attaform 0.16.3 → 0.17.0

package/dist/shared/{attaform.BfMxsfmE.mjs → attaform.CIEQgJnM.mjs}

@@ -71,7 +71,7 @@ function formatAnonPersistMessage(opts) {
 }
 
 function detectSSR(options = {}) {
-  if (options.override !== void 0) return options.override;
+  if (options.ssr !== void 0) return options.ssr;
   return typeof window === "undefined" && typeof document === "undefined";
 }
 
@@ -381,91 +381,138 @@ function createPersistOptInRegistry() {
   };
 }
 
-const SENSITIVE_NAME_PATTERNS = [
-  // Passwords and PIN-like
-  /password/i,
-  /passwd/i,
-  /passwords/i,
-  /\bpwd\b/i,
-  /\bpin\b/i,
+const DEFAULT_SENSITIVE_NAMES = Object.freeze([
+  // Passwords + PIN-like
+  "password",
+  "passwd",
+  "pwd",
+  "pin",
   // Card / payment
-  /\bcvv\b/i,
-  /\bcvc\b/i,
-  /card[_\s-]?(?:number|num)/i,
-  /\bcard\b/i,
-  /\biban\b/i,
-  /routing[_\s-]?number/i,
-  /account[_\s-]?number/i,
+  "cvv",
+  "cvc",
+  "card_number",
+  "card_num",
+  "card",
+  "iban",
+  "routing_number",
+  "account_number",
   // Government / identity
-  /\bssn\b/i,
-  /social[_\s-]?security/i,
-  /\bdob\b/i,
-  /date[_\s-]?of[_\s-]?birth/i,
-  /passport/i,
-  /driver[_\s-]?license/i,
-  // Tax IDs (US + international common variants)
-  /\btin\b/i,
-  /\bein\b/i,
-  /\bitin\b/i,
-  /tax[_\s-]?id/i,
-  // Tokens, secrets, API/auth credentials
-  /\btoken\b/i,
-  /\btokens\b/i,
-  /secret/i,
-  /secrets/i,
-  /api[_\s-]?key/i,
-  /api[_\s-]?secret/i,
-  /api[_\s-]?token/i,
-  /private[_\s-]?key/i,
-  /\bbearer\b/i,
-  /\boauth\b/i,
-  /auth[_\s-]?token/i,
-  /access[_\s-]?token/i,
-  /refresh[_\s-]?token/i,
-  /session[_\s-]?(?:id|key|token)/i,
+  "ssn",
+  "social_security",
+  "dob",
+  "date_of_birth",
+  "passport",
+  "driver_license",
+  // Tax IDs
+  "tin",
+  "ein",
+  "itin",
+  "tax_id",
+  // Tokens / secrets / API auth
+  "token",
+  "tokens",
+  "secret",
+  "secrets",
+  "api_key",
+  "api_secret",
+  "api_token",
+  "private_key",
+  "bearer",
+  "oauth",
+  "auth_token",
+  "access_token",
+  "refresh_token",
+  "session_id",
+  "session_key",
+  "session_token",
   // MFA / OTP
-  /\botp\b/i,
-  /one[_\s-]?time[_\s-]?(?:password|code)/i,
-  /mfa[_\s-]?(?:secret|seed|code|token)/i,
-  /two[_\s-]?factor[_\s-]?(?:code|token)/i,
-  /\b2fa[_\s-]?(?:code|token)?\b/i,
-  /recovery[_\s-]?code/i,
-  /backup[_\s-]?code/i
-];
-function segmentMatchesSensitive(segment) {
-  if (typeof segment !== "string") return false;
-  for (const pattern of SENSITIVE_NAME_PATTERNS) {
-    if (pattern.test(segment)) return true;
+  "otp",
+  "one_time_password",
+  "one_time_code",
+  "mfa_secret",
+  "mfa_seed",
+  "mfa_code",
+  "mfa_token",
+  "two_factor_code",
+  "two_factor_token",
+  "2fa",
+  "2fa_code",
+  "2fa_token",
+  "recovery_code",
+  "backup_code"
+]);
+const WORD_BOUNDARY_THRESHOLD = 5;
+function escapeRegex(s) {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+function nameToRegex(name) {
