@pie-players/pie-players-shared 0.3.29 → 0.3.31

package/dist/pie/use-resource-monitor.svelte.js.map

@@ -1 +1 @@
-{"version":3,"file":"use-resource-monitor.svelte.js","sourceRoot":"","sources":["../../src/pie/use-resource-monitor.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAEnC,OAAO,EAAE,yBAAyB,EAAE,MAAM,uCAAuC,CAAC;AAClF,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD,gEAAgE;AAChE,MAAM,uBAAuB,GAAG,IAAI,CAAC;AAErC;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CACjC,cAAwC,EACxC,eAAmC,EACnC,eAA8B,EAC9B,gBAAwB,YAAY;IAEpC,MAAM,MAAM,GAAG,eAAe,CAAC,sBAAsB,EAAE,eAAe,CAAC,CAAC;IAExE,IAAI,OAAO,GAAG,MAAM,CAAyB,IAAI,CAAC,CAAC;IACnD,IAAI,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,iBAAiB,GAAG,MAAM,CAAqB,IAAI,CAAC,CAAC;IACzD,IAAI,gBAAgB,GAAG,MAAM,CAAS,EAAE,CAAC,CAAC;IAC1C,IAAI,cAAc,GAAG,MAAM,CAC1B,SAAS,CACT,CAAC;IAEF,sDAAsD;IACtD,OAAO,CAAC,GAAG,EAAE;QACZ,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;QACrC,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;QACvC,MAAM,wBAAwB,GAAG,YAAY,EAAE,gBAAgB,IAAI,KAAK,CAAC;QACzE,MAAM,kBAAkB,GACvB,YAAY,EAAE,kBAAkB;YAChC,qBAAqB,CAAC,kBAAkB,CAAC;QAC1C,MAAM,kBAAkB,GACvB,YAAY,EAAE,kBAAkB;YAChC,qBAAqB,CAAC,kBAAkB,CAAC;QAC1C,MAAM,+BAA+B,GAAG,yBAAyB,CAChE,YAAY,EAAE,uBAAuB,CACrC;YACA,CAAC,CAAC,YAAY,EAAE,uBAAuB;YACvC,CAAC,CAAC,SAAS,CAAC;QACb,IACC,YAAY;YACZ,YAAY,EAAE,uBAAuB;YACrC,CAAC,+BAA+B,EAC/B,CAAC;YACF,MAAM,CAAC,IAAI,CACV,iDAAiD,aAAa,6CAA6C,CAC3G,CAAC;QACH,CAAC;QACD,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC;YACpC,gBAAgB,EAAE,wBAAwB;YAC1C,UAAU,EAAE,kBAAkB;YAC9B,UAAU,EAAE,kBAAkB;YAC9B,YAAY;SACZ,CAAC,CAAC;QACH,MAAM,eAAe,GAAG,cAAc,KAAK,+BAA+B,CAAC;QAC3E,MAAM,WAAW,GAAG,iBAAiB,KAAK,WAAW,CAAC;QACtD,MAAM,aAAa,GAAG,gBAAgB,KAAK,aAAa,CAAC;QACzD,MAAM,kBAAkB,GACvB,WAAW,IAAI,aAAa,IAAI,CAAC,WAAW,IAAI,aAAa,IAAI,eAAe,CAAC,CAAC;QAEnF,yDAAyD;QACzD,IAAI,CAAC,WAAW,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,CAAC,KAAK,CACX,uDAAuD,aAAa,EAAE,CACtE,CAAC;YACF,OAAO,CAAC,IAAI,EAAE,CAAC;YACf,OAAO,GAAG,IAAI,CAAC;YACf,aAAa,GAAG,KAAK,CAAC;YACtB,iBAAiB,GAAG,IAAI,CAAC;YACzB,cAAc,GAAG,SAAS,CAAC;YAC3B,gBAAgB,GAAG,EAAE,CAAC;YACtB,OAAO;QACR,CAAC;QAED,IAAI,kBAAkB,IAAI,OAAO,EAAE,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,uCAAuC,aAAa,EAAE,EAAE;gBACpE,WAAW;gBACX,aAAa;gBACb,eAAe;aACf,CAAC,CAAC;YACH,OAAO,CAAC,IAAI,EAAE,CAAC;YACf,OAAO,GAAG,IAAI,CAAC;YACf,aAAa,GAAG,KAAK,CAAC;QACvB,CAAC;QAED,6FAA6F;QAC7F,IAAI,WAAW,IAAI,CAAC,aAAa,EAAE,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,qCAAqC,aAAa,EAAE,EAAE;gBAClE,gBAAgB,EAAE,wBAAwB;gBAC1C,UAAU,EAAE,kBAAkB;gBAC9B,UAAU,EAAE,kBAAkB;gBAC9B,iBAAiB,EAAE,CAAC,CAAC,+BAA+B;gBACpD,YAAY,EAAE,CAAC,CAAC,WAAW;aAC3B,CAAC,CAAC;YAEH,kEAAkE;YAClE,OAAO,GAAG,IAAI,eAAe,CAAC;gBAC7B,gBAAgB,EAAE,wBAAwB;gBAC1C,uBAAuB,EAAE,+BAA+B;gBACxD,UAAU,EAAE,kBAAkB;gBAC9B,iBAAiB,EAAE,kBAAkB;gBACrC,aAAa,EAAE,uBAAuB;gBACtC,KAAK,EAAE,YAAY;aACnB,CAAC,CAAC;YAEH,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAC3B,aAAa,GAAG,IAAI,CAAC;YACrB,iBAAiB,GAAG,WAAW,CAAC;YAChC,cAAc,GAAG,+BAA+B,CAAC;YACjD,gBAAgB,GAAG,aAAa,CAAC;YACjC,MAAM,CAAC,IAAI,CACV,qCAAqC,aAAa,EAAE;gBACnD,CAAC,wBAAwB;oBACxB,CAAC,CAAC,+BAA+B;wBAChC,CAAC,CAAC,yCAAyC;wBAC3C,CAAC,CAAC,4BAA4B;oBAC/B,CAAC,CAAC,eAAe,CAAC,CACpB,CAAC;QACH,CAAC;IACF,CAAC,CAAC,CAAC;IAEH,+BAA+B;IAC/B,SAAS,CAAC,GAAG,EAAE;QACd,IAAI,OAAO,EAAE,CAAC;YACb,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACjC,MAAM,CAAC,KAAK,CACX,yCAAyC,aAAa,GAAG,EACzD,KAAK,CACL,CAAC;YACF,OAAO,CAAC,IAAI,EAAE,CAAC;YACf,OAAO,GAAG,IAAI,CAAC;YACf,aAAa,GAAG,KAAK,CAAC;YACtB,iBAAiB,GAAG,IAAI,CAAC;YACzB,cAAc,GAAG,SAAS,CAAC;YAC3B,gBAAgB,GAAG,EAAE,CAAC;QACvB,CAAC;IACF,CAAC,CAAC,CAAC;IAEH,0BAA0B;IAC1B,OAAO;QACN;;WAEG;QACH,IAAI,QAAQ;YACX,OAAO,OAAO,CAAC;QAChB,CAAC;QAED;;WAEG;QACH,QAAQ;YACP,OAAO,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QACzE,CAAC;QAED;;WAEG;QACH,IAAI,QAAQ;YACX,OAAO,aAAa,IAAI,OAAO,KAAK,IAAI,CAAC;QAC1C,CAAC;KACD,CAAC;AACH,CAAC"}
