@erickxavier/no-js 1.10.0 → 1.11.0

package/src/directives/validation.js

@@ -417,26 +417,33 @@ registerDirective("validate", {
 
         if (triggers.includes("input")) {
           field.addEventListener("input", handler);
+          _onDispose(() => field.removeEventListener("input", handler));
         } else {
           // Always track dirty and re-validate on input for data accuracy
           // (validate-on only affects visual feedback like error-class/templates)
-          field.addEventListener("input", () => {
+          const silentInputHandler = () => {
             dirtyFields.add(field.name);
             formCtx.dirty = true;
             checkValidity();
-          });
+          };
+          field.addEventListener("input", silentInputHandler);
+          _onDispose(() => field.removeEventListener("input", silentInputHandler));
         }
         if (triggers.includes("blur") || triggers.includes("focusout")) {
-          field.addEventListener("focusout", (e) => {
+          const blurFocusoutHandler = (e) => {
             touchHandler();
             if (triggers.includes("blur")) handler();
-          });
+          };
+          field.addEventListener("focusout", blurFocusoutHandler);
+          _onDispose(() => field.removeEventListener("focusout", blurFocusoutHandler));
         } else {
           // Always track touched on focusout
           field.addEventListener("focusout", touchHandler);
+          _onDispose(() => field.removeEventListener("focusout", touchHandler));
         }
         if (triggers.includes("submit")) {
           field.addEventListener("focusout", touchHandler);
+          _onDispose(() => field.removeEventListener("focusout", touchHandler));
         }
       }
 
@@ -455,14 +462,18 @@ registerDirective("validate", {
           checkValidity();
         };
         el.addEventListener("input", inputHandler);
+        _onDispose(() => el.removeEventListener("input", inputHandler));
         el.addEventListener("change", inputHandler);
-        el.addEventListener("focusout", (e) => {
+        _onDispose(() => el.removeEventListener("change", inputHandler));
+        const focusoutHandler = (e) => {
           if (e.target && e.target.name) {
             touchedFields.add(e.target.name);
           }
           formCtx.touched = true;
           checkValidity();
-        });
+        };
+        el.addEventListener("focusout", focusoutHandler);
+        _onDispose(() => el.removeEventListener("focusout", focusoutHandler));
       } else {
         // Per-field event binding with validate-on
         for (const field of getFields()) {
@@ -470,7 +481,7 @@ registerDirective("validate", {
         }
       }
 
-      el.addEventListener("submit", (e) => {
+      const submitHandler = (e) => {
         // If validate-on="submit", run validation now
         formCtx.submitting = true;
         // Mark all fields as touched on submit
@@ -484,7 +495,9 @@ registerDirective("validate", {
           formCtx.submitting = false;
           ctx.$set("$form", { ...formCtx });
         });
-      });
+      };
+      el.addEventListener("submit", submitHandler);
+      _onDispose(() => el.removeEventListener("submit", submitHandler));
 
       // Initial check
       requestAnimationFrame(checkValidity);
@@ -501,7 +514,7 @@ registerDirective("validate", {
         el.tagName === "SELECT")
     ) {
       const errorTpl = el.getAttribute("error");
-      el.addEventListener("input", () => {
+      const fieldInputHandler = () => {
         const err = _validateField(el.value, rules, {});
         if (err && errorTpl) {
           let errorEl = el.nextElementSibling?.__validationError
@@ -516,6 +529,7 @@ registerDirective("validate", {
           const clone = _cloneTemplate(errorTpl);
           if (clone) {
             const childCtx = createContext({ err: { message: err } }, ctx);
+            _disposeChildren(errorEl);
             errorEl.innerHTML = "";
             errorEl.__ctx = childCtx;
             errorEl.appendChild(clone);
@@ -525,9 +539,14 @@ registerDirective("validate", {
           const errorEl = el.nextElementSibling?.__validationError
             ? el.nextElementSibling
             : null;
-          if (errorEl) errorEl.innerHTML = "";
+          if (errorEl) {
+            _disposeChildren(errorEl);
+            errorEl.innerHTML = "";
+          }
         }
-      });
+      };
+      el.addEventListener("input", fieldInputHandler);
+      _onDispose(() => el.removeEventListener("input", fieldInputHandler));
     }
   },
 });
@@ -556,9 +575,11 @@ registerDirective("error-boundary", {
     }
 
