@lwrjs/client-modules 0.13.0-alpha.1 → 0.13.0-alpha.10

package/build/bundle/prod/lwr/servicesESM/servicesESM.js

@@ -1,2 +1,2 @@
-const e=[];let o;const n=globalThis.LWR;function t(){return n}n.define||n.env?globalThis.LWR=Object.freeze({define:n.define,env:n.env}):delete globalThis.LWR;const a={addLoaderPlugin:()=>{console.warn("API is not supported in ESM format")},handleStaleModule:function(n){e.push(n),o||(o=new WebSocket(`ws://${location.host}`),o.addEventListener("message",(async({data:o})=>{const n=JSON.parse(o);if("moduleUpdate"===n.eventType){const{oldHash:o,newHash:t,module:{specifier:a}}=n.payload;for(let n=0;n<e.length;n++){if(null!==(0,e[n])({name:a,oldHash:o,newHash:t}))break}}})))},appMetadata:function(){const{appId:e,bootstrapModule:o,rootComponent:n,rootComponents:a}=t();return{appId:e,bootstrapModule:o,rootComponent:n,rootComponents:a}}(),serverData:t().serverData||{}};export{a as services};
+const e=[];let o;const n=globalThis.LWR;n.define||n.env?globalThis.LWR=Object.freeze({define:n.define,env:n.env}):delete globalThis.LWR;const t={addLoaderPlugin:()=>{console.warn("API is not supported in ESM format")},handleStaleModule:function(n){e.push(n),o||(o=new WebSocket(`ws://${location.host}`),o.addEventListener("message",(async({data:o})=>{const n=JSON.parse(o);if("moduleUpdate"===n.eventType){const{oldHash:o,newHash:t,module:{specifier:a}}=n.payload;for(let n=0;n<e.length;n++){if(null!==(0,e[n])({name:a,oldHash:o,newHash:t}))break}}})))},appMetadata:function(){const{appId:e,bootstrapModule:o,rootComponent:t,rootComponents:a}=n;return{appId:e,bootstrapModule:o,rootComponent:t,rootComponents:a}}(),addServerDataCallback:function(e){}};export{t as services};
 //# sourceMappingURL=servicesESM.js.map

package/build/modules/lwr/lockerDefine/lockerDefine.js

@@ -1329,6 +1329,10 @@ const {
 function consoleWarn$LWS(...args$LWS) {
   ReflectApply$LWS$1(consoleWarnRef$LWS, consoleRef$LWS, args$LWS);
 }
+let gaterEnabledFeatures$LWS = [];
+function isGaterEnabledFeature$LWS(featureName$LWS) {
+  return gaterEnabledFeatures$LWS.includes(`com.salesforce.locker.${featureName$LWS}`);
+}
 const trackedLiveTargets$LWS = toSafeWeakSet$LWS$1(new WeakSetCtor$LWS$1());
 function isTargetLive$LWS(target$LWS, targetTraits$LWS = 0 /* TargetTraits.None */) {
   if (targetTraits$LWS & 1 /* TargetTraits.IsArray */ || targetTraits$LWS & 2 /* TargetTraits.IsArrayBufferView */ || targetTraits$LWS & 64 /* TargetTraits.Revoked */ || target$LWS === null || target$LWS === undefined || target$LWS === ObjectProto$LWS$1 || target$LWS === RegExpProto$LWS$1) {
@@ -1453,7 +1457,7 @@ const {
 } = PromiseCtor$LWS.prototype;
 const PromiseResolve$LWS = PromiseCtor$LWS.resolve.bind(PromiseCtor$LWS);
 const PromiseReject$LWS = PromiseCtor$LWS.reject.bind(PromiseCtor$LWS);
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*!
  * Copyright (C) 2019 salesforce.com, inc.
@@ -2112,7 +2116,7 @@ const {
 const XhrProtoResponseTextGetter$LWS = ObjectLookupOwnGetter$LWS$1(XhrProto$LWS, 'responseText');
 const XhrProtoStatusGetter$LWS = ObjectLookupOwnGetter$LWS$1(XhrProto$LWS, 'status');
 ObjectLookupOwnSetter$LWS(XhrProto$LWS, 'withCredentials');
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*!
  * Copyright (C) 2019 salesforce.com, inc.
@@ -2171,7 +2175,7 @@ function sanitizeURLForElement$LWS(url$LWS) {
 function sanitizeURLString$LWS(urlString$LWS) {
   return urlString$LWS === '' ? urlString$LWS : ReflectApply$LWS$1(StringProtoReplace$LWS, urlString$LWS, [newlinesAndTabsRegExp$LWS, '']);
 }
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*! @license DOMPurify 3.0.5 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.0.5/LICENSE */
 
