@keypuncherlabs/live-preview 1.1.0 → 1.3.0

package/README.md

@@ -1,8 +1,8 @@
 # @keypuncherlabs/live-preview
 
-Push **live, validated CSS** from a parent application into an embedded preview
-(such as a Storybook hosted on a different subdomain or origin) over
-`window.postMessage`.
+Push **live, validated CSS and Google Fonts** from a parent application into an
+embedded preview (such as a Storybook hosted on a different subdomain or origin)
+over `window.postMessage`.
 
 It is framework-agnostic, has no runtime dependencies, and is built
 security-first — previews are often hosted on origins you do not fully control,
@@ -23,9 +23,13 @@ directly. This library gives you a tiny, safe channel:
   down to the real preview frame, since a grandparent window can only post to its
   direct child.
 
-Message type on the wire: `live-preview-css`. Receivers/relays announce
-readiness with `live-preview-ready` so the parent can (re)send without racing
-startup.
+Message types on the wire: `live-preview-css` and `live-preview-google-fonts`.
+Receivers/relays announce readiness with `live-preview-ready` so the parent can
+(re)send without racing startup.
+
+Setting a `font-family` over CSS is not enough — the font resource must be
+loaded or the browser falls back. The `live-preview-google-fonts` message asks
+the preview to load specific Google Fonts so the chosen families actually render.
 
 ## Security model
 
@@ -41,6 +45,12 @@ startup.
   by default), and oversized payloads.
 - **Safe injection.** CSS is written with `textContent` into one reused `<style>`
   node, so markup cannot be injected and the DOM does not grow.
+- **Google Fonts carry no URLs.** A fonts message contains only `{ family, weights }`.
+  The receiver builds the href from a hardcoded `fonts.googleapis.com/css2` base,
+  so message data can never become the request's host/scheme. Family names must
+  match a strict charset (`A–Z a–z 0–9 space . _ -`), so they cannot inject URL
+  params or do CRLF tricks; weights are clamped to integers 1–1000 and the family
+  count is capped. The font `<link>` loads no script.
 
 ## Usage
 
@@ -64,6 +74,9 @@ window.addEventListener('message', (e) => {
 
 const result = sender.sendCss(':root { --color-primary: #06f; }');
 if (!result.valid) console.warn(result.errors);
+
+// Ask the preview to load the fonts the CSS references:
+sender.sendGoogleFonts([{ family: 'Poppins', weights: [400, 600] }]);
 ```
 
 ### Embedded app (receiver)
@@ -75,6 +88,8 @@ startLivePreviewReceiver({
   allowedOrigins: ['https://app.example.com'],
   styleId: 'live-preview-styles',
   onReject: (reason) => console.warn(reason),
+  // Google Fonts requested over `live-preview-google-fonts` are loaded by
+  // default; set `loadGoogleFonts: false` to opt out.
 });
 ```
 

package/package.json

@@ -1,13 +1,14 @@
 {
   "name": "@keypuncherlabs/live-preview",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "type": "commonjs",
-  "description": "Send validated CSS into an embedded preview (e.g. a Storybook on another origin) over postMessage. Framework-agnostic, dependency-free, security-first.",
+  "description": "Send validated CSS and Google Fonts into an embedded preview (e.g. a Storybook on another origin) over postMessage. Framework-agnostic, dependency-free, security-first.",
   "keywords": [
     "live-preview",
     "postmessage",
     "iframe",
     "css-injection",
+    "google-fonts",
     "storybook",
     "cross-origin",
     "design-tokens"
@@ -31,4 +32,4 @@
   "dependencies": {
     "tslib": "^2.3.0"
   }
-}
+}

package/src/index.d.ts

@@ -1,5 +1,6 @@
 export * from './lib/protocol';
 export * from './lib/validate-css';
+export * from './lib/google-fonts';
 export * from './lib/sender';
 export * from './lib/receiver';
 export * from './lib/relay';

package/src/index.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const tslib_1 = require("tslib");
 tslib_1.__exportStar(require("./lib/protocol"), exports);
 tslib_1.__exportStar(require("./lib/validate-css"), exports);
+tslib_1.__exportStar(require("./lib/google-fonts"), exports);
 tslib_1.__exportStar(require("./lib/sender"), exports);
 tslib_1.__exportStar(require("./lib/receiver"), exports);
 tslib_1.__exportStar(require("./lib/relay"), exports);

package/src/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../libs/public/keypuncherlabs/live-preview/src/index.ts"],"names":[],"mappings":";;;AAAA,yDAA+B;AAC/B,6DAAmC;AACnC,uDAA6B;AAC7B,yDAA+B;AAC/B,sDAA4B"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../libs/public/keypuncherlabs/live-preview/src/index.ts"],"names":[],"mappings":";;;AAAA,yDAA+B;AAC/B,6DAAmC;AACnC,6DAAmC;AACnC,uDAA6B;AAC7B,yDAA+B;AAC/B,sDAA4B"}

package/src/lib/google-fonts.d.ts

@@ -0,0 +1,70 @@
+/**
+ * Live Google Fonts loading for an embedded preview.
+ *
+ * Setting a `font-family` is not enough — the font resource must be fetched or
+ * the browser falls back. This module lets a parent app ask an embedded preview
+ * to load specific Google Fonts so the chosen families actually render.
+ *
+ * Security is the priority here, because a family name flows into a URL the page
+ * then fetches. The defenses are layered so no single one is load-bearing:
+ *
+ *  - **No URLs on the wire.** Messages carry only `{ family, weights }`. The href
+ *    is always built from a hardcoded Google Fonts base, so message data can
+ *    never become the request's origin/host/scheme.
+ *  - **Strict family charset.** A family must fully match a small allowlist
+ *    charset, so it cannot inject extra URL params, smuggle a second URL, or do
+ *    CRLF tricks.
+ *  - **Clamped weights, bounded counts.** Weights are integers in 1–1000; the
+ *    number of families is capped.
+ *  - **Validated at every hop** (sender, relay, receiver) and injected via
+ *    `createElement`/`setAttribute` into one idempotent `<link>` (never
+ *    `innerHTML`).
+ */
+/** Attribute marking elements this module injected, so loads are idempotent. */
+export declare const GOOGLE_FONTS_MARKER = "data-live-preview-google-fonts";
+/** Default ceiling on families per message. */
+export declare const DEFAULT_MAX_FONTS = 20;
+/** A Google web font to load: a family name and (optionally) the weights wanted. */
+export interface GoogleFontDef {
+    family: string;
+    weights?: number[];
+}
+export interface GoogleFontsValidationOptions {
+    /** Max number of families accepted. Defaults to {@link DEFAULT_MAX_FONTS}. */
+    maxFonts?: number;
+}
+export interface GoogleFontsValidationResult {
+    /** True when every font is safe to load. */
+    valid: boolean;
+    /** The sanitized fonts when valid, otherwise an empty array. */
+    fonts: GoogleFontDef[];
+    /** Human-readable rejection reasons (empty when valid). */
+    errors: string[];
+}
+export interface LoadGoogleFontsOptions {
+    /** `font-display` strategy. Defaults to `swap`. */
+    display?: string;
+    /** Document to inject into. Defaults to the ambient `document` (no-op if absent). */
+    document?: Document;
+    /** Inject `<link rel="preconnect">` hints. Defaults to `true`. */
+    preconnect?: boolean;
+}
+/**
+ * Validate and sanitize a list of Google fonts. Never throws; returns a result
+ * describing why the input was rejected. A single bad family rejects the whole
+ * batch (the sender should only ever send safe families).
+ */
+export declare function validateGoogleFonts(input: unknown, options?: GoogleFontsValidationOptions): GoogleFontsValidationResult;
+/**
+ * Build the Google Fonts stylesheet URL for the given fonts. Families are sorted
+ * so the same set always yields the same URL (idempotent loads). Assumes the
+ * fonts already passed {@link validateGoogleFonts}.
+ */
+export declare function buildGoogleFontsHref(fonts: readonly GoogleFontDef[], display?: string): string;
+/**
+ * Load Google Fonts by injecting a single, idempotent stylesheet `<link>` (plus
+ * preconnect hints) into `<head>`. Re-validates the fonts defensively. Replaces
+ * the previous link when the set changes; no-op when there is no `document` or
+ * no valid fonts. Returns the stylesheet `<link>`, or `null` if nothing changed.
+ */
+export declare function loadGoogleFonts(fonts: readonly GoogleFontDef[], options?: LoadGoogleFontsOptions): HTMLLinkElement | null;

