npm - jspdf-md-renderer - Versions diffs - 4.0.0 → 4.1.0 - Mend

jspdf-md-renderer 4.0.0 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.umd.js CHANGED Viewed

@@ -102,7 +102,8 @@
 	* - Quoted values: width="200.5" or width='200'
 	* - Decimal values: width=200.5
 	*/
-	const ATTR_PAIR_REGEX = /(\w+)\s*=\s*(?:"([^"]*)"|'([^']*)'|(\S+))/g;
+	const ATTR_PAIR_REGEX = /(\w+)\s*=\s*(?:"([^"]*)"|'([^']*)'|([\w.+-]+))/g;
+	const MAX_ATTR_BLOCK_LENGTH = 500;
 	/** Valid alignment values */
 	const VALID_ALIGNMENTS = [
 		"left",
@@ -126,6 +127,11 @@
 	*/
 	const parseRawAttributes = (attrString) => {
 		const attrs = {};
+		if (attrString.length > MAX_ATTR_BLOCK_LENGTH) {
+			console.warn(`[jspdf-md-renderer] Image attribute block too long (${attrString.length} chars), skipping attribute parsing.`);
+			return attrs;
+		}
+		ATTR_PAIR_REGEX.lastIndex = 0;
 		let match;
 		while ((match = ATTR_PAIR_REGEX.exec(attrString)) !== null) {
 			const key = match[1].toLowerCase();
@@ -418,12 +424,384 @@
 	const getCharHight = (doc) => {
 		return doc.getFontSize() / doc.internal.scaleFactor;
 	};
+	/**
+	* Saves the current jsPDF font, size, and text color, executes `fn`,
+	* then restores those properties — even if `fn` throws.
+	*/
+	const withSavedDocState = (doc, fn) => {
+		const savedFont = doc.getFont();
+		const savedSize = doc.getFontSize();
+		const savedColor = doc.getTextColor();
+		try {
+			return fn();
+		} finally {
+			doc.setFont(savedFont.fontName, savedFont.fontStyle);
+			doc.setFontSize(savedSize);
+			doc.setTextColor(savedColor);
+		}
+	};
+	//#endregion
+	//#region src/types/security.ts
+	var SecurityViolationError = class extends Error {
+		constructor(violation) {
+			super(violation.message);
+			this.name = "SecurityViolationError";
+			this.violation = violation;
+		}
+	};
+	//#endregion
+	//#region src/security/security-policy.ts
+	const DEFAULT_SECURITY = {
+		enabled: false,
+		allowedLinkProtocols: [
+			"https:",
+			"http:",
+			"mailto:",
+			"tel:"
+		],
+		disablePdfLinks: false,
+		allowRemoteImages: true,
+		allowedImageProtocols: ["https:", "http:"],
+		allowedImageDomains: void 0,
+		allowDataUrls: true,
+		allowSvgImages: true,
+		blockLocalhost: true,
+		blockPrivateIPs: true,
+		blockLinkLocalIPs: true,
+		blockMetadataIPs: true,
+		maxMarkdownLength: 5e5,
+		maxImageCount: 200,
+		maxImageSizeBytes: 10 * 1024 * 1024,
+		maxNestedDepth: 20,
+		renderTimeoutMs: 3e4,
+		violationMode: "skip",
+		placeholderText: "[blocked]",
+		placeholderImageText: "[blocked image]"
+	};
+	const normalizeProtocol = (v) => `${v.trim().toLowerCase().replace(/:$/, "")}:`;
+	const normalizeDomain = (v) => v.trim().toLowerCase();
+	const clampInteger = (value, min, max) => Math.min(max, Math.max(min, Math.floor(value)));
+	const isNodeEnvironment = () => typeof process !== "undefined" && process.versions != null && process.versions.node != null;
+	/**
+	* Merges user-provided security config with safe defaults and
+	* validates/clamps numeric and enum fields.
+	*/
+	const normalizeSecurityOptions = (security) => {
+		if (!security) return { ...DEFAULT_SECURITY };
+		const merged = {
+			...DEFAULT_SECURITY,
+			...security,
+			allowedLinkProtocols: security.allowedLinkProtocols?.map(normalizeProtocol) ?? DEFAULT_SECURITY.allowedLinkProtocols,
+			allowedImageProtocols: security.allowedImageProtocols?.map(normalizeProtocol) ?? DEFAULT_SECURITY.allowedImageProtocols,
+			allowedImageDomains: security.allowedImageDomains !== void 0 ? security.allowedImageDomains.map(normalizeDomain) : DEFAULT_SECURITY.allowedImageDomains
+		};
+		if (![
+			"skip",
+			"throw",
+			"placeholder"
+		].includes(merged.violationMode || "skip")) throw new Error("[jspdf-md-renderer] security.violationMode must be skip | throw | placeholder");
+		for (const field of [
+			"maxMarkdownLength",
+			"maxImageCount",
+			"maxImageSizeBytes",
+			"maxNestedDepth",
+			"renderTimeoutMs"
+		]) {
+			const value = merged[field];
+			if (value !== void 0 && (!Number.isFinite(value) || value < 0)) throw new Error(`[jspdf-md-renderer] security.${field} must be a non-negative number`);
+		}
+		merged.maxMarkdownLength = clampInteger(merged.maxMarkdownLength || 0, 0, 5e6);
+		merged.maxImageCount = clampInteger(merged.maxImageCount || 0, 0, 1e4);
+		merged.maxImageSizeBytes = clampInteger(merged.maxImageSizeBytes || 0, 0, 100 * 1024 * 1024);
+		merged.maxNestedDepth = clampInteger(merged.maxNestedDepth || 0, 0, 100);
+		merged.renderTimeoutMs = clampInteger(merged.renderTimeoutMs || 0, 0, 3e5);
+		return merged;
+	};
+	const metadataHosts = new Set([
+		"metadata.google.internal",
+		"metadata",
+		"instance-data"
+	]);
+	const isIPv4InCidr = (ip, cidrBase, cidrMask) => {
+		const toNum = (s) => s.split(".").reduce((acc, part) => (acc << 8) + Number(part), 0) >>> 0;
+		const ipNum = toNum(ip);
+		const baseNum = toNum(cidrBase);
+		const mask = cidrMask === 0 ? 0 : 4294967295 << 32 - cidrMask >>> 0;
+		return (ipNum & mask) === (baseNum & mask);
+	};
+	const isLocalhostHost = (host) => host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "[::1]";
+	const isPrivateIPv4 = (ip) => isIPv4InCidr(ip, "10.0.0.0", 8) || isIPv4InCidr(ip, "172.16.0.0", 12) || isIPv4InCidr(ip, "192.168.0.0", 16);
+	const isLinkLocalIPv4 = (ip) => isIPv4InCidr(ip, "169.254.0.0", 16);
+	const isMetadataIP = (ip) => ip === "169.254.169.254" || ip === "100.100.100.200";
+	/**
+	* Parses an IPv6 address string into a BigInt for range comparison.