@@ -3857,15 +3861,17 @@ try {
   // swallow
 }
 const trusted = createPolicy('trusted', policyOptions);
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*!
  * Copyright (C) 2019 salesforce.com, inc.
  */
-const additionalAttributes$LWS = ['role', 'target'];
+const additionalAttributes$LWS = ['role', 'part', 'target'];
 const htmlTags$LWS = ['a', 'abbr', 'acronym', 'address', 'area', 'article', 'aside', 'audio', 'b', 'bdi', 'bdo', 'big', 'blockquote', 'body', 'br', 'button', 'caption', 'canvas', 'center', 'cite', 'code', 'col', 'colgroup', 'command', 'datalist', 'dd', 'del', 'details', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'fieldset', 'figure', 'figcaption', 'footer', 'form', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'header', 'hgroup', 'hr', 'i', 'iframe', 'img', 'input', 'ins', 'keygen', 'kbd', 'label', 'legend', 'li', 'map', 'mark', 'menu', 'meter', 'nav', 'ol', 'optgroup', 'option', 'output', 'p', 'pre', 'progress', 'q', 'rp', 'rt', 'ruby', 's', 'samp', 'section', 'select', 'small', 'source', 'span', 'strike', 'strong', 'style', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'time', 'tr', 'track', 'tt', 'u', 'ul', 'var', 'video', 'wbr'];
+const miscTags$LWS = ['#comment', '#document-fragment'];
 const svgTags$LWS = ['svg', 'a', 'altglyph', 'altglyphdef', 'altglyphitem', 'animatecolor', 'animatemotion', 'animatetransform', 'audio', 'canvas', 'circle', 'clippath', 'defs', 'desc', 'ellipse', 'filter', 'font', 'g', 'glyph', 'glyphref', 'hkern', 'image', 'line', 'lineargradient', 'marker', 'mask', 'mpath', 'path', 'pattern', 'polygon', 'polyline', 'radialgradient', 'rect', 'stop', 'switch', 'symbol', 'text', 'textpath', 'title', 'tref', 'tspan', 'video', 'view', 'vkern', 'use'];
-const allTags$LWS = ArrayConcat$LWS(htmlTags$LWS, svgTags$LWS);
+const allHTMLTags$LWS = ArrayConcat$LWS(htmlTags$LWS, svgTags$LWS, miscTags$LWS);
+const allSVGTags$LWS = ArrayConcat$LWS(svgTags$LWS, miscTags$LWS);
 const CUSTOM_ELEMENT_HANDLING$LWS = {
   attributeNameCheck: /.+/,
   allowCustomizedBuiltInElements: false,
@@ -3881,7 +3887,7 @@ const NODE_ALL_IN_PLACE$LWS = {
   // Add '#document-fragment' to ALLOWED_TAGS to avoid a forbidden root node
   // exception.
   // https://github.com/cure53/DOMPurify/issues/664
-  ALLOWED_TAGS: ArrayConcat$LWS(allTags$LWS, '#document-fragment'),
+  ALLOWED_TAGS: shallowCloneArray$LWS(allHTMLTags$LWS),
   CUSTOM_ELEMENT_HANDLING: ObjectAssign$LWS$1({}, CUSTOM_ELEMENT_HANDLING$LWS),
   IN_PLACE: true,
   // @ts-ignore this type is on DOMPurifyConfig
@@ -3891,7 +3897,7 @@ const NODE_ALL_IN_PLACE$LWS = {
 // fragment.
 const NODE_SVG$LWS = {
   ADD_ATTR: shallowCloneArray$LWS(additionalAttributes$LWS),
-  ALLOWED_TAGS: shallowCloneArray$LWS(svgTags$LWS),
+  ALLOWED_TAGS: shallowCloneArray$LWS(allSVGTags$LWS),
   CUSTOM_ELEMENT_HANDLING: ObjectAssign$LWS$1({}, CUSTOM_ELEMENT_HANDLING$LWS),
   RETURN_DOM_FRAGMENT: true,
   SANITIZE_DOM: false,
@@ -3901,7 +3907,7 @@ const NODE_SVG$LWS = {
 // A config to use only tags allowed for blob and file.
 const STRING_BLOB_HTML$LWS = {
   ADD_ATTR: shallowCloneArray$LWS(additionalAttributes$LWS),
-  ALLOWED_TAGS: ReflectApply$LWS$1(ArrayProtoFilter$LWS$1, allTags$LWS, [tag$LWS => tag$LWS !== 'iframe']),
+  ALLOWED_TAGS: ReflectApply$LWS$1(ArrayProtoFilter$LWS$1, allHTMLTags$LWS, [tag$LWS => tag$LWS !== 'iframe']),
   CUSTOM_ELEMENT_HANDLING: ObjectAssign$LWS$1({}, CUSTOM_ELEMENT_HANDLING$LWS),
   SANITIZE_DOM: false,
   // @ts-ignore this type is on DOMPurifyConfig
@@ -4098,6 +4104,14 @@ function uponSanitizeAttribute$LWS(node$LWS, data$LWS, _config$LWS) {
   if (attrValue$LWS && ReflectApply$LWS$1(StringProtoToUpperCase$LWS, ReflectApply$LWS$1(NodeProtoNodeNameGetter$LWS, node$LWS, []), []) === 'USE' && SANITIZE_ATTRIBUTES_LIST$LWS.includes(attrName$LWS)) {
     data$LWS.attrValue = sanitizeSvgHref$LWS(attrValue$LWS);
   }
+  // To support Lit, we must tell DOMPurify that attributes starting with "@", ".", or "?" are allowed.
+  // Ref:
+  // https://lit.dev/docs/components/events/
+  // https://lit.dev/docs/templates/expressions/#property-expressions
+  // https://lit.dev/docs/templates/expressions/#boolean-attribute-expressions
+  if (attrName$LWS && (ReflectApply$LWS$1(StringProtoStartsWith$LWS, attrName$LWS, ['@']) || ReflectApply$LWS$1(StringProtoStartsWith$LWS, attrName$LWS, ['.']) || ReflectApply$LWS$1(StringProtoStartsWith$LWS, attrName$LWS, ['?']))) {
+    data$LWS.forceKeepAttr = true;
+  }
   return data$LWS;
 }
 function blobSanitizer$LWS(sandboxKey$LWS) {
@@ -4106,7 +4120,7 @@ function blobSanitizer$LWS(sandboxKey$LWS) {
   }
   return getSanitizerForConfig$LWS(sandboxKey$LWS, 'STRING_BLOB_HTML');
 }
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*!
  * Copyright (C) 2023 salesforce.com, inc.
@@ -4304,7 +4318,7 @@ function encloseSrcSetter$LWS(targetElement$LWS) {
     ReflectApply$LWS$1(ElementProtoSetAttributeNS$LWS, targetElement$LWS, [attributeNamespaceURI$LWS, attributeName$LWS, src$LWS]);
   };
 }
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*!
  * Copyright (C) 2019 salesforce.com, inc.
@@ -9064,6 +9078,9 @@ function createDistortionHrefAttributeFactoryInitializer$LWS(attributeName$LWS)
 }
 const initDistortionSVGUseElementHrefAttribute$LWS = createDistortionHrefAttributeFactoryInitializer$LWS('href');
 const initDistortionSVGUseElementXlinkHrefAttribute$LWS = createDistortionHrefAttributeFactoryInitializer$LWS('xlink:href');
+function createTrustedTypesError$LWS(name$LWS = '') {
+  return `Cannot create TrustedTypePolicy with '${name$LWS}' policy name.`;
+}
 function initDistortionTrustedTypePolicyFactoryCreatePolicy$LWS({
   globalObject: {
     TrustedTypePolicyFactory: TrustedTypePolicyFactory$LWS
@@ -9080,10 +9097,16 @@ function initDistortionTrustedTypePolicyFactoryCreatePolicy$LWS({
     const name$LWS = args$LWS.length ? args$LWS[0] : /* istanbul ignore next: needs default platform behavior test */undefined;
     // istanbul ignore else: needs default platform behavior test
     if (name$LWS === 'default') {
-      throw new LockerSecurityError$LWS(`Cannot create TrustedTypePolicy with '${name$LWS}' policy name.`);
+      throw new LockerSecurityError$LWS(createTrustedTypesError$LWS(name$LWS));
     }
-    // istanbul ignore next: needs default platform behavior test
-    return ReflectApply$LWS$1(originalCreatePolicy$LWS, this, args$LWS);
+    // If the policy is one of the CSP policies, it should be allowed
+    try {
+      // istanbul ignore next: needs default platform behavior test
+      return ReflectApply$LWS$1(originalCreatePolicy$LWS, this, args$LWS);
+    } catch (_unused3$LWS) {
