@katechat/ui 1.0.2 → 1.0.3

package/src/lib/__tests__/markdown.parser.test.ts

@@ -1,289 +0,0 @@
-import { parseMarkdown, parseChatMessages, escapeHtml } from "../markdown.parser";
-import { Message, MessageRole } from "../../core/message";
-
-// Mock the sanitizeUrl function by accessing it through module internals
-// Since sanitizeUrl is not exported, we'll test it indirectly through parseMarkdown
-// or we can use jest.mock to access internals, but for now we'll test through integration
-
-describe("MarkdownParser", () => {
-  describe("escapeHtml", () => {
-    it("should escape HTML entities", () => {
-      expect(escapeHtml('<script>alert("xss")</script>')).toBe("&lt;script&gt;alert(&quot;xss&quot;)&lt;/script&gt;");
-      expect(escapeHtml("&<>\"'`")).toBe("&amp;&lt;&gt;&quot;&#x27;`");
-    });
-
-    it("should handle null and undefined", () => {
-      expect(escapeHtml(null)).toBe("");
-      expect(escapeHtml(undefined)).toBe("");
-      expect(escapeHtml("")).toBe("");
-    });
-
-    it("should preserve safe text", () => {
-      expect(escapeHtml("Hello World!")).toBe("Hello World!");
-      expect(escapeHtml("123 + 456 = 579")).toBe("123 + 456 = 579");
-    });
-  });
-
-  describe("parseMarkdown", () => {
-    it("should handle null and undefined content", () => {
-      expect(parseMarkdown(null)).toEqual([]);
-      expect(parseMarkdown(undefined)).toEqual([]);
-      expect(parseMarkdown("")).toEqual([]);
-    });
-
-    it("should parse simple markdown text", () => {
-      const result = parseMarkdown("Hello **world**!");
-      expect(result).toHaveLength(1);
-      expect(result[0]).toContain("<strong>world</strong>");
-    });
-
-    it("should handle code blocks as single block", () => {
-      const codeBlock = '```javascript\nconsole.log("hello");\n```';
-      const result = parseMarkdown(codeBlock);
-      expect(result).toHaveLength(1);
-      expect(result[0]).toContain("console.log");
-    });
-
-    it("should handle tables as single block", () => {
-      const table = "| Header 1 | Header 2 |\n|----------|----------|\n| Cell 1   | Cell 2   |";
-      const result = parseMarkdown(table);
-      expect(result).toHaveLength(1);
-      expect(result[0]).toContain("<table>");
-    });
-
-    it("should split text by double newlines", () => {
-      const text = "Paragraph 1\n\nParagraph 2\n\nParagraph 3";
-      const result = parseMarkdown(text);
-      expect(result).toHaveLength(3);
-      expect(result[0]).toContain("Paragraph 1");
-      expect(result[1]).toContain("Paragraph 2");
-      expect(result[2]).toContain("Paragraph 3");
-    });
-
-    describe("Link Security Tests", () => {
-      it("should sanitize javascript: URLs", () => {
-        const maliciousLink = '[Click me](javascript:alert("xss"))';
-        const result = parseMarkdown(maliciousLink);
-        expect(result[0]).not.toContain("javascript:");
-        // Should render as text or empty href
-        expect(result[0]).toContain("Click me");
-      });
-
-      it("should sanitize data: URLs", () => {
-        const dataUrl = '[Click me](data:text/html,<script>alert("xss")</script>)';
-        const result = parseMarkdown(dataUrl);
-        expect(result[0]).not.toContain("data:text/html");
-        expect(result[0]).toContain("Click me");
-      });
-
-      it("should allow https URLs", () => {
-        const httpsLink = "[Safe link](https://example.com)";
-        const result = parseMarkdown(httpsLink);
-        expect(result[0]).toContain('href="https://example.com"');
-        expect(result[0]).toContain('target="_blank"');
-        expect(result[0]).toContain('rel="noopener noreferrer"');
-      });
-
-      it("should allow http URLs", () => {
-        const httpLink = "[HTTP link](http://example.com)";
-        const result = parseMarkdown(httpLink);
-        expect(result[0]).toContain('href="http://example.com"');
