@trops/dash-core 0.1.507 → 0.1.508

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/electron/index.js +26 -19
  2. package/dist/electron/index.js.map +1 -1
  3. package/package.json +1 -1
package/dist/electron/index.js CHANGED
@@ -2586,9 +2586,23 @@ function _hostMatches(host, allowedList) {
2586
2586
  if (!Array.isArray(allowedList) || allowedList.length === 0) return false;
2587
2587
  if (allowedList.includes("*")) return true;
2588
2588
  const lower = host.toLowerCase();
2589
- return allowedList.some(
2590
- (h) => typeof h === "string" && h.toLowerCase() === lower,
2591
- );
2589
+ for (const entry of allowedList) {
2590
+ if (typeof entry !== "string") continue;
2591
+ const entryLower = entry.toLowerCase();
2592
+ // Exact match.
2593
+ if (entryLower === lower) return true;
2594
+ // Subdomain wildcard: "*.example.com" matches "example.com" and
2595
+ // any host ending in ".example.com". The leading dot on the
2596
+ // suffix-test is required — otherwise "*.example.com" would also
2597
+ // match "attackerexample.com", which is the kind of confusion
2598
+ // this feature is meant to avoid.
2599
+ if (entryLower.startsWith("*.")) {
2600
+ const base = entryLower.slice(2); // "example.com"
2601
+ if (lower === base) return true;
2602
+ if (lower.endsWith("." + base)) return true;
2603
+ }
2604
+ }
2605
+ return false;
2592
2606
  }
2593
2607
 
2594
2608
  function _parseHost(url) {
@@ -34789,20 +34803,13 @@ boolean.parseBooleanDef = parseBooleanDef;
34789
34803
 
34790
34804
  var branded = {};
34791
34805
 
34792
- var hasRequiredBranded;
34793
-
34794
- function requireBranded () {
34795
- if (hasRequiredBranded) return branded;
34796
- hasRequiredBranded = 1;
34797
- Object.defineProperty(branded, "__esModule", { value: true });
34798
- branded.parseBrandedDef = void 0;
34799
- const parseDef_js_1 = requireParseDef();
34800
- function parseBrandedDef(_def, refs) {
34801
- return (0, parseDef_js_1.parseDef)(_def.type._def, refs);
34802
- }
34803
- branded.parseBrandedDef = parseBrandedDef;
34804
- return branded;
34806
+ Object.defineProperty(branded, "__esModule", { value: true });
34807
+ branded.parseBrandedDef = void 0;
34808
+ const parseDef_js_1$1 = requireParseDef();
34809
+ function parseBrandedDef(_def, refs) {
34810
+ return (0, parseDef_js_1$1.parseDef)(_def.type._def, refs);
34805
34811
  }
34812
+ branded.parseBrandedDef = parseBrandedDef;
34806
34813
 
34807
34814
  var _catch = {};
34808
34815
 
@@ -35385,7 +35392,7 @@ function requireRecord () {
35385
35392
  const v3_1 = v3;
35386
35393
  const parseDef_js_1 = requireParseDef();
35387
35394
  const string_js_1 = string;
35388
- const branded_js_1 = requireBranded();
35395
+ const branded_js_1 = branded;
35389
35396
  const any_js_1 = any;
35390
35397
  function parseRecordDef(def, refs) {
35391
35398
  if (refs.target === "openAi") {
@@ -36036,7 +36043,7 @@ function requireSelectParser () {
36036
36043
  const array_js_1 = requireArray();
36037
36044
  const bigint_js_1 = bigint;
36038
36045
  const boolean_js_1 = boolean;
36039
- const branded_js_1 = requireBranded();
36046
+ const branded_js_1 = branded;
36040
36047
  const catch_js_1 = require_catch();
36041
36048
  const date_js_1 = date;
36042
36049
  const default_js_1 = require_default();
@@ -36335,7 +36342,7 @@ zodToJsonSchema$1.zodToJsonSchema = zodToJsonSchema;
36335
36342
  __exportStar(requireArray(), exports);
36336
36343
  __exportStar(bigint, exports);
36337
36344
  __exportStar(boolean, exports);
36338
- __exportStar(requireBranded(), exports);
36345
+ __exportStar(branded, exports);
36339
36346
  __exportStar(require_catch(), exports);
36340
36347
  __exportStar(date, exports);
36341
36348
  __exportStar(require_default(), exports);