pretext-pdf 1.8.0 → 2.0.2

package/CHANGELOG.md

@@ -7,6 +7,240 @@ Format: [Keep a Changelog 1.1.0](https://keepachangelog.com/en/1.1.0/)
 
 ---
 
+## [2.0.2] — 2026-05-28
+
+Second post-release audit patch: PDF injection hardening (metadata, AcroForm names), PDFHexString encoding correctness, signing field escaping, annotation array safety.
+
+### Fixed
+
+- **Metadata Info dict fields now use `PDFHexString.fromText()` (correct UTF-16BE encoding)** —
+  The v2.0.1 fix used `PDFHexString.of()` which stored raw bytes between `<>` delimiters (not
+  valid hex). `fromText` correctly produces `<FEFF...>` UTF-16BE hex, the same encoding used by
+  pdf-lib's built-in `setTitle()` etc. Injection protection is now both correct AND effective.
+
+- **Form field `name` and option `value` restricted to AcroForm-safe characters** — Field names
+  and radio/dropdown option export values are written as PDF literal strings by pdf-lib. Characters
+  like `)`, `\`, and null bytes that could corrupt the AcroForm `/T` dictionary are now rejected
+  at validation time with a clear error message. Allowed: `[a-zA-Z0-9_.@-]+` (`HIGH-2`).
+
+- **Signing placeholder fields escaped for PDF literal strings** — `sig.reason`, `sig.location`,
+  `sig.contactInfo`, and `sig.signerName` are passed to `@signpdf/placeholder-pdf-lib` which
+  writes them as PDF literal strings. Backslashes and parentheses are now escaped with `\` before
+  passing, so values like "New York (USA)" are preserved correctly without breaking the dict.
+
+- **Annotation array push guarded with `instanceof PDFArray`** — The previous `as any` cast on
+  `pdfDoc.context.lookup(existingAnnots)` allowed silent no-ops if the value wasn't a PDFArray.
+  All three annotation functions now check `instanceof PDFArray` and fall back to creating a new
+  array rather than silently dropping the annotation.
+
+- **Bookmark `Title` and AcroForm `/TU` use `PDFHexString.fromText()`** — Same `of()` → `fromText()`
+  correction applied to bookmark headings and all five AcroForm `/TU` (accessibility tooltip) writes.
+
+- **Sticky note `Contents` and author `T` use `PDFHexString.fromText()`** — Human-readable text in
+  sticky note annotations now uses proper UTF-16BE encoding.
+
+- **Signature placeholder `signerName` truncated to 100 chars** — Prevents glyph overflow outside
+  the visual signature box for very long signer names.
+
+- **Schema `content.items` changed from `anyOf` to `oneOf`** — JSON Schema validators and AI agent
+  code generators now get exclusive-match semantics, preventing multi-schema ambiguity.
+
+### Tests
+
+- Added T6: `/TU` accessibilityLabel byte-level injection guard in `test/forms.test.ts`.
+- Added T7: metadata title/author/accessibility UTF-16BE hex-encoding byte checks in `test/metadata.test.ts`.
+- Added field name and option value AcroForm-safety tests in `test/forms.test.ts`.
+
+---
+
+## [2.0.1] — 2026-05-28
+
+Post-release patch: audit-driven hardening of every change introduced in v2.0.0.
+
+### Fixed
+
+- **SVG sanitizer: `on*` handlers with whitespace in attribute name now stripped** — Attackers
+  could inject `on\nload=` or `on\tclick=` to bypass the previous `\w+` name regex. The pattern
+  now uses `[\w\r\n\t ]+` for the attribute name portion (`H3`).
+
+- **SVG sanitizer: `expression()` strips arguments with nested parens** — `expression(alert(1))`
+  and `expression(eval(x))` are now stripped in a single pass. The inner-parens pattern
+  `(?:[^()]*|\([^()]*\))*` handles one level of argument nesting; multi-pass unwinds deeper
+  nesting (`M6`).
+
+- **SVG sanitizer: size/element-count guards now throw `PretextPdfError('SVG_LOAD_FAILED')`** —
+  Previously both guards returned the raw unstripped SVG on overflow, silently bypassing
+  script/event stripping. Now both throw, so callers always receive a typed error (`H1`).
+
+- **Form-field strict mode no longer flags cross-variant props as unknown** — `ALLOWED_PROPS`
+  entry for `form-field` now covers the union of all variant-specific keys so the first strict
+  check never fires false positives. Per-variant narrowing still runs inside `validateFormField`
+  to catch cross-contamination (`B1`).
+
+- **Bookmark `Title` and AcroForm `/TU` now use `PDFHexString`** — Previously `PDFString` was
+  used, which is vulnerable to unbalanced-parenthesis injection in user-controlled strings. All
+  five `/TU` writes and the outline `Title` write now use the hex-encoded form (`B3`).
+
+- **Link URI annotation and sticky-note `Contents`/`T` use `PDFHexString`** — Same injection
+  guard extended to `addLinkAnnotation` and `addStickyNoteAnnotation` (`B3`).
+
+- **`getInfoDict()` private-API call is now try/caught** — Accessibility and semantic metadata
+  are silently omitted (rather than throwing) if the `@cantoo/pdf-lib` internal API is removed
+  in a future library version (`M7`).
+
+- **`SignPdf`/`P12Signer` dynamic imports typed via local interfaces** — Removes `any` casts
+  on the signpdf module destructuring, catching future API drift at compile time (`M4`).
+
+- **Signing error message scrubbed of certificate details** — `SIGNATURE_FAILED` no longer
+  leaks P12 structural details or ASN.1 internals; only the first 120 chars of the underlying
+  error message are included (`F9`).
+
+- **`FORM_FIELD_VARIANT_PROPS` type narrowed** — The export type is now
+  `Record<'text'|'checkbox'|'radio'|'dropdown'|'button', ReadonlySet<string>>` so callers that
+  iterate the map get exhaustive narrowing rather than a plain string index (`M1`).
+
+- **`fieldType` validation is now derived from `FORM_FIELD_VARIANT_PROPS`** — The allowed-values
+  list and the dispatch map are now the same object, removing the risk of one going stale (`M2`).
+
+- **Form-field options arrays are structurally validated** — Each item in `options` for `radio`
+  and `dropdown` is now checked to be a `{value: string, label: string}` object. Invalid items
+  throw `VALIDATION_ERROR` with an indexed path like `options[1].value` (`H2`).
+
+- **`accessibilityLabel` validated as non-empty string** — Empty or non-string values now
+  throw `VALIDATION_ERROR` rather than embedding an empty `/TU` annotation (`H2`).
+
+- **`signing/placeholder.ts` uses `buildFontKey()` instead of hardcoded literal** — Keeps the
+  font lookup in sync with the canonical key format if the naming convention ever changes (`L1`).
+
+- **`PluginMeasureResult.spaceBefore/spaceAfter` marked readonly** — Plugins cannot mutate the
+  pipeline's spacing side-table; callers can still construct the object with literal values (`L2`).
+
+- **`package.json` `mcpCompat` range updated** — Was `>=1.4.0 <2.0.0` (excluded v2.0.0 itself);
+  now `>=1.5.0 <3.0.0` (`B2`).
+
+- **`pdfDocumentSchema`: `form-field` now a `oneOf` discriminated union** — The flat single-object
+  schema was replaced with five variant schemas keyed by `fieldType: { const: '...' }`, with
+  correct per-variant `required` arrays (radio/dropdown require `options`) (`M3`).
+
+### Tests
+
+- Added T1: `on\nload` and `on\tclick` attribute-name injection regression guard in
+  `test/svg-sanitizer.test.ts`.
+- Added T2: Per-variant strict-mode unknown-props tests for form-field in
+  `test/validate-strict.test.ts` (Group 8).
+- Added T3: `./signing` entry point added to `test/public-api-surface.test.ts` tripwire.
+- Added T4: `MAX_SVG_ELEMENTS` boundary tests (at-limit sanitizes, over-limit throws) in
+  `test/svg-sanitizer.test.ts`.
+- Added T5: `fieldType: 'textarea'` (unknown value) test triggering `VALIDATION_ERROR`.
+
+---
+
+## [2.0.0] — 2026-05-28
+
+Major release. Three breaking changes, six improvements, and two security fixes.
+
+### Breaking Changes
+
+- **`FormFieldElement` is now a discriminated union** — Replace the single flat interface with
+  five per-variant types (`TextFormField | CheckboxFormField | RadioFormField | DropdownFormField |
+  ButtonFormField`) that narrow available properties by `fieldType`. The `BaseFormField` interface
+  holds all shared fields and is also exported. Callers that assign into `FormFieldElement` without
+  narrowing will need to specify the concrete variant. **Migration:** narrow on `fieldType` or
+  import the specific variant type.
+
+- **`HorizontalRuleElement.spaceAbove` / `spaceBelow` removed** — Use `spaceBefore` / `spaceAfter`
+  (stable since v0.9). The deprecated aliases were present in v1.x with `@deprecated` JSDoc.
+  **Migration:** replace `spaceAbove` → `spaceBefore`, `spaceBelow` → `spaceAfter`.
+
+- **`ValidationResult.warningCount` removed** — The field was always `0` in v1.x (validator emits
+  errors only). **Migration:** use `result.errors.filter(e => e.severity === 'warning').length` if
+  you need a count — returns `0` until warning-severity issues are introduced.
+
+### Added
+
+- **`./signing` export** — New subpath export `pretext-pdf/signing` exposes `applySignature`,
+  `applyEncryption`, `applyPostProcessing`, and `renderSignaturePlaceholder` as a standalone
+  signing module. Useful for post-render pipeline composition without importing the full library.
+
+- **`MAX_SVG_ELEMENTS` constant** — Exported from `dist/assets.js` alongside `SVG_MAX_BYTES`.
+  Heuristic element-count guard (5,000 open tags) that skips sanitization of pathologically deep
+  SVGs to prevent memory exhaustion during rasterization.
+
+- **Per-variant `accessibilityLabel` wired to AcroForm `/TU`** — `accessibilityLabel` on form
+  fields is now written to the PDF annotation `/TU` (tooltip/alt-text) dictionary entry.
+  Screen readers and assistive technology that consume AcroForm annotations will pick it up.
+
+- **`metadata.accessibility` / `metadata.semantic` written to Info dict** — Both reserved fields
+  are now serialized as JSON strings into the PDF Info dictionary (`Accessibility` and `Semantic`
+  keys). Previously they were accepted but ignored at render time.
+
+### Changed
+
+- **`ValidationError` and `ValidationResult` fields are `readonly`** — All fields on both
+  interfaces are now `readonly`. This is technically breaking for callers that mutate validation
+  results directly (which should be none in practice).
+
+- **`PluginMeasureResult.height` is `readonly`** — Prevents accidental mutation of the measured
+  height by render hooks.
+
+### Fixed (security)
+
+- **SVG `on*` handler regex now catches newline-injected attributes** — The previous pattern
+  `\bon\w+\s*=` missed attributes like `on\nload=`. Fixed to `\bon\w+[\s\n\r]*=`.
+
+- **`allowed-props` strict mode now covers `accessibilityLabel`, `accessibility`, `semantic`** —
+  These fields were missing from their respective key arrays; strict-mode validation would
+  incorrectly report them as unknown properties. Fixed.
+
+---
+
+## [1.9.0] — 2026-05-28
+
+Additive release: error categorisation, typed plugin generics, beta graduations, soft deprecations, and a 100 MB output size guard.
+
+### Added
+
+- **`PretextPdfError.category`** — New readonly field on every thrown error. Groups all 50+
+  error codes into 8 high-level categories (`'validation' | 'font' | 'image' | 'layout' |
+  'security' | 'dependency' | 'signature' | 'render'`). Lets callers branch on class of
+  failure without exhaustive switches. Also exported as the `ErrorCategory` type.
+
+- **`LEGACY_ERROR_CODE_MAP`** — `Record<string, ErrorCode>` exported from the main entry
+  point. Documents the canonical code for any renamed or aliased error strings. Currently
+  maps `FONT_ENCODE_FAIL → FONT_ENCODE_FAIL` (no renames have occurred yet); future renames
+  will be recorded here before the old string is removed.
+
+- **`PluginDefinition<T>` generic** — `PluginDefinition`, `PluginMeasureResult`, and
+  `PluginRenderContext` are now generic over a `T` type parameter (default `unknown`).
+  `pluginData` in `measure` and `render` is now typed as `T` instead of `unknown`. Fully
+  backward compatible — existing plugins without a type argument continue to compile.
+
+- **`MAX_PDF_BYTES` constant** — Exported from the main entry point. Value: `100 * 1024 * 1024`
+  (100 MB). `render()` now throws `RENDER_FAILED` if the serialized PDF exceeds this limit,
+  preventing runaway memory use from pathological documents.
+
+### Changed (promotions — no breaking changes)
+
+- **`PluginDefinition`, `PluginMeasureContext`, `PluginMeasureResult`, `PluginRenderContext`**
+  — Promoted from `@beta` to `@public`. The plugin API is stable.
+
+- **`RenderOptions.plugins`** — `@beta` tag removed. Stable.
+
+- **`createFootnoteSet()`** — `@beta` tag removed. Stable.
+
+### Deprecated
+
+- **`HorizontalRuleElement.spaceAbove`** and **`.spaceBelow`** — Use `spaceBefore` and
+  `spaceAfter` instead (consistent with paragraph/heading naming). Both aliases remain
+  functional in v1.x. Will be removed in v2.0.
+
+- **`ValidationResult.warningCount`** — Always `0` in v1.x (the validator emits errors
+  only). Will be removed in v2.0. Use
+  `result.errors.filter(e => e.severity === 'warning').length` directly when
+  warning-severity items are introduced.
+
+---
+
 ## [1.8.0] — 2026-05-28
 