+  const parts = name.split(/[_\s-]/).filter((p) => p.length > 0);
+  if (parts.length === 0) {
+    return /(?!)/;
   }
-  return false;
-}
-function isSensitivePath(path) {
-  if (typeof path !== "string") {
-    for (const segment of path) {
-      if (segmentMatchesSensitive(segment)) return true;
+  const escaped = parts.map(escapeRegex).join("[_\\s-]?");
+  const compactLength = parts.reduce((sum, p) => sum + p.length, 0);
+  const useBoundary = compactLength <= WORD_BOUNDARY_THRESHOLD;
+  const source = useBoundary ? `\\b${escaped}\\b` : escaped;
+  return new RegExp(source, "i");
+}
+function namesToPatterns(names) {
+  const patterns = [];
+  for (const name of names) {
+    if (typeof name !== "string" || name.length === 0) continue;
+    patterns.push(nameToRegex(name));
+  }
+  return patterns;
+}
+const DEFAULT_PATTERNS = namesToPatterns(DEFAULT_SENSITIVE_NAMES);
+function createSegmentMatchesSensitive(names = DEFAULT_SENSITIVE_NAMES) {
+  const patterns = names === DEFAULT_SENSITIVE_NAMES ? DEFAULT_PATTERNS : namesToPatterns(names);
+  return (segment) => {
+    if (typeof segment !== "string") return false;
+    for (const p of patterns) {
+      if (p.test(segment)) return true;
     }
     return false;
-  }
-  if (path.startsWith("[")) {
-    try {
-      const parsed = JSON.parse(path);
-      if (Array.isArray(parsed)) {
-        for (const segment of parsed) {
-          if (segmentMatchesSensitive(segment)) return true;
+  };
+}
+function createIsSensitivePath(names = DEFAULT_SENSITIVE_NAMES) {
+  const segmentMatches = createSegmentMatchesSensitive(names);
+  return (path) => {
+    if (typeof path !== "string") {
+      for (const segment of path) {
+        if (segmentMatches(segment)) return true;
+      }
+      return false;
+    }
+    if (path.startsWith("[")) {
+      try {
+        const parsed = JSON.parse(path);
+        if (Array.isArray(parsed)) {
+          for (const segment of parsed) {
+            if (segmentMatches(segment)) return true;
+          }
+          return false;
         }
-        return false;
+      } catch {
       }
-    } catch {
     }
-  }
-  for (const segment of path.split(".")) {
-    if (segmentMatchesSensitive(segment)) return true;
-  }
-  return false;
+    for (const segment of path.split(".")) {
+      if (segmentMatches(segment)) return true;
+    }
+    return false;
+  };
 }
-function enforceSensitiveCheck(path, acknowledged) {
+const defaultSegmentMatches = createSegmentMatchesSensitive();
+const defaultIsSensitivePath = createIsSensitivePath();
+function segmentMatchesSensitive(segment) {
+  return defaultSegmentMatches(segment);
+}
+function isSensitivePath(path) {
+  return defaultIsSensitivePath(path);
+}
+function enforceSensitiveCheck(path, acknowledged, isSensitive = defaultIsSensitivePath) {
   if (acknowledged) return;
-  if (!isSensitivePath(path)) return;
+  if (!isSensitive(path)) return;
   throw new SensitivePersistFieldError(path);
 }
 