package/src/lib/google-fonts.js

@@ -0,0 +1,139 @@
+"use strict";
+/**
+ * Live Google Fonts loading for an embedded preview.
+ *
+ * Setting a `font-family` is not enough — the font resource must be fetched or
+ * the browser falls back. This module lets a parent app ask an embedded preview
+ * to load specific Google Fonts so the chosen families actually render.
+ *
+ * Security is the priority here, because a family name flows into a URL the page
+ * then fetches. The defenses are layered so no single one is load-bearing:
+ *
+ *  - **No URLs on the wire.** Messages carry only `{ family, weights }`. The href
+ *    is always built from a hardcoded Google Fonts base, so message data can
+ *    never become the request's origin/host/scheme.
+ *  - **Strict family charset.** A family must fully match a small allowlist
+ *    charset, so it cannot inject extra URL params, smuggle a second URL, or do
+ *    CRLF tricks.
+ *  - **Clamped weights, bounded counts.** Weights are integers in 1–1000; the
+ *    number of families is capped.
+ *  - **Validated at every hop** (sender, relay, receiver) and injected via
+ *    `createElement`/`setAttribute` into one idempotent `<link>` (never
+ *    `innerHTML`).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_MAX_FONTS = exports.GOOGLE_FONTS_MARKER = void 0;
+exports.validateGoogleFonts = validateGoogleFonts;
+exports.buildGoogleFontsHref = buildGoogleFontsHref;
+exports.loadGoogleFonts = loadGoogleFonts;
+/** Attribute marking elements this module injected, so loads are idempotent. */
+exports.GOOGLE_FONTS_MARKER = 'data-live-preview-google-fonts';
+const GOOGLE_FONTS_CSS_BASE = 'https://fonts.googleapis.com/css2';
+const GOOGLE_FONTS_PRECONNECT = ['https://fonts.googleapis.com', 'https://fonts.gstatic.com'];
+/** Default ceiling on families per message. */
+exports.DEFAULT_MAX_FONTS = 20;
+// A family must be exactly this: letters, digits, spaces, and . _ - only. This
+// excludes & ? # : / % " ' \ < > and CR/LF, defeating URL-param injection,
+// second-URL smuggling, and CRLF tricks.
+const SAFE_FAMILY = /^[A-Za-z0-9 ._-]{1,100}$/;
+const isValidWeight = (weight) => typeof weight === 'number' && Number.isInteger(weight) && weight >= 1 && weight <= 1000;
+/**
+ * Validate and sanitize a list of Google fonts. Never throws; returns a result
+ * describing why the input was rejected. A single bad family rejects the whole
+ * batch (the sender should only ever send safe families).
+ */
+function validateGoogleFonts(input, options = {}) {
+    const { maxFonts = exports.DEFAULT_MAX_FONTS } = options;
+    const errors = [];
+    if (!Array.isArray(input)) {
+        return { valid: false, fonts: [], errors: ['fonts must be an array'] };
+    }
+    if (input.length > maxFonts) {
+        errors.push(`too many fonts (max ${maxFonts})`);
+    }
+    const fonts = [];
+    for (const entry of input) {
+        const family = entry === null || entry === void 0 ? void 0 : entry.family;
+        if (typeof family !== 'string' || !SAFE_FAMILY.test(family)) {
+            errors.push(`invalid font family: ${JSON.stringify(family)}`);
+            continue;
+        }
+        const rawWeights = entry.weights;
+        let weights;
+        if (rawWeights != null) {
+            if (!Array.isArray(rawWeights)) {
+                errors.push(`invalid weights for ${family}`);
+                continue;
+            }
+            // Keep only valid weights; de-duplicate and sort for a deterministic URL.
+            weights = [...new Set(rawWeights.filter(isValidWeight))].sort((a, b) => a - b);
+        }
+        fonts.push(weights && weights.length ? { family: family.trim(), weights } : { family: family.trim() });
+    }
+    if (errors.length > 0) {
+        return { valid: false, fonts: [], errors };
+    }
+    return { valid: true, fonts, errors: [] };
+}
+/** Google Fonts css2 param for one family, e.g. `family=Open+Sans:wght@400;600`. */
+const googleParam = (font) => {
+    const name = font.family.trim().replace(/\s+/g, '+');
+    const weights = font.weights && font.weights.length ? [...font.weights].sort((a, b) => a - b) : [];
+    return `family=${name}${weights.length ? `:wght@${weights.join(';')}` : ''}`;
+};
+/**
+ * Build the Google Fonts stylesheet URL for the given fonts. Families are sorted
+ * so the same set always yields the same URL (idempotent loads). Assumes the
+ * fonts already passed {@link validateGoogleFonts}.
+ */
+function buildGoogleFontsHref(fonts, display = 'swap') {
+    const families = [...fonts]
+        .sort((a, b) => a.family.localeCompare(b.family))
+        .map(googleParam)
+        .join('&');
+    return `${GOOGLE_FONTS_CSS_BASE}?${families}&display=${display}`;
+}
+/**
+ * Load Google Fonts by injecting a single, idempotent stylesheet `<link>` (plus
+ * preconnect hints) into `<head>`. Re-validates the fonts defensively. Replaces
+ * the previous link when the set changes; no-op when there is no `document` or
+ * no valid fonts. Returns the stylesheet `<link>`, or `null` if nothing changed.
+ */
+function loadGoogleFonts(fonts, options = {}) {
+    var _a, _b, _c;
+    const doc = (_a = options.document) !== null && _a !== void 0 ? _a : (typeof document !== 'undefined' ? document : undefined);
+    if (!doc)
+        return null;
+    // Defense in depth: never trust the caller; build the URL only from safe data.
+    const result = validateGoogleFonts(fonts);
+    if (!result.valid || result.fonts.length === 0)
+        return null;
+    const href = buildGoogleFontsHref(result.fonts, (_b = options.display) !== null && _b !== void 0 ? _b : 'swap');
+    const existing = doc.head.querySelector(`link[${exports.GOOGLE_FONTS_MARKER}="stylesheet"]`);
+    if (existing) {
+        if (existing.href === href)
+            return existing;
+        existing.remove();
+    }
+    if ((_c = options.preconnect) !== null && _c !== void 0 ? _c : true) {
+        for (const host of GOOGLE_FONTS_PRECONNECT) {
+            if (doc.head.querySelector(`link[${exports.GOOGLE_FONTS_MARKER}="preconnect"][href="${host}"]`)) {
+                continue;
+            }
+            const pre = doc.createElement('link');
+            pre.rel = 'preconnect';
+            pre.href = host;
+            if (host.includes('gstatic'))
+                pre.crossOrigin = 'anonymous';
+            pre.setAttribute(exports.GOOGLE_FONTS_MARKER, 'preconnect');
+            doc.head.appendChild(pre);
+        }
+    }
+    const link = doc.createElement('link');
+    link.rel = 'stylesheet';
+    link.href = href;
+    link.setAttribute(exports.GOOGLE_FONTS_MARKER, 'stylesheet');
+    doc.head.appendChild(link);
+    return link;
+}
+//# sourceMappingURL=google-fonts.js.map

