@fileverse-dev/ddoc 4.1.11-patch-1 → 4.1.11-patch-2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,4 +1,4 @@
1
- import { k as Ql, b as Zl, s as eh } from "./index-ES2pPSG6.mjs";
1
+ import { k as Ql, b as Zl, s as eh } from "./index-BbiswCbz.mjs";
2
2
  let An = [], Xr = [];
3
3
  (() => {
4
4
  let s = "lc,34,7n,7,7b,19,,,,2,,2,,,20,b,1c,l,g,,2t,7,2,6,2,2,,4,z,,u,r,2j,b,1m,9,9,,o,4,,9,,3,,5,17,3,3b,f,,w,1j,,,,4,8,4,,3,7,a,2,t,,1m,,,,2,4,8,,9,,a,2,q,,2,2,1l,,4,2,4,2,2,3,3,,u,2,3,,b,2,1l,,4,5,,2,4,,k,2,m,6,,,1m,,,2,,4,8,,7,3,a,2,u,,1n,,,,c,,9,,14,,3,,1l,3,5,3,,4,7,2,b,2,t,,1m,,2,,2,,3,,5,2,7,2,b,2,s,2,1l,2,,,2,4,8,,9,,a,2,t,,20,,4,,2,3,,,8,,29,,2,7,c,8,2q,,2,9,b,6,22,2,r,,,,,,1j,e,,5,,2,5,b,,10,9,,2u,4,,6,,2,2,2,p,2,4,3,g,4,d,,2,2,6,,f,,jj,3,qa,3,t,3,t,2,u,2,1s,2,,7,8,,2,b,9,,19,3,3b,2,y,,3a,3,4,2,9,,6,3,63,2,2,,1m,,,7,,,,,2,8,6,a,2,,1c,h,1r,4,1c,7,,,5,,14,9,c,2,w,4,2,2,,3,1k,,,2,3,,,3,1m,8,2,2,48,3,,d,,7,4,,6,,3,2,5i,1m,,5,ek,,5f,x,2da,3,3x,,2o,w,fe,6,2x,2,n9w,4,,a,w,2,28,2,7k,,3,,4,,p,2,5,,47,2,q,i,d,,12,8,p,b,1a,3,1c,,2,4,2,2,13,,1v,6,2,2,2,2,c,,8,,1b,,1f,,,3,2,2,5,2,,,16,2,8,,6m,,2,,4,,fn4,,kh,g,g,g,a6,2,gt,,6a,,45,5,1ae,3,,2,5,4,14,3,4,,4l,2,fx,4,ar,2,49,b,4w,,1i,f,1k,3,1d,4,2,2,1x,3,10,5,,8,1q,,c,2,1g,9,a,4,2,,2n,3,2,,,2,6,,4g,,3,8,l,2,1l,2,,,,,m,,e,7,3,5,5f,8,2,3,,,n,,29,,2,6,,,2,,,2,,2,6j,,2,4,6,2,,2,r,2,2d,8,2,,,2,2y,,,,2,6,,,2t,3,2,4,,5,77,9,,2,6t,,a,2,,,4,,40,4,2,2,4,,w,a,14,6,2,4,8,,9,6,2,3,1a,d,,2,ba,7,,6,,,2a,m,2,7,,2,,2,3e,6,3,,,2,,7,,,20,2,3,,,,9n,2,f0b,5,1n,7,t4,,1r,4,29,,f5k,2,43q,,,3,4,5,8,8,2,7,u,4,44,3,1iz,1j,4,1e,8,,e,,m,5,,f,11s,7,,h,2,7,,2,,5,79,7,c5,4,15s,7,31,7,240,5,gx7k,2o,3k,6o".split(",").map((e) => e ? parseInt(e, 36) : 1);
package/dist/index.es.js CHANGED
@@ -1,4 +1,4 @@
1
- import { D as e, a as o, E as t, P as d, e as r, h as i, m as n, d as E, c as l, u, v as C } from "./index-ES2pPSG6.mjs";
1
+ import { D as e, a as o, E as t, P as d, e as r, h as i, m as n, d as E, c as l, u, v as C } from "./index-BbiswCbz.mjs";
2
2
  export {
3
3
  e as DdocEditor,
4
4
  o as DdocExportModal,
@@ -1,9 +1,9 @@
1
1
  var Vr = Object.defineProperty;
2
2
  var Wr = (t, e, O) => e in t ? Vr(t, e, { enumerable: !0, configurable: !0, writable: !0, value: O }) : t[e] = O;
3
3
  var gt = (t, e, O) => Wr(t, typeof e != "symbol" ? e + "" : e, O);
4
- import { j as Cr } from "./index-ES2pPSG6.mjs";
4
+ import { j as Cr } from "./index-BbiswCbz.mjs";
5
5
  import { useRef as pe, useEffect as St } from "react";
6