+      consoleWarn$LWS(`${createTrustedTypesError$LWS(name$LWS)} Substituting with Lightning Web Security policy.`);
+    }
+    return trusted;
   }];
   return function distortionTrustedTypePolicyFactoryCreatePolicy$LWS() {
     return distortionEntry$LWS;
@@ -9147,7 +9170,7 @@ function initDistortionURLCreateObjectURL$LWS({
         ReflectApply$LWS$1(XhrProtoOpen$LWS, xhr$LWS, ['GET', outURL$LWS, false]);
         try {
           ReflectApply$LWS$1(XhrProtoSend$LWS, xhr$LWS, []);
-        } catch (_unused3$LWS) {
+        } catch (_unused4$LWS) {
           throw new LockerSecurityError$LWS(`Unable to verify ${toSafeTemplateStringValue$LWS(blobObject$LWS)} is secure.`);
         }
         const responseText$LWS = ReflectApply$LWS$1(XhrProtoResponseTextGetter$LWS, xhr$LWS, []);
@@ -9897,7 +9920,7 @@ const SVGElementBlockedProperties$LWS = ['nonce'];
 const UIEventBlockedProperties$LWS = ['rangeParent'];
 const WindowBlockedProperties$LWS = ['find', 'requestFileSystem', 'webkitRequestFileSystem'];
 const XSLTProcessorBlockedProperties$LWS = ['transformToDocument', 'transformToFragment'];
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*!
  * Copyright (C) 2019 salesforce.com, inc.
@@ -12010,7 +12033,6 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
           if (!('prototype' in distortionTarget$LWS)) {
             targetTraits$LWS |= 8 /* TargetTraits.IsArrowFunction */;
           }
-
           const safeLengthDesc$LWS = ReflectGetOwnPropertyDescriptor$LWS(originalTarget$LWS, 'length');
           if (safeLengthDesc$LWS) {
             ReflectSetPrototypeOf$LWS(safeLengthDesc$LWS, null);
@@ -12047,7 +12069,6 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
           targetTraits$LWS = 64 /* TargetTraits.Revoked */;
         }
       }
-
       proxyPointer$LWS = foreignCallablePusher$LWS(createPointer$LWS(distortionTarget$LWS), targetTraits$LWS, targetFunctionArity$LWS, targetFunctionName$LWS, targetTypedArrayLength$LWS);
       proxyPointerCache$LWS.set(originalTarget$LWS, proxyPointer$LWS);
       return proxyPointer$LWS;
@@ -12779,7 +12800,6 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
           }
           result$LWS = !(resultEnum$LWS & 2 /* PreventExtensionsResult.False */);
         }
-
         return result$LWS;
       }
       static passthruSetPrototypeOfTrap(_shadowTarget$LWS, proto$LWS) {
@@ -13728,11 +13748,9 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
           if (ObjectIsFrozen$LWS(target$LWS)) {
             return 4 /* TargetIntegrityTraits.IsFrozen */ & 2 /* TargetIntegrityTraits.IsSealed */ & 1 /* TargetIntegrityTraits.IsNotExtensible */;
           }
-
           if (ObjectIsSealed$LWS(target$LWS)) {
             return 2 /* TargetIntegrityTraits.IsSealed */ & 1 /* TargetIntegrityTraits.IsNotExtensible */;
           }
-
           return 1 /* TargetIntegrityTraits.IsNotExtensible */;
         }
       } catch (_unused30$LWS) {
@@ -13742,7 +13760,6 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
           return 8 /* TargetIntegrityTraits.Revoked */;
         }
       }
-
       return 0 /* TargetIntegrityTraits.None */;
     } : () => 0 /* TargetIntegrityTraits.None */,
     // callableGetToStringTagOfTarget
@@ -14110,7 +14127,6 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
   };
   /* eslint-enable prefer-object-spread */
 }
-
 const createMembraneMarshallSourceInStrictMode$LWS = `
 'use strict';
 (${createMembraneMarshall$LWS})`;
@@ -14461,7 +14477,6 @@ function getESGlobalKeys$LWS(remapTypedArrays$LWS = true) {
   // *** ECMA-402
   // 'Intl',  // Remapped
   ];
-
   if (remapTypedArrays$LWS === false) {
     ESGlobalKeys$LWS.push('ArrayBuffer', 'BigInt64Array', 'BigUint64Array', 'DataView', 'Float32Array', 'Float64Array', 'Int8Array', 'Int16Array', 'Int32Array', 'SharedArrayBuffer', 'Uint8Array', 'Uint8ClampedArray', 'Uint16Array', 'Uint32Array');
   }
@@ -15116,7 +15131,7 @@ function toSourceText$LWS(value$LWS, sourceType$LWS) {
   // tools from mistaking the regexp or the replacement string for an
   // actual source mapping URL.
   /\/\/# sandbox(?=MappingURL=.*?\s*$)/, '//# source']);
-  sourceText$LWS = `\n//# LWS Version = "0.21.5"\n${sourceText$LWS}`;
+  sourceText$LWS = `\n//# LWS Version = "0.22.2"\n${sourceText$LWS}`;
   return sourceType$LWS === 1 /* SourceType.Module */ && indexOfPragma$LWS(sourceText$LWS, 'use strict') === -1 ?
   // Append "'use strict'" to the extracted function body so it is
   // evaluated in strict mode.
@@ -15315,7 +15330,6 @@ function createVirtualEnvironment$LWS(record$LWS) {
 function getDefaultType$LWS(key$LWS) {
   return key$LWS === CORE_SANDBOX_KEY$LWS ? 1 /* SandboxType.Internal */ : 0 /* SandboxType.External */;
 }
-
 function createRootWindowSandboxRecord$LWS({
   // istanbul ignore next: destructured default assignments are not correctly instrumented
   context: context$LWS = EMPTY_OBJECT$LWS,
@@ -15767,9 +15781,26 @@ function wrapPlatformResourceLoader$LWS(dep$LWS, key$LWS) {
     return secureDep$LWS;
   }
   secureDep$LWS = {
-    loadScript: (thisArg$LWS, url$LWS) => createRootWindowSandboxRecord$LWS({
-      key: key$LWS
-    }).helpers.loadScript(thisArg$LWS, url$LWS),
+    loadScript: (thisArg$LWS, url$LWS, config$LWS) => {
+      const sandbox$LWS = createRootWindowSandboxRecord$LWS({
+        key: key$LWS
+      });
+      if (isGaterEnabledFeature$LWS('enableTrustedMode') && config$LWS != null && config$LWS.trustedMode) {
+        const trustedGlobals$LWS = config$LWS.trustedGlobals;
+        if ((trustedGlobals$LWS == null ? void 0 : trustedGlobals$LWS.length) > 0) {
+          return dep$LWS.loadScript(thisArg$LWS, url$LWS).then(() => {
+            const installGlobals$LWS = sandbox$LWS.virtualEnvironmentEvaluator(`(list) => list.forEach(([key, value]) => window[key] = value)`);
+            const globals$LWS = [];
+            for (let i$LWS = 0; i$LWS < trustedGlobals$LWS.length; i$LWS++) {
+              globals$LWS.push([trustedGlobals$LWS[i$LWS], window[trustedGlobals$LWS[i$LWS]]]);
+            }
+            installGlobals$LWS(globals$LWS);
+          });
+        }
+        return dep$LWS.loadScript(thisArg$LWS, url$LWS);
+      }
+      return sandbox$LWS.helpers.loadScript(thisArg$LWS, url$LWS);
+    },
     loadStyle: (thisArg$LWS, url$LWS) => createRootWindowSandboxRecord$LWS({
       key: key$LWS
     }).helpers.loadStyle(thisArg$LWS, url$LWS)
@@ -15777,7 +15808,7 @@ function wrapPlatformResourceLoader$LWS(dep$LWS, key$LWS) {
   depRegistry$LWS.set(dep$LWS, secureDep$LWS);
   return secureDep$LWS;
 }
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 const loaderDefine = globalThis.LWR.define;
 