     // Listen for NoJS expression errors dispatched from event handlers
-    el.addEventListener("nojs:error", (e) => {
+    const nojsErrorHandler = (e) => {
       showFallback(e.detail?.message || "An error occurred");
-    });
+    };
+    el.addEventListener("nojs:error", nojsErrorHandler);
+    _onDispose(() => el.removeEventListener("nojs:error", nojsErrorHandler));
 
     // Listen for window-level errors (resource load failures, etc.)
     const errorHandler = (e) => {

package/src/dom.js

@@ -33,6 +33,51 @@ export function _cloneTemplate(id) {
   return tpl.content ? tpl.content.cloneNode(true) : null;
 }
 
+// ─── SVG data URI deep-sanitization ──────────────────────────────────────────
+// Strip JS vectors from raw SVG markup using DOMParser for robust sanitization.
+// Regex-based approaches are bypassable via entity encoding and nested contexts.
+function _sanitizeSvgContent(svg) {
+  const doc = new DOMParser().parseFromString(svg, "image/svg+xml");
+  const root = doc.documentElement;
+  if (root.querySelector("parsererror") ||
+      root.nodeName !== "svg" ||
+      root.getElementsByTagNameNS("http://www.mozilla.org/newlayout/xml/parsererror.xml", "parsererror").length) {
+    return "<svg></svg>";
+  }
+  function cleanAttrs(node) {
+    for (const attr of [...node.attributes]) {
+      const name = attr.name.toLowerCase();
+      if (name.startsWith("on")) { node.removeAttribute(attr.name); continue; }
+      if ((name === "href" || name === "xlink:href") &&
+          attr.value.trim().toLowerCase().startsWith("javascript:")) {
+        node.removeAttribute(attr.name);
+      }
+    }
+  }
+  for (const s of [...root.querySelectorAll("script")]) s.remove();
+  cleanAttrs(root);
+  for (const node of root.querySelectorAll("*")) cleanAttrs(node);
+  return new XMLSerializer().serializeToString(root);
+}
+
+// Sanitize a data:image/svg+xml URI — handles both base64 and URL-encoded forms.
+function _sanitizeSvgDataUri(str) {
+  try {
+    const b64 = str.match(/^data:image\/svg\+xml;base64,(.+)$/i);
+    if (b64) {
+      const clean = _sanitizeSvgContent(atob(b64[1]));
+      return "data:image/svg+xml;base64," + btoa(clean);
+    }
+    const comma = str.indexOf(",");
+    if (comma === -1) return "#";
+    const header = str.slice(0, comma + 1);
+    const clean = _sanitizeSvgContent(decodeURIComponent(str.slice(comma + 1)));
+    return header + encodeURIComponent(clean);
+  } catch (_e) {
+    return "#";
+  }
+}
+
 // Structural HTML sanitizer — uses DOMParser to parse the markup before cleaning.
 // Regex-based sanitizers are bypassable via SVG/MathML event handlers, nested
 // srcdoc attributes, and HTML entity encoding (e.g. &#x6A;avascript:).
@@ -47,7 +92,10 @@ const _BLOCKED_TAGS = new Set([
 ]);
 
 export function _sanitizeHtml(html) {
-  if (!_config.sanitize) return html;
+  if (_config.dangerouslyDisableSanitize || !_config.sanitize) {
+    _warn('HTML sanitization is DISABLED. This exposes your app to XSS attacks. Only disable for trusted content.');
+    return html;
+  }
   if (typeof _config.sanitizeHtml === 'function') return _config.sanitizeHtml(html);
 
