@rtif-sdk/formats 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/README.md +111 -0
  2. package/dist/html/codec.d.ts +22 -0
  3. package/dist/html/codec.d.ts.map +1 -0
  4. package/dist/html/codec.js +25 -0
  5. package/dist/html/codec.js.map +1 -0
  6. package/dist/html/entities.d.ts +14 -0
  7. package/dist/html/entities.d.ts.map +1 -0
  8. package/dist/html/entities.js +80 -0
  9. package/dist/html/entities.js.map +1 -0
  10. package/dist/html/index.d.ts +5 -0
  11. package/dist/html/index.d.ts.map +1 -0
  12. package/dist/html/index.js +3 -0
  13. package/dist/html/index.js.map +1 -0
  14. package/dist/html/parse-tree.d.ts +33 -0
  15. package/dist/html/parse-tree.d.ts.map +1 -0
  16. package/dist/html/parse-tree.js +191 -0
  17. package/dist/html/parse-tree.js.map +1 -0
  18. package/dist/html/parse.d.ts +28 -0
  19. package/dist/html/parse.d.ts.map +1 -0
  20. package/dist/html/parse.js +282 -0
  21. package/dist/html/parse.js.map +1 -0
  22. package/dist/html/rules.d.ts +51 -0
  23. package/dist/html/rules.d.ts.map +1 -0
  24. package/dist/html/rules.js +74 -0
  25. package/dist/html/rules.js.map +1 -0
  26. package/dist/html/serialize.d.ts +15 -0
  27. package/dist/html/serialize.d.ts.map +1 -0
  28. package/dist/html/serialize.js +68 -0
  29. package/dist/html/serialize.js.map +1 -0
  30. package/dist/markdown/codec.d.ts +15 -0
  31. package/dist/markdown/codec.d.ts.map +1 -0
  32. package/dist/markdown/codec.js +56 -0
  33. package/dist/markdown/codec.js.map +1 -0
  34. package/dist/markdown/index.d.ts +3 -0
  35. package/dist/markdown/index.d.ts.map +1 -0
  36. package/dist/markdown/index.js +3 -0
  37. package/dist/markdown/index.js.map +1 -0
  38. package/dist/markdown/parse-blocks.d.ts +25 -0
  39. package/dist/markdown/parse-blocks.d.ts.map +1 -0
  40. package/dist/markdown/parse-blocks.js +122 -0
  41. package/dist/markdown/parse-blocks.js.map +1 -0
  42. package/dist/markdown/parse-inline.d.ts +15 -0
  43. package/dist/markdown/parse-inline.d.ts.map +1 -0
  44. package/dist/markdown/parse-inline.js +164 -0
  45. package/dist/markdown/parse-inline.js.map +1 -0
  46. package/dist/markdown/serialize.d.ts +17 -0
  47. package/dist/markdown/serialize.d.ts.map +1 -0
  48. package/dist/markdown/serialize.js +120 -0
  49. package/dist/markdown/serialize.js.map +1 -0
  50. package/dist/plaintext/codec.d.ts +15 -0
  51. package/dist/plaintext/codec.d.ts.map +1 -0
  52. package/dist/plaintext/codec.js +30 -0
  53. package/dist/plaintext/codec.js.map +1 -0
  54. package/dist/plaintext/index.d.ts +3 -0
  55. package/dist/plaintext/index.d.ts.map +1 -0
  56. package/dist/plaintext/index.js +3 -0
  57. package/dist/plaintext/index.js.map +1 -0
  58. package/dist/shared/block-text.d.ts +4 -0
  59. package/dist/shared/block-text.d.ts.map +1 -0
  60. package/dist/shared/block-text.js +5 -0
  61. package/dist/shared/block-text.js.map +1 -0
  62. package/dist/shared/ids.d.ts +9 -0
  63. package/dist/shared/ids.d.ts.map +1 -0
  64. package/dist/shared/ids.js +12 -0
  65. package/dist/shared/ids.js.map +1 -0
  66. package/dist/shared/url.d.ts +20 -0
  67. package/dist/shared/url.d.ts.map +1 -0
  68. package/dist/shared/url.js +33 -0
  69. package/dist/shared/url.js.map +1 -0
  70. package/package.json +28 -0
package/dist/shared/url.d.ts ADDED
@@ -0,0 +1,20 @@
1
+ /**
2
+ * Shared URL sanitization for every URL-bearing attribute parsed from
3
+ * external input: HTML `href`/`src` and markdown link destinations.
4
+ *
5
+ * This is a protocol *allowlist*, not a blocklist (the v2 lesson): `http:`,
6
+ * `https:`, `mailto:`, and scheme-less (relative) URLs pass; everything else
7
+ * (`javascript:`, `data:`, `vbscript:`, `file:`, ...) is rejected.
