npm - @nodable/entities - Versions diffs - 1.0.0 → 1.0.1 - Mend

@nodable/entities 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -52,7 +52,7 @@ replacer.replace('&copy; 2024 &mdash; Price: &pound;9.99');
 Entities are processed in this fixed order — not configurable:
 ```
-persistent external → input/runtime → system → default → amp
+persistent input/runtime → external → system → default → amp
 ```
 ### `persistent external` — Caller-supplied configuration entities
@@ -136,7 +136,7 @@ const replacer = new EntityReplacer({
   applyLimitsTo: 'external',   // 'external' (default) | 'all' | ['external', 'system'] | ...
   // Post-processing hook — fires once on the fully resolved string
-  postCheck: null,   // (resolved: string, original: string) => string
+  postCheck: resolved => resolved,   // (resolved: string, original: string) => string
 });
 ```
@@ -469,7 +469,9 @@ evp.addInputEntities({ company: 'Nodable' }); // called by BaseOutputBuilder
 const result: string = evp.parse('&lt;&copy;&brand;');
 ```
+## Note
+This library silently skip numeric entities which are out range. For example `&#1114112;` is skipped.
 ## License

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nodable/entities",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Replace XML, HTML, External entites with security controls",
   "main": "./src/index.js",
   "type": "module",

package/src/EntityReplacer.js CHANGED Viewed

@@ -140,22 +140,22 @@ export default class EntityReplacer {
   constructor(options = {}) {
     // Immutable config resolved at construction
     this._defaultTable = resolveTable(options.default, DEFAULT_XML_ENTITIES, true);
-    this._systemTable  = resolveTable(options.system, null, false);
-    this._ampEnabled   = options.amp !== false && options.amp !== null;
+    this._systemTable = resolveTable(options.system, null, false);
+    this._ampEnabled = options.amp !== false && options.amp !== null;
     this._maxTotalExpansions = options.maxTotalExpansions || 0;
-    this._maxExpandedLength  = options.maxExpandedLength  || 0;
-    this._applyLimitsTo      = resolveApplyLimitsTo(options.applyLimitsTo ?? 'external');
-    this._postCheck          = typeof options.postCheck === 'function' ? options.postCheck : null;
+    this._maxExpandedLength = options.maxExpandedLength || 0;
+    this._applyLimitsTo = resolveApplyLimitsTo(options.applyLimitsTo ?? 'external');
+    this._postCheck = typeof options.postCheck === 'function' ? options.postCheck : r => r;
     // Pre-computed category limit flags
     this._limitExternal = this._applyLimitsTo === 'all' || (this._applyLimitsTo instanceof Set && this._applyLimitsTo.has('external'));
-    this._limitSystem   = this._applyLimitsTo === 'all' || (this._applyLimitsTo instanceof Set && this._applyLimitsTo.has('system'));
-    this._limitDefault  = this._applyLimitsTo === 'all' || (this._applyLimitsTo instanceof Set && this._applyLimitsTo.has('default'));
+    this._limitSystem = this._applyLimitsTo === 'all' || (this._applyLimitsTo instanceof Set && this._applyLimitsTo.has('system'));
+    this._limitDefault = this._applyLimitsTo === 'all' || (this._applyLimitsTo instanceof Set && this._applyLimitsTo.has('default'));
     // Frozen immutable entry arrays
     this._defaultEntries = this._defaultTable ? Object.entries(this._defaultTable) : [];
-    this._systemEntries  = this._systemTable  ? Object.entries(this._systemTable)  : [];
+    this._systemEntries = this._systemTable ? Object.entries(this._systemTable) : [];
     // Persistent external entities — survive across documents
     /** @type {Array<[string, {regex: RegExp, val: string}]>} */
@@ -167,7 +167,7 @@ export default class EntityReplacer {
     // Per-document counters — reset in getInstance()
     this._totalExpansions = 0;
-    this._expandedLength  = 0;
+    this._expandedLength = 0;
   }
   // -------------------------------------------------------------------------
@@ -215,8 +215,8 @@ export default class EntityReplacer {
    */
   addInputEntities(map) {
     this._totalExpansions = 0;
-    this._expandedLength  = 0;
-    this._inputEntries    = buildEntries(map);
+    this._expandedLength = 0;
+    this._inputEntries = buildEntries(map);
   }
   // -------------------------------------------------------------------------
@@ -233,9 +233,9 @@ export default class EntityReplacer {
    * @returns {EntityReplacer} `this`, after reset
    */
   getInstance() {
-    this._inputEntries    = [];
+    this._inputEntries = [];
     this._totalExpansions = 0;
-    this._expandedLength  = 0;
+    this._expandedLength = 0;
     return this;
   }
@@ -263,6 +263,7 @@ export default class EntityReplacer {
     const original = str;
     // 1. Persistent external entities
     if (this._persistentEntries.length > 0) {
       str = this._applyEntries(str, this._persistentEntries, this._limitExternal);
@@ -273,25 +274,23 @@ export default class EntityReplacer {
       str = this._applyEntries(str, this._inputEntries, this._limitExternal);
     }
-    // 3. System (named groups)
-    if (this._systemEntries.length > 0 && str.indexOf('&') !== -1) {
-      str = this._applyEntries(str, this._systemEntries, this._limitSystem);
-    }
-    // 4. Default XML entities (lt / gt / apos / quot)
+    // 3. Default XML entities (lt / gt / apos / quot)
     if (this._defaultEntries.length > 0 && str.indexOf('&') !== -1) {
       str = this._applyEntries(str, this._defaultEntries, this._limitDefault);
     }
+    // 4. System (named groups)
+    if (this._systemEntries.length > 0 && str.indexOf('&') !== -1) {
+      str = this._applyEntries(str, this._systemEntries, this._limitSystem);
+    }
     // 5. &amp; — always last
     if (this._ampEnabled && str.indexOf('&') !== -1) {
       str = str.replace(AMP_ENTITY.regex, AMP_ENTITY.val);
     }
     // 6. postCheck
-    if (this._postCheck !== null && str !== original) {
-      str = this._postCheck(str, original);
-    }
+    str = this._postCheck(str, original);
     return str;
   }
@@ -302,8 +301,8 @@ export default class EntityReplacer {
   _applyEntries(str, entries, track) {
     const limitExpansions = track && this._maxTotalExpansions > 0;
-    const limitLength     = track && this._maxExpandedLength > 0;
-    const trackAny        = limitExpansions || limitLength;
+    const limitLength = track && this._maxExpandedLength > 0;
+    const trackAny = limitExpansions || limitLength;
     for (let i = 0; i < entries.length; i++) {
       if (str.indexOf('&') === -1) break;

