npm - @syntrologie/runtime-sdk - Versions diffs - 2.19.0 → 2.20.0 - Mend

@syntrologie/runtime-sdk 2.19.0 → 2.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/actions/schema.d.ts +64 -0
package/dist/actions/schema.js +1 -1
package/dist/{chunk-R7R2ZKZU.js → chunk-FMLX4END.js} +26 -4
package/dist/chunk-FMLX4END.js.map +7 -0
package/dist/index.js +36 -4
package/dist/index.js.map +3 -3
package/dist/smart-canvas.esm.js +52 -52
package/dist/smart-canvas.esm.js.map +4 -4
package/dist/smart-canvas.js +61 -7
package/dist/smart-canvas.js.map +4 -4
package/dist/smart-canvas.min.js +52 -52
package/dist/smart-canvas.min.js.map +4 -4
package/dist/version.d.ts +1 -1
package/package.json +1 -1
package/schema/canvas-config.schema.json +69 -31
package/dist/chunk-R7R2ZKZU.js.map +0 -7

package/dist/smart-canvas.js CHANGED Viewed

@@ -3136,6 +3136,28 @@ var SyntrologieSDK = (() => {
       }
     };
   };
+  var ALLOWED_PROTOCOLS = /* @__PURE__ */ new Set(["http:", "https:", "mailto:", "tel:"]);
+  function isSafeNavigationHref(href) {
+    if (typeof href !== "string" || href.trim().length === 0) return false;
+    let parsed;
+    try {
+      parsed = new URL(href, "https://syntro.local/");
+    } catch {
+      return false;
+    }
+    return ALLOWED_PROTOCOLS.has(parsed.protocol);
+  }
+  function navigateForCta(input) {
+    if (input.actionId === "dismiss") return false;
+    if (!input.href || !isSafeNavigationHref(input.href)) return false;
+    const href = input.href;
+    if (input.target === "_blank") {
+      window.open(href, "_blank", "noopener,noreferrer");
+    } else {
+      window.location.assign(href);
+    }
+    return true;
+  }
   var ACTIVE_TOUR_KEY = "syntro_active_tour";
   var activeTours = /* @__PURE__ */ new Map();
   function getTourState(tourId) {
@@ -4105,10 +4127,16 @@ var SyntrologieSDK = (() => {
       const actionId = btn.getAttribute("data-syntro-action");
       if (actionId) {
         actionClicked = actionId;
+        const matchingBtn = ctaButtons?.find((b6) => b6.actionId === actionId);
+        const href = matchingBtn?.href;
         context.publishEvent("action.modal_cta_clicked", {
-          actionId
+          actionId,
+          ...href ? { href } : {}
         });
         handle.destroy();
+        if (matchingBtn) {
+          navigateForCta(matchingBtn);
+        }
       }
     };
     actionBtns.forEach((btn) => btn.addEventListener("click", actionHandler));
@@ -5256,8 +5284,12 @@ var SyntrologieSDK = (() => {
             context.publishEvent("action.tooltip_cta_clicked", {
               anchorId: action.anchorId,
               actionId,
-              label: clickedBtn.label
+              label: clickedBtn.label,
+              ...clickedBtn.href ? { href: clickedBtn.href } : {}
             });
+            handle.destroy();
+            navigateForCta(clickedBtn);
+            return;
           }
         }
         handle.destroy();
@@ -16696,7 +16728,7 @@ Please report this to https://github.com/markedjs/marked.`, e10) {
   }
   // src/version.ts
-  var SDK_VERSION = "2.19.0";
+  var SDK_VERSION = "2.20.0";
   // src/types.ts
   var SDK_SCHEMA_VERSION = "2.0";
@@ -20909,10 +20941,32 @@ ${cssRules}
     "right-start",
     "right-end"
   ]);
+  var SAFE_HREF_PATTERN = /^(?:[/.#?]|[hH][tT][tT][pP][sS]?:\/\/|[mM][aA][iI][lL][tT][oO]:|[tT][eE][lL]:)/;
+  var HrefZ = external_exports.string().min(1).regex(SAFE_HREF_PATTERN, {
+    message: "href must start with /, ./, ../, #, ?, http(s)://, mailto:, or tel: \u2014 javascript:, data:, and vbscript: are not allowed"
+  }).refine(
+    (s9) => {
+      try {
+        const parsed = new URL(s9, "https://syntro.local/");
+        return ["http:", "https:", "mailto:", "tel:"].includes(parsed.protocol);
+      } catch {
+        return false;
+      }
+    },
+    { message: "href resolves to an unsupported protocol" }
+  );
   var CtaButtonZ = external_exports.object({
-    label: external_exports.string(),
-    actionId: external_exports.string(),
-    primary: external_exports.boolean().optional()
+    label: external_exports.string().describe("Visible button label."),
+    actionId: external_exports.string().describe(
+      'Identifier emitted on action.modal_cta_clicked / action.tooltip_cta_clicked. Use "dismiss" to close the overlay without publishing an event or navigating, even if href is set.'
+    ),
+    primary: external_exports.boolean().optional().describe("When true, renders as the primary (filled) button. Defaults to false."),
+    href: HrefZ.optional().describe(
+      'URL to navigate to when the button is clicked. Use this to drive users to a destination (product page, signup, etc.) \u2014 set href on a non-dismiss button rather than relying on actionId conventions or content:setAttr tricks. Accepts relative paths ("/product/x"), fragments ("#section"), query strings, and absolute http(s) URLs. javascript:/data:/vbscript: are rejected.'
+    ),
+    target: external_exports.enum(["_self", "_blank"]).optional().describe(
+      'Navigation target. "_self" (default) replaces the current tab; "_blank" opens a new tab with noopener,noreferrer.'
+    )
   }).strict();
   var TooltipContentZ = external_exports.object({
     title: external_exports.string().optional(),
@@ -34746,7 +34800,7 @@ ${cssRules}
   }
   // src/index.ts
-  var RUNTIME_SDK_BUILD = true ? `${"2026-05-06T04:46:30.034Z"} (${"542c106817c"})` : "dev";
+  var RUNTIME_SDK_BUILD = true ? `${"2026-05-07T04:09:15.562Z"} (${"e170c20927b"})` : "dev";
   if (typeof window !== "undefined") {
     console.log(`[Syntro Runtime] Build: ${RUNTIME_SDK_BUILD} (Lit)`);
     const existing = window.SynOS;