package/build/modules/lwr/lockerSandbox/lockerSandbox.js

@@ -1329,6 +1329,10 @@ const {
 function consoleWarn$LWS(...args$LWS) {
   ReflectApply$LWS$1(consoleWarnRef$LWS, consoleRef$LWS, args$LWS);
 }
+let gaterEnabledFeatures$LWS = [];
+function isGaterEnabledFeature$LWS(featureName$LWS) {
+  return gaterEnabledFeatures$LWS.includes(`com.salesforce.locker.${featureName$LWS}`);
+}
 const trackedLiveTargets$LWS = toSafeWeakSet$LWS$1(new WeakSetCtor$LWS$1());
 function isTargetLive$LWS(target$LWS, targetTraits$LWS = 0 /* TargetTraits.None */) {
   if (targetTraits$LWS & 1 /* TargetTraits.IsArray */ || targetTraits$LWS & 2 /* TargetTraits.IsArrayBufferView */ || targetTraits$LWS & 64 /* TargetTraits.Revoked */ || target$LWS === null || target$LWS === undefined || target$LWS === ObjectProto$LWS$1 || target$LWS === RegExpProto$LWS$1) {
@@ -1453,7 +1457,7 @@ const {
 } = PromiseCtor$LWS.prototype;
 const PromiseResolve$LWS = PromiseCtor$LWS.resolve.bind(PromiseCtor$LWS);
 const PromiseReject$LWS = PromiseCtor$LWS.reject.bind(PromiseCtor$LWS);
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*!
  * Copyright (C) 2019 salesforce.com, inc.
@@ -2112,7 +2116,7 @@ const {
 const XhrProtoResponseTextGetter$LWS = ObjectLookupOwnGetter$LWS$1(XhrProto$LWS, 'responseText');
 const XhrProtoStatusGetter$LWS = ObjectLookupOwnGetter$LWS$1(XhrProto$LWS, 'status');
 ObjectLookupOwnSetter$LWS(XhrProto$LWS, 'withCredentials');
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*!
  * Copyright (C) 2019 salesforce.com, inc.
@@ -2171,7 +2175,7 @@ function sanitizeURLForElement$LWS(url$LWS) {
 function sanitizeURLString$LWS(urlString$LWS) {
   return urlString$LWS === '' ? urlString$LWS : ReflectApply$LWS$1(StringProtoReplace$LWS, urlString$LWS, [newlinesAndTabsRegExp$LWS, '']);
 }
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*! @license DOMPurify 3.0.5 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.0.5/LICENSE */
 
