@silurus/ooxml 0.35.0 → 0.37.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/README.md +5 -1
  2. package/dist/docx-BV9DuQ9z.cjs +1 -0
  3. package/dist/docx-DIFtUzAi.js +1137 -0
  4. package/dist/docx.cjs +1 -1
  5. package/dist/docx.mjs +1 -1
  6. package/dist/index.cjs +1 -1
  7. package/dist/index.mjs +3 -3
  8. package/dist/pptx-CzgfHii0.js +23305 -0
  9. package/dist/pptx-gWByFXpk.cjs +1 -0
  10. package/dist/pptx.cjs +1 -1
  11. package/dist/pptx.mjs +1 -1
  12. package/dist/types/docx.d.ts +9 -2
  13. package/dist/types/index.d.ts +62 -6
  14. package/dist/types/pptx.d.ts +18 -2
  15. package/dist/types/xlsx.d.ts +35 -2
  16. package/dist/xlsx-CU5kEVSN.cjs +11 -0
  17. package/dist/xlsx-DF_d5tXa.js +3193 -0
  18. package/dist/xlsx.cjs +1 -1
  19. package/dist/xlsx.mjs +1 -1
  20. package/package.json +2 -2
  21. package/dist/docx-BSqY4T0s.js +0 -1133
  22. package/dist/docx-CxZXjtTA.cjs +0 -1
  23. package/dist/pptx-CLc84h6v.cjs +0 -1
  24. package/dist/pptx-DdpPwDWz.js +0 -23301
  25. package/dist/xlsx-BlpzIqe6.cjs +0 -11
  26. package/dist/xlsx-Cnu9YR5Z.js +0 -3166
package/README.md CHANGED
@@ -566,7 +566,11 @@ cd packages/pptx/parser && wasm-pack build --target web && cp pkg/pptx_parser_bg
566
566
  ## Security & Privacy
567
567
 
568
568
  - **Canvas-only rendering.** Documents are decoded and drawn to an `HTMLCanvasElement`. No script, link, form, or other active content from the source file is executed or injected into the DOM.
569
- - **ZIP decompression cap.** Each entry in the source archive is limited to 512 MiB of uncompressed output to block zip-bomb DoS.
569
+ - **ZIP decompression cap.** Each entry in the source archive is limited to 512 MiB of uncompressed output by default to block zip-bomb DoS. Override per viewer with `maxZipEntryBytes` (bytes) — raise it for legitimate decks with large embedded media, lower it to tighten the budget for untrusted input:
570
+ ```ts
571
+ new PptxViewer(canvas, { maxZipEntryBytes: 64 * 1024 * 1024 }); // 64 MiB
572
+ ```
573
+ Supported uniformly by `DocxViewer`, `PptxViewer`, and `XlsxViewer`. Zero / negative values fall back to the default.
570
574
  - **No network by default.** The library does not send telemetry or analytics, and does not contact third-party services unless you ask it to. In particular, theme webfonts (and Office font metric substitutes for XLSX) are **not** loaded from Google Fonts unless you pass `useGoogleFonts: true` to the relevant `Viewer` / `load(...)` options — supported uniformly by `DocxViewer`, `PptxViewer`, and `XlsxViewer`. Enabling that option causes the end-user's browser to send an HTTP request (IP and User-Agent) to `fonts.googleapis.com`, which may have GDPR implications for your application — consider self-hosting the required fonts via `@font-face` instead.
571
575
  - **XML parsing.** Uses `roxmltree`, which does not resolve external entities (XXE-safe by default).
572
576