@dcl/schemas 19.4.1 → 19.4.2-20251027223021.commit-354472f

package/dist/core/index.d.ts

@@ -1,3 +1,4 @@
 export * from './parcel-validation';
 export * from './parcel-exceptions';
+export * from './url-validation';
 //# sourceMappingURL=index.d.ts.map

package/dist/core/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAA;AACnC,cAAc,qBAAqB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAA;AACnC,cAAc,qBAAqB,CAAA;AACnC,cAAc,kBAAkB,CAAA"}

package/dist/core/index.js

@@ -16,4 +16,5 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./parcel-validation"), exports);
 __exportStar(require("./parcel-exceptions"), exports);
+__exportStar(require("./url-validation"), exports);
 //# sourceMappingURL=index.js.map

package/dist/core/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,sDAAmC;AACnC,sDAAmC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,sDAAmC;AACnC,sDAAmC;AACnC,mDAAgC"}

package/dist/core/url-validation.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Configuration for URL validation
+ * @public
+ */
+export interface UrlValidationConfig {
+    /** Whether to allow localhost and private IPs (useful for development) */
+    allowLocalhost?: boolean;
+    /** Additional ports to allow beyond the default 80, 443 */
+    allowedPorts?: string[];
+}
+/**
+ * Validates if a URL string is safe
+ * @param url - The URL string to validate
+ * @param config - Validation configuration
+ * @returns true if the URL is safe, false if it contains malicious content
+ * @public
+ */
+export declare function validateUrl(url: string, config?: UrlValidationConfig): boolean;
+/**
+ * Validates if a URL instance is safe
+ * @param url - The URL instance to validate
+ * @param config - Validation configuration
+ * @returns true if the URL is safe, false otherwise
+ * @public
+ */
+export declare function validateUrlInstance(url: URL, config?: UrlValidationConfig): boolean;
+//# sourceMappingURL=url-validation.d.ts.map

package/dist/core/url-validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-validation.d.ts","sourceRoot":"","sources":["../../src/core/url-validation.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,0EAA0E;IAC1E,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,2DAA2D;IAC3D,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;CACxB;AAuKD;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,mBAAwB,GAAG,OAAO,CA4GlF;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,GAAE,mBAAwB,GAAG,OAAO,CAEvF"}

