cyberchef 10.24.0 → 11.1.0

package/src/core/operations/RemoveANSIEscapeCodes.mjs

@@ -0,0 +1,41 @@
+/**
+ * @author Louis-Ladd [lewisharshman1@gmail.com]
+ * @copyright Crown Copyright 2025
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+
+/**
+ * Remove ANSI Escape Codes operation
+ */
+class RemoveANSIEscapeCodes extends Operation {
+
+    /**
+     * RemoveANSIEscapeCodes constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Remove ANSI Escape Codes";
+        this.module = "Default";
+        this.description = "Removes ANSI Escape Codes.";
+        this.infoURL = "https://wikipedia.org/wiki/ANSI_escape_code";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const ansiRegex = /\x1B\[[0-?]*[ -/]*[@-~]/g;
+        return input.replace(ansiRegex, "");
+    }
+
+}
+
+export default RemoveANSIEscapeCodes;

package/src/core/operations/SeriesChart.mjs

@@ -15,6 +15,20 @@ import Utils from "../Utils.mjs";
 const d3 = d3temp.default ? d3temp.default : d3temp;
 const nodom = nodomtemp.default ? nodomtemp.default: nodomtemp;
 
+/**
+ * Removes D3's internal bound data from a nodom tree before serialization.
+ * nodom serializes enumerable expando properties such as __data__ as attributes,
+ * so leaving them on attacker-controlled values can create executable markup.
+ *
+ * @param {Object} node
+ */
+function clearD3BoundData(node) {
+    delete node.__data__;
+
+    if (!node.childNodes) return;
+    node.childNodes.forEach(clearD3BoundData);
+}
+
 /**
  * Series chart operation
  */
@@ -222,6 +236,8 @@ class SeriesChart extends Operation {
                 .text(serie.name);
         });
 
+        clearD3BoundData(svg.node());
+
         return svg._groups[0][0].outerHTML;
     }
 

package/src/core/operations/ShowBase64Offsets.mjs

@@ -77,84 +77,84 @@ class ShowBase64Offsets extends Operation {
             staticSection = offset0.slice(0, -3);
             offset0 = "<span data-toggle='tooltip' data-placement='top' title='" +
                 Utils.escapeHtml(fromBase64(staticSection, alphabet).slice(0, -2)) + "'>" +
-                staticSection + "</span>" +
-                "<span class='hl5'>" + offset0.substr(offset0.length - 3, 1) + "</span>" +
-                "<span class='hl3'>" + offset0.substr(offset0.length - 2) + "</span>";
+                Utils.escapeHtml(staticSection) + "</span>" +
+                "<span class='hl5'>" + Utils.escapeHtml(offset0.substr(offset0.length - 3, 1)) + "</span>" +
+                "<span class='hl3'>" + Utils.escapeHtml(offset0.substr(offset0.length - 2)) + "</span>";
         } else if (len0 % 4 === 3) {
             staticSection = offset0.slice(0, -2);
             offset0 = "<span data-toggle='tooltip' data-placement='top' title='" +
                 Utils.escapeHtml(fromBase64(staticSection, alphabet).slice(0, -1)) + "'>" +
-                staticSection + "</span>" +
-                "<span class='hl5'>" + offset0.substr(offset0.length - 2, 1) + "</span>" +
-                "<span class='hl3'>" + offset0.substr(offset0.length - 1) + "</span>";
+                Utils.escapeHtml(staticSection) + "</span>" +
+                "<span class='hl5'>" + Utils.escapeHtml(offset0.substr(offset0.length - 2, 1)) + "</span>" +
+                "<span class='hl3'>" + Utils.escapeHtml(offset0.substr(offset0.length - 1)) + "</span>";
         } else {
             staticSection = offset0;
             offset0 = "<span data-toggle='tooltip' data-placement='top' title='" +
                 Utils.escapeHtml(fromBase64(staticSection, alphabet)) + "'>" +
-                staticSection + "</span>";
+                Utils.escapeHtml(staticSection) + "</span>";
         }
 
         if (!showVariable) {
-            offset0 = staticSection;
+            offset0 = Utils.escapeHtml(staticSection);
         }
 