+{"version":3,"file":"use-resource-monitor.svelte.js","sourceRoot":"","sources":["../../src/pie/use-resource-monitor.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AAE5C,OAAO,EAAE,yBAAyB,EAAE,MAAM,uCAAuC,CAAC;AAClF,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD,gEAAgE;AAChE,MAAM,uBAAuB,GAAG,IAAI,CAAC;AAErC;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CACjC,cAAwC,EACxC,eAAmC,EACnC,eAA8B,EAC9B,gBAAwB,YAAY;IAEpC,MAAM,MAAM,GAAG,eAAe,CAAC,sBAAsB,EAAE,eAAe,CAAC,CAAC;IAExE,IAAI,OAAO,GAAG,MAAM,CAAyB,IAAI,CAAC,CAAC;IACnD,IAAI,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,iBAAiB,GAAG,MAAM,CAAqB,IAAI,CAAC,CAAC;IACzD,IAAI,gBAAgB,GAAG,MAAM,CAAS,EAAE,CAAC,CAAC;IAC1C,IAAI,cAAc,GAAG,MAAM,CAC1B,SAAS,CACT,CAAC;IAEF,uDAAuD;IACvD,EAAE;IACF,mEAAmE;IACnE,4DAA4D;IAC5D,qEAAqE;IACrE,oEAAoE;IACpE,iEAAiE;IACjE,sEAAsE;IACtE,uEAAuE;IACvE,2EAA2E;IAC3E,qEAAqE;IACrE,oEAAoE;IACpE,OAAO,CAAC,GAAG,EAAE;QACZ,KAAK,cAAc,EAAE,CAAC;QACtB,KAAK,eAAe,EAAE,CAAC;QACvB,KAAK,eAAe,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,EAAE;YACZ,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;YACrC,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;YACvC,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;YACvC,MAAM,wBAAwB,GAAG,YAAY,EAAE,gBAAgB,IAAI,KAAK,CAAC;YACzE,MAAM,kBAAkB,GACvB,YAAY,EAAE,kBAAkB;gBAChC,qBAAqB,CAAC,kBAAkB,CAAC;YAC1C,MAAM,kBAAkB,GACvB,YAAY,EAAE,kBAAkB;gBAChC,qBAAqB,CAAC,kBAAkB,CAAC;YAC1C,MAAM,+BAA+B,GAAG,yBAAyB,CAChE,YAAY,EAAE,uBAAuB,CACrC;gBACA,CAAC,CAAC,YAAY,EAAE,uBAAuB;gBACvC,CAAC,CAAC,SAAS,CAAC;YACb,IACC,YAAY;gBACZ,YAAY,EAAE,uBAAuB;gBACrC,CAAC,+BAA+B,EAC/B,CAAC;gBACF,MAAM,CAAC,IAAI,CACV,iDAAiD,aAAa,6CAA6C,CAC3G,CAAC;YACH,CAAC;YACD,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC;gBACpC,gBAAgB,EAAE,wBAAwB;gBAC1C,UAAU,EAAE,kBAAkB;gBAC9B,UAAU,EAAE,kBAAkB;gBAC9B,YAAY;aACZ,CAAC,CAAC;YACH,MAAM,eAAe,GAAG,cAAc,KAAK,+BAA+B,CAAC;YAC3E,MAAM,WAAW,GAAG,iBAAiB,KAAK,WAAW,CAAC;YACtD,MAAM,aAAa,GAAG,gBAAgB,KAAK,aAAa,CAAC;YACzD,MAAM,kBAAkB,GACvB,WAAW,IAAI,aAAa,IAAI,CAAC,WAAW,IAAI,aAAa,IAAI,eAAe,CAAC,CAAC;YAEnF,IAAI,CAAC,WAAW,IAAI,OAAO,EAAE,CAAC;gBAC7B,MAAM,CAAC,KAAK,CACX,uDAAuD,aAAa,EAAE,CACtE,CAAC;gBACF,OAAO,CAAC,IAAI,EAAE,CAAC;gBACf,OAAO,GAAG,IAAI,CAAC;gBACf,aAAa,GAAG,KAAK,CAAC;gBACtB,iBAAiB,GAAG,IAAI,CAAC;gBACzB,cAAc,GAAG,SAAS,CAAC;gBAC3B,gBAAgB,GAAG,EAAE,CAAC;gBACtB,OAAO;YACR,CAAC;YAED,IAAI,kBAAkB,IAAI,OAAO,EAAE,CAAC;gBACnC,MAAM,CAAC,KAAK,CAAC,uCAAuC,aAAa,EAAE,EAAE;oBACpE,WAAW;oBACX,aAAa;oBACb,eAAe;iBACf,CAAC,CAAC;gBACH,OAAO,CAAC,IAAI,EAAE,CAAC;gBACf,OAAO,GAAG,IAAI,CAAC;gBACf,aAAa,GAAG,KAAK,CAAC;YACvB,CAAC;YAED,IAAI,WAAW,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnC,MAAM,CAAC,KAAK,CAAC,qCAAqC,aAAa,EAAE,EAAE;oBAClE,gBAAgB,EAAE,wBAAwB;oBAC1C,UAAU,EAAE,kBAAkB;oBAC9B,UAAU,EAAE,kBAAkB;oBAC9B,iBAAiB,EAAE,CAAC,CAAC,+BAA+B;oBACpD,YAAY,EAAE,CAAC,CAAC,WAAW;iBAC3B,CAAC,CAAC;gBAEH,OAAO,GAAG,IAAI,eAAe,CAAC;oBAC7B,gBAAgB,EAAE,wBAAwB;oBAC1C,uBAAuB,EAAE,+BAA+B;oBACxD,UAAU,EAAE,kBAAkB;oBAC9B,iBAAiB,EAAE,kBAAkB;oBACrC,aAAa,EAAE,uBAAuB;oBACtC,KAAK,EAAE,YAAY;iBACnB,CAAC,CAAC;gBAEH,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBAC3B,aAAa,GAAG,IAAI,CAAC;gBACrB,iBAAiB,GAAG,WAAW,CAAC;gBAChC,cAAc,GAAG,+BAA+B,CAAC;gBACjD,gBAAgB,GAAG,aAAa,CAAC;gBACjC,MAAM,CAAC,IAAI,CACV,qCAAqC,aAAa,EAAE;oBACnD,CAAC,wBAAwB;wBACxB,CAAC,CAAC,+BAA+B;4BAChC,CAAC,CAAC,yCAAyC;4BAC3C,CAAC,CAAC,4BAA4B;wBAC/B,CAAC,CAAC,eAAe,CAAC,CACpB,CAAC;YACH,CAAC;QACF,CAAC,CAAC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,+BAA+B;IAC/B,SAAS,CAAC,GAAG,EAAE;QACd,IAAI,OAAO,EAAE,CAAC;YACb,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACjC,MAAM,CAAC,KAAK,CACX,yCAAyC,aAAa,GAAG,EACzD,KAAK,CACL,CAAC;YACF,OAAO,CAAC,IAAI,EAAE,CAAC;YACf,OAAO,GAAG,IAAI,CAAC;YACf,aAAa,GAAG,KAAK,CAAC;YACtB,iBAAiB,GAAG,IAAI,CAAC;YACzB,cAAc,GAAG,SAAS,CAAC;YAC3B,gBAAgB,GAAG,EAAE,CAAC;QACvB,CAAC;IACF,CAAC,CAAC,CAAC;IAEH,0BAA0B;IAC1B,OAAO;QACN;;WAEG;QACH,IAAI,QAAQ;YACX,OAAO,OAAO,CAAC;QAChB,CAAC;QAED;;WAEG;QACH,QAAQ;YACP,OAAO,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QACzE,CAAC;QAED;;WAEG;QACH,IAAI,QAAQ;YACX,OAAO,aAAa,IAAI,OAAO,KAAK,IAAI,CAAC;QAC1C,CAAC;KACD,CAAC;AACH,CAAC"}