-      });
-
-      it("should allow mailto URLs", () => {
-        const mailtoLink = "[Email me](mailto:test@example.com)";
-        const result = parseMarkdown(mailtoLink);
-        expect(result[0]).toContain('href="mailto:test@example.com"');
-      });
-
-      it("should handle protocol-relative URLs", () => {
-        const protocolRelative = "[Link](//example.com)";
-        const result = parseMarkdown(protocolRelative);
-        expect(result[0]).toContain('href="https://example.com"');
-      });
-
-      it("should allow relative URLs", () => {
-        const relativeLink = "[Relative](/path/to/page)";
-        const result = parseMarkdown(relativeLink);
-        expect(result[0]).toContain('href="/path/to/page"');
-      });
-
-      it("should escape link titles and text", () => {
-        const linkWithQuotes = '[Link with "quotes"](https://example.com "Title with \'quotes\'")';
-        const result = parseMarkdown(linkWithQuotes);
-        expect(result[0]).toContain('title="Title with &#x27;quotes&#x27;"');
-        expect(result[0]).toContain("Link with &quot;quotes&quot;");
-      });
-
-      it("should handle XSS attempts in link text", () => {
-        const xssText = '[<script>alert("xss")</script>](https://example.com)';
-        const result = parseMarkdown(xssText);
-        expect(result[0]).not.toContain("<script>");
-        expect(result[0]).toContain("&lt;script&gt;");
-      });
-
-      it("should handle XSS attempts in link titles", () => {
-        const xssTitle = '[Link](https://example.com "Title<script>alert(\\"xss\\")</script>")';
-        const result = parseMarkdown(xssTitle);
-        expect(result[0]).not.toContain("<script>");
-        expect(result[0]).toContain("&lt;script&gt;");
-      });
-    });
-
-    describe("Math Formula Tests", () => {
-      it("should render inline math formulas", () => {
-        const mathFormula = "The equation is $x^2 + y^2 = z^2$";
-        const result = parseMarkdown(mathFormula);
-        expect(result[0]).toContain("katex");
-      });
-
-      it("should render block math formulas", () => {
-        const blockMath = "$$\\sum_{i=1}^{n} x_i$$";
-        const result = parseMarkdown(blockMath);
-        expect(result[0]).toContain("katex");
-      });
-    });
-
-    describe("Code Highlighting Tests", () => {
-      it("should highlight code with language specified", () => {
-        const code = "```javascript\nconst x = 5;\n```";
-        const result = parseMarkdown(code);
-        expect(result[0]).toContain("hljs");
-        expect(result[0]).toContain("code-data");
-      });
-
-      it("should handle code without language", () => {
-        const code = "```\nsome code\n```";
-        const result = parseMarkdown(code);
-        // Code blocks without language don't get hljs classes applied
-        expect(result[0]).toContain("<pre><code>");
-        expect(result[0]).toContain("some code");
-      });
-    });
-  });
-
-  describe("parseChatMessages", () => {
-    const mockMessage: Message = {
-      id: "1",
-      chatId: "chat1",
-      content: "Hello **world**!",
-      role: MessageRole.USER,
-      createdAt: new Date().toISOString(),
-      updatedAt: new Date().toISOString(),
-    };
-
-    it("should handle empty messages array", () => {
-      expect(parseChatMessages([])).toEqual([]);
-      expect(parseChatMessages()).toEqual([]);
-    });
-
-    it("should parse USER and ASSISTANT messages as markdown", () => {
-      const messages: Message[] = [
-        { ...mockMessage, role: MessageRole.USER },
-        { ...mockMessage, role: MessageRole.ASSISTANT, id: "2" },
-      ];
-
-      const result = parseChatMessages(messages);
-
-      expect(result).toHaveLength(2);
-      expect(result[0].html).toBeDefined();
-      expect(result[1].html).toBeDefined();
-      expect(result[0].html![0]).toContain("<strong>world</strong>");
