@jant/core 0.3.36 → 0.3.37

package/src/lib/errors.ts

@@ -97,20 +97,23 @@ export function assertFound<T>(
   return value;
 }
 
+const UUID_RE =
+  /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+
 /**
- * Parse a route parameter as a positive integer, throwing ValidationError if invalid.
+ * Validates a route parameter as a UUID.
+ * Throws ValidationError if the format is invalid.
  *
- * @param value - Raw string parameter from the route
- * @returns Parsed integer
+ * @param value - UUID string from the route
+ * @returns The validated UUID string
  * @example
  * ```ts
- * const id = parseIntParam(c.req.param("id"));
+ * const id = parseIdParam(c.req.param("id"));
  * ```
  */
-export function parseIntParam(value: string): number {
-  const id = parseInt(value, 10);
-  if (isNaN(id) || id < 1) {
+export function parseIdParam(value: string): string {
+  if (!UUID_RE.test(value)) {
     throw new ValidationError("Invalid ID");
   }
-  return id;
+  return value;
 }

package/src/lib/feed.ts

@@ -10,7 +10,7 @@
  * ```
  */
 
-import type { FeedData, SitemapData } from "../types.js";
+import type { FeedData, PostView, SitemapData } from "../types.js";
 
 /**
  * Escape special XML characters.
@@ -24,6 +24,67 @@ function escapeXml(str: string): string {
     .replace(/'/g, "'");
 }
 
+/**
+ * Escape content for safe embedding inside a CDATA section.
+ *
+ * CDATA sections end at the first `]]>` sequence. If the content contains
+ * `]]>`, we split it by closing the current CDATA section and opening a new
+ * one: `]]>` becomes `]]]]><![CDATA[>`.
+ *
+ * @param str - Raw string to embed in CDATA
+ * @returns String safe to place inside `<![CDATA[...]]>`
+ */
+function escapeCdata(str: string): string {
+  return str.replaceAll("]]>", "]]]]><![CDATA[>");
+}
+
+/**
+ * Render a star rating as HTML for feed content.
+ */
+function renderRatingHtml(rating: number): string {
+  const filled = "★".repeat(rating);
+  const empty = "☆".repeat(5 - rating);
+  return `<p>${filled}${empty} ${rating}/5</p>`;
+}
+
+/**
+ * Build the full HTML content for a feed item, combining format-specific
+ * fields (quote text, source URL) with body and rating.
+ */
+function buildFeedContent(post: PostView): string {
+  const parts: string[] = [];
+
+  if (post.format === "quote" && post.quoteText) {
+    const attribution = post.title || post.url || "";
+    const cite = post.url ? ` cite="${escapeXml(post.url)}"` : "";
+    parts.push(
+      `<blockquote${cite}><p>${escapeXml(post.quoteText)}</p></blockquote>`,
+    );
+    if (attribution) {
+      const source = post.url
+        ? `<a href="${escapeXml(post.url)}">${escapeXml(post.title || "Source")}</a>`
+        : escapeXml(attribution);
+      parts.push(`<p>— ${source}</p>`);
+    }
+  }
+
+  if (post.format === "link" && post.url) {
+    parts.push(
+      `<p><a href="${escapeXml(post.url)}">${escapeXml(post.url)}</a></p>`,
+    );
+  }
+
+  if (post.bodyHtml) {
+    parts.push(post.bodyHtml);
+  }
+
+  if (post.rating && post.rating > 0) {
+    parts.push(renderRatingHtml(post.rating));
+  }
+
+  return parts.join("\n");
+}
+
 /**
  * Default RSS 2.0 renderer.
  *
@@ -35,23 +96,23 @@ export function defaultRssRenderer(data: FeedData): string {
 
   const items = posts
     .map((post) => {
-      const link = `${siteUrl}${post.permalink}`;
+      const link = escapeXml(`${siteUrl}${post.permalink}`);
       const title = post.title || `Post #${post.id}`;
       const pubDate = new Date(post.publishedAt).toUTCString();
 
       // Add enclosure for first media attachment
       const firstMedia = post.media[0];
       const enclosure = firstMedia
-        ? `\n      <enclosure url="${firstMedia.url}" type="${firstMedia.mimeType}"${firstMedia.size ? ` length="${firstMedia.size}"` : ""}/>`
+        ? `\n      <enclosure url="${escapeXml(firstMedia.url)}" type="${escapeXml(firstMedia.mimeType)}"${firstMedia.size ? ` length="${firstMedia.size}"` : ""}/>`
         : "";
 
       return `
     <item>
-      <title><![CDATA[${escapeXml(title)}]]></title>
