,13 +246,20 @@ export const parseObjectExpression = (expression: string): Record<string, string
 
     for (let i = 0; i < part.length; i++) {
       const char = part[i];
-      const prevChar = i > 0 ? part[i - 1] : '';
 
-      if ((char === '"' || char === "'" || char === '`') && prevChar !== '\\') {
-        if (partInString === null) {
-          partInString = char;
-        } else if (partInString === char) {
-          partInString = null;
+      if (char === '"' || char === "'" || char === '`') {
+        let backslashCount = 0;
+        let j = i - 1;
+        while (j >= 0 && part[j] === '\\') {
+          backslashCount++;
+          j--;
+        }
+        if (backslashCount % 2 === 0) {
+          if (partInString === null) {
+            partInString = char;
+          } else if (partInString === char) {
+            partInString = null;
+          }
         }
         continue;
       }

package/dist/batch-4LAvfLE7.js

@@ -1,13 +0,0 @@
-import { e as t, b } from "./core-COenAZjD.js";
-const e = (a) => {
-  b();
-  try {
-    a();
-  } finally {
-    t();
-  }
-};
-export {
-  e as b
-};
-//# sourceMappingURL=batch-4LAvfLE7.js.map

package/dist/batch-4LAvfLE7.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"batch-4LAvfLE7.js","sources":["../src/reactive/batch.ts"],"sourcesContent":["/**\n * Batched reactive updates.\n */\n\nimport { beginBatch, endBatch } from './internals';\n\n/**\n * Batches multiple signal updates into a single notification cycle.\n *\n * Updates made inside the batch function are deferred until the batch\n * completes, preventing intermediate re-renders and improving performance.\n *\n * @param fn - Function containing multiple signal updates\n */\nexport const batch = (fn: () => void): void => {\n  beginBatch();\n  try {\n    fn();\n  } finally {\n    endBatch();\n  }\n};\n"],"names":["batch","fn","beginBatch","endBatch"],"mappings":";AAcO,MAAMA,IAAQ,CAACC,MAAyB;AAC7C,EAAAC,EAAA;AACA,MAAI;AACF,IAAAD,EAAA;AAAA,EACF,UAAA;AACE,IAAAE,EAAA;AAAA,EACF;AACF;"}

package/dist/component.es.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"component.es.mjs","sources":["../src/component/props.ts","../src/component/component.ts","../src/component/html.ts"],"sourcesContent":["/**\n * Prop coercion utilities.\n *\n * @module bquery/component\n */\n\nimport type { PropDefinition } from './types';\n\n/**\n * Coerces a string attribute value into a typed prop value.\n * Supports String, Number, Boolean, Object, Array, and custom converters.\n *\n * @internal\n * @template T - The target type\n * @param rawValue - The raw string value from the attribute\n * @param config - The prop definition with type information\n * @returns The coerced value of type T\n */\nexport const coercePropValue = <T>(rawValue: string, config: PropDefinition<T>): T => {\n  const { type } = config;\n\n  if (type === String) return rawValue as T;\n\n  if (type === Number) {\n    return Number(rawValue) as T;\n  }\n\n  if (type === Boolean) {\n    const normalized = rawValue.trim().toLowerCase();\n    if (normalized === '' || normalized === 'true' || normalized === '1') {\n      return true as T;\n    }\n    if (normalized === 'false' || normalized === '0') {\n      return false as T;\n    }\n    return Boolean(rawValue) as T;\n  }\n\n  if (type === Object || type === Array) {\n    try {\n      return JSON.parse(rawValue) as T;\n    } catch {\n      return rawValue as T;\n    }\n  }\n\n  if (typeof type === 'function') {\n    const callable = type as (value: unknown) => T;\n    const constructable = type as new (value: unknown) => T;\n\n    // Explicit construct mode takes precedence\n    if (config.construct === true) {\n      return Reflect.construct(constructable, [rawValue]) as T;\n    }\n    if (config.construct === false) {\n      return callable(rawValue);\n    }\n\n    // Auto-detect: Check if type is constructable\n    // A function is considered constructable if:\n    // 1. It has a prototype with properties beyond just constructor, OR\n    // 2. Its prototype.constructor is not itself (inherited), OR\n    // 3. It's a class (toString starts with \"class\")\n    const hasPrototype = type.prototype !