-      expect(result[1].html![0]).toContain("<strong>world</strong>");
-    });
-
-    it("should escape non-USER/ASSISTANT messages", () => {
-      const systemMessage: Message = {
-        ...mockMessage,
-        role: MessageRole.ERROR,
-        content: '<script>alert("xss")</script>',
-      };
-
-      const result = parseChatMessages([systemMessage]);
-
-      expect(result).toHaveLength(1);
-      expect(result[0].html![0]).toBe("&lt;script&gt;alert(&quot;xss&quot;)&lt;/script&gt;");
-    });
-
-    it("should handle linked messages", () => {
-      const messageWithLinked: Message = {
-        ...mockMessage,
-        linkedMessages: [
-          { ...mockMessage, id: "2", role: MessageRole.ASSISTANT, content: "Response **bold**" },
-          { ...mockMessage, id: "3", role: MessageRole.SYSTEM, content: '<script>alert("xss")</script>' },
-        ],
-      };
-
-      const result = parseChatMessages([messageWithLinked]);
-
-      expect(result).toHaveLength(1);
-      expect(result[0].linkedMessages).toHaveLength(2);
-      expect(result[0].linkedMessages![0].html![0]).toContain("<strong>bold</strong>");
-      expect(result[0].linkedMessages![1].html![0]).toContain("&lt;script&gt;");
-    });
-
-    it("should handle malicious links in chat messages", () => {
-      const maliciousMessage: Message = {
-        ...mockMessage,
-        content: '[Click here](javascript:alert("xss")) for a "surprise"',
-        role: MessageRole.USER,
-      };
-
-      const result = parseChatMessages([maliciousMessage]);
-
-      expect(result[0].html![0]).not.toContain("javascript:");
-      expect(result[0].html![0]).toContain("Click here");
-      expect(result[0].html![0]).toContain("&quot;surprise&quot;");
-    });
-
-    it("should preserve message metadata", () => {
-      const result = parseChatMessages([mockMessage]);
-
-      expect(result[0].id).toBe(mockMessage.id);
-      expect(result[0].role).toBe(mockMessage.role);
-      expect(result[0].createdAt).toBe(mockMessage.createdAt);
-      expect(result[0].updatedAt).toBe(mockMessage.updatedAt);
-    });
-  });
-
-  describe("HTML Injection Prevention", () => {
-    it("should prevent HTML injection in regular text", () => {
-      const maliciousText = 'Hello <img src="x" onerror="alert(\'xss\')">';
-      const result = parseMarkdown(maliciousText);
-      // HTML should be escaped, but onerror= might still appear in escaped form
-      expect(result[0]).toContain("&lt;img");
-      expect(result[0]).toContain("&quot;alert");
-      // Should not contain unescaped HTML
-      expect(result[0]).not.toContain('<img src="x"');
-    });
-
-    it("should prevent HTML injection in code blocks", () => {
-      const maliciousCode = '```html\n<script>alert("xss")</script>\n```';
-      const result = parseMarkdown(maliciousCode);
-      // Code in code blocks should be syntax highlighted but not executed
-      // HTML syntax highlighting will show tags but they're still safe
-      expect(result[0]).toContain("hljs-tag");
-      expect(result[0]).toContain("script");
-      // Should not contain executable script tag
-      expect(result[0]).not.toContain('<script>alert("xss")</script>');
-    });
-
-    it("should handle mixed content safely", () => {
-      const mixedContent = `
-# Header with <script>alert("xss")</script>
-
-[Malicious link](javascript:void(0)) and normal [safe link](https://example.com)
-
-\`\`\`javascript
-// This <script> should be highlighted but not executed
-console.log("<script>alert('safe')</script>");
-\`\`\`
-      `;
-
-      const result = parseMarkdown(mixedContent);
-      expect(result[0]).not.toContain("javascript:void(0)");
-      expect(result[0]).toContain("https://example.com");
-      expect(result[0]).toContain("&lt;script&gt;alert(&#x27;safe&#x27;)&lt;/script&gt;");
-    });
-  });
-});

