npm - @bquery/bquery - Versions diffs - 1.6.0 → 1.8.1 - Mend

@bquery/bquery 1.6.0 → 1.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (402) hide show

package/README.md +192 -18
package/dist/a11y/announce.d.ts +43 -0
package/dist/a11y/announce.d.ts.map +1 -0
package/dist/a11y/audit.d.ts +42 -0
package/dist/a11y/audit.d.ts.map +1 -0
package/dist/a11y/index.d.ts +53 -0
package/dist/a11y/index.d.ts.map +1 -0
package/dist/a11y/media-preferences.d.ts +77 -0
package/dist/a11y/media-preferences.d.ts.map +1 -0
package/dist/a11y/roving-tab-index.d.ts +38 -0
package/dist/a11y/roving-tab-index.d.ts.map +1 -0
package/dist/a11y/skip-link.d.ts +37 -0
package/dist/a11y/skip-link.d.ts.map +1 -0
package/dist/a11y/trap-focus.d.ts +49 -0
package/dist/a11y/trap-focus.d.ts.map +1 -0
package/dist/a11y/types.d.ts +152 -0
package/dist/a11y/types.d.ts.map +1 -0
package/dist/a11y-DVBCy09c.js +421 -0
package/dist/a11y-DVBCy09c.js.map +1 -0
package/dist/a11y.es.mjs +14 -0
package/dist/component/component.d.ts.map +1 -1
package/dist/component/html.d.ts.map +1 -1
package/dist/component/index.d.ts +2 -1
package/dist/component/index.d.ts.map +1 -1
package/dist/component/library.d.ts.map +1 -1
package/dist/component/scope.d.ts +138 -0
package/dist/component/scope.d.ts.map +1 -0
package/dist/component/types.d.ts +53 -1
package/dist/component/types.d.ts.map +1 -1
package/dist/component-L3-JfOFz.js +684 -0
package/dist/component-L3-JfOFz.js.map +1 -0
package/dist/component.es.mjs +9 -6
package/dist/{config-DRmZZno3.js → config-DhT9auRm.js} +4 -4
package/dist/{config-DRmZZno3.js.map → config-DhT9auRm.js.map} +1 -1
package/dist/constraints-D5RHQLmP.js +100 -0
package/dist/constraints-D5RHQLmP.js.map +1 -0
package/dist/core/collection.d.ts +134 -0
package/dist/core/collection.d.ts.map +1 -1
package/dist/core/element.d.ts +120 -0
package/dist/core/element.d.ts.map +1 -1
package/dist/core/env.d.ts +18 -0
package/dist/core/env.d.ts.map +1 -0
package/dist/core/index.d.ts +1 -0
package/dist/core/index.d.ts.map +1 -1
package/dist/core/shared.d.ts +14 -0
package/dist/core/shared.d.ts.map +1 -1
package/dist/core/utils/index.d.ts +52 -41
package/dist/core/utils/index.d.ts.map +1 -1
package/dist/core-DdtZHzsS.js +168 -0
package/dist/core-DdtZHzsS.js.map +1 -0
package/dist/{core-CCEabVHl.js → core-EMYSLzaT.js} +293 -194
package/dist/core-EMYSLzaT.js.map +1 -0
package/dist/core.es.mjs +48 -46
package/dist/custom-directives-Dr4C5lVV.js +9 -0
package/dist/custom-directives-Dr4C5lVV.js.map +1 -0
package/dist/devtools/devtools.d.ts +212 -0
package/dist/devtools/devtools.d.ts.map +1 -0
package/dist/devtools/index.d.ts +20 -0
package/dist/devtools/index.d.ts.map +1 -0
package/dist/devtools/types.d.ts +69 -0
package/dist/devtools/types.d.ts.map +1 -0
package/dist/devtools-BhB2iDPT.js +122 -0
package/dist/devtools-BhB2iDPT.js.map +1 -0
package/dist/devtools.es.mjs +19 -0
package/dist/dnd/draggable.d.ts +51 -0
package/dist/dnd/draggable.d.ts.map +1 -0
package/dist/dnd/droppable.d.ts +38 -0
package/dist/dnd/droppable.d.ts.map +1 -0
package/dist/dnd/index.d.ts +47 -0
package/dist/dnd/index.d.ts.map +1 -0
package/dist/dnd/sortable.d.ts +43 -0
package/dist/dnd/sortable.d.ts.map +1 -0
package/dist/dnd/types.d.ts +250 -0
package/dist/dnd/types.d.ts.map +1 -0
package/dist/dnd-NwZBYh4l.js +244 -0
package/dist/dnd-NwZBYh4l.js.map +1 -0
package/dist/dnd.es.mjs +6 -0
package/dist/env-CTdvLaH2.js +19 -0
package/dist/env-CTdvLaH2.js.map +1 -0
package/dist/forms/create-form.d.ts +49 -0
package/dist/forms/create-form.d.ts.map +1 -0
package/dist/forms/index.d.ts +40 -0
package/dist/forms/index.d.ts.map +1 -0
package/dist/forms/types.d.ts +185 -0