@@ -3857,15 +3861,17 @@ try {
   // swallow
 }
 const trusted = createPolicy('trusted', policyOptions);
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*!
  * Copyright (C) 2019 salesforce.com, inc.
  */
-const additionalAttributes$LWS = ['role', 'target'];
+const additionalAttributes$LWS = ['role', 'part', 'target'];
 const htmlTags$LWS = ['a', 'abbr', 'acronym', 'address', 'area', 'article', 'aside', 'audio', 'b', 'bdi', 'bdo', 'big', 'blockquote', 'body', 'br', 'button', 'caption', 'canvas', 'center', 'cite', 'code', 'col', 'colgroup', 'command', 'datalist', 'dd', 'del', 'details', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'fieldset', 'figure', 'figcaption', 'footer', 'form', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'header', 'hgroup', 'hr', 'i', 'iframe', 'img', 'input', 'ins', 'keygen', 'kbd', 'label', 'legend', 'li', 'map', 'mark', 'menu', 'meter', 'nav', 'ol', 'optgroup', 'option', 'output', 'p', 'pre', 'progress', 'q', 'rp', 'rt', 'ruby', 's', 'samp', 'section', 'select', 'small', 'source', 'span', 'strike', 'strong', 'style', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'time', 'tr', 'track', 'tt', 'u', 'ul', 'var', 'video', 'wbr'];
+const miscTags$LWS = ['#comment', '#document-fragment'];
 const svgTags$LWS = ['svg', 'a', 'altglyph', 'altglyphdef', 'altglyphitem', 'animatecolor', 'animatemotion', 'animatetransform', 'audio', 'canvas', 'circle', 'clippath', 'defs', 'desc', 'ellipse', 'filter', 'font', 'g', 'glyph', 'glyphref', 'hkern', 'image', 'line', 'lineargradient', 'marker', 'mask', 'mpath', 'path', 'pattern', 'polygon', 'polyline', 'radialgradient', 'rect', 'stop', 'switch', 'symbol', 'text', 'textpath', 'title', 'tref', 'tspan', 'video', 'view', 'vkern', 'use'];
-const allTags$LWS = ArrayConcat$LWS(htmlTags$LWS, svgTags$LWS);
+const allHTMLTags$LWS = ArrayConcat$LWS(htmlTags$LWS, svgTags$LWS, miscTags$LWS);
+const allSVGTags$LWS = ArrayConcat$LWS(svgTags$LWS, miscTags$LWS);
 const CUSTOM_ELEMENT_HANDLING$LWS = {
   attributeNameCheck: /.+/,
   allowCustomizedBuiltInElements: false,
@@ -3881,7 +3887,7 @@ const NODE_ALL_IN_PLACE$LWS = {
   // Add '#document-fragment' to ALLOWED_TAGS to avoid a forbidden root node
   // exception.
   // https://github.com/cure53/DOMPurify/issues/664
-  ALLOWED_TAGS: ArrayConcat$LWS(allTags$LWS, '#document-fragment'),
+  ALLOWED_TAGS: shallowCloneArray$LWS(allHTMLTags$LWS),
   CUSTOM_ELEMENT_HANDLING: ObjectAssign$LWS$1({}, CUSTOM_ELEMENT_HANDLING$LWS),
   IN_PLACE: true,
   // @ts-ignore this type is on DOMPurifyConfig
@@ -3891,7 +3897,7 @@ const NODE_ALL_IN_PLACE$LWS = {
 // fragment.
 const NODE_SVG$LWS = {
   ADD_ATTR: shallowCloneArray$LWS(additionalAttributes$LWS),
-  ALLOWED_TAGS: shallowCloneArray$LWS(svgTags$LWS),
+  ALLOWED_TAGS: shallowCloneArray$LWS(allSVGTags$LWS),
   CUSTOM_ELEMENT_HANDLING: ObjectAssign$LWS$1({}, CUSTOM_ELEMENT_HANDLING$LWS),
   RETURN_DOM_FRAGMENT: true,
   SANITIZE_DOM: false,
@@ -3901,7 +3907,7 @@ const NODE_SVG$LWS = {
 // A config to use only tags allowed for blob and file.
 const STRING_BLOB_HTML$LWS = {
   ADD_ATTR: shallowCloneArray$LWS(additionalAttributes$LWS),
-  ALLOWED_TAGS: ReflectApply$LWS$1(ArrayProtoFilter$LWS$1, allTags$LWS, [tag$LWS => tag$LWS !== 'iframe']),
+  ALLOWED_TAGS: ReflectApply$LWS$1(ArrayProtoFilter$LWS$1, allHTMLTags$LWS, [tag$LWS => tag$LWS !== 'iframe']),
   CUSTOM_ELEMENT_HANDLING: ObjectAssign$LWS$1({}, CUSTOM_ELEMENT_HANDLING$LWS),
   SANITIZE_DOM: false,
   // @ts-ignore this type is on DOMPurifyConfig
@@ -4098,6 +4104,14 @@ function uponSanitizeAttribute$LWS(node$LWS, data$LWS, _config$LWS) {
   if (attrValue$LWS && ReflectApply$LWS$1(StringProtoToUpperCase$LWS, ReflectApply$LWS$1(NodeProtoNodeNameGetter$LWS, node$LWS, []), []) === 'USE' && SANITIZE_ATTRIBUTES_LIST$LWS.includes(attrName$LWS)) {
     data$LWS.attrValue = sanitizeSvgHref$LWS(attrValue$LWS);
   }
+  // To support Lit, we must tell DOMPurify that attributes starting with "@", ".", or "?" are allowed.
+  // Ref:
+  // https://lit.dev/docs/components/events/
+  // https://lit.dev/docs/templates/expressions/#property-expressions
+  // https://lit.dev/docs/templates/expressions/#boolean-attribute-expressions
+  if (attrName$LWS && (ReflectApply$LWS$1(StringProtoStartsWith$LWS, attrName$LWS, ['@']) || ReflectApply$LWS$1(StringProtoStartsWith$LWS, attrName$LWS, ['.']) || ReflectApply$LWS$1(StringProtoStartsWith$LWS, attrName$LWS, ['?']))) {