package/src/lib/google-fonts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-fonts.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/google-fonts.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;;AAqDH,kDAyCC;AAcD,oDASC;AAQD,0CA0CC;AArKD,gFAAgF;AACnE,QAAA,mBAAmB,GAAG,gCAAgC,CAAC;AAEpE,MAAM,qBAAqB,GAAG,mCAAmC,CAAC;AAClE,MAAM,uBAAuB,GAAG,CAAC,8BAA8B,EAAE,2BAA2B,CAAC,CAAC;AAE9F,+CAA+C;AAClC,QAAA,iBAAiB,GAAG,EAAE,CAAC;AA+BpC,+EAA+E;AAC/E,2EAA2E;AAC3E,yCAAyC;AACzC,MAAM,WAAW,GAAG,0BAA0B,CAAC;AAE/C,MAAM,aAAa,GAAG,CAAC,MAAe,EAAoB,EAAE,CAC1D,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,IAAI,MAAM,IAAI,IAAI,CAAC;AAE1F;;;;GAIG;AACH,SAAgB,mBAAmB,CACjC,KAAc,EACd,UAAwC,EAAE;IAE1C,MAAM,EAAE,QAAQ,GAAG,yBAAiB,EAAE,GAAG,OAAO,CAAC;IACjD,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,wBAAwB,CAAC,EAAE,CAAC;IACzE,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,GAAG,QAAQ,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,uBAAuB,QAAQ,GAAG,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,KAAK,GAAoB,EAAE,CAAC;IAClC,KAAK,MAAM,KAAK,IAAI,KAAK,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAI,KAA8B,aAA9B,KAAK,uBAAL,KAAK,CAA2B,MAAM,CAAC;QACvD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5D,MAAM,CAAC,IAAI,CAAC,wBAAwB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC9D,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAAI,KAA+B,CAAC,OAAO,CAAC;QAC5D,IAAI,OAA6B,CAAC;QAClC,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;YACvB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC/B,MAAM,CAAC,IAAI,CAAC,uBAAuB,MAAM,EAAE,CAAC,CAAC;gBAC7C,SAAS;YACX,CAAC;YACD,0EAA0E;YAC1E,OAAO,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACjF,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACzG,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;IAC7C,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AAC5C,CAAC;AAED,oFAAoF;AACpF,MAAM,WAAW,GAAG,CAAC,IAAmB,EAAU,EAAE;IAClD,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACnG,OAAO,UAAU,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AAC/E,CAAC,CAAC;AAEF;;;;GAIG;AACH,SAAgB,oBAAoB,CAClC,KAA+B,EAC/B,OAAO,GAAG,MAAM;IAEhB,MAAM,QAAQ,GAAG,CAAC,GAAG,KAAK,CAAC;SACxB,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;SAChD,GAAG,CAAC,WAAW,CAAC;SAChB,IAAI,CAAC,GAAG,CAAC,CAAC;IACb,OAAO,GAAG,qBAAqB,IAAI,QAAQ,YAAY,OAAO,EAAE,CAAC;AACnE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,eAAe,CAC7B,KAA+B,EAC/B,UAAkC,EAAE;;IAEpC,MAAM,GAAG,GACP,MAAA,OAAO,CAAC,QAAQ,mCAAI,CAAC,OAAO,QAAQ,KAAK,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC/E,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,+EAA+E;IAC/E,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE5D,MAAM,IAAI,GAAG,oBAAoB,CAAC,MAAM,CAAC,KAAK,EAAE,MAAA,OAAO,CAAC,OAAO,mCAAI,MAAM,CAAC,CAAC;IAE3E,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,aAAa,CACrC,QAAQ,2BAAmB,gBAAgB,CAC5C,CAAC;IACF,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI;YAAE,OAAO,QAAQ,CAAC;QAC5C,QAAQ,CAAC,MAAM,EAAE,CAAC;IACpB,CAAC;IAED,IAAI,MAAA,OAAO,CAAC,UAAU,mCAAI,IAAI,EAAE,CAAC;QAC/B,KAAK,MAAM,IAAI,IAAI,uBAAuB,EAAE,CAAC;YAC3C,IAAI,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,2BAAmB,wBAAwB,IAAI,IAAI,CAAC,EAAE,CAAC;gBACxF,SAAS;YACX,CAAC;YACD,MAAM,GAAG,GAAG,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YACtC,GAAG,CAAC,GAAG,GAAG,YAAY,CAAC;YACvB,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;YAChB,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAAE,GAAG,CAAC,WAAW,GAAG,WAAW,CAAC;YAC5D,GAAG,CAAC,YAAY,CAAC,2BAAmB,EAAE,YAAY,CAAC,CAAC;YACpD,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,GAAG,YAAY,CAAC;IACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACjB,IAAI,CAAC,YAAY,CAAC,2BAAmB,EAAE,YAAY,CAAC,CAAC;IACrD,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAC3B,OAAO,IAAI,CAAC;AACd,CAAC"}