   const doc = new DOMParser().parseFromString(html, 'text/html');
@@ -62,11 +110,15 @@ export function _sanitizeHtml(html) {
       for (const attr of [...child.attributes]) {
         const n = attr.name.toLowerCase();
         const v = attr.value.toLowerCase().trimStart();
-        const isUrlAttr = n === 'href' || n === 'src' || n === 'action' || n === 'xlink:href';
+        const isUrlAttr = n === 'href' || n === 'src' || n === 'action' || n === 'xlink:href'
+          || n === 'formaction' || n === 'poster' || n === 'data';
         const isDangerousScheme = v.startsWith('javascript:') || v.startsWith('vbscript:');
         const isDangerousData = isUrlAttr && v.startsWith('data:') && !/^data:image\//.test(v);
         if (n.startsWith('on') || isDangerousScheme || isDangerousData) {
           child.removeAttribute(attr.name);
+        } else if (isUrlAttr && v.startsWith('data:image/svg+xml')) {
+          // Deep-sanitize SVG data URIs to strip embedded <script> and on* handlers
+          child.setAttribute(attr.name, _sanitizeSvgDataUri(attr.value));
         }
       }
       _clean(child);
@@ -98,6 +150,18 @@ function _resolveTemplateSrc(src, tpl) {
   return resolveUrl(src, tpl);
 }
 
+// Warn when a template URL uses plain HTTP from an HTTPS page (mixed content / MITM risk).
+// The optional pageProtocol parameter enables testing without mutating jsdom's
+// non-configurable window.location.protocol property.
+export function _warnIfInsecureTemplateUrl(resolvedUrl, src, pageProtocol) {
+  const proto = pageProtocol !== undefined
+    ? pageProtocol
+    : (typeof window !== 'undefined' && window.location ? window.location.protocol : '');
+  if (resolvedUrl.startsWith('http://') && proto === 'https:') {
+    _warn('Template "' + src + '" is loaded over insecure HTTP from an HTTPS page. Use HTTPS to prevent tampering.');
+  }
+}
+
 export async function _loadRemoteTemplates(root) {
   const scope = root || document;
   const templates = scope.querySelectorAll("template[src]");
@@ -108,6 +172,7 @@ export async function _loadRemoteTemplates(root) {
     tpl.__srcLoaded = true;
     const src = tpl.getAttribute("src");
     const resolvedUrl = _resolveTemplateSrc(src, tpl);
+    _warnIfInsecureTemplateUrl(resolvedUrl, src);
     // Track the folder of this template so children can use "./" paths
     const baseFolder = resolvedUrl.substring(0, resolvedUrl.lastIndexOf("/") + 1);
     try {
@@ -163,6 +228,7 @@ export async function _loadTemplateElement(tpl) {
   _log("[LTE] START fetch:", src, "| route:", tpl.hasAttribute("route"), "| inDOM:", document.contains(tpl), "| loading:", tpl.getAttribute("loading"));
   tpl.__srcLoaded = true;
   const resolvedUrl = _resolveTemplateSrc(src, tpl);
+  _warnIfInsecureTemplateUrl(resolvedUrl, src);
   const baseFolder = resolvedUrl.substring(0, resolvedUrl.lastIndexOf("/") + 1);
 
   // Synchronously insert loading placeholder before the fetch begins

package/src/evaluate.js

@@ -2,7 +2,7 @@
 //  EXPRESSION EVALUATOR
 // ═══════════════════════════════════════════════════════════════════════
 
-import { _config, _stores, _routerInstance, _filters, _warn, _notifyStoreWatchers } from "./globals.js";
+import { _config, _stores, _routerInstance, _filters, _warn, _notifyStoreWatchers, _globals } from "./globals.js";
 import { _i18n } from "./i18n.js";
 import { _collectKeys } from "./context.js";
 
