@sonicjs-cms/core 2.8.1 → 2.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (86) hide show
  1. package/dist/{app-CYEm1ytG.d.cts → app-DnQ26Lho.d.cts} +3 -0
  2. package/dist/{app-CYEm1ytG.d.ts → app-DnQ26Lho.d.ts} +3 -0
  3. package/dist/{chunk-S6K2H2TS.cjs → chunk-3G7XX4UI.cjs} +9 -9
  4. package/dist/{chunk-S6K2H2TS.cjs.map → chunk-3G7XX4UI.cjs.map} +1 -1
  5. package/dist/{chunk-KAT3OKHE.js → chunk-5XAI2XUF.js} +33 -37
  6. package/dist/chunk-5XAI2XUF.js.map +1 -0
  7. package/dist/{chunk-H7AMQWVI.js → chunk-74XCYEI7.js} +3 -3
  8. package/dist/{chunk-H7AMQWVI.js.map → chunk-74XCYEI7.js.map} +1 -1
  9. package/dist/{chunk-FZRZYQYU.js → chunk-CH5UHZVM.js} +2604 -2364
  10. package/dist/chunk-CH5UHZVM.js.map +1 -0
  11. package/dist/{chunk-7Q2XPM2U.js → chunk-GTFMI24U.js} +21 -2
  12. package/dist/chunk-GTFMI24U.js.map +1 -0
  13. package/dist/{chunk-SKLRRFJJ.cjs → chunk-HXHVU5GM.cjs} +21 -2
  14. package/dist/chunk-HXHVU5GM.cjs.map +1 -0
  15. package/dist/{chunk-WDQZYCQO.cjs → chunk-JDIM5AG7.cjs} +32 -39
  16. package/dist/chunk-JDIM5AG7.cjs.map +1 -0
  17. package/dist/{chunk-VCH6HXVP.js → chunk-JJS7JZCH.js} +58 -4
  18. package/dist/chunk-JJS7JZCH.js.map +1 -0
  19. package/dist/chunk-K4Q4SFJJ.cjs +568 -0
  20. package/dist/chunk-K4Q4SFJJ.cjs.map +1 -0
  21. package/dist/{chunk-SHCYIZAN.cjs → chunk-LTKV7AE5.cjs} +58 -4
  22. package/dist/chunk-LTKV7AE5.cjs.map +1 -0
  23. package/dist/chunk-MNWKYY5E.cjs +44 -0
  24. package/dist/chunk-MNWKYY5E.cjs.map +1 -0
  25. package/dist/{chunk-JVRRG36J.cjs → chunk-R4WR3VTN.cjs} +2393 -2153
  26. package/dist/chunk-R4WR3VTN.cjs.map +1 -0
  27. package/dist/chunk-TQABQWOP.js +39 -0
  28. package/dist/chunk-TQABQWOP.js.map +1 -0
  29. package/dist/chunk-Y3VMEGY2.js +541 -0
  30. package/dist/chunk-Y3VMEGY2.js.map +1 -0
  31. package/dist/{collection-config-BF95LgQb.d.cts → collection-config-i8EaAF7z.d.cts} +2 -1
  32. package/dist/{collection-config-BF95LgQb.d.ts → collection-config-i8EaAF7z.d.ts} +2 -1
  33. package/dist/{filter-bar.template-By4jeiw_.d.cts → filter-bar.template-Daw8ZDoq.d.cts} +1 -0
  34. package/dist/{filter-bar.template-By4jeiw_.d.ts → filter-bar.template-Daw8ZDoq.d.ts} +1 -0
  35. package/dist/index.cjs +112 -111
  36. package/dist/index.cjs.map +1 -1
  37. package/dist/index.d.cts +6 -6
  38. package/dist/index.d.ts +6 -6
  39. package/dist/index.js +16 -15
  40. package/dist/index.js.map +1 -1
  41. package/dist/middleware.cjs +43 -23
  42. package/dist/middleware.d.cts +86 -6
  43. package/dist/middleware.d.ts +86 -6
  44. package/dist/middleware.js +2 -2
  45. package/dist/migrations-7X4RPH7O.cjs +13 -0
  46. package/dist/{migrations-76NR5BVF.cjs.map → migrations-7X4RPH7O.cjs.map} +1 -1
  47. package/dist/migrations-KHWFJ2HN.js +4 -0
  48. package/dist/{migrations-2NTJ44OR.js.map → migrations-KHWFJ2HN.js.map} +1 -1
  49. package/dist/{plugin-bootstrap-C7Mj00Ud.d.ts → plugin-bootstrap-CJozpgmI.d.cts} +1 -1
  50. package/dist/{plugin-bootstrap-DKB5f8-E.d.cts → plugin-bootstrap-DU5VmuHZ.d.ts} +1 -1
  51. package/dist/routes.cjs +29 -28
  52. package/dist/routes.d.cts +1 -1
  53. package/dist/routes.d.ts +1 -1
  54. package/dist/routes.js +6 -5