package/dist/forms/types.d.ts.map +1 -0
package/dist/forms/use-field.d.ts +34 -0
package/dist/forms/use-field.d.ts.map +1 -0
package/dist/forms/validators.d.ts +204 -0
package/dist/forms/validators.d.ts.map +1 -0
package/dist/forms-UcRHsYxC.js +227 -0
package/dist/forms-UcRHsYxC.js.map +1 -0
package/dist/forms.es.mjs +16 -0
package/dist/full.d.ts +30 -11
package/dist/full.d.ts.map +1 -1
package/dist/full.es.mjs +209 -93
package/dist/full.iife.js +47 -31
package/dist/full.iife.js.map +1 -1
package/dist/full.umd.js +47 -31
package/dist/full.umd.js.map +1 -1
package/dist/function-Cybd57JV.js +33 -0
package/dist/function-Cybd57JV.js.map +1 -0
package/dist/i18n/formatting.d.ts +40 -0
package/dist/i18n/formatting.d.ts.map +1 -0
package/dist/i18n/i18n.d.ts +48 -0
package/dist/i18n/i18n.d.ts.map +1 -0
package/dist/i18n/index.d.ts +57 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/translate.d.ts +83 -0
package/dist/i18n/translate.d.ts.map +1 -0
package/dist/i18n/types.d.ts +156 -0
package/dist/i18n/types.d.ts.map +1 -0
package/dist/i18n-kuF6Ekj6.js +89 -0
package/dist/i18n-kuF6Ekj6.js.map +1 -0
package/dist/i18n.es.mjs +6 -0
package/dist/index.d.ts +11 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.es.mjs +257 -143
package/dist/media/battery.d.ts +35 -0
package/dist/media/battery.d.ts.map +1 -0
package/dist/media/breakpoints.d.ts +51 -0
package/dist/media/breakpoints.d.ts.map +1 -0
package/dist/media/clipboard.d.ts +30 -0
package/dist/media/clipboard.d.ts.map +1 -0
package/dist/media/device-sensors.d.ts +54 -0
package/dist/media/device-sensors.d.ts.map +1 -0
package/dist/media/geolocation.d.ts +38 -0
package/dist/media/geolocation.d.ts.map +1 -0
package/dist/media/index.d.ts +42 -0
package/dist/media/index.d.ts.map +1 -0
package/dist/media/media-query.d.ts +36 -0
package/dist/media/media-query.d.ts.map +1 -0
package/dist/media/network.d.ts +35 -0
package/dist/media/network.d.ts.map +1 -0
package/dist/media/types.d.ts +173 -0
package/dist/media/types.d.ts.map +1 -0
package/dist/media/viewport.d.ts +32 -0
package/dist/media/viewport.d.ts.map +1 -0
package/dist/media-i-fB5WxI.js +340 -0
package/dist/media-i-fB5WxI.js.map +1 -0
package/dist/media.es.mjs +12 -0
package/dist/motion/index.d.ts +7 -3
package/dist/motion/index.d.ts.map +1 -1
package/dist/motion/morph.d.ts +27 -0
package/dist/motion/morph.d.ts.map +1 -0
package/dist/motion/parallax.d.ts +30 -0
package/dist/motion/parallax.d.ts.map +1 -0
package/dist/motion/reduced-motion.d.ts +36 -3
package/dist/motion/reduced-motion.d.ts.map +1 -1
package/dist/motion/types.d.ts +58 -0
package/dist/motion/types.d.ts.map +1 -1
package/dist/motion/typewriter.d.ts +31 -0
package/dist/motion/typewriter.d.ts.map +1 -0
package/dist/motion-BJsAuULb.js +530 -0
package/dist/motion-BJsAuULb.js.map +1 -0
package/dist/motion.es.mjs +27 -23
package/dist/{view-C70lA3vf.js → mount-B4Y8bk8Z.js} +166 -160
package/dist/mount-B4Y8bk8Z.js.map +1 -0
package/dist/{object-qGpWr6-J.js → object-BCk-1c8T.js} +5 -4
package/dist/{object-qGpWr6-J.js.map → object-BCk-1c8T.js.map} +1 -1
package/dist/{platform-Dr9b6fsq.js → platform-Dw2gE3zI.js} +21 -22
package/dist/{platform-Dr9b6fsq.js.map → platform-Dw2gE3zI.js.map} +1 -1
package/dist/platform.es.mjs +2 -2
package/dist/plugin/index.d.ts +22 -0
package/dist/plugin/index.d.ts.map +1 -0
package/dist/plugin/registry.d.ts +108 -0
package/dist/plugin/registry.d.ts.map +1 -0
package/dist/plugin/types.d.ts +110 -0
package/dist/plugin/types.d.ts.map +1 -0
package/dist/plugin-C2WuC8SF.js +66 -0
package/dist/plugin-C2WuC8SF.js.map +1 -0
package/dist/plugin.es.mjs +9 -0
package/dist/reactive/async-data.d.ts +28 -3
package/dist/reactive/async-data.d.ts.map +1 -1
