@d1g1tal/transportr 3.2.1 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/CHANGELOG.md +15 -0
  2. package/dist/iife/content-type.js +2 -1
  3. package/dist/iife/request-header.js +2 -1
  4. package/dist/iife/request-method.js +2 -1
  5. package/dist/iife/response-header.js +2 -1
  6. package/dist/iife/transportr.js +155 -164
  7. package/dist/iife/transportr.js.map +3 -3
  8. package/dist/transportr.d.ts +2 -0
  9. package/dist/transportr.js +4 -4
  10. package/dist/transportr.js.map +3 -3
  11. package/package.json +2 -2
package/CHANGELOG.md CHANGED
@@ -1,3 +1,18 @@
1
+ ## [3.3.0](https://github.com/D1g1talEntr0py/transportr/compare/v3.2.2...v3.3.0) (2026-04-09)
2
+
3
+ ### Features
4
+
5
+ * add allowScripts option to getHtmlFragment (806476bea43b1a74c4df5e6b89d2509e3d5ebb90)
6
+ Introduces a new `allowScripts` option to `getHtmlFragment()` that controls whether DOMPurify strips `<script>` tags from HTML fragment responses. By default, scripts are stripped, ensuring safety for cross-origin content. When `allowScripts: true` is provided, DOMPurify preserves `<script>` elements and their attributes, suitable for trusted same-origin fragments.
7
+
8
+ As part of this enhancement, DOMPurify initialization is refactored. The lazy `domReady` promise now imports and caches the DOMPurify instance, eliminating the previous chain of separate getter functions. A new `handleHtmlFragmentWithScripts` handler is added to support this feature, and comprehensive tests are included to verify script-stripping behavior, script preservation, and the continued sanitization of inline event handlers.
9
+
10
+ ## [3.2.2](https://github.com/D1g1talEntr0py/transportr/compare/v3.2.1...v3.2.2) (2026-04-09)
11
+
12
+ ### Bug Fixes
13
+
14
+ * **build:** add handling of export 'as' format for IIFE scripts (e7d1857d664196a8fd29352fde320f729645bda8)
15
+
1
16
  ## [3.2.1](https://github.com/D1g1talEntr0py/transportr/compare/v3.2.0...v3.2.1) (2026-04-09)
2
17
 
3
18
  ### Bug Fixes
package/dist/iife/content-type.js CHANGED
@@ -1,5 +1,6 @@
1
1
  (() => {
2
2
  // iife:/home/runner/work/transportr/transportr/dist/content-type.js
3
3
  var i = { AAC: "audio/aac", ABW: "application/x-abiword", ARC: "application/x-freearc", AVIF: "image/avif", AVI: "video/x-msvideo", AZW: "application/vnd.amazon.ebook", BIN: "application/octet-stream", BMP: "image/bmp", BZIP: "application/x-bzip", BZIP2: "application/x-bzip2", CDA: "application/x-cdf", CSH: "application/x-csh", CSS: "text/css", CSV: "text/csv", DOC: "application/msword", DOCX: "application/vnd.openxmlformats-officedocument.wordprocessingml.document", EOT: "application/vnd.ms-fontobject", EPUB: "application/epub+zip", GZIP: "application/gzip", GIF: "image/gif", HTML: "text/html", ICO: "image/vnd.microsoft.icon", ICS: "text/calendar", JAR: "application/java-archive", JPEG: "image/jpeg", JAVA_SCRIPT: "text/javascript", JSON: "application/json", JSON_LD: "application/ld+json", JSON_MERGE_PATCH: "application/merge-patch+json", MID: "audio/midi", X_MID: "audio/x-midi", MP3: "audio/mpeg", MP4A: "audio/mp4", MP4: "video/mp4", MPEG: "video/mpeg", MPKG: "application/vnd.apple.installer+xml", ODP: "application/vnd.oasis.opendocument.presentation", ODS: "application/vnd.oasis.opendocument.spreadsheet", ODT: "application/vnd.oasis.opendocument.text", OGA: "audio/ogg", OGV: "video/ogg", OGX: "application/ogg", OPUS: "audio/opus", OTF: "font/otf", PNG: "image/png", PDF: "application/pdf", PHP: "application/x-httpd-php", PPT: "application/vnd.ms-powerpoint", PPTX: "application/vnd.openxmlformats-officedocument.presentationml.presentation", RAR: "application/vnd.rar", RTF: "application/rtf", SH: "application/x-sh", SVG: "image/svg+xml", TAR: "application/x-tar", TIFF: "image/tiff", TRANSPORT_STREAM: "video/mp2t", TTF: "font/ttf", TEXT: "text/plain", VSD: "application/vnd.visio", WAV: "audio/wav", WEBA: "audio/webm", WEBM: "video/webm", WEBP: "image/webp", WOFF: "font/woff", WOFF2: "font/woff2", FORM: "application/x-www-form-urlencoded", MULTIPART_FORM_DATA: "multipart/form-data", XHTML: "application/xhtml+xml", XLS: "application/vnd.ms-excel", XLSX: "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", XML: "application/xml", XUL: "application/vnd.mozilla.xul+xml", ZIP: "application/zip", "3GP": "video/3gpp", "3G2": "video/3gpp2", "7Z": "application/x-7z-compressed" };
4
- Object.assign(globalThis, { i });
4
+
5
+ Object.assign(globalThis, { ContentType: i });
5
6
  })();
package/dist/iife/request-header.js CHANGED
@@ -1,5 +1,6 @@
1
1
  (() => {
2
2
  // iife:/home/runner/work/transportr/transportr/dist/request-header.js
3
3
  var e = { ACCEPT: "accept", ACCEPT_CHARSET: "accept-charset", ACCEPT_ENCODING: "accept-encoding", ACCEPT_LANGUAGE: "accept-language", AUTHORIZATION: "authorization", CACHE_CONTROL: "cache-control", CONNECTION: "connection", COOKIE: "cookie", CONTENT_LENGTH: "content-length", CONTENT_MD5: "content-md5", CONTENT_TYPE: "content-type", DATE: "date", HOST: "host", IF_MATCH: "if-match", IF_MODIFIED_SINCE: "if-modified-since", IF_NONE_MATCH: "if-none-match", IF_RANGE: "if-range", IF_UNMODIFIED_SINCE: "if-unmodified-since", MAX_FORWARDS: "max-forwards", ORIGIN: "origin", PRAGMA: "pragma", PROXY_AUTHORIZATION: "proxy-authorization", RANGE: "range", REFERER: "referer", TE: "te", USER_AGENT: "user-agent", UPGRADE: "upgrade", WARNING: "warning", X_REQUESTED_WITH: "x-requested-with", X_FORWARDED_FOR: "x-forwarded-for", X_FORWARDED_HOST: "x-forwarded-host", X_FORWARDED_PROTO: "x-forwarded-proto" };
4
- Object.assign(globalThis, { e });
4
+
5
+ Object.assign(globalThis, { RequestHeader: e });
5
6
  })();
package/dist/iife/request-method.js CHANGED
@@ -1,5 +1,6 @@
1
1
  (() => {
2
2
  // iife:/home/runner/work/transportr/transportr/dist/request-method.js
3
3
  var T = { OPTIONS: "OPTIONS", GET: "GET", HEAD: "HEAD", POST: "POST", PUT: "PUT", DELETE: "DELETE", TRACE: "TRACE", CONNECT: "CONNECT", PATCH: "PATCH" };
4
- Object.assign(globalThis, { T });
4
+
5
+ Object.assign(globalThis, { RequestMethod: T });
5
6
  })();
package/dist/iife/response-header.js CHANGED
@@ -1,5 +1,6 @@
1
1
  (() => {
2
2
  // iife:/home/runner/work/transportr/transportr/dist/response-header.js
3
3
  var t = { PROXY_CONNECTION: "proxy-connection", X_UIDH: "x-uidh", X_CSRF_TOKEN: "x-csrf-token", ACCESS_CONTROL_ALLOW_ORIGIN: "access-control-allow-origin", ACCEPT_PATCH: "accept-patch", ACCEPT_RANGES: "accept-ranges", AGE: "age", ALLOW: "allow", CACHE_CONTROL: "cache-control", CONNECTION: "connection", CONTENT_DISPOSITION: "content-disposition", CONTENT_ENCODING: "content-encoding", CONTENT_LANGUAGE: "content-language", CONTENT_LENGTH: "content-length", CONTENT_LOCATION: "content-location", CONTENT_RANGE: "content-range", CONTENT_TYPE: "content-type", DATE: "date", ETAG: "etag", EXPIRES: "expires", LAST_MODIFIED: "last-modified", LINK: "link", LOCATION: "location", P3P: "p3p", PRAGMA: "pragma", PROXY_AUTHENTICATION: "proxy-authenticate", PUBLIC_KEY_PINS: "public-key-pins", RETRY_AFTER: "retry-after", SERVER: "server", SET_COOKIE: "set-cookie", STATUS: "status", STRICT_TRANSPORT_SECURITY: "strict-transport-security", TRAILER: "trailer", TRANSFER_ENCODING: "transfer-encoding", UPGRADE: "upgrade", VARY: "vary", VIA: "via", WARNING: "warning", WWW_AUTHENTICATE: "www-authenticate", X_XSS_PROTECTION: "x-xss-protection", CONTENT_SECURITY_POLICY: "content-security-policy", X_CONTENT_TYPE_OPTIONS: "x-content-type-options", X_POWERED_BY: "x-powered-by" };
4
- Object.assign(globalThis, { t });
4
+
5
+ Object.assign(globalThis, { ResponseHeader: t });
5
6
  })();