  55. package/dist/services.cjs +2 -2
  56. package/dist/services.d.cts +2 -2
  57. package/dist/services.d.ts +2 -2
  58. package/dist/services.js +1 -1
  59. package/dist/templates.cjs +20 -19
  60. package/dist/templates.d.cts +1 -1
  61. package/dist/templates.d.ts +1 -1
  62. package/dist/templates.js +3 -2
  63. package/dist/types.d.cts +1 -1
  64. package/dist/types.d.ts +1 -1
  65. package/dist/utils.cjs +24 -23
  66. package/dist/utils.d.cts +2 -2
  67. package/dist/utils.d.ts +2 -2
  68. package/dist/utils.js +2 -1
  69. package/dist/{version-vktVAxhe.d.cts → version-C_CXrN_T.d.cts} +5 -0
  70. package/dist/{version-vktVAxhe.d.ts → version-C_CXrN_T.d.ts} +5 -0
  71. package/migrations/032_user_profiles.sql +36 -0
  72. package/package.json +2 -2
  73. package/dist/chunk-7Q2XPM2U.js.map +0 -1
  74. package/dist/chunk-FZRZYQYU.js.map +0 -1
  75. package/dist/chunk-GIWIJNBH.cjs +0 -243
  76. package/dist/chunk-GIWIJNBH.cjs.map +0 -1
  77. package/dist/chunk-JVRRG36J.cjs.map +0 -1
  78. package/dist/chunk-KAT3OKHE.js.map +0 -1
  79. package/dist/chunk-QWTS6NSP.js +0 -221
  80. package/dist/chunk-QWTS6NSP.js.map +0 -1
  81. package/dist/chunk-SHCYIZAN.cjs.map +0 -1
  82. package/dist/chunk-SKLRRFJJ.cjs.map +0 -1
  83. package/dist/chunk-VCH6HXVP.js.map +0 -1
  84. package/dist/chunk-WDQZYCQO.cjs.map +0 -1
  85. package/dist/migrations-2NTJ44OR.js +0 -4
  86. package/dist/migrations-76NR5BVF.cjs +0 -13
package/dist/chunk-MNWKYY5E.cjs ADDED
@@ -0,0 +1,44 @@
1
+ 'use strict';
2
+
3
+ // src/utils/sanitize.ts
4
+ function escapeHtml(text) {
5
+ if (typeof text !== "string") {
6
+ return "";
7
+ }
8
+ const map = {
9
+ "&": "&",
10
+ "<": "&lt;",
11
+ ">": "&gt;",
12
+ '"': "&quot;",
13
+ "'": "&#039;"
14
+ };
15
+ return text.replace(/[&<>"']/g, (char) => map[char] || char);
16
+ }
17
+ function sanitizeInput(input) {
18
+ if (!input) {
19
+ return "";
20
+ }
21
+ return escapeHtml(String(input).trim());
22
+ }
23
+ function sanitizeRichText(html) {
24
+ if (typeof html !== "string") {
25
+ return "";
26
+ }
27
+ return html.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, "").replace(/\s+on\w+\s*=\s*(?:"[^"]*"|'[^']*'|[^\s>]+)/gi, "").replace(/(href|src|action)\s*=\s*"javascript:[^"]*"/gi, '$1=""').replace(/(href|src|action)\s*=\s*'javascript:[^']*'/gi, "$1=''");
28
+ }
29
+ function sanitizeObject(obj, fields) {
30
+ const sanitized = { ...obj };
31
+ for (const field of fields) {
32
+ if (typeof obj[field] === "string") {
33
+ sanitized[field] = sanitizeInput(obj[field]);
34
+ }
35
+ }
36
+ return sanitized;
37
+ }
38
+
39
+ exports.escapeHtml = escapeHtml;
40
+ exports.sanitizeInput = sanitizeInput;
41
+ exports.sanitizeObject = sanitizeObject;
42
+ exports.sanitizeRichText = sanitizeRichText;
43
+ //# sourceMappingURL=chunk-MNWKYY5E.cjs.map
44
+ //# sourceMappingURL=chunk-MNWKYY5E.cjs.map
