node-pptx-templater 1.0.5 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +32 -0
- package/README.md +1176 -227
- package/package.json +95 -3
- package/src/index.js +14 -1
- package/src/parsers/XMLParser.js +38 -1
- package/src/utils/xmlUtils.js +285 -30
package/CHANGELOG.md
CHANGED
|
@@ -5,9 +5,32 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [1.0.6] - 2026-06-02
|
|
9
|
+
|
|
10
|
+
### Added
|
|
11
|
+
|
|
12
|
+
- **XML Validation & Diagnostics Engine**: Introduced a suite of tools in `src/utils/xmlUtils.js` for XML safety and diagnostics:
|
|
13
|
+
- `validateXml(xmlString)` — Validates that an XML string is secure and well-formed, checking for DTDs, custom/recursive entities, and XXE.
|
|
14
|
+
- `safeParseXml(xmlString, file)` — Unified wrapper that runs validation and captures detailed diagnostic error logs (file, line, col, error details, and recommendations) on failure.
|
|
15
|
+
- `scanForEntities(xmlString)` — Scans and classifies all XML entity references (standard, custom, numeric, and hex).
|
|
16
|
+
- `analyzeXmlFile(xmlString)` — Computes core file sizing and stats (bytes, lines, elements, attributes, entities).
|
|
17
|
+
- `reportXmlComplexity(xmlString)` — Inspects structural metrics (maximum tag nesting depth, node count, text-to-markup ratio).
|
|
18
|
+
- **Public API Exports**: The new tools are exported from the main library entry point `src/index.js`.
|
|
19
|
+
|
|
20
|
+
### Fixed
|
|
21
|
+
|
|
22
|
+
- **XML Entity Expansion Limit Resolution**: Permanently resolved the `Entity expansion limit exceeded` parser crashes on large template files. Deactivated internal entity expansion in `fast-xml-parser` and replaced it with a fast, secure, non-recursive unescaper handling the 5 standard XML/HTML entities and numeric references (decimal and hex code points) natively.
|
|
23
|
+
- **Vulnerability Protections**: Integrated strict security checks directly into the validator to block DTD abuse, XML bombs (Billion Laughs), and XXE attacks safely before the parser processes them.
|
|
24
|
+
|
|
25
|
+
### Tests
|
|
26
|
+
|
|
27
|
+
- Added 13 new unit and integration tests in `tests/unit/XMLSecurity.test.js` validating security protections, large-scale entity processing, diagnostics error recovery, and complexity analysis.
|
|
28
|
+
- Total test count increased from 108 → 121 (all passing).
|
|
29
|
+
|
|
8
30
|
## [1.0.5] - 2026-06-02
|
|
9
31
|
|
|
10
32
|
### Added
|
|
33
|
+
|
|
11
34
|
- **Z-Order (Layer Management) System**: Full stacking control for all slide drawing objects — shapes, images, charts, tables, groups, connectors, and SmartArt. Directly manipulates the OpenXML `<p:spTree>` element order, matching PowerPoint's native Bring Forward / Send Backward behavior exactly. New APIs:
|
|
12
35
|
- `getObjectOrder(slideIndex)` — Returns ordered metadata (id, type, zIndex) for every element on a slide, bottom-to-top.
|
|
13
36
|
- `bringForward(options)` — Moves an object one layer up in the stack.
|
|
@@ -27,29 +50,35 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
27
50
|
- **ZOrderManager**: New dedicated manager class (`src/managers/ZOrderManager.js`) encapsulating all layer logic.
|
|
28
51
|
|
|
29
52
|
### Fixed
|
|
53
|
+
|
|
30
54
|
- **`PPTXTemplater.create()` synchronous readiness**: Added `preloadAll()` call to `#initializeBlank()`. Previously, the blank PPTX template's pre-existing slides were registered but their XML was not cached, causing all synchronous operations (including ZOrderManager) to throw `"Slide N XML not pre-loaded"`.