package/src/lib/protocol.d.ts

@@ -7,8 +7,11 @@
  * `live-preview-` prefix so it is easy to identify and unlikely to collide with
  * other postMessage traffic on the same window.
  */
+import type { GoogleFontDef } from './google-fonts';
 /** Message type for pushing a CSS payload into an embedded preview. */
 export declare const LIVE_PREVIEW_CSS_TYPE: "live-preview-css";
+/** Message type for asking an embedded preview to load Google Fonts. */
+export declare const LIVE_PREVIEW_GOOGLE_FONTS_TYPE: "live-preview-google-fonts";
 /** Message type a receiver/relay emits upward once it is ready to apply CSS. */
 export declare const LIVE_PREVIEW_READY_TYPE: "live-preview-ready";
 /** Carries a CSS string from a parent app to an embedded preview. */
@@ -16,6 +19,14 @@ export interface LivePreviewCssMessage {
     type: typeof LIVE_PREVIEW_CSS_TYPE;
     css: string;
 }
+/**
+ * Asks an embedded preview to load Google Fonts. Carries only family names and
+ * weights — never URLs; the receiver builds the Google CDN URL itself.
+ */
+export interface LivePreviewGoogleFontsMessage {
+    type: typeof LIVE_PREVIEW_GOOGLE_FONTS_TYPE;
+    fonts: GoogleFontDef[];
+}
 /**
  * Announces that a receiver (or relay) has attached its listener. A parent app
  * can wait for this before sending so the initial CSS is not lost to a startup
@@ -24,8 +35,10 @@ export interface LivePreviewCssMessage {
 export interface LivePreviewReadyMessage {
     type: typeof LIVE_PREVIEW_READY_TYPE;
 }
-export type LivePreviewMessage = LivePreviewCssMessage | LivePreviewReadyMessage;
+export type LivePreviewMessage = LivePreviewCssMessage | LivePreviewGoogleFontsMessage | LivePreviewReadyMessage;
 /** Narrows arbitrary `postMessage` data to a CSS message. */
 export declare function isCssMessage(value: unknown): value is LivePreviewCssMessage;
+/** Narrows arbitrary `postMessage` data to a Google Fonts message. */
+export declare function isGoogleFontsMessage(value: unknown): value is LivePreviewGoogleFontsMessage;
 /** Narrows arbitrary `postMessage` data to a ready message. */
 export declare function isReadyMessage(value: unknown): value is LivePreviewReadyMessage;

package/src/lib/protocol.js

@@ -9,11 +9,14 @@
  * other postMessage traffic on the same window.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.LIVE_PREVIEW_READY_TYPE = exports.LIVE_PREVIEW_CSS_TYPE = void 0;
+exports.LIVE_PREVIEW_READY_TYPE = exports.LIVE_PREVIEW_GOOGLE_FONTS_TYPE = exports.LIVE_PREVIEW_CSS_TYPE = void 0;
 exports.isCssMessage = isCssMessage;
+exports.isGoogleFontsMessage = isGoogleFontsMessage;
 exports.isReadyMessage = isReadyMessage;
 /** Message type for pushing a CSS payload into an embedded preview. */
 exports.LIVE_PREVIEW_CSS_TYPE = 'live-preview-css';
+/** Message type for asking an embedded preview to load Google Fonts. */
+exports.LIVE_PREVIEW_GOOGLE_FONTS_TYPE = 'live-preview-google-fonts';
 /** Message type a receiver/relay emits upward once it is ready to apply CSS. */
 exports.LIVE_PREVIEW_READY_TYPE = 'live-preview-ready';
 /** Narrows arbitrary `postMessage` data to a CSS message. */
@@ -23,6 +26,13 @@ function isCssMessage(value) {
         value.type === exports.LIVE_PREVIEW_CSS_TYPE &&
         typeof value.css === 'string');
 }
+/** Narrows arbitrary `postMessage` data to a Google Fonts message. */
+function isGoogleFontsMessage(value) {
+    return (typeof value === 'object' &&
+        value !== null &&
+        value.type === exports.LIVE_PREVIEW_GOOGLE_FONTS_TYPE &&
+        Array.isArray(value.fonts));
+}
 /** Narrows arbitrary `postMessage` data to a ready message. */
 function isReadyMessage(value) {
     return (typeof value === 'object' &&

package/src/lib/protocol.js.map

@@ -1 +1 @@
-{"version":3,"file":"protocol.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/protocol.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AA0BH,oCAOC;AAGD,wCAMC;AAxCD,uEAAuE;AAC1D,QAAA,qBAAqB,GAAG,kBAA2B,CAAC;AAEjE,gFAAgF;AACnE,QAAA,uBAAuB,GAAG,oBAA6B,CAAC;AAmBrE,6DAA6D;AAC7D,SAAgB,YAAY,CAAC,KAAc;IACzC,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACb,KAA4B,CAAC,IAAI,KAAK,6BAAqB;QAC5D,OAAQ,KAA2B,CAAC,GAAG,KAAK,QAAQ,CACrD,CAAC;AACJ,CAAC;AAED,+DAA+D;AAC/D,SAAgB,cAAc,CAAC,KAAc;IAC3C,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACb,KAA4B,CAAC,IAAI,KAAK,+BAAuB,CAC/D,CAAC;AACJ,CAAC"}
+{"version":3,"file":"protocol.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/protocol.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AA2CH,oCAOC;AAGD,oDAOC;AAGD,wCAMC;AAjED,uEAAuE;AAC1D,QAAA,qBAAqB,GAAG,kBAA2B,CAAC;AAEjE,wEAAwE;AAC3D,QAAA,8BAA8B,GAAG,2BAAoC,CAAC;AAEnF,gFAAgF;AACnE,QAAA,uBAAuB,GAAG,oBAA6B,CAAC;AA+BrE,6DAA6D;AAC7D,SAAgB,YAAY,CAAC,KAAc;IACzC,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACb,KAA4B,CAAC,IAAI,KAAK,6BAAqB;QAC5D,OAAQ,KAA2B,CAAC,GAAG,KAAK,QAAQ,CACrD,CAAC;AACJ,CAAC;AAED,sEAAsE;AACtE,SAAgB,oBAAoB,CAAC,KAAc;IACjD,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACb,KAA4B,CAAC,IAAI,KAAK,sCAA8B;QACrE,KAAK,CAAC,OAAO,CAAE,KAA6B,CAAC,KAAK,CAAC,CACpD,CAAC;AACJ,CAAC;AAED,+DAA+D;AAC/D,SAAgB,cAAc,CAAC,KAAc;IAC3C,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACb,KAA4B,CAAC,IAAI,KAAK,+BAAuB,CAC/D,CAAC;AACJ,CAAC"}

package/src/lib/receiver.d.ts

@@ -15,6 +15,7 @@
  * markup cannot be injected and the DOM does not grow on repeated updates.
  */
 import { type CssValidationOptions } from './validate-css';
+import { type GoogleFontDef, type GoogleFontsValidationOptions } from './google-fonts';
 export declare const DEFAULT_STYLE_ID = "live-preview-styles";
 export interface LivePreviewReceiverOptions {
     /**
@@ -30,8 +31,14 @@ export interface LivePreviewReceiverOptions {
     styleId?: string;
     /** Validation overrides applied to incoming CSS. */
     validation?: CssValidationOptions;
+    /** Validation overrides applied to incoming Google Fonts. */
+    fontsValidation?: GoogleFontsValidationOptions;
+    /** Load Google Fonts requested via `live-preview-google-fonts`. Default `true`. */
+    loadGoogleFonts?: boolean;
     /** Called after CSS is successfully applied. */
     onApply?: (css: string) => void;
+    /** Called after Google Fonts are successfully loaded. */
+    onGoogleFontsApply?: (fonts: GoogleFontDef[]) => void;
     /** Called when a message is rejected, with a human-readable reason. */
     onReject?: (reason: string) => void;
 }