@@ -736,7 +736,130 @@ const _SAFE_GLOBALS = {
 // network and storage APIs — fetch, XMLHttpRequest, localStorage, sessionStorage,
 // WebSocket, indexedDB — are unreachable from template code by default, closing
 // the surface where interpolated external data could trigger unintended requests.
-// window.fetch / window.localStorage remain accessible via the window object.
+// window, document, and location are further wrapped in Proxy objects below
+// to block sensitive sub-properties (fetch, cookie, navigation, etc.).
+
+// ── Security proxies for window, document, and location ─────────────────
+// Even though window/document are on the allow-list, we wrap them in Proxy
+// objects that block access to sensitive sub-properties (network, storage,
+// cookie, eval, etc.) while still allowing safe DOM / measurement APIs.
+
+const _BLOCKED_WINDOW_PROPS = new Set([
+  'fetch', 'XMLHttpRequest', 'localStorage', 'sessionStorage',
+  'WebSocket', 'indexedDB', 'eval', 'Function', 'importScripts',
+  'open', 'postMessage',
+]);
+// Props on window that must return safe proxies instead of raw objects
+const _WINDOW_PROXY_OVERRIDES = {}; // populated after proxy creation below
+
+const _BLOCKED_DOCUMENT_PROPS = new Set([
+  'cookie', 'domain', 'write', 'writeln', 'execCommand',
+]);
+
+const _safeWindow = typeof globalThis !== 'undefined' && typeof globalThis.window !== 'undefined'
+  ? new Proxy(globalThis.window, {
+      get(target, prop, receiver) {
+        if (typeof prop === 'string' && _BLOCKED_WINDOW_PROPS.has(prop)) return undefined;
+        if (typeof prop === 'string' && prop in _WINDOW_PROXY_OVERRIDES) return _WINDOW_PROXY_OVERRIDES[prop];
+        return Reflect.get(target, prop, receiver);
+      },
+      set(target, prop, value) {
+        // Block writes to dangerous window properties from expressions;
+        // allow writing user-defined properties (e.g. window.__myHelper)
+        if (typeof prop === 'string' && _BLOCKED_WINDOW_PROPS.has(prop)) return true;
+        if (prop === 'name' || prop === 'status') return true; // anti-exfiltration
+        target[prop] = value;
+        return true;
+      },
+    })
+  : undefined;
+
+const _safeDocument = typeof globalThis !== 'undefined' && typeof globalThis.document !== 'undefined'
+  ? new Proxy(globalThis.document, {
+      get(target, prop, receiver) {
+        if (typeof prop === 'string' && _BLOCKED_DOCUMENT_PROPS.has(prop)) return undefined;
+        if (prop === 'defaultView') return _safeWindow;
+        return Reflect.get(target, prop, receiver);
+      },
+      set(target, prop, value) {
+        if (typeof prop === 'string' && _BLOCKED_DOCUMENT_PROPS.has(prop)) return true;
+        target[prop] = value;
+        return true;
+      },
+    })
+  : undefined;
+
+// Read-only location wrapper — exposes common getters via a plain object with
+// property descriptors that read from the real location. Navigation methods are
+// replaced with no-ops. Using a plain object avoids Proxy invariant violations
+// on non-configurable properties (like location.assign).
+const _LOCATION_READ_PROPS = [
+  'href', 'pathname', 'search', 'hash', 'origin',
+  'hostname', 'port', 'protocol', 'host',
+];
+const _locationNoop = () => {};
+
+const _safeLocation = typeof globalThis !== 'undefined' && typeof globalThis.location !== 'undefined'
+  ? (() => {
+      const loc = {};
+      for (const prop of _LOCATION_READ_PROPS) {
+        Object.defineProperty(loc, prop, {
+          get() { return globalThis.location[prop]; },
+          set() { /* silently ignore writes */ },
+          enumerable: true, configurable: false,
+        });
+      }
+      loc.assign = _locationNoop;
+      loc.replace = _locationNoop;
+      loc.reload = _locationNoop;
+      loc.toString = () => globalThis.location.href;
+      return Object.freeze(loc);
+    })()
+  : undefined;
+
+// Read-only history wrapper — exposes state and length as read-only getters,
+// replaces navigation methods with no-ops. Prevents expressions from
+// manipulating browser history (pushState, back, forward, etc.).
+const _HISTORY_READ_PROPS = ['length', 'state', 'scrollRestoration'];
+
+const _safeHistory = typeof globalThis !== 'undefined' && typeof globalThis.history !== 'undefined'
+  ? (() => {
+      const h = {};
+      for (const prop of _HISTORY_READ_PROPS) {
+        Object.defineProperty(h, prop, {
+          get() { return globalThis.history[prop]; },
+          enumerable: true, configurable: false,
+        });
+      }
+      h.pushState = _locationNoop;
+      h.replaceState = _locationNoop;
+      h.back = _locationNoop;
+      h.forward = _locationNoop;
+      h.go = _locationNoop;
+      return Object.freeze(h);
+    })()
+  : undefined;
+
+// Navigator proxy — blocks sendBeacon (data exfiltration) and credentials
+const _BLOCKED_NAVIGATOR_PROPS = new Set(['sendBeacon', 'credentials']);
+const _safeNavigator = typeof globalThis !== 'undefined' && typeof globalThis.navigator !== 'undefined'
+  ? new Proxy(globalThis.navigator, {
+      get(target, prop, receiver) {
+        if (typeof prop === 'string' && _BLOCKED_NAVIGATOR_PROPS.has(prop)) return undefined;
+        return Reflect.get(target, prop, receiver);
+      },
+      set() { return true; }, // navigator props are browser-enforced read-only
+    })
+  : undefined;
+
+// Wire window.location → _safeLocation, window.document → _safeDocument,
+// window.history → _safeHistory, window.navigator → _safeNavigator
+// so accessing via the window proxy returns safe versions
+if (_safeLocation) _WINDOW_PROXY_OVERRIDES.location = _safeLocation;
+if (_safeDocument) _WINDOW_PROXY_OVERRIDES.document = _safeDocument;
+if (_safeHistory) _WINDOW_PROXY_OVERRIDES.history = _safeHistory;
+if (_safeNavigator) _WINDOW_PROXY_OVERRIDES.navigator = _safeNavigator;
+
 const _BROWSER_GLOBALS = new Set([
   'window', 'document', 'console', 'location', 'history',
   'navigator', 'screen', 'performance', 'crypto',
@@ -764,7 +887,14 @@ function _evalNode(node, scope) {
       case 'Identifier':
         if (node.name in scope) return scope[node.name];
         if (node.name in _SAFE_GLOBALS) return _SAFE_GLOBALS[node.name];
-        if (_BROWSER_GLOBALS.has(node.name) && typeof globalThis !== 'undefined') return globalThis[node.name];
+        if (_BROWSER_GLOBALS.has(node.name) && typeof globalThis !== 'undefined') {
+          if (node.name === 'window') return _safeWindow;
+          if (node.name === 'document') return _safeDocument;
+          if (node.name === 'location') return _safeLocation;
+          if (node.name === 'history') return _safeHistory;
+          if (node.name === 'navigator') return _safeNavigator;
+          return globalThis[node.name];
+        }
         return undefined;
 