|
|
31
55
|
|
|
32
56
|
### Changed
|
|
57
|
+
|
|
33
58
|
- **`XMLParser` hybrid parsing**: Added a secondary `preserveOrder: true` fast-xml-parser pass that runs during `parse()` whenever a slide `<p:spTree>` is detected. Extracts DOM element order and attaches it via `Z_ORDER_SYMBOL` to each container. The `build()` method uses a new `serializeContainer()` recursive function to serialize containers in Z_ORDER_SYMBOL order, injecting the result back into the output XML.
|
|
34
59
|
- **`ValidationEngine`**: `validate()` now audits the shape tree for duplicate shape IDs, reporting them as errors.
|
|
35
60
|
|
|
36
61
|
### Tests
|
|
62
|
+
|
|
37
63
|
- Added 12 new integration tests in `tests/integration/ZOrder.test.js` covering all Z-order operations.
|
|
38
64
|
- Total test count increased from 96 → 108 (all passing).
|
|
39
65
|
|
|
40
66
|
## [1.0.3] - 2026-06-02
|
|
41
67
|
|
|
42
68
|
### Added
|
|
69
|
+
|
|
43
70
|
- **Dynamic Formatting in updateTable**: Added support for inline cell styling (color fill `fill`, text alignment `align`, and `fontSize`) directly on cell objects passed to `updateTable`.
|
|
44
71
|
- **Comprehensive Tailwind Site**: Overhauled doc builder script to generate a premium Tailwind CSS documentation portal with clientside search, clipboard copying, sitemap.xml, robots.txt, and Schema.org metadata.
|
|
45
72
|
|
|
46
73
|
### Fixed
|
|
74
|
+
|
|
47
75
|
- **XML Element Ordering**: Enforced strict schema-valid element sequence (`a:pPr` -> runs -> `a:endParaRPr`) in slide table cell paragraphs. This resolves the bug where split cells inheriting from template merged cells had their text runs ignored by PowerPoint's XML compiler.
|
|
48
76
|
- **Template Style Inheritance**: Fixed a bug in `updateTable` where cloned rows always copied the first data row (`trs[1]`). The engine now correctly inherits formatting, alignment, and fill styles from matching indices in the template (`trs[i]`) when available.
|
|
49
77
|
|
|
50
78
|
## [1.0.2] - 2026-06-02
|
|
51
79
|
|
|
52
80
|
### Added
|
|
81
|
+
|
|
53
82
|
- **Table Cell Merging & Unmerging Engine**: Fully implemented horizontal cell spans (`gridSpan`, `hMerge`), vertical cell spans (`rowSpan`, `vMerge`), and rectangular block merges.
|
|
54
83
|
- **PowerPoint Repair Protection**: Implemented unique 32-bit unsigned `rowId` generation inside `<a16:rowId>` XML tags for all cloned and inserted rows, eliminating PowerPoint's "Repair Mode" error prompts.
|
|
55
84
|
- **Merge Integrations**: Integrated template-driven merges (`merge` configs array and cell-level `colSpan`/`rowSpan`) inside the main `updateTable` orchestrator.
|
|
@@ -58,11 +87,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
58
87
|
## [1.0.1] - 2026-05-19
|
|
59
88
|
|
|
60
89
|
### Changed
|
|
90
|
+
|
|
61
91
|
- **CommonJS Target Conversion**: Converted the source code modules compilation and packaging layout from pure ES Modules (ESM) to CommonJS (CJS) to ensure compatibility with standard Node.js deployment, packaging, and edge runtime environments.
|
|
62
92
|
|
|
63
93
|
## [1.0.0] - 2026-05-17
|
|
64
94
|
|
|
65
95
|
### Added
|
|
96
|
+
|
|
66
97
|
- `PPTXTemplater` — main orchestrator class with fluent chainable API
|
|
67
98
|
- `ZipManager` — PPTX ZIP archive loading, reading, writing, and re-packaging
|
|
68
99
|
- `XMLParser` — high-performance XML parsing/building via `fast-xml-parser`
|
|
@@ -84,6 +115,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
84
115
|
- MIT License
|
|
85
116
|
|
|
86
117
|
### Architecture
|
|
118
|
+
|
|
87
119
|
- Zero PPTX generation library dependencies
|
|
88
120
|
- Only uses: `jszip`, `fast-xml-parser`, `fs-extra`, `commander`, `chalk`, `ora`
|
|
89
121
|
- Async/await throughout
|