@pie-players/pie-players-shared 0.3.29 → 0.3.30

package/dist/pie/updates.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"updates.d.ts","sourceRoot":"","sources":["../../src/pie/updates.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,GAAG,EAA2B,MAAM,mBAAmB,CAAC;AAGpF,OAAO,KAAK,EAAc,uBAAuB,EAAE,MAAM,YAAY,CAAC;AA+JtE;;GAEG;AACH,eAAO,MAAM,uBAAuB,GACnC,IAAI,OAAO,EACX,MAAM,uBAAuB,KAC3B,IAUF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,gBAAgB,GAC5B,QAAQ,MAAM,EACd,MAAM,uBAAuB,KAC3B,IAiBF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAC7B,QAAQ,YAAY,EACpB,SAAS,GAAG,EAAE,EACd,KAAK,GAAG,EACR,YAAY,OAAO,GAAG,QAAQ,KAC5B,IAKF,CAAC"}
+{"version":3,"file":"updates.d.ts","sourceRoot":"","sources":["../../src/pie/updates.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,GAAG,EAAY,MAAM,mBAAmB,CAAC;AAGrE,OAAO,KAAK,EAAc,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAiPtE;;GAEG;AACH,eAAO,MAAM,uBAAuB,GACnC,IAAI,OAAO,EACX,MAAM,uBAAuB,KAC3B,IAUF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,gBAAgB,GAC5B,QAAQ,MAAM,EACd,MAAM,uBAAuB,KAC3B,IAiBF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAC7B,QAAQ,YAAY,EACpB,SAAS,GAAG,EAAE,EACd,KAAK,GAAG,EACR,YAAY,OAAO,GAAG,QAAQ,KAC5B,IAKF,CAAC"}

package/dist/pie/updates.js

@@ -10,6 +10,50 @@ import { defaultPieElementOptions } from "./types.js";
 import { findOrAddSession } from "./utils.js";
 // Create module-level logger (respects global debug flag - pass function for dynamic checking)
 const logger = createPieLogger("pie-updates", () => isGlobalDebugEnabled());
+const describeControllerShape = (controller) => {
+    if (!controller)
+        return "missing";
+    if (typeof controller === "function")
+        return "function";
+    if (typeof controller !== "object")
+        return typeof controller;
+    const keys = Object.keys(controller);
+    const defaultValue = controller.default;
+    const defaultKeys = defaultValue && typeof defaultValue === "object"
+        ? Object.keys(defaultValue)
+        : [];
+    return defaultKeys.length > 0
+        ? `object(keys=[${keys.join(",")}],defaultKeys=[${defaultKeys.join(",")}])`
+        : `object(keys=[${keys.join(",")}])`;
+};
+const resolveControllerModelFunction = (controller) => {
+    if (!controller)
+        return null;
+    if (typeof controller === "function") {
+        return controller;
+    }
+    if (typeof controller !== "object")
+        return null;
+    const direct = controller.model;
+    if (typeof direct === "function") {
+        return (model, sessionData, env, updateSession) => direct.call(controller, model, sessionData, env, updateSession);
+    }
+    const fromDefault = controller.default;
+    if (fromDefault && typeof fromDefault === "object") {
+        const nested = fromDefault.model;
+        if (typeof nested === "function") {
+            return (model, sessionData, env, updateSession) => nested.call(fromDefault, model, sessionData, env, updateSession);
+        }
+    }
+    return null;
+};
+const emitControllerError = (pieElement, detail) => {
+    pieElement.dispatchEvent(new CustomEvent("pie-controller-error", {
+        detail,
+        bubbles: true,
+        composed: true,
+    }));
+};
 /**
  * Helper function to apply controller to element
  * Extracted to eliminate duplication and ensure consistent controller invocation
@@ -28,12 +72,19 @@ const applyControllerToElement = async (element, model, elementSession, controll
         return Promise.resolve();
     };
     try {
-        const controllerResult = await controller.model(model, elementSession, env, updateSession);
+        const modelFunction = resolveControllerModelFunction(controller);
+        if (!modelFunction) {
+            throw new Error(`Controller contract mismatch: expected a model() function but received ${describeControllerShape(controller)}`);
+        }
+        const controllerResult = await modelFunction(model, elementSession, env, updateSession);
         // Merge controller result with id and element (like server-side PieControllerExecutor does)
+        const controllerResultObject = controllerResult && typeof controllerResult === "object"
+            ? controllerResult
+            : {};
         const filteredModel = {
             id: model.id,
             element: model.element,
-            ...controllerResult,
+            ...controllerResultObject,
         };
         logger.debug(`${logPrefix} ✅ Controller filtered model:`, {
             id: filteredModel.id,
@@ -91,7 +142,19 @@ const updateSinglePieElement = (pieElement, controllerLookupTag, options, logCon
             hasCorrectResponse: "correctResponse" in model,
         });
         applyControllerToElement(pieElement, model, elementSession, controller, env, `${logContext}(${controllerLookupTag}#${pieElement.id})`).catch((err) => {
+            const errorMessage = err instanceof Error ? err.message : String(err);
+            const isContractError = errorMessage.includes("Controller contract mismatch");
             logger.error(`${logContext} Controller failed for ${controllerLookupTag}#${pieElement.id}:`, err);
+            emitControllerError(pieElement, {
+                code: isContractError
+                    ? "PIE_CONTROLLER_CONTRACT_ERROR"
+                    : "PIE_CONTROLLER_RUNTIME_ERROR",
+                message: `${controllerLookupTag} controller failed while applying model for ${pieElement.id}. ${errorMessage}`,
+                elementName: controllerLookupTag,
+                elementId: pieElement.id,
+                controllerShape: describeControllerShape(controller),
+                cause: errorMessage,
+            });
             // Fall back to raw model on controller error
             pieElement.model = model;
             pieElement.session = elementSession;