package/dist/security/index.d.ts

@@ -0,0 +1,5 @@
+export { buildAuthoringAllowList, createDefaultItemMarkupSanitizer, resetPurifierForTesting, sanitizeItemMarkup, type ItemMarkupSanitizer, type SanitizeItemMarkupOptions, } from "./sanitize-item-markup.js";
+export { parseAllowedStyleOrigins, validateExternalStyleUrl, type StyleUrlValidationError, type StyleUrlValidationOk, type StyleUrlValidationOptions, type StyleUrlValidationResult, } from "./validate-style-url.js";
+export { resetSvgSanitizerForTesting, sanitizeSvgIcon, } from "./sanitize-svg-icon.js";
+export { wrapOverwideImages } from "./wrap-overwide-images.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,uBAAuB,EACvB,gCAAgC,EAChC,uBAAuB,EACvB,kBAAkB,EAClB,KAAK,mBAAmB,EACxB,KAAK,yBAAyB,GAC9B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACN,wBAAwB,EACxB,wBAAwB,EACxB,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,EACzB,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,GAC7B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACN,2BAA2B,EAC3B,eAAe,GACf,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC"}

package/dist/security/index.js

@@ -0,0 +1,5 @@
+export { buildAuthoringAllowList, createDefaultItemMarkupSanitizer, resetPurifierForTesting, sanitizeItemMarkup, } from "./sanitize-item-markup.js";
+export { parseAllowedStyleOrigins, validateExternalStyleUrl, } from "./validate-style-url.js";
+export { resetSvgSanitizerForTesting, sanitizeSvgIcon, } from "./sanitize-svg-icon.js";
+export { wrapOverwideImages } from "./wrap-overwide-images.js";
+//# sourceMappingURL=index.js.map

package/dist/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,uBAAuB,EACvB,gCAAgC,EAChC,uBAAuB,EACvB,kBAAkB,GAGlB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACN,wBAAwB,EACxB,wBAAwB,GAKxB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACN,2BAA2B,EAC3B,eAAe,GACf,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC"}

package/dist/security/sanitize-item-markup.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Default sanitizer for PIE item / passage markup.
+ *
+ * Used by `PieItemPlayer.svelte` to strip scripts, event-handler attributes,
+ * and unknown tags before injecting authored markup via `{@html}`. Hosts can
+ * opt out with the `trust-markup` attribute on the `<pie-*-player>` element,
+ * or supply their own sanitizer function if they need a stricter / looser
+ * allow-list.
+ */
+export type ItemMarkupSanitizer = (markup: string) => string;
+export interface SanitizeItemMarkupOptions {
+    /**
+     * Extra custom-element tag names that should survive sanitization in
+     * addition to the default `pie-*` allow-list. Useful for authoring-mode
+     * tags that rewrite to `pie-*-config` or host-registered extensions.
+     */
+    allowedCustomElements?: string[];
+}
+/**
+ * Sanitize raw item/passage markup before it is injected into the DOM.
+ *
+ * - Strips `<script>`, event-handler attributes, unknown protocols and
+ *   a standard set of dangerous tags (`iframe`, `object`, `embed`, `base`,
+ *   `form`, `meta`, `link`).
+ * - Preserves PIE custom elements (`pie-*`) and any extra tags listed in
+ *   `allowedCustomElements`.
+ * - During SSR (no `window`) returns an empty string so untrusted markup
+ *   never reaches the prerender output; the live renderer will re-run the
+ *   sanitizer on hydrate.
+ */
+export declare function sanitizeItemMarkup(markup: string, options?: SanitizeItemMarkupOptions): string;
+/**
+ * Build the default `ItemMarkupSanitizer` used by the players. The returned
+ * function is stable for a given set of allowed custom elements so callers
+ * can safely use reference equality when deciding whether to re-sanitize.
+ */
+export declare function createDefaultItemMarkupSanitizer(options?: SanitizeItemMarkupOptions): ItemMarkupSanitizer;
+/**
+ * Derive the authoring-mode allow-list (`pie-*-config`) from a set of PIE
+ * element tag names. Used by `transformMarkupForAuthoring` so the sanitizer
+ * keeps the rewritten `-config` tags instead of stripping them.
+ */
+export declare function buildAuthoringAllowList(elementTagNames: Iterable<string>): string[];
+/** Reset the memoised DOMPurify instance. Only intended for tests. */
+export declare function resetPurifierForTesting(): void;
+//# sourceMappingURL=sanitize-item-markup.d.ts.map

package/dist/security/sanitize-item-markup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize-item-markup.d.ts","sourceRoot":"","sources":["../../src/security/sanitize-item-markup.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,MAAM,MAAM,mBAAmB,GAAG,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,CAAC;AAE7D,MAAM,WAAW,yBAAyB;IACzC;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;CACjC;AAgGD;;;;;;;;;;;GAWG;AACH,wBAAgB,kBAAkB,CACjC,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,yBAA8B,GACrC,MAAM,CAiDR;AAED;;;;GAIG;AACH,wBAAgB,gCAAgC,CAC/C,OAAO,GAAE,yBAA8B,GACrC,mBAAmB,CAIrB;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CACtC,eAAe,EAAE,QAAQ,CAAC,MAAM,CAAC,GAC/B,MAAM,EAAE,CASV;AAED,sEAAsE;AACtE,wBAAgB,uBAAuB,SAEtC"}