package/dist/core/url-validation.js

@@ -0,0 +1,257 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateUrlInstance = exports.validateUrl = void 0;
+/**
+ * Default configuration for URL validation
+ */
+const DEFAULT_CONFIG = {
+    allowLocalhost: false,
+    allowedPorts: []
+};
+/**
+ * Normalize and decode URL string defensively
+ */
+function decodeAndNormalize(s, times = 2) {
+    let out = s;
+    for (let i = 0; i < times; i++) {
+        try {
+            out = decodeURIComponent(out);
+        }
+        catch (_a) {
+            break;
+        }
+    }
+    return out.normalize('NFKC');
+}
+/**
+ * Check for control characters or bidirectional text
+ *
+ * Control characters (0x00-0x1F, 0x7F-0x9F) and bidirectional text controls
+ * can be used to:
+ * - Hide malicious content in URLs (e.g., null bytes to terminate strings)
+ * - Create visual confusion attacks (bidirectional text can reverse display order)
+ * - Bypass security filters that don't handle these characters properly
+ *
+ * Example XSS vector: "https://example.com/path\u202Eevil.com"
+ * The RLO (Right-to-Left Override) character can make "evil.com" appear before "path"
+ */
+function hasControlOrBidi(s) {
+    return /[\u0000-\u001F\u007F-\u009F\u202A-\u202E\u2066-\u2069]/.test(s);
+}
+/**
+ * Check if URL has credentials
+ */
+function hasCredentials(u) {
+    return Boolean(u.username || u.password);
+}
+/**
+ * Check for backslashes
+ *
+ * Backslashes can be used to:
+ * - Escape characters in contexts where they're interpreted (e.g., Windows paths)
+ * - Create paths that bypass validation (e.g., "C:\Windows\System32" vs "/Windows/System32")
+ * - Inject code in parsers that don't properly handle backslash escaping
+ *
+ * Example: "https://example.com/path\\..\\..\\etc\\passwd" could be interpreted
+ * as a directory traversal attack on Windows systems
+ */
+function hasBackslash(s) {
+    return /\\/.test(s);
+}
+/**
+ * Default allowed ports for URL validation (SSRF protection)
+ * Standard HTTP/HTTPS ports (80, 443)
+ */
+const DEFAULT_ALLOWED_PORTS = ['80', '443'];
+/**
+ * Check if port is disallowed (SSRF protection)
+ * Only allows ports defined in the allowed ports list
+ */
+function isDisallowedPort(u, allowedPorts) {
+    return !!u.port && !allowedPorts.includes(u.port);
+}
+/**
+ * Check if hostname is private/local
+ * Note: If implementing domain whitelists, convert hostname to ASCII (punycode)
+ * before comparison to avoid homograph attacks
+ */
+function isPrivateHost(hostname) {
+    const normalized = hostname.toLowerCase();
+    // Check for localhost variants
+    if (normalized === 'localhost' || normalized.endsWith('.local')) {
+        return true;
+    }
+    // Check for private IP ranges (basic regex check)
+    if (/^(127\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|192\.168\.|169\.254\.)/.test(normalized)) {
+        return true;
+    }
+    // Check for IPv6 localhost
+    if (normalized === '::1' ||
+        normalized === '[::1]' ||
+        normalized.startsWith('fe80:') ||
+        normalized.startsWith('fc00:')) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Safely parse URL supporting both absolute and relative URLs
+ */
+function safeParseUrl(urlString) {
+    // Block protocol-relative URLs (//host) for security
+    if (urlString.startsWith('//')) {
+        return null;
+    }
+    try {
+        // Try parsing as absolute URL first
+        return { url: new URL(urlString), wasRelative: false };
+    }
+    catch (_a) {
+        try {
+            // If it fails, try as relative URL with a safe base
+            return { url: new URL(urlString, 'https://example.com'), wasRelative: true };
+        }
+        catch (_b) {
+            return null;
+        }
+    }
+}
+/**
+ * Validates if a string contains potentially malicious content
+ */
+function isSafeString(value) {
+    const normalized = decodeAndNormalize(String(value).toLowerCase());
+    // Check for control characters and backslashes
+    if (hasControlOrBidi(normalized) || hasBackslash(normalized)) {
+        return false;
+    }
+    return true;
+}
+/**
+ * Validates if a URL path is safe
+ */
+function isSafePath(path) {
+    if (!path) {
+        return false;
+    }