package/dist/pie/updates.js.map

@@ -1 +1 @@
-{"version":3,"file":"updates.js","sourceRoot":"","sources":["../../src/pie/updates.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,iCAAiC,EAAE,MAAM,oBAAoB,CAAC;AAEvE,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEjD,OAAO,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,+FAA+F;AAC/F,MAAM,MAAM,GAAG,eAAe,CAAC,aAAa,EAAE,GAAG,EAAE,CAAC,oBAAoB,EAAE,CAAC,CAAC;AAE5E;;;GAGG;AACH,MAAM,wBAAwB,GAAG,KAAK,EACrC,OAAmB,EACnB,KAAe,EACf,cAAmB,EACnB,UAAyB,EACzB,GAAQ,EACR,SAAiB,EACD,EAAE;IAClB,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,yBAAyB,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,uBAAuB,EAAE;QACjD,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,kBAAkB,EAAE,iBAAiB,IAAI,KAAK;KAC9C,CAAC,CAAC;IAEH,qEAAqE;IACrE,MAAM,aAAa,GAAG,CAAC,EAAU,EAAE,YAAoB,EAAE,UAAe,EAAE,EAAE;QAC3E,MAAM,CAAC,KAAK,CACX,GAAG,SAAS,6BAA6B,EAAE,QAAQ,EACnD,UAAU,CACV,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;QAC1C,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAI,CAAC;QACJ,MAAM,gBAAgB,GAAG,MAAO,UAAkB,CAAC,KAAK,CACvD,KAAK,EACL,cAAc,EACd,GAAG,EACH,aAAa,CACb,CAAC;QAEF,4FAA4F;QAC5F,MAAM,aAAa,GAAG;YACrB,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,GAAG,gBAAgB;SACnB,CAAC;QAEF,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,+BAA+B,EAAE;YACzD,EAAE,EAAE,aAAa,CAAC,EAAE;YACpB,OAAO,EAAE,aAAa,CAAC,OAAO;YAC9B,kBAAkB,EAAE,iBAAiB,IAAI,aAAa;YACtD,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,IAAI,EAAE,GAAG,CAAC,IAAI;SACd,CAAC,CAAC;QAEH,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC;QAC9B,OAAO,CAAC,OAAO,GAAG,cAAc,CAAC;IAClC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,sBAAsB,EAAE,GAAG,CAAC,CAAC;QACtD,MAAM,GAAG,CAAC,CAAC,yCAAyC;IACrD,CAAC;AACF,CAAC,CAAC;AAOF,MAAM,+BAA+B,GAAG,CACvC,IAA6B,EACL,EAAE;IAC1B,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,cAAc,EAAE,wBAAwB,EAAE,GACvE,iCAAiC,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;IACnE,IAAI,CAAC,GAAG,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,CAAC,OAAO,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,cAAc,EAAE,wBAAwB,EAAE,CAAC;AAC3E,CAAC,CAAC;AAEF,MAAM,sBAAsB,GAAG,CAC9B,UAAsB,EACtB,mBAA2B,EAC3B,OAA8B,EAC9B,UAAkB,EACX,EAAE;IACT,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,cAAc,EAAE,wBAAwB,EAAE,GACvE,OAAO,CAAC;IACT,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,UAAU,CAAC,EAAE,CAEnD,CAAC;IACb,IAAI,CAAC,KAAK,EAAE,CAAC;QACZ,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,sBAAsB,EAAE,mBAAmB,CAAC,CAAC;QACvE,MAAM,IAAI,KAAK,CAAC,uBAAuB,mBAAmB,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IAE1E,yEAAyE;IACzE,IAAI,cAAc,EAAE,CAAC;QACpB,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE;YACpD,UAAU,CAAC,gBAAgB,CAAC,GAAU,EAAE,EAAE,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,IAAI,wBAAwB,EAAE,CAAC;QACrC,MAAM,UAAU,GAAG,iBAAiB,CAAC,mBAAmB,CAAC,CAAC;QAC1D,IAAI,CAAC,UAAU,EAAE,CAAC;YACjB,MAAM,CAAC,KAAK,CACX,GAAG,UAAU,yBAAyB,mBAAmB,gCAAgC,CACzF,CAAC;YACF,UAAU,CAAC,KAAK,GAAG,KAAK,CAAC;YACzB,UAAU,CAAC,OAAO,GAAG,cAAc,CAAC;YACpC,OAAO;QACR,CAAC;QAED,MAAM,CAAC,KAAK,CACX,GAAG,UAAU,4BAA4B,mBAAmB,IAAI,UAAU,CAAC,EAAE,EAAE,EAC/E;YACC,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,kBAAkB,EAAE,iBAAiB,IAAI,KAAK;SAC9C,CACD,CAAC;QAEF,wBAAwB,CACvB,UAAU,EACV,KAAK,EACL,cAAc,EACd,UAAU,EACV,GAAG,EACH,GAAG,UAAU,IAAI,mBAAmB,IAAI,UAAU,CAAC,EAAE,GAAG,CACxD,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACf,MAAM,CAAC,KAAK,CACX,GAAG,UAAU,0BAA0B,mBAAmB,IAAI,UAAU,CAAC,EAAE,GAAG,EAC9E,GAAG,CACH,CAAC;YACF,6CAA6C;YAC7C,UAAU,CAAC,KAAK,GAAG,KAAK,CAAC;YACzB,UAAU,CAAC,OAAO,GAAG,cAAc,CAAC;QACrC,CAAC,CAAC,CAAC;IACJ,CAAC;SAAM,CAAC;QACP,MAAM,CAAC,KAAK,CACX,GAAG,UAAU,gCAAgC,mBAAmB,IAAI,UAAU,CAAC,EAAE,uCAAuC,CACxH,CAAC;QACF,UAAU,CAAC,KAAK,GAAG,KAAK,CAAC;QACzB,UAAU,CAAC,OAAO,GAAG,cAAc,CAAC;IACrC,CAAC;AACF,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CACtC,EAAW,EACX,IAA6B,EACtB,EAAE;IACT,MAAM,OAAO,GAAG,+BAA+B,CAAC,IAAI,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,EAAgB,CAAC;IACpC,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;IAChD,sBAAsB,CACrB,UAAU,EACV,MAAM,EACN,OAAO,EACP,2BAA2B,CAC3B,CAAC;AACH,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC/B,MAAc,EACd,IAA6B,EACtB,EAAE;IACT,MAAM,OAAO,GAAG,+BAA+B,CAAC,IAAI,CAAC,CAAC;IACtD,MAAM,EAAE,SAAS,EAAE,GAAG,iCAAiC,CACtD,wBAAwB,EACxB,IAAI,CACJ,CAAC;IACF,0EAA0E;IAC1E,MAAM,UAAU,GAAG,SAAS,IAAI,QAAQ,CAAC;IACzC,MAAM,WAAW,GAAG,UAAU,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACxD,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,yBAAyB,MAAM,EAAE,CAAC,CAAC;QAChD,OAAO;IACR,CAAC;IACD,WAAW,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;QAC1B,MAAM,UAAU,GAAG,EAAgB,CAAC;QACpC,sBAAsB,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAChC,MAAoB,EACpB,OAAc,EACd,GAAQ,EACR,SAA8B,EACvB,EAAE;IACT,MAAM,CAAC,KAAK,CAAC,qDAAqD,EAAE,GAAG,CAAC,CAAC;IACzE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE;QAC1D,gBAAgB,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC"}
+{"version":3,"file":"updates.js","sourceRoot":"","sources":["../../src/pie/updates.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,iCAAiC,EAAE,MAAM,oBAAoB,CAAC;AAEvE,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEjD,OAAO,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,+FAA+F;AAC/F,MAAM,MAAM,GAAG,eAAe,CAAC,aAAa,EAAE,GAAG,EAAE,CAAC,oBAAoB,EAAE,CAAC,CAAC;AAW5E,MAAM,uBAAuB,GAAG,CAAC,UAAmB,EAAU,EAAE;IAC/D,IAAI,CAAC,UAAU;QAAE,OAAO,SAAS,CAAC;IAClC,IAAI,OAAO,UAAU,KAAK,UAAU;QAAE,OAAO,UAAU,CAAC;IACxD,IAAI,OAAO,UAAU,KAAK,QAAQ;QAAE,OAAO,OAAO,UAAU,CAAC;IAC7D,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAqC,CAAC,CAAC;IAChE,MAAM,YAAY,GAAI,UAAsC,CAAC,OAAO,CAAC;IACrE,MAAM,WAAW,GAChB,YAAY,IAAI,OAAO,YAAY,KAAK,QAAQ;QAC/C,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,YAAuC,CAAC;QACtD,CAAC,CAAC,EAAE,CAAC;IACP,OAAO,WAAW,CAAC,MAAM,GAAG,CAAC;QAC5B,CAAC,CAAC,gBAAgB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,kBAAkB,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI;QAC3E,CAAC,CAAC,gBAAgB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;AACvC,CAAC,CAAC;AAEF,MAAM,8BAA8B,GAAG,CACtC,UAAmB,EACiE,EAAE;IACtF,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,IAAI,OAAO,UAAU,KAAK,UAAU,EAAE,CAAC;QACtC,OAAO,UAAsF,CAAC;IAC/F,CAAC;IACD,IAAI,OAAO,UAAU,