 Additive release: type narrowing, shared leaf modules, 5 new test coverage points, and a Windows font-path validation bugfix.

package/dist/allowed-props.d.ts

@@ -3,12 +3,12 @@
  * Enforced at runtime by strict: true validation.
  * Compile-time drift guards via Exact<T, Keys> ensure types stay synchronized.
  */
-import type { PdfDocument, ParagraphElement, HeadingElement, SpacerElement, TableElement, TableCell, ColumnDef, ImageElement, SvgElement, QrCodeElement, BarcodeElement, ChartElement, ListElement, ListItem, HorizontalRuleElement, PageBreakElement, CodeBlockElement, RichParagraphElement, InlineSpan, BlockquoteElement, CalloutElement, CommentElement, FormFieldElement, FootnoteDefElement, TocElement, FloatGroupElement, AnnotationSpec, TableRow, DocumentMetadata, EncryptionSpec } from './types.js';
+import type { PdfDocument, ParagraphElement, HeadingElement, SpacerElement, TableElement, TableCell, ColumnDef, ImageElement, SvgElement, QrCodeElement, BarcodeElement, ChartElement, ListElement, ListItem, HorizontalRuleElement, PageBreakElement, CodeBlockElement, RichParagraphElement, InlineSpan, BlockquoteElement, CalloutElement, CommentElement, TextFormField, CheckboxFormField, RadioFormField, DropdownFormField, ButtonFormField, FootnoteDefElement, TocElement, FloatGroupElement, AnnotationSpec, TableRow, DocumentMetadata, EncryptionSpec } from './types.js';
 import type { TocEntryElement } from './types-internal.js';
 /** Compile-time assertion that T has exactly the keys in Keys (no more, no less) */
 type Exact<T, Keys extends readonly (keyof T)[]> = T & Record<Exclude<keyof T, Keys[number]>, never>;
 declare const DOC_KEYS: readonly ["pageSize", "margins", "defaultFont", "defaultFontSize", "defaultLineHeight", "fonts", "header", "footer", "watermark", "encryption", "signature", "bookmarks", "hyphenation", "metadata", "defaultParagraphStyle", "sections", "content", "flattenForms", "onImageLoadError", "onFormFieldError", "renderDate", "allowedFileDirs"];
-declare const METADATA_KEYS: readonly ["title", "author", "subject", "keywords", "creator", "language", "producer"];
+declare const METADATA_KEYS: readonly ["title", "author", "subject", "keywords", "creator", "language", "producer", "accessibility", "semantic"];
 declare const PARAGRAPH_KEYS: readonly ["type", "text", "dir", "fontSize", "lineHeight", "fontFamily", "fontWeight", "color", "align", "bgColor", "spaceAfter", "spaceBefore", "keepTogether", "underline", "strikethrough", "url", "columns", "columnGap", "hyphenate", "letterSpacing", "smallCaps", "tabularNumbers", "annotation"];
 declare const HEADING_KEYS: readonly ["type", "level", "text", "dir", "fontFamily", "fontWeight", "fontSize", "lineHeight", "align", "color", "bgColor", "spaceBefore", "spaceAfter", "keepTogether", "underline", "strikethrough", "bookmark", "hyphenate", "url", "anchor", "letterSpacing", "smallCaps", "tabularNumbers", "annotation"];
 declare const SPACER_KEYS: readonly ["type", "height"];
@@ -23,7 +23,7 @@ declare const BARCODE_KEYS: readonly ["type", "symbology", "data", "width", "hei
 declare const CHART_KEYS: readonly ["type", "spec", "width", "height", "caption", "align", "spaceBefore", "spaceAfter"];
 declare const LIST_KEYS: readonly ["type", "style", "items", "marker", "indent", "markerWidth", "fontSize", "lineHeight", "itemSpaceAfter", "spaceAfter", "spaceBefore", "color", "nestedNumberingStyle"];
 declare const LIST_ITEM_KEYS: readonly ["text", "dir", "fontWeight", "items"];
-declare const HR_KEYS: readonly ["type", "thickness", "color", "spaceAbove", "spaceBelow", "spaceBefore", "spaceAfter"];
+declare const HR_KEYS: readonly ["type", "thickness", "color", "spaceBefore", "spaceAfter"];
 declare const PAGE_BREAK_KEYS: readonly ["type"];
 declare const CODE_KEYS: readonly ["type", "text", "dir", "fontFamily", "fontSize", "lineHeight", "bgColor", "color", "padding", "spaceAfter", "spaceBefore", "keepTogether", "language", "highlightTheme"];
 declare const RICH_PARAGRAPH_KEYS: readonly ["type", "spans", "dir", "fontSize", "lineHeight", "align", "bgColor", "spaceBefore", "spaceAfter", "keepTogether", "columns", "columnGap", "letterSpacing", "smallCaps", "tabularNumbers"];
@@ -31,7 +31,11 @@ declare const INLINE_SPAN_KEYS: readonly ["text", "dir", "fontFamily", "fontWeig
 declare const BLOCKQUOTE_KEYS: readonly ["type", "text", "dir", "borderColor", "borderWidth", "bgColor", "color", "fontFamily", "fontWeight", "fontStyle", "fontSize", "lineHeight", "padding", "paddingH", "paddingV", "align", "spaceBefore", "spaceAfter", "keepTogether", "underline", "strikethrough"];
 declare const CALLOUT_KEYS: readonly ["type", "content", "style", "title", "backgroundColor", "borderColor", "color", "titleColor", "fontFamily", "fontWeight", "fontSize", "lineHeight", "padding", "paddingH", "paddingV", "spaceAfter", "spaceBefore", "keepTogether", "dir"];
 declare const COMMENT_KEYS: readonly ["type", "contents", "author", "color", "open", "spaceAfter"];
-declare const FORM_FIELD_KEYS: readonly ["type", "fieldType", "name", "label", "placeholder", "defaultValue", "multiline", "maxLength", "checked", "options", "defaultSelected", "width", "height", "fontSize", "borderColor", "backgroundColor", "spaceAfter", "spaceBefore", "keepTogether"];
+declare const TEXT_FORM_FIELD_KEYS: readonly ["type", "fieldType", "name", "label", "width", "height", "fontSize", "borderColor", "backgroundColor", "spaceAfter", "spaceBefore", "keepTogether", "accessibilityLabel", "placeholder", "defaultValue", "multiline", "maxLength"];
+declare const CHECKBOX_FORM_FIELD_KEYS: readonly ["type", "fieldType", "name", "label", "width", "height", "fontSize", "borderColor", "backgroundColor", "spaceAfter", "spaceBefore", "keepTogether", "accessibilityLabel", "checked"];
+declare const RADIO_FORM_FIELD_KEYS: readonly ["type", "fieldType", "name", "label", "width", "height", "fontSize", "borderColor", "backgroundColor", "spaceAfter", "spaceBefore", "keepTogether", "accessibilityLabel", "options", "defaultSelected"];
+declare const DROPDOWN_FORM_FIELD_KEYS: readonly ["type", "fieldType", "name", "label", "width", "height", "fontSize", "borderColor", "backgroundColor", "spaceAfter", "spaceBefore", "keepTogether", "accessibilityLabel", "options", "defaultSelected"];
+declare const BUTTON_FORM_FIELD_KEYS: readonly ["type", "fieldType", "name", "label", "width", "height", "fontSize", "borderColor", "backgroundColor", "spaceAfter", "spaceBefore", "keepTogether", "accessibilityLabel"];
 declare const FOOTNOTE_DEF_KEYS: readonly ["type", "id", "text", "fontSize", "fontFamily", "spaceAfter"];
 declare const TOC_KEYS: readonly ["type", "title", "showTitle", "minLevel", "maxLevel", "fontSize", "titleFontSize", "levelIndent", "leader", "entrySpacing", "fontFamily", "spaceBefore", "spaceAfter"];
 declare const TOC_ENTRY_KEYS: readonly ["type", "text", "pageNumber", "level", "levelIndent", "leader", "fontFamily", "fontWeight"];
@@ -70,7 +74,11 @@ export type _AllowedPropsDriftGuard = [
     Exact<BlockquoteElement, typeof BLOCKQUOTE_KEYS>,
     Exact<CalloutElement, typeof CALLOUT_KEYS>,
     Exact<CommentElement, typeof COMMENT_KEYS>,
-    Exact<FormFieldElement, typeof FORM_FIELD_KEYS>,
+    Exact<TextFormField, typeof TEXT_FORM_FIELD_KEYS>,
+    Exact<CheckboxFormField, typeof CHECKBOX_FORM_FIELD_KEYS>,
+    Exact<RadioFormField, typeof RADIO_FORM_FIELD_KEYS>,
+    Exact<DropdownFormField, typeof DROPDOWN_FORM_FIELD_KEYS>,
+    Exact<ButtonFormField, typeof BUTTON_FORM_FIELD_KEYS>,
     Exact<FootnoteDefElement, typeof FOOTNOTE_DEF_KEYS>,
     Exact<TocElement, typeof TOC_KEYS>,
     Exact<TocEntryElement, typeof TOC_ENTRY_KEYS>,
@@ -89,7 +97,7 @@ export declare const ALLOWED_PROPS: {
     readonly barcode: Set<"type" | "align" | "spaceAfter" | "spaceBefore" | "height" | "width" | "data" | "symbology" | "includeText">;
     readonly chart: Set<"type" | "align" | "spaceAfter" | "spaceBefore" | "height" | "width" | "spec" | "caption">;
     readonly list: Set<"type" | "fontSize" | "lineHeight" | "color" | "spaceAfter" | "spaceBefore" | "style" | "items" | "marker" | "indent" | "markerWidth" | "itemSpaceAfter" | "nestedNumberingStyle">;
-    readonly hr: Set<"type" | "color" | "spaceAfter" | "spaceBefore" | "thickness" | "spaceAbove" | "spaceBelow">;
+    readonly hr: Set<"type" | "color" | "spaceAfter" | "spaceBefore" | "thickness">;
     readonly 'page-break': Set<"type">;
     readonly code: Set<"text" | "language" | "type" | "dir" | "fontSize" | "lineHeight" | "fontFamily" | "color" | "bgColor" | "spaceAfter" | "spaceBefore" | "keepTogether" | "padding" | "highlightTheme">;
     readonly 'rich-paragraph': Set<"type" | "dir" | "fontSize" | "lineHeight" | "align" | "bgColor" | "spaceAfter" | "spaceBefore" | "keepTogether" | "columns" | "columnGap" | "letterSpacing" | "smallCaps" | "tabularNumbers" | "spans">;
@@ -97,14 +105,21 @@ export declare const ALLOWED_PROPS: {
     readonly toc: Set<"title" | "type" | "fontSize" | "fontFamily" | "spaceAfter" | "spaceBefore" | "showTitle" | "minLevel" | "maxLevel" | "titleFontSize" | "levelIndent" | "leader" | "entrySpacing">;
     readonly 'toc-entry': Set<"text" | "type" | "fontFamily" | "fontWeight" | "level" | "levelIndent" | "leader" | "pageNumber">;
     readonly comment: Set<"author" | "type" | "color" | "spaceAfter" | "contents" | "open">;
-    readonly 'form-field': Set<"type" | "fontSize" | "spaceAfter" | "spaceBefore" | "keepTogether" | "height" | "borderColor" | "width" | "backgroundColor" | "fieldType" | "name" | "label" | "placeholder" | "defaultValue" | "multiline" | "maxLength" | "checked" | "options" | "defaultSelected">;
     readonly callout: Set<"content" | "title" | "type" | "dir" | "fontSize" | "lineHeight" | "fontFamily" | "fontWeight" | "color" | "spaceAfter" | "spaceBefore" | "keepTogether" | "borderColor" | "style" | "padding" | "paddingH" | "paddingV" | "backgroundColor" | "titleColor">;
     readonly 'footnote-def': Set<"text" | "type" | "fontSize" | "fontFamily" | "spaceAfter" | "id">;
     readonly 'float-group': Set<"image" | "content" | "type" | "spaceAfter" | "spaceBefore" | "float" | "floatWidth" | "floatGap">;
+    readonly 'form-field': Set<"type" | "fontSize" | "spaceAfter" | "spaceBefore" | "keepTogether" | "height" | "borderColor" | "width" | "backgroundColor" | "fieldType" | "name" | "label" | "accessibilityLabel" | "placeholder" | "defaultValue" | "multiline" | "maxLength" | "checked" | "options" | "defaultSelected">;
 };
+/**
+ * Per-variant allowed-property sets for form-field strict validation.
+ * Typed as a closed record over the exact fieldType literals so TypeScript
+ * will fail the build if a new variant is added to FormFieldElement without
+ * a corresponding entry here.
+ */
+export declare const FORM_FIELD_VARIANT_PROPS: Record<'text' | 'checkbox' | 'radio' | 'dropdown' | 'button', ReadonlySet<string>>;
 export declare const ALLOWED_PROPS_SUB: {
-    readonly document: Set<"header" | "footer" | "pageSize" | "margins" | "defaultFont" | "defaultFontSize" | "defaultLineHeight" | "fonts" | "watermark" | "encryption" | "signature" | "bookmarks" | "hyphenation" | "metadata" | "defaultParagraphStyle" | "sections" | "content" | "flattenForms" | "onImageLoadError" | "onFormFieldError" | "renderDate" | "allowedFileDirs">;
-    readonly metadata: Set<"title" | "author" | "subject" | "keywords" | "creator" | "language" | "producer">;
+    readonly document: Set<"header" | "footer" | "signature" | "pageSize" | "margins" | "defaultFont" | "defaultFontSize" | "defaultLineHeight" | "fonts" | "watermark" | "encryption" | "bookmarks" | "hyphenation" | "metadata" | "defaultParagraphStyle" | "sections" | "content" | "flattenForms" | "onImageLoadError" | "onFormFieldError" | "renderDate" | "allowedFileDirs">;
+    readonly metadata: Set<"title" | "author" | "subject" | "keywords" | "creator" | "language" | "producer" | "accessibility" | "semantic">;
     readonly 'column-def': Set<"align" | "width">;
     readonly 'table-row': Set<"cells" | "isHeader">;
     readonly 'table-cell': Set<"text" | "dir" | "fontSize" | "fontFamily" | "fontWeight" | "color" | "align" | "bgColor" | "tabularNumbers" | "colspan" | "rowspan">;