+    // Prevent directory traversal attacks
+    // Note: Blocking // in paths is strict policy - if legitimate paths could have collapsed //,
+    // consider normalizing /{2,}→/ instead of rejecting
+    if (path.includes('..') || path.includes('//')) {
+        return false;
+    }
+    // Check for control characters and backslashes
+    if (hasControlOrBidi(path) || hasBackslash(path)) {
+        return false;
+    }
+    return true;
+}
+/**
+ * Validates if a URL string is safe
+ * @param url - The URL string to validate
+ * @param config - Validation configuration
+ * @returns true if the URL is safe, false if it contains malicious content
+ * @public
+ */
+function validateUrl(url, config = {}) {
+    const mergedConfig = Object.assign(Object.assign({}, DEFAULT_CONFIG), config);
+    const allowedPorts = [...DEFAULT_ALLOWED_PORTS, ...mergedConfig.allowedPorts];
+    // Check for null/undefined/empty
+    if (!url || url.length === 0) {
+        return false;
+    }
+    // Check URL length limit (4KB)
+    if (url.length > 4096) {
+        return false;
+    }
+    // Early check for control characters, bidirectional text, and backslashes in raw URL
+    if (hasControlOrBidi(url) || hasBackslash(url)) {
+        return false;
+    }
+    // Early check on decoded URL to catch encoded escapes (%5C, %0a, etc.)
+    const decoded = decodeAndNormalize(url);
+    if (hasControlOrBidi(decoded) || hasBackslash(decoded)) {
+        return false;
+    }
+    // Block protocol-relative URLs (//host)
+    if (url.startsWith('//')) {
+        return false;
+    }
+    const parsed = safeParseUrl(url);
+    if (!parsed) {
+        return false;
+    }
+    const { url: urlObj, wasRelative } = parsed;
+    // Check protocol - only allow http, https, and relative protocols
+    if (urlObj.protocol !== 'http:' && urlObj.protocol !== 'https:' && urlObj.protocol !== '') {
+        return false;
+    }
+    // Check for credentials and backslashes
+    if (hasCredentials(urlObj) || hasBackslash(url) || hasBackslash(urlObj.href)) {
+        return false;
+    }
+    // Only check host/port/SSRF for absolute URLs
+    if (!wasRelative) {
+        // Check for disallowed ports
+        if (isDisallowedPort(urlObj, allowedPorts)) {
+            return false;
+        }
+        // Check for private hosts (SSRF protection) - configurable for development
+        if (!mergedConfig.allowLocalhost && urlObj.hostname && isPrivateHost(urlObj.hostname)) {
+            return false;
+        }
+    }
+    // Check path for directory traversal and malicious paths
+    if (!isSafePath(urlObj.pathname)) {
+        return false;
+    }
+    // Check path length limit (2KB)
+    if (urlObj.pathname.length > 2048) {
+        return false;
+    }
+    // Check search parameters for malicious content and limits
+    const paramEntries = Array.from(urlObj.searchParams.entries());
+    if (paramEntries.length > 50) {
+        return false; // Too many parameters
+    }
+    // Check total query string length (2KB limit)
+    const queryLength = urlObj.search
+        ? urlObj.search.startsWith('?')
+            ? urlObj.search.length - 1
+            : urlObj.search.length
+        : 0;
+    if (queryLength > 2048) {
+        return false;
+    }
+    for (const [key, value] of paramEntries) {
+        // Reject empty keys
+        if (key.length === 0) {
+            return false;
+        }
+        if (!isSafeString(key) || !isSafeString(value)) {
+            return false;
+        }
+        // Check parameter size limits
+        if (key.length > 128 || value.length > 1024) {
+            return false;
+        }
+    }
+    // Check fragment for control characters
+    if (urlObj.hash && hasControlOrBidi(urlObj.hash)) {
+        return false;
+    }
+    return true;
+}
+exports.validateUrl = validateUrl;
+/**
+ * Validates if a URL instance is safe
+ * @param url - The URL instance to validate
+ * @param config - Validation configuration
+ * @returns true if the URL is safe, false otherwise
+ * @public
+ */
+function validateUrlInstance(url, config = {}) {
+    return validateUrl(url.toString(), config);
+}
+exports.validateUrlInstance = validateUrlInstance;
+//# sourceMappingURL=url-validation.js.map