8
+ */
9
+ /**
10
+ * Validate a URL against the protocol allowlist.
11
+ *
12
+ * Whitespace and control characters are stripped before scheme detection
13
+ * because browsers ignore them when resolving URLs — `java\nscript:` is a
14
+ * real attack vector, so it must be detected as the `javascript` scheme.
15
+ *
16
+ * @param raw - The attribute value or link destination as written
17
+ * @returns the trimmed URL when allowed, or `null` when it must be dropped
18
+ */
19
+ export declare function sanitizeUrl(raw: string): string | null;
20
+ //# sourceMappingURL=url.d.ts.map
package/dist/shared/url.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"url.d.ts","sourceRoot":"","sources":["../../src/shared/url.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAWH;;;;;;;;;GASG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAMtD"}
package/dist/shared/url.js ADDED
@@ -0,0 +1,33 @@
1
+ /**
2
+ * Shared URL sanitization for every URL-bearing attribute parsed from
3
+ * external input: HTML `href`/`src` and markdown link destinations.
4
+ *
5
+ * This is a protocol *allowlist*, not a blocklist (the v2 lesson): `http:`,
6
+ * `https:`, `mailto:`, and scheme-less (relative) URLs pass; everything else
7
+ * (`javascript:`, `data:`, `vbscript:`, `file:`, ...) is rejected.
8
+ */
9
+ const ALLOWED_SCHEMES = new Set(['http', 'https', 'mailto']);
10
+ /** Matches a URL scheme per RFC 3986: a letter, then letters/digits/`+`/`-`/`.`. */
11
+ const SCHEME_PATTERN = /^([a-z][a-z0-9+.-]*):/;
12
+ /** Whitespace and control characters that browsers ignore inside URLs. */
13
+ // eslint-disable-next-line no-control-regex -- control chars are intentionally matched for URL sanitization
14
+ const IGNORED_CHARS = /[\u0000-\u0020\u00a0]+/g;
15
+ /**
16
+ * Validate a URL against the protocol allowlist.
17
+ *
18
+ * Whitespace and control characters are stripped before scheme detection
19
+ * because browsers ignore them when resolving URLs — `java\nscript:` is a
20
+ * real attack vector, so it must be detected as the `javascript` scheme.
21
+ *
22
+ * @param raw - The attribute value or link destination as written
23
+ * @returns the trimmed URL when allowed, or `null` when it must be dropped
24
+ */
25
+ export function sanitizeUrl(raw) {
26
+ const url = raw.trim();
27
+ const probe = url.replace(IGNORED_CHARS, '').toLowerCase();
28
+ const match = SCHEME_PATTERN.exec(probe);
29
+ if (match === null)
30
+ return url; // no scheme — a relative URL
31
+ return ALLOWED_SCHEMES.has(match[1]) ? url : null;
32
+ }
33
+ //# sourceMappingURL=url.js.map
package/dist/shared/url.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"url.js","sourceRoot":"","sources":["../../src/shared/url.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,eAAe,GAAwB,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;AAElF,oFAAoF;AACpF,MAAM,cAAc,GAAG,uBAAuB,CAAC;AAE/C,0EAA0E;AAC1E,4GAA4G;AAC5G,MAAM,aAAa,GAAG,yBAAyB,CAAC;AAEhD;;;;;;;;;GASG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IACvB,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAC3D,MAAM,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACzC,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,GAAG,CAAC,CAAC,6BAA6B;IAC7D,OAAO,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAW,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;AAC9D,CAAC"}
package/package.json ADDED
@@ -0,0 +1,28 @@
1
+ {
2
+ "name": "@rtif-sdk/formats",
3
+ "version": "3.0.0",
4
+ "description": "RTIF format codecs: HTML, Markdown, plaintext.",
5
+ "type": "module",
6
+ "sideEffects": false,
7
+ "exports": {
8
+ "./html": {
9
+ "types": "./dist/html/index.d.ts",
10
+ "import": "./dist/html/index.js"
11
+ },
12
+ "./markdown": {
13
+ "types": "./dist/markdown/index.d.ts",
14
+ "import": "./dist/markdown/index.js"
15
+ },
16
+ "./plaintext": {
17
+ "types": "./dist/plaintext/index.d.ts",
18
+ "import": "./dist/plaintext/index.js"
19
+ }
20
+ },
21
+ "files": [
22
+ "dist"
23
+ ],
24
+ "dependencies": {
25
+ "@rtif-sdk/core": "3.0.0"
26
+ },
27
+ "license": "MIT"
28
+ }