package/src/lib/__tests__/markdown.parser.testUtils.ts

@@ -1,31 +0,0 @@
-// Test utilities to access internal functions
-// This file helps test non-exported functions from MarkdownParser
-
-import { parseMarkdown } from "../markdown.parser";
-
-/**
- * Test the sanitizeUrl function indirectly by checking link rendering
- */
-export function testSanitizeUrl(url: string): string {
-  const testMarkdown = `[test](${url})`;
-  const result = parseMarkdown(testMarkdown);
-
-  // Extract href value from the rendered HTML
-  const match = result[0].match(/href="([^"]*)"/);
-  return match ? match[1] : "";
-}
-
-/**
- * Test if a URL gets blocked (returns empty href)
- */
-export function testUrlBlocked(url: string): boolean {
-  return testSanitizeUrl(url) === "";
-}
-
-/**
- * Test if a URL gets allowed and properly escaped
- */
-export function testUrlAllowed(url: string, expectedUrl?: string): boolean {
-  const result = testSanitizeUrl(url);
-  return result !== "" && (expectedUrl ? result === expectedUrl : true);
-}

package/src/lib/__tests__/markdown.parser_sanitizeUrl.test.ts

@@ -1,130 +0,0 @@
-import { testSanitizeUrl, testUrlBlocked, testUrlAllowed } from "./markdown.parser.testUtils";
-
-describe("sanitizeUrl (internal function tests)", () => {
-  describe("Dangerous URL Blocking", () => {
-    it("should block javascript: URLs", () => {
-      expect(testUrlBlocked('javascript:alert("xss")')).toBe(true);
-      expect(testUrlBlocked("JavaScript:void(0)")).toBe(true);
-      expect(testUrlBlocked("JAVASCRIPT:alert(1)")).toBe(true);
-    });
-
-    it("should block data: URLs", () => {
-      expect(testUrlBlocked('data:text/html,<script>alert("xss")</script>')).toBe(true);
-      expect(testUrlBlocked("data:image/svg+xml,<svg onload=alert(1)>")).toBe(true);
-      expect(testUrlBlocked("DATA:text/plain,malicious")).toBe(true);
-    });
-
-    it("should block other dangerous protocols", () => {
-      expect(testUrlBlocked('vbscript:msgbox("xss")')).toBe(true);
-      expect(testUrlBlocked("file:///etc/passwd")).toBe(true);
-      expect(testUrlBlocked("ftp://malicious.com")).toBe(true);
-    });
-
-    it("should handle empty and null-like values", () => {
-      expect(testSanitizeUrl("")).toBe("");
-      expect(testSanitizeUrl("   ")).toBe("");
-    });
-  });
-
-  describe("Safe URL Allowing", () => {
-    it("should allow https URLs", () => {
-      expect(testUrlAllowed("https://example.com")).toBe(true);
-      expect(testSanitizeUrl("https://example.com")).toBe("https://example.com");
-    });
-
-    it("should allow http URLs", () => {
-      expect(testUrlAllowed("http://example.com")).toBe(true);
-      expect(testSanitizeUrl("http://example.com")).toBe("http://example.com");
-    });
-
-    it("should allow mailto URLs", () => {
-      expect(testUrlAllowed("mailto:test@example.com")).toBe(true);
-      expect(testSanitizeUrl("mailto:test@example.com")).toBe("mailto:test@example.com");
-    });
-
-    it("should handle protocol-relative URLs", () => {
-      expect(testSanitizeUrl("//example.com")).toBe("https://example.com");
-      expect(testSanitizeUrl("//cdn.example.com/file.css")).toBe("https://cdn.example.com/file.css");
-    });
-
-    it("should allow relative URLs", () => {
-      expect(testUrlAllowed("/path/to/page")).toBe(true);
-      expect(testUrlAllowed("./relative/path")).toBe(true);
-      expect(testUrlAllowed("../parent/path")).toBe(true);