package/dist/reactive/computed.d.ts +10 -0
package/dist/reactive/computed.d.ts.map +1 -1
package/dist/reactive/effect.d.ts +3 -0
package/dist/reactive/effect.d.ts.map +1 -1
package/dist/reactive/http.d.ts +194 -0
package/dist/reactive/http.d.ts.map +1 -0
package/dist/reactive/index.d.ts +2 -2
package/dist/reactive/index.d.ts.map +1 -1
package/dist/reactive/pagination.d.ts +126 -0
package/dist/reactive/pagination.d.ts.map +1 -0
package/dist/reactive/polling.d.ts +55 -0
package/dist/reactive/polling.d.ts.map +1 -0
package/dist/reactive/readonly.d.ts +20 -1
package/dist/reactive/readonly.d.ts.map +1 -1
package/dist/reactive/rest.d.ts +293 -0
package/dist/reactive/rest.d.ts.map +1 -0
package/dist/reactive/scope.d.ts +140 -0
package/dist/reactive/scope.d.ts.map +1 -0
package/dist/reactive/signal.d.ts +16 -2
package/dist/reactive/signal.d.ts.map +1 -1
package/dist/reactive/to-value.d.ts +57 -0
package/dist/reactive/to-value.d.ts.map +1 -0
package/dist/reactive/websocket.d.ts +285 -0
package/dist/reactive/websocket.d.ts.map +1 -0
package/dist/reactive-DwkhUJfP.js +1148 -0
package/dist/reactive-DwkhUJfP.js.map +1 -0
package/dist/reactive.es.mjs +38 -20
package/dist/registry-B08iilIh.js +26 -0
package/dist/registry-B08iilIh.js.map +1 -0
package/dist/router/bq-link.d.ts +112 -0
package/dist/router/bq-link.d.ts.map +1 -0
package/dist/router/constraints.d.ts +9 -0
package/dist/router/constraints.d.ts.map +1 -0
package/dist/router/index.d.ts +15 -7
package/dist/router/index.d.ts.map +1 -1
package/dist/router/match.d.ts +0 -1
package/dist/router/match.d.ts.map +1 -1
package/dist/router/path-pattern.d.ts +14 -0
package/dist/router/path-pattern.d.ts.map +1 -0
package/dist/router/query.d.ts.map +1 -1
package/dist/router/router.d.ts +3 -1
package/dist/router/router.d.ts.map +1 -1
package/dist/router/state.d.ts +25 -2
package/dist/router/state.d.ts.map +1 -1
package/dist/router/types.d.ts +48 -4
package/dist/router/types.d.ts.map +1 -1
package/dist/router/use-route.d.ts +50 -0
package/dist/router/use-route.d.ts.map +1 -0
package/dist/router/utils.d.ts +3 -0
package/dist/router/utils.d.ts.map +1 -1
package/dist/router-CQikC9Ed.js +492 -0
package/dist/router-CQikC9Ed.js.map +1 -0
package/dist/router.es.mjs +14 -10
package/dist/{sanitize-Bs2dkMby.js → sanitize-B1V4JswB.js} +2 -1
package/dist/{sanitize-Bs2dkMby.js.map → sanitize-B1V4JswB.js.map} +1 -1
package/dist/security/index.d.ts +2 -2
package/dist/security/index.d.ts.map +1 -1
package/dist/security.es.mjs +1 -1
package/dist/ssr/hydrate.d.ts +65 -0
package/dist/ssr/hydrate.d.ts.map +1 -0
package/dist/ssr/index.d.ts +59 -0
package/dist/ssr/index.d.ts.map +1 -0
package/dist/ssr/render.d.ts +62 -0
package/dist/ssr/render.d.ts.map +1 -0
package/dist/ssr/serialize.d.ts +118 -0
package/dist/ssr/serialize.d.ts.map +1 -0
package/dist/ssr/types.d.ts +70 -0
package/dist/ssr/types.d.ts.map +1 -0
package/dist/ssr-_dAcGdzu.js +248 -0
package/dist/ssr-_dAcGdzu.js.map +1 -0
package/dist/ssr.es.mjs +9 -0
package/dist/store/create-store.d.ts.map +1 -1
package/dist/store/index.d.ts +1 -1
package/dist/store/index.d.ts.map +1 -1
package/dist/store/persisted.d.ts +38 -4
package/dist/store/persisted.d.ts.map +1 -1
package/dist/store/types.d.ts +138 -1
package/dist/store/types.d.ts.map +1 -1
package/dist/store/utils.d.ts +2 -2
package/dist/store/utils.d.ts.map +1 -1
package/dist/store-Cb3gPRve.js +338 -0
package/dist/store-Cb3gPRve.js.map +1 -0
package/dist/store.es.mjs +11 -10
package/dist/storybook/index.d.ts.map +1 -1
package/dist/storybook.es.mjs +1 -1
package/dist/storybook.es.mjs.map +1 -1
package/dist/testing/index.d.ts +23 -0
package/dist/testing/index.d.ts.map +1 -0