+      <title><![CDATA[${escapeCdata(escapeXml(title))}]]></title>
       <link>${link}</link>
       <guid isPermaLink="true">${link}</guid>
       <pubDate>${pubDate}</pubDate>
-      <description><![CDATA[${post.bodyHtml || ""}]]></description>${enclosure}
+      <description><![CDATA[${escapeCdata(buildFeedContent(post))}]]></description>${enclosure}
     </item>`;
     })
     .join("");
@@ -60,10 +121,10 @@ export function defaultRssRenderer(data: FeedData): string {
 <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
   <channel>
     <title>${escapeXml(siteName)}</title>
-    <link>${siteUrl}</link>
+    <link>${escapeXml(siteUrl)}</link>
     <description>${escapeXml(siteDescription)}</description>
     <language>${siteLanguage}</language>
-    <atom:link href="${siteUrl}/feed" rel="self" type="application/rss+xml"/>
+    <atom:link href="${escapeXml(siteUrl)}/feed" rel="self" type="application/rss+xml"/>
     ${items}
   </channel>
 </rss>`;
@@ -80,7 +141,7 @@ export function defaultAtomRenderer(data: FeedData): string {
 
   const entries = posts
     .map((post) => {
-      const link = `${siteUrl}${post.permalink}`;
+      const link = escapeXml(`${siteUrl}${post.permalink}`);
       const title = post.title || `Post #${post.id}`;
 
       return `
@@ -90,7 +151,7 @@ export function defaultAtomRenderer(data: FeedData): string {
     <id>${link}</id>
     <published>${post.publishedAt}</published>
     <updated>${post.updatedAt}</updated>
-    <content type="html"><![CDATA[${post.bodyHtml || ""}]]></content>
+    <content type="html"><![CDATA[${escapeCdata(buildFeedContent(post))}]]></content>
   </entry>`;
     })
     .join("");
@@ -101,9 +162,9 @@ export function defaultAtomRenderer(data: FeedData): string {
 <feed xmlns="http://www.w3.org/2005/Atom">
   <title>${escapeXml(siteName)}</title>
   <subtitle>${escapeXml(siteDescription)}</subtitle>
-  <link href="${siteUrl}" rel="alternate"/>
-  <link href="${siteUrl}/feed/atom.xml" rel="self"/>
-  <id>${siteUrl}/</id>
+  <link href="${escapeXml(siteUrl)}" rel="alternate"/>
+  <link href="${escapeXml(siteUrl)}/feed/atom.xml" rel="self"/>
+  <id>${escapeXml(siteUrl)}/</id>
   <updated>${now}</updated>
   ${entries}
 </feed>`;
@@ -112,17 +173,17 @@ export function defaultAtomRenderer(data: FeedData): string {
 /**
  * Default Sitemap renderer.
  *
- * @param data - Sitemap data with PostView[] and PageView[]
+ * @param data - Sitemap data with PostView[]
  * @returns Sitemap XML string
  */
 export function defaultSitemapRenderer(data: SitemapData): string {
-  const { siteUrl, posts, pages } = data;
+  const { siteUrl, posts } = data;
 
   const postUrls = posts
     .map((post) => {
-      const loc = `${siteUrl}${post.permalink}`;
+      const loc = escapeXml(`${siteUrl}${post.permalink}`);
       const lastmod = post.updatedAt.split("T")[0];
-      const priority = post.visibility === "featured" ? "0.8" : "0.6";
+      const priority = post.featured ? "0.8" : "0.6";
 
       return `
   <url>
@@ -133,23 +194,9 @@ export function defaultSitemapRenderer(data: SitemapData): string {
     })
     .join("");
 
-  const pageUrls = pages
-    .map((page) => {
-      const loc = `${siteUrl}/${page.slug}`;
-      const lastmod = page.updatedAt.split("T")[0];
-
-      return `
-  <url>
-    <loc>${loc}</loc>
-    <lastmod>${lastmod}</lastmod>
-    <priority>0.7</priority>
-  </url>`;
-    })
-    .join("");
-
   const homepageUrl = `
   <url>
-    <loc>${siteUrl}/</loc>
+    <loc>${escapeXml(siteUrl)}/</loc>
     <priority>1.0</priority>
     <changefreq>daily</changefreq>
   </url>`;
@@ -158,6 +205,5 @@ export function defaultSitemapRenderer(data: SitemapData): string {
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
   ${homepageUrl}
   ${postUrls}
-  ${pageUrls}
 </urlset>`;
 }

package/src/lib/html.ts

@@ -18,5 +18,6 @@ export function escapeHtml(str: string): string {
     .replace(/&/g, "&")
     .replace(/</g, "&lt;")
     .replace(/>/g, "&gt;")
-    .replace(/"/g, "&quot;");
+    .replace(/"/g, "&quot;")
+    .replace(/'/g, "&#39;");
 }