-      expect(testSanitizeUrl("/api/endpoint")).toBe("/api/endpoint");
-    });
-  });
-
-  describe("URL Escaping", () => {
-    it("should escape HTML entities in URLs", () => {
-      const urlWithEntities = "https://example.com/search?q=<script>&amp=value";
-      const result = testSanitizeUrl(urlWithEntities);
-      expect(result).toContain("&lt;script&gt;");
-      expect(result).toContain("&amp;amp=value");
-    });
-
-    it("should handle URLs with quotes", () => {
-      const urlWithQuotes = "https://example.com/path?param=\"value\"&other='test'";
-      const result = testSanitizeUrl(urlWithQuotes);
-      expect(result).toContain("&quot;value&quot;");
-      expect(result).toContain("&#x27;test&#x27;");
-    });
-
-    it("should preserve query parameters safely", () => {
-      const complexUrl = "https://api.example.com/search?q=test&sort=date&filter[]=category";
-      const result = testSanitizeUrl(complexUrl);
-      // Ampersands get escaped as expected
-      expect(result).toBe("https://api.example.com/search?q=test&amp;sort=date&amp;filter[]=category");
-    });
-  });
-
-  describe("Edge Cases", () => {
-    it("should handle URLs with whitespace", () => {
-      expect(testSanitizeUrl("  https://example.com  ")).toBe("https://example.com");
-      // Note: literal \n characters in string, not actual newlines
-      expect(testSanitizeUrl("https://example.com")).toBe("https://example.com");
-    });
-
-    it("should handle mixed case protocols", () => {
-      expect(testSanitizeUrl("HTTPS://EXAMPLE.COM")).toBe("HTTPS://EXAMPLE.COM");
-      expect(testSanitizeUrl("Http://example.com")).toBe("Http://example.com");
-      expect(testSanitizeUrl("MailTo:test@example.com")).toBe("MailTo:test@example.com");
-    });
-
-    it("should handle URLs without protocols correctly", () => {
-      expect(testUrlAllowed("example.com")).toBe(true);
-      expect(testUrlAllowed("www.example.com/path")).toBe(true);
-      expect(testSanitizeUrl("example.com")).toBe("example.com");
-    });
-
-    it("should handle domain names that contain suspicious words", () => {
-      // These are actually valid domain names, just happen to contain suspicious words
-      // They should be allowed as they're not actually protocols
-      expect(testUrlAllowed("javascript.com:8080")).toBe(true);
-      expect(testUrlAllowed("data.evil.com:3000")).toBe(true);
-
-      // But actual protocols should still be blocked
-      expect(testUrlBlocked("javascript:alert(1)")).toBe(true);
-      expect(testUrlBlocked("data:text/html,<script>")).toBe(true);
-    });
-  });
-
-  describe("Security Edge Cases", () => {
-    it("should handle URL encoding attempts", () => {
-      expect(testUrlBlocked("javascript%3Aalert(1)")).toBe(true);
-      expect(testUrlBlocked("data%3Atext/html,<script>")).toBe(true);
-    });
-
-    it("should handle various protocol separators", () => {
-      expect(testUrlBlocked("javascript://alert(1)")).toBe(true);
-      expect(testUrlBlocked("javascript:\\\\alert(1)")).toBe(true);
-    });
-
-    it("should handle attempts to bypass with special characters", () => {
-      // These specific attempts with literal strings may not be blocked by our simple regex
-      // but the basic javascript: detection should work
-      expect(testUrlBlocked("javascript:alert(1)")).toBe(true);
-      expect(testUrlBlocked("JAVASCRIPT:alert(1)")).toBe(true);
-    });
-  });
-});