+	* Supports compressed and IPv4-mapped forms.
+	*/
+	const parseIPv6ToBigInt = (ip) => {
+		let stripped = ip.replace(/^\[|\]$/g, "").toLowerCase();
+		if (stripped.includes(".")) {
+			const lastColon = stripped.lastIndexOf(":");
+			if (lastColon < 0) return null;
+			const ipv4Part = stripped.slice(lastColon + 1);
+			const prefix = stripped.slice(0, lastColon);
+			const parts = ipv4Part.split(".").map(Number);
+			if (parts.length !== 4 || parts.some((p) => Number.isNaN(p) || p < 0 || p > 255)) return null;
+			stripped = `${prefix}:${(parts[0] << 8 | parts[1]).toString(16)}:${(parts[2] << 8 | parts[3]).toString(16)}`;
+		}
+		let expanded = stripped;
+		if (expanded.includes("::")) {
+			const parts = expanded.split("::");
+			if (parts.length !== 2) return null;
+			const leftGroups = parts[0] ? parts[0].split(":") : [];
+			const rightGroups = parts[1] ? parts[1].split(":") : [];
+			const missing = 8 - leftGroups.length - rightGroups.length;
+			if (missing < 0) return null;
+			expanded = [
+				...leftGroups,
+				...Array(missing).fill("0"),
+				...rightGroups
+			].join(":");
+		}
+		const groups = expanded.split(":");
+		if (groups.length !== 8) return null;
+		try {
+			return groups.reduce((acc, g) => {
+				const n = parseInt(g || "0", 16);
+				if (Number.isNaN(n)) throw new Error("invalid hex");
+				return (acc << 16n) + BigInt(n);
+			}, 0n);
+		} catch {
+			return null;
+		}
+	};
+	const MAX_IPV6 = (1n << 128n) - 1n;
+	const isIPv6InRange = (ip, prefixBigInt, prefixLength) => {
+		const ipNum = parseIPv6ToBigInt(ip);
+		if (ipNum === null) return false;
+		const mask = prefixLength === 0 ? 0n : MAX_IPV6 << BigInt(128 - prefixLength) & MAX_IPV6;
+		return (ipNum & mask) === (prefixBigInt & mask);
+	};
+	const isLoopbackIPv6 = (ip) => {
+		return parseIPv6ToBigInt(ip) === 1n;
+	};
+	const isUniqueLocalIPv6 = (ip) => isIPv6InRange(ip, 64512n << 112n, 7);
+	const isLinkLocalIPv6 = (ip) => isIPv6InRange(ip, 65152n << 112n, 10);
+	const extractIPv4Mapped = (ip) => {
+		const stripped = ip.replace(/^\[|\]$/g, "");
+		const dottedMatch = stripped.match(/^::ffff:(\d+\.\d+\.\d+\.\d+)$/i);
+		if (dottedMatch) return dottedMatch[1];
+		const ipNum = parseIPv6ToBigInt(stripped);
+		if (ipNum === null) return null;
+		if (ipNum >> 32n !== 65535n) return null;
+		const low32 = Number(ipNum & 4294967295n);
+		return `${low32 >>> 24 & 255}.${low32 >>> 16 & 255}.${low32 >>> 8 & 255}.${low32 & 255}`;
+	};
+	const isIPv4MappedPrivate = (ip) => {
+		const mapped = extractIPv4Mapped(ip);
+		return mapped ? isPrivateIPv4(mapped) : false;
+	};
+	const isIPv4MappedLinkLocal = (ip) => {
+		const mapped = extractIPv4Mapped(ip);
+		return mapped ? isLinkLocalIPv4(mapped) : false;
+	};
+	const isIPv4MappedMetadata = (ip) => {
+		const mapped = extractIPv4Mapped(ip);
+		return mapped ? isMetadataIP(mapped) : false;
+	};
+	/**
+	* Resolves a hostname to IP addresses.
+	* Returns null when resolution is unavailable (browser runtime).
+	*/
+	const resolveHostToIPs = async (host) => {
+		const stripped = host.replace(/^\[|\]$/g, "");
+		if (/^\d{1,3}(\.\d{1,3}){3}$/.test(stripped)) return [stripped];
+		if (stripped.includes(":")) return [stripped];
+		if (!isNodeEnvironment()) return null;
+		try {
+			return (await (await import("node:dns")).promises.lookup(stripped, { all: true })).map((entry) => entry.address);
+		} catch {
+			return [];
+		}
+	};
+	/**
+	* Returns the action the caller should take for the violating element.
+	* Throws SecurityViolationError when violationMode is 'throw'.
+	*/
+	const handleSecurityViolation = (security, violation) => {
+		const fullViolation = {
+			...violation,
+			timestamp: (/* @__PURE__ */ new Date()).toISOString()
+		};
+		try {
+			security.onSecurityViolation?.(fullViolation);
+		} catch (error) {
+			console.warn("[jspdf-md-renderer] security.onSecurityViolation callback failed:", error);
+		}
+		const mode = security.violationMode || "skip";
+		if (mode === "throw") throw new SecurityViolationError(fullViolation);
+		if (mode === "placeholder") return "placeholder";
+		return "skip";
+	};
+	const createViolation = (code, type, message, value, context) => ({
+		code,
+		type,
+		message,
+		value,
+		context
+	});
+	/**
+	* Returns true when:
+	* - allowedDomains is undefined (feature not configured, allow all), OR
+	* - host matches an entry in the allowlist.
+	*
+	* An explicitly empty allowedDomains array means no domains are permitted.
+	*/
+	const isAllowedDomain = (host, allowedDomains) => {
+		if (allowedDomains === void 0) return true;
+		if (allowedDomains.length === 0) return false;
+		return allowedDomains.some((domain) => host === domain || host.endsWith(`.${domain}`));
+	};
+	const classifyUrl = (raw) => {
+		if (/^[a-zA-Z][a-zA-Z\d+\-.]*:/.test(raw)) return "explicitScheme";
+		if (raw.startsWith("//")) return "protocolRelative";
+		return "relativePath";
+	};
+	/**
+	* Validates link/image URLs against protocol/domain/SSRF rules.