       case 'Forbidden':
@@ -915,7 +1045,12 @@ function _evalNode(node, scope) {
         for (let i = 0; i < node.properties.length; i++) {
           const prop = node.properties[i];
           if (prop.spread) {
-            Object.assign(obj, _evalNode(prop.value, scope));
+            const src = _evalNode(prop.value, scope);
+            if (src && typeof src === 'object') {
+              for (const k of Object.keys(src)) {
+                if (!_FORBIDDEN_PROPS[k]) obj[k] = src[k];
+              }
+            }
           } else {
             const key = prop.computed ? _evalNode(prop.key, scope) : prop.key;
             if (_FORBIDDEN_PROPS[key]) continue;
@@ -1176,6 +1311,11 @@ export function evaluate(expr, ctx) {
     if (!("$i18n"   in scope)) scope.$i18n   = _i18n;
     if (!("$refs"   in scope)) scope.$refs   = ctx.$refs;
     if (!("$form"   in scope)) scope.$form   = ctx.$form || null;
+    // Inject plugin globals (cannot shadow local or core $ variables)
+    for (const gk in _globals) {
+      const key = "$" + gk;
+      if (!(key in scope)) scope[key] = _globals[gk];
+    }
 
     // Parse expression into AST (cached)
     let ast = _exprCache.get(mainExpr);
@@ -1212,6 +1352,11 @@ export function _execStatement(expr, ctx, extraVars = {}) {
     if (!("$router" in scope)) scope.$router = _routerInstance;
     if (!("$i18n"   in scope)) scope.$i18n   = _i18n;
     if (!("$refs"   in scope)) scope.$refs   = ctx.$refs;
+    // Inject plugin globals (before extraVars so $event etc. take priority)
+    for (const gk in _globals) {
+      const key = "$" + gk;
+      if (!(key in scope)) scope[key] = _globals[gk];
+    }
     Object.assign(scope, extraVars);
 
     // Snapshot context chain values for write-back comparison

package/src/fetch.js

@@ -2,7 +2,61 @@
 //  FETCH HELPER, URL RESOLUTION & CACHE
 // ═══════════════════════════════════════════════════════════════════════
 