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAChD,MAAM,MAAM,GAAI,UAAsC,CAAC,KAAK,CAAC;IAC7D,IAAI,OAAO,MAAM,KAAK,UAAU,EAAE,CAAC;QAClC,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,aAAa,EAAE,EAAE,CAChD,MAAmB,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,aAAa,CAAC,CAAC;IAChF,CAAC;IACD,MAAM,WAAW,GAAI,UAAsC,CAAC,OAAO,CAAC;IACpE,IAAI,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;QACpD,MAAM,MAAM,GAAI,WAAuC,CAAC,KAAK,CAAC;QAC9D,IAAI,OAAO,MAAM,KAAK,UAAU,EAAE,CAAC;YAClC,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,aAAa,EAAE,EAAE,CAChD,MAAmB,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,aAAa,CAAC,CAAC;QACjF,CAAC;IACF,CAAC;IACD,OAAO,IAAI,CAAC;AACb,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,CAC3B,UAAsB,EACtB,MAA6B,EACtB,EAAE;IACT,UAAU,CAAC,aAAa,CACvB,IAAI,WAAW,CAAC,sBAAsB,EAAE;QACvC,MAAM;QACN,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,IAAI;KACd,CAAC,CACF,CAAC;AACH,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,wBAAwB,GAAG,KAAK,EACrC,OAAmB,EACnB,KAAe,EACf,cAAmB,EACnB,UAAmB,EACnB,GAAQ,EACR,SAAiB,EACD,EAAE;IAClB,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,yBAAyB,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,uBAAuB,EAAE;QACjD,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,kBAAkB,EAAE,iBAAiB,IAAI,KAAK;KAC9C,CAAC,CAAC;IAEH,qEAAqE;IACrE,MAAM,aAAa,GAAG,CAAC,EAAU,EAAE,YAAoB,EAAE,UAAe,EAAE,EAAE;QAC3E,MAAM,CAAC,KAAK,CACX,GAAG,SAAS,6BAA6B,EAAE,QAAQ,EACnD,UAAU,CACV,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;QAC1C,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAI,CAAC;QACJ,MAAM,aAAa,GAAG,8BAA8B,CAAC,UAAU,CAAC,CAAC;QACjE,IAAI,CAAC,aAAa,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CACd,0EAA0E,uBAAuB,CAChG,UAAU,CACV,EAAE,CACH,CAAC;QACH,CAAC;QACD,MAAM,gBAAgB,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,cAAc,EAAE,GAAG,EAAE,aAAa,CAAC,CAAC;QAExF,4FAA4F;QAC5F,MAAM,sBAAsB,GAC3B,gBAAgB,IAAI,OAAO,gBAAgB,KAAK,QAAQ;YACvD,CAAC,CAAE,gBAA4C;YAC/C,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,aAAa,GAAG;YACrB,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,GAAG,sBAAsB;SACzB,CAAC;QAEF,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,+BAA+B,EAAE;YACzD,EAAE,EAAE,aAAa,CAAC,EAAE;YACpB,OAAO,EAAE,aAAa,CAAC,OAAO;YAC9B,kBAAkB,EAAE,iBAAiB,IAAI,aAAa;YACtD,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,IAAI,EAAE,GAAG,CAAC,IAAI;SACd,CAAC,CAAC;QAEH,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC;QAC9B,OAAO,CAAC,OAAO,GAAG,cAAc,CAAC;IAClC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,sBAAsB,EAAE,GAAG,CAAC,CAAC;QACtD,MAAM,GAAG,CAAC,CAAC,yCAAyC;IACrD,CAAC;AACF,CAAC,CAAC;AAOF,MAAM,+BAA+B,GAAG,CACvC,IAA6B,EACL,EAAE;IAC1B,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,cAAc,EAAE,wBAAwB,EAAE,GACvE,iCAAiC,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;IACnE,IAAI,CAAC,GAAG,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,CAAC,OAAO,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,cAAc,EAAE,wBAAwB,EAAE,CAAC;AAC3E,CAAC,CAAC;AAEF,MAAM,sBAAsB,GAAG,CAC9B,UAAsB,EACtB,mBAA2B,EAC3B,OAA8B,EAC9B,UAAkB,EACX,EAAE;IACT,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,cAAc,EAAE,wBAAwB,EAAE,GACvE,OAAO,CAAC;IACT,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,UAAU,CAAC,EAAE,CAEnD,CAAC;IACb,IAAI,CAAC,KAAK,EAAE,CAAC;QACZ,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,sBAAsB,EAAE,mBAAmB,CAAC,CAAC;QACvE,MAAM,IAAI,KAAK,CAAC,uBAAuB,mBAAmB,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IAE1E,yEAAyE;IACzE,IAAI,cAAc,EAAE,CAAC;QACpB,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE;YACpD,UAAU,CAAC,gBAAgB,CAAC,GAAU,EAAE,EAAE,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,IAAI,wBAAwB,EAAE,CAAC;QACrC,MAAM,UAAU,GAAG,iBAAiB,CAAC,mBAAmB,CAAC,CAAC;QAC1D,IAAI,CAAC,UAAU,EAAE,CAAC;YACjB,MAAM,CAAC,KAAK,CACX,GAAG,UAAU,yBAAyB,mBAAmB,gCAAgC,CACzF,CAAC;YACF,UAAU,CAAC,KAAK,GAAG,KAAK,CAAC;YACzB,UAAU,CAAC,OAAO,GAAG,cAAc,CAAC;YACpC,OAAO;QACR,CAAC;QAED,MAAM,CAAC,KAAK,CACX,GAAG,UAAU,4BAA4B,mBAAmB,IAAI,UAAU,CAAC,EAAE,EAAE,EAC/E;YACC,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,kBAAkB,EAAE,iBAAiB,IAAI,KAAK;SAC9C,CACD,CAAC;QAEF,wBAAwB,CACvB,UAAU,EACV,KAAK,EACL,cAAc,EACd,UAAU,EACV,GAAG,EACH,GAAG,UAAU,IAAI,mBAAmB,IAAI,UAAU,CAAC,EAAE,GAAG,CACxD,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACf,MAAM,YAAY,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACtE,MAAM,eAAe,GAAG,YAAY,CAAC,QAAQ,CAC5C,8BAA8B,CAC9B,CAAC;YACF,MAAM,CAAC,KAAK,CACX,GAAG,UAAU,0BAA0B,mBAAmB,IAAI,UAAU,CAAC,EAAE,GAAG,EAC9E,GAAG,CACH,CAAC;YACF,mBAAmB,CAAC,UAAU,EAAE;gBAC/B,IAAI,EAAE,eAAe;oBACpB,CAAC,CAAC,+BAA+B;oBACjC,CAAC,CAAC,8BAA8B;gBACjC,OAAO,EAAE,GAAG,mBAAmB,+CAA+C,UAAU,CAAC,EAAE,KAAK,YAAY,EAAE;gBAC9G,WAAW,EAAE,mBAAmB;gBAChC,SAAS,EAAE,UAAU,CAAC,EAAE;gBACxB,eAAe,EAAE,uBAAuB,CAAC,UAAU,CAAC;gBACpD,KAAK,EAAE,YAAY;aACnB,CAAC,CAAC;YACH,6CAA6C;YAC7C,UAAU,CAAC,KAAK,GAAG,KAAK,CAAC;YACzB,UAAU,CAAC,OAAO,GAAG,cAAc,CAAC;QACrC,CAAC,CAAC,CAAC;IACJ,CAAC;SAAM,CAAC;QACP,MAAM,CAAC,KAAK,CACX,GAAG,UAAU,gCAAgC,mBAAmB,IAAI,UAAU,CAAC,EAAE,uCAAuC,CACxH,CAAC;QACF,UAAU,CAAC,KAAK,GAAG,KAAK,CAAC;QACzB,UAAU,CAAC,OAAO,GAAG,cAAc,CAAC;IACrC,CAAC;AACF,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CACtC,EAAW,EACX,IAA6B,EACtB,EAAE;IACT,MAAM,OAAO,GAAG,+BAA+B,CAAC,IAAI,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,EAAgB,CAAC;IACpC,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;IAChD,sBAAsB,CACrB,UAAU,EACV,MAAM,EACN,OAAO,EACP,2BAA2B,CAC3B,CAAC;AACH,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC/B,MAAc,EACd,IAA6B,EACtB,EAAE;IACT,MAAM,OAAO,GAAG,+BAA+B,CAAC,IAAI,CAAC,CAAC;IACtD,MAAM,EAAE,SAAS,EAAE,GAAG,iCAAiC,CACtD,wBAAwB,EACxB,IAAI,CACJ,CAAC;IACF,0EAA0E;IAC1E,MAAM,UAAU,GAAG,SAAS,IAAI,QAAQ,CAAC;IACzC,MAAM,WAAW,GAAG,UAAU,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACxD,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,yBAAyB,MAAM,EAAE,CAAC,CAAC;QAChD,OAAO;IACR,CAAC;IACD,WAAW,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;QAC1B,MAAM,UAAU,GAAG,EAAgB,CAAC;QACpC,sBAAsB,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAChC,MAAoB,EACpB,OAAc,EACd,GAAQ,EACR,SAA8B,EACvB,EAAE;IACT,MAAM,CAAC,KAAK,CAAC,qDAAqD,EAAE,GAAG,CAAC,CAAC;IACzE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE;QAC1D,gBAAgB,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/dist/security/index.d.ts