package/dist/chunk-MNWKYY5E.cjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/utils/sanitize.ts"],"names":[],"mappings":";;;AASO,SAAS,WAAW,IAAA,EAAsB;AAC/C,EAAA,IAAI,OAAO,SAAS,QAAA,EAAU;AAC5B,IAAA,OAAO,EAAA;AAAA,EACT;AAEA,EAAA,MAAM,GAAA,GAA8B;AAAA,IAClC,GAAA,EAAK,OAAA;AAAA,IACL,GAAA,EAAK,MAAA;AAAA,IACL,GAAA,EAAK,MAAA;AAAA,IACL,GAAA,EAAK,QAAA;AAAA,IACL,GAAA,EAAK;AAAA,GACP;AAEA,EAAA,OAAO,IAAA,CAAK,QAAQ,UAAA,EAAY,CAAC,SAAS,GAAA,CAAI,IAAI,KAAK,IAAI,CAAA;AAC7D;AAQO,SAAS,cAAc,KAAA,EAA0C;AACtE,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,OAAO,EAAA;AAAA,EACT;AACA,EAAA,OAAO,UAAA,CAAW,MAAA,CAAO,KAAK,CAAA,CAAE,MAAM,CAAA;AACxC;AAQO,SAAS,iBAAiB,IAAA,EAAsB;AACrD,EAAA,IAAI,OAAO,SAAS,QAAA,EAAU;AAC5B,IAAA,OAAO,EAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAA,CAEJ,OAAA,CAAQ,qDAAA,EAAuD,EAAE,EAEjE,OAAA,CAAQ,8CAAA,EAAgD,EAAE,CAAA,CAE1D,QAAQ,8CAAA,EAAgD,OAAO,CAAA,CAC/D,OAAA,CAAQ,gDAAgD,OAAO,CAAA;AACpE;AAQO,SAAS,cAAA,CACd,KACA,MAAA,EACG;AACH,EAAA,MAAM,SAAA,GAAY,EAAE,GAAG,GAAA,EAAI;AAE3B,EAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,IAAA,IAAI,OAAO,GAAA,CAAI,KAAK,CAAA,KAAM,QAAA,EAAU;AAClC,MAAA,SAAA,CAAU,KAAK,CAAA,GAAI,aAAA,CAAc,GAAA,CAAI,KAAK,CAAC,CAAA;AAAA,IAC7C;AAAA,EACF;AAEA,EAAA,OAAO,SAAA;AACT","file":"chunk-MNWKYY5E.cjs","sourcesContent":["/**\n * HTML sanitization utilities for preventing XSS attacks\n */\n\n/**\n * Escapes HTML special characters to prevent XSS attacks\n * @param text - The text to escape\n * @returns The escaped text safe for HTML output\n */\nexport function escapeHtml(text: string): string {\n if (typeof text !== 'string') {\n return ''\n }\n\n const map: Record<string, string> = {\n '&': '&amp;',\n '<': '&lt;',\n '>': '&gt;',\n '\"': '&quot;',\n \"'\": '&#039;'\n }\n\n return text.replace(/[&<>\"']/g, (char) => map[char] || char)\n}\n\n/**\n * Sanitizes user input by escaping HTML special characters\n * This should be used for all user-provided text fields to prevent XSS\n * @param input - The input string to sanitize\n * @returns The sanitized string\n */\nexport function sanitizeInput(input: string | null | undefined): string {\n if (!input) {\n return ''\n }\n return escapeHtml(String(input).trim())\n}\n\n/**\n * Sanitizes rich text HTML by stripping dangerous elements while preserving\n * legitimate formatting. Removes script tags, event handlers, and javascript: URLs.\n * @param html - The rich text HTML to sanitize\n * @returns Sanitized HTML safe for rendering\n */\nexport function sanitizeRichText(html: string): string {\n if (typeof html !== 'string') {\n return ''\n }\n\n return html\n // Remove script tags and their contents\n .replace(/<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi, '')\n // Remove event handler attributes (on*)\n .replace(/\\s+on\\w+\\s*=\\s*(?:\"[^\"]*\"|'[^']*'|[^\\s>]+)/gi, '')\n // Remove javascript: URLs in href/src/action attributes\n .replace(/(href|src|action)\\s*=\\s*\"javascript:[^\"]*\"/gi, '$1=\"\"')\n .replace(/(href|src|action)\\s*=\\s*'javascript:[^']*'/gi, \"$1=''\")\n}\n\n/**\n * Sanitizes an object's string properties\n * @param obj - Object with string properties to sanitize\n * @param fields - Array of field names to sanitize\n * @returns New object with sanitized fields\n */\nexport function sanitizeObject<T extends Record<string, any>>(\n obj: T,\n fields: (keyof T)[]\n): T {\n const sanitized = { ...obj }\n\n for (const field of fields) {\n if (typeof obj[field] === 'string') {\n sanitized[field] = sanitizeInput(obj[field]) as T[keyof T]\n }\n }\n\n return sanitized\n}\n"]}