@wdprlib/render 0.1.4 → 1.0.0-rc.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +58 -0
  2. package/dist/index.cjs +496 -39
  3. package/dist/index.d.cts +31 -1
  4. package/dist/index.d.ts +31 -1
  5. package/dist/index.js +483 -39
  6. package/package.json +9 -2
package/dist/index.d.cts CHANGED
@@ -1,6 +1,24 @@
1
1
  import { SyntaxTree as SyntaxTree2 } from "@wdprlib/ast";
2
2
  import { Element } from "@wdprlib/ast";
3
3
  /**
4
+ * Allowlist entry for embed content validation
5
+ * Each entry specifies a host pattern and optional path prefix
6
+ */
7
+ interface EmbedAllowlistEntry {
8
+ /** Host pattern. Supports wildcard prefix '*.' (e.g., '*.youtube.com') */
9
+ host: string;
10
+ /** Optional path prefix that must match (e.g., '/embed/') */
11
+ pathPrefix?: string;
12
+ }
13
+ /**
14
+ * Default allowlist for embed content (ported from Wikidot's default.php)
15
+ * Only iframes with src matching these host+path patterns will be rendered.
16
+ *
17
+ * Note: Set to null to allow any HTTPS iframe (Wikidot's 'anyiframe' behavior).
18
+ * DOMPurify still enforces HTTPS-only and blocks dangerous attributes.
19
+ */
20
+ declare const DEFAULT_EMBED_ALLOWLIST: EmbedAllowlistEntry[] | null;
21
+ /**
4
22
  * Page context for resolving links, images, etc.
5
23
  */
6
24
  interface PageContext {
@@ -12,6 +30,8 @@ interface PageContext {
12
30
  domain?: string;
13
31
  /** Check if a page exists (for "newpage" class on links) */
14
32
  pageExists?: (page: string) => boolean;
33
+ /** Page tags for [[iftags]] conditional rendering */
34
+ tags?: string[];
15
35
  }
16
36
  /**
17
37
  * Resolved user information for rendering
@@ -23,6 +43,8 @@ interface ResolvedUser {
23
43
  url?: string;
24
44
  /** Avatar image URL. If not provided, no avatar is rendered */
25
45
  avatarUrl?: string;
46
+ /** Karma image URL for avatar background (Wikidot-specific feature) */
47
+ karmaUrl?: string;
26
48
  }
27
49
  /**
28
50
  * Resolver functions for dynamic content
@@ -65,9 +87,17 @@ interface RenderOptions {
65
87
  * - Allow scripts: htmlBlockSandbox: "allow-scripts allow-same-origin"
66
88
  */
67
89
  htmlBlockSandbox?: string | null;
90
+ /**
91
+ * Allowlist for [[embed]] content with host and optional path validation.
92
+ * - undefined: Uses default allowlist (YouTube, Vimeo, etc. with path restrictions)
93
+ * - EmbedAllowlistEntry[]: Custom allowlist with host patterns and optional path prefixes
94
+ * - []: Block all embeds
95
+ * - null: Allow any HTTPS iframe (Wikidot's 'anyiframe' behavior)
96
+ */
97
+ embedAllowlist?: EmbedAllowlistEntry[] | null;
68
98
  }
69
99
  /**
70
100
  * Render a SyntaxTree to HTML string
71
101
  */
72
102
  declare function renderToHtml(tree: SyntaxTree2, options?: RenderOptions): string;
73
- export { renderToHtml, ResolvedUser, RenderResolvers, RenderOptions, PageContext };
103
+ export { renderToHtml, ResolvedUser, RenderResolvers, RenderOptions, PageContext, DEFAULT_EMBED_ALLOWLIST };
package/dist/index.d.ts CHANGED
@@ -1,6 +1,24 @@
1
1
  import { SyntaxTree as SyntaxTree2 } from "@wdprlib/ast";
2
2
  import { Element } from "@wdprlib/ast";
3
3
  /**
4
+ * Allowlist entry for embed content validation
5
+ * Each entry specifies a host pattern and optional path prefix
6
+ */
7
+ interface EmbedAllowlistEntry {
8
+ /** Host pattern. Supports wildcard prefix '*.' (e.g., '*.youtube.com') */
9
+ host: string;
10
+ /** Optional path prefix that must match (e.g., '/embed/') */
11
+ pathPrefix?: string;
12
+ }
13
+ /**
14
+ * Default allowlist for embed content (ported from Wikidot's default.php)
15
+ * Only iframes with src matching these host+path patterns will be rendered.
16
+ *
17
+ * Note: Set to null to allow any HTTPS iframe (Wikidot's 'anyiframe' behavior).
18
+ * DOMPurify still enforces HTTPS-only and blocks dangerous attributes.
19
+ */
20
+ declare const DEFAULT_EMBED_ALLOWLIST: EmbedAllowlistEntry[] | null;
21
+ /**
4
22
  * Page context for resolving links, images, etc.
5
23
  */
6
24
  interface PageContext {
@@ -12,6 +30,8 @@ interface PageContext {
12
30
  domain?: string;
13
31
  /** Check if a page exists (for "newpage" class on links) */
14
32
  pageExists?: (page: string) => boolean;
33
+ /** Page tags for [[iftags]] conditional rendering */
34
+ tags?: string[];
15
35
  }
16
36
  /**
17
37
  * Resolved user information for rendering
@@ -23,6 +43,8 @@ interface ResolvedUser {
23
43
  url?: string;
24
44
  /** Avatar image URL. If not provided, no avatar is rendered */
25
45
  avatarUrl?: string;
46
+ /** Karma image URL for avatar background (Wikidot-specific feature) */
47
+ karmaUrl?: string;
26
48
  }
27
49
  /**
28
50
  * Resolver functions for dynamic content
@@ -65,9 +87,17 @@ interface RenderOptions {
65
87
  * - Allow scripts: htmlBlockSandbox: "allow-scripts allow-same-origin"
66
88
  */
67
89
  htmlBlockSandbox?: string | null;
90
+ /**
91
+ * Allowlist for [[embed]] content with host and optional path validation.
92
+ * - undefined: Uses default allowlist (YouTube, Vimeo, etc. with path restrictions)
93
+ * - EmbedAllowlistEntry[]: Custom allowlist with host patterns and optional path prefixes
94
+ * - []: Block all embeds
95
+ * - null: Allow any HTTPS iframe (Wikidot's 'anyiframe' behavior)
96
+ */
97
+ embedAllowlist?: EmbedAllowlistEntry[] | null;
68
98
  }
69
99
  /**
70
100
  * Render a SyntaxTree to HTML string
71
101
  */
72
102
  declare function renderToHtml(tree: SyntaxTree2, options?: RenderOptions): string;
73
- export { renderToHtml, ResolvedUser, RenderResolvers, RenderOptions, PageContext };
103
+ export { renderToHtml, ResolvedUser, RenderResolvers, RenderOptions, PageContext, DEFAULT_EMBED_ALLOWLIST };