package/dist/security/sanitize-item-markup.js

@@ -0,0 +1,174 @@
+/**
+ * Default sanitizer for PIE item / passage markup.
+ *
+ * Used by `PieItemPlayer.svelte` to strip scripts, event-handler attributes,
+ * and unknown tags before injecting authored markup via `{@html}`. Hosts can
+ * opt out with the `trust-markup` attribute on the `<pie-*-player>` element,
+ * or supply their own sanitizer function if they need a stricter / looser
+ * allow-list.
+ */
+import DOMPurify from "dompurify";
+import { wrapOverwideImages } from "./wrap-overwide-images.js";
+// Attributes every PIE element / wrapper is allowed to carry.
+const BASE_ALLOWED_ATTRS = [
+    "slot",
+    "role",
+    "tabindex",
+    "id",
+    "class",
+    "style",
+    "href",
+    "src",
+    "alt",
+    "title",
+    "hidden",
+    "disabled",
+    "lang",
+    "dir",
+];
+const BASE_URI_SAFE_ATTRS = ["pie-id"];
+const FORBIDDEN_TAGS = [
+    "script",
+    "iframe",
+    "object",
+    "embed",
+    "base",
+    "form",
+    "meta",
+    "link",
+    // <foreignObject> inside an <svg> is a well-known escape hatch back
+    // into HTML context; match the SVG-icon sanitizer and forbid it here
+    // so both sanitizers agree on the surface.
+    "foreignobject",
+];
+// DOMPurify already strips `on*` handlers via its default block-list;
+// these entries guarantee they stay stripped even if a consumer tweaks
+// defaults, and they cover the common SVG / math sinks.
+const FORBIDDEN_ATTRS = [
+    "onerror",
+    "onload",
+    "onclick",
+    "onmouseover",
+    "onmouseout",
+    "onmouseenter",
+    "onmouseleave",
+    "onfocus",
+    "onblur",
+    "onkeydown",
+    "onkeyup",
+    "onkeypress",
+    "onsubmit",
+    "onchange",
+    "onbeforeunload",
+    "formaction",
+    "xlink:href",
+];
+// Any tag that looks like a custom element (contains a hyphen) is permitted
+// provided it starts with `pie-` or is explicitly named in
+// `allowedCustomElements`. This intentionally keeps third-party unknown
+// custom elements out unless the host opts in.
+const PIE_CUSTOM_ELEMENT_REGEX = /^pie-[a-z0-9-]+$/i;
+// Attribute names that custom elements are allowed to declare. We stay
+// permissive for the PIE element contract (`model-*`, `session-*`, ...) and
+// the standard `data-*` / `aria-*` families.
+const CUSTOM_ELEMENT_ATTR_REGEX = /^(id|class|style|slot|role|tabindex|hidden|disabled|lang|dir|data-[\w-]+|aria-[\w-]+|pie-[\w-]+|model-[\w-]+|session-[\w-]+|config-[\w-]+|context-[\w-]+)$/i;
+let purifierInstance = null;
+function resolvePurifier() {
+    if (purifierInstance)
+        return purifierInstance;
+    if (typeof window === "undefined" || !window.document)
+        return null;
+    // DOMPurify's default export is both the instance and the factory.
+    // Calling it with a window binds the instance to that document.
+    const factory = DOMPurify;
+    purifierInstance =
+        typeof factory === "function"
+            ? factory(window)
+            : DOMPurify;
+    return purifierInstance;
+}
+/**
+ * Sanitize raw item/passage markup before it is injected into the DOM.
+ *
+ * - Strips `<script>`, event-handler attributes, unknown protocols and
+ *   a standard set of dangerous tags (`iframe`, `object`, `embed`, `base`,
+ *   `form`, `meta`, `link`).
+ * - Preserves PIE custom elements (`pie-*`) and any extra tags listed in
+ *   `allowedCustomElements`.
+ * - During SSR (no `window`) returns an empty string so untrusted markup
+ *   never reaches the prerender output; the live renderer will re-run the
+ *   sanitizer on hydrate.
+ */
+export function sanitizeItemMarkup(markup, options = {}) {
+    if (!markup)
+        return "";
+    const purifier = resolvePurifier();
+    if (!purifier)
+        return "";
+    const allowedCustomElements = (options.allowedCustomElements ?? []).map((name) => name.toLowerCase());
+    const explicitCustomElementSet = new Set(allowedCustomElements);
+    const result = purifier.sanitize(markup, {
+        ADD_TAGS: allowedCustomElements,
+        ADD_ATTR: BASE_ALLOWED_ATTRS,
+        ADD_URI_SAFE_ATTR: BASE_URI_SAFE_ATTRS,
+        FORBID_TAGS: FORBIDDEN_TAGS,
+        FORBID_ATTR: FORBIDDEN_ATTRS,
+        ALLOW_UNKNOWN_PROTOCOLS: false,
+        SANITIZE_DOM: true,
+        // pie-item contract compatibility: PIE models are matched to DOM
+        // elements via strict `id` equality (see `updateSinglePieElement`
+        // in players-shared/src/pie/updates.ts). `SANITIZE_NAMED_PROPS`
+        // would prefix every `id`/`name` with `user-content-`, which silently
+        // breaks model lookup for every item. `SANITIZE_DOM: true` above
+        // still provides the core DOM-clobbering defenses we rely on.
+        SANITIZE_NAMED_PROPS: false,
+        WHOLE_DOCUMENT: false,
+        ALLOW_DATA_ATTR: true,
+        ALLOW_ARIA_ATTR: true,
+        CUSTOM_ELEMENT_HANDLING: {
+            tagNameCheck: (tagName) => {
+                const lower = tagName.toLowerCase();
+                return (PIE_CUSTOM_ELEMENT_REGEX.test(lower) ||
+                    explicitCustomElementSet.has(lower));
+            },
+            attributeNameCheck: (attrName) => CUSTOM_ELEMENT_ATTR_REGEX.test(attrName),
+            allowCustomizedBuiltInElements: false,
+        },
+        RETURN_TRUSTED_TYPE: false,
+    });
+    const sanitized = typeof result === "string" ? result : String(result ?? "");
+    // PIE-94: wrap overwide authored images in a horizontal-scroll container
+    // so they don't get clipped by ancestor `overflow-x: hidden` regions in
+    // the section player (and match WCAG 1.4.10 Reflow at 400% zoom).
+    return wrapOverwideImages(sanitized);
+}
+/**
+ * Build the default `ItemMarkupSanitizer` used by the players. The returned
+ * function is stable for a given set of allowed custom elements so callers
+ * can safely use reference equality when deciding whether to re-sanitize.
+ */
+export function createDefaultItemMarkupSanitizer(options = {}) {
+    const { allowedCustomElements } = options;
+    return (markup) => sanitizeItemMarkup(markup, { allowedCustomElements });
+}
+/**
+ * Derive the authoring-mode allow-list (`pie-*-config`) from a set of PIE
+ * element tag names. Used by `transformMarkupForAuthoring` so the sanitizer
+ * keeps the rewritten `-config` tags instead of stripping them.
+ */
+export function buildAuthoringAllowList(elementTagNames) {
+    const out = new Set();
+    for (const tag of elementTagNames) {
+        if (!tag)
+            continue;
+        const lower = tag.toLowerCase();
+        out.add(lower);
+        out.add(`${lower}-config`);
+    }
+    return [...out];
+}
+/** Reset the memoised DOMPurify instance. Only intended for tests. */
+export function resetPurifierForTesting() {
+    purifierInstance = null;
+}
+//# sourceMappingURL=sanitize-item-markup.js.map