- import { s as y, A as pO, T as dO, a as Gr, S as et, b as Lr, P as fO, E as j, i as QO, c as _, D as le, k as tt, F as Ar, M as Pt, W as Er, R as Ur, d as mO, N as oe, e as V, f as Mr, g as Ot, h as ce, p as $O, j as Y, t as h, l as Ir, I as rt, L as at, m as ye, n as ue, o as Qe, q as gO, r as te, u as SO, v as Br, w as Nr, x as PO, y as kO, z as Dr, B as Fr, C as Kr, G as Oe, H as ZO, J as Jr, K as kt, O as Hr, Q as ea, U as ta, V as Oa, X as ra, Y as aa, Z as ia, _ as sa, $ as na, a0 as la, a1 as oa, a2 as ca } from "./index-CqX0iYGN.mjs";
6
+ import { s as y, A as pO, T as dO, a as Gr, S as et, b as Lr, P as fO, E as j, i as QO, c as _, D as le, k as tt, F as Ar, M as Pt, W as Er, R as Ur, d as mO, N as oe, e as V, f as Mr, g as Ot, h as ce, p as $O, j as Y, t as h, l as Ir, I as rt, L as at, m as ye, n as ue, o as Qe, q as gO, r as te, u as SO, v as Br, w as Nr, x as PO, y as kO, z as Dr, B as Fr, C as Kr, G as Oe, H as ZO, J as Jr, K as kt, O as Hr, Q as ea, U as ta, V as Oa, X as ra, Y as aa, Z as ia, _ as sa, $ as na, a0 as la, a1 as oa, a2 as ca } from "./index-BwbwqtUK.mjs";
7
7
  class ua {
8
8
  /**
9
9
  Create a new completion context. (Mostly useful for testing
@@ -1,45 +1,45 @@
1
1
  /**
2
- * Sanitize + validate author-supplied custom CSS before it is injected into the
3
- * document.
2
+ * Sanitize + scope + validate author-supplied custom CSS before it is injected
3
+ * into the document.
4
4
  *
5
- * Custom CSS travels to VIEWERS of a published document, so the raw string is
6
- * NOT a trusted stylesheet. We defend against:
7
- * - scope breakout: a `}` in the CSS escaping the `scope { }` wrapper to
8
- * style the whole app (toolbar, other content, security UI, overlays);
9
- * - external resource loads / exfiltration: `url()` and `@import` (tracking
10
- * beacons, plus CSS attribute-selector data exfiltration);
11
- * - clickjacking / UI redressing: `position: fixed | sticky` overlays that
12
- * escape the document box and cover the viewport;
5
+ * Authors write **normal, full-page CSS** `body { }`, `html body h1 { }`,
6
+ * `h1 { }`, `* { … }` — the way they'd style any web page. We transparently
7
+ * scope every rule to the document so it can't leak into the app, AND we map the
8
+ * page-root selectors (`html`, `body`, `:root`) onto the document root so that
9
+ * `body { background: … }` styles the doc surface and `html body h1 { … }`
10
+ * styles the doc's headings. No `.ProseMirror` prefix, no learning curve.
11
+ *
12
+ * Because the raw string reaches VIEWERS of a published doc, it is untrusted.