+    data$LWS.forceKeepAttr = true;
+  }
   return data$LWS;
 }
 function blobSanitizer$LWS(sandboxKey$LWS) {
@@ -4106,7 +4120,7 @@ function blobSanitizer$LWS(sandboxKey$LWS) {
   }
   return getSanitizerForConfig$LWS(sandboxKey$LWS, 'STRING_BLOB_HTML');
 }
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*!
  * Copyright (C) 2023 salesforce.com, inc.
@@ -4304,7 +4318,7 @@ function encloseSrcSetter$LWS(targetElement$LWS) {
     ReflectApply$LWS$1(ElementProtoSetAttributeNS$LWS, targetElement$LWS, [attributeNamespaceURI$LWS, attributeName$LWS, src$LWS]);
   };
 }
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*!
  * Copyright (C) 2019 salesforce.com, inc.
@@ -9064,6 +9078,9 @@ function createDistortionHrefAttributeFactoryInitializer$LWS(attributeName$LWS)
 }
 const initDistortionSVGUseElementHrefAttribute$LWS = createDistortionHrefAttributeFactoryInitializer$LWS('href');
 const initDistortionSVGUseElementXlinkHrefAttribute$LWS = createDistortionHrefAttributeFactoryInitializer$LWS('xlink:href');
+function createTrustedTypesError$LWS(name$LWS = '') {
+  return `Cannot create TrustedTypePolicy with '${name$LWS}' policy name.`;
+}
 function initDistortionTrustedTypePolicyFactoryCreatePolicy$LWS({
   globalObject: {
     TrustedTypePolicyFactory: TrustedTypePolicyFactory$LWS
@@ -9080,10 +9097,16 @@ function initDistortionTrustedTypePolicyFactoryCreatePolicy$LWS({
     const name$LWS = args$LWS.length ? args$LWS[0] : /* istanbul ignore next: needs default platform behavior test */undefined;
     // istanbul ignore else: needs default platform behavior test
     if (name$LWS === 'default') {
-      throw new LockerSecurityError$LWS(`Cannot create TrustedTypePolicy with '${name$LWS}' policy name.`);
+      throw new LockerSecurityError$LWS(createTrustedTypesError$LWS(name$LWS));
     }
-    // istanbul ignore next: needs default platform behavior test
-    return ReflectApply$LWS$1(originalCreatePolicy$LWS, this, args$LWS);
+    // If the policy is one of the CSP policies, it should be allowed
+    try {
+      // istanbul ignore next: needs default platform behavior test
+      return ReflectApply$LWS$1(originalCreatePolicy$LWS, this, args$LWS);
+    } catch (_unused3$LWS) {
+      consoleWarn$LWS(`${createTrustedTypesError$LWS(name$LWS)} Substituting with Lightning Web Security policy.`);
+    }
+    return trusted;
   }];
   return function distortionTrustedTypePolicyFactoryCreatePolicy$LWS() {
     return distortionEntry$LWS;
@@ -9147,7 +9170,7 @@ function initDistortionURLCreateObjectURL$LWS({
         ReflectApply$LWS$1(XhrProtoOpen$LWS, xhr$LWS, ['GET', outURL$LWS, false]);
         try {
           ReflectApply$LWS$1(XhrProtoSend$LWS, xhr$LWS, []);
-        } catch (_unused3$LWS) {
+        } catch (_unused4$LWS) {
           throw new LockerSecurityError$LWS(`Unable to verify ${toSafeTemplateStringValue$LWS(blobObject$LWS)} is secure.`);
         }
         const responseText$LWS = ReflectApply$LWS$1(XhrProtoResponseTextGetter$LWS, xhr$LWS, []);
@@ -9897,7 +9920,7 @@ const SVGElementBlockedProperties$LWS = ['nonce'];
 const UIEventBlockedProperties$LWS = ['rangeParent'];
 const WindowBlockedProperties$LWS = ['find', 'requestFileSystem', 'webkitRequestFileSystem'];
 const XSLTProcessorBlockedProperties$LWS = ['transformToDocument', 'transformToFragment'];
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 /*!
  * Copyright (C) 2019 salesforce.com, inc.
@@ -12012,7 +12035,6 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
           if (!('prototype' in distortionTarget$LWS)) {
             targetTraits$LWS |= 8 /* TargetTraits.IsArrowFunction */;
           }
-
           const safeLengthDesc$LWS = ReflectGetOwnPropertyDescriptor$LWS(originalTarget$LWS, 'length');
           if (safeLengthDesc$LWS) {
             ReflectSetPrototypeOf$LWS(safeLengthDesc$LWS, null);
@@ -12049,7 +12071,6 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
           targetTraits$LWS = 64 /* TargetTraits.Revoked */;
         }
       }
-
       proxyPointer$LWS = foreignCallablePusher$LWS(createPointer$LWS(distortionTarget$LWS), targetTraits$LWS, targetFunctionArity$LWS, targetFunctionName$LWS, targetTypedArrayLength$LWS);
       proxyPointerCache$LWS.set(originalTarget$LWS, proxyPointer$LWS);
       return proxyPointer$LWS;
@@ -12781,7 +12802,6 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
           }