 
         // Highlight offset 1
-        padding = "<span class='hl3'>" + offset1.substr(0, 1) + "</span>" +
-            "<span class='hl5'>" + offset1.substr(1, 1) + "</span>";
+        padding = "<span class='hl3'>" + Utils.escapeHtml(offset1.substr(0, 1)) + "</span>" +
+            "<span class='hl5'>" + Utils.escapeHtml(offset1.substr(1, 1)) + "</span>";
         offset1 = offset1.substr(2);
         if (len1 % 4 === 2) {
             staticSection = offset1.slice(0, -3);
             offset1 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
                 Utils.escapeHtml(fromBase64("AA" + staticSection, alphabet).slice(1, -2)) + "'>" +
-                staticSection + "</span>" +
-                "<span class='hl5'>" + offset1.substr(offset1.length - 3, 1) + "</span>" +
-                "<span class='hl3'>" + offset1.substr(offset1.length - 2) + "</span>";
+                Utils.escapeHtml(staticSection) + "</span>" +
+                "<span class='hl5'>" + Utils.escapeHtml(offset1.substr(offset1.length - 3, 1)) + "</span>" +
+                "<span class='hl3'>" + Utils.escapeHtml(offset1.substr(offset1.length - 2)) + "</span>";
         } else if (len1 % 4 === 3) {
             staticSection = offset1.slice(0, -2);
             offset1 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
                 Utils.escapeHtml(fromBase64("AA" + staticSection, alphabet).slice(1, -1)) + "'>" +
-                staticSection + "</span>" +
-                "<span class='hl5'>" + offset1.substr(offset1.length - 2, 1) + "</span>" +
-                "<span class='hl3'>" + offset1.substr(offset1.length - 1) + "</span>";
+                Utils.escapeHtml(staticSection) + "</span>" +
+                "<span class='hl5'>" + Utils.escapeHtml(offset1.substr(offset1.length - 2, 1)) + "</span>" +
+                "<span class='hl3'>" + Utils.escapeHtml(offset1.substr(offset1.length - 1)) + "</span>";
         } else {
             staticSection = offset1;
             offset1 = padding +  "<span data-toggle='tooltip' data-placement='top' title='" +
                 Utils.escapeHtml(fromBase64("AA" + staticSection, alphabet).slice(1)) + "'>" +
-                staticSection + "</span>";
+                Utils.escapeHtml(staticSection) + "</span>";
         }
 
         if (!showVariable) {
-            offset1 = staticSection;
+            offset1 = Utils.escapeHtml(staticSection);
         }
 
         // Highlight offset 2
-        padding = "<span class='hl3'>" + offset2.substr(0, 2) + "</span>" +
-            "<span class='hl5'>" + offset2.substr(2, 1) + "</span>";
+        padding = "<span class='hl3'>" + Utils.escapeHtml(offset2.substr(0, 2)) + "</span>" +
+            "<span class='hl5'>" + Utils.escapeHtml(offset2.substr(2, 1)) + "</span>";
         offset2 = offset2.substr(3);
         if (len2 % 4 === 2) {
             staticSection = offset2.slice(0, -3);
             offset2 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
                 Utils.escapeHtml(fromBase64("AAA" + staticSection, alphabet).slice(2, -2)) + "'>" +
-                staticSection + "</span>" +
-                "<span class='hl5'>" + offset2.substr(offset2.length - 3, 1) + "</span>" +
-                "<span class='hl3'>" + offset2.substr(offset2.length - 2) + "</span>";
+                Utils.escapeHtml(staticSection) + "</span>" +
+                "<span class='hl5'>" + Utils.escapeHtml(offset2.substr(offset2.length - 3, 1)) + "</span>" +
+                "<span class='hl3'>" + Utils.escapeHtml(offset2.substr(offset2.length - 2)) + "</span>";
         } else if (len2 % 4 === 3) {
             staticSection = offset2.slice(0, -2);
             offset2 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
                 Utils.escapeHtml(fromBase64("AAA" + staticSection, alphabet).slice(2, -2)) + "'>" +
-                staticSection + "</span>" +
-                "<span class='hl5'>" + offset2.substr(offset2.length - 2, 1) + "</span>" +
-                "<span class='hl3'>" + offset2.substr(offset2.length - 1) + "</span>";
+                Utils.escapeHtml(staticSection) + "</span>" +
+                "<span class='hl5'>" + Utils.escapeHtml(offset2.substr(offset2.length - 2, 1)) + "</span>" +
+                "<span class='hl3'>" + Utils.escapeHtml(offset2.substr(offset2.length - 1)) + "</span>";
         } else {
             staticSection = offset2;
             offset2 = padding +  "<span data-toggle='tooltip' data-placement='top' title='" +
                 Utils.escapeHtml(fromBase64("AAA" + staticSection, alphabet).slice(2)) + "'>" +
-                staticSection + "</span>";
+                Utils.escapeHtml(staticSection) + "</span>";
         }
 