package/dist/allowed-props.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"allowed-props.d.ts","sourceRoot":"","sources":["../src/allowed-props.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,WAAW,EACX,gBAAgB,EAChB,cAAc,EACd,aAAa,EACb,YAAY,EACZ,SAAS,EACT,SAAS,EACT,YAAY,EACZ,UAAU,EACV,aAAa,EACb,cAAc,EACd,YAAY,EACZ,WAAW,EACX,QAAQ,EACR,qBAAqB,EACrB,gBAAgB,EAChB,gBAAgB,EAChB,oBAAoB,EACpB,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,gBAAgB,EAChB,kBAAkB,EAClB,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,QAAQ,EACR,gBAAgB,EAChB,cAAc,EACf,MAAM,YAAY,CAAA;AACnB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAE1D,oFAAoF;AACpF,KAAK,KAAK,CAAC,CAAC,EAAE,IAAI,SAAS,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;AAIpG,QAAA,MAAM,QAAQ,+UAKJ,CAAA;AAEV,QAAA,MAAM,aAAa,wFAAyF,CAAA;AAE5G,QAAA,MAAM,cAAc,0SAKV,CAAA;AAEV,QAAA,MAAM,YAAY,iTAKR,CAAA;AAEV,QAAA,MAAM,WAAW,6BAA8B,CAAA;AAE/C,QAAA,MAAM,UAAU,mLAGN,CAAA;AAEV,QAAA,MAAM,eAAe,6BAA8B,CAAA;AAEnD,QAAA,MAAM,cAAc,gCAAiC,CAAA;AAErD,QAAA,MAAM,eAAe,uIAGX,CAAA;AAEV,QAAA,MAAM,UAAU,6MAIN,CAAA;AAEV,QAAA,MAAM,QAAQ,0FAA2F,CAAA;AAEzG,QAAA,MAAM,YAAY,uIAGR,CAAA;AAEV,QAAA,MAAM,YAAY,gHAER,CAAA;AAEV,QAAA,MAAM,UAAU,+FAAgG,CAAA;AAEhH,QAAA,MAAM,SAAS,kLAGL,CAAA;AAEV,QAAA,MAAM,cAAc,iDAAkD,CAAA;AAEtE,QAAA,MAAM,OAAO,kGAAmG,CAAA;AAEhH,QAAA,MAAM,eAAe,mBAAoB,CAAA;AAEzC,QAAA,MAAM,SAAS,oLAGL,CAAA;AAEV,QAAA,MAAM,mBAAmB,sMAIf,CAAA;AAEV,QAAA,MAAM,gBAAgB,mMAGZ,CAAA;AAEV,QAAA,MAAM,eAAe,8QAIX,CAAA;AAEV,QAAA,MAAM,YAAY,sPAIR,CAAA;AAEV,QAAA,MAAM,YAAY,wEAAyE,CAAA;AAE3F,QAAA,MAAM,eAAe,iQAIX,CAAA;AAEV,QAAA,MAAM,iBAAiB,yEAA0E,CAAA;AAEjG,QAAA,MAAM,QAAQ,kLAGJ,CAAA;AAEV,QAAA,MAAM,cAAc,uGAAwG,CAAA;AAE5H,QAAA,MAAM,gBAAgB,uGAAwG,CAAA;AAE9H,QAAA,MAAM,eAAe,kDAAmD,CAAA;AAExE,QAAA,MAAM,eAAe,2DAA4D,CAAA;AAEjF;;;;;;GAMG;AACH,MAAM,MAAM,uBAAuB,GAAG;IACpC,KAAK,CAAC,WAAW,EAAE,OAAO,QAAQ,CAAC;IACnC,KAAK,CAAC,gBAAgB,EAAE,OAAO,aAAa,CAAC;IAC7C,KAAK,CAAC,gBAAgB,EAAE,OAAO,cAAc,CAAC;IAC9C,KAAK,CAAC,cAAc,EAAE,OAAO,YAAY,CAAC;IAC1C,KAAK,CAAC,aAAa,EAAE,OAAO,WAAW,CAAC;IACxC,KAAK,CAAC,YAAY,EAAE,OAAO,UAAU,CAAC;IACtC,KAAK,CAAC,SAAS,EAAE,OAAO,eAAe,CAAC;IACxC,KAAK,CAAC,QAAQ,EAAE,OAAO,cAAc,CAAC;IACtC,KAAK,CAAC,SAAS,EAAE,OAAO,eAAe,CAAC;IACxC,KAAK,CAAC,YAAY,EAAE,OAAO,UAAU,CAAC;IACtC,KAAK,CAAC,UAAU,EAAE,OAAO,QAAQ,CAAC;IAClC,KAAK,CAAC,aAAa,EAAE,OAAO,YAAY,CAAC;IACzC,KAAK,CAAC,cAAc,EAAE,OAAO,YAAY,CAAC;IAC1C,KAAK,CAAC,YAAY,EAAE,OAAO,UAAU,CAAC;IACtC,KAAK,CAAC,WAAW,EAAE,OAAO,SAAS,CAAC;IACpC,KAAK,CAAC,QAAQ,EAAE,OAAO,cAAc,CAAC;IACtC,KAAK,CAAC,qBAAqB,EAAE,OAAO,OAAO,CAAC;IAC5C,KAAK,CAAC,gBAAgB,EAAE,OAAO,eAAe,CAAC;IAC/C,KAAK,CAAC,gBAAgB,EAAE,OAAO,SAAS,CAAC;IACzC,KAAK,CAAC,oBAAoB,EAAE,OAAO,mBAAmB,CAAC;IACvD,KAAK,CAAC,UAAU,EAAE,OAAO,gBAAgB,CAAC;IAC1C,KAAK,CAAC,iBAAiB,EAAE,OAAO,eAAe,CAAC;IAChD,KAAK,CAAC,cAAc,EAAE,OAAO,YAAY,CAAC;IAC1C,KAAK,CAAC,cAAc,EAAE,OAAO,YAAY,CAAC;IAC1C,KAAK,CAAC,gBAAgB,EAAE,OAAO,eAAe,CAAC;IAC/C,KAAK,CAAC,kBAAkB,EAAE,OAAO,iBAAiB,CAAC;IACnD,KAAK,CAAC,UAAU,EAAE,OAAO,QAAQ,CAAC;IAClC,KAAK,CAAC,eAAe,EAAE,OAAO,cAAc,CAAC;IAC7C,KAAK,CAAC,iBAAiB,EAAE,OAAO,gBAAgB,CAAC;IACjD,KAAK,CAAC,cAAc,EAAE,OAAO,eAAe,CAAC;IAC7C,KAAK,CAAC,cAAc,EAAE,OAAO,eAAe,CAAC;CAC9C,CAAA;AAID,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;CAuBhB,CAAA;AAEV,eAAO,MAAM,iBAAiB;;;;;;;;;;CAUpB,CAAA"}
+{"version":3,"file":"allowed-props.d.ts","sourceRoot":"","sources":["../src/allowed-props.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,WAAW,EACX,gBAAgB,EAChB,cAAc,EACd,aAAa,EACb,YAAY,EACZ,SAAS,EACT,SAAS,EACT,YAAY,EACZ,UAAU,EACV,aAAa,EACb,cAAc,EACd,YAAY,EACZ,WAAW,EACX,QAAQ,EACR,qBAAqB,EACrB,gBAAgB,EAChB,gBAAgB,EAChB,oBAAoB,EACpB,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,aAAa,EACb,iBAAiB,EACjB,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,QAAQ,EACR,gBAAgB,EAChB,cAAc,EACf,MAAM,YAAY,CAAA;AACnB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAE1D,oFAAoF;AACpF,KAAK,KAAK,CAAC,CAAC,EAAE,IAAI,SAAS,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;AAIpG,QAAA,MAAM,QAAQ,+UAKJ,CAAA;AAEV,QAAA,MAAM,aAAa,qHAAsH,CAAA;AAEzI,QAAA,MAAM,cAAc,0SAKV,CAAA;AAEV,QAAA,MAAM,YAAY,iTAKR,CAAA;AAEV,QAAA,MAAM,WAAW,6BAA8B,CAAA;AAE/C,QAAA,MAAM,UAAU,mLAGN,CAAA;AAEV,QAAA,MAAM,eAAe,6BAA8B,CAAA;AAEnD,QAAA,MAAM,cAAc,gCAAiC,CAAA;AAErD,QAAA,MAAM,eAAe,uIAGX,CAAA;AAEV,QAAA,MAAM,UAAU,6MAIN,CAAA;AAEV,QAAA,MAAM,QAAQ,0FAA2F,CAAA;AAEzG,QAAA,MAAM,YAAY,uIAGR,CAAA;AAEV,QAAA,MAAM,YAAY,gHAER,CAAA;AAEV,QAAA,MAAM,UAAU,+FAAgG,CAAA;AAEhH,QAAA,MAAM,SAAS,kLAGL,CAAA;AAEV,QAAA,MAAM,cAAc,iDAAkD,CAAA;AAEtE,QAAA,MAAM,OAAO,sEAAuE,CAAA;AAEpF,QAAA,MAAM,eAAe,mBAAoB,CAAA;AAEzC,QAAA,MAAM,SAAS,oLAGL,CAAA;AAEV,QAAA,MAAM,mBAAmB,sMAIf,CAAA;AAEV,QAAA,MAAM,gBAAgB,mMAGZ,CAAA;AAEV,QAAA,MAAM,eAAe,8QAIX,CAAA;AAEV,QAAA,MAAM,YAAY,sPAIR,CAAA;AAEV,QAAA,MAAM,YAAY,wEAAyE,CAAA;AAQ3F,QAAA,MAAM,oBAAoB,8OAA8F,CAAA;AACxH,QAAA,MAAM,wBAAwB,gMAAgD,CAAA;AAC9E,QAAA,MAAM,qBAAqB,mNAAmE,CAAA;AAC9F,QAAA,MAAM,wBAAwB,mNAAmE,CAAA;AACjG,QAAA,MAAM,sBAAsB,qLAAqC,CAAA;AAiBjE,QAAA,MAAM,iBAAiB,yEAA0E,CAAA;AAEjG,QAAA,MAAM,QAAQ,kLAGJ,CAAA;AAEV,QAAA,MAAM,cAAc,uGAAwG,CAAA;AAE5H,QAAA,MAAM,gBAAgB,uGAAwG,CAAA;AAE9H,QAAA,MAAM,eAAe,kDAAmD,CAAA;AAExE,QAAA,MAAM,eAAe,2DAA4D,CAAA;AAEjF;;;;;;GAMG;AACH,MAAM,MAAM,uBAAuB,GAAG;IACpC,KAAK,CAAC,WAAW,EAAE,OAAO,QAAQ,CAAC;IACnC,KAAK,CAAC,gBAAgB,EAAE,OAAO,aAAa,CAAC;IAC7C,KAAK,CAAC,gBAAgB,EAAE,OAAO,cAAc,CAAC;IAC9C,KAAK,CAAC,cAAc,EAAE,OAAO,YAAY,CAAC;IAC1C,KAAK,CAAC,aAAa,EAAE,OAAO,WAAW,CAAC;IACxC,KAAK,CAAC,YAAY,EAAE,OAAO,UAAU,CAAC;IACtC,KAAK,CAAC,SAAS,EAAE,OAAO,eAAe,CAAC;IACxC,KAAK,CAAC,QAAQ,EAAE,OAAO,cAAc,CAAC;IACtC,KAAK,CAAC,SAAS,EAAE,OAAO,eAAe,CAAC;IACxC,KAAK,CAAC,YAAY,EAAE,OAAO,UAAU,CAAC;IACtC,KAAK,CAAC,UAAU,EAAE,OAAO,QAAQ,CAAC;IAClC,KAAK,CAAC,aAAa,EAAE,OAAO,YAAY,CAAC;IACzC,KAAK,CAAC,cAAc,EAAE,OAAO,YAAY,CAAC;IAC1C,KAAK,CAAC,YAAY,EAAE,OAAO,UAAU,CAAC;IACtC,KAAK,CAAC,WAAW,EAAE,OAAO,SAAS,CAAC;IACpC,KAAK,CAAC,QAAQ,EAAE,OAAO,cAAc,CAAC;IACtC,KAAK,CAAC,qBAAqB,EAAE,OAAO,OAAO,CAAC;IAC5C,KAAK,CAAC,gBAAgB,EAAE,OAAO,eAAe,CAAC;IAC/C,KAAK,CAAC,gBAAgB,EAAE,OAAO,SAAS,CAAC;IACzC,KAAK,CAAC,oBAAoB,EAAE,OAAO,mBAAmB,CAAC;IACvD,KAAK,CAAC,UAAU,EAAE,OAAO,gBAAgB,CAAC;IAC1C,KAAK,CAAC,iBAAiB,EAAE,OAAO,eAAe,CAAC;IAChD,KAAK,CAAC,cAAc,EAAE,OAAO,YAAY,CAAC;IAC1C,KAAK,CAAC,cAAc,EAAE,OAAO,YAAY,CAAC;IAC1C,KAAK,CAAC,aAAa,EAAE,OAAO,oBAAoB,CAAC;IACjD,KAAK,CAAC,iBAAiB,EAAE,OAAO,wBAAwB,CAAC;IACzD,KAAK,CAAC,cAAc,EAAE,OAAO,qBAAqB,CAAC;IACnD,KAAK,CAAC,iBAAiB,EAAE,OAAO,wBAAwB,CAAC;IACzD,KAAK,CAAC,eAAe,EAAE,OAAO,sBAAsB,CAAC;IACrD,KAAK,CAAC,kBAAkB,EAAE,OAAO,iBAAiB,CAAC;IACnD,KAAK,CAAC,UAAU,EAAE,OAAO,QAAQ,CAAC;IAClC,KAAK,CAAC,eAAe,EAAE,OAAO,cAAc,CAAC;IAC7C,KAAK,CAAC,iBAAiB,EAAE,OAAO,gBAAgB,CAAC;IACjD,KAAK,CAAC,cAAc,EAAE,OAAO,eAAe,CAAC;IAC7C,KAAK,CAAC,cAAc,EAAE,OAAO,eAAe,CAAC;CAC9C,CAAA;AAID,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;CAuBhB,CAAA;AAEV;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,EAAE,MAAM,CAC3C,MAAM,GAAG,UAAU,GAAG,OAAO,GAAG,UAAU,GAAG,QAAQ,EACrD,WAAW,CAAC,MAAM,CAAC,CAOpB,CAAA;AAED,eAAO,MAAM,iBAAiB;;;;;;;;;;CAUpB,CAAA"}

