npm - mnfst - Versions diffs - 0.5.112 → 0.5.113 - Mend

mnfst 0.5.112 → 0.5.113

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/lib/manifest.export.js +73 -40
package/lib/manifest.integrity.json +1 -1
package/package.json +1 -1

package/lib/manifest.export.js CHANGED Viewed

@@ -232,8 +232,17 @@ function initializeExportPlugin() {
             return !!(node && node.nodeType === 1
                 && node.hasAttribute && node.hasAttribute('data-no-export'));
         };
+        // Default scale = device pixel ratio. On a retina display that's 2,
+        // so the export matches what the user actually sees on screen. On a
+        // standard 1x display it's 1, so the export is the literal CSS
+        // pixel size of the region — no surprise doubling. Callers can
+        // explicitly set `resolution: N` to render at N× independent of the
+        // host display (useful for "always-2x" archive renders or "1x" thumbs).
+        const defaultScale = (typeof window !== 'undefined' && window.devicePixelRatio > 0)
+            ? window.devicePixelRatio
+            : 1;
         const out = {
-            scale: Number(opts.resolution) > 0 ? Number(opts.resolution) : 2,
+            scale: Number(opts.resolution) > 0 ? Number(opts.resolution) : defaultScale,
             ignoreElements,
             useCORS: true,
             allowTaint: false,
@@ -342,53 +351,87 @@ function initializeExportPlugin() {
         //   - The page's own @media print rules
         // Whole-page is the default; passing a target adds a temporary
         // @media print stylesheet that hides everything outside that subtree.
-        return printToPdf(filename, opts.target ? resolveTarget(opts) : null);
+        return printToPdf(filename, opts.target ? resolveTarget(opts) : null, opts.pageSize);
     }
     // Trigger the browser's "Save as PDF" dialog. When `target` is provided,
-    // the print is scoped to that element via injected @media print CSS;
-    // otherwise the whole page prints. Filename uses the document.title swap
-    // trick — the print dialog seeds its suggested name from the title.
-    function printToPdf(filename, target) {
+    // the print is scoped to just that element; otherwise the whole page
+    // prints. Filename uses the document.title swap trick — the print dialog
+    // seeds its suggested name from the title.
+    //
+    // Target-scoping strategy: clone the target into a fresh body-level
+    // container and `display: none` every other body child. Cloning (rather
+    // than relocating) leaves the live DOM intact — Alpine state, event
+    // listeners, and any in-flight reactivity stay where they were. The
+    // earlier visibility:hidden approach preserved layout space, so the body
+    // still occupied its full natural height during print → blank trailing
+    // pages. display:none actually removes that space, so the printed pages
+    // fit the target's content with no whitespace tail.
+    function printToPdf(filename, target, pageSize) {
         const original = document.title;
         const cleaned = String(filename || '').replace(/\.pdf$/i, '') || original;
         document.title = cleaned;
+        // Sanitize pageSize: only allow letters/digits/spaces so an
+        // attacker-controlled value can't break out of the @page rule.
+        const safePageSize = (typeof pageSize === 'string' && /^[a-zA-Z0-9 ]+$/.test(pageSize))
+            ? pageSize.trim()
+            : 'a4';
+        let printContainer = null;
+        // Always inject a @page rule so the chosen pageSize applies for both
+        // whole-page and targeted prints.
+        const pageRule = '@page { size: ' + safePageSize + '; margin: 1cm; }';
+        const style = document.createElement('style');
+        style.setAttribute('data-mnfst-print-scope', '');
-        let style = null;
-        let injectedId = null;
         if (target && target.nodeType === 1) {
-            // The target needs an id we can reference from the stylesheet.
-            // Give it a throwaway one if it doesn't already have one; we'll
-            // remove it on cleanup so we don't leak DOM mutations.
-            if (!target.id) {
-                injectedId = 'mnfst-print-target-' + Math.random().toString(36).slice(2, 9);
-                target.id = injectedId;
-            }
-            const id = target.id;
-            style = document.createElement('style');
-            style.setAttribute('data-mnfst-print-scope', '');
-            // visibility:hidden preserves layout space (so absolute/fixed
-            // positioning calculations remain sane), then we un-hide the
-            // target subtree and pin it to the top-left of the print page.
+            printContainer = document.createElement('div');
+            printContainer.setAttribute('data-mnfst-print-target', '');
+            // Anchor off-screen so the clone never flashes visibly in normal
+            // (non-print) rendering. The print stylesheet below resets these
+            // for the print medium only.
+            printContainer.style.position = 'absolute';
+            printContainer.style.left = '-99999px';
+            printContainer.style.top = '0';
+            printContainer.appendChild(target.cloneNode(true));
+            document.body.appendChild(printContainer);
             style.textContent =
+                pageRule +
                 '@media print {' +
-                  'body * { visibility: hidden !important; }' +
-                  '#' + cssEscape(id) + ', #' + cssEscape(id) + ' * { visibility: visible !important; }' +
-                  '#' + cssEscape(id) + ' {' +
-                    'position: absolute !important;' +
-                    'left: 0 !important; top: 0 !important;' +
-                    'width: 100% !important; max-width: none !important;' +
+                  // Hide every original body child — display:none takes them
+                  // out of layout entirely, so body's height collapses to
+                  // just the clone's height.
+                  'body > *:not([data-mnfst-print-target]) { display: none !important; }' +
+                  // Restore the clone to normal flow at the top-left of
+                  // the page, full width.
+                  'body > [data-mnfst-print-target] {' +
+                    'display: block !important;' +
+                    'position: static !important;' +
+                    'left: auto !important;' +
+                    'top: auto !important;' +
+                    'width: 100% !important;' +
+                    'max-width: none !important;' +
                     'margin: 0 !important;' +
+                    'padding: 0 !important;' +
                   '}' +
                   '[data-no-export] { display: none !important; }' +
                 '}';
-            document.head.appendChild(style);
+        } else {
+            // Whole-page print: just honor pageSize and the data-no-export
+            // filter; let the page's own print CSS do everything else.
+            style.textContent =
+                pageRule +
+                '@media print {' +
+                  '[data-no-export] { display: none !important; }' +
+                '}';
         }
+        document.head.appendChild(style);
         const cleanup = () => {
             document.title = original;
-            if (style) style.remove();
-            if (injectedId && target) target.removeAttribute('id');
+            style.remove();
+            if (printContainer) printContainer.remove();
             window.removeEventListener('afterprint', onAfter);
         };
         const onAfter = () => cleanup();
@@ -406,16 +449,6 @@ function initializeExportPlugin() {
         setTimeout(cleanup, 30000);
     }
-    // CSS.escape polyfill — used to safely build #id selectors from arbitrary
-    // ids. Real `CSS.escape` is widely available; fall back for very old
-    // browsers to a conservative regex.
-    function cssEscape(value) {
-        if (typeof CSS !== 'undefined' && typeof CSS.escape === 'function') {
-            return CSS.escape(String(value));
-        }
-        return String(value).replace(/[^a-zA-Z0-9_-]/g, (c) => '\\' + c);
-    }
     function effectivePageBackground() {
         let el = document.body;
         while (el && el !== document.documentElement.parentElement) {