+	*
+	* URL classification:
+	* - Protocol-relative (`//host/path`): treated as external absolute and validated.
+	* - Explicit scheme (`https://...`): fully validated.
+	* - Relative path (`/x`, `./x`, `../x`, `?x`, `#x`): allowed by default.
+	*/
+	const validateResourceUrl = async (rawValue, type, security, context) => {
+		const urlClass = classifyUrl(rawValue);
+		if (urlClass === "relativePath") {
+			if (security.validateUrl) {
+				let relativeUrl;
+				try {
+					relativeUrl = new URL(rawValue, "https://relative.local");
+				} catch {
+					handleSecurityViolation(security, createViolation("INVALID_URL", type, "Invalid relative URL", rawValue, context));
+					return false;
+				}
+				if (!await security.validateUrl(relativeUrl, type)) {
+					handleSecurityViolation(security, createViolation("CUSTOM_VALIDATOR_BLOCKED", type, "Custom URL validator rejected relative URL", rawValue, context));
+					return false;
+				}
+			}
+			return true;
+		}
+		let canonicalRaw = rawValue;
+		if (urlClass === "protocolRelative") canonicalRaw = `https:${rawValue}`;
+		let parsed;
+		try {
+			parsed = new URL(canonicalRaw);
+		} catch {
+			handleSecurityViolation(security, createViolation("INVALID_URL", type, "Invalid URL", rawValue, context));
+			return false;
+		}
+		if (urlClass !== "protocolRelative") {
+			const protocol = normalizeProtocol(parsed.protocol);
+			if (!(type === "link" ? security.allowedLinkProtocols || DEFAULT_SECURITY.allowedLinkProtocols : security.allowedImageProtocols || DEFAULT_SECURITY.allowedImageProtocols).includes(protocol)) {
+				handleSecurityViolation(security, createViolation(type === "link" ? "LINK_PROTOCOL_BLOCKED" : "IMAGE_PROTOCOL_BLOCKED", type, `${type} protocol is blocked`, rawValue, context));
+				return false;
+			}
+		}
+		if (type === "image" && !isAllowedDomain(parsed.hostname.toLowerCase(), security.allowedImageDomains)) {
+			handleSecurityViolation(security, createViolation("IMAGE_DOMAIN_BLOCKED", type, "Image domain is blocked", rawValue, context));
+			return false;
+		}
+		const host = parsed.hostname.toLowerCase();
+		if (security.blockLocalhost && isLocalhostHost(host)) {
+			handleSecurityViolation(security, createViolation("LOCALHOST_BLOCKED", type, "Localhost URL is blocked", rawValue, context));
+			return false;
+		}
+		if (security.blockMetadataIPs && metadataHosts.has(host)) {
+			handleSecurityViolation(security, createViolation("METADATA_IP_BLOCKED", type, "Metadata host is blocked", rawValue, context));
+			return false;
+		}
+		const ips = await resolveHostToIPs(host);
+		if (ips === null) {
+			if (type === "image") console.warn("[jspdf-md-renderer] Security warning: IP-based SSRF checks (blockPrivateIPs, blockLinkLocalIPs, blockMetadataIPs) cannot be fully enforced in browser environments. Route image fetching through a trusted server-side proxy.");
+		} else for (const ip of ips) {
+			if (security.blockLocalhost && isLocalhostHost(ip)) {
+				handleSecurityViolation(security, createViolation("LOCALHOST_BLOCKED", type, "Localhost IP is blocked", rawValue, context));
+				return false;
+			}
+			if (security.blockPrivateIPs && isPrivateIPv4(ip)) {
+				handleSecurityViolation(security, createViolation("PRIVATE_IP_BLOCKED", type, "Private IP is blocked", rawValue, context));
+				return false;
+			}
+			if (security.blockLinkLocalIPs && isLinkLocalIPv4(ip)) {
+				handleSecurityViolation(security, createViolation("LINK_LOCAL_IP_BLOCKED", type, "Link-local IP is blocked", rawValue, context));
+				return false;
+			}
+			if (security.blockMetadataIPs && isMetadataIP(ip)) {
+				handleSecurityViolation(security, createViolation("METADATA_IP_BLOCKED", type, "Metadata IP is blocked", rawValue, context));
+				return false;
+			}
+			if (security.blockLocalhost && isLoopbackIPv6(ip)) {
+				handleSecurityViolation(security, createViolation("LOCALHOST_BLOCKED", type, "IPv6 loopback is blocked", rawValue, context));
+				return false;
+			}
+			if (security.blockPrivateIPs && (isUniqueLocalIPv6(ip) || isIPv4MappedPrivate(ip))) {
+				handleSecurityViolation(security, createViolation("PRIVATE_IP_BLOCKED", type, "IPv6 private address is blocked", rawValue, context));
+				return false;
+			}
+			if (security.blockLinkLocalIPs && (isLinkLocalIPv6(ip) || isIPv4MappedLinkLocal(ip))) {
+				handleSecurityViolation(security, createViolation("LINK_LOCAL_IP_BLOCKED", type, "IPv6 link-local address is blocked", rawValue, context));
+				return false;
+			}
+			if (security.blockMetadataIPs && isIPv4MappedMetadata(ip)) {
+				handleSecurityViolation(security, createViolation("METADATA_IP_BLOCKED", type, "IPv4-mapped metadata IP is blocked", rawValue, context));
+				return false;
+			}
+		}
+		if (security.validateUrl) {
+			if (!await security.validateUrl(parsed, type)) {
+				handleSecurityViolation(security, createViolation("CUSTOM_VALIDATOR_BLOCKED", type, "Custom URL validator rejected URL", rawValue, context));
+				return false;
+			}
+		}
+		return true;
+	};
+	/**
+	* Returns true when the value is a `data:` URL.
+	*/
+	const isDataUrl = (value) => value.trim().toLowerCase().startsWith("data:");
+	/**
+	* Returns true when the value is an SVG data URL.
+	*/
+	const isSvgDataUrl = (value) => {
+		const normalized = value.trim().toLowerCase();
+		return normalized.startsWith("data:image/svg+xml") || normalized.startsWith("data:image/svg");
+	};
 	//#endregion
 	//#region src/utils/image-utils.ts
 	/**
 	* Standard DPI for web/screen pixels.