package/dist/security/sanitize-item-markup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize-item-markup.js","sourceRoot":"","sources":["../../src/security/sanitize-item-markup.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAa/D,8DAA8D;AAC9D,MAAM,kBAAkB,GAAG;IAC1B,MAAM;IACN,MAAM;IACN,UAAU;IACV,IAAI;IACJ,OAAO;IACP,OAAO;IACP,MAAM;IACN,KAAK;IACL,KAAK;IACL,OAAO;IACP,QAAQ;IACR,UAAU;IACV,MAAM;IACN,KAAK;CACL,CAAC;AAEF,MAAM,mBAAmB,GAAG,CAAC,QAAQ,CAAC,CAAC;AAEvC,MAAM,cAAc,GAAG;IACtB,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,oEAAoE;IACpE,qEAAqE;IACrE,2CAA2C;IAC3C,eAAe;CACf,CAAC;AAEF,sEAAsE;AACtE,uEAAuE;AACvE,wDAAwD;AACxD,MAAM,eAAe,GAAG;IACvB,SAAS;IACT,QAAQ;IACR,SAAS;IACT,aAAa;IACb,YAAY;IACZ,cAAc;IACd,cAAc;IACd,SAAS;IACT,QAAQ;IACR,WAAW;IACX,SAAS;IACT,YAAY;IACZ,UAAU;IACV,UAAU;IACV,gBAAgB;IAChB,YAAY;IACZ,YAAY;CACZ,CAAC;AAEF,4EAA4E;AAC5E,2DAA2D;AAC3D,wEAAwE;AACxE,+CAA+C;AAC/C,MAAM,wBAAwB,GAAG,mBAAmB,CAAC;AAErD,uEAAuE;AACvE,4EAA4E;AAC5E,6CAA6C;AAC7C,MAAM,yBAAyB,GAC9B,6JAA6J,CAAC;AAS/J,IAAI,gBAAgB,GAA6B,IAAI,CAAC;AAEtD,SAAS,eAAe;IACvB,IAAI,gBAAgB;QAAE,OAAO,gBAAgB,CAAC;IAC9C,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IACnE,mEAAmE;IACnE,gEAAgE;IAChE,MAAM,OAAO,GAAG,SAEM,CAAC;IACvB,gBAAgB;QACf,OAAO,OAAO,KAAK,UAAU;YAC5B,CAAC,CAAC,OAAO,CAAC,MAAoC,CAAC;YAC/C,CAAC,CAAE,SAA0C,CAAC;IAChD,OAAO,gBAAgB,CAAC;AACzB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,kBAAkB,CACjC,MAAc,EACd,UAAqC,EAAE;IAEvC,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IACvB,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IAEzB,MAAM,qBAAqB,GAAG,CAAC,OAAO,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC,GAAG,CACtE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAC5B,CAAC;IACF,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAEhE,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE;QACxC,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,kBAAkB;QAC5B,iBAAiB,EAAE,mBAAmB;QACtC,WAAW,EAAE,cAAc;QAC3B,WAAW,EAAE,eAAe;QAC5B,uBAAuB,EAAE,KAAK;QAC9B,YAAY,EAAE,IAAI;QAClB,iEAAiE;QACjE,kEAAkE;QAClE,gEAAgE;QAChE,sEAAsE;QACtE,iEAAiE;QACjE,8DAA8D;QAC9D,oBAAoB,EAAE,KAAK;QAC3B,cAAc,EAAE,KAAK;QACrB,eAAe,EAAE,IAAI;QACrB,eAAe,EAAE,IAAI;QACrB,uBAAuB,EAAE;YACxB,YAAY,EAAE,CAAC,OAAe,EAAE,EAAE;gBACjC,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;gBACpC,OAAO,CACN,wBAAwB,CAAC,IAAI,CAAC,KAAK,CAAC;oBACpC,wBAAwB,CAAC,GAAG,CAAC,KAAK,CAAC,CACnC,CAAC;YACH,CAAC;YACD,kBAAkB,EAAE,CAAC,QAAgB,EAAE,EAAE,CACxC,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC;YACzC,8BAA8B,EAAE,KAAK;SACrC;QACD,mBAAmB,EAAE,KAAK;KAC1B,CAAC,CAAC;IAEH,MAAM,SAAS,GACd,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IAC5D,yEAAyE;IACzE,wEAAwE;IACxE,kEAAkE;IAClE,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;AACtC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gCAAgC,CAC/C,UAAqC,EAAE;IAEvC,MAAM,EAAE,qBAAqB,EAAE,GAAG,OAAO,CAAC;IAC1C,OAAO,CAAC,MAAc,EAAE,EAAE,CACzB,kBAAkB,CAAC,MAAM,EAAE,EAAE,qBAAqB,EAAE,CAAC,CAAC;AACxD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CACtC,eAAiC;IAEjC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACnC,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAChC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACf,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;IAC5B,CAAC;IACD,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;AACjB,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,uBAAuB;IACtC,gBAAgB,GAAG,IAAI,CAAC;AACzB,CAAC"}

package/dist/security/sanitize-svg-icon.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Sanitize an SVG string intended to be rendered as an icon.
+ *
+ * Used by toolbars and tool-button components when their icon prop is an
+ * inline SVG supplied by a tool configuration. Runs DOMPurify with the
+ * SVG profile, forbids `<script>` / `<foreignObject>` and strips
+ * event-handler attributes.
+ *
+ * Returns an empty string when `window` / `document` are unavailable (SSR)
+ * or the input is not a string.
+ */
+export declare function sanitizeSvgIcon(icon: unknown): string;
+/** Reset sanitizer state. Intended for tests. */
+export declare function resetSvgSanitizerForTesting(): void;
+//# sourceMappingURL=sanitize-svg-icon.d.ts.map

package/dist/security/sanitize-svg-icon.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize-svg-icon.d.ts","sourceRoot":"","sources":["../../src/security/sanitize-svg-icon.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAwDH,wBAAgB,eAAe,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,CA2BrD;AAED,iDAAiD;AACjD,wBAAgB,2BAA2B,SAG1C"}