package/src/lib/receiver.js

@@ -20,6 +20,7 @@ exports.DEFAULT_STYLE_ID = void 0;
 exports.startLivePreviewReceiver = startLivePreviewReceiver;
 const protocol_1 = require("./protocol");
 const validate_css_1 = require("./validate-css");
+const google_fonts_1 = require("./google-fonts");
 exports.DEFAULT_STYLE_ID = 'live-preview-styles';
 const isOriginAllowed = (origin, allowed) => allowed.includes('*') || allowed.includes(origin);
 const getOrCreateStyle = (doc, styleId) => {
@@ -34,7 +35,7 @@ const getOrCreateStyle = (doc, styleId) => {
     return style;
 };
 function startLivePreviewReceiver(options) {
-    const { allowedOrigins, target = document, source = window, styleId = exports.DEFAULT_STYLE_ID, validation, onApply, onReject, } = options;
+    const { allowedOrigins, target = document, source = window, styleId = exports.DEFAULT_STYLE_ID, validation, fontsValidation, loadGoogleFonts: enableFonts = true, onApply, onGoogleFontsApply, onReject, } = options;
     if (!allowedOrigins || allowedOrigins.length === 0) {
         throw new Error('startLivePreviewReceiver requires a non-empty allowedOrigins list');
     }
@@ -42,16 +43,25 @@ function startLivePreviewReceiver(options) {
         if (!isOriginAllowed(event.origin, allowedOrigins)) {
             return; // Silently ignore untrusted origins — not actionable to the page.
         }
-        if (!(0, protocol_1.isCssMessage)(event.data)) {
+        if ((0, protocol_1.isCssMessage)(event.data)) {
+            const result = (0, validate_css_1.validateCss)(event.data.css, validation);
+            if (!result.valid) {
+                onReject === null || onReject === void 0 ? void 0 : onReject(`rejected css from ${event.origin}: ${result.errors.join('; ')}`);
+                return;
+            }
+            getOrCreateStyle(target, styleId).textContent = result.css;
+            onApply === null || onApply === void 0 ? void 0 : onApply(result.css);
             return;
         }
-        const result = (0, validate_css_1.validateCss)(event.data.css, validation);
-        if (!result.valid) {
-            onReject === null || onReject === void 0 ? void 0 : onReject(`rejected css from ${event.origin}: ${result.errors.join('; ')}`);
-            return;
+        if (enableFonts && (0, protocol_1.isGoogleFontsMessage)(event.data)) {
+            const result = (0, google_fonts_1.validateGoogleFonts)(event.data.fonts, fontsValidation);
+            if (!result.valid) {
+                onReject === null || onReject === void 0 ? void 0 : onReject(`rejected google fonts from ${event.origin}: ${result.errors.join('; ')}`);
+                return;
+            }
+            (0, google_fonts_1.loadGoogleFonts)(result.fonts, { document: target });
+            onGoogleFontsApply === null || onGoogleFontsApply === void 0 ? void 0 : onGoogleFontsApply(result.fonts);
         }
-        getOrCreateStyle(target, styleId).textContent = result.css;
-        onApply === null || onApply === void 0 ? void 0 : onApply(result.css);
     };
     source.addEventListener('message', handleMessage);
     // Announce readiness upward so a parent can (re)send the current CSS without

package/src/lib/receiver.js.map

@@ -1 +1 @@
-{"version":3,"file":"receiver.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/receiver.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AAmDH,4DAiDC;AAlGD,yCAIoB;AACpB,iDAAwE;AAE3D,QAAA,gBAAgB,GAAG,qBAAqB,CAAC;AA2BtD,MAAM,eAAe,GAAG,CAAC,MAAc,EAAE,OAAiB,EAAW,EAAE,CACrE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAEpD,MAAM,gBAAgB,GAAG,CAAC,GAAa,EAAE,OAAe,EAAoB,EAAE;IAC5E,MAAM,QAAQ,GAAG,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IAC7C,IAAI,QAAQ,YAAY,gBAAgB,EAAE,CAAC;QACzC,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,KAAK,GAAG,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IACzC,KAAK,CAAC,EAAE,GAAG,OAAO,CAAC;IACnB,KAAK,CAAC,YAAY,CAAC,mBAAmB,EAAE,EAAE,CAAC,CAAC;IAC5C,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IAC5B,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,SAAgB,wBAAwB,CACtC,OAAmC;IAEnC,MAAM,EACJ,cAAc,EACd,MAAM,GAAG,QAAQ,EACjB,MAAM,GAAG,MAAM,EACf,OAAO,GAAG,wBAAgB,EAC1B,UAAU,EACV,OAAO,EACP,QAAQ,GACT,GAAG,OAAO,CAAC;IAEZ,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACvF,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,KAAmB,EAAQ,EAAE;QAClD,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,CAAC;YACnD,OAAO,CAAC,kEAAkE;QAC5E,CAAC;QACD,IAAI,CAAC,IAAA,uBAAY,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,0BAAW,EAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAG,qBAAqB,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC7E,OAAO;QACT,CAAC;QAED,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC;QAC3D,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC,CAAC;IAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IAElD,6EAA6E;IAC7E,qCAAqC;IACrC,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC9C,MAAM,KAAK,GAA4B,EAAE,IAAI,EAAE,kCAAuB,EAAE,CAAC;QACzE,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACxC,CAAC;IAED,OAAO;QACL,IAAI;YACF,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"receiver.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/receiver.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AAgEH,4DA+DC;AA7HD,yCAKoB;AACpB,iDAAwE;AACxE,iDAKwB;AAEX,QAAA,gBAAgB,GAAG,qBAAqB,CAAC;AAiCtD,MAAM,eAAe,GAAG,CAAC,MAAc,EAAE,OAAiB,EAAW,EAAE,CACrE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAEpD,MAAM,gBAAgB,GAAG,CAAC,GAAa,EAAE,OAAe,EAAoB,EAAE;IAC5E,MAAM,QAAQ,GAAG,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IAC7C,IAAI,QAAQ,YAAY,gBAAgB,EAAE,CAAC;QACzC,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,KAAK,GAAG,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IACzC,KAAK,CAAC,EAAE,GAAG,OAAO,CAAC;IACnB,KAAK,CAAC,YAAY,CAAC,mBAAmB,EAAE,EAAE,CAAC,CAAC;IAC5C,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IAC5B,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,SAAgB,wBAAwB,CACtC,OAAmC;IAEnC,MAAM,EACJ,cAAc,EACd,MAAM,GAAG,QAAQ,EACjB,MAAM,GAAG,MAAM,EACf,OAAO,GAAG,wBAAgB,EAC1B,UAAU,EACV,eAAe,EACf,eAAe,EAAE,WAAW,GAAG,IAAI,EACnC,OAAO,EACP,kBAAkB,EAClB,QAAQ,GACT,GAAG,OAAO,CAAC;IAEZ,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACvF,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,KAAmB,EAAQ,EAAE;QAClD,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,CAAC;YACnD,OAAO,CAAC,kEAAkE;QAC5E,CAAC;QAED,IAAI,IAAA,uBAAY,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,IAAA,0BAAW,EAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;YACvD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAG,qBAAqB,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC7E,OAAO;YACT,CAAC;YAED,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC;YAC3D,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAG,MAAM,CAAC,GAAG,CAAC,CAAC;YACtB,OAAO;QACT,CAAC;QAED,IAAI,WAAW,IAAI,IAAA,+BAAoB,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACpD,MAAM,MAAM,GAAG,IAAA,kCAAmB,EAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YACtE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAG,8BAA8B,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACtF,OAAO;YACT,CAAC;YAED,IAAA,8BAAe,EAAC,MAAM,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QACrC,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IAElD,6EAA6E;IAC7E,qCAAqC;IACrC,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC9C,MAAM,KAAK,GAA4B,EAAE,IAAI,EAAE,kCAAuB,EAAE,CAAC;QACzE,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACxC,CAAC;IAED,OAAO;QACL,IAAI;YACF,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;KACF,CAAC;AACJ,CAAC"}