package/dist/allowed-props.js

@@ -10,7 +10,7 @@ const DOC_KEYS = [
     'hyphenation', 'metadata', 'defaultParagraphStyle', 'sections', 'content',
     'flattenForms', 'onImageLoadError', 'onFormFieldError', 'renderDate', 'allowedFileDirs',
 ];
-const METADATA_KEYS = ['title', 'author', 'subject', 'keywords', 'creator', 'language', 'producer'];
+const METADATA_KEYS = ['title', 'author', 'subject', 'keywords', 'creator', 'language', 'producer', 'accessibility', 'semantic'];
 const PARAGRAPH_KEYS = [
     'type', 'text', 'dir', 'fontSize', 'lineHeight', 'fontFamily', 'fontWeight', 'color',
     'align', 'bgColor', 'spaceAfter', 'spaceBefore', 'keepTogether', 'underline',
@@ -53,7 +53,7 @@ const LIST_KEYS = [
     'itemSpaceAfter', 'spaceAfter', 'spaceBefore', 'color', 'nestedNumberingStyle',
 ];
 const LIST_ITEM_KEYS = ['text', 'dir', 'fontWeight', 'items'];
-const HR_KEYS = ['type', 'thickness', 'color', 'spaceAbove', 'spaceBelow', 'spaceBefore', 'spaceAfter'];
+const HR_KEYS = ['type', 'thickness', 'color', 'spaceBefore', 'spaceAfter'];
 const PAGE_BREAK_KEYS = ['type'];
 const CODE_KEYS = [
     'type', 'text', 'dir', 'fontFamily', 'fontSize', 'lineHeight', 'bgColor', 'color',
@@ -79,10 +79,29 @@ const CALLOUT_KEYS = [
     'spaceAfter', 'spaceBefore', 'keepTogether', 'dir',
 ];
 const COMMENT_KEYS = ['type', 'contents', 'author', 'color', 'open', 'spaceAfter'];
-const FORM_FIELD_KEYS = [
-    'type', 'fieldType', 'name', 'label', 'placeholder', 'defaultValue', 'multiline',
-    'maxLength', 'checked', 'options', 'defaultSelected', 'width', 'height', 'fontSize',
+const FORM_FIELD_BASE_KEYS = [
+    'type', 'fieldType', 'name', 'label', 'width', 'height', 'fontSize',
     'borderColor', 'backgroundColor', 'spaceAfter', 'spaceBefore', 'keepTogether',
+    'accessibilityLabel',
+];
+const TEXT_FORM_FIELD_KEYS = [...FORM_FIELD_BASE_KEYS, 'placeholder', 'defaultValue', 'multiline', 'maxLength'];
+const CHECKBOX_FORM_FIELD_KEYS = [...FORM_FIELD_BASE_KEYS, 'checked'];
+const RADIO_FORM_FIELD_KEYS = [...FORM_FIELD_BASE_KEYS, 'options', 'defaultSelected'];
+const DROPDOWN_FORM_FIELD_KEYS = [...FORM_FIELD_BASE_KEYS, 'options', 'defaultSelected'];
+const BUTTON_FORM_FIELD_KEYS = [...FORM_FIELD_BASE_KEYS];
+/**
+ * Union of every field that can appear on *any* FormFieldElement variant.
+ * Used for the top-level ALLOWED_PROPS dispatch so the generic strict check in
+ * validate/index.ts never false-flags a valid variant-specific key (e.g.
+ * `placeholder` on a text field). The per-variant check inside
+ * validateFormField then narrows further and rejects cross-variant
+ * contamination (e.g. `checked` on a text field).
+ */
+const FORM_FIELD_ALL_KEYS = [
+    ...FORM_FIELD_BASE_KEYS,
+    'placeholder', 'defaultValue', 'multiline', 'maxLength', // text only
+    'checked', // checkbox only
+    'options', 'defaultSelected', // radio + dropdown
 ];
 const FOOTNOTE_DEF_KEYS = ['type', 'id', 'text', 'fontSize', 'fontFamily', 'spaceAfter'];
 const TOC_KEYS = [
@@ -113,10 +132,23 @@ export const ALLOWED_PROPS = {
     'toc': new Set(TOC_KEYS),
     'toc-entry': new Set(TOC_ENTRY_KEYS),
     'comment': new Set(COMMENT_KEYS),
-    'form-field': new Set(FORM_FIELD_KEYS),
     'callout': new Set(CALLOUT_KEYS),
     'footnote-def': new Set(FOOTNOTE_DEF_KEYS),
     'float-group': new Set(FLOAT_GROUP_KEYS),
+    'form-field': new Set(FORM_FIELD_ALL_KEYS),
+};
+/**
+ * Per-variant allowed-property sets for form-field strict validation.
+ * Typed as a closed record over the exact fieldType literals so TypeScript
+ * will fail the build if a new variant is added to FormFieldElement without
+ * a corresponding entry here.
+ */
+export const FORM_FIELD_VARIANT_PROPS = {
+    text: new Set(TEXT_FORM_FIELD_KEYS),
+    checkbox: new Set(CHECKBOX_FORM_FIELD_KEYS),
+    radio: new Set(RADIO_FORM_FIELD_KEYS),
+    dropdown: new Set(DROPDOWN_FORM_FIELD_KEYS),
+    button: new Set(BUTTON_FORM_FIELD_KEYS),
 };
 export const ALLOWED_PROPS_SUB = {
     'document': new Set(DOC_KEYS),