== undefined && type.prototype !== null;\n    const prototypeProps = hasPrototype ? Object.getOwnPropertyNames(type.prototype) : [];\n    const hasPrototypeMethods = prototypeProps.length > 1;\n    const hasInheritedConstructor = hasPrototype && type.prototype.constructor !== type;\n    const isClassSyntax = /^class\\s/.test(Function.prototype.toString.call(type));\n\n    const isConstructable = hasPrototypeMethods || hasInheritedConstructor || isClassSyntax;\n\n    // For constructable types (e.g. Date, custom classes), prefer `new` to avoid\n    // silent wrong-type returns (Date() returns string, new Date() returns Date)\n    if (isConstructable) {\n      try {\n        return Reflect.construct(constructable, [rawValue]) as T;\n      } catch {\n        // Fall back to calling as function if construction fails\n        return callable(rawValue);\n      }\n    }\n\n    // For non-constructable types (arrow functions, plain functions), call directly\n    // but fall back to constructor if result is undefined (common for function constructors)\n    try {\n      const result = callable(rawValue);\n\n      // If calling without `new` returned undefined and the function has a prototype,\n      // it's likely a function constructor that should be called with `new`\n      if (result === undefined && hasPrototype) {\n        try {\n          return Reflect.construct(constructable, [rawValue]) as T;\n        } catch {\n          // Construction also failed, return the undefined\n          return result as T;\n        }\n      }\n\n      return result as T;\n    } catch (error) {\n      // Fall back to constructor if error indicates 'new' is required\n      const isNewRequired =\n        error instanceof TypeError &&\n        /cannot be invoked without 'new'|is not a function/i.test(error.message);\n\n      if (isNewRequired) {\n        return Reflect.construct(constructable, [rawValue]) as T;\n      }\n\n      // Rethrow original error for non-constructable converters\n      throw error;\n    }\n  }\n\n  return rawValue as T;\n};\n","/**\n * Web Component factory and registry.\n *\n * @module bquery/component\n */\n\nimport { sanitizeHtml } from '../security/sanitize';\nimport { coercePropValue } from './props';\nimport type { ComponentDefinition, PropDefinition } from './types';\n\n/**\n * Creates a custom element class for a component definition.\n *\n * This is useful when you want to extend or register the class manually\n * (e.g. with different tag names in tests or custom registries).\n *\n * @template TProps - Type of the component's props\n * @param tagName - The custom element tag name (used for diagnostics)\n * @param definition - The component configuration\n */\nexport const defineComponent = <TProps extends Record<string, unknown>>(\n  tagName: string,\n  definition: ComponentDefinition<TProps>\n): typeof HTMLElement => {\n  class BQueryComponent extends HTMLElement {\n    /** Internal state object for the component */\n    private readonly state = { ...