-import { _config, _interceptors, _cache } from "./globals.js";
+import { _config, _interceptors, _cache, _plugins, _SENSITIVE_HEADERS, _SENSITIVE_RESPONSE_HEADERS, _log, _warn, _CANCEL, _RESPOND, _REPLACE } from "./globals.js";
+
+const _MAX_CACHE = 200;
+const _INTERCEPTOR_TIMEOUT = 5000;
+let _interceptorDepth = 0;
+const _MAX_INTERCEPTOR_DEPTH = 1;
+const _responseOriginals = new WeakMap();
+
+function _withTimeout(promise, ms, label) {
+  let id;
+  return Promise.race([
+    promise.finally(() => clearTimeout(id)),
+    new Promise((_, reject) => {
+      id = setTimeout(() => reject(new Error(label)), ms);
+    }),
+  ]);
+}
+
+function _isSensitiveHeader(name) {
+  return _SENSITIVE_HEADERS.has(name.toLowerCase()) || /^x-(auth|api)-/i.test(name);
+}
+
+// URL param redaction helper
+function _redactUrlParams(url) {
+  try {
+    const u = new URL(url, "http://localhost");
+    for (const key of [...u.searchParams.keys()]) {
+      if (/token|key|secret|auth|password|credential/i.test(key)) {
+        u.searchParams.set(key, "[REDACTED]");
+      }
+    }
+    // Return just the path+search if it was a relative URL
+    return url.startsWith("http") ? u.href : u.pathname + u.search;
+  } catch {
+    return url;
+  }
+}
+
+// Response redaction helper for untrusted interceptors
+function _redactResponse(response) {
+  const redactedHeaders = new Headers(response.headers);
+  for (const h of _SENSITIVE_RESPONSE_HEADERS) {
+    redactedHeaders.delete(h);
+  }
+  const redactedUrl = _redactUrlParams(response.url);
+  const redacted = Object.freeze({
+    status: response.status,
+    ok: response.ok,
+    statusText: response.statusText,
+    headers: redactedHeaders,
+    url: redactedUrl,
+  });
+  _responseOriginals.set(redacted, response);
+  return redacted;
+}
 
 export function resolveUrl(url, el) {
   if (
@@ -31,6 +85,8 @@ export async function _doFetch(
   extraHeaders = {},
   el = null,
   externalSignal = null,
+  retries = undefined,
+  retryDelay = undefined,
 ) {
   const fullUrl = resolveUrl(url, el);
   let opts = {
@@ -62,13 +118,67 @@ export async function _doFetch(
       _config.csrf.token || "";
   }
 
-  // Request interceptors
-  for (const fn of _interceptors.request) {
-    opts = fn(fullUrl, opts) || opts;
+  // ── Request interceptors ──
+  // Strip sensitive headers before passing to interceptors
+  const sensitiveHeaders = {};
+  for (const key of Object.keys(opts.headers)) {
+    if (_isSensitiveHeader(key)) {
+      sensitiveHeaders[key] = opts.headers[key];
+      delete opts.headers[key];
+    }
   }
 
+  _interceptorDepth++;
+  try {
+    if (_interceptorDepth <= _MAX_INTERCEPTOR_DEPTH) {
+      for (let i = 0; i < _interceptors.request.length; i++) {
+        const entry = _interceptors.request[i];
+        const fn = entry.fn ?? entry;
+        const isTrusted = entry.pluginName && _plugins.get(entry.pluginName)?.options?.trusted === true;
+
+        const interceptorOpts = isTrusted
+          ? { ...opts, headers: { ...opts.headers, ...sensitiveHeaders } }
+          : { ...opts, headers: { ...opts.headers } };
+
+        const result = await _withTimeout(
+          Promise.resolve(fn(fullUrl, interceptorOpts)),
+          _INTERCEPTOR_TIMEOUT,
+          "Interceptor timeout",
+        ).catch(e => {
+          _warn(`Request interceptor [${i}] error:`, e.message);
+          return undefined;
+        });
+
+        if (result && result[_CANCEL]) {
+          _log("Request cancelled by interceptor", i);
+          throw new DOMException("Request cancelled by interceptor", "AbortError");
+        }
+        if (result && result[_RESPOND] !== undefined) {
+          _log("Request short-circuited by interceptor", i);
+          return result[_RESPOND];
+        }
+        if (result && typeof result === "object" && !result[_CANCEL] && result[_RESPOND] === undefined) {
+          if (result.headers && typeof result.headers === "object") {
+            const safeHeaders = { ...opts.headers };
+            for (const [key, value] of Object.entries(result.headers)) {
+              if (!_isSensitiveHeader(key)) {
+                safeHeaders[key] = value;
+              }
+            }
+            opts.headers = safeHeaders;
+          }
+        }
+      }
+    }
+  } finally {
+    _interceptorDepth--;
+  }
+
+  // Re-apply sensitive headers after interceptor chain
+  Object.assign(opts.headers, sensitiveHeaders);
+
   // Retry logic
-  const maxRetries = _config.retries || 0;
+  const maxRetries = retries !== undefined ? retries : (_config.retries || 0);
   let lastError;
   for (let attempt = 0; attempt <= maxRetries; attempt++) {
     try {
@@ -93,8 +203,33 @@ export async function _doFetch(
       clearTimeout(timeout);
 