package/dist/allowed-props.js.map

@@ -1 +1 @@
-{"version":3,"file":"allowed-props.js","sourceRoot":"","sources":["../src/allowed-props.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAuCH,iFAAiF;AAEjF,MAAM,QAAQ,GAAG;IACf,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,iBAAiB,EAAE,mBAAmB;IAC5E,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW;IAChF,aAAa,EAAE,UAAU,EAAE,uBAAuB,EAAE,UAAU,EAAE,SAAS;IACzE,cAAc,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,YAAY,EAAE,iBAAiB;CAC/E,CAAA;AAEV,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,CAAU,CAAA;AAE5G,MAAM,cAAc,GAAG;IACrB,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,OAAO;IACpF,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW;IAC5E,eAAe,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe;IAC5E,WAAW,EAAE,gBAAgB,EAAE,YAAY;CACnC,CAAA;AAEV,MAAM,YAAY,GAAG;IACnB,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY;IACpF,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,WAAW;IACrF,eAAe,EAAE,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,WAAW;IACvF,gBAAgB,EAAE,YAAY;CACtB,CAAA;AAEV,MAAM,WAAW,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAU,CAAA;AAE/C,MAAM,UAAU,GAAG;IACjB,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa;IAC5E,eAAe,EAAE,UAAU,EAAE,cAAc,EAAE,cAAc,EAAE,YAAY,EAAE,aAAa;CAChF,CAAA;AAEV,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,OAAO,CAAU,CAAA;AAEnD,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,UAAU,CAAU,CAAA;AAErD,MAAM,eAAe,GAAG;IACtB,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS;IAClF,SAAS,EAAE,SAAS,EAAE,gBAAgB;CAC9B,CAAA;AAEV,MAAM,UAAU,GAAG;IACjB,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,aAAa;IAChF,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,eAAe;IAC7E,iBAAiB,EAAE,YAAY;CACvB,CAAA;AAEV,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE,YAAY,CAAU,CAAA;AAEzG,MAAM,YAAY,GAAG;IACnB,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,sBAAsB,EAAE,YAAY,EAAE,YAAY,EAAE,QAAQ;IACpF,OAAO,EAAE,aAAa,EAAE,YAAY;CAC5B,CAAA;AAEV,MAAM,YAAY,GAAG;IACnB,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,aAAa,EAAE,YAAY;CAC3F,CAAA;AAEV,MAAM,UAAU,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,YAAY,CAAU,CAAA;AAEhH,MAAM,SAAS,GAAG;IAChB,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,UAAU,EAAE,YAAY;IACrF,gBAAgB,EAAE,YAAY,EAAE,aAAa,EAAE,OAAO,EAAE,sBAAsB;CACtE,CAAA;AAEV,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,OAAO,CAAU,CAAA;AAEtE,MAAM,OAAO,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,CAAU,CAAA;AAEhH,MAAM,eAAe,GAAG,CAAC,MAAM,CAAU,CAAA;AAEzC,MAAM,SAAS,GAAG;IAChB,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,OAAO;IACjF,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,UAAU,EAAE,gBAAgB;CAC5E,CAAA;AAEV,MAAM,mBAAmB,GAAG;IAC1B,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa;IACnF,YAAY,EAAE,cAAc,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,EAAE,WAAW;IAClF,gBAAgB;CACR,CAAA;AAEV,MAAM,gBAAgB,GAAG;IACvB,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW;IACxF,eAAe,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,WAAW,EAAE,eAAe,EAAE,aAAa;CACpF,CAAA;AAEV,MAAM,eAAe,GAAG;IACtB,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY;IACrF,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU;IACtF,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,eAAe;CAC1E,CAAA;AAEV,MAAM,YAAY,GAAG;IACnB,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,OAAO,EAAE,YAAY;IAC5F,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU;IACvF,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,KAAK;CAC1C,CAAA;AAEV,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,CAAU,CAAA;AAE3F,MAAM,eAAe,GAAG;IACtB,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW;IAChF,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,iBAAiB,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU;IACnF,aAAa,EAAE,iBAAiB,EAAE,YAAY,EAAE,aAAa,EAAE,cAAc;CACrE,CAAA;AAEV,MAAM,iBAAiB,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,CAAU,CAAA;AAEjG,MAAM,QAAQ,GAAG;IACf,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,eAAe;IACjF,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY;CAC1E,CAAA;AAEV,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,CAAU,CAAA;AAE5H,MAAM,gBAAgB,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,YAAY,CAAU,CAAA;AAE9H,MAAM,eAAe,GAAG,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAU,CAAA;AAExE,MAAM,eAAe,GAAG,CAAC,cAAc,EAAE,eAAe,EAAE,aAAa,CAAU,CAAA;AA2CjF,iFAAiF;AAEjF,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,WAAW,EAAE,IAAI,GAAG,CAAC,cAAc,CAAC;IACpC,SAAS,EAAE,IAAI,GAAG,CAAC,YAAY,CAAC;IAChC,QAAQ,EAAE,IAAI,GAAG,CAAC,WAAW,CAAC;IAC9B,OAAO,EAAE,IAAI,GAAG,CAAC,UAAU,CAAC;IAC5B,OAAO,EAAE,IAAI,GAAG,CAAC,UAAU,CAAC;IAC5B,KAAK,EAAE,IAAI,GAAG,CAAC,QAAQ,CAAC;IACxB,SAAS,EAAE,IAAI,GAAG,CAAC,YAAY,CAAC;IAChC,SAAS,EAAE,IAAI,GAAG,CAAC,YAAY,CAAC;IAChC,OAAO,EAAE,IAAI,GAAG,CAAC,UAAU,CAAC;IAC5B,MAAM,EAAE,IAAI,GAAG,CAAC,SAAS,CAAC;IAC1B,IAAI,EAAE,IAAI,GAAG,CAAC,OAAO,CAAC;IACtB,YAAY,EAAE,IAAI,GAAG,CAAC,eAAe,CAAC;IACtC,MAAM,EAAE,IAAI,GAAG,CAAC,SAAS,CAAC;IAC1B,gBAAgB,EAAE,IAAI,GAAG,CAAC,mBAAmB,CAAC;IAC9C,YAAY,EAAE,IAAI,GAAG,CAAC,eAAe,CAAC;IACtC,KAAK,EAAE,IAAI,GAAG,CAAC,QAAQ,CAAC;IACxB,WAAW,EAAE,IAAI,GAAG,CAAC,cAAc,CAAC;IACpC,SAAS,EAAE,IAAI,GAAG,CAAC,YAAY,CAAC;IAChC,YAAY,EAAE,IAAI,GAAG,CAAC,eAAe,CAAC;IACtC,SAAS,EAAE,IAAI,GAAG,CAAC,YAAY,CAAC;IAChC,cAAc,EAAE,IAAI,GAAG,CAAC,iBAAiB,CAAC;IAC1C,aAAa,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC;CAChC,CAAA;AAEV,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,UAAU,EAAE,IAAI,GAAG,CAAC,QAAQ,CAAC;IAC7B,UAAU,EAAE,IAAI,GAAG,CAAC,aAAa,CAAC;IAClC,YAAY,EAAE,IAAI,GAAG,CAAC,eAAe,CAAC;IACtC,WAAW,EAAE,IAAI,GAAG,CAAC,cAAc,CAAC;IACpC,YAAY,EAAE,IAAI,GAAG,CAAC,eAAe,CAAC;IACtC,WAAW,EAAE,IAAI,GAAG,CAAC,cAAc,CAAC;IACpC,aAAa,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC;IACxC,YAAY,EAAE,IAAI,GAAG,CAAC,eAAe,CAAC;IACtC,YAAY,EAAE,IAAI,GAAG,CAAC,eAAe,CAAC;CAC9B,CAAA"}