(definition.state ?? {}) };\n    /** Typed props object populated from attributes */\n    private props = {} as TProps;\n    /** Tracks missing required props for validation during connectedCallback */\n    private missingRequiredProps = new Set<string>();\n    /** Tracks whether the component has completed its initial mount */\n    private hasMounted = false;\n\n    constructor() {\n      super();\n      this.attachShadow({ mode: 'open' });\n      this.syncProps();\n    }\n\n    /**\n     * Returns the list of attributes to observe for changes.\n     */\n    static get observedAttributes(): string[] {\n      return Object.keys(definition.props ?? {});\n    }\n\n    /**\n     * Called when the element is added to the DOM.\n     */\n    connectedCallback(): void {\n      try {\n        // Defer initial render until all required props are present\n        // This allows attributes to be set after element creation\n        if (this.missingRequiredProps.size > 0) {\n          // Component will mount once all required props are satisfied\n          // via attributeChangedCallback\n          return;\n        }\n        this.mount();\n      } catch (error) {\n        this.handleError(error as Error);\n      }\n    }\n\n    /**\n     * Performs the initial mount of the component.\n     * Called when the element is connected and all required props are present.\n     * @internal\n     */\n    private mount(): void {\n      if (this.hasMounted) return;\n      definition.beforeMount?.call(this);\n      definition.connected?.call(this);\n      this.render();\n      this.hasMounted = true;\n    }\n\n    /**\n     * Called when the element is removed from the DOM.\n     */\n    disconnectedCallback(): void {\n      try {\n        definition.disconnected?.call(this);\n      } catch (error) {\n        this.handleError(error as Error);\n      }\n    }\n\n    /**\n     * Called when an observed attribute changes.\n     */\n    attributeChangedCallback(\n      _name: string,\n      _oldValue: string | null,\n      _newValue: string | null\n    ): void {\n      try {\n        this.syncProps();\n\n        if (this.hasMounted) {\n          // Component already mounted - trigger update render\n          this.render(true);\n        } else if (this.isConnected && this.missingRequiredProps.size === 0) {\n          // All required props are now satisfied and element is connected\n          // Trigger the deferred initial mount\n          this.mount();\n        }\n      } catch (error) {\n        this.handleError(error as Error);\n      }\n    }\n\n    /**\n     * Handles errors during component lifecycle.\n     * @internal\n     */\n    private handleError(error: Error): void {\n      if (definition.onError) {\n        definition.onError.call(this, error);\n      } else {\n        console.error(`bQuery component error in <${tagName}>:`, error);\n      }\n    }\n\n    /**\n     * Updates a state property and triggers a re-render.\n     *\n     * @param key - The state property key\n     * @param value - The new value\n     */\n    setState(key: string, value: unknown): void {\n      this.state[key] = value;\n      this.render(true);\n    }\n\n    /**\n     * Gets a state property value.\n     *\n     * @param key - The state property key\n     * @returns The current value\n     */\n    getState<T = unknown>(key: string): T {\n      return this.state[key] as T;\n    }\n\n    /**\n     * Synchronizes props from attributes.