package/src/lib/assert.ts

@@ -1,14 +0,0 @@
-// Pure assertion tests whether a value is truthy, as determined  by !!value.
-export function ok<T>(value: T, message?: string | Error): asserts value {
-  if (!value) {
-    if (message instanceof Error) {
-      throw message;
-    }
-
-    throw new Error(message || "No value argument passed to `assert.ok()`");
-  }
-}
-
-export function notEmpty<T>(value: T | undefined | null): value is T {
-  return value != undefined;
-}

package/src/lib/markdown.parser.ts

@@ -1,189 +0,0 @@
-import hljs from "highlight.js";
-import { Marked, Renderer } from "marked";
-import { markedHighlight } from "marked-highlight";
-import markedKatex from "marked-katex-extension";
-
-import { Message, MessageRole } from "@/core/message";
-
-// Template to store original (unformatted) code to copy it
-const CodeDataTemplate = `<span class="code-data" data-code="<CODE>" data-lang="<LANG>"></span>`;
-
-const marked = new Marked(
-  // code highlighting
-  markedHighlight({
-    emptyLangClass: "hljs plaintext",
-    langPrefix: "hljs ",
-    highlight(code: string, lang: string) {
-      const language = hljs.getLanguage(lang) ? lang : "plaintext";
-      const formattedCode: string = hljs.highlight(code?.trim(), { language }).value;
-
-      if (lang) {
-        return (
-          CodeDataTemplate.replaceAll("<LANG>", language).replaceAll("<CODE>", encodeURIComponent(code)) +
-          formattedCode?.trim()
-        );
-      }
-
-      return formattedCode;
-    },
-  }),
-
-  // MatJAX formulas processing
-  // example prompt with Claude V3 Haiku: "show me some example math equations like pythagoras, also add some example of an addition of 2 matrixes"
-  // example prompt with Claude V3 Haiku: "show a proof of x is smaller y"
-  markedKatex({
-    displayMode: false,
-    throwOnError: false,
-    output: "html",
-  }),
-  { silent: true, gfm: true, breaks: true }
-);
-
-const markedSimple = new Marked(
-  markedHighlight({
-    emptyLangClass: "hljs plaintext",
-    langPrefix: "hljs ",
-    highlight(code: string, lang: string) {
-      const language = hljs.getLanguage(lang) ? lang : "plaintext";
-      return hljs.highlight(code?.trim(), { language }).value;
-    },
-  }),
-  { silent: true, breaks: true, gfm: true }
-);
-
-const renderer = new Renderer();
-renderer.html = ({ text }: { text: string }) => {
-  return escapeHtml(text);
-};
-renderer.link = ({ href, title, text }) => {
-  // Sanitize URL to prevent XSS attacks
-  const url = sanitizeUrl(href);
-  return `<a target="_blank" rel="noopener noreferrer" href="${url}" title="${escapeHtml(title) || ""}">${escapeHtml(text)}</a>`;
-};
-
-export function normalizeMatJAX(input: string): string {
-  return input
-    ? input
-        .replace(/\\\(([\s\S]+?)\\\)/g, (_, expr) => `$${expr}$`)
-        // Block math: \[ ... \] → $$ ... $$ (on newlines for KaTeX block mode)
-        .replace(/\\\[([\s\S]+?)\\\]/g, (_, expr) => `\n$$${expr}$$\n`)
-    : "";
-}
-
-/**
- * Parse markdown to html blocks
- * @param content Raw markdown
- * @returns Array for formatted HTML blocks to be rendered
- */
-export function parseMarkdown(content?: string | null, simple = false): string[] {
-  if (!content) return [];
-
-  if (simple) {
-    return [markedSimple.parse(content, { renderer }) as string];
-  }
-
-  content = normalizeMatJAX(content);