+{"version":3,"file":"allowed-props.js","sourceRoot":"","sources":["../src/allowed-props.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA2CH,iFAAiF;AAEjF,MAAM,QAAQ,GAAG;IACf,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,iBAAiB,EAAE,mBAAmB;IAC5E,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW;IAChF,aAAa,EAAE,UAAU,EAAE,uBAAuB,EAAE,UAAU,EAAE,SAAS;IACzE,cAAc,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,YAAY,EAAE,iBAAiB;CAC/E,CAAA;AAEV,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,eAAe,EAAE,UAAU,CAAU,CAAA;AAEzI,MAAM,cAAc,GAAG;IACrB,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,OAAO;IACpF,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW;IAC5E,eAAe,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe;IAC5E,WAAW,EAAE,gBAAgB,EAAE,YAAY;CACnC,CAAA;AAEV,MAAM,YAAY,GAAG;IACnB,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY;IACpF,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,WAAW;IACrF,eAAe,EAAE,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,WAAW;IACvF,gBAAgB,EAAE,YAAY;CACtB,CAAA;AAEV,MAAM,WAAW,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAU,CAAA;AAE/C,MAAM,UAAU,GAAG;IACjB,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa;IAC5E,eAAe,EAAE,UAAU,EAAE,cAAc,EAAE,cAAc,EAAE,YAAY,EAAE,aAAa;CAChF,CAAA;AAEV,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,OAAO,CAAU,CAAA;AAEnD,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,UAAU,CAAU,CAAA;AAErD,MAAM,eAAe,GAAG;IACtB,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS;IAClF,SAAS,EAAE,SAAS,EAAE,gBAAgB;CAC9B,CAAA;AAEV,MAAM,UAAU,GAAG;IACjB,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,aAAa;IAChF,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,eAAe;IAC7E,iBAAiB,EAAE,YAAY;CACvB,CAAA;AAEV,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE,YAAY,CAAU,CAAA;AAEzG,MAAM,YAAY,GAAG;IACnB,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,sBAAsB,EAAE,YAAY,EAAE,YAAY,EAAE,QAAQ;IACpF,OAAO,EAAE,aAAa,EAAE,YAAY;CAC5B,CAAA;AAEV,MAAM,YAAY,GAAG;IACnB,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,aAAa,EAAE,YAAY;CAC3F,CAAA;AAEV,MAAM,UAAU,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,YAAY,CAAU,CAAA;AAEhH,MAAM,SAAS,GAAG;IAChB,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,UAAU,EAAE,YAAY;IACrF,gBAAgB,EAAE,YAAY,EAAE,aAAa,EAAE,OAAO,EAAE,sBAAsB;CACtE,CAAA;AAEV,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,OAAO,CAAU,CAAA;AAEtE,MAAM,OAAO,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,YAAY,CAAU,CAAA;AAEpF,MAAM,eAAe,GAAG,CAAC,MAAM,CAAU,CAAA;AAEzC,MAAM,SAAS,GAAG;IAChB,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,OAAO;IACjF,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,UAAU,EAAE,gBAAgB;CAC5E,CAAA;AAEV,MAAM,mBAAmB,GAAG;IAC1B,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa;IACnF,YAAY,EAAE,cAAc,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,EAAE,WAAW;IAClF,gBAAgB;CACR,CAAA;AAEV,MAAM,gBAAgB,GAAG;IACvB,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW;IACxF,eAAe,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,WAAW,EAAE,eAAe,EAAE,aAAa;CACpF,CAAA;AAEV,MAAM,eAAe,GAAG;IACtB,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY;IACrF,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU;IACtF,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,eAAe;CAC1E,CAAA;AAEV,MAAM,YAAY,GAAG;IACnB,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,OAAO,EAAE,YAAY;IAC5F,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU;IACvF,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,KAAK;CAC1C,CAAA;AAEV,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,CAAU,CAAA;AAE3F,MAAM,oBAAoB,GAAG;IAC3B,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU;IACnE,aAAa,EAAE,iBAAiB,EAAE,YAAY,EAAE,aAAa,EAAE,cAAc;IAC7E,oBAAoB;CACZ,CAAA;AAEV,MAAM,oBAAoB,GAAG,CAAC,GAAG,oBAAoB,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,CAAU,CAAA;AACxH,MAAM,wBAAwB,GAAG,CAAC,GAAG,oBAAoB,EAAE,SAAS,CAAU,CAAA;AAC9E,MAAM,qBAAqB,GAAG,CAAC,GAAG,oBAAoB,EAAE,SAAS,EAAE,iBAAiB,CAAU,CAAA;AAC9F,MAAM,wBAAwB,GAAG,CAAC,GAAG,oBAAoB,EAAE,SAAS,EAAE,iBAAiB,CAAU,CAAA;AACjG,MAAM,sBAAsB,GAAG,CAAC,GAAG,oBAAoB,CAAU,CAAA;AAEjE;;;;;;;GAOG;AACH,MAAM,mBAAmB,GAAG;IAC1B,GAAG,oBAAoB;IACvB,aAAa,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY;IACrE,SAAS,EAAiD,gBAAgB;IAC1E,SAAS,EAAE,iBAAiB,EAA6B,mBAAmB;CACpE,CAAA;AAEV,MAAM,iBAAiB,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,CAAU,CAAA;AAEjG,MAAM,QAAQ,GAAG;IACf,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,eAAe;IACjF,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY;CAC1E,CAAA;AAEV,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,CAAU,CAAA;AAE5H,MAAM,gBAAgB,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,YAAY,CAAU,CAAA;AAE9H,MAAM,eAAe,GAAG,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAU,CAAA;AAExE,MAAM,eAAe,GAAG,CAAC,cAAc,EAAE,eAAe,EAAE,aAAa,CAAU,CAAA;AA+CjF,iFAAiF;AAEjF,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,WAAW,EAAE,IAAI,GAAG,CAAC,cAAc,CAAC;IACpC,SAAS,EAAE,IAAI,GAAG,CAAC,YAAY,CAAC;IAChC,QAAQ,EAAE,IAAI,GAAG,CAAC,WAAW,CAAC;IAC9B,OAAO,EAAE,IAAI,GAAG,CAAC,UAAU,CAAC;IAC5B,OAAO,EAAE,IAAI,GAAG,CAAC,UAAU,CAAC;IAC5B,KAAK,EAAE,IAAI,GAAG,CAAC,QAAQ,CAAC;IACxB,SAAS,EAAE,IAAI,GAAG,CAAC,YAAY,CAAC;IAChC,SAAS,EAAE,IAAI,GAAG,CAAC,YAAY,CAAC;IAChC,OAAO,EAAE,IAAI,GAAG,CAAC,UAAU,CAAC;IAC5B,MAAM,EAAE,IAAI,GAAG,CAAC,SAAS,CAAC;IAC1B,IAAI,EAAE,IAAI,GAAG,CAAC,OAAO,CAAC;IACtB,YAAY,EAAE,IAAI,GAAG,CAAC,eAAe,CAAC;IACtC,MAAM,EAAE,IAAI,GAAG,CAAC,SAAS,CAAC;IAC1B,gBAAgB,EAAE,IAAI,GAAG,CAAC,mBAAmB,CAAC;IAC9C,YAAY,EAAE,IAAI,GAAG,CAAC,eAAe,CAAC;IACtC,KAAK,EAAE,IAAI,GAAG,CAAC,QAAQ,CAAC;IACxB,WAAW,EAAE,IAAI,GAAG,CAAC,cAAc,CAAC;IACpC,SAAS,EAAE,IAAI,GAAG,CAAC,YAAY,CAAC;IAChC,SAAS,EAAE,IAAI,GAAG,CAAC,YAAY,CAAC;IAChC,cAAc,EAAE,IAAI,GAAG,CAAC,iBAAiB,CAAC;IAC1C,aAAa,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC;IACxC,YAAY,EAAE,IAAI,GAAG,CAAC,mBAAmB,CAAC;CAClC,CAAA;AAEV;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAGjC;IACF,IAAI,EAAE,IAAI,GAAG,CAAC,oBAAoB,CAAC;IACnC,QAAQ,EAAE,IAAI,GAAG,CAAC,wBAAwB,CAAC;IAC3C,KAAK,EAAE,IAAI,GAAG,CAAC,qBAAqB,CAAC;IACrC,QAAQ,EAAE,IAAI,GAAG,CAAC,wBAAwB,CAAC;IAC3C,MAAM,EAAE,IAAI,GAAG,CAAC,sBAAsB,CAAC;CACxC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,UAAU,EAAE,IAAI,GAAG,CAAC,QAAQ,CAAC;IAC7B,UAAU,EAAE,IAAI,GAAG,CAAC,aAAa,CAAC;IAClC,YAAY,EAAE,IAAI,GAAG,CAAC,eAAe,CAAC;IACtC,WAAW,EAAE,IAAI,GAAG,CAAC,cAAc,CAAC;IACpC,YAAY,EAAE,IAAI,GAAG,CAAC,eAAe,CAAC;IACtC,WAAW,EAAE,IAAI,GAAG,CAAC,cAAc,CAAC;IACpC,aAAa,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC;IACxC,YAAY,EAAE,IAAI,GAAG,CAAC,eAAe,CAAC;IACtC,YAAY,EAAE,IAAI,GAAG,CAAC,eAAe,CAAC;CAC9B,CAAA"}