\n     * @internal\n     */\n    private syncProps(): void {\n      const props = definition.props ?? {};\n      for (const [key, config] of Object.entries(props) as [string, PropDefinition][]) {\n        const attrValue = this.getAttribute(key);\n        let value: unknown;\n\n        if (attrValue == null) {\n          if (config.required && config.default === undefined) {\n            // Mark as missing instead of throwing - validate during connectedCallback\n            this.missingRequiredProps.add(key);\n            value = undefined;\n          } else {\n            value = config.default ?? undefined;\n          }\n        } else {\n          // Attribute is present, remove from missing set if it was there\n          if (this.missingRequiredProps.has(key)) {\n            this.missingRequiredProps.delete(key);\n          }\n          value = coercePropValue(attrValue, config);\n        }\n\n        if (config.validator && value !== undefined) {\n          const isValid = config.validator(value);\n          if (!isValid) {\n            throw new Error(\n              `bQuery component: validation failed for prop \"${key}\" with value ${JSON.stringify(value)}`\n            );\n          }\n        }\n\n        (this.props as Record<string, unknown>)[key] = value;\n      }\n    }\n\n    /**\n     * Renders the component to its shadow root.\n     * @internal\n     */\n    private render(triggerUpdated = false): void {\n      try {\n        if (triggerUpdated && definition.beforeUpdate) {\n          const shouldUpdate = definition.beforeUpdate.call(this, this.props);\n          if (shouldUpdate === false) return;\n        }\n\n        const emit = (event: string, detail?: unknown): void => {\n          this.dispatchEvent(new CustomEvent(event, { detail, bubbles: true, composed: true }));\n        };\n\n        if (!this.shadowRoot) return;\n\n        const markup = definition.render({\n          props: this.props,\n          state: this.state,\n          emit,\n        });\n\n        const sanitizedMarkup = sanitizeHtml(markup);\n        this.shadowRoot.innerHTML = sanitizedMarkup;\n\n        if (definition.styles) {\n          const styleElement = document.createElement('style');\n          styleElement.textContent = definition.styles;\n          this.shadowRoot.prepend(styleElement);\n        }\n\n        if (triggerUpdated) {\n          definition.updated?.call(this);\n        }\n      } catch (error) {\n        this.handleError(error as Error);\n      }\n    }\n  }\n\n  return BQueryComponent;\n};\n\n/**\n * Defines and registers a custom Web Component.\n *\n * This function creates a new custom element with the given tag name\n * and configuration. The component uses Shadow DOM for encapsulation\n * and automatically re-renders when observed attributes change.\n *\n * @template TProps - Type of the component's props\n * @param tagName - The custom element tag name (must contain a hyphen)\n * @param definition - The component configuration\n *\n * @example\n * ```ts\n * component('counter-button', {\n *   props: {\n *     start: { type: Number, default: 0 },\n *   },\n *   state: { count: 0 },\n *   styles: `\n *     button { padding: 0.5rem 1rem; }\n *   `,\n *   connected() {\n *     // Use event delegation on shadow root so handler survives re-renders\n *     const handleClick = (event: Event) => {\n *       const target = event.target as HTMLElement | null;\n *       if (target?.matches('button')) {\n *         this.setState('count', (this.getState('count') as number) + 1);\n *       }\n *     };\n *     this.shadowRoot?.addEventListener('click', handleClick);\n *     // Store handler for cleanup\n *     (this as any)._handleClick = handleClick;\n *   },\n *   disconnected() {\n *     // Clean up event listener to prevent memory leaks\n *     const handleClick = (this as any)._handleClick;\n *     if (handleClick) {\n *       