 	*/
 	const DEFAULT_DPI = 96;
+	const getDataUrlPayloadByteSize = (dataUrl) => {
+		const commaIndex = dataUrl.indexOf(",");
+		if (commaIndex < 0) return null;
+		const metadata = dataUrl.slice(0, commaIndex).toLowerCase();
+		const payload = dataUrl.slice(commaIndex + 1);
+		if (metadata.includes(";base64")) {
+			const normalized = payload.replace(/\s/g, "");
+			const padding = normalized.match(/=*$/)?.[0].length ?? 0;
+			return Math.floor(normalized.length * 3 / 4) - padding;
+		}
+		try {
+			const decoded = decodeURIComponent(payload);
+			if (typeof TextEncoder !== "undefined") return new TextEncoder().encode(decoded).length;
+			if (typeof Buffer !== "undefined") return Buffer.from(decoded, "utf-8").byteLength;
+			return decoded.length;
+		} catch {
+			return null;
+		}
+	};
 	/**
 	* Converts pixel values to the document's unit system.
 	* Uses 96 DPI as the standard web pixel density.
@@ -441,6 +819,29 @@
 		}
 	};
 	/**
+	* Detects the image format from a ParsedElement's data URI and source URL.
+	* Returns a format string suitable for jsPDF's addImage (e.g. 'PNG', 'JPEG').
+	*/
+	const detectImageFormat = (element) => {
+		if (element.data) {
+			if (element.data.startsWith("data:image/png")) return "PNG";
+			if (element.data.startsWith("data:image/jpeg") || element.data.startsWith("data:image/jpg")) return "JPEG";
+			if (element.data.startsWith("data:image/webp")) return "WEBP";
+			if (element.data.startsWith("data:image/gif")) return "GIF";
+		}
+		if (element.src) {
+			const ext = element.src.split("?")[0].split("#")[0].split(".").pop()?.toUpperCase();
+			if (ext && [
+				"PNG",
+				"JPEG",
+				"JPG",
+				"WEBP",
+				"GIF"
+			].includes(ext)) return ext === "JPG" ? "JPEG" : ext;
+		}
+		return "JPEG";
+	};
+	/**
 	* Extracts width and height from an SVG data URI if possible.
 	*/
 	const extractSvgDimensions = (dataUri) => {
@@ -536,14 +937,84 @@
 	* Recursively traverses parsed elements and loads image data for Image tokens.
 	* @param elements - The parsed elements to process.
 	*/
-	const prefetchImages = async (elements) => {
+	const prefetchImages = async (elements, security) => {
 		for (const element of elements) {
 			if (element.type === "image" && element.src) try {
-				if (element.src.startsWith("data:")) element.data = element.src;
-				else {
-					const response = await fetch(element.src);
+				if (security?.enabled) if (isDataUrl(element.src)) {
+					if (isSvgDataUrl(element.src) && !security.allowSvgImages) {
+						handleSecurityViolation(security, {
+							code: "SVG_BLOCKED",
+							type: "image",
+							message: "SVG images are blocked",
+							value: element.src,
+							context: "image-src"
+						});
+						element.data = void 0;
+						element.src = void 0;
+						continue;
+					}
+					if (!security.allowDataUrls) {
+						handleSecurityViolation(security, {
+							code: "DATA_URL_BLOCKED",
+							type: "image",
+							message: "Data URLs are blocked for images",
+							value: element.src,
+							context: "image-src"
+						});
+						element.data = void 0;
+						element.src = void 0;
+						continue;
+					}
+				} else {
+					if (!security.allowRemoteImages) {
+						handleSecurityViolation(security, {
+							code: "IMAGE_PROTOCOL_BLOCKED",
+							type: "image",
+							message: "Remote images are disabled",
+							value: element.src,
+							context: "image-src"
+						});
+						element.data = void 0;
+						element.src = void 0;
+						continue;
+					}
+					if (!await validateResourceUrl(element.src, "image", security, "image-src")) {
+						element.data = void 0;
+						element.src = void 0;
+						continue;
+					}
+				}
+				if (element.src.startsWith("data:")) {
+					element.data = element.src;
+					const dataUrlBytes = getDataUrlPayloadByteSize(element.data);
+					if (security?.enabled && security.maxImageSizeBytes && dataUrlBytes !== null && dataUrlBytes > security.maxImageSizeBytes) {
+						handleSecurityViolation(security, {
+							code: "IMAGE_SIZE_EXCEEDED",
+							type: "image",
+							message: "Data URL image exceeds maxImageSizeBytes",
+							value: String(dataUrlBytes),
+							context: "data-url-size"
+						});
+						element.data = void 0;
+						element.src = void 0;
+						continue;
+					}
+				} else {
+					const response = await secureImageFetch(element.src, security);
 					if (!response.ok) throw new Error(`Failed to fetch image: ${response.statusText}`);
 					const blob = await response.blob();
+					if (security?.enabled && security.maxImageSizeBytes && blob.size > security.maxImageSizeBytes) {
+						handleSecurityViolation(security, {
+							code: "IMAGE_SIZE_EXCEEDED",
+							type: "image",
+							message: "Fetched image exceeds maxImageSizeBytes",
+							value: String(blob.size),
+							context: "blob-size"
+						});
+						element.data = void 0;
+						element.src = void 0;
+						continue;
+					}
 					element.data = await new Promise((resolve, reject) => {
 						const reader = new FileReader();
 						reader.onloadend = () => {
@@ -579,11 +1050,23 @@
 					});
 				}
 			} catch (error) {
+				if (error instanceof SecurityViolationError) throw error;
 				console.warn(`[jspdf-md-renderer] Warning: Failed to load image at ${element.src}. It will be skipped.`, error);
 			}
-			if (element.items && element.items.length > 0) await prefetchImages(element.items);
+			if (element.items && element.items.length > 0) await prefetchImages(element.items, security);
 		}
 	};
+	/**
+	* Best-effort remote image fetch hardening.
+	* In Node, re-validates URL immediately before fetch to reduce DNS rebind window.
+	* In browser runtimes, or when security is undefined/disabled, delegates to normal fetch.
