@character-foundry/character-foundry 0.4.3-dev.1766019473 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/dist/charx.cjs +34 -13
  2. package/dist/charx.cjs.map +1 -1
  3. package/dist/charx.js +34 -13
  4. package/dist/charx.js.map +1 -1
  5. package/dist/exporter.cjs +36 -32
  6. package/dist/exporter.cjs.map +1 -1
  7. package/dist/exporter.js +36 -32
  8. package/dist/exporter.js.map +1 -1
  9. package/dist/federation.cjs +36 -104
  10. package/dist/federation.cjs.map +1 -1
  11. package/dist/federation.d.cts +0 -35
  12. package/dist/federation.d.ts +0 -35
  13. package/dist/federation.js +36 -104
  14. package/dist/federation.js.map +1 -1
  15. package/dist/index.cjs +36 -32
  16. package/dist/index.cjs.map +1 -1
  17. package/dist/index.js +36 -32
  18. package/dist/index.js.map +1 -1
  19. package/dist/loader.cjs +13 -99
  20. package/dist/loader.cjs.map +1 -1
  21. package/dist/loader.d.cts +0 -14
  22. package/dist/loader.d.ts +0 -14
  23. package/dist/loader.js +13 -99
  24. package/dist/loader.js.map +1 -1
  25. package/dist/normalizer.cjs.map +1 -1
  26. package/dist/normalizer.js.map +1 -1
  27. package/dist/png.cjs.map +1 -1
  28. package/dist/png.js.map +1 -1
  29. package/dist/schemas.cjs +5 -5
  30. package/dist/schemas.cjs.map +1 -1
  31. package/dist/schemas.js +5 -5
  32. package/dist/schemas.js.map +1 -1
  33. package/dist/voxta.cjs +2 -19
  34. package/dist/voxta.cjs.map +1 -1
  35. package/dist/voxta.js +2 -19
  36. package/dist/voxta.js.map +1 -1
  37. package/package.json +4 -4
package/dist/charx.cjs CHANGED
@@ -868,6 +868,36 @@ var SAFE_ASSET_TYPES = /* @__PURE__ */ new Set([
868
868
  "data",
869
869
  "unknown"
870
870
  ]);
871
+ var SAFE_EXTENSIONS = /* @__PURE__ */ new Set([
872
+ // Images
873
+ "png",
874
+ "jpg",
875
+ "jpeg",
876
+ "webp",
877
+ "gif",
878
+ "avif",
879
+ "svg",
880
+ "bmp",
881
+ "ico",
882
+ // Audio
883
+ "mp3",
884
+ "wav",
885
+ "ogg",
886
+ "flac",
887
+ "m4a",
888
+ "aac",
889
+ "opus",
890
+ // Video
891
+ "mp4",
892
+ "webm",
893
+ "avi",
894
+ "mov",
895
+ "mkv",
896
+ // Data
897
+ "json",
898
+ "txt",
899
+ "bin"
900
+ ]);
871
901
  function getCharxCategory(mimetype) {
872
902
  if (mimetype.startsWith("image/")) return "images";
873
903
  if (mimetype.startsWith("audio/")) return "audio";
@@ -883,20 +913,11 @@ function sanitizeAssetType(type) {
883
913
  return sanitized || "custom";
884
914
  }
885
915
  function sanitizeExtension(ext) {
886
- const normalized = ext.trim().replace(/^\./, "").toLowerCase();
887
- if (!normalized) {
888
- throw new Error("Invalid asset extension: empty extension");
889
- }
890
- if (normalized.length > 64) {
891
- throw new Error(`Invalid asset extension: too long (${normalized.length} chars)`);
892
- }
893
- if (normalized.includes("/") || normalized.includes("\\") || normalized.includes("\0")) {
894
- throw new Error("Invalid asset extension: path separators are not allowed");
895
- }
896
- if (!/^[a-z0-9][a-z0-9._-]*$/.test(normalized)) {
897
- throw new Error(`Invalid asset extension: "${ext}"`);
916
+ const normalized = ext.replace(/^\./, "").toLowerCase().replace(/[^a-z0-9]/g, "");
917
+ if (SAFE_EXTENSIONS.has(normalized)) {
918
+ return normalized;
898
919
  }
899
- return normalized;
920
+ return "bin";
900
921
  }
901
922
  function sanitizeName(name, ext) {
902
923
  let safeName = name;