@@ -0,0 +1,5 @@
+export { buildAuthoringAllowList, createDefaultItemMarkupSanitizer, resetPurifierForTesting, sanitizeItemMarkup, type ItemMarkupSanitizer, type SanitizeItemMarkupOptions, } from "./sanitize-item-markup.js";
+export { parseAllowedStyleOrigins, validateExternalStyleUrl, type StyleUrlValidationError, type StyleUrlValidationOk, type StyleUrlValidationOptions, type StyleUrlValidationResult, } from "./validate-style-url.js";
+export { resetSvgSanitizerForTesting, sanitizeSvgIcon, } from "./sanitize-svg-icon.js";
+export { wrapOverwideImages } from "./wrap-overwide-images.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,uBAAuB,EACvB,gCAAgC,EAChC,uBAAuB,EACvB,kBAAkB,EAClB,KAAK,mBAAmB,EACxB,KAAK,yBAAyB,GAC9B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACN,wBAAwB,EACxB,wBAAwB,EACxB,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,EACzB,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,GAC7B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACN,2BAA2B,EAC3B,eAAe,GACf,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC"}

package/dist/security/index.js

@@ -0,0 +1,5 @@
+export { buildAuthoringAllowList, createDefaultItemMarkupSanitizer, resetPurifierForTesting, sanitizeItemMarkup, } from "./sanitize-item-markup.js";
+export { parseAllowedStyleOrigins, validateExternalStyleUrl, } from "./validate-style-url.js";
+export { resetSvgSanitizerForTesting, sanitizeSvgIcon, } from "./sanitize-svg-icon.js";
+export { wrapOverwideImages } from "./wrap-overwide-images.js";
+//# sourceMappingURL=index.js.map

package/dist/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,uBAAuB,EACvB,gCAAgC,EAChC,uBAAuB,EACvB,kBAAkB,GAGlB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACN,wBAAwB,EACxB,wBAAwB,GAKxB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACN,2BAA2B,EAC3B,eAAe,GACf,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC"}

package/dist/security/sanitize-item-markup.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Default sanitizer for PIE item / passage markup.
+ *
+ * Used by `PieItemPlayer.svelte` to strip scripts, event-handler attributes,
+ * and unknown tags before injecting authored markup via `{@html}`. Hosts can
+ * opt out with the `trust-markup` attribute on the `<pie-*-player>` element,
+ * or supply their own sanitizer function if they need a stricter / looser
+ * allow-list.
+ */
+export type ItemMarkupSanitizer = (markup: string) => string;
+export interface SanitizeItemMarkupOptions {
+    /**
+     * Extra custom-element tag names that should survive sanitization in
+     * addition to the default `pie-*` allow-list. Useful for authoring-mode
+     * tags that rewrite to `pie-*-config` or host-registered extensions.
+     */
+    allowedCustomElements?: string[];
+}
+/**
+ * Sanitize raw item/passage markup before it is injected into the DOM.
+ *
+ * - Strips `<script>`, event-handler attributes, unknown protocols and
+ *   a standard set of dangerous tags (`iframe`, `object`, `embed`, `base`,
+ *   `form`, `meta`, `link`).
+ * - Preserves PIE custom elements (`pie-*`) and any extra tags listed in
+ *   `allowedCustomElements`.
+ * - During SSR (no `window`) returns an empty string so untrusted markup
+ *   never reaches the prerender output; the live renderer will re-run the
+ *   sanitizer on hydrate.
+ */
+export declare function sanitizeItemMarkup(markup: string, options?: SanitizeItemMarkupOptions): string;
+/**
+ * Build the default `ItemMarkupSanitizer` used by the players. The returned
+ * function is stable for a given set of allowed custom elements so callers
+ * can safely use reference equality when deciding whether to re-sanitize.
+ */
+export declare function createDefaultItemMarkupSanitizer(options?: SanitizeItemMarkupOptions): ItemMarkupSanitizer;
+/**
+ * Derive the authoring-mode allow-list (`pie-*-config`) from a set of PIE
+ * element tag names. Used by `transformMarkupForAuthoring` so the sanitizer
+ * keeps the rewritten `-config` tags instead of stripping them.
+ */
+export declare function buildAuthoringAllowList(elementTagNames: Iterable<string>): string[];
+/** Reset the memoised DOMPurify instance. Only intended for tests. */
+export declare function resetPurifierForTesting(): void;
+//# sourceMappingURL=sanitize-item-markup.d.ts.map