package/src/lib/relay.d.ts

@@ -14,6 +14,7 @@
  *    the original sender's readiness handshake works end to end.
  */
 import { type CssValidationOptions } from './validate-css';
+import { type GoogleFontsValidationOptions } from './google-fonts';
 export interface LivePreviewRelayOptions {
     /** Parent origins permitted to send CSS. Required. `['*']` opts out (dev). */
     allowedOrigins: string[];
@@ -25,7 +26,9 @@ export interface LivePreviewRelayOptions {
     source?: Window;
     /** Validation overrides applied to relayed CSS. */
     validation?: CssValidationOptions;
-    /** Called when CSS is rejected before forwarding, with a reason. */
+    /** Validation overrides applied to relayed Google Fonts. */
+    fontsValidation?: GoogleFontsValidationOptions;
+    /** Called when a message is rejected before forwarding, with a reason. */
     onReject?: (reason: string) => void;
 }
 export interface LivePreviewRelay {

package/src/lib/relay.js

@@ -18,9 +18,26 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createLivePreviewRelay = createLivePreviewRelay;
 const protocol_1 = require("./protocol");
 const validate_css_1 = require("./validate-css");
-const isOriginAllowed = (origin, allowed) => allowed.includes('*') || allowed.includes(origin);
+const google_fonts_1 = require("./google-fonts");
+// An allowlist entry may be an exact origin, the lone `'*'` (allow any — dev
+// opt-out), or a wildcard pattern such as `https://*.app.example.com`. In a
+// pattern, `*` matches exactly one DNS label (no dots), so it never crosses a
+// domain boundary into a different parent domain.
+const isOriginAllowed = (origin, allowed) => allowed.some((entry) => {
+    if (entry === '*')
+        return true;
+    if (!entry.includes('*'))
+        return entry === origin;
+    const pattern = '^' +
+        entry
+            .split('*')
+            .map((part) => part.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'))
+            .join('[^.]+') +
+        '$';
+    return new RegExp(pattern).test(origin);
+});
 function createLivePreviewRelay(options) {
-    const { allowedOrigins, getTargetWindow, targetOrigin, source = window, validation, onReject, } = options;
+    const { allowedOrigins, getTargetWindow, targetOrigin, source = window, validation, fontsValidation, onReject, } = options;
     if (!allowedOrigins || allowedOrigins.length === 0) {
         throw new Error('createLivePreviewRelay requires a non-empty allowedOrigins list');
     }
@@ -39,19 +56,32 @@ function createLivePreviewRelay(options) {
         if (!isOriginAllowed(event.origin, allowedOrigins)) {
             return;
         }
-        if (!(0, protocol_1.isCssMessage)(event.data)) {
-            return;
+        // Re-validate here (defense in depth) and forward the relevant message types
+        // to the child preview frame. The child re-validates again before applying.
+        let message = null;
+        if ((0, protocol_1.isCssMessage)(event.data)) {
+            const result = (0, validate_css_1.validateCss)(event.data.css, validation);
+            if (!result.valid) {
+                onReject === null || onReject === void 0 ? void 0 : onReject(`relay rejected css from ${event.origin}: ${result.errors.join('; ')}`);
+                return;
+            }
+            message = { type: protocol_1.LIVE_PREVIEW_CSS_TYPE, css: result.css };
+        }
+        else if ((0, protocol_1.isGoogleFontsMessage)(event.data)) {
+            const result = (0, google_fonts_1.validateGoogleFonts)(event.data.fonts, fontsValidation);
+            if (!result.valid) {
+                onReject === null || onReject === void 0 ? void 0 : onReject(`relay rejected google fonts from ${event.origin}: ${result.errors.join('; ')}`);
+                return;
+            }
+            message = { type: protocol_1.LIVE_PREVIEW_GOOGLE_FONTS_TYPE, fonts: result.fonts };
         }
-        const result = (0, validate_css_1.validateCss)(event.data.css, validation);
-        if (!result.valid) {
-            onReject === null || onReject === void 0 ? void 0 : onReject(`relay rejected css from ${event.origin}: ${result.errors.join('; ')}`);
+        else {
             return;
         }
         const child = getTargetWindow();
         if (!child) {
             return; // Preview frame not mounted yet; the sender resends on ready.
         }
-        const message = { type: protocol_1.LIVE_PREVIEW_CSS_TYPE, css: result.css };
         child.postMessage(message, targetOrigin);
     };
     source.addEventListener('message', handleMessage);

