siarashield_workspace 0.0.24 → 0.0.26

package/README.md

@@ -1,6 +1,6 @@
-# `siarashield_workspace`
+## `siarashield_workspace`
 
-Simple Angular integration for CyberSiara SiaraShield captcha.
+Angular integration for CyberSiara **SiaraShield** captcha.
 
 ## Angular compatibility
 
@@ -10,17 +10,32 @@ Simple Angular integration for CyberSiara SiaraShield captcha.
   - `@angular/core >=16.0.0 <22.0.0`
   - `@angular/common >=16.0.0 <22.0.0`
 
-## 1) Install
+## Install
 
 ```bash
 npm i siarashield_workspace
 ```
 
-## 2) Get keys
+## Quick setup (6 steps)
 
-Get your public/private keys from <a href="https://mycybersiara.com" target="_blank" rel="noopener noreferrer">mycybersiara.com</a>.
+Use these steps for a fast Angular setup (function API flow).
 
-## 3) Put keys in correct place
+1. Install package: `npm i siarashield_workspace`.
+2. Add HTML in your form template:
+   - `<div class="SiaraShield"></div>`
+   - `<button type="submit" class="CaptchaSubmit" (click)="onSubmit()">Submit</button>`
+3. Put public key in Angular environment (never expose private key in frontend).
+4. Initialize captcha in component with `initSiaraShield({ publicKey, cspNonce })`.
+5. On submit, call `checkSiaraShieldCaptcha()` first.
+6. Call your API only when captcha is successful (`result.ok === true`).
+
+If you prefer Angular component usage, see **Recommended: use the Angular component (easiest)** below.
+
+## Get your keys
+
+Get your public and private keys from <a href="https://mycybersiara.com" target="_blank" rel="noopener noreferrer">mycybersiara.com</a>.
+
+## Put keys in the right place
 
 - **Frontend (Angular):** public key only
 - **Backend (.env):** private key only
@@ -39,38 +54,94 @@ Backend `.env` example:
 SIARASHIELD_PRIVATE_KEY=YOUR-PRIVATE-KEY
 ```
 
-Do not place the private key in Angular environment files, templates, or browser code.
+Never place the private key in Angular environment files, templates, or browser code.
 
-## 4) Add captcha container in template
+## Recommended: use the Angular component (easiest)
+
+### 1) Add the component to your template
 
 ```html
-<div class="SiaraShield"></div>
+<siara-shield
+  [publicKey]="environment.siaraShieldPublicKey"
+  [cspNonce]="cspNonce"
+  (token)="onCaptchaToken($event)"
+></siara-shield>
+
+<button type="submit" class="CaptchaSubmit" (click)="onSubmit()">Submit</button>
 ```
 
-Add the `CaptchaSubmit` class to your submit button:
+### 2) Copy-paste TypeScript
 
-```html
-<button class="CaptchaSubmit"></button>
+```ts
+import { Component, ViewChild } from '@angular/core';
+import { environment } from '../environments/environment';
+import { SiaraShieldComponent } from 'siarashield_workspace';
+
+@Component({
+  selector: 'app-form',
+  standalone: true,
+  imports: [SiaraShieldComponent],
+  templateUrl: './form.component.html',
+})
+export class FormComponent {
+  protected readonly environment = environment;
+
+  // Recommended: set from server (see CSP section)
+  protected readonly cspNonce = (window as any).__cspNonce as string | undefined;
+
+  @ViewChild(SiaraShieldComponent) private readonly captcha?: SiaraShieldComponent;
+
+  onCaptchaToken(token: string) {
+    // Optional: use token immediately if needed
+    console.log('SiaraShield token:', token);
+  }
+
+  async onSubmit() {
+    const ok = await this.captcha?.checkCaptchaAsync();
+    if (!ok) {
+      console.log('Captcha not completed yet');
+      return;
+    }
+
+    // When ok=true, token is available in global state and from (token) output.
+    alert('Form submitted successfully');
+  }
+}
 ```
 
-## 5) Add TypeScript integration (copy-paste)
+Notes:
+
+- If you already load jQuery in your app, set `[loadJQuery]="false"` on the component.
+- Keep `class="CaptchaSubmit"` on your submit button (required by vendor flow).
+- The component renders the required captcha container (`<div class="SiaraShield"></div>`) internally at that position in the template.
+- Vendor debug logs are suppressed by default. Set `[allowVendorConsoleLogs]="true"` only while debugging.
+
+## Alternative: function API (when you cannot use the component)
 
-You can integrate SiaraShield into any form component, including Login, Contact Us, Signup, Forgot Password, and Lead Form screens.
+Template for function API:
+
+```html
+<div class="SiaraShield"></div>
+<button type="submit" class="CaptchaSubmit" (click)="onSubmit()">Submit</button>
+```
 
 ```ts
-import { OnInit } from '@angular/core';
 import { environment } from '../environments/environment';
 import { initSiaraShield, checkSiaraShieldCaptcha } from 'siarashield_workspace';
 
-export class FormComponent implements OnInit {
+export class FormComponent {
   ngOnInit() {
-    this.initializeCaptcha();
+    // Angular does not wait for async lifecycle hooks.
+    // Use void to run async init without blocking render.
+    void this.initializeCaptcha();
   }
 
-  initializeCaptcha() {
-    initSiaraShield({
+  private async initializeCaptcha() {
+    await initSiaraShield({
       publicKey: environment.siaraShieldPublicKey,
       cspNonce: (window as any).__cspNonce || undefined,
+      // Optional: set true only while debugging vendor/runtime internals.
+      allowVendorConsoleLogs: false,
     });
   }
 
@@ -88,15 +159,15 @@ export class FormComponent implements OnInit {
 }
 ```
 
-Keep your submit API logic inside the successful captcha branch.
+Keep submit API logic inside the successful captcha branch.
 
-If your frontend reads the nonce from the DOM instead of `window`, you can reuse the nonce from an existing script tag:
+If your frontend reads nonce from the DOM instead of `window`, reuse nonce from an existing script tag:
 
 ```ts
 const nonce = document.querySelector('script[nonce]')?.getAttribute('nonce') || undefined;
 ```
 
-The nonce must be generated on the server for each request. The plugin NEVER generates a nonce in the browser.
+The nonce must be generated on the server for each request. The package NEVER generates a nonce in the browser.
 
 ## CSP Compliance (Important)
 
@@ -105,13 +176,71 @@ Inline scripts are blocked by CSP unless you allow them with a nonce or a hash.
 For strict CSP deployments:
 
 - Generate the nonce on the server for each request.
-- Use the SAME nonce in the `Content-Security-Policy` header.
-- Use the SAME nonce on the `<script>` tag that loads your Angular app or any direct SiaraShield resource.
-- Use the SAME nonce in `initSiaraShield({ cspNonce: ... })`.
-- The plugin NEVER generates a nonce in the browser.
+- Use the same nonce in the `Content-Security-Policy` header.
+- Use the same nonce on the `<script>` tag that loads your Angular app or any direct SiaraShield resource.
+- Use the same nonce in `initSiaraShield({ cspNonce: ... })`.
+- The package NEVER generates a nonce in the browser.
 - If a valid CSP nonce is required but not provided, browsers will block script execution and the captcha will fail to load.
 
-Safe CSP example:
+### Production copy-paste policy (recommended for easiest client integration)
+
+Use this when you want a client-safe setup that avoids popup close issues with current vendor runtime.
+
+```html
+<meta http-equiv="Content-Security-Policy" content="
+  default-src 'self';
+  script-src 'self' 'unsafe-inline' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
+  script-src-elem 'self' 'nonce-SIARASHIELD_NONCE' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
+  connect-src 'self' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
+  style-src 'self' https://embed.mycybersiara.com https://mycybersiara.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline';
+  font-src 'self' https://fonts.gstatic.com https://mycybersiara.com https://cdnjs.cloudflare.com data:;
+  img-src 'self' data: https://embed.mycybersiara.com https://embedcdn.mycybersiara.com https://mycybersiara.com;
+">
+
+<script nonce="SIARASHIELD_NONCE">
+  window.__cspNonce = "SIARASHIELD_NONCE";
+</script>
+<script nonce="SIARASHIELD_NONCE" src="https://embedcdn.mycybersiara.com/capcha-temple/js/jquery.min.js"></script>
+<script nonce="SIARASHIELD_NONCE" src="https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js"></script>
+```
+
+If your backend uses helper functions, generate compatibility policy like this:
+
+```ts
+import { getSiaraShieldCspPolicy } from 'siarashield_workspace';
+
+const csp = getSiaraShieldCspPolicy({
+  nonce: 'SIARASHIELD_NONCE',
+  includeUnsafeInlineScript: true,
+  includeUnsafeInlineStyle: true,
+});
+```
+
+### Strict copy-paste quick test (advanced, static nonce for local verification only)
+
+Use this only for local or staging validation. In production, replace `siarashield-example-nonce` with a server-generated nonce per request.
+
+```html
+<script nonce="siarashield-example-nonce">
+  window.__cspNonce = "siarashield-example-nonce";
+</script>
+<script nonce="siarashield-example-nonce" src="https://embedcdn.mycybersiara.com/capcha-temple/js/jquery.min.js"></script>
+<script nonce="siarashield-example-nonce" src="https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="
+  default-src 'self';
+  script-src 'self' 'nonce-siarashield-example-nonce' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
+  script-src-elem 'self' 'nonce-siarashield-example-nonce' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
+  connect-src 'self' https://embed.mycybersiara.com https://embedcdn.mycybersiara.com;
+  style-src 'self' https://embed.mycybersiara.com https://mycybersiara.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline';
+  font-src 'self' https://fonts.gstatic.com https://mycybersiara.com https://cdnjs.cloudflare.com data:;
+  img-src 'self' data: https://embed.mycybersiara.com https://embedcdn.mycybersiara.com https://mycybersiara.com;
+">
+```
+
+### Strict production CSP policy (advanced)
+
+In production, send CSP as an HTTP response header and inject the same nonce value into script tags and `initSiaraShield({ cspNonce })`.
 
 ```http
 default-src 'self';
@@ -123,15 +252,25 @@ font-src 'self' https://fonts.gstatic.com https://mycybersiara.com https://cdnjs
 img-src 'self' data: https://embed.mycybersiara.com https://embedcdn.mycybersiara.com https://mycybersiara.com;
 ```
 