package/dist/security/sanitize-item-markup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize-item-markup.d.ts","sourceRoot":"","sources":["../../src/security/sanitize-item-markup.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,MAAM,MAAM,mBAAmB,GAAG,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,CAAC;AAE7D,MAAM,WAAW,yBAAyB;IACzC;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;CACjC;AAgGD;;;;;;;;;;;GAWG;AACH,wBAAgB,kBAAkB,CACjC,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,yBAA8B,GACrC,MAAM,CAiDR;AAED;;;;GAIG;AACH,wBAAgB,gCAAgC,CAC/C,OAAO,GAAE,yBAA8B,GACrC,mBAAmB,CAIrB;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CACtC,eAAe,EAAE,QAAQ,CAAC,MAAM,CAAC,GAC/B,MAAM,EAAE,CASV;AAED,sEAAsE;AACtE,wBAAgB,uBAAuB,SAEtC"}

package/dist/security/sanitize-item-markup.js

@@ -0,0 +1,174 @@
+/**
+ * Default sanitizer for PIE item / passage markup.
+ *
+ * Used by `PieItemPlayer.svelte` to strip scripts, event-handler attributes,
+ * and unknown tags before injecting authored markup via `{@html}`. Hosts can
+ * opt out with the `trust-markup` attribute on the `<pie-*-player>` element,
+ * or supply their own sanitizer function if they need a stricter / looser
+ * allow-list.
+ */
+import DOMPurify from "dompurify";
+import { wrapOverwideImages } from "./wrap-overwide-images.js";
+// Attributes every PIE element / wrapper is allowed to carry.
+const BASE_ALLOWED_ATTRS = [
+    "slot",
+    "role",
+    "tabindex",
+    "id",
+    "class",
+    "style",
+    "href",
+    "src",
+    "alt",
+    "title",
+    "hidden",
+    "disabled",
+    "lang",
+    "dir",
+];
+const BASE_URI_SAFE_ATTRS = ["pie-id"];
+const FORBIDDEN_TAGS = [
+    "script",
+    "iframe",
+    "object",
+    "embed",
+    "base",
+    "form",
+    "meta",
+    "link",
+    // <foreignObject> inside an <svg> is a well-known escape hatch back
+    // into HTML context; match the SVG-icon sanitizer and forbid it here
+    // so both sanitizers agree on the surface.
+    "foreignobject",
+];
+// DOMPurify already strips `on*` handlers via its default block-list;
+// these entries guarantee they stay stripped even if a consumer tweaks
+// defaults, and they cover the common SVG / math sinks.
+const FORBIDDEN_ATTRS = [
+    "onerror",
+    "onload",
+    "onclick",
+    "onmouseover",
+    "onmouseout",
+    "onmouseenter",
+    "onmouseleave",
+    "onfocus",
+    "onblur",
+    "onkeydown",
+    "onkeyup",
+    "onkeypress",
+    "onsubmit",
+    "onchange",
+    "onbeforeunload",
+    "formaction",
+    "xlink:href",
+];
+// Any tag that looks like a custom element (contains a hyphen) is permitted
+// provided it starts with `pie-` or is explicitly named in
+// `allowedCustomElements`. This intentionally keeps third-party unknown
+// custom elements out unless the host opts in.
+const PIE_CUSTOM_ELEMENT_REGEX = /^pie-[a-z0-9-]+$/i;
+// Attribute names that custom elements are allowed to declare. We stay
+// permissive for the PIE element contract (`model-*`, `session-*`, ...) and
+// the standard `data-*` / `aria-*` families.
+const CUSTOM_ELEMENT_ATTR_REGEX = /^(id|class|style|slot|role|tabindex|hidden|disabled|lang|dir|data-[\w-]+|aria-[\w-]+|pie-[\w-]+|model-[\w-]+|session-[\w-]+|config-[\w-]+|context-[\w-]+)$/i;
+let purifierInstance = null;
+function resolvePurifier() {
+    if (purifierInstance)
+        return purifierInstance;
+    if (typeof window === "undefined" || !window.document)
+        return null;
+    // DOMPurify's default export is both the instance and the factory.
+    // Calling it with a window binds the instance to that document.
+    const factory = DOMPurify;
+    purifierInstance =
+        typeof factory === "function"
+            ? factory(window)
+            : DOMPurify;
+    return purifierInstance;
+}
+/**
+ * Sanitize raw item/passage markup before it is injected into the DOM.
+ *
+ * - Strips `<script>`, event-handler attributes, unknown protocols and
+ *   a standard set of dangerous tags (`iframe`, `object`, `embed`, `base`,
+ *   `form`, `meta`, `link`).
+ * - Preserves PIE custom elements (`pie-*`) and any extra tags listed in
+ *   `allowedCustomElements`.
+ * - During SSR (no `window`) returns an empty string so untrusted markup
+ *   never reaches the prerender output; the live renderer will re-run the
+ *   sanitizer on hydrate.
+ */
+export function sanitizeItemMarkup(markup, options = {}) {
+    if (!markup)
+        return "";
+    const purifier = resolvePurifier();
+    if (!purifier)
+        return "";
+    const allowedCustomElements = (options.allowedCustomElements ?? []).map((name) => name.toLowerCase());
+    const explicitCustomElementSet = new Set(allowedCustomElements);
+    const result = purifier.sanitize(markup, {
+        ADD_TAGS: allowedCustomElements,
+        ADD_ATTR: BASE_ALLOWED_ATTRS,
+        ADD_URI_SAFE_ATTR: BASE_URI_SAFE_ATTRS,
+        FORBID_TAGS: FORBIDDEN_TAGS,
+        FORBID_ATTR: FORBIDDEN_ATTRS,
+        ALLOW_UNKNOWN_PROTOCOLS: false,
+        SANITIZE_DOM: true,
+        // pie-item contract compatibility: PIE models are matched to DOM
+        // elements via strict `id` equality (see `updateSinglePieElement`
+        // in players-shared/src/pie/updates.ts). `SANITIZE_NAMED_PROPS`
+        // would prefix every `id`/`name` with `user-content-`, which silently
+        // breaks model lookup for every item. `SANITIZE_DOM: true` above
+        // still provides the core DOM-clobbering defenses we rely on.
+        SANITIZE_NAMED_PROPS: false,
+        WHOLE_DOCUMENT: false,
+        ALLOW_DATA_ATTR: true,
+        ALLOW_ARIA_ATTR: true,
+        CUSTOM_ELEMENT_HANDLING: {
+            tagNameCheck: (tagName) => {
+                const lower = tagName.toLowerCase();
+                return (PIE_CUSTOM_ELEMENT_REGEX.test(lower) ||
+                    explicitCustomElementSet.has(lower));
+            },
+            attributeNameCheck: (attrName) => CUSTOM_ELEMENT_ATTR_REGEX.test(attrName),
+            allowCustomizedBuiltInElements: false,
+        },
+        RETURN_TRUSTED_TYPE: false,
+    });
+    const sanitized = typeof result === "string" ? result : String(result ?? "");
+    // PIE-94: wrap overwide authored images in a horizontal-scroll container
+    // so they don't get clipped by ancestor `overflow-x: hidden` regions in
+    // the section player (and match WCAG 1.4.10 Reflow at 400% zoom).
+    return wrapOverwideImages(sanitized);
+}
+/**
+ * Build the default `ItemMarkupSanitizer` used by the players. The returned
+ * function is stable for a given set of allowed custom elements so callers
+ * can safely use reference equality when deciding whether to re-sanitize.
+ */
+export function createDefaultItemMarkupSanitizer(options = {}) {
+    const { allowedCustomElements } = options;
+    return (markup) => sanitizeItemMarkup(markup, { allowedCustomElements });
+}
+/**
+ * Derive the authoring-mode allow-list (`pie-*-config`) from a set of PIE
+ * element tag names. Used by `transformMarkupForAuthoring` so the sanitizer
+ * keeps the rewritten `-config` tags instead of stripping them.
+ */
+export function buildAuthoringAllowList(elementTagNames) {
+    const out = new Set();
+    for (const tag of elementTagNames) {
+        if (!tag)
+            continue;
+        const lower = tag.toLowerCase();
+        out.add(lower);
+        out.add(`${lower}-config`);
+    }
+    return [...out];
+}
+/** Reset the memoised DOMPurify instance. Only intended for tests. */
+export function resetPurifierForTesting() {
+    purifierInstance = null;
+}
+//# sourceMappingURL=sanitize-item-markup.js.map