         if (!showVariable) {
-            offset2 = staticSection;
+            offset2 = Utils.escapeHtml(staticSection);
         }
 
         return (showVariable ? "Characters highlighted in <span class='hl5'>green</span> could change if the input is surrounded by more data." +

package/src/core/operations/ToPunycode.mjs

@@ -5,7 +5,7 @@
  */
 
 import Operation from "../Operation.mjs";
-import punycode from "punycode";
+import punycode from "punycode.js";
 
 /**
  * To Punycode operation

package/src/core/operations/Wrap.mjs

@@ -0,0 +1,47 @@
+/**
+ * @author 0xff1ce [github.com/0xff1ce]
+ * @copyright Crown Copyright 2024
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+
+/**
+ * Wrap operation
+ */
+class Wrap extends Operation {
+
+    /**
+     * Wrap constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Wrap";
+        this.module = "Default";
+        this.description = "Wraps the input text at a specified number of characters per line.";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Line Width",
+                "type": "number",
+                "value": 64,
+            },
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        if (!input) return "";  // Handle empty input
+        const lineWidth = args[0];
+        const regex = new RegExp(`.{1,${lineWidth}}`, "g");
+        return input.match(regex).join("\n");
+    }
+}
+
+export default Wrap;

package/src/core/operations/index.mjs

@@ -114,6 +114,7 @@ import EncodeNetBIOSName from "./EncodeNetBIOSName.mjs";
 import EncodeText from "./EncodeText.mjs";
 import Enigma from "./Enigma.mjs";
 import Entropy from "./Entropy.mjs";
+import EscapeSmartCharacters from "./EscapeSmartCharacters.mjs";
 import EscapeString from "./EscapeString.mjs";
 import EscapeUnicodeCharacters from "./EscapeUnicodeCharacters.mjs";
 import ExpandAlphabetRange from "./ExpandAlphabetRange.mjs";
@@ -283,6 +284,7 @@ import PGPDecrypt from "./PGPDecrypt.mjs";
 import PGPDecryptAndVerify from "./PGPDecryptAndVerify.mjs";
 import PGPEncrypt from "./PGPEncrypt.mjs";
 import PGPEncryptAndSign from "./PGPEncryptAndSign.mjs";
+import PGPSign from "./PGPSign.mjs";
 import PGPVerify from "./PGPVerify.mjs";
 import PHPDeserialize from "./PHPDeserialize.mjs";
 import PHPSerialize from "./PHPSerialize.mjs";
@@ -325,6 +327,7 @@ import RC4Drop from "./RC4Drop.mjs";
 import RC6Decrypt from "./RC6Decrypt.mjs";
 import RC6Encrypt from "./RC6Encrypt.mjs";
 import RIPEMD from "./RIPEMD.mjs";
+import ROR13 from "./ROR13.mjs";
 import ROT13 from "./ROT13.mjs";
 import ROT13BruteForce from "./ROT13BruteForce.mjs";
 import ROT47 from "./ROT47.mjs";
@@ -342,6 +345,7 @@ import RawDeflate from "./RawDeflate.mjs";
 import RawInflate from "./RawInflate.mjs";
 import Register from "./Register.mjs";
 import RegularExpression from "./RegularExpression.mjs";
+import RemoveANSIEscapeCodes from "./RemoveANSIEscapeCodes.mjs";
 import RemoveDiacritics from "./RemoveDiacritics.mjs";
 import RemoveEXIF from "./RemoveEXIF.mjs";
 import RemoveLineNumbers from "./RemoveLineNumbers.mjs";
@@ -466,6 +470,7 @@ import VigenèreDecode from "./VigenèreDecode.mjs";
 import VigenèreEncode from "./VigenèreEncode.mjs";
 import Whirlpool from "./Whirlpool.mjs";
 import WindowsFiletimeToUNIXTimestamp from "./WindowsFiletimeToUNIXTimestamp.mjs";
+import Wrap from "./Wrap.mjs";
 import XKCDRandomNumber from "./XKCDRandomNumber.mjs";
 import XMLBeautify from "./XMLBeautify.mjs";
 import XMLMinify from "./XMLMinify.mjs";
@@ -592,6 +597,7 @@ export {
     EncodeText,
     Enigma,
     Entropy,
+    EscapeSmartCharacters,
     EscapeString,
     EscapeUnicodeCharacters,
     ExpandAlphabetRange,
@@ -761,6 +767,7 @@ export {
     PGPDecryptAndVerify,
     PGPEncrypt,
     PGPEncryptAndSign,
+    PGPSign,
     PGPVerify,
     PHPDeserialize,
     PHPSerialize,
@@ -803,6 +810,7 @@ export {
     RC6Decrypt,
     RC6Encrypt,
     RIPEMD,
+    ROR13,
     ROT13,
     ROT13BruteForce,
     ROT47,
@@ -820,6 +828,7 @@ export {
     RawInflate,
     Register,
     RegularExpression,
+    RemoveANSIEscapeCodes,
     RemoveDiacritics,
     RemoveEXIF,
     RemoveLineNumbers,
@@ -944,6 +953,7 @@ export {
     VigenèreEncode,
     Whirlpool,
     WindowsFiletimeToUNIXTimestamp,
+    Wrap,
     XKCDRandomNumber,
     XMLBeautify,
     XMLMinify,