package/dist/testing/testing.d.ts +156 -0
package/dist/testing/testing.d.ts.map +1 -0
package/dist/testing/types.d.ts +134 -0
package/dist/testing/types.d.ts.map +1 -0
package/dist/testing-C5Sjfsna.js +224 -0
package/dist/testing-C5Sjfsna.js.map +1 -0
package/dist/testing.es.mjs +9 -0
package/dist/type-guards-BMX2c0LP.js +44 -0
package/dist/type-guards-BMX2c0LP.js.map +1 -0
package/dist/untrack-D0fnO5k2.js +36 -0
package/dist/untrack-D0fnO5k2.js.map +1 -0
package/dist/view/custom-directives.d.ts +20 -0
package/dist/view/custom-directives.d.ts.map +1 -0
package/dist/view/evaluate.d.ts.map +1 -1
package/dist/view/process.d.ts.map +1 -1
package/dist/view.es.mjs +9 -9
package/package.json +47 -11
package/src/a11y/announce.ts +131 -0
package/src/a11y/audit.ts +314 -0
package/src/a11y/index.ts +68 -0
package/src/a11y/media-preferences.ts +255 -0
package/src/a11y/roving-tab-index.ts +164 -0
package/src/a11y/skip-link.ts +255 -0
package/src/a11y/trap-focus.ts +184 -0
package/src/a11y/types.ts +183 -0
package/src/component/component.ts +599 -524
package/src/component/html.ts +153 -153
package/src/component/index.ts +52 -50
package/src/component/library.ts +540 -518
package/src/component/scope.ts +212 -0
package/src/component/types.ts +310 -256
package/src/core/collection.ts +249 -1
package/src/core/element.ts +252 -11
package/src/core/env.ts +60 -0
package/src/core/index.ts +1 -0
package/src/core/shared.ts +64 -0
package/src/core/utils/index.ts +66 -1
package/src/devtools/devtools.ts +410 -0
package/src/devtools/index.ts +48 -0
package/src/devtools/types.ts +104 -0
package/src/dnd/draggable.ts +296 -0
package/src/dnd/droppable.ts +228 -0
package/src/dnd/index.ts +62 -0
package/src/dnd/sortable.ts +307 -0
package/src/dnd/types.ts +293 -0
package/src/forms/create-form.ts +320 -0
package/src/forms/index.ts +70 -0
package/src/forms/types.ts +203 -0
package/src/forms/use-field.ts +231 -0
package/src/forms/validators.ts +294 -0
package/src/full.ts +554 -229
package/src/i18n/formatting.ts +67 -0
package/src/i18n/i18n.ts +200 -0
package/src/i18n/index.ts +67 -0
package/src/i18n/translate.ts +182 -0
package/src/i18n/types.ts +171 -0
package/src/index.ts +72 -0
package/src/media/battery.ts +116 -0
package/src/media/breakpoints.ts +129 -0
package/src/media/clipboard.ts +80 -0
package/src/media/device-sensors.ts +158 -0
package/src/media/geolocation.ts +119 -0
package/src/media/index.ts +76 -0
package/src/media/media-query.ts +92 -0
package/src/media/network.ts +115 -0
package/src/media/types.ts +177 -0
package/src/media/viewport.ts +84 -0
package/src/motion/index.ts +11 -2
package/src/motion/morph.ts +151 -0
package/src/motion/parallax.ts +120 -0
package/src/motion/reduced-motion.ts +52 -3
package/src/motion/types.ts +63 -0
package/src/motion/typewriter.ts +164 -0
package/src/plugin/index.ts +37 -0
package/src/plugin/registry.ts +284 -0
package/src/plugin/types.ts +137 -0
package/src/reactive/async-data.ts +250 -29
package/src/reactive/computed.ts +53 -1
package/src/reactive/effect.ts +29 -6
package/src/reactive/http.ts +790 -0
package/src/reactive/index.ts +60 -0
package/src/reactive/pagination.ts +317 -0
package/src/reactive/polling.ts +179 -0
package/src/reactive/readonly.ts +52 -8
package/src/reactive/rest.ts +859 -0
package/src/reactive/scope.ts +276 -0
package/src/reactive/signal.ts +61 -1
package/src/reactive/to-value.ts +71 -0
package/src/reactive/websocket.ts +849 -0
package/src/router/bq-link.ts +279 -0
package/src/router/constraints.ts +204 -0
package/src/router/index.ts +15 -7
package/src/router/match.ts +255 -49
package/src/router/path-pattern.ts +52 -0
package/src/router/query.ts +3 -0