package/dist/security/sanitize-item-markup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize-item-markup.js","sourceRoot":"","sources":["../../src/security/sanitize-item-markup.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAa/D,8DAA8D;AAC9D,MAAM,kBAAkB,GAAG;IAC1B,MAAM;IACN,MAAM;IACN,UAAU;IACV,IAAI;IACJ,OAAO;IACP,OAAO;IACP,MAAM;IACN,KAAK;IACL,KAAK;IACL,OAAO;IACP,QAAQ;IACR,UAAU;IACV,MAAM;IACN,KAAK;CACL,CAAC;AAEF,MAAM,mBAAmB,GAAG,CAAC,QAAQ,CAAC,CAAC;AAEvC,MAAM,cAAc,GAAG;IACtB,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,oEAAoE;IACpE,qEAAqE;IACrE,2CAA2C;IAC3C,eAAe;CACf,CAAC;AAEF,sEAAsE;AACtE,uEAAuE;AACvE,wDAAwD;AACxD,MAAM,eAAe,GAAG;IACvB,SAAS;IACT,QAAQ;IACR,SAAS;IACT,aAAa;IACb,YAAY;IACZ,cAAc;IACd,cAAc;IACd,SAAS;IACT,QAAQ;IACR,WAAW;IACX,SAAS;IACT,YAAY;IACZ,UAAU;IACV,UAAU;IACV,gBAAgB;IAChB,YAAY;IACZ,YAAY;CACZ,CAAC;AAEF,4EAA4E;AAC5E,2DAA2D;AAC3D,wEAAwE;AACxE,+CAA+C;AAC/C,MAAM,wBAAwB,GAAG,mBAAmB,CAAC;AAErD,uEAAuE;AACvE,4EAA4E;AAC5E,6CAA6C;AAC7C,MAAM,yBAAyB,GAC9B,6JAA6J,CAAC;AAS/J,IAAI,gBAAgB,GAA6B,IAAI,CAAC;AAEtD,SAAS,eAAe;IACvB,IAAI,gBAAgB;QAAE,OAAO,gBAAgB,CAAC;IAC9C,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IACnE,mEAAmE;IACnE,gEAAgE;IAChE,MAAM,OAAO,GAAG,SAEM,CAAC;IACvB,gBAAgB;QACf,OAAO,OAAO,KAAK,UAAU;YAC5B,CAAC,CAAC,OAAO,CAAC,MAAoC,CAAC;YAC/C,CAAC,CAAE,SAA0C,CAAC;IAChD,OAAO,gBAAgB,CAAC;AACzB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,kBAAkB,CACjC,MAAc,EACd,UAAqC,EAAE;IAEvC,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IACvB,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IAEzB,MAAM,qBAAqB,GAAG,CAAC,OAAO,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC,GAAG,CACtE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAC5B,CAAC;IACF,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAEhE,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE;QACxC,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,kBAAkB;QAC5B,iBAAiB,EAAE,mBAAmB;QACtC,WAAW,EAAE,cAAc;QAC3B,WAAW,EAAE,eAAe;QAC5B,uBAAuB,EAAE,KAAK;QAC9B,YAAY,EAAE,IAAI;QAClB,iEAAiE;QACjE,kEAAkE;QAClE,gEAAgE;QAChE,sEAAsE;QACtE,iEAAiE;QACjE,8DAA8D;QAC9D,oBAAoB,EAAE,KAAK;QAC3B,cAAc,EAAE,KAAK;QACrB,eAAe,EAAE,IAAI;QACrB,eAAe,EAAE,IAAI;QACrB,uBAAuB,EAAE;YACxB,YAAY,EAAE,CAAC,OAAe,EAAE,EAAE;gBACjC,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;gBACpC,OAAO,CACN,wBAAwB,CAAC,IAAI,CAAC,KAAK,CAAC;oBACpC,wBAAwB,CAAC,GAAG,CAAC,KAAK,CAAC,CACnC,CAAC;YACH,CAAC;YACD,kBAAkB,EAAE,CAAC,QAAgB,EAAE,EAAE,CACxC,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC;YACzC,8BAA8B,EAAE,KAAK;SACrC;QACD,mBAAmB,EAAE,KAAK;KAC1B,CAAC,CAAC;IAEH,MAAM,SAAS,GACd,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IAC5D,yEAAyE;IACzE,wEAAwE;IACxE,kEAAkE;IAClE,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;AACtC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gCAAgC,CAC/C,UAAqC,EAAE;IAEvC,MAAM,EAAE,qBAAqB,EAAE,GAAG,OAAO,CAAC;IAC1C,OAAO,CAAC,MAAc,EAAE,EAAE,CACzB,kBAAkB,CAAC,MAAM,EAAE,EAAE,qBAAqB,EAAE,CAAC,CAAC;AACxD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CACtC,eAAiC;IAEjC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACnC,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAChC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACf,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;IAC5B,CAAC;IACD,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;AACjB,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,uBAAuB;IACtC,gBAAgB,GAAG,IAAI,CAAC;AACzB,CAAC"}