-Example using the same server-generated nonce in a script tag:
+Example with the same server-generated nonce in script tags:
 
 ```html
-<script nonce="YOUR_NONCE" src="https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js"></script>
+<script nonce="SIARASHIELD_NONCE">
+  window.__cspNonce = "SIARASHIELD_NONCE";
+</script>
+<script nonce="SIARASHIELD_NONCE" src="https://embedcdn.mycybersiara.com/capcha-temple/js/jquery.min.js"></script>
+<script nonce="SIARASHIELD_NONCE" src="https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js"></script>
 ```
 
-If your Angular app initializes SiaraShield from the main application bundle, that bundle's `<script>` tag must use the same nonce value that appears in the CSP header.
+If your Angular app initializes SiaraShield from the main application bundle, that bundle `<script>` tag must use the same nonce as the CSP header.
+
+`getSiaraShieldCspPolicy()` and `mergeSiaraShieldCspPolicy()` only generate a baseline CSP string. These helpers do not inject a nonce and do not apply headers. The server must inject the nonce and must apply the final `Content-Security-Policy` header.
 
-`getSiaraShieldCspPolicy()` and `mergeSiaraShieldCspPolicy()` only generate a baseline CSP string. These helpers do not inject a nonce and do not apply headers. The server must inject the nonce and must apply the final `Content-Security-Policy` header. The generated policy must always be reviewed before production use.
+Notes:
+
+- CSP helpers default to strict policy (no `script-src 'unsafe-inline'`).
+- For easiest client integration, use the compatibility policy above (`includeUnsafeInlineScript: true`, `includeUnsafeInlineStyle: true`).
+- Generating a new nonce in the browser (or per function call) does not help. CSP nonce must match the value from server response headers for that page load.
 
 The package still works in environments without CSP or with relaxed policies. If your site uses a strict nonce-based CSP, passing the server-generated nonce is required.
 
@@ -143,8 +282,8 @@ The package still works in environments without CSP or with relaxed policies. If
 - The package also loads:
   - `https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js`
   - `https://embed.mycybersiara.com/CaptchaFormate/SiaraShield_Validation.js`
-- jQuery and the captcha bootstrap process may create script elements dynamically.
-- When `cspNonce` is provided, all dynamically created script elements created by this package are assigned that nonce.
+- jQuery and the captcha bootstrap process may create script elements dynamically (including via HTML strings / DOM fragments).
+- When `cspNonce` is provided, dynamically inserted `<script>` elements are assigned that nonce (including scripts inserted indirectly through DOM manipulation).
 - This is required for compatibility with strict nonce-based CSP policies.
 - If a valid CSP nonce is required but not passed, browsers will block those script loads and the captcha will fail to initialize.
 - If your app already loads jQuery, set `loadJQuery: false`.
@@ -152,11 +291,25 @@ The package still works in environments without CSP or with relaxed policies. If
 
 ## Quick troubleshooting
 
-- Captcha not visible -> confirm `<div class="SiaraShield"></div>` is present.
-- `CheckCaptcha` not available -> ensure `initSiaraShield(...)` ran and CSP allows the required hosts.
-- CSP error in console -> confirm the same server-generated nonce is present in the CSP header, the bootstrapping `<script>` tag, and `initSiaraShield(...)`.
+- Captcha not visible:
+  - If you use `<siara-shield ...>`, confirm the component is rendered (no `*ngIf` hiding it) and the page has finished loading scripts.
+  - If you use the function API, confirm your template contains `<div class="SiaraShield"></div>`.
+  - Confirm your submit button has `class="CaptchaSubmit"`.
+- `CheckCaptcha` not available:
+  - Ensure initialization completed (for the function API: `await initSiaraShield(...)`).
+  - Ensure CSP allows the required hosts and the correct nonce is used.
+- CSP error in console:
+  - Confirm the same **server-generated nonce** is present in CSP header, bootstrapping `<script>` tag, and initialization (`cspNonce`).
 - Token empty -> check browser console and network calls after clicking submit.
 