+	*/
+	const secureImageFetch = async (url, security) => {
+		if (security?.enabled && isNodeEnvironment()) {
+			if (!await validateResourceUrl(url, "image", security, "pre-fetch-recheck")) throw new Error(`[jspdf-md-renderer] URL blocked on pre-fetch recheck: ${url}`);
+		}
+		return fetch(url);
+	};
 	//#endregion
 	//#region src/layout/wordSplitter.ts
 	/**
@@ -618,6 +1101,14 @@
 		const curSize = doc.getFontSize();
 		const boldFont = store.options.font.bold?.name || curFont;
 		const regularFont = store.options.font.regular?.name || curFont;
+		const italicFont = store.options.font.italic || {
+			name: regularFont,
+			style: "italic"
+		};
+		const boldItalicFont = store.options.font.boldItalic || {
+			name: italicFont.name,
+			style: "bolditalic"
+		};
 		const codeFont = store.options.font.code || {
 			name: "courier",
 			style: "normal"
@@ -627,10 +1118,10 @@
 				doc.setFont(boldFont, store.options.font.bold?.style || "bold");
 				break;
 			case "italic":
-				doc.setFont(regularFont, "italic");
+				doc.setFont(italicFont.name, italicFont.style);
 				break;
 			case "bolditalic":
-				doc.setFont(boldFont, "bolditalic");
+				doc.setFont(boldItalicFont.name, boldItalicFont.style);
 				break;
 			case "codespan":
 				doc.setFont(codeFont.name, codeFont.style);
@@ -836,23 +1327,19 @@
 		}
 	};
 	const renderSingleWord = (doc, word, x, y, store) => {
-		const savedFont = doc.getFont();
-		const savedSize = doc.getFontSize();
-		const savedColor = doc.getTextColor();
-		applyStyleToDoc(doc, word.style, store);
-		if (word.isLink && word.linkColor) doc.setTextColor(...word.linkColor);
-		if (word.isImage && word.imageElement?.data) renderInlineImage(doc, word, x, y);
-		else {
-			if (word.style === "codespan") renderCodespanBackground(doc, word, x, y, store);
-			doc.text(word.text, x, y, { baseline: "top" });
-		}
-		if (word.isLink && word.href) {
-			const h = word.isImage && word.imageHeight ? word.imageHeight : doc.getTextDimensions("H").h;
-			doc.link(x, y, word.width, h, { url: word.href });
-		}
-		doc.setFont(savedFont.fontName, savedFont.fontStyle);
-		doc.setFontSize(savedSize);
-		doc.setTextColor(savedColor);
+		withSavedDocState(doc, () => {
+			applyStyleToDoc(doc, word.style, store);
+			if (word.isLink && word.linkColor) doc.setTextColor(...word.linkColor);
+			if (word.isImage && word.imageElement?.data) renderInlineImage(doc, word, x, y);
+			else {
+				if (word.style === "codespan") renderCodespanBackground(doc, word, x, y, store);
+				doc.text(word.text, x, y, { baseline: "top" });
+			}
+			if (word.isLink && word.href) {
+				const h = word.isImage && word.imageHeight ? word.imageHeight : doc.getTextDimensions("H").h;
+				doc.link(x, y, word.width, h, { url: word.href });
+			}
+		});
 	};
 	const renderCodespanBackground = (doc, word, x, y, store) => {
 		const opts = store.options.codespan ?? {};
@@ -866,10 +1353,7 @@
 	};
 	const renderInlineImage = (doc, word, x, y) => {
 		const el = word.imageElement;
-		let fmt = "JPEG";
-		if (el.data.startsWith("data:image/png")) fmt = "PNG";
-		else if (el.data.startsWith("data:image/webp")) fmt = "WEBP";
-		else if (el.data.startsWith("data:image/gif")) fmt = "GIF";
+		const fmt = detectImageFormat(el);
 		if (word.width > 0 && (word.imageHeight || 0) > 0) doc.addImage(el.data, fmt, x, y, word.width, word.imageHeight);
 	};
 	//#endregion
@@ -922,29 +1406,28 @@
 	//#endregion
 	//#region src/renderer/components/heading.ts
 	const renderHeading = (doc, element, indent, store) => {
-		const savedColor = doc.getTextColor();
-		const headingKey = `h${element?.depth ?? 1}`;
-		const fontSize = store.options.heading?.[headingKey] ?? store.options.page.defaultFontSize;
-		const headingColor = store.options.heading?.[`${headingKey}Color`] ?? store.options.heading?.color ?? "#000000";
-		const savedSize = doc.getFontSize();
-		doc.setFontSize(fontSize);
-		doc.setFont(store.options.font.bold.name, store.options.font.bold.style || "bold");
-		doc.setTextColor(headingColor);
-		breakIfOverflow(doc, store, getCharHight(doc) * 1.8);
-		const maxWidth = store.options.page.maxContentWidth - indent;
-		if (element.items && element.items.length > 0) renderInlineContent(doc, element.items, store.X + indent, store.Y, maxWidth, store, {
-			alignment: "left",
-			trimLastLine: true
-		});
-		else renderPlainText(doc, element?.content ?? "", store.X + indent, store.Y, maxWidth, store, {
-			alignment: "left",
-			trimLastLine: true
+		withSavedDocState(doc, () => {
+			const headingKey = `h${element?.depth ?? 1}`;
+			const fontSize = store.options.heading?.[headingKey] ?? store.options.page.defaultTitleFontSize;
+			const headingColor = store.options.heading?.[`${headingKey}Color`] ?? store.options.heading?.color ?? "#000000";
+			const useBold = store.options.heading?.bold ?? true;
+			doc.setFontSize(fontSize);
+			if (useBold) doc.setFont(store.options.font.bold.name, store.options.font.bold.style || "bold");
+			else doc.setFont(store.options.font.regular.name, store.options.font.regular.style || "normal");
+			doc.setTextColor(headingColor);
+			breakIfOverflow(doc, store, getCharHight(doc) * 1.8);
+			const maxWidth = store.options.page.maxContentWidth - indent;
+			if (element.items && element.items.length > 0) renderInlineContent(doc, element.items, store.X + indent, store.Y, maxWidth, store, {
+				alignment: "left",
+				trimLastLine: true
+			});
+			else renderPlainText(doc, element?.content ?? "", store.X + indent, store.Y, maxWidth, store, {
+				alignment: "left",
+				trimLastLine: true
+			});
+			const bottomSpacing = store.options.heading?.bottomSpacing ?? store.options.spacing?.afterHeading ?? 2;
+			store.updateY(bottomSpacing, "add");
 		});
-		const bottomSpacing = store.options.heading?.bottomSpacing ?? store.options.spacing?.afterHeading ?? 2;
-		store.updateY(bottomSpacing, "add");
-		doc.setFontSize(savedSize);
-		doc.setFont(store.options.font.regular.name, store.options.font.regular.style);
-		doc.setTextColor(savedColor);
 		store.updateX(store.options.page.xpading, "set");
 	};
 	//#endregion
@@ -1000,10 +1483,11 @@
 	//#region src/renderer/components/list.ts
 	const renderList = (doc, element, indentLevel, store, parentElementRenderer) => {
 		doc.setFontSize(store.options.page.defaultFontSize);
+		const listItemGap = store.options.spacing?.betweenListItems ?? 0;
 		for (const [i, point] of element?.items?.entries() ?? []) {
 			const _start = element.ordered ? (element.start ?? 1) + i : void 0;
 			parentElementRenderer(point, indentLevel + 1, store, true, _start, element.ordered);
-			if (i < (element.items?.length ?? 0) - 1) store.updateY(store.options.spacing?.betweenListItems ?? 0, "add");
+			if (i < (element.items?.length ?? 0) - 1) store.updateY(listItemGap, "add");
 		}
 		store.updateY(store.options.spacing?.afterList ?? 3, "add");
 	};
@@ -1013,9 +1497,9 @@
 	* Render a single list item, including bullets/numbering, inline text, and any nested lists.