package/dist/security/sanitize-svg-icon.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Sanitize an SVG string intended to be rendered as an icon.
+ *
+ * Used by toolbars and tool-button components when their icon prop is an
+ * inline SVG supplied by a tool configuration. Runs DOMPurify with the
+ * SVG profile, forbids `<script>` / `<foreignObject>` and strips
+ * event-handler attributes.
+ *
+ * Returns an empty string when `window` / `document` are unavailable (SSR)
+ * or the input is not a string.
+ */
+export declare function sanitizeSvgIcon(icon: unknown): string;
+/** Reset sanitizer state. Intended for tests. */
+export declare function resetSvgSanitizerForTesting(): void;
+//# sourceMappingURL=sanitize-svg-icon.d.ts.map

package/dist/security/sanitize-svg-icon.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize-svg-icon.d.ts","sourceRoot":"","sources":["../../src/security/sanitize-svg-icon.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAwDH,wBAAgB,eAAe,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,CA2BrD;AAED,iDAAiD;AACjD,wBAAgB,2BAA2B,SAG1C"}

package/dist/security/sanitize-svg-icon.js

@@ -0,0 +1,89 @@
+/**
+ * Sanitize an SVG string intended to be rendered as an icon.
+ *
+ * Used by toolbars and tool-button components when their icon prop is an
+ * inline SVG supplied by a tool configuration. Runs DOMPurify with the
+ * SVG profile, forbids `<script>` / `<foreignObject>` and strips
+ * event-handler attributes.
+ *
+ * Returns an empty string when `window` / `document` are unavailable (SSR)
+ * or the input is not a string.
+ */
+import DOMPurify from "dompurify";
+let svgPurifierInstance = null;
+function resolveSvgPurifier() {
+    if (svgPurifierInstance)
+        return svgPurifierInstance;
+    if (typeof window === "undefined" || !window.document)
+        return null;
+    const factory = DOMPurify;
+    svgPurifierInstance =
+        typeof factory === "function"
+            ? factory(window)
+            : DOMPurify;
+    return svgPurifierInstance;
+}
+const FORBIDDEN_TAGS = [
+    "script",
+    "foreignobject",
+    "iframe",
+    "object",
+    "embed",
+    "base",
+    "form",
+];
+const FORBIDDEN_ATTRS = [
+    "onerror",
+    "onload",
+    "onclick",
+    "onmouseover",
+    "onmouseout",
+    "onmouseenter",
+    "onmouseleave",
+    "onfocus",
+    "onblur",
+    "onkeydown",
+    "onkeyup",
+    "onkeypress",
+    "formaction",
+    "xlink:href",
+];
+const stringCache = new Map();
+const STRING_CACHE_MAX = 64;
+export function sanitizeSvgIcon(icon) {
+    if (typeof icon !== "string" || icon.length === 0)
+        return "";
+    const trimmed = icon.trimStart();
+    if (!trimmed.toLowerCase().startsWith("<svg"))
+        return "";
+    const cached = stringCache.get(icon);
+    if (cached !== undefined)
+        return cached;
+    const purifier = resolveSvgPurifier();
+    if (!purifier)
+        return "";
+    const result = purifier.sanitize(icon, {
+        USE_PROFILES: { svg: true, svgFilters: true },
+        FORBID_TAGS: FORBIDDEN_TAGS,
+        FORBID_ATTR: FORBIDDEN_ATTRS,
+        ALLOW_UNKNOWN_PROTOCOLS: false,
+        RETURN_TRUSTED_TYPE: false,
+    });
+    const str = typeof result === "string" ? result : String(result ?? "");
+    if (stringCache.size >= STRING_CACHE_MAX) {
+        // Naive LRU: clear oldest half when the cache fills up. Tool icons are
+        // a small fixed set per assessment so this is rarely hit.
+        const keys = [...stringCache.keys()];
+        for (let i = 0; i < keys.length / 2; i += 1) {
+            stringCache.delete(keys[i]);
+        }
+    }
+    stringCache.set(icon, str);
+    return str;
+}
+/** Reset sanitizer state. Intended for tests. */
+export function resetSvgSanitizerForTesting() {
+    svgPurifierInstance = null;
+    stringCache.clear();
+}
+//# sourceMappingURL=sanitize-svg-icon.js.map

package/dist/security/sanitize-svg-icon.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize-svg-icon.js","sourceRoot":"","sources":["../../src/security/sanitize-svg-icon.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,SAAS,MAAM,WAAW,CAAC;AASlC,IAAI,mBAAmB,GAA6B,IAAI,CAAC;AAEzD,SAAS,kBAAkB;IAC1B,IAAI,mBAAmB;QAAE,OAAO,mBAAmB,CAAC;IACpD,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IACnE,MAAM,OAAO,GAAG,SAEM,CAAC;IACvB,mBAAmB;QAClB,OAAO,OAAO,KAAK,UAAU;YAC5B,CAAC,CAAC,OAAO,CAAC,MAAoC,CAAC;YAC/C,CAAC,CAAE,SAA0C,CAAC;IAChD,OAAO,mBAAmB,CAAC;AAC5B,CAAC;AAED,MAAM,cAAc,GAAG;IACtB,QAAQ;IACR,eAAe;IACf,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,MAAM;IACN,MAAM;CACN,CAAC;AAEF,MAAM,eAAe,GAAG;IACvB,SAAS;IACT,QAAQ;IACR,SAAS;IACT,aAAa;IACb,YAAY;IACZ,cAAc;IACd,cAAc;IACd,SAAS;IACT,QAAQ;IACR,WAAW;IACX,SAAS;IACT,YAAY;IACZ,YAAY;IACZ,YAAY;CACZ,CAAC;AAEF,MAAM,WAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,EAAE,CAAC;AAE5B,MAAM,UAAU,eAAe,CAAC,IAAa;IAC5C,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;IACjC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC;IACzD,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACrC,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IAExC,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IACtC,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IACzB,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;QACtC,YAAY,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;QAC7C,WAAW,EAAE,cAAc;QAC3B,WAAW,EAAE,eAAe;QAC5B,uBAAuB,EAAE,KAAK;QAC9B,mBAAmB,EAAE,KAAK;KAC1B,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IACvE,IAAI,WAAW,CAAC,IAAI,IAAI,gBAAgB,EAAE,CAAC;QAC1C,uEAAuE;QACvE,0DAA0D;QAC1D,MAAM,IAAI,GAAG,CAAC,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;QACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7C,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;IACF,CAAC;IACD,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,OAAO,GAAG,CAAC;AACZ,CAAC;AAED,iDAAiD;AACjD,MAAM,UAAU,2BAA2B;IAC1C,mBAAmB,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,KAAK,EAAE,CAAC;AACrB,CAAC"}

package/dist/security/validate-style-url.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Validate that an external stylesheet URL supplied via
+ * `<pie-item-player external-style-urls="...">` (or the
+ * `itemConfig.resources.stylesheets[*].url` path) is safe to load.
+ *
+ * - Only `http:` / `https:` are allowed; `javascript:`, `data:`, `file:`
+ *   and custom schemes are rejected.
+ * - When `allowedOrigins` is non-empty, the URL's origin must match one
+ *   of the listed origins. This lets hosts restrict style loading to a
+ *   known CDN allow-list.
+ */
+export type StyleUrlValidationOk = {
+    ok: true;
+    resolvedUrl: URL;
+};
+export type StyleUrlValidationError = {
+    ok: false;
+    reason: "invalid-url" | "disallowed-protocol" | "disallowed-origin";
+    message: string;
+};
+export type StyleUrlValidationResult = StyleUrlValidationOk | StyleUrlValidationError;
+export interface StyleUrlValidationOptions {
+    baseUrl?: string;
+    allowedOrigins?: string[];
+}
+export declare function validateExternalStyleUrl(url: unknown, options?: StyleUrlValidationOptions): StyleUrlValidationResult;
+export declare function parseAllowedStyleOrigins(raw: unknown): string[];
+//# sourceMappingURL=validate-style-url.d.ts.map