package/dist/core/url-validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-validation.js","sourceRoot":"","sources":["../../src/core/url-validation.ts"],"names":[],"mappings":";;;AAWA;;GAEG;AACH,MAAM,cAAc,GAAkC;IACpD,cAAc,EAAE,KAAK;IACrB,YAAY,EAAE,EAAE;CACjB,CAAA;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,CAAS,EAAE,KAAK,GAAG,CAAC;IAC9C,IAAI,GAAG,GAAG,CAAC,CAAA;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE;QAC9B,IAAI;YACF,GAAG,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAA;SAC9B;QAAC,WAAM;YACN,MAAK;SACN;KACF;IACD,OAAO,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;AAC9B,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,gBAAgB,CAAC,CAAS;IACjC,OAAO,wDAAwD,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACzE,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,CAAM;IAC5B,OAAO,OAAO,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAA;AAC1C,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,YAAY,CAAC,CAAS;IAC7B,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACrB,CAAC;AAED;;;GAGG;AACH,MAAM,qBAAqB,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;AAE3C;;;GAGG;AACH,SAAS,gBAAgB,CAAC,CAAM,EAAE,YAAsB;IACtD,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;AACnD,CAAC;AAED;;;;GAIG;AACH,SAAS,aAAa,CAAC,QAAgB;IACrC,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAA;IAEzC,+BAA+B;IAC/B,IAAI,UAAU,KAAK,WAAW,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;QAC/D,OAAO,IAAI,CAAA;KACZ;IAED,kDAAkD;IAClD,IAAI,mEAAmE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE;QACxF,OAAO,IAAI,CAAA;KACZ;IAED,2BAA2B;IAC3B,IACE,UAAU,KAAK,KAAK;QACpB,UAAU,KAAK,OAAO;QACtB,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC;QAC9B,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,EAC9B;QACA,OAAO,IAAI,CAAA;KACZ;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,SAAiB;IACrC,qDAAqD;IACrD,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;QAC9B,OAAO,IAAI,CAAA;KACZ;IAED,IAAI;QACF,oCAAoC;QACpC,OAAO,EAAE,GAAG,EAAE,IAAI,GAAG,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,CAAA;KACvD;IAAC,WAAM;QACN,IAAI;YACF,oDAAoD;YACpD,OAAO,EAAE,GAAG,EAAE,IAAI,GAAG,CAAC,SAAS,EAAE,qBAAqB,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAA;SAC7E;QAAC,WAAM;YACN,OAAO,IAAI,CAAA;SACZ;KACF;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAA;IAElE,+CAA+C;IAC/C,IAAI,gBAAgB,CAAC,UAAU,CAAC,IAAI,YAAY,CAAC,UAAU,CAAC,EAAE;QAC5D,OAAO,KAAK,CAAA;KACb;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,IAAI,CAAC,IAAI,EAAE;QACT,OAAO,KAAK,CAAA;KACb;IAED,sCAAsC;IACtC,6FAA6F;IAC7F,oDAAoD;IACpD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;QAC9C,OAAO,KAAK,CAAA;KACb;IAED,+CAA+C;IAC/C,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE;QAChD,OAAO,KAAK,CAAA;KACb;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,WAAW,CAAC,GAAW,EAAE,SAA8B,EAAE;IACvE,MAAM,YAAY,mCAAQ,cAAc,GAAK,MAAM,CAAE,CAAA;IACrD,MAAM,YAAY,GAAG,CAAC,GAAG,qBAAqB,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC,CAAA;IAE7E,iCAAiC;IACjC,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE;QAC5B,OAAO,KAAK,CAAA;KACb;IAED,+BAA+B;IAC/B,IAAI,GAAG,CAAC,MAAM,GAAG,IAAI,EAAE;QACrB,OAAO,KAAK,CAAA;KACb;IAED,qFAAqF;IACrF,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE;QAC9C,OAAO,KAAK,CAAA;KACb;IAED,uEAAuE;IACvE,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAA;IACvC,IAAI,gBAAgB,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,OAAO,CAAC,EAAE;QACtD,OAAO,KAAK,CAAA;KACb;IAED,wCAAwC;IACxC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;QACxB,OAAO,KAAK,CAAA;KACb;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;IAChC,IAAI,CAAC,MAAM,EAAE;QACX,OAAO,KAAK,CAAA;KACb;IAED,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,CAAA;IAE3C,kEAAkE;IAClE,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,EAAE,EAAE;QACzF,OAAO,KAAK,CAAA;KACb;IAED,wCAAwC;IACxC,IAAI,cAAc,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;QAC5E,OAAO,KAAK,CAAA;KACb;IAED,8CAA8C;IAC9C,IAAI,CAAC,WAAW,EAAE;QAChB,6BAA6B;QAC7B,IAAI,gBAAgB,CAAC,MAAM,EAAE,YAAY,CAAC,EAAE;YAC1C,OAAO,KAAK,CAAA;SACb;QAED,2EAA2E;QAC3E,IAAI,CAAC,YAAY,CAAC,cAAc,IAAI,MAAM,CAAC,QAAQ,IAAI,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE;YACrF,OAAO,KAAK,CAAA;SACb;KACF;IAED,yDAAyD;IACzD,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE;QAChC,OAAO,KAAK,CAAA;KACb;IAED,gCAAgC;IAChC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,EAAE;QACjC,OAAO,KAAK,CAAA;KACb;IAED,2DAA2D;IAC3D,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,CAAA;IAC9D,IAAI,YAAY,CAAC,MAAM,GAAG,EAAE,EAAE;QAC5B,OAAO,KAAK,CAAA,CAAC,sBAAsB;KACpC;IAED,8CAA8C;IAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM;QAC/B,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC;YAC7B,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;YAC1B,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM;QACxB,CAAC,CAAC,CAAC,CAAA;IACL,IAAI,WAAW,GAAG,IAAI,EAAE;QACtB,OAAO,KAAK,CAAA;KACb;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,YAAY,EAAE;QACvC,oBAAoB;QACpB,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE;YACpB,OAAO,KAAK,CAAA;SACb;QAED,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE;YAC9C,OAAO,KAAK,CAAA;SACb;QAED,8BAA8B;QAC9B,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI,EAAE;YAC3C,OAAO,KAAK,CAAA;SACb;KACF;IAED,wCAAwC;IACxC,IAAI,MAAM,CAAC,IAAI,IAAI,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;QAChD,OAAO,KAAK,CAAA;KACb;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AA5GD,kCA4GC;AAED;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,GAAQ,EAAE,SAA8B,EAAE;IAC5E,OAAO,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAA;AAC5C,CAAC;AAFD,kDAEC"}