this.shadowRoot?.removeEventListener('click', handleClick);\n *     }\n *   },\n *   render({ props, state }) {\n *     return html`\n *       <button>\n *         Count: ${state.count}\n *       </button>\n *     `;\n *   },\n * });\n * ```\n */\nexport const component = <TProps extends Record<string, unknown>>(\n  tagName: string,\n  definition: ComponentDefinition<TProps>\n): void => {\n  const elementClass = defineComponent(tagName, definition);\n\n  if (!customElements.get(tagName)) {\n    customElements.define(tagName, elementClass);\n  }\n};\n","/**\n * Tagged template literal for creating HTML strings.\n *\n * This function handles interpolation of values into HTML templates,\n * converting null/undefined to empty strings.\n *\n * @param strings - Template literal string parts\n * @param values - Interpolated values\n * @returns Combined HTML string\n *\n * @example\n * ```ts\n * const name = 'World';\n * const greeting = html`<h1>Hello, ${name}!</h1>`;\n * // Result: '<h1>Hello, World!</h1>'\n * ```\n */\nexport const html = (strings: TemplateStringsArray, ...values: unknown[]): string => {\n  return strings.reduce((acc, part, index) => `${acc}${part}${values[index] ?? ''}`, '');\n};\n\n/**\n * Escapes HTML entities in interpolated values for XSS prevention.\n * Use this when you need to safely embed user content in templates.\n *\n * @param strings - Template literal string parts\n * @param values - Interpolated values to escape\n * @returns Combined HTML string with escaped values\n *\n * @example\n * ```ts\n * const userInput = '<script>alert(\"xss\")</script>';\n * const safe = safeHtml`<div>${userInput}</div>`;\n * // Result: '<div>&lt;script&gt;alert(\"xss\")&lt;/script&gt;</div>'\n * ```\n */\nexport const safeHtml = (strings: TemplateStringsArray, ...values: unknown[]): string => {\n  const escapeMap: Record<string, string> = {\n    '&': '&amp;',\n    '<': '&lt;',\n    '>': '&gt;',\n    '\"': '&quot;',\n    \"'\": '&#x27;',\n    '`': '&#x60;',\n  };\n\n  const escape = (value: unknown): string => {\n    const str = String(value ?? '');\n    return str.replace(/[&<>\"'`]/g, (char) => escapeMap[char]);\n  };\n\n  return strings.reduce((acc, part, index) => `${acc}${part}${escape(values[index])}`, '');\n};\n"],"names":["coercePropValue","rawValue","config","type","normalized","callable","constructable","hasPrototype","hasPrototypeMethods","hasInheritedConstructor","isClassSyntax","result","error","defineComponent","tagName","definition","BQueryComponent","_name","_oldValue","_newValue","key","value","props","attrValue","triggerUpdated","emit","event","detail","markup","sanitizedMarkup","sanitizeHtml","styleElement","component","elementClass","html","strings","values","acc","part","index","safeHtml","escapeMap","escape","char"],"mappings":";AAkBO,MAAMA,IAAkB,CAAIC,GAAkBC,MAAiC;AACpF,QAAM,EAAE,MAAAC,MAASD;AAEjB,MAAIC,MAAS,OAAQ,QAAOF;AAE5B,MAAIE,MAAS;AACX,WAAO,OAAOF,CAAQ;AAGxB,MAAIE,MAAS,SAAS;AACpB,UAAMC,IAAaH,EAAS,KAAA,EAAO,YAAA;AACnC,WAAIG,MAAe,MAAMA,MAAe,UAAUA,MAAe,MACxD,KAELA,MAAe,WAAWA,MAAe,MACpC,KAEF,EAAQH;AAAA,EACjB;AAEA,MAAIE,MAAS,UAAUA,MAAS;AAC9B,QAAI;AACF,aAAO,KAAK,MAAMF,CAAQ;AAAA,IAC5B,QAAQ;AACN,aAAOA;AAAA,IACT;AAGF,MAAI,OAAOE,KAAS,YAAY;AAC9B,UAAME,IAAWF,GACXG,IAAgBH;AAGtB,QAAID,EAAO,cAAc;AACvB,aAAO,QAAQ,UAAUI,GAAe,CAACL,CAAQ,CAAC;AAEpD,QAAIC,EAAO,cAAc;AACvB,aAAOG,EAASJ,CAAQ;AAQ1B,UAAMM,IAAeJ,EAAK,cAAc,UAAaA,EAAK,cAAc,MAElEK,KADiBD,IAAe,OAAO,oBAAoBJ,EAAK,SAAS,IAAI,CAAA,GACxC,SAAS,GAC9CM,IAA0BF,KAAgBJ,EAAK,UAAU,gBAAgBA,GACzEO,IAAgB,WAAW,KAAK,SAAS,UAAU,SAAS,KAAKP,CAAI,CAAC;AAM5E,QAJwBK,KAAuBC,KAA2BC;AAKxE,UAAI;AACF,eAAO,QAAQ,UAAUJ,GAAe,CAACL,CAAQ,CAAC;AAAA,MACpD