package/src/node/NodeRecipe.mjs

@@ -88,16 +88,17 @@ class NodeRecipe {
      * @param {NodeDish} dish
      * @returns {NodeDish}
      */
-    execute(dish) {
-        return this.opList.reduce((prev, curr) => {
-            // CASE where opList item is op and args
+    async execute(dish) {
+        let prev = dish;
+        for (const curr of this.opList) {
             if (Object.prototype.hasOwnProperty.call(curr, "op") &&
                 Object.prototype.hasOwnProperty.call(curr, "args")) {
-                return curr.op(prev, curr.args);
+                prev = await curr.op(prev, curr.args);
+            } else {
+                prev = await curr(prev);
             }
-            // CASE opList item is just op.
-            return curr(prev);
-        }, dish);
+        }
+        return prev;
     }
 }
 

package/src/node/api.mjs

@@ -10,7 +10,7 @@
 
 import NodeDish from "./NodeDish.mjs";
 import NodeRecipe from "./NodeRecipe.mjs";
-import OperationConfig from "../core/config/OperationConfig.json" assert {type: "json"};
+import OperationConfig from "../core/config/OperationConfig.json" with { type: "json" };
 import { sanitise, removeSubheadingsFromArray, sentenceToCamelCase } from "./apiUtils.mjs";
 import ExcludedOperationError from "../core/errors/ExcludedOperationError.mjs";
 
@@ -324,10 +324,10 @@ export function help(input) {
  * @returns {NodeDish} of the result
  * @throws {TypeError} if invalid recipe given.
  */
-export function bake(input, recipeConfig) {
-    const recipe =  new NodeRecipe(recipeConfig);
+export async function bake(input, recipeConfig) {
+    const recipe = new NodeRecipe(recipeConfig);
     const dish = ensureIsDish(input);
-    return recipe.execute(dish);
+    return await recipe.execute(dish);
 }
 
 