       // Response interceptors
-      for (const fn of _interceptors.response) {
-        response = fn(response, fullUrl) || response;
+      for (let i = 0; i < _interceptors.response.length; i++) {
+        const entry = _interceptors.response[i];
+        const fn = entry.fn ?? entry;
+        const isTrusted = entry.pluginName && _plugins.get(entry.pluginName)?.options?.trusted === true;
+
+        const interceptorResponse = isTrusted ? response : _redactResponse(response);
+        const interceptorUrl = isTrusted ? fullUrl : _redactUrlParams(fullUrl);
+
+        const result = await _withTimeout(
+          Promise.resolve(fn(interceptorResponse, interceptorUrl)),
+          _INTERCEPTOR_TIMEOUT,
+          "Response interceptor timeout",
+        ).catch(e => {
+          _warn(`Response interceptor [${i}] error:`, e.message);
+          return undefined;
+        });
+
+        if (result && result[_REPLACE] !== undefined) {
+          _log("Response replaced by interceptor", i);
+          return result[_REPLACE];
+        }
+        if (result) response = result;
+      }
+
+      // Unwrap redacted shell back to real Response for data extraction
+      if (_responseOriginals.has(response)) {
+        response = _responseOriginals.get(response);
       }
 
       if (!response.ok) {
@@ -115,7 +250,7 @@ export async function _doFetch(
       if (e.name === "AbortError") throw e; // Don't retry aborted requests
       lastError = e;
       if (attempt < maxRetries) {
-        await new Promise((r) => setTimeout(r, _config.retryDelay || 1000));
+        await new Promise((r) => setTimeout(r, retryDelay !== undefined ? retryDelay : (_config.retryDelay || 1000)));
       }
     }
   }
@@ -126,8 +261,12 @@ export function _cacheGet(key, strategy) {
   if (strategy === "none") return null;
   if (strategy === "memory") {
     const entry = _cache.get(key);
-    if (entry && Date.now() - entry.time < (_config.cache.ttl || 300000))
+    if (entry && Date.now() - entry.time < (_config.cache.ttl || 300000)) {
+      // Move to end (most-recently-used) for LRU eviction
+      _cache.delete(key);
+      _cache.set(key, entry);
       return entry.data;
+    }
     return null;
   }
   const store =
@@ -154,6 +293,11 @@ export function _cacheSet(key, data, strategy) {
   if (strategy === "none") return;
   const entry = { data, time: Date.now() };
   if (strategy === "memory") {
+    if (_cache.has(key)) {
+      _cache.delete(key); // refresh position before re-inserting
+    } else if (_cache.size >= _MAX_CACHE) {
+      _cache.delete(_cache.keys().next().value); // evict LRU (insertion-order first)
+    }
     _cache.set(key, entry);
     return;
   }

package/src/filters.js

@@ -20,7 +20,12 @@ _filters.slugify = (v) =>
     .toLowerCase()
     .replace(/[^a-z0-9]+/g, "-")
     .replace(/^-|-$/g, "");
-_filters.nl2br = (v) => String(v ?? "").replace(/\n/g, "<br>");
+_filters.nl2br = (v) =>
+  String(v ?? "")
+    .replace(/&/g, "&amp;")
+    .replace(/</g, "&lt;")
+    .replace(/>/g, "&gt;")
+    .replace(/\n/g, "<br>");
 _filters.encodeUri = (v) => encodeURIComponent(String(v ?? ""));
 
 // Numbers