@@ -607,10 +654,25 @@ function syncPersistOptIn(el, value, oldValue) {
   }
   if (wantsOptIn) {
     const v = value;
-    enforceSensitiveCheck(v.path, v.acknowledgeSensitive);
+    enforceSensitiveCheck(v.path, v.acknowledgeSensitive, v.isSensitivePath);
     v.persistOptIns.add(elementId, v.path);
   }
 }
+function syncMultiTabOptOut(value, oldValue) {
+  const wasOptedOut = isRegisterValue(oldValue) && oldValue.unmarkNoSync !== void 0;
+  const wantsOptOut = isRegisterValue(value) && value.markNoSync !== void 0;
+  if (!wasOptedOut && !wantsOptOut) return;
+  if (wasOptedOut) {
+    const old = oldValue;
+    const samePath = wantsOptOut && value.path === old.path;
+    if (!samePath) old.unmarkNoSync?.();
+  }
+  if (wantsOptOut) {
+    const v = value;
+    const samePathOld = wasOptedOut && oldValue.path === v.path;
+    if (!samePathOld) v.markNoSync?.();
+  }
+}
 function syncElementRegistration(el, value, oldValue) {
   const wasRegistered = isRegisterValue(oldValue);
   const isRegistered = isRegisterValue(value);
@@ -1059,6 +1121,7 @@ const warnedUnsupportedElements = __DEV__ ? /* @__PURE__ */ new WeakSet() : null
 const vRegisterDynamic = {
   created(el, binding, vnode) {
     syncPersistOptIn(el, binding.value, void 0);
+    syncMultiTabOptOut(binding.value, void 0);
     callModelHook(el, binding, vnode, null, "created");
     if (__DEV__ && warnedUnsupportedElements !== null && !SUPPORTED_TAGS.has(el.tagName) && !warnedUnsupportedElements.has(el)) {
       void nextTick(() => {
@@ -1080,6 +1143,7 @@ const vRegisterDynamic = {
   },
   beforeUpdate(el, binding, vnode, prevVNode) {
     syncPersistOptIn(el, binding.value, binding.oldValue);
+    syncMultiTabOptOut(binding.value, binding.oldValue);
     syncElementRegistration(el, binding.value, binding.oldValue);
     callModelHook(el, binding, vnode, prevVNode, "beforeUpdate");
   },
@@ -1090,6 +1154,7 @@ const vRegisterDynamic = {
     removeTrackedListeners(el);
     if (isRegisterValue(value)) {
       value.persistOptIns.removeAllFor(getOrAssignElementId(el));
+      value.unmarkNoSync?.();
     }
     if (!isRegisterValue(value)) return;
     value.deregisterElement(el);
@@ -1165,5 +1230,5 @@ function createAttaform(options = {}) {
   return plugin;
 }
 
-export { AnonPersistError as A, InvalidPathError as I, OutsideSetupError as O, RegistryNotInstalledError as R, SensitivePersistFieldError as S, __DEV__ as _, AttaformError as a, InvalidUseFormConfigError as b, createAttaform as c, ReservedFormKeyError as d, SubmitErrorHandlerError as e, assignKey as f, getRegistryFromApp as g, createRegistry as h, isSensitivePath as i, isRegisterValue as j, kAttaformRegistry as k, useRegistry as l, captureUserCallSite as m, enforceSensitiveCheck as n, createPersistOptInRegistry as o, ensureAttaformInstalled as p, kFormContext as q, kFormInstanceId as r, segmentMatchesSensitive as s, useRegister as u, vRegister as v };
-//# sourceMappingURL=attaform.BfMxsfmE.mjs.map
+export { AnonPersistError as A, DEFAULT_SENSITIVE_NAMES as D, InvalidPathError as I, OutsideSetupError as O, RegistryNotInstalledError as R, SensitivePersistFieldError as S, __DEV__ as _, AttaformError as a, InvalidUseFormConfigError as b, createAttaform as c, ReservedFormKeyError as d, SubmitErrorHandlerError as e, assignKey as f, getRegistryFromApp as g, createRegistry as h, isRegisterValue as i, useRegistry as j, kAttaformRegistry as k, captureUserCallSite as l, enforceSensitiveCheck as m, isSensitivePath as n, createPersistOptInRegistry as o, ensureAttaformInstalled as p, kFormContext as q, kFormInstanceId as r, segmentMatchesSensitive as s, createIsSensitivePath as t, useRegister as u, vRegister as v, createSegmentMatchesSensitive as w };
+//# sourceMappingURL=attaform.CIEQgJnM.mjs.map