package/dist/security/sanitize-svg-icon.js

@@ -0,0 +1,89 @@
+/**
+ * Sanitize an SVG string intended to be rendered as an icon.
+ *
+ * Used by toolbars and tool-button components when their icon prop is an
+ * inline SVG supplied by a tool configuration. Runs DOMPurify with the
+ * SVG profile, forbids `<script>` / `<foreignObject>` and strips
+ * event-handler attributes.
+ *
+ * Returns an empty string when `window` / `document` are unavailable (SSR)
+ * or the input is not a string.
+ */
+import DOMPurify from "dompurify";
+let svgPurifierInstance = null;
+function resolveSvgPurifier() {
+    if (svgPurifierInstance)
+        return svgPurifierInstance;
+    if (typeof window === "undefined" || !window.document)
+        return null;
+    const factory = DOMPurify;
+    svgPurifierInstance =
+        typeof factory === "function"
+            ? factory(window)
+            : DOMPurify;
+    return svgPurifierInstance;
+}
+const FORBIDDEN_TAGS = [
+    "script",
+    "foreignobject",
+    "iframe",
+    "object",
+    "embed",
+    "base",
+    "form",
+];
+const FORBIDDEN_ATTRS = [
+    "onerror",
+    "onload",
+    "onclick",
+    "onmouseover",
+    "onmouseout",
+    "onmouseenter",
+    "onmouseleave",
+    "onfocus",
+    "onblur",
+    "onkeydown",
+    "onkeyup",
+    "onkeypress",
+    "formaction",
+    "xlink:href",
+];
+const stringCache = new Map();
+const STRING_CACHE_MAX = 64;
+export function sanitizeSvgIcon(icon) {
+    if (typeof icon !== "string" || icon.length === 0)
+        return "";
+    const trimmed = icon.trimStart();
+    if (!trimmed.toLowerCase().startsWith("<svg"))
+        return "";
+    const cached = stringCache.get(icon);
+    if (cached !== undefined)
+        return cached;
+    const purifier = resolveSvgPurifier();
+    if (!purifier)
+        return "";
+    const result = purifier.sanitize(icon, {
+        USE_PROFILES: { svg: true, svgFilters: true },
+        FORBID_TAGS: FORBIDDEN_TAGS,
+        FORBID_ATTR: FORBIDDEN_ATTRS,
+        ALLOW_UNKNOWN_PROTOCOLS: false,
+        RETURN_TRUSTED_TYPE: false,
+    });
+    const str = typeof result === "string" ? result : String(result ?? "");
+    if (stringCache.size >= STRING_CACHE_MAX) {
+        // Naive LRU: clear oldest half when the cache fills up. Tool icons are
+        // a small fixed set per assessment so this is rarely hit.
+        const keys = [...stringCache.keys()];
+        for (let i = 0; i < keys.length / 2; i += 1) {
+            stringCache.delete(keys[i]);
+        }
+    }
+    stringCache.set(icon, str);
+    return str;
+}
+/** Reset sanitizer state. Intended for tests. */
+export function resetSvgSanitizerForTesting() {
+    svgPurifierInstance = null;
+    stringCache.clear();
+}
+//# sourceMappingURL=sanitize-svg-icon.js.map

package/dist/security/sanitize-svg-icon.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize-svg-icon.js","sourceRoot":"","sources":["../../src/security/sanitize-svg-icon.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,SAAS,MAAM,WAAW,CAAC;AASlC,IAAI,mBAAmB,GAA6B,IAAI,CAAC;AAEzD,SAAS,kBAAkB;IAC1B,IAAI,mBAAmB;QAAE,OAAO,mBAAmB,CAAC;IACpD,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IACnE,MAAM,OAAO,GAAG,SAEM,CAAC;IACvB,mBAAmB;QAClB,OAAO,OAAO,KAAK,UAAU;YAC5B,CAAC,CAAC,OAAO,CAAC,MAAoC,CAAC;YAC/C,CAAC,CAAE,SAA0C,CAAC;IAChD,OAAO,mBAAmB,CAAC;AAC5B,CAAC;AAED,MAAM,cAAc,GAAG;IACtB,QAAQ;IACR,eAAe;IACf,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,MAAM;IACN,MAAM;CACN,CAAC;AAEF,MAAM,eAAe,GAAG;IACvB,SAAS;IACT,QAAQ;IACR,SAAS;IACT,aAAa;IACb,YAAY;IACZ,cAAc;IACd,cAAc;IACd,SAAS;IACT,QAAQ;IACR,WAAW;IACX,SAAS;IACT,YAAY;IACZ,YAAY;IACZ,YAAY;CACZ,CAAC;AAEF,MAAM,WAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,EAAE,CAAC;AAE5B,MAAM,UAAU,eAAe,CAAC,IAAa;IAC5C,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;IACjC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC;IACzD,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACrC,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IAExC,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IACtC,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IACzB,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;QACtC,YAAY,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;QAC7C,WAAW,EAAE,cAAc;QAC3B,WAAW,EAAE,eAAe;QAC5B,uBAAuB,EAAE,KAAK;QAC9B,mBAAmB,EAAE,KAAK;KAC1B,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IACvE,IAAI,WAAW,CAAC,IAAI,IAAI,gBAAgB,EAAE,CAAC;QAC1C,uEAAuE;QACvE,0DAA0D;QAC1D,MAAM,IAAI,GAAG,CAAC,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;QACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7C,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;IACF,CAAC;IACD,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,OAAO,GAAG,CAAC;AACZ,CAAC;AAED,iDAAiD;AACjD,MAAM,UAAU,2BAA2B;IAC1C,mBAAmB,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,KAAK,EAAE,CAAC;AACrB,CAAC"}

package/dist/security/validate-style-url.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Validate that an external stylesheet URL supplied via
+ * `<pie-item-player external-style-urls="...">` (or the
+ * `itemConfig.resources.stylesheets[*].url` path) is safe to load.
+ *
+ * - Only `http:` / `https:` are allowed; `javascript:`, `data:`, `file:`
+ *   and custom schemes are rejected.
+ * - When `allowedOrigins` is non-empty, the URL's origin must match one
+ *   of the listed origins. This lets hosts restrict style loading to a
+ *   known CDN allow-list.
+ */
+export type StyleUrlValidationOk = {
+    ok: true;
+    resolvedUrl: URL;
+};
+export type StyleUrlValidationError = {
+    ok: false;
+    reason: "invalid-url" | "disallowed-protocol" | "disallowed-origin";
+    message: string;
+};
+export type StyleUrlValidationResult = StyleUrlValidationOk | StyleUrlValidationError;
+export interface StyleUrlValidationOptions {
+    baseUrl?: string;
+    allowedOrigins?: string[];
+}
+export declare function validateExternalStyleUrl(url: unknown, options?: StyleUrlValidationOptions): StyleUrlValidationResult;
+export declare function parseAllowedStyleOrigins(raw: unknown): string[];
+//# sourceMappingURL=validate-style-url.d.ts.map

package/dist/security/validate-style-url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-style-url.d.ts","sourceRoot":"","sources":["../../src/security/validate-style-url.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,MAAM,oBAAoB,GAAG;IAClC,EAAE,EAAE,IAAI,CAAC;IACT,WAAW,EAAE,GAAG,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACrC,EAAE,EAAE,KAAK,CAAC;IACV,MAAM,EAAE,aAAa,GAAG,qBAAqB,GAAG,mBAAmB,CAAC;IACpE,OAAO,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GACjC,oBAAoB,GACpB,uBAAuB,CAAC;AAE3B,MAAM,WAAW,yBAAyB;IACzC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,wBAAgB,wBAAwB,CACvC,GAAG,EAAE,OAAO,EACZ,OAAO,GAAE,yBAA8B,GACrC,wBAAwB,CAoC1B;AAED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,EAAE,CAM/D"}