 	*/
 	const renderListItem = (doc, element, indentLevel, store, parentElementRenderer, start, ordered) => {
-		breakIfOverflow(doc, store, getCharHight(doc));
 		const options = store.options;
 		const listOpts = store.options.list ?? {};
+		breakIfOverflow(doc, store, getCharHight(doc) * options.page.defaultLineHeightFactor);
 		const baseIndent = indentLevel * (listOpts.indentSize ?? options.page.indent);
 		const bullet = ordered ? `${start}. ` : listOpts.bulletChar ?? "• ";
 		const xLeft = options.page.xpading;
@@ -1092,6 +1576,7 @@
 			}
 			store.updateX(xLeft, "set");
 			if (hasRawBullet && bullet) {
+				breakIfOverflow(doc, store, getCharHight(doc) * options.page.defaultLineHeightFactor);
 				const bulletWidth = doc.getTextWidth(bullet);
 				const textMaxWidth = options.page.maxContentWidth - indent - bulletWidth;
 				doc.setFont(options.font.regular.name, options.font.regular.style);
@@ -1210,7 +1695,9 @@
 	//#region src/renderer/components/blockquote.ts
 	const renderBlockquote = (doc, element, indentLevel, store, renderElement) => {
 		const options = store.options;
+		const bqOpts = store.options.blockquote ?? {};
 		const savedDrawColor = doc.getDrawColor();
+		const savedFillColor = doc.getFillColor();
 		const savedLineWidth = doc.getLineWidth();
 		const blockquoteIndent = indentLevel + 1;
 		const currentX = store.X + indentLevel * options.page.indent;
@@ -1223,17 +1710,27 @@
 		});
 		const endY = store.lastContentY || store.Y;
 		const endPage = doc.internal.getCurrentPageInfo().pageNumber;
-		const bqOpts = store.options.blockquote ?? {};
 		const barColor = bqOpts.barColor ?? "#AAAAAA";
 		const barWidth = bqOpts.barWidth ?? 1;
 		doc.setDrawColor(barColor);
 		doc.setLineWidth(barWidth);
+		const bgColor = bqOpts.backgroundColor;
 		for (let p = startPage; p <= endPage; p++) {
 			doc.setPage(p);
 			const isStart = p === startPage;
 			const isEnd = p === endPage;
 			const lineTop = isStart ? startY : options.page.topmargin;
 			const lineBottom = isEnd ? endY : options.page.maxContentHeight;
+			const lineHeight = Math.max(0, lineBottom - lineTop);
+			if (bgColor && lineHeight > 0) {
+				const bgX = barX + barWidth / 2;
+				const bgW = options.page.maxContentWidth - (bgX - options.page.xpading);
+				if (bgW > 0) {
+					doc.setFillColor(bgColor);
+					doc.rect(bgX, lineTop, bgW, lineHeight, "F");
+					doc.setDrawColor(barColor);
+				}
+			}
 			doc.line(barX, lineTop, barX, lineBottom);
 		}
 		store.recordContentY();
@@ -1241,34 +1738,12 @@
 		const bqBottomSpacing = bqOpts.bottomSpacing ?? options.spacing?.afterBlockquote ?? options.page.lineSpace;
 		store.updateY(bqBottomSpacing, "add");
 		doc.setDrawColor(savedDrawColor);
+		doc.setFillColor(savedFillColor);
 		doc.setLineWidth(savedLineWidth);
 	};
 	//#endregion
 	//#region src/renderer/components/image.ts
 	/**
-	* Detects the image format from element data and source.
-	*/
-	const detectImageFormat = (element) => {
-		if (element.data) {
-			if (element.data.startsWith("data:image/png")) return "PNG";
-			if (element.data.startsWith("data:image/jpeg") || element.data.startsWith("data:image/jpg")) return "JPEG";
-			if (element.data.startsWith("data:image/webp")) return "WEBP";
-			if (element.data.startsWith("data:image/webp")) return "WEBP";
-			if (element.data.startsWith("data:image/gif")) return "GIF";
-		}
-		if (element.src) {
-			const ext = element.src.split("?")[0].split("#")[0].split(".").pop()?.toUpperCase();
-			if (ext && [
-				"PNG",
-				"JPEG",
-				"JPG",
-				"WEBP",
-				"GIF"
-			].includes(ext)) return ext === "JPG" ? "JPEG" : ext;
-		}
-		return "JPEG";
-	};
-	/**
 	* Renders an image element into the jsPDF document with smart sizing and alignment.