package/dist/schemas.d.ts

@@ -1300,7 +1300,8 @@ export declare namespace EthAddress {
     const validate: ValidateFunction<EthAddress>;
 }
 
-export declare type Event = BadgeGrantedEvent | BidAcceptedEvent | BidReceivedEvent | CampaignGasPriceHigherThanExpectedEvent | CampaignOutOfFundsEvent | CampaignOutOfStockEvent | CatalystDeploymentEvent | CollectionCreatedEvent | FriendshipRequestEvent | FriendshipAcceptedEvent | ItemPublishedEvent | ItemSoldEvent | LoggedInEvent | LoggedInCachedEvent | MoveToParcelEvent | PassportOpenedEvent | RentalEndedEvent | RentalStartedEvent | RewardAssignedEvent | RewardDelayedEvent | RewardInProgressEvent | RoyaltiesEarnedEvent | UsedEmoteEvent | VerticalHeightReachedEvent | WalkedDistanceEvent | CreditsGoalCompletedEvent | CreditsOnDemandEvent | StreamingKeyResetEvent | StreamingKeyRevokeEvent | StreamingKeyExpiredEvent | StreamingTimeExceededEvent | StreamingPlaceUpdatedEvent | UserJoinedRoomEvent | UserLeftRoomEvent | UserBannedFromSceneEvent | UserUnbannedFromSceneEvent | CreditsCompleteGoalsReminderEvent | CreditsUsageReminderEvent | CreditsUsage24HoursReminderEvent | CreditsDoNotMissOutReminderEvent | CreditsClaimReminderEvent | ReferralInvitedUsersAcceptedEvent | ReferralNewTierReachedEvent | CommunityDeletedEvent | CommunityDeletedContentViolationEvent | CommunityRenamedEvent | CommunityMemberBannedEvent | CommunityMemberRemovedEvent | CommunityRequestToJoinReceivedEvent | CommunityRequestToJoinAcceptedEvent | CommunityInviteReceivedEvent | PhotoTakenEvent | PhotoPrivacyChangedEvent | AuthIdentifyEvent | EventCreatedEvent | EventStartedEvent | EventStartsSoonEvent | GovernanceProposalEnactedEvent | GovernanceCoauthorRequestedEvent | GovernancePitchPassedEvent | GovernanceTenderPassedEvent | GovernanceAuthoredProposalFinishedEvent | GovernanceVotingEndedVoterEvent | GovernanceNewCommentOnProposalEvent | GovernanceNewCommentOnProjectUpdatedEvent | GovernanceWhaleVoteEvent | GovernanceVotedOnBehalfEvent | GovernanceCliffEndedEvent | WorldsPermissionGrantedEvent | WorldsPermissionRevokedEvent | WorldsAccessRestoredEvent | WorldsAccessRestrictedEvent | WorldsMissingResourcesEvent;
+declare type Event_2 = BadgeGrantedEvent | BidAcceptedEvent | BidReceivedEvent | CampaignGasPriceHigherThanExpectedEvent | CampaignOutOfFundsEvent | CampaignOutOfStockEvent | CatalystDeploymentEvent | CollectionCreatedEvent | FriendshipRequestEvent | FriendshipAcceptedEvent | ItemPublishedEvent | ItemSoldEvent | LoggedInEvent | LoggedInCachedEvent | MoveToParcelEvent | PassportOpenedEvent | RentalEndedEvent | RentalStartedEvent | RewardAssignedEvent | RewardDelayedEvent | RewardInProgressEvent | RoyaltiesEarnedEvent | UsedEmoteEvent | VerticalHeightReachedEvent | WalkedDistanceEvent | CreditsGoalCompletedEvent | CreditsOnDemandEvent | StreamingKeyResetEvent | StreamingKeyRevokeEvent | StreamingKeyExpiredEvent | StreamingTimeExceededEvent | StreamingPlaceUpdatedEvent | UserJoinedRoomEvent | UserLeftRoomEvent | UserBannedFromSceneEvent | UserUnbannedFromSceneEvent | CreditsCompleteGoalsReminderEvent | CreditsUsageReminderEvent | CreditsUsage24HoursReminderEvent | CreditsDoNotMissOutReminderEvent | CreditsClaimReminderEvent | ReferralInvitedUsersAcceptedEvent | ReferralNewTierReachedEvent | CommunityDeletedEvent | CommunityDeletedContentViolationEvent | CommunityRenamedEvent | CommunityMemberBannedEvent | CommunityMemberRemovedEvent | CommunityRequestToJoinReceivedEvent | CommunityRequestToJoinAcceptedEvent | CommunityInviteReceivedEvent | PhotoTakenEvent | PhotoPrivacyChangedEvent | AuthIdentifyEvent | EventCreatedEvent | EventStartedEvent | EventStartsSoonEvent | GovernanceProposalEnactedEvent | GovernanceCoauthorRequestedEvent | GovernancePitchPassedEvent | GovernanceTenderPassedEvent | GovernanceAuthoredProposalFinishedEvent | GovernanceVotingEndedVoterEvent | GovernanceNewCommentOnProposalEvent | GovernanceNewCommentOnProjectUpdatedEvent | GovernanceWhaleVoteEvent | GovernanceVotedOnBehalfEvent | GovernanceCliffEndedEvent | WorldsPermissionGrantedEvent | WorldsPermissionRevokedEvent | WorldsAccessRestoredEvent | WorldsAccessRestrictedEvent | WorldsMissingResourcesEvent;
+export { Event_2 as Event }
 