           result$LWS = !(resultEnum$LWS & 2 /* PreventExtensionsResult.False */);
         }
-
         return result$LWS;
       }
       static passthruSetPrototypeOfTrap(_shadowTarget$LWS, proto$LWS) {
@@ -13730,11 +13750,9 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
           if (ObjectIsFrozen$LWS(target$LWS)) {
             return 4 /* TargetIntegrityTraits.IsFrozen */ & 2 /* TargetIntegrityTraits.IsSealed */ & 1 /* TargetIntegrityTraits.IsNotExtensible */;
           }
-
           if (ObjectIsSealed$LWS(target$LWS)) {
             return 2 /* TargetIntegrityTraits.IsSealed */ & 1 /* TargetIntegrityTraits.IsNotExtensible */;
           }
-
           return 1 /* TargetIntegrityTraits.IsNotExtensible */;
         }
       } catch (_unused30$LWS) {
@@ -13744,7 +13762,6 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
           return 8 /* TargetIntegrityTraits.Revoked */;
         }
       }
-
       return 0 /* TargetIntegrityTraits.None */;
     } : () => 0 /* TargetIntegrityTraits.None */,
     // callableGetToStringTagOfTarget
@@ -14112,7 +14129,6 @@ function createMembraneMarshall$LWS(globalObject$LWS) {
   };
   /* eslint-enable prefer-object-spread */
 }
-
 const createMembraneMarshallSourceInStrictMode$LWS = `
 'use strict';
 (${createMembraneMarshall$LWS})`;
@@ -14463,7 +14479,6 @@ function getESGlobalKeys$LWS(remapTypedArrays$LWS = true) {
   // *** ECMA-402
   // 'Intl',  // Remapped
   ];
-
   if (remapTypedArrays$LWS === false) {
     ESGlobalKeys$LWS.push('ArrayBuffer', 'BigInt64Array', 'BigUint64Array', 'DataView', 'Float32Array', 'Float64Array', 'Int8Array', 'Int16Array', 'Int32Array', 'SharedArrayBuffer', 'Uint8Array', 'Uint8ClampedArray', 'Uint16Array', 'Uint32Array');
   }
@@ -15118,7 +15133,7 @@ function toSourceText$LWS(value$LWS, sourceType$LWS) {
   // tools from mistaking the regexp or the replacement string for an
   // actual source mapping URL.
   /\/\/# sandbox(?=MappingURL=.*?\s*$)/, '//# source']);
-  sourceText$LWS = `\n//# LWS Version = "0.21.5"\n${sourceText$LWS}`;
+  sourceText$LWS = `\n//# LWS Version = "0.22.2"\n${sourceText$LWS}`;
   return sourceType$LWS === 1 /* SourceType.Module */ && indexOfPragma$LWS(sourceText$LWS, 'use strict') === -1 ?
   // Append "'use strict'" to the extracted function body so it is
   // evaluated in strict mode.
@@ -15317,7 +15332,6 @@ function createVirtualEnvironment$LWS(record$LWS) {
 function getDefaultType$LWS(key$LWS) {
   return key$LWS === CORE_SANDBOX_KEY$LWS ? 1 /* SandboxType.Internal */ : 0 /* SandboxType.External */;
 }
-
 function createRootWindowSandboxRecord$LWS({
   // istanbul ignore next: destructured default assignments are not correctly instrumented
   context: context$LWS = EMPTY_OBJECT$LWS,
@@ -15799,9 +15813,26 @@ function wrapPlatformResourceLoader$LWS(dep$LWS, key$LWS) {
     return secureDep$LWS;
   }
   secureDep$LWS = {
-    loadScript: (thisArg$LWS, url$LWS) => createRootWindowSandboxRecord$LWS({
-      key: key$LWS
-    }).helpers.loadScript(thisArg$LWS, url$LWS),
+    loadScript: (thisArg$LWS, url$LWS, config$LWS) => {
+      const sandbox$LWS = createRootWindowSandboxRecord$LWS({
+        key: key$LWS
+      });
+      if (isGaterEnabledFeature$LWS('enableTrustedMode') && config$LWS != null && config$LWS.trustedMode) {
+        const trustedGlobals$LWS = config$LWS.trustedGlobals;
+        if ((trustedGlobals$LWS == null ? void 0 : trustedGlobals$LWS.length) > 0) {
+          return dep$LWS.loadScript(thisArg$LWS, url$LWS).then(() => {
+            const installGlobals$LWS = sandbox$LWS.virtualEnvironmentEvaluator(`(list) => list.forEach(([key, value]) => window[key] = value)`);
+            const globals$LWS = [];
+            for (let i$LWS = 0; i$LWS < trustedGlobals$LWS.length; i$LWS++) {
+              globals$LWS.push([trustedGlobals$LWS[i$LWS], window[trustedGlobals$LWS[i$LWS]]]);
+            }
+            installGlobals$LWS(globals$LWS);
+          });
+        }
+        return dep$LWS.loadScript(thisArg$LWS, url$LWS);
+      }
+      return sandbox$LWS.helpers.loadScript(thisArg$LWS, url$LWS);
+    },
     loadStyle: (thisArg$LWS, url$LWS) => createRootWindowSandboxRecord$LWS({
       key: key$LWS
     }).helpers.loadStyle(thisArg$LWS, url$LWS)
@@ -15809,7 +15840,7 @@ function wrapPlatformResourceLoader$LWS(dep$LWS, key$LWS) {
   depRegistry$LWS.set(dep$LWS, secureDep$LWS);
   return secureDep$LWS;
 }
-/*! version: 0.21.5 */
+/*! version: 0.22.2 */
 