package/src/node/index.mjs

@@ -122,6 +122,7 @@ import {
     EncodeText as core_EncodeText,
     Enigma as core_Enigma,
     Entropy as core_Entropy,
+    EscapeSmartCharacters as core_EscapeSmartCharacters,
     EscapeString as core_EscapeString,
     EscapeUnicodeCharacters as core_EscapeUnicodeCharacters,
     ExpandAlphabetRange as core_ExpandAlphabetRange,
@@ -284,6 +285,7 @@ import {
     PGPDecryptAndVerify as core_PGPDecryptAndVerify,
     PGPEncrypt as core_PGPEncrypt,
     PGPEncryptAndSign as core_PGPEncryptAndSign,
+    PGPSign as core_PGPSign,
     PGPVerify as core_PGPVerify,
     PHPDeserialize as core_PHPDeserialize,
     PHPSerialize as core_PHPSerialize,
@@ -326,6 +328,7 @@ import {
     RC6Decrypt as core_RC6Decrypt,
     RC6Encrypt as core_RC6Encrypt,
     RIPEMD as core_RIPEMD,
+    ROR13 as core_ROR13,
     ROT13 as core_ROT13,
     ROT13BruteForce as core_ROT13BruteForce,
     ROT47 as core_ROT47,
@@ -343,6 +346,7 @@ import {
     RawInflate as core_RawInflate,
     Register as core_Register,
     RegularExpression as core_RegularExpression,
+    RemoveANSIEscapeCodes as core_RemoveANSIEscapeCodes,
     RemoveDiacritics as core_RemoveDiacritics,
     RemoveEXIF as core_RemoveEXIF,
     RemoveLineNumbers as core_RemoveLineNumbers,
@@ -466,6 +470,7 @@ import {
     VigenèreEncode as core_VigenèreEncode,
     Whirlpool as core_Whirlpool,
     WindowsFiletimeToUNIXTimestamp as core_WindowsFiletimeToUNIXTimestamp,
+    Wrap as core_Wrap,
     XKCDRandomNumber as core_XKCDRandomNumber,
     XMLBeautify as core_XMLBeautify,
     XMLMinify as core_XMLMinify,
@@ -600,6 +605,7 @@ function generateChef() {
         "encodeText": _wrap(core_EncodeText),
         "enigma": _wrap(core_Enigma),
         "entropy": _wrap(core_Entropy),
+        "escapeSmartCharacters": _wrap(core_EscapeSmartCharacters),
         "escapeString": _wrap(core_EscapeString),
         "escapeUnicodeCharacters": _wrap(core_EscapeUnicodeCharacters),
         "expandAlphabetRange": _wrap(core_ExpandAlphabetRange),
@@ -762,6 +768,7 @@ function generateChef() {
         "PGPDecryptAndVerify": _wrap(core_PGPDecryptAndVerify),
         "PGPEncrypt": _wrap(core_PGPEncrypt),
         "PGPEncryptAndSign": _wrap(core_PGPEncryptAndSign),
+        "PGPSign": _wrap(core_PGPSign),
         "PGPVerify": _wrap(core_PGPVerify),
         "PHPDeserialize": _wrap(core_PHPDeserialize),
         "PHPSerialize": _wrap(core_PHPSerialize),
@@ -804,6 +811,7 @@ function generateChef() {
         "RC6Decrypt": _wrap(core_RC6Decrypt),
         "RC6Encrypt": _wrap(core_RC6Encrypt),
         "RIPEMD": _wrap(core_RIPEMD),
+        "ROR13": _wrap(core_ROR13),
         "ROT13": _wrap(core_ROT13),
         "ROT13BruteForce": _wrap(core_ROT13BruteForce),
         "ROT47": _wrap(core_ROT47),
@@ -821,6 +829,7 @@ function generateChef() {
         "rawInflate": _wrap(core_RawInflate),
         "register": _wrap(core_Register),
         "regularExpression": _wrap(core_RegularExpression),
+        "removeANSIEscapeCodes": _wrap(core_RemoveANSIEscapeCodes),
         "removeDiacritics": _wrap(core_RemoveDiacritics),
         "removeEXIF": _wrap(core_RemoveEXIF),
         "removeLineNumbers": _wrap(core_RemoveLineNumbers),
@@ -944,6 +953,7 @@ function generateChef() {
         "vigenèreEncode": _wrap(core_VigenèreEncode),
         "whirlpool": _wrap(core_Whirlpool),
         "windowsFiletimeToUNIXTimestamp": _wrap(core_WindowsFiletimeToUNIXTimestamp),
+        "wrap": _wrap(core_Wrap),
         "XKCDRandomNumber": _wrap(core_XKCDRandomNumber),