package/src/lib/relay.js.map

@@ -1 +1 @@
-{"version":3,"file":"relay.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/relay.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AAiCH,wDAwDC;AAvFD,yCAKoB;AACpB,iDAAwE;AAsBxE,MAAM,eAAe,GAAG,CAAC,MAAc,EAAE,OAAiB,EAAW,EAAE,CACrE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAEpD,SAAgB,sBAAsB,CAAC,OAAgC;IACrE,MAAM,EACJ,cAAc,EACd,eAAe,EACf,YAAY,EACZ,MAAM,GAAG,MAAM,EACf,UAAU,EACV,QAAQ,GACT,GAAG,OAAO,CAAC;IAEZ,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,CAAC,YAAY,IAAI,YAAY,KAAK,GAAG,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,KAAmB,EAAQ,EAAE;QAClD,4EAA4E;QAC5E,kDAAkD;QAClD,IAAI,IAAA,yBAAc,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC9C,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC7C,CAAC;YACD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,CAAC;YACnD,OAAO;QACT,CAAC;QACD,IAAI,CAAC,IAAA,uBAAY,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,0BAAW,EAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAG,2BAA2B,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACnF,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;QAChC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,8DAA8D;QACxE,CAAC;QAED,MAAM,OAAO,GAA0B,EAAE,IAAI,EAAE,gCAAqB,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;QACxF,KAAK,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAC3C,CAAC,CAAC;IAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IAElD,OAAO;QACL,IAAI;YACF,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"relay.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/relay.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;AAsDH,wDAqEC;AAzHD,yCAQoB;AACpB,iDAAwE;AACxE,iDAAwF;AAwBxF,6EAA6E;AAC7E,4EAA4E;AAC5E,8EAA8E;AAC9E,kDAAkD;AAClD,MAAM,eAAe,GAAG,CAAC,MAAc,EAAE,OAAiB,EAAW,EAAE,CACrE,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,IAAI,KAAK,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC/B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,KAAK,MAAM,CAAC;IAClD,MAAM,OAAO,GACX,GAAG;QACH,KAAK;aACF,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;aAC1D,IAAI,CAAC,OAAO,CAAC;QAChB,GAAG,CAAC;IACN,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC1C,CAAC,CAAC,CAAC;AAEL,SAAgB,sBAAsB,CAAC,OAAgC;IACrE,MAAM,EACJ,cAAc,EACd,eAAe,EACf,YAAY,EACZ,MAAM,GAAG,MAAM,EACf,UAAU,EACV,eAAe,EACf,QAAQ,GACT,GAAG,OAAO,CAAC;IAEZ,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,CAAC,YAAY,IAAI,YAAY,KAAK,GAAG,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,KAAmB,EAAQ,EAAE;QAClD,4EAA4E;QAC5E,kDAAkD;QAClD,IAAI,IAAA,yBAAc,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC9C,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC7C,CAAC;YACD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,CAAC;YACnD,OAAO;QACT,CAAC;QAED,6EAA6E;QAC7E,4EAA4E;QAC5E,IAAI,OAAO,GAAiE,IAAI,CAAC;QAEjF,IAAI,IAAA,uBAAY,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,IAAA,0BAAW,EAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;YACvD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAG,2BAA2B,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACnF,OAAO;YACT,CAAC;YACD,OAAO,GAAG,EAAE,IAAI,EAAE,gCAAqB,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;QAC7D,CAAC;aAAM,IAAI,IAAA,+BAAoB,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5C,MAAM,MAAM,GAAG,IAAA,kCAAmB,EAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YACtE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAG,oCAAoC,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC5F,OAAO;YACT,CAAC;YACD,OAAO,GAAG,EAAE,IAAI,EAAE,yCAA8B,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;QAC1E,CAAC;aAAM,CAAC;YACN,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;QAChC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,8DAA8D;QACxE,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAC3C,CAAC,CAAC;IAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IAElD,OAAO;QACL,IAAI;YACF,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;KACF,CAAC;AACJ,CAAC"}

package/src/lib/sender.d.ts

@@ -7,6 +7,7 @@
  * never `'*'` — so a navigated-away or swapped iframe can never receive it.
  */
 import { type CssValidationOptions, type CssValidationResult } from './validate-css';
+import { type GoogleFontDef, type GoogleFontsValidationOptions, type GoogleFontsValidationResult } from './google-fonts';
 export interface LivePreviewSenderOptions {
     /** The window to post to, e.g. `iframe.contentWindow`. */
     targetWindow: Window;
@@ -16,8 +17,10 @@ export interface LivePreviewSenderOptions {
      * document currently occupies the frame.
      */
     targetOrigin: string;
-    /** Validation overrides applied before sending. */
+    /** Validation overrides applied before sending CSS. */
     validation?: CssValidationOptions;
+    /** Validation overrides applied before sending Google Fonts. */
+    fontsValidation?: GoogleFontsValidationOptions;
 }
 export interface LivePreviewSender {
     /**
@@ -25,5 +28,10 @@ export interface LivePreviewSender {
      * invalid, nothing is sent and `result.errors` explains why.
      */
     sendCss(css: string): CssValidationResult;
+    /**
+     * Validate and post a list of Google Fonts to load. Returns the validation
+     * result; when invalid, nothing is sent and `result.errors` explains why.
+     */
+    sendGoogleFonts(fonts: GoogleFontDef[]): GoogleFontsValidationResult;
 }
 export declare function createLivePreviewSender(options: LivePreviewSenderOptions): LivePreviewSender;

package/src/lib/sender.js

@@ -11,8 +11,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createLivePreviewSender = createLivePreviewSender;
 const protocol_1 = require("./protocol");
 const validate_css_1 = require("./validate-css");
+const google_fonts_1 = require("./google-fonts");
 function createLivePreviewSender(options) {
-    const { targetWindow, targetOrigin, validation } = options;
+    const { targetWindow, targetOrigin, validation, fontsValidation } = options;
     if (!targetOrigin || targetOrigin === '*') {
         throw new Error('createLivePreviewSender requires an explicit targetOrigin (cannot be "*")');
     }
@@ -26,6 +27,18 @@ function createLivePreviewSender(options) {
             targetWindow.postMessage(message, targetOrigin);
             return result;
         },
+        sendGoogleFonts(fonts) {
+            const result = (0, google_fonts_1.validateGoogleFonts)(fonts, fontsValidation);
+            if (!result.valid) {
+                return result;
+            }
+            const message = {
+                type: protocol_1.LIVE_PREVIEW_GOOGLE_FONTS_TYPE,
+                fonts: result.fonts,
+            };
+            targetWindow.postMessage(message, targetOrigin);
+            return result;
+        },
     };
 }
 //# sourceMappingURL=sender.js.map

package/src/lib/sender.js.map

@@ -1 +1 @@
-{"version":3,"file":"sender.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/sender.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AA0BH,0DAqBC;AA7CD,yCAA+E;AAC/E,iDAAkG;AAuBlG,SAAgB,uBAAuB,CAAC,OAAiC;IACvE,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAE3D,IAAI,CAAC,YAAY,IAAI,YAAY,KAAK,GAAG,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,CAAC,GAAW;YACjB,MAAM,MAAM,GAAG,IAAA,0BAAW,EAAC,GAAG,EAAE,UAAU,CAAC,CAAC;YAC5C,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,MAAM,OAAO,GAA0B,EAAE,IAAI,EAAE,gCAAqB,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;YACxF,YAAY,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAChD,OAAO,MAAM,CAAC;QAChB,CAAC;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"sender.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/sender.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AA4CH,0DAmCC;AA7ED,yCAKoB;AACpB,iDAAkG;AAClG,iDAKwB;AA8BxB,SAAgB,uBAAuB,CAAC,OAAiC;IACvE,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC;IAE5E,IAAI,CAAC,YAAY,IAAI,YAAY,KAAK,GAAG,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,CAAC,GAAW;YACjB,MAAM,MAAM,GAAG,IAAA,0BAAW,EAAC,GAAG,EAAE,UAAU,CAAC,CAAC;YAC5C,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,MAAM,OAAO,GAA0B,EAAE,IAAI,EAAE,gCAAqB,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;YACxF,YAAY,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAChD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,eAAe,CAAC,KAAsB;YACpC,MAAM,MAAM,GAAG,IAAA,kCAAmB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YAC3D,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,MAAM,OAAO,GAAkC;gBAC7C,IAAI,EAAE,yCAA8B;gBACpC,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC;YACF,YAAY,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAChD,OAAO,MAAM,CAAC;QAChB,CAAC;KACF,CAAC;AACJ,CAAC"}