+## Final checklist (customer handover)
+
+- Public key is in frontend; private key stays only on backend.
+- Submit button includes `class="CaptchaSubmit"`.
+- Captcha container exists (component tag or `<div class="SiaraShield"></div>` for function API).
+- Same nonce value is used in CSP header, script tags, and `initSiaraShield({ cspNonce })`.
+- Captcha check runs before API call.
+
 ## Build and pack (library maintainers)
 
 ```bash

package/fesm2022/siarashield_workspace.mjs

@@ -9,6 +9,50 @@ function getInitCaptchaFn(g) {
     return g.initCaptcha ?? g.InitCaptcha;
 }
 
+const CONSOLE_PATCH_STATE_KEY = '__siaraShieldConsolePatchState__';
+const DEFAULT_SUPPRESS_WINDOW_MS = 2000;
+function getConsolePatchState() {
+    const globalState = globalThis;
+    if (!globalState[CONSOLE_PATCH_STATE_KEY]) {
+        globalState[CONSOLE_PATCH_STATE_KEY] = {
+            depth: 0,
+            originalLog: console.log.bind(console),
+            originalInfo: console.info.bind(console),
+            originalWarn: console.warn.bind(console),
+            originalDebug: console.debug.bind(console),
+        };
+    }
+    return globalState[CONSOLE_PATCH_STATE_KEY];
+}
+function muteConsole() {
+    const patchState = getConsolePatchState();
+    patchState.depth += 1;
+    if (patchState.depth > 1)
+        return;
+    console.log = () => undefined;
+    console.info = () => undefined;
+    console.warn = () => undefined;
+    console.debug = () => undefined;
+}
+function unmuteConsole() {
+    const patchState = getConsolePatchState();
+    if (patchState.depth === 0)
+        return;
+    patchState.depth -= 1;
+    if (patchState.depth > 0)
+        return;
+    console.log = patchState.originalLog;
+    console.info = patchState.originalInfo;
+    console.warn = patchState.originalWarn;
+    console.debug = patchState.originalDebug;
+}
+function suppressVendorConsoleWindow(windowMs = DEFAULT_SUPPRESS_WINDOW_MS) {
+    muteConsole();
+    setTimeout(() => {
+        unmuteConsole();
+    }, windowMs);
+}
+
 const SCRIPT_STATUS_BY_DOCUMENT = new WeakMap();
 const SCRIPT_PENDING_BY_DOCUMENT = new WeakMap();
 const DYNAMIC_SCRIPT_NONCE_STATE_KEY = '__siaraShieldDynamicScriptNonceState__';
@@ -33,6 +77,7 @@ function getDynamicScriptNoncePatchState() {
     if (!globalState[DYNAMIC_SCRIPT_NONCE_STATE_KEY]) {
         globalState[DYNAMIC_SCRIPT_NONCE_STATE_KEY] = {
             nonceByDocument: new WeakMap(),
+            observerByDocument: new WeakMap(),
             patched: false,
         };
     }
@@ -64,6 +109,50 @@ function applyTrackedNonce(node) {
     const nonce = getDynamicScriptNoncePatchState().nonceByDocument.get(documentRef);
     applyScriptNonce(node, nonce);
 }
+function walkAndApplyNonce(root, nonce) {
+    if (!nonce)
+        return;
+    // Fast path: root itself is a script.
+    if (isScriptElement(root)) {
+        applyScriptNonce(root, nonce);
+        return;
+    }
+    // Common path for jQuery: append DocumentFragment containing scripts created via HTML parsing.
+    if (root instanceof Element || root instanceof DocumentFragment) {
+        const scripts = root.querySelectorAll?.('script') ?? [];
+        for (const script of scripts) {
+            applyScriptNonce(script, nonce);
+        }
+    }
+}
+function ensureNonceMutationObserver(documentRef) {
+    const patchState = getDynamicScriptNoncePatchState();
+    if (patchState.observerByDocument.get(documentRef)) {
+        return;
+    }
+    const observer = new MutationObserver((records) => {
+        const nonce = patchState.nonceByDocument.get(documentRef);
+        if (!nonce)
+            return;
+        for (const record of records) {
+            for (const node of record.addedNodes) {
+                walkAndApplyNonce(node, nonce);
+            }
+        }
+    });
+    // Observe the full document because scripts can be injected into body/head by vendor/jQuery.
+    const root = documentRef.documentElement ?? documentRef;
+    observer.observe(root, { childList: true, subtree: true });
+    patchState.observerByDocument.set(documentRef, observer);
+}
+function teardownNonceMutationObserver(documentRef) {
+    const patchState = getDynamicScriptNoncePatchState();
+    const observer = patchState.observerByDocument.get(documentRef);
+    if (!observer)
+        return;
+    observer.disconnect();
+    patchState.observerByDocument.delete(documentRef);
+}
 function patchDynamicScriptInsertion() {
     const patchState = getDynamicScriptNoncePatchState();
     if (patchState.patched) {
@@ -105,9 +194,11 @@ function prepareScriptNonce(documentRef, explicitNonce) {
     patchDynamicScriptInsertion();
     if (resolvedNonce) {
         patchState.nonceByDocument.set(documentRef, resolvedNonce);
+        ensureNonceMutationObserver(documentRef);
     }
     else {
         patchState.nonceByDocument.delete(documentRef);
+        teardownNonceMutationObserver(documentRef);
     }
     return resolvedNonce;
 }
@@ -179,6 +270,7 @@ class SiaraShieldComponent {
     publicKey;
     loadJQuery = true;
     cspNonce;
+    allowVendorConsoleLogs = false;
     /**
      * Emits the current `CyberSiaraToken` right after a successful `checkCaptcha()`.
      */
@@ -189,7 +281,12 @@ class SiaraShieldComponent {
         this.loader = loader;
     }
     async ngAfterViewInit() {
-        await this.init({ publicKey: this.publicKey, loadJQuery: this.loadJQuery, cspNonce: this.cspNonce });
+        await this.init({
+            publicKey: this.publicKey,
+            loadJQuery: this.loadJQuery,
+            cspNonce: this.cspNonce,
+            allowVendorConsoleLogs: this.allowVendorConsoleLogs,
+        });
     }
     async init(options) {
         if (this.initialized)
@@ -215,6 +312,9 @@ class SiaraShieldComponent {
         if (!initCaptchaFn) {
             throw new Error('SiaraShield: InitCaptcha() is not available after loading scripts. Check whether CSP blocked vendor scripts or inline execution.');
         }
+        if (!options.allowVendorConsoleLogs) {
+            suppressVendorConsoleWindow();
+        }
         initCaptchaFn(options.publicKey);
         await this.waitForCheckCaptchaApi();
         this.initialized = true;
@@ -262,6 +362,9 @@ class SiaraShieldComponent {
         if (!g.CheckCaptcha) {
             throw new Error('SiaraShield: CheckCaptcha() is not available. Did init() run, and is CSP allowing the captcha scripts?');
         }
+        if (!this.allowVendorConsoleLogs) {
+            suppressVendorConsoleWindow();
+        }
         const ok = g.CheckCaptcha();
         if (ok && typeof g.CyberSiaraToken === 'string') {
             this.token.emit(g.CyberSiaraToken);
@@ -288,7 +391,7 @@ class SiaraShieldComponent {
         return false;
     }
     static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "21.2.5", ngImport: i0, type: SiaraShieldComponent, deps: [{ token: i0.ElementRef }, { token: SiaraShieldLoaderService }], target: i0.ɵɵFactoryTarget.Component });
-    static ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "14.0.0", version: "21.2.5", type: SiaraShieldComponent, isStandalone: true, selector: "siara-shield", inputs: { publicKey: "publicKey", loadJQuery: "loadJQuery", cspNonce: "cspNonce" }, outputs: { token: "token" }, ngImport: i0, template: `<div class="SiaraShield"></div>`, isInline: true, encapsulation: i0.ViewEncapsulation.None });
+    static ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "14.0.0", version: "21.2.5", type: SiaraShieldComponent, isStandalone: true, selector: "siara-shield", inputs: { publicKey: "publicKey", loadJQuery: "loadJQuery", cspNonce: "cspNonce", allowVendorConsoleLogs: "allowVendorConsoleLogs" }, outputs: { token: "token" }, ngImport: i0, template: `<div class="SiaraShield"></div>`, isInline: true, encapsulation: i0.ViewEncapsulation.None });
 }
 i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "21.2.5", ngImport: i0, type: SiaraShieldComponent, decorators: [{