 export declare type EventCreatedEvent = BaseEvent & {
     type: Events.Type.EVENT;
@@ -4048,6 +4049,17 @@ declare namespace Update {
     const validate: ValidateFunction<Update>;
 }
 
+/**
+ * Configuration for URL validation
+ * @public
+ */
+export declare interface UrlValidationConfig {
+    /** Whether to allow localhost and private IPs (useful for development) */
+    allowLocalhost?: boolean;
+    /** Additional ports to allow beyond the default 80, 443 */
+    allowedPorts?: string[];
+}
+
 export declare type USDPeggedManaTradeAsset = BaseTradeAsset & {
     assetType: TradeAssetType.USD_PEGGED_MANA;
     amount: string;
@@ -4144,6 +4156,24 @@ export declare interface ValidateFunction<T = unknown> {
  */
 export declare function validateType<T>(theType: Pick<AbstractTypedSchema<T>, 'validate'>, value: T): boolean;
 
+/**
+ * Validates if a URL string is safe
+ * @param url - The URL string to validate
+ * @param config - Validation configuration
+ * @returns true if the URL is safe, false if it contains malicious content
+ * @public
+ */
+export declare function validateUrl(url: string, config?: UrlValidationConfig): boolean;
+
+/**
+ * Validates if a URL instance is safe
+ * @param url - The URL instance to validate
+ * @param config - Validation configuration
+ * @returns true if the URL is safe, false otherwise
+ * @public
+ */
+export declare function validateUrlInstance(url: URL, config?: UrlValidationConfig): boolean;
+
 /**
  * World Range
  * @alpha

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "19.4.1",
+  "version": "19.4.2-20251027223021.commit-354472f",
   "name": "@dcl/schemas",
   "main": "./dist/index.js",
   "typings": "./dist/index.d.ts",
@@ -45,5 +45,5 @@
   "files": [
     "dist"
   ],
-  "commit": "03ec09b2e64bcfb016b55e535df9d112c0638cb1"
+  "commit": "354472fe4a8bbc550bc2253f8c526617ed8e84ba"
 }