package/src/lib/validate-css.js

@@ -25,7 +25,9 @@ exports.DEFAULT_ALLOWED_URL_SCHEMES = ['https', 'data'];
 const FORBIDDEN_URL_SCHEMES = ['javascript', 'vbscript', 'file'];
 // Matches any ASCII control character except tab (\t \x09), newline (\n \x0a)
 // and carriage return (\r \x0d), which are legitimate whitespace in CSS. Built
-// from escapes so no literal control bytes live in this source file.
+// from escapes so no literal control bytes live in this source file. Matching
+// control characters is the whole point here, so the rule is intentionally off.
+// eslint-disable-next-line no-control-regex
 const CONTROL_CHARS = new RegExp('[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f\\x7f]');
 // Active-content / breakout constructs that have no place in injected CSS.
 const FORBIDDEN_PATTERNS = [

package/src/lib/validate-css.js.map

@@ -1 +1 @@
-{"version":3,"file":"validate-css.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/validate-css.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;AAgEH,kCAqDC;AAnHD,+EAA+E;AAClE,QAAA,sBAAsB,GAAG,MAAO,CAAC;AAE9C,8EAA8E;AACjE,QAAA,2BAA2B,GAAG,CAAC,OAAO,EAAE,MAAM,CAAU,CAAC;AAEtE,4EAA4E;AAC5E,MAAM,qBAAqB,GAAG,CAAC,YAAY,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;AAyBjE,8EAA8E;AAC9E,+EAA+E;AAC/E,qEAAqE;AACrE,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,yCAAyC,CAAC,CAAC;AAE5E,2EAA2E;AAC3E,MAAM,kBAAkB,GAAwD;IAC9E,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,4CAA4C,EAAE;IACnF,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,yBAAyB,EAAE;IAC9D,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,2BAA2B,EAAE;IAClE,EAAE,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,+BAA+B,EAAE;IACzE,EAAE,OAAO,EAAE,iBAAiB,EAAE,OAAO,EAAE,kCAAkC,EAAE;IAC3E,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,gCAAgC,EAAE;IACvE,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,qCAAqC,EAAE;IAC5E,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,kCAAkC,EAAE;IACzE,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,6BAA6B,EAAE;CACnE,CAAC;AAEF,uEAAuE;AACvE,MAAM,WAAW,GAAG,mCAAmC,CAAC;AAExD,MAAM,QAAQ,GAAG,CAAC,MAAc,EAAiB,EAAE;IACjD,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1D,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/C,CAAC,CAAC;AAEF;;;GAGG;AACH,SAAgB,WAAW,CACzB,KAAc,EACd,UAAgC,EAAE;IAElC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EACJ,SAAS,GAAG,8BAAsB,EAClC,aAAa,GAAG,KAAK,EACrB,iBAAiB,GAAG,KAAK,EACzB,iBAAiB,GAAG,mCAA2B,GAChD,GAAG,OAAO,CAAC;IAEZ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,sBAAsB,CAAC,EAAE,CAAC;IACrE,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,qCAAqC,SAAS,aAAa,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,kBAAkB,EAAE,CAAC;QACtD,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,OAAO,OAAO,EAAE,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,IAAI,CAAC,aAAa,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/C,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QACxE,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAClC,wDAAwD;YACxD,IAAI,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjD,MAAM,CAAC,IAAI,CAAC,2CAA2C,MAAM,GAAG,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAClC,IAAI,MAAM,KAAK,IAAI,IAAI,qBAAqB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9D,MAAM,CAAC,IAAI,CAAC,0CAA0C,MAAM,GAAG,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;IAC3C,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AACjD,CAAC"}
+{"version":3,"file":"validate-css.js","sourceRoot":"","sources":["../../../../../../../libs/public/keypuncherlabs/live-preview/src/lib/validate-css.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;AAkEH,kCAqDC;AArHD,+EAA+E;AAClE,QAAA,sBAAsB,GAAG,MAAO,CAAC;AAE9C,8EAA8E;AACjE,QAAA,2BAA2B,GAAG,CAAC,OAAO,EAAE,MAAM,CAAU,CAAC;AAEtE,4EAA4E;AAC5E,MAAM,qBAAqB,GAAG,CAAC,YAAY,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;AAyBjE,8EAA8E;AAC9E,+EAA+E;AAC/E,8EAA8E;AAC9E,gFAAgF;AAChF,4CAA4C;AAC5C,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,yCAAyC,CAAC,CAAC;AAE5E,2EAA2E;AAC3E,MAAM,kBAAkB,GAAwD;IAC9E,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,4CAA4C,EAAE;IACnF,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,yBAAyB,EAAE;IAC9D,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,2BAA2B,EAAE;IAClE,EAAE,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,+BAA+B,EAAE;IACzE,EAAE,OAAO,EAAE,iBAAiB,EAAE,OAAO,EAAE,kCAAkC,EAAE;IAC3E,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,gCAAgC,EAAE;IACvE,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,qCAAqC,EAAE;IAC5E,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,kCAAkC,EAAE;IACzE,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,6BAA6B,EAAE;CACnE,CAAC;AAEF,uEAAuE;AACvE,MAAM,WAAW,GAAG,mCAAmC,CAAC;AAExD,MAAM,QAAQ,GAAG,CAAC,MAAc,EAAiB,EAAE;IACjD,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1D,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/C,CAAC,CAAC;AAEF;;;GAGG;AACH,SAAgB,WAAW,CACzB,KAAc,EACd,UAAgC,EAAE;IAElC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EACJ,SAAS,GAAG,8BAAsB,EAClC,aAAa,GAAG,KAAK,EACrB,iBAAiB,GAAG,KAAK,EACzB,iBAAiB,GAAG,mCAA2B,GAChD,GAAG,OAAO,CAAC;IAEZ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,sBAAsB,CAAC,EAAE,CAAC;IACrE,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,qCAAqC,SAAS,aAAa,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,kBAAkB,EAAE,CAAC;QACtD,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,OAAO,OAAO,EAAE,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,IAAI,CAAC,aAAa,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/C,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QACxE,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAClC,wDAAwD;YACxD,IAAI,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjD,MAAM,CAAC,IAAI,CAAC,2CAA2C,MAAM,GAAG,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAClC,IAAI,MAAM,KAAK,IAAI,IAAI,qBAAqB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9D,MAAM,CAAC,IAAI,CAAC,0CAA0C,MAAM,GAAG,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;IAC3C,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AACjD,CAAC"}