@character-foundry/character-foundry 0.4.2-dev.1765942273 → 0.4.2-dev.1765997746

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/dist/charx.cjs +13 -34
  2. package/dist/charx.cjs.map +1 -1
  3. package/dist/charx.js +13 -34
  4. package/dist/charx.js.map +1 -1
  5. package/dist/exporter.cjs +32 -36
  6. package/dist/exporter.cjs.map +1 -1
  7. package/dist/exporter.js +32 -36
  8. package/dist/exporter.js.map +1 -1
  9. package/dist/federation.cjs +104 -36
  10. package/dist/federation.cjs.map +1 -1
  11. package/dist/federation.d.cts +35 -0
  12. package/dist/federation.d.ts +35 -0
  13. package/dist/federation.js +104 -36
  14. package/dist/federation.js.map +1 -1
  15. package/dist/index.cjs +32 -36
  16. package/dist/index.cjs.map +1 -1
  17. package/dist/index.js +32 -36
  18. package/dist/index.js.map +1 -1
  19. package/dist/loader.cjs +99 -13
  20. package/dist/loader.cjs.map +1 -1
  21. package/dist/loader.d.cts +14 -0
  22. package/dist/loader.d.ts +14 -0
  23. package/dist/loader.js +99 -13
  24. package/dist/loader.js.map +1 -1
  25. package/dist/normalizer.cjs.map +1 -1
  26. package/dist/normalizer.js.map +1 -1
  27. package/dist/png.cjs.map +1 -1
  28. package/dist/png.js.map +1 -1
  29. package/dist/schemas.cjs +5 -5
  30. package/dist/schemas.cjs.map +1 -1
  31. package/dist/schemas.js +5 -5
  32. package/dist/schemas.js.map +1 -1
  33. package/dist/voxta.cjs +19 -2
  34. package/dist/voxta.cjs.map +1 -1
  35. package/dist/voxta.js +19 -2
  36. package/dist/voxta.js.map +1 -1
  37. package/package.json +5 -5
package/dist/voxta.js CHANGED
@@ -7212,6 +7212,22 @@ function sanitizeName(name, ext) {
7212
7212
  if (!safeName) safeName = "asset";
7213
7213
  return safeName;
7214
7214
  }
7215
+ function sanitizeExtension(ext) {
7216
+ const normalized = ext.trim().replace(/^\./, "").toLowerCase();
7217
+ if (!normalized) {
7218
+ throw new Error("Invalid asset extension: empty extension");
7219
+ }
7220
+ if (normalized.length > 64) {
7221
+ throw new Error(`Invalid asset extension: too long (${normalized.length} chars)`);
7222
+ }
7223
+ if (normalized.includes("/") || normalized.includes("\\") || normalized.includes("\0")) {
7224
+ throw new Error("Invalid asset extension: path separators are not allowed");
7225
+ }
7226
+ if (!/^[a-z0-9][a-z0-9._-]*$/.test(normalized)) {
7227
+ throw new Error(`Invalid asset extension: "${ext}"`);
7228
+ }
7229
+ return normalized;
7230
+ }
7215
7231
  function writeVoxta(card, assets, options = {}) {
7216
7232
  const { compressionLevel = 6, includePackageJson = false } = options;
7217
7233
  const cardData = card.data;
@@ -7300,8 +7316,9 @@ function writeVoxta(card, assets, options = {}) {
7300
7316
  let assetCount = 0;
7301
7317
  let mainThumbnail;
7302
7318
  for (const asset of assets) {
7303
- const safeName = sanitizeName(asset.name, asset.ext);
7304
- const finalFilename = `${safeName}.${asset.ext}`;
7319
+ const safeExt = sanitizeExtension(asset.ext);
7320
+ const safeName = sanitizeName(asset.name, safeExt);
7321
+ const finalFilename = `${safeName}.${safeExt}`;
7305
7322
  let voxtaPath = "";
7306
7323
  const tags = asset.tags || [];
7307
7324
  const isMainIcon = asset.type === "icon" && (tags.includes("portrait-override") || asset.name === "main" || asset.isMain);