package/dist/assets/index.d.ts

@@ -13,7 +13,7 @@ export { assertPathAllowed } from './security/path-allowlist.js';
 export { normalizeIpv4Hostname } from './security/ipv4-normalize.js';
 export { resolveAndValidateUrl, assertSafeUrl, type ResolvedSafeUrl, } from './security/url-validation.js';
 export { fetchWithTimeout } from './security/fetch.js';
-export { sanitizeSvg } from './svg/sanitize.js';
+export { sanitizeSvg, SVG_MAX_BYTES, MAX_SVG_ELEMENTS } from './svg/sanitize.js';
 export { VECTOR_RASTER_CONCURRENCY } from './loaders/vectors.js';
 export { loadImages } from './loaders/orchestrator.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/assets/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/assets/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAA;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;AACpE,OAAO,EACL,qBAAqB,EACrB,aAAa,EACb,KAAK,eAAe,GACrB,MAAM,8BAA8B,CAAA;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC/C,OAAO,EAAE,yBAAyB,EAAE,MAAM,sBAAsB,CAAA;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/assets/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAA;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;AACpE,OAAO,EACL,qBAAqB,EACrB,aAAa,EACb,KAAK,eAAe,GACrB,MAAM,8BAA8B,CAAA;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AACtD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AAChF,OAAO,EAAE,yBAAyB,EAAE,MAAM,sBAAsB,CAAA;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA"}

package/dist/assets/index.js

@@ -13,7 +13,7 @@ export { assertPathAllowed } from './security/path-allowlist.js';
 export { normalizeIpv4Hostname } from './security/ipv4-normalize.js';
 export { resolveAndValidateUrl, assertSafeUrl, } from './security/url-validation.js';
 export { fetchWithTimeout } from './security/fetch.js';
-export { sanitizeSvg } from './svg/sanitize.js';
+export { sanitizeSvg, SVG_MAX_BYTES, MAX_SVG_ELEMENTS } from './svg/sanitize.js';
 export { VECTOR_RASTER_CONCURRENCY } from './loaders/vectors.js';
 export { loadImages } from './loaders/orchestrator.js';
 //# sourceMappingURL=index.js.map

package/dist/assets/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/assets/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAA;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;AACpE,OAAO,EACL,qBAAqB,EACrB,aAAa,GAEd,MAAM,8BAA8B,CAAA;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC/C,OAAO,EAAE,yBAAyB,EAAE,MAAM,sBAAsB,CAAA;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/assets/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAA;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;AACpE,OAAO,EACL,qBAAqB,EACrB,aAAa,GAEd,MAAM,8BAA8B,CAAA;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AACtD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AAChF,OAAO,EAAE,yBAAyB,EAAE,MAAM,sBAAsB,CAAA;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA"}

package/dist/assets/svg/sanitize.d.ts

@@ -23,5 +23,7 @@
  */
 /** Maximum SVG string length (5 MB) — prevents ReDoS on oversized inputs. */
 export declare const SVG_MAX_BYTES: number;
+/** Maximum number of XML elements (open tags) — heuristic DoS guard for deeply nested SVGs. */
+export declare const MAX_SVG_ELEMENTS = 5000;
 export declare function sanitizeSvg(svg: string): string;
 //# sourceMappingURL=sanitize.d.ts.map

package/dist/assets/svg/sanitize.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sanitize.d.ts","sourceRoot":"","sources":["../../../src/assets/svg/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,6EAA6E;AAC7E,eAAO,MAAM,aAAa,QAAkB,CAAA;AAE5C,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAsC/C"}
+{"version":3,"file":"sanitize.d.ts","sourceRoot":"","sources":["../../../src/assets/svg/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAIH,6EAA6E;AAC7E,eAAO,MAAM,aAAa,QAAkB,CAAA;AAE5C,+FAA+F;AAC/F,eAAO,MAAM,gBAAgB,OAAO,CAAA;AAEpC,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAmE/C"}