 	*
 	* Sizing logic (in order of priority):
@@ -1332,7 +1807,9 @@
 			return;
 		}
 		const options = store.options;
-		const marginLeft = options.page.xmargin + indentLevel * options.page.indent;
+		const indent = indentLevel * options.page.indent;
+		const marginLeft = options.page.xpading + indent;
+		const availableWidth = Math.max(10, options.page.maxContentWidth - indent);
 		ensureSpace(doc, store, 20);
 		const columnCount = element.header.length;
 		const rows = (element.rows ?? []).map((row) => {
@@ -1365,8 +1842,9 @@
 			startY: store.Y,
 			margin: {
 				left: marginLeft,
-				right: options.page.xmargin
+				right: Math.max(0, doc.internal.pageSize.getWidth() - (marginLeft + availableWidth))
 			},
+			tableWidth: availableWidth,
 			...userTableOptions,
 			didDrawPage: safeDidDrawPage,
 			didDrawCell: safeDidDrawCell
@@ -1458,6 +1936,7 @@
 	//#endregion
 	//#region src/utils/options-validation.ts
 	const DEFAULT_HEADING_SIZES = {
+		bold: true,
 		h1: 24,
 		h2: 20,
 		h3: 17,
@@ -1479,6 +1958,14 @@
 			name: "helvetica",
 			style: "light"
 		},
+		italic: {
+			name: "helvetica",
+			style: "italic"
+		},
+		boldItalic: {
+			name: "helvetica",
+			style: "bolditalic"
+		},
 		code: {
 			name: "courier",
 			style: "normal"
@@ -1516,6 +2003,8 @@
 			...options.font
 		};
 		if (!font.bold?.name) font.bold = DEFAULT_FONT.bold;
+		if (!font.italic?.name) font.italic = DEFAULT_FONT.italic;
+		if (!font.boldItalic?.name) font.boldItalic = DEFAULT_FONT.boldItalic;
 		if (!font.code?.name) font.code = DEFAULT_FONT.code;
 		const heading = {
 			...DEFAULT_HEADING_SIZES,
@@ -1529,7 +2018,7 @@
 			"h5",
 			"h6"
 		].forEach((k) => {
-			if (heading[k] < 6 || heading[k] > 72) heading[k] = DEFAULT_HEADING_SIZES[k];
+			if ((heading[k] ?? 0) < 6 || (heading[k] ?? 0) > 72) heading[k] = DEFAULT_HEADING_SIZES[k];
 		});
 		const codespan = {
 			backgroundColor: "#EEEEEE",
@@ -1575,6 +2064,7 @@
 			afterTable: 3,
 			...options.spacing ?? {}
 		};
+		if (options.spacing?.betweenListItems === void 0) spacing.betweenListItems = list.itemSpacing ?? spacing.betweenListItems;
 		[
 			"afterHeading",
 			"afterParagraph",
@@ -1608,6 +2098,7 @@
 			codeBlock,
 			spacing,
 			image,
+			security: normalizeSecurityOptions(options.security),
 			endCursorYHandler
 		};
 	};
@@ -1626,49 +2117,175 @@
 		if (!hOpts) return;
 		const text = typeof hOpts.text === "function" ? hOpts.text(pageNum, totalPages) : hOpts.text ?? "";
 		if (!text.trim()) return;
-		const savedFont = doc.getFont();
-		const savedSize = doc.getFontSize();
-		const savedColor = doc.getTextColor();
-		doc.setFontSize(hOpts.fontSize ?? 9);
-		doc.setTextColor(hOpts.color ?? "#666666");
-		const y = hOpts.y ?? 5;
-		const align = hOpts.align ?? "center";
-		const pageWidth = doc.internal.pageSize.getWidth();
-		let x = pageWidth / 2;
-		if (align === "left") x = options.page.xmargin;
-		if (align === "right") x = pageWidth - options.page.xmargin;
-		doc.text(text, x, y, {
-			align,
-			baseline: "top"
+		withSavedDocState(doc, () => {
+			doc.setFontSize(hOpts.fontSize ?? 9);
+			doc.setTextColor(hOpts.color ?? "#666666");
+			const y = hOpts.y ?? 5;
+			const align = hOpts.align ?? "center";
+			const pageWidth = doc.internal.pageSize.getWidth();
+			let x = pageWidth / 2;
+			if (align === "left") x = options.page.xmargin;
+			if (align === "right") x = pageWidth - options.page.xmargin;
+			doc.text(text, x, y, {
+				align,
+				baseline: "top"
+			});
 		});
-		doc.setFont(savedFont.fontName, savedFont.fontStyle);
-		doc.setFontSize(savedSize);
-		doc.setTextColor(savedColor);
 	};
 	const applyFooter = (doc, options, pageNum, totalPages) => {
 		const fOpts = options.footer;
 		if (!fOpts) return;
 		const text = fOpts.showPageNumbers ? `Page ${pageNum} of ${totalPages}` : typeof fOpts.text === "function" ? fOpts.text(pageNum, totalPages) : fOpts.text ?? "";
 		if (!text.trim()) return;
-		const savedFont = doc.getFont();
-		const savedSize = doc.getFontSize();
-		const savedColor = doc.getTextColor();
-		doc.setFontSize(fOpts.fontSize ?? 9);
-		doc.setTextColor(fOpts.color ?? "#666666");
-		const pageHeight = doc.internal.pageSize.getHeight();
-		const y = fOpts.y ?? pageHeight - 5;
-		const align = fOpts.align ?? "right";
-		const pageWidth = doc.internal.pageSize.getWidth();
-		let x = pageWidth / 2;
-		if (align === "left") x = options.page.xmargin;
-		if (align === "right") x = pageWidth - options.page.xmargin;
-		doc.text(text, x, y, {
-			align,
-			baseline: "bottom"
+		withSavedDocState(doc, () => {
+			doc.setFontSize(fOpts.fontSize ?? 9);
+			doc.setTextColor(fOpts.color ?? "#666666");
+			const pageHeight = doc.internal.pageSize.getHeight();
+			const y = fOpts.y ?? pageHeight - 5;
+			const align = fOpts.align ?? "right";
+			const pageWidth = doc.internal.pageSize.getWidth();
+			let x = pageWidth / 2;
+			if (align === "left") x = options.page.xmargin;
+			if (align === "right") x = pageWidth - options.page.xmargin;
+			doc.text(text, x, y, {
+				align,
+				baseline: "bottom"
+			});
 		});
-		doc.setFont(savedFont.fontName, savedFont.fontStyle);
-		doc.setFontSize(savedSize);
-		doc.setTextColor(savedColor);
+	};
+	//#endregion
+	//#region src/security/security-guards.ts
+	/**
+	* Enforces input-size limits before tokenization/rendering starts.
+	* Violations are delegated to the configured violation handler.