13
+ * Every selector is force-scoped (so a `}` breakout is neutralised — the escaped
14
+ * rule is simply scoped too), and dangerous declarations are stripped:
15
+ * - external resource loads / exfiltration: `url(…)`, `@import`;
16
+ * - clickjacking / UI redressing: `position: fixed | sticky`;
13
17
  * - legacy script vectors: `expression()`, `-moz-binding`, `behavior:`.
14
18
  *
15
- * Strategy: wrap the raw CSS in `scope { }` and parse it with the browser's
16
- * own CSS engine (no dependency, no regex parsing). A well-formed input yields
17
- * exactly ONE top-level rule whose selector is `scope`; a breakout produces
18
- * extra top-level rules with other selectors — we keep only `scope` rules and
19
- * drop the rest. Dangerous declarations are stripped at every nesting level.
20
- * The kept rules are re-serialized by the engine, so the output is always a
21
- * valid, balanced stylesheet.
19
+ * We parse with the browser's own CSS engine (no dependency), rewrite each
20
+ * selector, strip dangerous declarations at every nesting level, and let the
21
+ * engine re-serialise so the output is always a valid, balanced stylesheet.
22
22
  *
23
- * The sanitizer knows exactly what it removed, so it also returns non-blocking
24
- * `diagnostics` the editing UI shows these so authors aren't left wondering
25
- * why a rule silently vanished (CSS is forgiving; we warn, never block).
23
+ * The sanitizer knows exactly what it removed, so it returns non-blocking
24
+ * `diagnostics`; the editing UI surfaces them (CSS is forgiving we warn,
25
+ * never block).
26
26
  */
27
27
  export interface CssDiagnostic {
28
28
  level: 'warning' | 'error';
29
29
  message: string;
30
30
  }
31
31
  export interface CssValidationResult {
32
- /** Sanitized, scope-wrapped CSS, safe to inject. '' when nothing survives. */
32
+ /** Sanitized, scoped CSS, safe to inject. '' when nothing survives. */
33
33
  css: string;
34
34
  /** What was stripped/ignored, deduped. Empty when the CSS was fully clean. */
35
35
  diagnostics: CssDiagnostic[];
36
36
  }
37
37
  /**
38
- * Sanitize AND report. Use this from the editing UI to surface diagnostics.
38
+ * Sanitize + scope AND report. Use this from the editing UI for diagnostics.
39
39
  */
40
40
  export declare const validateCustomCss: (raw: string | undefined | null, scope?: string) => CssValidationResult;
41
41
  /**
42
- * Sanitized CSS only — used at injection/export sinks that just need the safe
43
- * string. Diagnostics are surfaced separately via validateCustomCss.
42
+ * Sanitized + scoped CSS only — used at injection/export sinks that just need
43
+ * the safe string. Diagnostics are surfaced separately via validateCustomCss.
44
44
  */
45
45
  export declare const sanitizeCustomCss: (raw: string | undefined | null, scope?: string) => string;
@@ -1,7 +1,7 @@
1
- import { j as d } from "./index-ES2pPSG6.mjs";
1
+ import { j as d } from "./index-BbiswCbz.mjs";
2
2
  import { useRef as I, useState as N, useEffect as D } from "react";
3
3
  import { DynamicDropdown as E, Tooltip as R, IconButton as O } from "@fileverse/ui";
4
- import { a3 as A, a4 as P, c as y } from "./index-CqX0iYGN.mjs";
4
+ import { a3 as A, a4 as P, c as y } from "./index-BwbwqtUK.mjs";
5
5
  const p = (e, t, o = t) => {
6
6
  const { state: s } = e, l = s.changeByRange((n) => {
7
7
  const u = s.sliceDoc(n.from, n.to), r = s.sliceDoc(
package/package.json CHANGED
@@ -2,7 +2,7 @@
2
2
  "name": "@fileverse-dev/ddoc",
3
3
  "private": false,
4
4
  "description": "DDoc",
5
- "version": "4.1.11-patch-1",
5
+ "version": "4.1.11-patch-2",
6
6
  "main": "dist/index.es.js",
7
7
  "module": "dist/index.es.js",
8
8
  "exports": {