package/src/router/router.ts +258 -48
package/src/router/state.ts +51 -3
package/src/router/types.ts +50 -4
package/src/router/use-route.ts +68 -0
package/src/router/utils.ts +44 -3
package/src/security/index.ts +12 -17
package/src/security/sanitize.ts +70 -70
package/src/security/trusted-html.ts +71 -71
package/src/ssr/hydrate.ts +84 -0
package/src/ssr/index.ts +70 -0
package/src/ssr/render.ts +508 -0
package/src/ssr/serialize.ts +296 -0
package/src/ssr/types.ts +81 -0
package/src/store/create-store.ts +146 -8
package/src/store/define-store.ts +49 -49
package/src/store/index.ts +5 -0
package/src/store/mapping.ts +74 -74
package/src/store/persisted.ts +245 -62
package/src/store/types.ts +247 -92
package/src/store/utils.ts +4 -10
package/src/store/watch.ts +53 -53
package/src/storybook/index.ts +480 -479
package/src/testing/index.ts +42 -0
package/src/testing/testing.ts +593 -0
package/src/testing/types.ts +170 -0
package/src/view/custom-directives.ts +28 -0
package/src/view/evaluate.ts +2 -0
package/src/view/process.ts +19 -3
package/dist/component-BEQgt5hl.js +0 -600
package/dist/component-BEQgt5hl.js.map +0 -1
package/dist/core-BGQJVw0-.js +0 -35
package/dist/core-BGQJVw0-.js.map +0 -1
package/dist/core-CCEabVHl.js.map +0 -1
package/dist/effect-AFRW_Plg.js +0 -84
package/dist/effect-AFRW_Plg.js.map +0 -1
package/dist/motion-D9TcHxOF.js +0 -415
package/dist/motion-D9TcHxOF.js.map +0 -1
package/dist/reactive-DSkct0dO.js +0 -254
package/dist/reactive-DSkct0dO.js.map +0 -1
package/dist/router-CbDhl8rS.js +0 -188
package/dist/router-CbDhl8rS.js.map +0 -1
package/dist/store-BwDvI45q.js +0 -263
package/dist/store-BwDvI45q.js.map +0 -1
package/dist/untrack-B0rVscTc.js +0 -7
package/dist/untrack-B0rVscTc.js.map +0 -1
package/dist/view-C70lA3vf.js.map +0 -1

package/src/security/sanitize.ts CHANGED Viewed

@@ -1,70 +1,70 @@
-/**
- * Security utilities for HTML sanitization.
- * All DOM writes are sanitized by default to prevent XSS attacks.
- *
- * @module bquery/security
- */
-import { sanitizeHtmlCore } from './sanitize-core';
-import { toSanitizedHtml } from './trusted-html';
-import type { SanitizedHtml } from './trusted-html';
-import type { SanitizeOptions } from './types';
-export { generateNonce } from './csp';
-export { isTrustedTypesSupported } from './trusted-types';
-export { trusted } from './trusted-html';
-export type { SanitizedHtml, TrustedHtml } from './trusted-html';
-/**
- * Sanitize HTML string, removing dangerous elements and attributes.
- * Uses Trusted Types when available for CSP compliance.
- *
- * @param html - The HTML string to sanitize
- * @param options - Sanitization options
- * @returns Sanitized HTML string
- *
- * @example
- * ```ts
- * const safe = sanitizeHtml('<div onclick="alert(1)">Hello</div>');
- * // Returns: '<div>Hello</div>'
- * ```
- */
-export const sanitizeHtml = (html: string, options: SanitizeOptions = {}): SanitizedHtml => {
-  return toSanitizedHtml(sanitizeHtmlCore(html, options));
-};
-/**
- * Escape HTML entities to prevent XSS.
- * Use this for displaying user content as text.
- *
- * @param text - The text to escape
- * @returns Escaped HTML string
- *
- * @example
- * ```ts
- * escapeHtml('<script>alert(1)</script>');
- * // Returns: '&lt;script&gt;alert(1)&lt;/script&gt;'
- * ```
- */
-export const escapeHtml = (text: string): string => {
-  const escapeMap: Record<string, string> = {
-    '&': '&amp;',
-    '<': '&lt;',
-    '>': '&gt;',
-    '"': '&quot;',
-    "'": '&#x27;',
-    '`': '&#x60;',
-  };
-  return text.replace(/[&<>"'`]/g, (char) => escapeMap[char]);
-};
-/**
- * Strip all HTML tags and return plain text.