+	*/
+	const enforceMarkdownLimits = (text, security) => {
+		if (!security.enabled) return;
+		if ((security.maxMarkdownLength || 0) > 0 && text.length > (security.maxMarkdownLength || 0)) {
+			const action = handleSecurityViolation(security, {
+				code: "MARKDOWN_TOO_LARGE",
+				type: "markdown",
+				message: "Markdown length exceeds configured limit",
+				value: String(text.length)
+			});
+			if (action === "skip" || action === "placeholder") throw new Error(`[jspdf-md-renderer] Markdown input rejected: length ${text.length} exceeds maxMarkdownLength ${security.maxMarkdownLength}.`);
+		}
+	};
+	/**
+	* Walks the parsed markdown tree and enforces structural limits:
+	* nesting depth and image count.
+	*/
+	const enforceNestedDepthAndImageCount = (elements, security) => {
+		if (!security.enabled) return;
+		let imageCount = 0;
+		const maxDepth = security.maxNestedDepth || 0;
+		const maxImageCount = security.maxImageCount || 0;
+		const placeholderText = security.placeholderImageText || "[blocked image]";
+		let imageLimitViolated = false;
+		const sanitizeNodes = (nodes, depth) => {
+			if (maxDepth > 0 && depth > maxDepth) {
+				handleSecurityViolation(security, {
+					code: "MAX_NESTED_DEPTH_EXCEEDED",
+					type: "markdown",
+					message: "Markdown nesting depth exceeds configured limit",
+					value: String(depth)
+				});
+				return [];
+			}
+			const sanitized = [];
+			for (const node of nodes) {
+				if (node.type === "image") {
+					imageCount++;
+					if (maxImageCount > 0 && imageCount > maxImageCount) {
+						if (!imageLimitViolated) {
+							imageLimitViolated = true;
+							handleSecurityViolation(security, {
+								code: "MAX_IMAGE_COUNT_EXCEEDED",
+								type: "image",
+								message: "Image count exceeds configured limit",
+								value: String(imageCount)
+							});
+						}
+						if (security.violationMode === "placeholder") sanitized.push({
+							type: "raw",
+							content: placeholderText
+						});
+						continue;
+					}
+				}
+				if (node.items?.length) node.items = sanitizeNodes(node.items, depth + 1);
+				sanitized.push(node);
+			}
+			return sanitized;
+		};
+		const sanitizedRoot = sanitizeNodes(elements, 1);
+		elements.length = 0;
+		elements.push(...sanitizedRoot);
+	};
+	/**
+	* Creates a lightweight timeout guard function for long render flows.
+	* Call the returned function at checkpoints (parse, prefetch, render loop).
+	*/
+	const createTimeoutGuard = (security) => {
+		const timeoutAt = security.enabled && (security.renderTimeoutMs || 0) > 0 ? Date.now() + (security.renderTimeoutMs || 0) : 0;
+		return () => {
+			if (timeoutAt > 0 && Date.now() > timeoutAt) {
+				const action = handleSecurityViolation(security, {
+					code: "RENDER_TIMEOUT_EXCEEDED",
+					type: "render",
+					message: "Render time exceeded configured timeout",
+					value: String(security.renderTimeoutMs)
+				});
+				if (action === "skip" || action === "placeholder") throw new Error(`[jspdf-md-renderer] Render aborted: exceeded renderTimeoutMs (${security.renderTimeoutMs}ms).`);
+			}
+		};
+	};
+	//#endregion
+	//#region src/security/security-transforms.ts
+	/**
+	* Applies link security rules to parsed markdown elements.
+	* Rejected links are downgraded to plain text by clearing `href`.
+	* In placeholder mode, blocked links render `security.placeholderText`.
+	*/
+	const applyLinkPolicy = async (elements, security) => {
+		if (!security.enabled) return;
+		const walk = async (nodes) => {
+			for (const node of nodes) {
+				if (node.type === "link" && node.href) {
+					if (security.disablePdfLinks) node.href = void 0;
+					else if (!await validateResourceUrl(node.href, "link", security, "markdown-link")) {
+						node.href = void 0;
+						if (security.violationMode === "placeholder") {
+							node.text = security.placeholderText || "[blocked]";
+							node.items = [{
+								type: "text",
+								content: node.text
+							}];
+						}
+					}
+				}
+				if (node.items?.length) await walk(node.items);
+			}
+		};
+		await walk(elements);
+	};
+	/**
+	* Replaces blocked image nodes with plain raw-text placeholders.
+	* Used by `violationMode: 'placeholder'` to preserve layout continuity.
+	*/
+	const convertBlockedImagesToPlaceholder = (elements, security) => {
+		const placeholder = security.placeholderImageText || "[blocked image]";
+		const walk = (nodes) => {
+			for (const node of nodes) {
+				if (node.type === "image" && !node.data) {
+					node.type = "raw";
+					node.content = placeholder;
+					node.src = void 0;
+				}
+				if (node.items?.length) walk(node.items);
+			}
+		};
+		walk(elements);
 	};
 	//#endregion
 	//#region src/renderer/MdTextRender.ts
@@ -1681,9 +2298,18 @@
 	*/
 	const MdTextRender = async (doc, text, options) => {
 		const validOptions = validateOptions(options);
+		const security = validOptions.security || {};
+		const guardTimeout = createTimeoutGuard(security);
+		enforceMarkdownLimits(text, security);
+		guardTimeout();
 		const store = new RenderStore(validOptions);
 		const parsedElements = await MdTextParser(text);
-		await prefetchImages(parsedElements);
+		guardTimeout();
+		enforceNestedDepthAndImageCount(parsedElements, security);
+		await applyLinkPolicy(parsedElements, security);
+		await prefetchImages(parsedElements, security);
+		guardTimeout();
+		if (security.enabled && security.violationMode === "placeholder") convertBlockedImagesToPlaceholder(parsedElements, security);
 		const renderElement = (element, indentLevel = 0, store, hasRawBullet = false, start = 0, ordered = false) => {
 			const indent = indentLevel * validOptions.page.indent;
 			switch (element.type) {
@@ -1740,7 +2366,10 @@
 					break;
 			}
 		};
-		for (const item of parsedElements) renderElement(item, 0, store);
+		for (const item of parsedElements) {
+			guardTimeout();
+			renderElement(item, 0, store);
+		}
 		applyPageDecorations(doc, validOptions);
 		validOptions.endCursorYHandler(store.Y);
 	};
@@ -1748,6 +2377,7 @@
 	exports.MdTextParser = MdTextParser;
 	exports.MdTextRender = MdTextRender;
 	exports.MdTokenType = MdTokenType;
+	exports.SecurityViolationError = SecurityViolationError;
 	exports.renderInlineContent = renderInlineContent;
 	exports.renderPlainText = renderPlainText;
 	exports.validateOptions = validateOptions;