package/lib/manifest.integrity.json CHANGED Viewed

@@ -8,7 +8,7 @@
   "manifest.components.js": "sha384-3dCTD5EwCZTiX+1obYtDNM3WWwPh2JDQUQQsdRUUK3gs6FXjse1ShkKaT/2jsNaI",
   "manifest.data.js": "sha384-pgX6RJRWP7jmWO4ALb+GbS7Gm5JGOrCtxjEOnEcj1aJ8HoGbFjOniyjsntf8IA+B",
   "manifest.dropdowns.js": "sha384-WMrFoSpKfJuo81dyrwhVrDO8rq+rDwh2x8x4nH01BY5ZHkvjE+/SaT2gWCI0zOn+",
-  "manifest.export.js": "sha384-kTZBHsXPtj6RuLSyR323lCjIm0VTtZ64IdpyvOULMMJHqw/kIXjtQDyph5Ak/Ryv",
+  "manifest.export.js": "sha384-IF2MJHlDpx9hprNtdplNIJJPnU5xE+9/S+LQL3MBG4ERICBtIwOKM5V7RRY/OWzM",
   "manifest.icons.js": "sha384-uOkboYrovjCpl22eey3Jaxpey+pOnot5NDnRRumcRxiR7IOVaRh1i20gYnWXR5dW",
   "manifest.localization.js": "sha384-M40EWrbWs2MoJvUiYVQaPxPiOzMYBn/ywuMR02rvoSXG77eIHT/aRoYub9r6+jC+",
   "manifest.markdown.js": "sha384-jJFVCg46bYcP/xglX6QguG2qsGi2I/0o9kXLpM2RMq7edbTYpgx6WQ9iNB7kKHmN",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "mnfst",
-    "version": "0.5.112",
+    "version": "0.5.113",
     "private": false,
     "workspaces": [
         "templates/starter",