             type: Component,
@@ -305,6 +408,8 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "21.2.5", ngImpor
                 type: Input
             }], cspNonce: [{
                 type: Input
+            }], allowVendorConsoleLogs: [{
+                type: Input
             }], token: [{
                 type: Output
             }] } });
@@ -379,6 +484,9 @@ async function initSiaraShield(options) {
         if (!initCaptchaFn) {
             throw new Error('SiaraShield: InitCaptcha() is not available after loading scripts. Check whether CSP blocked vendor scripts or inline execution.');
         }
+        if (!options.allowVendorConsoleLogs) {
+            suppressVendorConsoleWindow();
+        }
         initCaptchaFn(options.publicKey);
         await waitForCheckCaptchaApi();
         initialized = true;
@@ -394,11 +502,14 @@ async function initSiaraShield(options) {
  * Calls global `CheckCaptcha()` and returns its boolean result.
  * If successful, returns `{ ok: true, token?: string }`.
  */
-function checkSiaraShieldCaptcha() {
+function checkSiaraShieldCaptcha(options) {
     const g = getSiaraShieldGlobals();
     if (!g.CheckCaptcha) {
         throw new Error('SiaraShield: CheckCaptcha() is not available. Did initSiaraShield() run, and is CSP allowing the captcha scripts?');
     }
+    if (!options?.allowVendorConsoleLogs) {
+        suppressVendorConsoleWindow();
+    }
     const ok = g.CheckCaptcha();
     const token = typeof g.CyberSiaraToken === 'string' ? g.CyberSiaraToken : undefined;
     return ok ? { ok: true, token } : { ok: false };
@@ -475,8 +586,9 @@ function parsePolicy(policy) {
 }
 function getSiaraShieldCspDirectives(options) {
     const includeGoogleApis = options?.includeGoogleApis ?? false;
-    const includeUnsafeInlineScript = options?.includeUnsafeInlineScript ?? true;
-    const includeUnsafeInlineStyle = options?.includeUnsafeInlineStyle ?? true;
+    // Default to strict/safe CSP. Customers can explicitly opt-in if they accept the risk.
+    const includeUnsafeInlineScript = options?.includeUnsafeInlineScript ?? false;
+    const includeUnsafeInlineStyle = options?.includeUnsafeInlineStyle ?? false;
     const nonce = nonceSource(options?.nonce);
     const scriptHosts = includeGoogleApis ? [...SCRIPT_HOSTS, ...OPTIONAL_SCRIPT_HOSTS] : [...SCRIPT_HOSTS];
     return {

package/fesm2022/siarashield_workspace.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"siarashield_workspace.mjs","sources":["../../../projects/siarashield-workspace/src/lib/siara-shield.globals.ts","../../../projects/siarashield-workspace/src/lib/siara-shield-script-utils.ts","../../../projects/siarashield-workspace/src/lib/siara-shield-loader.service.ts","../../../projects/siarashield-workspace/src/lib/siara-shield.component.ts","../../../projects/siarashield-workspace/src/lib/siara-shield.ts","../../../projects/siarashield-workspace/src/lib/siara-shield-csp.ts","../../../projects/siarashield-workspace/src/public-api.ts","../../../projects/siarashield-workspace/src/siarashield_workspace.ts"],"sourcesContent":["export type InitCaptchaFn = (publicKey: string) => void;\nexport type CheckCaptchaFn = () => boolean;\n\nexport interface SiaraShieldGlobals {\n  initCaptcha?: InitCaptchaFn;\n  InitCaptcha?: InitCaptchaFn;\n  CheckCaptcha?: CheckCaptchaFn;\n  AppendValidationJS?: () => void;\n  CyberSiaraToken?: string;\n  jQuery?: unknown;\n  $?: unknown;\n}\n\nexport function getSiaraShieldGlobals(): SiaraShieldGlobals {\n  return (globalThis as unknown as { [k: string]: unknown }) as SiaraShieldGlobals;\n}\n\nexport function getInitCaptchaFn(g: SiaraShieldGlobals): InitCaptchaFn | undefined {\n  return g.initCaptcha ?? g.InitCaptcha;\n}\n","type ScriptStatus = 'loading' | 'loaded' | 'error';\n\nexport interface ScriptLoadOptions {\n  nonce?: string;\n}\n\ninterface DynamicScriptNoncePatchState {\n  nonceByDocument: WeakMap<Document, string>;\n  patched: boolean;\n}\n\nconst SCRIPT_STATUS_BY_DOCUMENT = new WeakMap<Document, Map<string, ScriptStatus>>();\nconst SCRIPT_PENDING_BY_DOCUMENT = new WeakMap<Document, Map<string, Promise<void>>>();\nconst DYNAMIC_SCRIPT_NONCE_STATE_KEY = '__siaraShieldDynamicScriptNonceState__';\n\nfunction getStatusBySrc(documentRef: Document): Map<string, ScriptStatus> {\n  let statusBySrc = SCRIPT_STATUS_BY_DOCUMENT.get(documentRef);\n  if (!statusBySrc) {\n    statusBySrc = new Map<string, ScriptStatus>();\n    SCRIPT_STATUS_BY_DOCUMENT.set(documentRef, statusBySrc);\n  }\n\n  return statusBySrc;\n}\n\nfunction getPendingBySrc(documentRef: Document): Map<string, Promise<void>> {\n  let pendingBySrc = SCRIPT_PENDING_BY_DOCUMENT.get(documentRef);\n  if (!pendingBySrc) {\n    pendingBySrc = new Map<string, Promise<void>>();\n    SCRIPT_PENDING_BY_DOCUMENT.set(documentRef, pendingBySrc);\n  }\n\n  return pendingBySrc;\n}\n\nfunction getDynamicScriptNoncePatchState(): DynamicScriptNoncePatchState {\n  const globalState = globalThis as typeof globalThis & {\n    [DYNAMIC_SCRIPT_NONCE_STATE_KEY]?: DynamicScriptNoncePatchState;\n  };\n\n  if (!globalState[DYNAMIC_SCRIPT_NONCE_STATE_KEY]) {\n    globalState[DYNAMIC_SCRIPT_NONCE_STATE_KEY] = {\n      nonceByDocument: new WeakMap<Document, string>(),\n      patched: false,\n    };\n  }\n\n  return globalState[DYNAMIC_SCRIPT_NONCE_STATE_KEY];\n}\n\nfunction normalizeNonce(nonce?: string | null): string | undefined {\n  const trimmed = nonce?.trim();\n  return trimmed ? trimmed : undefined;\n}\n\nfunction isScriptElement(node: Node): node is HTMLScriptElement {\n  return node instanceof Element && node.tagName.toLowerCase() === 'script';\n}\n\nexport function applyScriptNonce(script: HTMLScriptElement, nonce?: string): void {\n  const resolvedNonce = normalizeNonce(nonce);\n  if (!resolvedNonce) {\n    return;\n  }\n\n  script.setAttribute('nonce', resolvedNonce);\n  script.nonce = resolvedNonce;\n}\n\nfunction applyTrackedNonce(node: Node): void {\n  if (!isScriptElement(node)) {\n    return;\n  }\n\n  const documentRef = node.ownerDocument;\n  if (!documentRef) {\n    return;\n  }\n\n  const nonce = getDynamicScriptNoncePatchState().nonceByDocument.get(documentRef);\n  applyScriptNonce(node, nonce);\n}\n\nfunction patchDynamicScriptInsertion(): void {\n  const patchState = getDynamicScriptNoncePatchState();\n  if (patchState.patched) {\n    return;\n  }\n\n  const originalAppendChild = Node.prototype.appendChild;\n  const originalInsertBefore = Node.prototype.insertBefore;\n  const originalReplaceChild = Node.prototype.replaceChild;\n\n  Node.prototype.appendChild = function <T extends Node>(node: T): T {\n    applyTrackedNonce(node);\n    return originalAppendChild.call(this, node) as T;\n  };\n\n  Node.prototype.insertBefore = function <T extends Node>(node: T, child: Node | null): T {\n    applyTrackedNonce(node);\n    return originalInsertBefore.call(this, node, child) as T;\n  };\n\n  Node.prototype.replaceChild = function <T extends Node>(node: Node, child: T): T {\n    applyTrackedNonce(node);\n    return originalReplaceChild.call(this, node, child) as T;\n  };\n\n  patchState.patched = true;\n}\n\nexport function resolveCspNonce(documentRef: Document, explicitNonce?: string): string | undefined {\n  const resolvedExplicitNonce = normalizeNonce(explicitNonce);\n  if (resolvedExplicitNonce) {\n    return resolvedExplicitNonce;\n  }\n\n  const scriptWithNonce = documentRef.querySelector<HTMLScriptElement>('script[nonce]');\n  const nonceFromScript = normalizeNonce(scriptWithNonce?.getAttribute('nonce') ?? scriptWithNonce?.nonce);\n  if (nonceFromScript) {\n    return nonceFromScript;\n  }\n\n  const nonceMeta = documentRef.querySelector<HTMLMetaElement>('meta[name=\"csp-nonce\"]');\n  return normalizeNonce(nonceMeta?.content);\n}\n\nexport function prepareScriptNonce(documentRef: Document, explicitNonce?: string): string | undefined {\n  const resolvedNonce = resolveCspNonce(documentRef, explicitNonce);\n  