         "XMLBeautify": _wrap(core_XMLBeautify),
         "XMLMinify": _wrap(core_XMLMinify),
@@ -1088,6 +1098,7 @@ const encodeNetBIOSName = chef.encodeNetBIOSName;
 const encodeText = chef.encodeText;
 const enigma = chef.enigma;
 const entropy = chef.entropy;
+const escapeSmartCharacters = chef.escapeSmartCharacters;
 const escapeString = chef.escapeString;
 const escapeUnicodeCharacters = chef.escapeUnicodeCharacters;
 const expandAlphabetRange = chef.expandAlphabetRange;
@@ -1257,6 +1268,7 @@ const PGPDecrypt = chef.PGPDecrypt;
 const PGPDecryptAndVerify = chef.PGPDecryptAndVerify;
 const PGPEncrypt = chef.PGPEncrypt;
 const PGPEncryptAndSign = chef.PGPEncryptAndSign;
+const PGPSign = chef.PGPSign;
 const PGPVerify = chef.PGPVerify;
 const PHPDeserialize = chef.PHPDeserialize;
 const PHPSerialize = chef.PHPSerialize;
@@ -1299,6 +1311,7 @@ const RC4Drop = chef.RC4Drop;
 const RC6Decrypt = chef.RC6Decrypt;
 const RC6Encrypt = chef.RC6Encrypt;
 const RIPEMD = chef.RIPEMD;
+const ROR13 = chef.ROR13;
 const ROT13 = chef.ROT13;
 const ROT13BruteForce = chef.ROT13BruteForce;
 const ROT47 = chef.ROT47;
@@ -1316,6 +1329,7 @@ const rawDeflate = chef.rawDeflate;
 const rawInflate = chef.rawInflate;
 const register = chef.register;
 const regularExpression = chef.regularExpression;
+const removeANSIEscapeCodes = chef.removeANSIEscapeCodes;
 const removeDiacritics = chef.removeDiacritics;
 const removeEXIF = chef.removeEXIF;
 const removeLineNumbers = chef.removeLineNumbers;
@@ -1440,6 +1454,7 @@ const vigenèreDecode = chef.vigenèreDecode;
 const vigenèreEncode = chef.vigenèreEncode;
 const whirlpool = chef.whirlpool;
 const windowsFiletimeToUNIXTimestamp = chef.windowsFiletimeToUNIXTimestamp;
+const wrap = chef.wrap;
 const XKCDRandomNumber = chef.XKCDRandomNumber;
 const XMLBeautify = chef.XMLBeautify;
 const XMLMinify = chef.XMLMinify;
@@ -1568,6 +1583,7 @@ const operations = [
     encodeText,
     enigma,
     entropy,
+    escapeSmartCharacters,
     escapeString,
     escapeUnicodeCharacters,
     expandAlphabetRange,
@@ -1737,6 +1753,7 @@ const operations = [
     PGPDecryptAndVerify,
     PGPEncrypt,
     PGPEncryptAndSign,
+    PGPSign,
     PGPVerify,
     PHPDeserialize,
     PHPSerialize,
@@ -1779,6 +1796,7 @@ const operations = [
     RC6Decrypt,
     RC6Encrypt,
     RIPEMD,
+    ROR13,
     ROT13,
     ROT13BruteForce,
     ROT47,
@@ -1796,6 +1814,7 @@ const operations = [
     rawInflate,
     register,
     regularExpression,
+    removeANSIEscapeCodes,
     removeDiacritics,
     removeEXIF,
     removeLineNumbers,
@@ -1920,6 +1939,7 @@ const operations = [
     vigenèreEncode,
     whirlpool,
     windowsFiletimeToUNIXTimestamp,
+    wrap,
     XKCDRandomNumber,
     XMLBeautify,
     XMLMinify,
@@ -2052,6 +2072,7 @@ export {
     encodeText,
     enigma,
     entropy,
+    escapeSmartCharacters,
     escapeString,
     escapeUnicodeCharacters,
     expandAlphabetRange,
@@ -2221,6 +2242,7 @@ export {
     PGPDecryptAndVerify,
     PGPEncrypt,
     PGPEncryptAndSign,
+    PGPSign,
     PGPVerify,
     PHPDeserialize,
     PHPSerialize,
@@ -2263,6 +2285,7 @@ export {
     RC6Decrypt,
     RC6Encrypt,
     RIPEMD,
+    ROR13,
     ROT13,
     ROT13BruteForce,
     ROT47,
@@ -2280,6 +2303,7 @@ export {
     rawInflate,
     register,
     regularExpression,
+    removeANSIEscapeCodes,
     removeDiacritics,
     removeEXIF,
     removeLineNumbers,
@@ -2404,6 +2428,7 @@ export {
     vigenèreEncode,
     whirlpool,
     windowsFiletimeToUNIXTimestamp,
+    wrap,
     XKCDRandomNumber,
     XMLBeautify,
     XMLMinify,