package/dist/security/validate-style-url.js

@@ -0,0 +1,58 @@
+/**
+ * Validate that an external stylesheet URL supplied via
+ * `<pie-item-player external-style-urls="...">` (or the
+ * `itemConfig.resources.stylesheets[*].url` path) is safe to load.
+ *
+ * - Only `http:` / `https:` are allowed; `javascript:`, `data:`, `file:`
+ *   and custom schemes are rejected.
+ * - When `allowedOrigins` is non-empty, the URL's origin must match one
+ *   of the listed origins. This lets hosts restrict style loading to a
+ *   known CDN allow-list.
+ */
+export function validateExternalStyleUrl(url, options = {}) {
+    if (typeof url !== "string" || url.length === 0) {
+        return {
+            ok: false,
+            reason: "invalid-url",
+            message: "External stylesheet URL must be a non-empty string.",
+        };
+    }
+    let resolvedUrl;
+    try {
+        resolvedUrl = options.baseUrl
+            ? new URL(url, options.baseUrl)
+            : new URL(url);
+    }
+    catch (err) {
+        return {
+            ok: false,
+            reason: "invalid-url",
+            message: `External stylesheet URL could not be parsed: ${String(err)}`,
+        };
+    }
+    if (resolvedUrl.protocol !== "http:" && resolvedUrl.protocol !== "https:") {
+        return {
+            ok: false,
+            reason: "disallowed-protocol",
+            message: `External stylesheet protocol ${resolvedUrl.protocol} is not allowed (only http/https).`,
+        };
+    }
+    const allowed = options.allowedOrigins ?? [];
+    if (allowed.length > 0 && !allowed.includes(resolvedUrl.origin)) {
+        return {
+            ok: false,
+            reason: "disallowed-origin",
+            message: `External stylesheet origin ${resolvedUrl.origin} is not in the configured allow-list.`,
+        };
+    }
+    return { ok: true, resolvedUrl };
+}
+export function parseAllowedStyleOrigins(raw) {
+    if (typeof raw !== "string" || raw.length === 0)
+        return [];
+    return raw
+        .split(",")
+        .map((entry) => entry.trim())
+        .filter((entry) => entry.length > 0);
+}
+//# sourceMappingURL=validate-style-url.js.map

package/dist/security/validate-style-url.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-style-url.js","sourceRoot":"","sources":["../../src/security/validate-style-url.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAsBH,MAAM,UAAU,wBAAwB,CACvC,GAAY,EACZ,UAAqC,EAAE;IAEvC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO;YACN,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,aAAa;YACrB,OAAO,EAAE,qDAAqD;SAC9D,CAAC;IACH,CAAC;IACD,IAAI,WAAgB,CAAC;IACrB,IAAI,CAAC;QACJ,WAAW,GAAG,OAAO,CAAC,OAAO;YAC5B,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC;YAC/B,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,OAAO;YACN,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,aAAa;YACrB,OAAO,EAAE,gDAAgD,MAAM,CAAC,GAAG,CAAC,EAAE;SACtE,CAAC;IACH,CAAC;IACD,IAAI,WAAW,CAAC,QAAQ,KAAK,OAAO,IAAI,WAAW,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC3E,OAAO;YACN,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,qBAAqB;YAC7B,OAAO,EAAE,gCAAgC,WAAW,CAAC,QAAQ,oCAAoC;SACjG,CAAC;IACH,CAAC;IACD,MAAM,OAAO,GAAG,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC;IAC7C,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;QACjE,OAAO;YACN,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,mBAAmB;YAC3B,OAAO,EAAE,8BAA8B,WAAW,CAAC,MAAM,uCAAuC;SAChG,CAAC;IACH,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,GAAY;IACpD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC3D,OAAO,GAAG;SACR,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACvC,CAAC"}

package/dist/security/wrap-overwide-images.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Wraps authored `<img>` elements with a horizontally scrollable container so
+ * images that are wider than their column surface a scrollbar instead of being
+ * clipped by ancestor `overflow-x: hidden` regions (PIE-94).
+ *
+ * The wrapper is rendered as
+ * `<span class="pie-image-scroll" tabindex="0" role="region" aria-label="...">`
+ * and receives the accompanying CSS from `@pie-players/pie-theme`. The CSS uses
+ * `overflow-x: auto` so small images stay visually unchanged: a scrollbar only
+ * appears when the image's intrinsic width exceeds the wrapper's available
+ * space (including at higher browser-zoom levels, which is the original driver
+ * for this change — WCAG 1.4.10 Reflow at 400% zoom).
+ *
+ * This helper runs as a post-sanitization step inside `sanitizeItemMarkup`, so
+ * every host that renders authored markup through the shared
+ * `pie-item-player` (including the section player) benefits uniformly.
+ */
+/**
+ * Wrap `<img>` elements in `markup` with a horizontal-scroll container.
+ *
+ * - No-ops on empty input.
+ * - No-ops during SSR (no `window` / `DOMParser`) — the markup is returned
+ *   unchanged; the browser re-run on hydrate will perform the wrap.
+ * - Idempotent: images whose direct parent already carries the
+ *   `pie-image-scroll` class are left alone.
+ * - Leaves images inside PIE custom elements (`<pie-*>`) alone. Those are
+ *   rendered by the element's own template / shadow DOM and should not be
+ *   restructured by the authored-markup pipeline.
+ */
+export declare function wrapOverwideImages(markup: string): string;
+//# sourceMappingURL=wrap-overwide-images.d.ts.map

package/dist/security/wrap-overwide-images.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wrap-overwide-images.d.ts","sourceRoot":"","sources":["../../src/security/wrap-overwide-images.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAyBH;;;;;;;;;;;GAWG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAqDzD"}