- *
- * @param html - The HTML string to strip
- * @returns Plain text content
- */
-export const stripTags = (html: string): string => {
-  return sanitizeHtmlCore(html, { stripAllTags: true });
-};
-export type { SanitizeOptions } from './types';
+/**
+ * Security utilities for HTML sanitization.
+ * All DOM writes are sanitized by default to prevent XSS attacks.
+ *
+ * @module bquery/security
+ */
+import { sanitizeHtmlCore } from './sanitize-core';
+import { toSanitizedHtml } from './trusted-html';
+import type { SanitizedHtml } from './trusted-html';
+import type { SanitizeOptions } from './types';
+export { generateNonce } from './csp';
+export { isTrustedTypesSupported } from './trusted-types';
+export { trusted } from './trusted-html';
+export type { SanitizedHtml, TrustedHtml } from './trusted-html';
+/**
+ * Sanitize HTML string, removing dangerous elements and attributes.
+ * Uses Trusted Types when available for CSP compliance.
+ *
+ * @param html - The HTML string to sanitize
+ * @param options - Sanitization options
+ * @returns Sanitized HTML string
+ *
+ * @example
+ * ```ts
+ * const safe = sanitizeHtml('<div onclick="alert(1)">Hello</div>');
+ * // Returns: '<div>Hello</div>'
+ * ```
+ */
+export const sanitizeHtml = (html: string, options: SanitizeOptions = {}): SanitizedHtml => {
+  return toSanitizedHtml(sanitizeHtmlCore(html, options));
+};
+/**
+ * Escape HTML entities to prevent XSS.
+ * Use this for displaying user content as text.
+ *
+ * @param text - The text to escape
+ * @returns Escaped HTML string
+ *
+ * @example
+ * ```ts
+ * escapeHtml('<script>alert(1)</script>');
+ * // Returns: '&lt;script&gt;alert(1)&lt;/script&gt;'
+ * ```
+ */
+export const escapeHtml = (text: string): string => {
+  const escapeMap: Record<string, string> = {
+    '&': '&amp;',
+    '<': '&lt;',
+    '>': '&gt;',
+    '"': '&quot;',
+    "'": '&#x27;',
+    '`': '&#x60;',
+  };
+  return text.replace(/[&<>"'`]/g, (char) => escapeMap[char]);
+};
+/**
+ * Strip all HTML tags and return plain text.
+ *
+ * @param html - The HTML string to strip
+ * @returns Plain text content
+ */
+export const stripTags = (html: string): string => {
+  return sanitizeHtmlCore(html, { stripAllTags: true });
+};
+export type { SanitizeOptions } from './types';

package/src/security/trusted-html.ts CHANGED Viewed

@@ -1,71 +1,71 @@
-declare const sanitizedHtmlBrand: unique symbol;
-const trustedHtmlBrand: unique symbol = Symbol('bquery.trusted-html.brand');
-const TRUSTED_HTML_VALUE = Symbol('bquery.trusted-html');
-/**
- * Branded HTML string produced by bQuery's sanitization or escaping template helpers.
- *
- * Values returned from {@link sanitizeHtml} carry sanitized markup. Values returned from
- * {@link safeHtml} preserve the template's static markup while escaping normal interpolations
- * and splicing {@link trusted} fragments verbatim. This brand is not intended for arbitrary
- * strings or manual concatenation outside those helpers.
- */
-export type SanitizedHtml = string & { readonly [sanitizedHtmlBrand]: true };
-/**
- * Marker object that safeHtml can splice into templates without escaping again.
- */
-export type TrustedHtml = { readonly [trustedHtmlBrand]: true; toString(): string };
-type TrustedHtmlValue = TrustedHtml & { readonly [TRUSTED_HTML_VALUE]: string };
-/**
- * Apply the internal {@link SanitizedHtml} brand to helper output.
- *
- * @internal
- */
-export const toSanitizedHtml = (html: string): SanitizedHtml => html as SanitizedHtml;
-/**
- * Mark a sanitized HTML string for verbatim splicing into safeHtml templates.
- *
- * @param html - HTML previously produced by sanitizeHtml, safeHtml, or another trusted bQuery helper
- * @returns Trusted HTML marker object for safeHtml interpolations
- *
- * @example
- * ```ts
- * const badge = trusted(sanitizeHtml('<strong onclick="alert(1)">New</strong>'));
- * const markup = safeHtml`<span>${badge}</span>`;
- * ```
- */
-export const trusted = (html: SanitizedHtml): TrustedHtml => {
-  const value = String(html);
-  return Object.freeze({
-    [trustedHtmlBrand]: true as const,
-    [TRUSTED_HTML_VALUE]: value,
-    toString: () => value,
-  });
-};
-/**
- * Check whether a value is a trusted HTML marker created by trusted().