package/src/groups.js CHANGED Viewed

@@ -28,6 +28,7 @@ export const COMMON_HTML = {
   frac12: { regex: /&(frac12|#0*189|#x0*[Bb][Dd]);/g, val: '\u00bd' },
   frac14: { regex: /&(frac14|#0*188|#x0*[Bb][Cc]);/g, val: '\u00bc' },
   frac34: { regex: /&(frac34|#0*190|#x0*[Bb][Ee]);/g, val: '\u00be' },
+  inr: { regex: /&(inr|#0*8377);/g, val: "₹" },
 };
 /**
@@ -90,10 +91,20 @@ export const ARROW_ENTITIES = {
 export const NUMERIC_ENTITIES = {
   num_dec: {
     regex: /&#0*([0-9]{1,7});/g,
-    val: (_, s) => String.fromCodePoint(Number.parseInt(s, 10)),
+    val: (_, s) => fromCodePoint(s, 10, "&#"),
   },
   num_hex: {
     regex: /&#x0*([0-9a-fA-F]{1,6});/g,
-    val: (_, s) => String.fromCodePoint(Number.parseInt(s, 16)),
+    val: (_, s) => fromCodePoint(s, 16, "&#x"),
   },
-};
+};
+function fromCodePoint(str, base, prefix) {
+  const codePoint = Number.parseInt(str, base);
+  if (codePoint >= 0 && codePoint <= 0x10FFFF) {
+    return String.fromCodePoint(codePoint);
+  } else {
+    return prefix + str + ";";
+  }
+}