package/dist/assets/svg/sanitize.js

@@ -21,19 +21,41 @@
  * `dist/assets.js` consumers (test/svg-sanitizer.test.ts, the snapshot
  * tripwire) keep working unchanged.
  */
+import { PretextPdfError } from '../../errors.js';
 /** Maximum SVG string length (5 MB) — prevents ReDoS on oversized inputs. */
 export const SVG_MAX_BYTES = 5 * 1024 * 1024;
+/** Maximum number of XML elements (open tags) — heuristic DoS guard for deeply nested SVGs. */
+export const MAX_SVG_ELEMENTS = 5000;
 export function sanitizeSvg(svg) {
-    // Skip regex passes on oversized strings — canvas will reject them anyway
-    if (svg.length > SVG_MAX_BYTES)
-        return svg;
+    // Guard oversized inputs — regex passes on 5 MB+ strings create ReDoS risk.
+    // Throw rather than pass through: an oversized SVG must never reach the
+    // rasterizer with unstripped script/event content intact.
+    if (svg.length > SVG_MAX_BYTES) {
+        throw new PretextPdfError('SVG_LOAD_FAILED', `SVG exceeds maximum size of ${SVG_MAX_BYTES} bytes (got ${svg.length})`);
+    }
+    // Heuristic element count guard — deeply nested SVGs can exhaust rasterizer
+    // memory. Count open tags as a cheap proxy. Throw rather than return raw:
+    // passing unsanitized content downstream is worse than rejecting the input.
+    const elementCount = (svg.match(/<[a-zA-Z]/g) ?? []).length;
+    if (elementCount > MAX_SVG_ELEMENTS) {
+        throw new PretextPdfError('SVG_LOAD_FAILED', `SVG exceeds maximum element count of ${MAX_SVG_ELEMENTS} (got ${elementCount})`);
+    }
     // Remove self-closing <script/> then paired <script>...</script> blocks
     let s = svg.replace(/<script\b[^>]*\/>/gi, '');
     s = s.replace(/<script[\s\S]*?<\/script>/gi, '');
     // Remove event handler attributes (onload, onclick, onerror, etc.)
-    s = s.replace(/\bon\w+\s*=\s*(?:"[^"]*"|'[^']*'|[^\s>]*)/gi, '');
-    // Remove <image> and <use> hrefs pointing to unsafe schemes
-    s = s.replace(/(<(?:image|use)\b[^>]*?)\s+(?:xlink:)?href\s*=\s*["'](?:file|data|javascript):[^"']*["']/gi, '$1');
+    // Use [\w\r\n\t ]+ for the name portion so that whitespace injected INSIDE the
+    // attribute name (e.g. on\nload=, on\tclick=) is also stripped. The original
+    // \w+ stopped at non-word chars, leaving split names unmatched. The \s* before
+    // = stays to catch normal spacing between the name and the assignment operator.
+    s = s.replace(/\bon[\w\r\n\t ]+\s*=\s*(?:"[^"]*"|'[^']*'|[^\s>]*)/gi, '');
+    // Strip any non-local href from <image> and <use>.
+    // Only fragment refs (#id) are safe in an embedded SVG — they point to elements
+    // within the same SVG document. Any external URL (https://, http://, //,
+    // file://, data:, javascript:, relative paths to disk files) would cause the
+    // SVG rasterizer to make an outbound network or filesystem request at render
+    // time — an SSRF-class vector. Deny everything that doesn't start with '#'.
+    s = s.replace(/(<(?:image|use)\b[^>]*?)\s+(?:xlink:)?href\s*=\s*["'](?!#)[^"']*["']/gi, '$1');
     // v1.6.0: strip <foreignObject> entirely — it's an HTML escape hatch and
     // the only XML-in-SVG construct that can host arbitrary tags.
     s = s.replace(/<foreignObject\b[^>]*\/>/gi, '');
@@ -42,10 +64,19 @@ export function sanitizeSvg(svg) {
     // Drop only the attribute, not the whole <a>, so the surrounding text content
     // (children of <a>) still renders.
     s = s.replace(/\s+(?:xlink:)?href\s*=\s*["'](?:javascript|vbscript|data):[^"']*["']/gi, '');
-    // v1.6.0: strip CSS expression(...) inside <style> blocks. Replace just the
-    // expression call with an empty string so the surrounding stylesheet stays
-    // parseable.
-    s = s.replace(/expression\s*\([^)]*\)/gi, '');
+    // v1.6.0: strip CSS expression(...) inside <style> blocks.
+    // Multi-pass to handle nested parens. Each pass strips expression() calls
+    // whose arguments contain at most one level of paren nesting — e.g.
+    // expression(alert(1)) and expression(eval(x)) are handled in one pass.
+    // Deeper nesting (e.g. expression(f(g(x)))) unwinds over multiple passes:
+    // the innermost expression()-shaped call is consumed first, then the outer.
+    // Pattern: (?:[^()]*|\([^()]*\))* matches argument content with one level
+    // of inner parens — e.g. "alert(1)" = [^()]* + \([^()]*\) + [^()]*.
+    let prev;
+    do {
+        prev = s;
+        s = s.replace(/expression\s*\((?:[^()]*|\([^()]*\))*\)/gi, '');
+    } while (s !== prev);
     // v1.7.1: strip @import rules — SVGs embedded in PDFs have no business
     // importing external stylesheets; also an outbound network-leak vector.
     s = s.replace(/@import\s+[^;{}]*/gi, '');

package/dist/assets/svg/sanitize.js.map

@@ -1 +1 @@
-{"version":3,"file":"sanitize.js","sourceRoot":"","sources":["../../../src/assets/svg/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,6EAA6E;AAC7E,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAA;AAE5C,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,0EAA0E;IAC1E,IAAI,GAAG,CAAC,MAAM,GAAG,aAAa;QAAE,OAAO,GAAG,CAAA;IAC1C,wEAAwE;IACxE,IAAI,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAA;IAC9C,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,6BAA6B,EAAE,EAAE,CAAC,CAAA;IAChD,mEAAmE;IACnE,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,6CAA6C,EAAE,EAAE,CAAC,CAAA;IAChE,4DAA4D;IAC5D,CAAC,GAAG,CAAC,CAAC,OAAO,CACX,4FAA4F,EAC5F,IAAI,CACL,CAAA;IACD,yEAAyE;IACzE,8DAA8D;IAC9D,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,4BAA4B,EAAE,EAAE,CAAC,CAAA;IAC/C,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,2CAA2C,EAAE,EAAE,CAAC,CAAA;IAC9D,qEAAqE;IACrE,8EAA8E;IAC9E,mCAAmC;IACnC,CAAC,GAAG,CAAC,CAAC,OAAO,CACX,wEAAwE,EACxE,EAAE,CACH,CAAA;IACD,4EAA4E;IAC5E,2EAA2E;IAC3E,aAAa;IACb,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,0BAA0B,EAAE,EAAE,CAAC,CAAA;IAC7C,uEAAuE;IACvE,wEAAwE;IACxE,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAA;IACxC,2EAA2E;IAC3E,2DAA2D;IAC3D,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,kEAAkE,EAAE,EAAE,CAAC,CAAA;IACrF,2EAA2E;IAC3E,oEAAoE;IACpE,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,gDAAgD,EAAE,EAAE,CAAC,CAAA;IACnE,OAAO,CAAC,CAAA;AACV,CAAC"}
+{"version":3,"file":"sanitize.js","sourceRoot":"","sources":["../../../src/assets/svg/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAEjD,6EAA6E;AAC7E,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAA;AAE5C,+FAA+F;AAC/F,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,CAAA;AAEpC,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,4EAA4E;IAC5E,wEAAwE;IACxE,0DAA0D;IAC1D,IAAI,GAAG,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC;QAC/B,MAAM,IAAI,eAAe,CAAC,iBAAiB,EAAE,+BAA+B,aAAa,eAAe,GAAG,CAAC,MAAM,GAAG,CAAC,CAAA;IACxH,CAAC;IACD,4EAA4E;IAC5E,0EAA0E;IAC1E,4EAA4E;IAC5E,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAA;IAC3D,IAAI,YAAY,GAAG,gBAAgB,EAAE,CAAC;QACpC,MAAM,IAAI,eAAe,CAAC,iBAAiB,EAAE,wCAAwC,gBAAgB,SAAS,YAAY,GAAG,CAAC,CAAA;IAChI,CAAC;IACD,wEAAwE;IACxE,IAAI,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAA;IAC9C,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,6BAA6B,EAAE,EAAE,CAAC,CAAA;IAChD,mEAAmE;IACnE,+EAA+E;IAC/E,6EAA6E;IAC7E,+EAA+E;IAC/E,gFAAgF;IAChF,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,sDAAsD,EAAE,EAAE,CAAC,CAAA;IACzE,mDAAmD;IACnD,gFAAgF;IAChF,yEAAyE;IACzE,6EAA6E;IAC7E,6EAA6E;IAC7E,4EAA4E;IAC5E,CAAC,GAAG,CAAC,CAAC,OAAO,CACX,wEAAwE,EACxE,IAAI,CACL,CAAA;IACD,yEAAyE;IACzE,8DAA8D;IAC9D,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,4BAA4B,EAAE,EAAE,CAAC,CAAA;IAC/C,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,2CAA2C,EAAE,EAAE,CAAC,CAAA;IAC9D,qEAAqE;IACrE,8EAA8E;IAC9E,mCAAmC;IACnC,CAAC,GAAG,CAAC,CAAC,OAAO,CACX,wEAAwE,EACxE,EAAE,CACH,CAAA;IACD,2DAA2D;IAC3D,0EAA0E;IAC1E,oEAAoE;IACpE,wEAAwE;IACxE,0EAA0E;IAC1E,4EAA4E;IAC5E,0EAA0E;IAC1E,oEAAoE;IACpE,IAAI,IAAY,CAAA;IAChB,GAAG,CAAC;QACF,IAAI,GAAG,CAAC,CAAA;QACR,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,2CAA2C,EAAE,EAAE,CAAC,CAAA;IAChE,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAC;IACpB,uEAAuE;IACvE,wEAAwE;IACxE,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAA;IACxC,2EAA2E;IAC3E,2DAA2D;IAC3D,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,kEAAkE,EAAE,EAAE,CAAC,CAAA;IACrF,2EAA2E;IAC3E,oEAAoE;IACpE,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,gDAAgD,EAAE,EAAE,CAAC,CAAA;IACnE,OAAO,CAAC,CAAA;AACV,CAAC"}

package/dist/builder.js

@@ -5,7 +5,7 @@
  * Accumulates ContentElement[] and delegates final rendering to render().
  */
 import { runPipeline } from './pipeline.js';
-import { applyPostProcessing } from './post-process.js';
+import { applyPostProcessing } from './signing/index.js';
 /**
  * Create a new PDF document using the fluent builder API.
  *