package/dist/security/wrap-overwide-images.js

@@ -0,0 +1,92 @@
+/**
+ * Wraps authored `<img>` elements with a horizontally scrollable container so
+ * images that are wider than their column surface a scrollbar instead of being
+ * clipped by ancestor `overflow-x: hidden` regions (PIE-94).
+ *
+ * The wrapper is rendered as
+ * `<span class="pie-image-scroll" tabindex="0" role="region" aria-label="...">`
+ * and receives the accompanying CSS from `@pie-players/pie-theme`. The CSS uses
+ * `overflow-x: auto` so small images stay visually unchanged: a scrollbar only
+ * appears when the image's intrinsic width exceeds the wrapper's available
+ * space (including at higher browser-zoom levels, which is the original driver
+ * for this change — WCAG 1.4.10 Reflow at 400% zoom).
+ *
+ * This helper runs as a post-sanitization step inside `sanitizeItemMarkup`, so
+ * every host that renders authored markup through the shared
+ * `pie-item-player` (including the section player) benefits uniformly.
+ */
+const PIE_CUSTOM_ELEMENT_TAG_REGEX = /^pie-/i;
+const SCROLL_WRAPPER_CLASS = "pie-image-scroll";
+function isInsidePieCustomElement(image, root) {
+    let ancestor = image.parentElement;
+    while (ancestor && ancestor !== root) {
+        if (PIE_CUSTOM_ELEMENT_TAG_REGEX.test(ancestor.tagName)) {
+            return true;
+        }
+        ancestor = ancestor.parentElement;
+    }
+    return false;
+}
+function buildAriaLabel(image) {
+    const alt = image.getAttribute("alt");
+    const trimmed = alt ? alt.trim() : "";
+    return trimmed ? `Scrollable image: ${trimmed}` : "Scrollable image";
+}
+/**
+ * Wrap `<img>` elements in `markup` with a horizontal-scroll container.
+ *
+ * - No-ops on empty input.
+ * - No-ops during SSR (no `window` / `DOMParser`) — the markup is returned
+ *   unchanged; the browser re-run on hydrate will perform the wrap.
+ * - Idempotent: images whose direct parent already carries the
+ *   `pie-image-scroll` class are left alone.
+ * - Leaves images inside PIE custom elements (`<pie-*>`) alone. Those are
+ *   rendered by the element's own template / shadow DOM and should not be
+ *   restructured by the authored-markup pipeline.
+ */
+export function wrapOverwideImages(markup) {
+    if (!markup)
+        return "";
+    // Fast path: avoid the DOM round-trip entirely when the markup carries no
+    // images. Keeps the sanitize pipeline cheap for the common case.
+    if (!/<img\b/i.test(markup))
+        return markup;
+    if (typeof window === "undefined" || !window.document)
+        return markup;
+    const ParserCtor = typeof DOMParser !== "undefined"
+        ? DOMParser
+        : window.DOMParser;
+    if (!ParserCtor)
+        return markup;
+    const doc = new ParserCtor().parseFromString(`<!DOCTYPE html><html><body>${markup}</body></html>`, "text/html");
+    const body = doc.body;
+    if (!body)
+        return markup;
+    const images = Array.from(body.querySelectorAll("img"));
+    if (images.length === 0)
+        return markup;
+    let mutated = false;
+    for (const image of images) {
+        const parent = image.parentElement;
+        if (!parent)
+            continue;
+        // Idempotency — already wrapped.
+        if (parent.classList &&
+            parent.classList.contains(SCROLL_WRAPPER_CLASS)) {
+            continue;
+        }
+        // Leave PIE custom-element internals alone.
+        if (isInsidePieCustomElement(image, body))
+            continue;
+        const wrapper = doc.createElement("span");
+        wrapper.className = SCROLL_WRAPPER_CLASS;
+        wrapper.setAttribute("tabindex", "0");
+        wrapper.setAttribute("role", "region");
+        wrapper.setAttribute("aria-label", buildAriaLabel(image));
+        parent.insertBefore(wrapper, image);
+        wrapper.appendChild(image);
+        mutated = true;
+    }
+    return mutated ? body.innerHTML : markup;
+}
+//# sourceMappingURL=wrap-overwide-images.js.map

package/dist/security/wrap-overwide-images.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wrap-overwide-images.js","sourceRoot":"","sources":["../../src/security/wrap-overwide-images.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,MAAM,4BAA4B,GAAG,QAAQ,CAAC;AAC9C,MAAM,oBAAoB,GAAG,kBAAkB,CAAC;AAEhD,SAAS,wBAAwB,CAChC,KAAc,EACd,IAAa;IAEb,IAAI,QAAQ,GAAmB,KAAK,CAAC,aAAa,CAAC;IACnD,OAAO,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtC,IAAI,4BAA4B,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACzD,OAAO,IAAI,CAAC;QACb,CAAC;QACD,QAAQ,GAAG,QAAQ,CAAC,aAAa,CAAC;IACnC,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACrC,MAAM,GAAG,GAAG,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACtC,OAAO,OAAO,CAAC,CAAC,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAC,CAAC,kBAAkB,CAAC;AACtE,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAc;IAChD,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IAEvB,0EAA0E;IAC1E,iEAAiE;IACjE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAE3C,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,MAAM,CAAC;IAErE,MAAM,UAAU,GACf,OAAO,SAAS,KAAK,WAAW;QAC/B,CAAC,CAAC,SAAS;QACX,CAAC,CAAE,MAAsD,CAAC,SAAS,CAAC;IACtE,IAAI,CAAC,UAAU;QAAE,OAAO,MAAM,CAAC;IAE/B,MAAM,GAAG,GAAG,IAAI,UAAU,EAAE,CAAC,eAAe,CAC3C,8BAA8B,MAAM,gBAAgB,EACpD,WAAW,CACX,CAAC;IACF,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;IACtB,IAAI,CAAC,IAAI;QAAE,OAAO,MAAM,CAAC;IAEzB,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC;IACxD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC;IAEvC,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,aAAa,CAAC;QACnC,IAAI,CAAC,MAAM;YAAE,SAAS;QAEtB,iCAAiC;QACjC,IACC,MAAM,CAAC,SAAS;YAChB,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAC9C,CAAC;YACF,SAAS;QACV,CAAC;QAED,4CAA4C;QAC5C,IAAI,wBAAwB,CAAC,KAAK,EAAE,IAAI,CAAC;YAAE,SAAS;QAEpD,MAAM,OAAO,GAAG,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAC1C,OAAO,CAAC,SAAS,GAAG,oBAAoB,CAAC;QACzC,OAAO,CAAC,YAAY,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QACtC,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACvC,OAAO,CAAC,YAAY,CAAC,YAAY,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;QAE1D,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACpC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO,GAAG,IAAI,CAAC;IAChB,CAAC;IAED,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC;AAC1C,CAAC"}

package/dist/server/npm-registry.d.ts

@@ -0,0 +1,8 @@
+type NpmFetch = (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>;
+/**
+ * Server-only helper for npm package version lookups.
+ * Do not import this module from browser-executed code.
+ */
+export declare const getNpmPackageVersions: (element: string, fetch: NpmFetch, filter?: (v: string) => boolean, limit?: number, searchTerm?: string) => Promise<string[]>;
+export {};
+//# sourceMappingURL=npm-registry.d.ts.map

package/dist/server/npm-registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"npm-registry.d.ts","sourceRoot":"","sources":["../../src/server/npm-registry.ts"],"names":[],"mappings":"AAiBA,KAAK,QAAQ,GAAG,CACf,KAAK,EAAE,WAAW,GAAG,GAAG,EACxB,IAAI,CAAC,EAAE,WAAW,KACd,OAAO,CAAC,QAAQ,CAAC,CAAC;AAEvB;;;GAGG;AACH,eAAO,MAAM,qBAAqB,GACjC,SAAS,MAAM,EACf,OAAO,QAAQ,EACf,SAAQ,CAAC,CAAC,EAAE,MAAM,KAAK,OAAwB,EAC/C,QAAQ,MAAM,EACd,mBAAe,KACb,OAAO,CAAC,MAAM,EAAE,CA6DlB,CAAC"}