- *
- * @internal
- */
-export const isTrustedHtml = (value: unknown): value is TrustedHtml => {
-  return (
-    typeof value === 'object' &&
-    value !== null &&
-    trustedHtmlBrand in value &&
-    TRUSTED_HTML_VALUE in value
-  );
-};
-/**
- * Unwrap the raw HTML string stored inside a trusted HTML marker.
- *
- * @internal
- */
-export const unwrapTrustedHtml = (value: TrustedHtml): string => {
-  return (value as TrustedHtmlValue)[TRUSTED_HTML_VALUE];
-};
+declare const sanitizedHtmlBrand: unique symbol;
+const trustedHtmlBrand: unique symbol = Symbol('bquery.trusted-html.brand');
+const TRUSTED_HTML_VALUE = Symbol('bquery.trusted-html');
+/**
+ * Branded HTML string produced by bQuery's sanitization or escaping template helpers.
+ *
+ * Values returned from {@link sanitizeHtml} carry sanitized markup. Values returned from
+ * {@link safeHtml} preserve the template's static markup while escaping normal interpolations
+ * and splicing {@link trusted} fragments verbatim. This brand is not intended for arbitrary
+ * strings or manual concatenation outside those helpers.
+ */
+export type SanitizedHtml = string & { readonly [sanitizedHtmlBrand]: true };
+/**
+ * Marker object that safeHtml can splice into templates without escaping again.
+ */
+export type TrustedHtml = { readonly [trustedHtmlBrand]: true; toString(): string };
+type TrustedHtmlValue = TrustedHtml & { readonly [TRUSTED_HTML_VALUE]: string };
+/**
+ * Apply the internal {@link SanitizedHtml} brand to helper output.
+ *
+ * @internal
+ */
+export const toSanitizedHtml = (html: string): SanitizedHtml => html as SanitizedHtml;
+/**
+ * Mark a sanitized HTML string for verbatim splicing into safeHtml templates.
+ *
+ * @param html - HTML previously produced by sanitizeHtml, safeHtml, or another trusted bQuery helper
+ * @returns Trusted HTML marker object for safeHtml interpolations
+ *
+ * @example
+ * ```ts
+ * const badge = trusted(sanitizeHtml('<strong onclick="alert(1)">New</strong>'));
+ * const markup = safeHtml`<span>${badge}</span>`;
+ * ```
+ */
+export const trusted = (html: SanitizedHtml): TrustedHtml => {
+  const value = String(html);
+  return Object.freeze({
+    [trustedHtmlBrand]: true as const,
+    [TRUSTED_HTML_VALUE]: value,
+    toString: () => value,
+  });
+};
+/**
+ * Check whether a value is a trusted HTML marker created by trusted().
+ *
+ * @internal
+ */
+export const isTrustedHtml = (value: unknown): value is TrustedHtml => {
+  return (
+    typeof value === 'object' &&
+    value !== null &&
+    trustedHtmlBrand in value &&
+    TRUSTED_HTML_VALUE in value
+  );
+};
+/**
+ * Unwrap the raw HTML string stored inside a trusted HTML marker.
+ *
+ * @internal
+ */
+export const unwrapTrustedHtml = (value: TrustedHtml): string => {
+  return (value as TrustedHtmlValue)[TRUSTED_HTML_VALUE];
+};

package/src/ssr/hydrate.ts ADDED Viewed

@@ -0,0 +1,84 @@
+/**
+ * Hydration support for server-rendered DOM.
+ *
+ * Enables the client-side view system to reuse existing server-rendered DOM
+ * elements instead of re-rendering them, by attaching reactive bindings
+ * to the pre-existing DOM structure.
+ *
+ * @module bquery/ssr
+ */
+import type { BindingContext, MountOptions, View } from '../view/types';
+import { mount } from '../view/mount';
+/**
+ * Extended mount options that include hydration mode.
+ */
+export type HydrateMountOptions = MountOptions & {
+  /**
+   * When present, must be `true` so the mount operation reuses existing DOM elements
+   * instead of re-rendering them. Reactive bindings (effects) are
+   * still attached so the DOM updates reactively from that point on.
+   *
+   * @default true
+   */
+  hydrate?: true;
+};
+/**
+ * Mounts a reactive view with optional hydration support.
+ *
+ * When `hydrate: true` is set, the existing server-rendered DOM is preserved
+ * and reactive bindings are attached on top. The DOM is NOT re-rendered;
+ * instead, effects begin tracking signals so future changes update the DOM.