 export { $LWS, CORE_SANDBOX_KEY$LWS as CORE_SANDBOX_KEY, createRootWindowSandboxRecord$LWS as createRootWindowSandboxRecord, evaluateFunction$LWS as evaluateFunction, evaluateInCoreSandbox$LWS as evaluateInCoreSandbox, evaluateInSandbox$LWS as evaluateInSandbox, trusted, wrapDependency$LWS as wrapDependency };
 //# sourceMappingURL=lockerSandbox.js.map

package/build/modules/lwr/serverDataCallback/serverDataCallback.js

@@ -0,0 +1,16 @@
+/**
+ * Client-side module implementation of the serverDataCallback bootstrap service.
+ */
+
+const serverDataCallbacks = [];
+export function registerServerDataCallbacks(hook) {
+  serverDataCallbacks.push(hook);
+}
+export function evaluateServerDataCallbacks(serverData) {
+  // now that we have server data, run the server data hooks
+  for (const serverDataCallback of serverDataCallbacks) {
+    serverDataCallback({
+      serverData
+    });
+  }
+}

package/build/modules/lwr/servicesESM/servicesESM.js

@@ -1,5 +1,6 @@
 import { registerHandleStaleModuleHook } from './handleStaleModuleESM';
 import { getClientBootstrapConfig } from 'lwr/preInit';
+import { registerServerDataCallbacks } from 'lwr/serverDataCallback';
 const noop = () => {
   console.warn('API is not supported in ESM format');
 };
@@ -17,13 +18,10 @@ function getAppMetadata() {
     rootComponents
   };
 }
-function getServerData() {
-  return getClientBootstrapConfig().serverData;
-}
 export const services = {
   // addLoaderPlugin is only supported in AMD
   addLoaderPlugin: noop,
   handleStaleModule: registerHandleStaleModuleHook,
   appMetadata: getAppMetadata(),
-  serverData: getServerData() || {}
+  addServerDataCallback: registerServerDataCallbacks
 };

package/package.json

@@ -4,7 +4,7 @@
     "publishConfig": {
         "access": "public"
     },
-    "version": "0.13.0-alpha.1",
+    "version": "0.13.0-alpha.10",
     "homepage": "https://developer.salesforce.com/docs/platform/lwr/overview",
     "repository": {
         "type": "git",
@@ -33,11 +33,11 @@
         "build:platform": "node scripts/strip-for-core.js"
     },
     "dependencies": {
-        "@locker/sandbox": "0.21.5",
-        "@lwrjs/shared-utils": "0.13.0-alpha.1"
+        "@locker/sandbox": "0.22.2",
+        "@lwrjs/shared-utils": "0.13.0-alpha.10"
     },
     "devDependencies": {
-        "@lwrjs/types": "0.13.0-alpha.1",
+        "@lwrjs/types": "0.13.0-alpha.10",
         "@rollup/plugin-node-resolve": "^15.2.3",
         "@rollup/plugin-sucrase": "^5.0.2",
         "@rollup/plugin-terser": "^0.4.4",
@@ -60,7 +60,8 @@
             "lwr/lockerDefine",
             "lwr/lockerSandbox",
             "lwr/metrics",
-            "lwr/profiler"
+            "lwr/profiler",
+            "lwr/serverDataCallback"
         ]
     },
     "engines": {
@@ -69,5 +70,5 @@
     "volta": {
         "extends": "../../../package.json"
     },
-    "gitHead": "1b7147d4db0dbc363f36529cd65374325f940c40"
+    "gitHead": "53e2a825868b4c9b1662419b531c80be13afd779"
 }