const patchState = getDynamicScriptNoncePatchState();\n\n  patchDynamicScriptInsertion();\n\n  if (resolvedNonce) {\n    patchState.nonceByDocument.set(documentRef, resolvedNonce);\n  } else {\n    patchState.nonceByDocument.delete(documentRef);\n  }\n\n  return resolvedNonce;\n}\n\nexport function loadScript(documentRef: Document, src: string, options?: ScriptLoadOptions): Promise<void> {\n  const nonce = prepareScriptNonce(documentRef, options?.nonce);\n  const statusBySrc = getStatusBySrc(documentRef);\n  const pendingBySrc = getPendingBySrc(documentRef);\n  const existing = documentRef.querySelector<HTMLScriptElement>(`script[src=\"${src}\"]`);\n\n  if (existing) {\n    applyScriptNonce(existing, nonce);\n    const status = statusBySrc.get(src);\n    if (status === 'loaded') {\n      return Promise.resolve();\n    }\n\n    const pending = pendingBySrc.get(src);\n    if (pending) {\n      return pending;\n    }\n\n    return Promise.resolve();\n  }\n\n  statusBySrc.set(src, 'loading');\n\n  const pending = new Promise<void>((resolve, reject) => {\n    const script = documentRef.createElement('script');\n    script.src = src;\n    script.async = true;\n    applyScriptNonce(script, nonce);\n    script.onload = () => {\n      statusBySrc.set(src, 'loaded');\n      pendingBySrc.delete(src);\n      resolve();\n    };\n    script.onerror = () => {\n      statusBySrc.set(src, 'error');\n      pendingBySrc.delete(src);\n      reject(new Error(`Failed to load script: ${src}. Check CSP allowlist and nonce configuration.`));\n    };\n    documentRef.head.appendChild(script);\n  });\n\n  pendingBySrc.set(src, pending);\n  return pending;\n}\n","import { DOCUMENT } from '@angular/common';\nimport { Inject, Injectable } from '@angular/core';\n\nimport { loadScript, type ScriptLoadOptions } from './siara-shield-script-utils';\n\n@Injectable({ providedIn: 'root' })\nexport class SiaraShieldLoaderService {\n  constructor(@Inject(DOCUMENT) private readonly document: Document) {}\n\n  loadScript(src: string, options?: ScriptLoadOptions): Promise<void> {\n    return loadScript(this.document, src, options);\n  }\n}\n","import { AfterViewInit, Component, ElementRef, EventEmitter, Input, Output, ViewEncapsulation } from '@angular/core';\nimport { SiaraShieldLoaderService } from './siara-shield-loader.service';\nimport { getInitCaptchaFn, getSiaraShieldGlobals } from './siara-shield.globals';\nimport { prepareScriptNonce } from './siara-shield-script-utils';\n\r\nconst JQUERY_FALLBACK_SRC = 'https://embedcdn.mycybersiara.com/capcha-temple/js/jquery.min.js';\nconst CAPTCHA_SCRIPT_SRC = 'https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js';\nconst VALIDATION_SCRIPT_SRC = 'https://embed.mycybersiara.com/CaptchaFormate/SiaraShield_Validation.js';\nconst CAPTCHA_READY_TIMEOUT_MS = 8000;\n\r\nexport interface SiaraShieldInitOptions {\r\n  /** SiaraShield public key. Use \"TEST-CYBERSIARA\" for staging/development. */\r\n  publicKey: string;\r\n  /** Loads jQuery before SiaraShield script. Default is true for easier integration. Set to false only if your page already includes jQuery. */\n  loadJQuery?: boolean;\n  /** CSP nonce for strict policies (`script-src 'nonce-...'`). Pair with `getSiaraShieldCspPolicy()`. */\n  cspNonce?: string;\n}\r\n\r\n@Component({\r\n  selector: 'siara-shield',\r\n  standalone: true,\r\n  template: `<div class=\"SiaraShield\"></div>`,\r\n  encapsulation: ViewEncapsulation.None,\r\n})\r\nexport class SiaraShieldComponent implements AfterViewInit {\n  @Input({ required: true }) publicKey!: string;\r\n  @Input() loadJQuery = true;\n  @Input() cspNonce?: string;\n\r\n  /**\r\n   * Emits the current `CyberSiaraToken` right after a successful `checkCaptcha()`.\r\n   */\r\n  @Output() token = new EventEmitter<string>();\r\n\r\n  private initialized = false;\r\n\r\n  constructor(\n    private readonly host: ElementRef<HTMLElement>,\n    private readonly loader: SiaraShieldLoaderService,\n  ) {}\n\r\n  async ngAfterViewInit(): Promise<void> {\r\n    await this.init({ publicKey: this.publicKey, loadJQuery: this.loadJQuery, cspNonce: this.cspNonce });\r\n  }\r\n\r\n  async init(options: SiaraShieldInitOptions): Promise<void> {\r\n    if (this.initialized) return;\r\n\r\n    // Ensure the host element is in DOM before scripts run.\r\n    void this.host.nativeElement;\r\n\r\n    if (!options.publicKey) {\n      throw new Error('SiaraShieldComponent: publicKey is required.');\n    }\n    const cspNonce = prepareScriptNonce(this.host.nativeElement.ownerDocument, options.cspNonce);\n\n    if ((options.loadJQuery ?? true) && !this.isJQueryAlreadyAvailable()) {\n      await this.loader.loadScript(JQUERY_FALLBACK_SRC, { nonce: cspNonce });\n    }\n\n    await this.loader.loadScript(CAPTCHA_SCRIPT_SRC, {\n      nonce: cspNonce,\n    });\n    await this.loader.loadScript(VALIDATION_SCRIPT_SRC, {\n      nonce: cspNonce,\n    });\n\n    const g = getSiaraShieldGlobals();\n    this.preventDuplicateValidationBootstrap(g);\n    const initCaptchaFn = getInitCaptchaFn(g);\n    if (!initCaptchaFn) {\n      throw new Error(\n        'SiaraShield: InitCaptcha() is not available after loading scripts. Check whether CSP blocked vendor scripts or inline execution.',\n      );\n    }\n\r\n    initCaptchaFn(options.publicKey);\r\n    await this.waitForCheckCaptchaApi();\r\n    this.initialized = true;\r\n  }\r\n\r\n  /**\r\n   * Detect preloaded jQuery from global object or an existing script tag.\r\n   */\r\n  private isJQueryAlreadyAvailable(): boolean {\r\n    const g = getSiaraShieldGlobals();\r\n    if (typeof g.jQuery === 'function' || typeof g.$ === 'function') {\r\n      return true;\r\n    }\r\n\r\n    const existingJqueryScript = this.host.nativeElement.ownerDocument.querySelector<HTMLScriptElement>(\r\n      'script[src*=\"jquery\"]',\r\n    );\r\n    return Boolean(existingJqueryScript);\r\n  }\r\n\r\n  private preventDuplicateValidationBootstrap(g: ReturnType<typeof getSiaraShieldGlobals>): void {\n    const originalAppendValidation = g.AppendValidationJS;\n    if (typeof originalAppendValidation !== 'function') {\n      return;\n    }\n\n    g.AppendValidationJS = () => {\n      const existing = this.host.nativeElement.ownerDocument.querySelector<HTMLScriptElement>(\n        `script[src=\"${VALIDATION_SCRIPT_SRC}\"]`,\n      );\n      if (existing) {\n        return;\n      }\n\n      originalAppendValidation();\n    };\n  }\n\r\n  private async waitForCheckCaptchaApi(timeoutMs = CAPTCHA_READY_TIMEOUT_MS): Promise<void> {\r\n    const startedAt = Date.now();\r\n    while (Date.now() - startedAt < timeoutMs) {\r\n      if (getSiaraShieldGlobals().CheckCaptcha) {\r\n        return;\r\n      }\r\n      await new Promise((resolve) => setTimeout(resolve, 100));\r\n    }\r\n    throw new Error('SiaraShield: CheckCaptcha() was not available within timeout. This can happen when CSP blocks the captcha runtime.');\n  }\n\r\n  /**\r\n   * Calls the global `CheckCaptcha()` from SiaraShield script.\r\n   * Returns true when captcha is valid; emits token if available.\r\n   */\r\n  checkCaptcha(): boolean {\n    const g = getSiaraShieldGlobals();\n    if (!g.CheckCaptcha) {\n      throw new Error('SiaraShield: CheckCaptcha() is not available. Did init() run, and is CSP allowing the captcha scripts?');\n    }\n\r\n    const ok = g.CheckCaptcha();\r\n    if (ok && typeof g.CyberSiaraToken === 'string') {\r\n      this.token.emit(g.CyberSiaraToken);\r\n    }\r\n    return ok;\r\n  }\r\n\r\n  /**\r\n   * Async-friendly captcha validation to avoid first-click timing issues.\r\n   * Retries briefly until token/check API settles.\r\n   */\r\n  async checkCaptchaAsync(options?: { timeoutMs?: number; pollIntervalMs?: number }): Promise<boolean> {\r\n    const timeoutMs = options?.timeoutMs ?? 2000;\r\n    const pollIntervalMs = options?.pollIntervalMs ?? 