+ *
+ * This is the client-side counterpart to `renderToString()`. The typical flow:
+ * 1. Server: `renderToString(template, data)` → send HTML to client
+ * 2. Client: `hydrateMount('#app', reactiveContext, { hydrate: true })`
+ *
+ * Under the hood, `hydrateMount` simply delegates to the standard `mount()`
+ * function. The `mount()` function already processes existing DOM elements
+ * and attaches reactive effects to them — it does not clear/replace content.
+ * The `hydrate` flag is a semantic marker indicating developer intent and
+ * ensures the existing DOM structure is preserved.
+ *
+ * @param selector - CSS selector or Element to hydrate
+ * @param context - Binding context with signals, computed values, and functions
+ * @param options - Mount options with `hydrate: true`
+ * @returns The mounted View instance
+ *
+ * @example
+ * ```ts
+ * import { hydrateMount } from '@bquery/bquery/ssr';
+ * import { signal, computed } from '@bquery/bquery/reactive';
+ *
+ * // Server rendered:
+ * // <div id="app"><h1>Welcome</h1><p>Hello, World!</p></div>
+ *
+ * // Client hydration — attaches reactivity to existing DOM:
+ * const name = signal('World');
+ * const greeting = computed(() => `Hello, ${name.value}!`);
+ *
+ * const view = hydrateMount('#app', { name, greeting }, { hydrate: true });
+ *
+ * // Now updating `name.value` will reactively update the DOM
+ * name.value = 'Alice'; // <p> updates to "Hello, Alice!"
+ * ```
+ */
+export const hydrateMount = (
+  selector: string | Element,
+  context: BindingContext,
+  options: HydrateMountOptions = {}
+): View => {
+  const { hydrate = true, ...mountOptions } = options;
+  if (!hydrate) {
+    throw new Error(
+      'bQuery ssr: hydrateMount() requires { hydrate: true } when options are provided.'
+    );
+  }
+  // Hydration uses the standard mount which processes existing DOM
+  // and attaches reactive effects without clearing content.
+  return mount(selector, context, mountOptions);
+};

package/src/ssr/index.ts ADDED Viewed

@@ -0,0 +1,70 @@
+/**
+ * SSR / Pre-rendering module for bQuery.js.
+ *
+ * Provides server-side rendering, hydration, and store state serialization
+ * utilities for bQuery applications. Enables rendering bQuery templates
+ * to HTML strings on the server, serializing store state for client pickup,
+ * and hydrating the pre-rendered DOM on the client.
+ *
+ * ## Features
+ *
+ * - **`renderToString(template, data)`** — Server-side render a bQuery
+ *   template to an `SSRResult` containing an `html` string with directive evaluation.
+ * - **`hydrateMount(selector, context, { hydrate: true })`** — Reuse
+ *   existing server-rendered DOM and attach reactive bindings.
+ * - **`serializeStoreState(options?)`** — Serialize store state into a
+ *   `<script>` tag for client-side pickup.
+ * - **`deserializeStoreState()`** — Read serialized state on the client.
+ * - **`hydrateStore(id, state)` / `hydrateStores(stateMap)`** — Apply
+ *   server state to client stores.
+ *
+ * ## Usage
+ *
+ * ### Server
+ * ```ts
+ * import { renderToString, serializeStoreState } from '@bquery/bquery/ssr';
+ *
+ * const { html } = renderToString(
+ *   '<div id="app"><h1 bq-text="title"></h1></div>',
+ *   { title: 'Welcome' }
+ * );
+ *
+ * const { scriptTag } = serializeStoreState();
+ *
+ * // Send to client: html + scriptTag
+ * ```
+ *
+ * ### Client
+ * ```ts
+ * import { hydrateMount, deserializeStoreState, hydrateStores } from '@bquery/bquery/ssr';
+ * import { signal } from '@bquery/bquery/reactive';
+ *
+ * // Restore store state from SSR
+ * const ssrState = deserializeStoreState();
+ * hydrateStores(ssrState);
+ *
+ * // Hydrate the DOM with reactive bindings
+ * const title = signal('Welcome');
+ * hydrateMount('#app', { title }, { hydrate: true });
+ * ```
+ *
+ * @module bquery/ssr
+ */
+export { hydrateMount } from './hydrate';
+export type { HydrateMountOptions } from './hydrate';
+export { renderToString } from './render';
+export {
+  deserializeStoreState,
+  hydrateStore,
+  hydrateStores,
+  serializeStoreState,
+} from './serialize';
+export type { SerializeResult } from './serialize';
+export type {
+  DeserializedStoreState,
+  HydrationOptions,
+  RenderOptions,
+  SSRResult,
+  SerializeOptions,
+} from './types';