,QAAQ;AAEN,eAAOI,EAASJ,CAAQ;AAAA,MAC1B;AAKF,QAAI;AACF,YAAMU,IAASN,EAASJ,CAAQ;AAIhC,UAAIU,MAAW,UAAaJ;AAC1B,YAAI;AACF,iBAAO,QAAQ,UAAUD,GAAe,CAACL,CAAQ,CAAC;AAAA,QACpD,QAAQ;AAEN,iBAAOU;AAAA,QACT;AAGF,aAAOA;AAAA,IACT,SAASC,GAAO;AAMd,UAHEA,aAAiB,aACjB,qDAAqD,KAAKA,EAAM,OAAO;AAGvE,eAAO,QAAQ,UAAUN,GAAe,CAACL,CAAQ,CAAC;AAIpD,YAAMW;AAAA,IACR;AAAA,EACF;AAEA,SAAOX;AACT,GC/FaY,IAAkB,CAC7BC,GACAC,MACuB;AAAA,EACvB,MAAMC,UAAwB,YAAY;AAAA,IAUxC,cAAc;AACZ,YAAA,GATF,KAAiB,QAAQ,EAAE,GAAID,EAAW,SAAS,CAAA,EAAC,GAEpD,KAAQ,QAAQ,CAAA,GAEhB,KAAQ,2CAA2B,IAAA,GAEnC,KAAQ,aAAa,IAInB,KAAK,aAAa,EAAE,MAAM,OAAA,CAAQ,GAClC,KAAK,UAAA;AAAA,IACP;AAAA;AAAA;AAAA;AAAA,IAKA,WAAW,qBAA+B;AACxC,aAAO,OAAO,KAAKA,EAAW,SAAS,CAAA,CAAE;AAAA,IAC3C;AAAA;AAAA;AAAA;AAAA,IAKA,oBAA0B;AACxB,UAAI;AAGF,YAAI,KAAK,qBAAqB,OAAO;AAGnC;AAEF,aAAK,MAAA;AAAA,MACP,SAASH,GAAO;AACd,aAAK,YAAYA,CAAc;AAAA,MACjC;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOQ,QAAc;AACpB,MAAI,KAAK,eACTG,EAAW,aAAa,KAAK,IAAI,GACjCA,EAAW,WAAW,KAAK,IAAI,GAC/B,KAAK,OAAA,GACL,KAAK,aAAa;AAAA,IACpB;AAAA;AAAA;AAAA;AAAA,IAKA,uBAA6B;AAC3B,UAAI;AACF,QAAAA,EAAW,cAAc,KAAK,IAAI;AAAA,MACpC,SAASH,GAAO;AACd,aAAK,YAAYA,CAAc;AAAA,MACjC;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,yBACEK,GACAC,GACAC,GACM;AACN,UAAI;AACF,aAAK,UAAA,GAED,KAAK,aAEP,KAAK,OAAO,EAAI,IACP,KAAK,eAAe,KAAK,qBAAqB,SAAS,KAGhE,KAAK,MAAA;AAAA,MAET,SAASP,GAAO;AACd,aAAK,YAAYA,CAAc;AAAA,MACjC;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA,IAMQ,YAAYA,GAAoB;AACtC,MAAIG,EAAW,UACbA,EAAW,QAAQ,KAAK,MAAMH,CAAK,IAEnC,QAAQ,MAAM,8BAA8BE,CAAO,MAAMF,CAAK;AAAA,IAElE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,SAASQ,GAAaC,GAAsB;AAC1C,WAAK,MAAMD,CAAG,IAAIC,GAClB,KAAK,OAAO,EAAI;AAAA,IAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,SAAsBD,GAAgB;AACpC,aAAO,KAAK,MAAMA,CAAG;AAAA,IACvB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMQ,YAAkB;AACxB,YAAME,IAAQP,EAAW,SAAS,CAAA;AAClC,iBAAW,CAACK,GAAKlB,CAAM,KAAK,OAAO,QAAQoB,CAAK,GAAiC;AAC/E,cAAMC,IAAY,KAAK,aAAaH,CAAG;AACvC,YAAIC;AAkBJ,YAhBIE,KAAa,OACXrB,EAAO,YAAYA,EAAO,YAAY,UAExC,KAAK,qBAAqB,IAAIkB,CAAG,GACjCC,IAAQ,UAERA,IAAQnB,EAAO,WAAW,UAIxB,KAAK,qBAAqB,IAAIkB,CAAG,KACnC,KAAK,qBAAqB,OAAOA,CAAG,GAEtCC,IAAQrB,EAAgBuB,GAAWrB,CAAM,IAGvCA,EAAO,aAAamB,MAAU,UAE5B,CADYnB,EAAO,UAAUmB,CAAK;AAEpC,gBAAM,IAAI;AAAA,YACR,iDAAiDD,CAAG,gBAAgB,KAAK,UAAUC,CAAK,CAAC;AAAA,UAAA;AAK9F,aAAK,MAAkCD,CAAG,IAAIC;AAAA,MACjD;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA,IAMQ,OAAOG,IAAiB,IAAa;AAC3C,UAAI;AACF,YAAIA,KAAkBT,EAAW,gBACVA,EAAW,aAAa,KAAK,MAAM,KAAK,KAAK,MAC7C;AAAO;AAG9B,cAAMU,IAAO,CAACC,GAAeC,MAA2B;AACtD,eAAK,cAAc,IAAI,YAAYD,GAAO,EAAE,QAAAC,GAAQ,SAAS,IAAM,UAAU,GAAA,CAAM,CAAC;AAAA,QACtF;AAEA,YAAI,CAAC,KAAK,WAAY;AAEtB,cAAMC,IAASb,EAAW,OAAO;AAAA,UAC/B,OAAO,KAAK;AAAA,UACZ,OAAO,KAAK;AAAA,UACZ,MAAAU;AAAA,QAAA,CACD,GAEKI,IAAkBC,EAAaF,CAAM;AAG3C,YAFA,KAAK,WAAW,YAAYC,GAExBd,EAAW,QAAQ;AACrB,gBAAMgB,IAAe,SAAS,cAAc,OAAO;AACnD,UAAAA,EAAa,cAAchB,EAAW,QACtC,KAAK,WAAW,QAAQgB,CAAY;AAAA,QACtC;AAEA,QAAIP,KACFT,EAAW,SAAS,KAAK,IAAI;AAAA,MAEjC,SAASH,GAAO;AACd,aAAK,YAAYA,CAAc;AAAA,MACjC;AAAA,IACF;AAAA,EAAA;AAGF,SAAOI;AACT,GAoDagB,IAAY,CACvBlB,GACAC,MACS;AACT,QAAMkB,IAAepB,EAAgBC,GAASC,CAAU;AAExD,EAAK,eAAe,IAAID,CAAO,KAC7B,eAAe,OAAOA,GAASmB,CAAY;AAE/C,GC/QaC,IAAO,CAACC,MAAkCC,MAC9CD,EAAQ,OAAO,CAACE,GAAKC,GAAMC,MAAU,GAAGF,CAAG,GAAGC,CAAI,GAAGF,EAAOG,CAAK,KAAK,EAAE,IAAI,EAAE,GAkB1EC,IAAW,CAACL,MAAkCC,MAA8B;AACvF,QAAMK,IAAoC;AAAA,IACxC,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,EAAA,GAGDC,IAAS,CAACrB,MACF,OAAOA,KAAS,EAAE,EACnB,QAAQ,aAAa,CAACsB,MAASF,EAAUE,CAAI,CAAC;AAG3D,SAAOR,EAAQ,OAAO,CAACE,GAAKC,GAAMC,MAAU,GAAGF,CAAG,GAAGC,CAAI,GAAGI,EAAON,EAAOG,CAAK,CAAC,CAAC,IAAI,EAAE;AACzF;"}