package/dist/security/validate-style-url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-style-url.d.ts","sourceRoot":"","sources":["../../src/security/validate-style-url.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,MAAM,oBAAoB,GAAG;IAClC,EAAE,EAAE,IAAI,CAAC;IACT,WAAW,EAAE,GAAG,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACrC,EAAE,EAAE,KAAK,CAAC;IACV,MAAM,EAAE,aAAa,GAAG,qBAAqB,GAAG,mBAAmB,CAAC;IACpE,OAAO,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GACjC,oBAAoB,GACpB,uBAAuB,CAAC;AAE3B,MAAM,WAAW,yBAAyB;IACzC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,wBAAgB,wBAAwB,CACvC,GAAG,EAAE,OAAO,EACZ,OAAO,GAAE,yBAA8B,GACrC,wBAAwB,CAoC1B;AAED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,EAAE,CAM/D"}

package/dist/security/validate-style-url.js

@@ -0,0 +1,58 @@
+/**
+ * Validate that an external stylesheet URL supplied via
+ * `<pie-item-player external-style-urls="...">` (or the
+ * `itemConfig.resources.stylesheets[*].url` path) is safe to load.
+ *
+ * - Only `http:` / `https:` are allowed; `javascript:`, `data:`, `file:`
+ *   and custom schemes are rejected.
+ * - When `allowedOrigins` is non-empty, the URL's origin must match one
+ *   of the listed origins. This lets hosts restrict style loading to a
+ *   known CDN allow-list.
+ */
+export function validateExternalStyleUrl(url, options = {}) {
+    if (typeof url !== "string" || url.length === 0) {
+        return {
+            ok: false,
+            reason: "invalid-url",
+            message: "External stylesheet URL must be a non-empty string.",
+        };
+    }
+    let resolvedUrl;
+    try {
+        resolvedUrl = options.baseUrl
+            ? new URL(url, options.baseUrl)
+            : new URL(url);
+    }
+    catch (err) {
+        return {
+            ok: false,
+            reason: "invalid-url",
+            message: `External stylesheet URL could not be parsed: ${String(err)}`,
+        };
+    }
+    if (resolvedUrl.protocol !== "http:" && resolvedUrl.protocol !== "https:") {
+        return {
+            ok: false,
+            reason: "disallowed-protocol",
+            message: `External stylesheet protocol ${resolvedUrl.protocol} is not allowed (only http/https).`,
+        };
+    }
+    const allowed = options.allowedOrigins ?? [];
+    if (allowed.length > 0 && !allowed.includes(resolvedUrl.origin)) {
+        return {
+            ok: false,
+            reason: "disallowed-origin",
+            message: `External stylesheet origin ${resolvedUrl.origin} is not in the configured allow-list.`,
+        };
+    }
+    return { ok: true, resolvedUrl };
+}
+export function parseAllowedStyleOrigins(raw) {
+    if (typeof raw !== "string" || raw.length === 0)
+        return [];
+    return raw
+        .split(",")
+        .map((entry) => entry.trim())
+        .filter((entry) => entry.length > 0);
+}
+//# sourceMappingURL=validate-style-url.js.map

package/dist/security/validate-style-url.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-style-url.js","sourceRoot":"","sources":["../../src/security/validate-style-url.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAsBH,MAAM,UAAU,wBAAwB,CACvC,GAAY,EACZ,UAAqC,EAAE;IAEvC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO;YACN,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,aAAa;YACrB,OAAO,EAAE,qDAAqD;SAC9D,CAAC;IACH,CAAC;IACD,IAAI,WAAgB,CAAC;IACrB,IAAI,CAAC;QACJ,WAAW,GAAG,OAAO,CAAC,OAAO;YAC5B,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC;YAC/B,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,OAAO;YACN,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,aAAa;YACrB,OAAO,EAAE,gDAAgD,MAAM,CAAC,GAAG,CAAC,EAAE;SACtE,CAAC;IACH,CAAC;IACD,IAAI,WAAW,CAAC,QAAQ,KAAK,OAAO,IAAI,WAAW,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC3E,OAAO;YACN,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,qBAAqB;YAC7B,OAAO,EAAE,gCAAgC,WAAW,CAAC,QAAQ,oCAAoC;SACjG,CAAC;IACH,CAAC;IACD,MAAM,OAAO,GAAG,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC;IAC7C,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;QACjE,OAAO;YACN,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,mBAAmB;YAC3B,OAAO,EAAE,8BAA8B,WAAW,CAAC,MAAM,uCAAuC;SAChG,CAAC;IACH,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,GAAY;IACpD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC3D,OAAO,GAAG;SACR,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACvC,CAAC"}

package/dist/security/wrap-overwide-images.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Wraps authored `<img>` elements with a horizontally scrollable container so
+ * images that are wider than their column surface a scrollbar instead of being
+ * clipped by ancestor `overflow-x: hidden` regions (PIE-94).
+ *
+ * The wrapper is rendered as
+ * `<span class="pie-image-scroll" tabindex="0" role="region" aria-label="...">`
+ * and receives the accompanying CSS from `@pie-players/pie-theme`. The CSS uses
+ * `overflow-x: auto` so small images stay visually unchanged: a scrollbar only
+ * appears when the image's intrinsic width exceeds the wrapper's available
+ * space (including at higher browser-zoom levels, which is the original driver
+ * for this change — WCAG 1.4.10 Reflow at 400% zoom).
+ *
+ * This helper runs as a post-sanitization step inside `sanitizeItemMarkup`, so
+ * every host that renders authored markup through the shared
+ * `pie-item-player` (including the section player) benefits uniformly.
+ */
+/**
+ * Wrap `<img>` elements in `markup` with a horizontal-scroll container.
+ *
+ * - No-ops on empty input.
+ * - No-ops during SSR (no `window` / `DOMParser`) — the markup is returned
+ *   unchanged; the browser re-run on hydrate will perform the wrap.
+ * - Idempotent: images whose direct parent already carries the
+ *   `pie-image-scroll` class are left alone.
+ * - Leaves images inside PIE custom elements (`<pie-*>`) alone. Those are
+ *   rendered by the element's own template / shadow DOM and should not be
+ *   restructured by the authored-markup pipeline.
+ */
+export declare function wrapOverwideImages(markup: string): string;
+//# sourceMappingURL=wrap-overwide-images.d.ts.map

package/dist/security/wrap-overwide-images.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wrap-overwide-images.d.ts","sourceRoot":"","sources":["../../src/security/wrap-overwide-images.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAyBH;;;;;;;;;;;GAWG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAqDzD"}