package/src/web/App.mjs

@@ -42,6 +42,14 @@ class App {
         this.progress      = 0;
         this.ingId         = 0;
 
+        // stateChangeId increments on every statechange dispatch; bakeStateId records
+        // the stateChangeId captured when the most recent bake started. autoBake uses
+        // these to decide whether the output is genuinely stale, so a debounced
+        // autoBake firing shortly after a manual bake doesn't clobber the bake's
+        // hideStaleIndicator with a redundant showStaleIndicator.
+        this.stateChangeId = 0;
+        this.bakeStateId   = -1;
+
         this.appLoaded     = false;
         this.workerLoaded  = false;
         this.waitersLoaded = false;
@@ -136,6 +144,9 @@ class App {
     bake(step=false) {
         if (this.baking) return;
 
+        // Record which state version this bake is covering.
+        this.bakeStateId = this.stateChangeId;
+
         // Reset attemptHighlight flag
         this.options.attemptHighlight = true;
 
@@ -166,7 +177,10 @@ class App {
                 nums: [this.manager.tabs.getActiveTab("input")],
                 step: false
             });
-        } else {
+        } else if (this.bakeStateId < this.stateChangeId) {
+            // Only show stale-indicator if the most recent bake didn't cover the
+            // current state. Without this guard, a debounced autoBake firing after
+            // a manual bake completed would re-show the indicator on fresh output.
             this.manager.controls.showStaleIndicator();
         }
     }
@@ -768,6 +782,10 @@ class App {
      * @param {event} e
      */
     stateChange(e) {
+        // Bump the state-change counter synchronously so a manual bake invoked between
+        // here and the debounced autoBake firing can record it via bakeStateId.
+        this.stateChangeId++;
+
         debounce(function() {
             this.progress = 0;
             this.autoBake();

package/src/web/HTMLIngredient.mjs

@@ -166,6 +166,7 @@ class HTMLIngredient {
                         id="${this.id}"
                         tabindex="${this.tabIndex}"
                         arg-name="${this.name}"
+                        data-target="${this.target}"
                         ${this.disabled ? "disabled" : ""}>`;
                 for (i = 0; i < this.value.length; i++) {
                     if ((m = this.value[i].name.match(/\[([a-z0-9 -()^]+)\]/i))) {

package/src/web/html/index.html

@@ -868,15 +868,15 @@
                             Be aware that the standalone version will never update itself, meaning it will not receive bug fixes or new features until you re-download newer versions manually.
                         </p>
 
-                        <h6>CyberChef v<%= htmlWebpackPlugin.options.version %></h6>
+                        <h6>CyberChef <%= htmlWebpackPlugin.options.version %></h6>
                         <ul>
                             <li>Build time: <%= htmlWebpackPlugin.options.compileTime %></li>
-                            <li>The changelog for this version can be viewed <a href="https://github.com/gchq/CyberChef/blob/v<%= htmlWebpackPlugin.options.version %>/CHANGELOG.md">here</a></li>
+                            <li>The changelog for this version can be viewed <a href="https://github.com/gchq/CyberChef/blob/v<%= htmlWebpackPlugin.options.latestReleaseVersion %>/CHANGELOG.md">here</a></li>
                             <li>&copy; Crown Copyright 2016-<%= htmlWebpackPlugin.options.compileYear %></li>
                             <li>Released under the Apache Licence, Version 2.0</li>
                             <li>SHA256 hash: DOWNLOAD_HASH_PLACEHOLDER</li>
                         </ul>
-                        <a href="CyberChef_v<%= htmlWebpackPlugin.options.version %>.zip" download class="btn btn-outline-primary">Download ZIP file</a>
+                        <a href="<%= htmlWebpackPlugin.options.downloadZipFilename %>" download class="btn btn-outline-primary">Download ZIP file</a>
                     </div>
                     <div class="modal-footer">
                         <button type="button" class="btn btn-primary" data-dismiss="modal">Ok</button>

package/src/web/index.js

@@ -17,8 +17,8 @@ import * as CanvasComponents from "../core/lib/CanvasComponents.mjs";
 
 // CyberChef
 import App from "./App.mjs";
-import Categories from "../core/config/Categories.json" assert {type: "json"};
-import OperationConfig from "../core/config/OperationConfig.json" assert {type: "json"};
+import Categories from "../core/config/Categories.json" with { type: "json" };
+import OperationConfig from "../core/config/OperationConfig.json" with { type: "json" };
 
 
 /**