@character-foundry/character-foundry 0.4.3-dev.1766019473 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/dist/charx.cjs +34 -13
  2. package/dist/charx.cjs.map +1 -1
  3. package/dist/charx.js +34 -13
  4. package/dist/charx.js.map +1 -1
  5. package/dist/exporter.cjs +36 -32
  6. package/dist/exporter.cjs.map +1 -1
  7. package/dist/exporter.js +36 -32
  8. package/dist/exporter.js.map +1 -1
  9. package/dist/federation.cjs +36 -104
  10. package/dist/federation.cjs.map +1 -1
  11. package/dist/federation.d.cts +0 -35
  12. package/dist/federation.d.ts +0 -35
  13. package/dist/federation.js +36 -104
  14. package/dist/federation.js.map +1 -1
  15. package/dist/index.cjs +36 -32
  16. package/dist/index.cjs.map +1 -1
  17. package/dist/index.js +36 -32
  18. package/dist/index.js.map +1 -1
  19. package/dist/loader.cjs +13 -99
  20. package/dist/loader.cjs.map +1 -1
  21. package/dist/loader.d.cts +0 -14
  22. package/dist/loader.d.ts +0 -14
  23. package/dist/loader.js +13 -99
  24. package/dist/loader.js.map +1 -1
  25. package/dist/normalizer.cjs.map +1 -1
  26. package/dist/normalizer.js.map +1 -1
  27. package/dist/png.cjs.map +1 -1
  28. package/dist/png.js.map +1 -1
  29. package/dist/schemas.cjs +5 -5
  30. package/dist/schemas.cjs.map +1 -1
  31. package/dist/schemas.js +5 -5
  32. package/dist/schemas.js.map +1 -1
  33. package/dist/voxta.cjs +2 -19
  34. package/dist/voxta.cjs.map +1 -1
  35. package/dist/voxta.js +2 -19
  36. package/dist/voxta.js.map +1 -1
  37. package/package.json +4 -4
package/dist/charx.js CHANGED
@@ -836,6 +836,36 @@ var SAFE_ASSET_TYPES = /* @__PURE__ */ new Set([
836
836
  "data",
837
837
  "unknown"
838
838
  ]);
839
+ var SAFE_EXTENSIONS = /* @__PURE__ */ new Set([
840
+ // Images
841
+ "png",
842
+ "jpg",
843
+ "jpeg",
844
+ "webp",
845
+ "gif",
846
+ "avif",
847
+ "svg",
848
+ "bmp",
849
+ "ico",
850
+ // Audio
851
+ "mp3",
852
+ "wav",
853
+ "ogg",
854
+ "flac",
855
+ "m4a",
856
+ "aac",
857
+ "opus",
858
+ // Video
859
+ "mp4",
860
+ "webm",
861
+ "avi",
862
+ "mov",
863
+ "mkv",
864
+ // Data
865
+ "json",
866
+ "txt",
867
+ "bin"
868
+ ]);
839
869
  function getCharxCategory(mimetype) {
840
870
  if (mimetype.startsWith("image/")) return "images";
841
871
  if (mimetype.startsWith("audio/")) return "audio";
@@ -851,20 +881,11 @@ function sanitizeAssetType(type) {
851
881
  return sanitized || "custom";
852
882
  }
853
883
  function sanitizeExtension(ext) {
854
- const normalized = ext.trim().replace(/^\./, "").toLowerCase();
855
- if (!normalized) {
856
- throw new Error("Invalid asset extension: empty extension");
857
- }
858
- if (normalized.length > 64) {
859
- throw new Error(`Invalid asset extension: too long (${normalized.length} chars)`);
860
- }
861
- if (normalized.includes("/") || normalized.includes("\\") || normalized.includes("\0")) {
862
- throw new Error("Invalid asset extension: path separators are not allowed");
863
- }
864
- if (!/^[a-z0-9][a-z0-9._-]*$/.test(normalized)) {
865
- throw new Error(`Invalid asset extension: "${ext}"`);
884
+ const normalized = ext.replace(/^\./, "").toLowerCase().replace(/[^a-z0-9]/g, "");
885
+ if (SAFE_EXTENSIONS.has(normalized)) {
886
+ return normalized;
866
887
  }
867
- return normalized;
888
+ return "bin";
868
889
  }
869
890
  function sanitizeName(name, ext) {
870
891
  let safeName = name;