-  // process complex code blocks, tables as one block
-  if (content.match(/(```)|(\|---)/)) {
-    return [marked.parse(content, { renderer }) as string];
-  }
-
-  // split large texts
-  const parts = content
-    .split(/(\r)?\n(\r)?\n/g)
-    .filter(s => Boolean(s))
-    .map(s => s + "\n\n");
-
-  return parts.map(part => marked.parse(part, { renderer }) as string);
-}
-
-export function parseChatMessages(messages: Message[] = []): Message[] {
-  const parsedMessages: Message[] = Array<Message>(messages.length);
-  for (let i = 0; i < messages.length; i++) {
-    const message = messages[i];
-    const html =
-      message.role === MessageRole.ASSISTANT || message.role === MessageRole.USER
-        ? parseMarkdown(message.content)
-        : [escapeHtml(message.content) || ""];
-
-    let linkedMessages = message.linkedMessages;
-    if (linkedMessages) {
-      const linkedMessagesParsed = Array<Message>(linkedMessages.length);
-      for (let ndx = 0; ndx < linkedMessages.length; ndx++) {
-        const linkedMessage = linkedMessages[ndx];
-        if (linkedMessage.role === MessageRole.ASSISTANT || linkedMessage.role === MessageRole.USER) {
-          linkedMessagesParsed[ndx] = {
-            ...linkedMessage,
-            html: parseMarkdown(linkedMessage.content),
-          };
-        } else {
-          linkedMessagesParsed[ndx] = {
-            ...linkedMessage,
-            html: [escapeHtml(linkedMessage.content) || ""],
-          };
-        }
-      }
-
-      linkedMessages = linkedMessagesParsed;
-    }
-
-    parsedMessages[i] = {
-      ...message,
-      linkedMessages,
-      html,
-    };
-  }
-
-  return parsedMessages;
-}
-
-const ESCAPE_HTML_ENTITIES: { [key: string]: string } = {
-  "&": "&amp;",
-  "<": "&lt;",
-  ">": "&gt;",
-  '"': "&quot;",
-  "'": "&#x27;",
-};
-
-export function escapeHtml(text?: string | null): string {
-  if (!text) return "";
-  return text.replace(/[&<>"']/g, match => ESCAPE_HTML_ENTITIES[match] || match);
-}
-
-/**
- * Sanitize URL to prevent XSS attacks
- * Only allows http, https, and mailto protocols
- */
-function sanitizeUrl(url?: string | null): string {
-  if (!url) return "";
-
-  // Remove any whitespace and decode basic URL encoding for protocol detection
-  const trimmedUrl = url.trim();
-  const decodedUrl = decodeURIComponent(trimmedUrl).toLowerCase();
-
-  const allowedProtocols = /^(https?:\/\/|mailto:)/i;
-  if (allowedProtocols.test(trimmedUrl)) {
-    return escapeHtml(trimmedUrl);
-  }
-
-  // If it starts with //, assume https
-  if (trimmedUrl.startsWith("//")) {
-    return escapeHtml(`https:${trimmedUrl}`);
-  }
-
-  const dangerousProtocols = /^(javascript|data|vbscript|file|ftp):/i;
-  if (dangerousProtocols.test(decodedUrl)) {
-    return "";
-  }
-  if (decodedUrl.includes("javascript:") || decodedUrl.includes("data:") || decodedUrl.includes("vbscript:")) {
-    return "";
-  }
-
-  // If it looks like a relative path or doesn't have a protocol, allow it
-  if (trimmedUrl.startsWith("/") || !trimmedUrl.includes("://")) {
-    return escapeHtml(trimmedUrl);
-  }
-
-  // Block any other unknown protocols
-  return "";
-}

package/src/setupTests.ts

@@ -1 +0,0 @@
-import "@testing-library/jest-dom";

package/src/types/scss.d.ts

@@ -1,4 +0,0 @@
-declare module "*.scss" {
-  export const content: { [className: string]: string };
-  export default content;
-}