120;\r\n    const startedAt = Date.now();\r\n\r\n    if (this.checkCaptcha()) {\r\n      return true;\r\n    }\r\n\r\n    while (Date.now() - startedAt < timeoutMs) {\r\n      await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));\r\n      if (this.checkCaptcha()) {\r\n        return true;\r\n      }\r\n    }\r\n\r\n    return false;\r\n  }\r\n}\r\n\r\n","import { getInitCaptchaFn, getSiaraShieldGlobals } from './siara-shield.globals';\nimport { loadScript, prepareScriptNonce } from './siara-shield-script-utils';\n\nconst JQUERY_FALLBACK_SRC = 'https://embedcdn.mycybersiara.com/capcha-temple/js/jquery.min.js';\nconst CAPTCHA_SCRIPT_SRC = 'https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js';\nconst VALIDATION_SCRIPT_SRC = 'https://embed.mycybersiara.com/CaptchaFormate/SiaraShield_Validation.js';\nconst CAPTCHA_READY_TIMEOUT_MS = 8000;\n\r\nexport interface InitSiaraShieldOptions {\n  /** SiaraShield public key. Use \"TEST-CYBERSIARA\" for staging/development. */\n  publicKey: string;\n  /**\n   * Loads jQuery before SiaraShield script.\n   * Default is true for easier integration.\n   * Set to false only if your site/app already loads jQuery.\n   */\n  loadJQuery?: boolean;\n  /** CSP nonce for strict policies (`script-src 'nonce-...'`). Pair with `getSiaraShieldCspPolicy()`. */\n  cspNonce?: string;\n}\n\r\nlet pending: Promise<void> | null = null;\nlet initialized = false;\n\nfunction isJQueryAlreadyAvailable(): boolean {\n  const g = getSiaraShieldGlobals();\n  if (typeof g.jQuery === 'function' || typeof g.$ === 'function') {\n    return true;\n  }\n\n  const existingJqueryScript = document.querySelector<HTMLScriptElement>('script[src*=\"jquery\"]');\n  return Boolean(existingJqueryScript);\n}\n\nfunction preventDuplicateValidationBootstrap(g: ReturnType<typeof getSiaraShieldGlobals>): void {\n  const originalAppendValidation = g.AppendValidationJS;\n  if (typeof originalAppendValidation !== 'function') {\n    return;\n  }\n\n  g.AppendValidationJS = () => {\n    const existing = document.querySelector<HTMLScriptElement>(`script[src=\"${VALIDATION_SCRIPT_SRC}\"]`);\n    if (existing) {\n      return;\n    }\n\n    originalAppendValidation();\n  };\n}\n\r\nasync function waitForCheckCaptchaApi(timeoutMs = CAPTCHA_READY_TIMEOUT_MS): Promise<void> {\n  const startedAt = Date.now();\n  while (Date.now() - startedAt < timeoutMs) {\n    if (getSiaraShieldGlobals().CheckCaptcha) {\n      return;\n    }\r\n    await new Promise((resolve) => setTimeout(resolve, 100));\r\n  }\r\n  throw new Error('SiaraShield: CheckCaptcha() was not available within timeout. This can happen when CSP blocks the captcha runtime.');\n}\n\r\n/**\r\n * Drop-in initializer for SiaraShield.\r\n * - Loads required scripts (optionally jQuery)\r\n * - Calls global `initCaptcha(publicKey)`\r\n *\r\n * Requirements in your HTML/template:\r\n * - You must render: `<div class=\"SiaraShield\"></div>`\r\n */\r\nexport async function initSiaraShield(options: InitSiaraShieldOptions): Promise<void> {\r\n  if (initialized) return;\r\n  if (pending) return pending;\r\n\r\n  if (!options?.publicKey) {\r\n    throw new Error('initSiaraShield: publicKey is required.');\r\n  }\n\n  pending = (async () => {\n    const cspNonce = prepareScriptNonce(document, options.cspNonce);\n\n    if ((options.loadJQuery ?? true) && !isJQueryAlreadyAvailable()) {\n      await loadScript(document, JQUERY_FALLBACK_SRC, { nonce: cspNonce });\n    }\n\n    await loadScript(document, CAPTCHA_SCRIPT_SRC, {\n      nonce: cspNonce,\n    });\n    await loadScript(document, VALIDATION_SCRIPT_SRC, {\n      nonce: cspNonce,\n    });\n\n    const g = getSiaraShieldGlobals();\n    preventDuplicateValidationBootstrap(g);\n    const initCaptchaFn = getInitCaptchaFn(g);\n    if (!initCaptchaFn) {\n      throw new Error(\n        'SiaraShield: InitCaptcha() is not available after loading scripts. Check whether CSP blocked vendor scripts or inline execution.',\n      );\n    }\n\r\n    initCaptchaFn(options.publicKey);\r\n    await waitForCheckCaptchaApi();\r\n    initialized = true;\r\n  })();\r\n\r\n  try {\r\n    await pending;\r\n  } finally {\r\n    // keep `pending` cached for subsequent callers\r\n  }\r\n}\r\n\r\n/**\r\n * Calls global `CheckCaptcha()` and returns its boolean result.\r\n * If successful, returns `{ ok: true, token?: string }`.\r\n */\r\nexport function checkSiaraShieldCaptcha(): { ok: boolean; token?: string } {\n  const g = getSiaraShieldGlobals();\n  if (!g.CheckCaptcha) {\n    throw new Error('SiaraShield: CheckCaptcha() is not available. Did initSiaraShield() run, and is CSP allowing the captcha scripts?');\n  }\n\r\n  const ok = g.CheckCaptcha();\r\n  const token = typeof g.CyberSiaraToken === 'string' ? g.CyberSiaraToken : undefined;\r\n  return ok ? { ok: true, token } : { ok: false };\r\n}\r\n\r\n/**\r\n * Async-friendly captcha check to handle delayed token population.\r\n */\r\nexport async function checkSiaraShieldCaptchaAsync(options?: {\r\n  timeoutMs?: number;\r\n  pollIntervalMs?: number;\r\n}): Promise<{ ok: boolean; token?: string }> {\r\n  const timeoutMs = options?.timeoutMs ?? 1200;\r\n  const pollIntervalMs = options?.pollIntervalMs ?? 120;\r\n  const firstCheck = checkSiaraShieldCaptcha(); // one API call only\r\n  if (!firstCheck.ok) return firstCheck;\r\n  if (firstCheck.token) return firstCheck;\r\n\r\n  const startedAt = Date.now();\r\n  // Token can be assigned slightly after successful verification.\r\n  while (Date.now() - startedAt < timeoutMs) {\r\n    await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));\r\n    const token = getSiaraShieldGlobals().CyberSiaraToken;\r\n    if (typeof token === 'string' && token.length > 0) {\r\n      return { ok: true, token };\r\n    }\r\n  }\r\n\r\n  return { ok: true };\r\n}\r\n\r\n","export interface SiaraShieldCspOptions {\n  /** Server-generated nonce value without the `'nonce-'` prefix. */\n  nonce?: string;\n  /** Optional if the customer still loads jQuery from Google's CDN. */\n  includeGoogleApis?: boolean;\n  /** Keep `'unsafe-inline'` in `script-src` for strict vendor compatibility. */\n  includeUnsafeInlineScript?: boolean;\n  /** Keep `style-src 'unsafe-inline'` for current vendor markup/styles. */\n  includeUnsafeInlineStyle?: boolean;\n}\n\nexport type SiaraShieldCspDirectives = Record<string, string[]>;\n\nconst SELF = \"'self'\";\nconst DATA = 'data:';\nconst UNSAFE_INLINE = \"'unsafe-inline'\";\n\nconst SCRIPT_HOSTS = ['https://embedcdn.mycybersiara.com', 'https://embed.mycybersiara.com'] as const;\nconst OPTIONAL_SCRIPT_HOSTS = ['https://ajax.googleapis.com'] as const;\nconst CONNECT_HOSTS = ['https://embed.mycybersiara.com', 'https://embedcdn.mycybersiara.com'] as const;\nconst STYLE_HOSTS = [\n  'https://embed.mycybersiara.com',\n  'https://mycybersiara.com',\n  'https://fonts.googleapis.com',\n  'https://cdnjs.cloudflare.com',\n] as const;\nconst FONT_HOSTS = [\n  'https://fonts.gstatic.com',\n  'https://mycybersiara.com',\n  'https://cdnjs.cloudflare.com',\n] as const;\nconst IMG_HOSTS = [\n  'https://embed.mycybersiara.com',\n  'https://embedcdn.mycybersiara.com',\n  'https://mycybersiara.com',\n] as const;\n\nfunction unique(values: Array<string | undefined>): string[] {\n  return [...new Set(values.filter((value): value is string => Boolean(value && value.trim())))];\n}\n\nfunction nonceSource(nonce?: string): string | undefined {\n  return nonce ? `'nonce-${nonce}'` : undefined;\n}\n\nfunction serializeDirective(name: string, values: string[]): string {\n  return values.length > 0 ? `${name} ${values.join(' ')}` : name;\n}\n\nfunction parsePolicy(policy: string): Map<string, string[]> {\n  const directives = new Map<string, string[]>();\n\n  for (const rawDirective of policy.split(';')) {\n    const directive = rawDirective.trim();\n    if (!directive) {\n      continue;\n    }\n\n    const parts = directive.split(/\\s+/).filter(Boolean);\n    const [name, ...values] = parts;\n    if (!name) {\n      continue;\n    }\n\n    directives.set(name, values);\n  }\n\n  return directives;\n}\n\nexport function getSiaraShieldCspDirectives(options?: SiaraShieldCspOptions): SiaraShieldCspDirectives {\n  const includeGoogleApis = options?.includeGoogleApis ?? false;\n  const includeUnsafeInlineScript = options?.includeUnsafeInlineScript ?? true;\n  const includeUnsafeInlineStyle = options?.includeUnsafeInlineStyle ?? true;\n  const nonce = nonceSource(options?.nonce);\n  const scriptHosts = includeGoogleApis ? [...SCRIPT_HOSTS, ...OPTIONAL_SCRIPT_HOSTS] : [...SCRIPT_HOSTS];\n\n  return {\n    'default-src': unique([SELF]),\n    'script-src': unique([SELF, nonce, ...scriptHosts, includeUnsafeInlineScript ? UNSAFE_INLINE : undefined]),\n    'script-src-elem': unique([SELF, nonce, ...scriptHosts]),\n    'connect-src': unique([SELF, ...CONNECT_HOSTS]),\n    'img-src': unique([SELF, DATA, ...IMG_HOSTS]),\n    'style-src': unique([SELF, includeUnsafeInlineStyle ? UNSAFE_INLINE : undefined, ...STYLE_HOSTS]),\n    'font-src': unique([SELF, ...FONT_HOSTS, DATA]),\n  };\n}\n\nexport function getSiaraShieldCspPolicy(options?: SiaraShieldCspOptions): string {\n  return Object.entries(getSiaraShieldCspDirectives(options))\n    .map(([name, values]) => serializeDirective(name, values))\n    .join('; ');\n}\n\nexport function mergeSiaraShieldCspPolicy(existingPolicy: string, options?: SiaraShieldCspOptions): string {\n  const directives = parsePolicy(existingPolicy);\n  const recommended = getSiaraShieldCspDirectives(options);\n\n  for (const [name, values] of Object.entries(recommended)) {\n    directives.set(name, unique([...(directives.get(name) ?? []), ...values]));\n  }\n\n  return [...directives.entries()]\n    .map(([name, values]) => serializeDirective(name, values))\n    .join('; ');\n}\n","/*\n * Public API Surface of siarashield-workspace\n */\n\nexport * from './lib/siarashield-workspace';\nexport * from './lib/siara-shield.component';\nexport * from './lib/siara-shield-loader.service';\nexport * from './lib/siara-shield.globals';\nexport * from './lib/siara-shield';\nexport * from './lib/siara-shield-csp';\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './public-api';\n"],"names":["JQUERY_FALLBACK_SRC","CAPTCHA_SCRIPT_SRC","VALIDATION_SCRIPT_SRC","CAPTCHA_READY_TIMEOUT_MS","i1.SiaraShieldLoaderService"],"mappings":";;;;SAagB,qBAAqB,GAAA;AACnC,IAAA,OAAQ,UAAwE;AAClF;AAEM,SAAU,gBAAgB,CAAC,CAAqB,EAAA;AACpD,IAAA,OAAO,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW;AACvC;;ACRA,MAAM,yBAAyB,GAAG,IAAI,OAAO,EAAuC;AACpF,MAAM,0BAA0B,GAAG,IAAI,OAAO,EAAwC;AACtF,MAAM,8BAA8B,GAAG,wCAAwC;AAE/E,SAAS,cAAc,CAAC,WAAqB,EAAA;IAC3C,IAAI,WAAW,GAAG,yBAAyB,CAAC,GAAG,CAAC,WAAW,CAAC;IAC5D,IAAI,CAAC,WAAW,EAAE;AAChB,QAAA,WAAW,GAAG,IAAI,GAAG,EAAwB;AAC7C,QAAA,yBAAyB,CAAC,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC;IACzD;AAEA,IAAA,OAAO,WAAW;AACpB;AAEA,SAAS,eAAe,CAAC,WAAqB,EAAA;IAC5C,IAAI,YAAY,GAAG,0BAA0B,CAAC,GAAG,CAAC,WAAW,CAAC;IAC9D,IAAI,CAAC,YAAY,EAAE;AACjB,QAAA,YAAY,GAAG,IAAI,GAAG,EAAyB;AAC/C,QAAA,0BAA0B,CAAC,GAAG,CAAC,WAAW,EAAE,YAAY,CAAC;IAC3D;AAEA,IAAA,OAAO,YAAY;AACrB;AAEA,SAAS,+BAA+B,GAAA;IACtC,MAAM,WAAW,GAAG,UAEnB;AAED,IAAA,IAAI,CAAC,WAAW,CAAC,8BAA8B,CAAC,EAAE;QAChD,WAAW,CAAC,8BAA8B,CAAC,GAAG;YAC5C,eAAe,EAAE,IAAI,OAAO,EAAoB;AAChD,YAAA,OAAO,EAAE,KAAK;SACf;IACH;AAEA,IAAA,OAAO,WAAW,CAAC,8BAA8B,CAAC;AACpD;AAEA,SAAS,cAAc,CAAC,KAAqB,EAAA;AAC3C,IAAA,MAAM,OAAO,GAAG,KAAK,EAAE,IAAI,EAAE;IAC7B,OAAO,OAAO,GAAG,OAAO,GAAG,SAAS;AACtC;AAEA,SAAS,eAAe,CAAC,IAAU,EAAA;AACjC,IAAA,OAAO,IAAI,YAAY,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,QAAQ;AAC3E;AAEM,SAAU,gBAAgB,CAAC,MAAyB,EAAE,KAAc,EAAA;AACxE,IAAA,MAAM,aAAa,GAAG,cAAc,CAAC,KAAK,CAAC;IAC3C,IAAI,CAAC,aAAa,EAAE;QAClB;IACF;AAEA,IAAA,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,aAAa,CAAC;AAC3C,IAAA,MAAM,CAAC,KAAK,GAAG,aAAa;AAC9B;AAEA,SAAS,iBAAiB,CAAC,IAAU,EAAA;AACnC,IAAA,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE;QAC1B;IACF;AAEA,IAAA,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa;IACtC,IAAI,CAAC,WAAW,EAAE;QAChB;IACF;IAEA,MAAM,KAAK,GAAG,+BAA+B,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,WAAW,CAAC;AAChF,IAAA,gBAAgB,CAAC,IAAI,EAAE,KAAK,CAAC;AAC/B;AAEA,SAAS,2BAA2B,GAAA;AAClC,IAAA,MAAM,UAAU,GAAG,+BAA+B,EAAE;AACpD,IAAA,IAAI,UAAU,CAAC,OAAO,EAAE;QACtB;IACF;AAEA,IAAA,MAAM,mBAAmB,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW;AACtD,IAAA,MAAM,oBAAoB,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY;AACxD,IAAA,MAAM,oBAAoB,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY;AAExD,IAAA,IAAI,CAAC,SAAS,CAAC,WAAW,GAAG,UAA0B,IAAO,EAAA;QAC5D,iBAAiB,CAAC,IAAI,CAAC;QACvB,OAAO,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAM;AAClD,IAAA,CAAC;IAED,IAAI,CAAC,SAAS,CAAC,YAAY,GAAG,UAA0B,IAAO,EAAE,KAAkB,EAAA;QACjF,iBAAiB,CAAC,IAAI,CAAC;QACvB,OAAO,oBAAoB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAM;AAC1D,IAAA,CAAC;IAED,IAAI,CAAC,SAAS,CAAC,YAAY,GAAG,UAA0B,IAAU,EAAE,KAAQ,EAAA;QAC1E,iBAAiB,CAAC,IAAI,CAAC;QACvB,OAAO,oBAAoB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAM;AAC1D,IAAA,CAAC;AAED,IAAA,UAAU,CAAC,OAAO,GAAG,IAAI;AAC3B;AAEM,SAAU,eAAe,CAAC,WAAqB,EAAE,aAAsB,EAAA;AAC3E,IAAA,MAAM,qBAAqB,GAAG,cAAc,CAAC,aAAa,CAAC;IAC3D,IAAI,qBAAqB,EAAE;AACzB,QAAA,OAAO,qBAAqB;IAC9B;IAEA,MAAM,eAAe,GAAG,WAAW,CAAC,aAAa,CAAoB,eAAe,CAAC;AACrF,IAAA,MAAM,eAAe,GAAG,cAAc,CAAC,eAAe,EAAE,YAAY,CAAC,OAAO,CAAC,IAAI,eAAe,EAAE,KAAK,CAAC;IACxG,IAAI,eAAe,EAAE;AACnB,QAAA,OAAO,eAAe;IACxB;IAEA,MAAM,SAAS,GAAG,WAAW,CAAC,aAAa,CAAkB,wBAAwB,CAAC;AACtF,IAAA,OAAO,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC;AAC3C;AAEM,SAAU,kBAAkB,CAAC,WAAqB,EAAE,aAAsB,EAAA;IAC9E,MAAM,aAAa,GAAG,eAAe,CAAC,WAAW,EAAE,aAAa,CAAC;AACjE,IAAA,MAAM,UAAU,GAAG,+BAA+B,EAAE;AAEpD,IAAA,2BAA2B,EAAE;IAE7B,IAAI,aAAa,EAAE;QACjB,UAAU,CAAC,eAAe,CAAC,GAAG,CAAC,WAAW,EAAE,aAAa,CAAC;IAC5D;SAAO;AACL,QAAA,UAAU,CAAC,eAAe,CAAC,MAAM,CAAC,WAAW,CAAC;IAChD;AAEA,IAAA,OAAO,aAAa;AACtB;SAEgB,UAAU,CAAC,WAAqB,EAAE,GAAW,EAAE,OAA2B,EAAA;IACxF,MAAM,KAAK,GAAG,kBAAkB,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC;AAC7D,IAAA,MAAM,WAAW,GAAG,cAAc,CAAC,WAAW,CAAC;AAC/C,IAAA,MAAM,YAAY,GAAG,eAAe,CAAC,WAAW,CAAC;IACjD,MAAM,QAAQ,GAAG,WAAW,CAAC,aAAa,CAAoB,CAAA,YAAA,EAAe,GAAG,CAAA,EAAA,CAAI,CAAC;IAErF,IAAI,QAAQ,EAAE;AACZ,QAAA,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC;QACjC,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC;AACnC,QAAA,IAAI,MAAM,KAAK,QAAQ,EAAE;AACvB,YAAA,OAAO,OAAO,CAAC,OAAO,EAAE;QAC1B;QAEA,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;QACrC,IAAI,OAAO,EAAE;AACX,YAAA,OAAO,OAAO;QAChB;AAEA,QAAA,OAAO,OAAO,CAAC,OAAO,EAAE;IAC1B;AAEA,IAAA,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC;IAE/B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,KAAI;QACpD,MAAM,MAAM,GAAG,WAAW,CAAC,aAAa,CAAC,QAAQ,CAAC;AAClD,QAAA,MAAM,CAAC,GAAG,GAAG,GAAG;AAChB,QAAA,MAAM,CAAC,KAAK,GAAG,IAAI;AACnB,QAAA,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC;AAC/B,QAAA,MAAM,CAAC,MAAM,GAAG,MAAK;AACnB,YAAA,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC;AAC9B,YAAA,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC;AACxB,YAAA,OAAO,EAAE;AACX,QAAA,CAAC;AACD,QAAA,MAAM,CAAC,OAAO,GAAG,MAAK;AACpB,YAAA,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC;AAC7B,YAAA,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC;YACxB,MAAM,CAAC,IAAI,KAAK,CAAC,0BAA0B,GAAG,CAAA,8CAAA,CAAgD,CAAC,CAAC;AAClG,QAAA,CAAC;AACD,QAAA,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;AACtC,IAAA,CAAC,CAAC;AAEF,IAAA,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC;AAC9B,IAAA,OAAO,OAAO;AAChB;;MCnLa,wBAAwB,CAAA;AACY,IAAA,QAAA;AAA/C,IAAA,WAAA,CAA+C,QAAkB,EAAA;QAAlB,IAAA,CAAA,QAAQ,GAAR,QAAQ;IAAa;IAEpE,UAAU,CAAC,GAAW,EAAE,OAA2B,EAAA;QACjD,OAAO,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,OAAO,CAAC;IAChD;AALW,IAAA,OAAA,IAAA,GAAA,EAAA,CAAA,kBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,QAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,wBAAwB,kBACf,QAAQ,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA;AADjB,IAAA,OAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,QAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,wBAAwB,cADX,MAAM,EAAA,CAAA;;2FACnB,wBAAwB,EAAA,UAAA,EAAA,CAAA;kBADpC,UAAU;mBAAC,EAAE,UAAU,EAAE,MAAM,EAAE;;0BAEnB,MAAM;2BAAC,QAAQ;;;ACF9B,MAAMA,qBAAmB,GAAG,kEAAkE;AAC9F,MAAMC,oBAAkB,GAAG,sEAAsE;AACjG,MAAMC,uBAAqB,GAAG,yEAAyE;AACvG,MAAMC,0BAAwB,GAAG,IAAI;MAiBxB,oBAAoB,CAAA;AAaZ,IAAA,IAAA;AACA,IAAA,MAAA;AAbQ,IAAA,SAAS;IAC3B,UAAU,GAAG,IAAI;AACjB,IAAA,QAAQ;AAEjB;;AAEG;AACO,IAAA,KAAK,GAAG,IAAI,YAAY,EAAU;IAEpC,WAAW,GAAG,KAAK;IAE3B,WAAA,CACmB,IAA6B,EAC7B,MAAgC,EAAA;QADhC,IAAA,CAAA,IAAI,GAAJ,IAAI;QACJ,IAAA,CAAA,MAAM,GAAN,MAAM;IACtB;AAEH,IAAA,MAAM,eAAe,GAAA;QACnB,MAAM,IAAI,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC;IACtG;IAEA,MAAM,IAAI,CAAC,OAA+B,EAAA;QACxC,IAAI,IAAI,CAAC,WAAW;YAAE;;AAGtB,QAAA,KAAK,IAAI,CAAC,IAAI,CAAC,aAAa;AAE5B,QAAA,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;AACtB,YAAA,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC;QACjE;AACA,QAAA,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE,OAAO,CAAC,QAAQ,CAAC;AAE5F,QAAA,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE;AACpE,YAAA,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAACH,qBAAmB,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;QACxE;AAEA,QAAA,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAACC,oBAAkB,EAAE;AAC/C,YAAA,KAAK,EAAE,QAAQ;AAChB,SAAA,CAAC;AACF,QAAA,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAACC,uBAAqB,EAAE;AAClD,YAAA,KAAK,EAAE,QAAQ;AAChB,SAAA,CAAC;AAEF,QAAA,MAAM,CAAC,GAAG,qBAAqB,EAAE;AACjC,QAAA,IAAI,CAAC,mCAAmC,CAAC,CAAC,CAAC;AAC3C,QAAA,MAAM,aAAa,GAAG,gBAAgB,CAAC,CAAC,CAAC;QACzC,IAAI,CAAC,aAAa,EAAE;AAClB,YAAA,MAAM,IAAI,KAAK,CACb,kIAAkI,CACnI;QACH;AAEA,QAAA,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC;AAChC,QAAA,MAAM,IAAI,CAAC,sBAAsB,EAAE;AACnC,QAAA,IAAI,CAAC,WAAW,GAAG,IAAI;IACzB;AAEA;;AAEG;IACK,wBAAwB,GAAA;AAC9B,QAAA,MAAM,CAAC,GAAG,qBAAqB,EAAE;AACjC,QAAA,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,UAAU,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE;AAC/D,YAAA,OAAO,IAAI;QACb;AAEA,QAAA,MAAM,oBAAoB,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,aAAa,CAC9E,uBAAuB,CACxB;AACD,QAAA,OAAO,OAAO,CAAC,oBAAoB,CAAC;IACtC;AAEQ,IAAA,mCAAmC,CAAC,CAA2C,EAAA;AACrF,QAAA,MAAM,wBAAwB,GAAG,CAAC,CAAC,kBAAkB;AACrD,QAAA,IAAI,OAAO,wBAAwB,KAAK,UAAU,EAAE;YAClD;QACF;AAEA,QAAA,CAAC,CAAC,kBAAkB,GAAG,MAAK;AAC1B,YAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,aAAa,CAClE,CAAA,YAAA,EAAeA,uBAAqB,CAAA,EAAA,CAAI,CACzC;YACD,IAAI,QAAQ,EAAE;gBACZ;YACF;AAEA,YAAA,wBAAwB,EAAE;AAC5B,QAAA,CAAC;IACH;AAEQ,IAAA,MAAM,sBAAsB,CAAC,SAAS,GAAGC,0BAAwB,EAAA;AACvE,QAAA,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;QAC5B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE;AACzC,YAAA,IAAI,qBAAqB,EAAE,CAAC,YAAY,EAAE;gBACxC;YACF;AACA,YAAA,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC1D;AACA,QAAA,MAAM,IAAI,KAAK,CAAC,oHAAoH,CAAC;IACvI;AAEA;;;AAGG;IACH,YAAY,GAAA;AACV,QAAA,MAAM,CAAC,GAAG,qBAAqB,EAAE;AACjC,QAAA,IAAI,CAAC,CAAC,CAAC,YAAY,EAAE;AACnB,YAAA,MAAM,IAAI,KAAK,CAAC,wGAAwG,CAAC;QAC3H;AAEA,QAAA,MAAM,EAAE,GAAG,CAAC,CAAC,YAAY,EAAE;QAC3B,IAAI,EAAE,IAAI,OAAO,CAAC,CAAC,eAAe,KAAK,QAAQ,EAAE;YAC/C,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC;QACpC;AACA,QAAA,OAAO,EAAE;IACX;AAEA;;;AAGG;IACH,MAAM,iBAAiB,CAAC,OAAyD,EAAA;AAC/E,QAAA,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,IAAI;AAC5C,QAAA,MAAM,cAAc,GAAG,OAAO,EAAE,cAAc,IAAI,GAAG;AACrD,QAAA,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;AAE5B,QAAA,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE;AACvB,YAAA,OAAO,IAAI;QACb;QAEA,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE;AACzC,YAAA,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;AACnE,YAAA,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE;AACvB,gBAAA,OAAO,IAAI;YACb;QACF;AAEA,QAAA,OAAO,KAAK;IACd;uGA3IW,oBAAoB,EAAA,IAAA,EAAA,CAAA,EAAA,KAAA,EAAA,EAAA,CAAA,UAAA,EAAA,EAAA,EAAA,KAAA,EAAAC,wBAAA,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,SAAA,EAAA,CAAA;AAApB,IAAA,OAAA,IAAA,GAAA,EAAA,CAAA,oBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,QAAA,EAAA,IAAA,EAAA,oBAAoB,yLAHrB,CAAA,+BAAA,CAAiC,EAAA,QAAA,EAAA,IAAA,EAAA,aAAA,EAAA,EAAA,CAAA,iBAAA,CAAA,IAAA,EAAA,CAAA;;2FAGhC,oBAAoB,EAAA,UAAA,EAAA,CAAA;kBANhC,SAAS;AAAC,YAAA,IAAA,EAAA,CAAA;AACT,oBAAA,QAAQ,EAAE,cAAc;AACxB,oBAAA,UAAU,EAAE,IAAI;AAChB,oBAAA,QAAQ,EAAE,CAAA,+BAAA,CAAiC;oBAC3C,aAAa,EAAE,iBAAiB,CAAC,IAAI;AACtC,iBAAA;;sBAEE,KAAK;uBAAC,EAAE,QAAQ,EAAE,IAAI,EAAE;;sBACxB;;sBACA;;sBAKA;;;AC9BH,MAAM,mBAAmB,GAAG,kEAAkE;AAC9F,MAAM,kBAAkB,GAAG,sEAAsE;AACjG,MAAM,qBAAqB,GAAG,yEAAyE;AACvG,MAAM,wBAAwB,GAAG,IAAI;AAerC,IAAI,OAAO,GAAyB,IAAI;AACxC,IAAI,WAAW,GAAG,KAAK;AAEvB,SAAS,wBAAwB,GAAA;AAC/B,IAAA,MAAM,CAAC,GAAG,qBAAqB,EAAE;AACjC,IAAA,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,UAAU,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE;AAC/D,QAAA,OAAO,IAAI;IACb;IAEA,MAAM,oBAAoB,GAAG,QAAQ,CAAC,aAAa,CAAoB,uBAAuB,CAAC;AAC/F,IAAA,OAAO,OAAO,CAAC,oBAAoB,CAAC;AACtC;AAEA,SAAS,mCAAmC,CAAC,CAA2C,EAAA;AACtF,IAAA,MAAM,wBAAwB,GAAG,CAAC,CAAC,kBAAkB;AACrD,IAAA,IAAI,OAAO,wBAAwB,KAAK,UAAU,EAAE;QAClD;IACF;AAEA,IAAA,CAAC,CAAC,kBAAkB,GAAG,MAAK;QAC1B,MAAM,QAAQ,GAAG,QAAQ,CAAC,aAAa,CAAoB,CAAA,YAAA,EAAe,qBAAqB,CAAA,EAAA,CAAI,CAAC;QACpG,IAAI,QAAQ,EAAE;YACZ;QACF;AAEA,QAAA,wBAAwB,EAAE;AAC5B,IAAA,CAAC;AACH;AAEA,eAAe,sBAAsB,CAAC,SAAS,GAAG,wBAAwB,EAAA;AACxE,IAAA,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;IAC5B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE;AACzC,QAAA,IAAI,qBAAqB,EAAE,CAAC,YAAY,EAAE;YACxC;QACF;AACA,QAAA,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAC1D;AACA,IAAA,MAAM,IAAI,KAAK,CAAC,oHAAoH,CAAC;AACvI;AAEA;;;;;;;AAOG;AACI,eAAe,eAAe,CAAC,OAA+B,EAAA;AACnE,IAAA,IAAI,WAAW;QAAE;AACjB,IAAA,IAAI,OAAO;AAAE,QAAA,OAAO,OAAO;AAE3B,IAAA,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE;AACvB,QAAA,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC;IAC5D;AAEA,IAAA,OAAO,GAAG,CAAC,YAAW;QACpB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC;AAE/D,QAAA,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,IAAI,KAAK,CAAC,wBAAwB,EAAE,EAAE;AAC/D,YAAA,MAAM,UAAU,CAAC,QAAQ,EAAE,mBAAmB,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;QACtE;AAEA,QAAA,MAAM,UAAU,CAAC,QAAQ,EAAE,kBAAkB,EAAE;AAC7C,YAAA,KAAK,EAAE,QAAQ;AAChB,SAAA,CAAC;AACF,QAAA,MAAM,UAAU,CAAC,QAAQ,EAAE,qBAAqB,EAAE;AAChD,YAAA,KAAK,EAAE,QAAQ;AAChB,SAAA,CAAC;AAEF,QAAA,MAAM,CAAC,GAAG,qBAAqB,EAAE;QACjC,mCAAmC,CAAC,CAAC,CAAC;AACtC,QAAA,MAAM,aAAa,GAAG,gBAAgB,CAAC,CAAC,CAAC;QACzC,IAAI,CAAC,aAAa,EAAE;AAClB,YAAA,MAAM,IAAI,KAAK,CACb,kIAAkI,CACnI;QACH;AAEA,QAAA,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC;QAChC,MAAM,sBAAsB,EAAE;QAC9B,WAAW,GAAG,IAAI;IACpB,CAAC,GAAG;AAEJ,IAAA,IAAI;AACF,QAAA,MAAM,OAAO;IACf;YAAU;;IAEV;AACF;AAEA;;;AAGG;SACa,uBAAuB,GAAA;AACrC,IAAA,MAAM,CAAC,GAAG,qBAAqB,EAAE;AACjC,IAAA,IAAI,CAAC,CAAC,CAAC,YAAY,EAAE;AACnB,QAAA,MAAM,IAAI,KAAK,CAAC,mHAAmH,CAAC;IACtI;AAEA,IAAA,MAAM,EAAE,GAAG,CAAC,CAAC,YAAY,EAAE;AAC3B,IAAA,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,eAAe,KAAK,QAAQ,GAAG,CAAC,CAAC,eAAe,GAAG,SAAS;AACnF,IAAA,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE;AACjD;AAEA;;AAEG;AACI,eAAe,4BAA4B,CAAC,OAGlD,EAAA;AACC,IAAA,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,IAAI;AAC5C,IAAA,MAAM,cAAc,GAAG,OAAO,EAAE,cAAc,IAAI,GAAG;AACrD,IAAA,MAAM,UAAU,GAAG,uBAAuB,EAAE,CAAC;IAC7C,IAAI,CAAC,UAAU,CAAC,EAAE;AAAE,QAAA,OAAO,UAAU;IACrC,IAAI,UAAU,CAAC,KAAK;AAAE,QAAA,OAAO,UAAU;AAEvC,IAAA,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;;IAE5B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE;AACzC,QAAA,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;AACnE,QAAA,MAAM,KAAK,GAAG,qBAAqB,EAAE,CAAC,eAAe;QACrD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;AACjD,YAAA,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;QAC5B;IACF;AAEA,IAAA,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE;AACrB;;AC1IA,MAAM,IAAI,GAAG,QAAQ;AACrB,MAAM,IAAI,GAAG,OAAO;AACpB,MAAM,aAAa,GAAG,iBAAiB;AAEvC,MAAM,YAAY,GAAG,CAAC,mCAAmC,EAAE,gCAAgC,CAAU;AACrG,MAAM,qBAAqB,GAAG,CAAC,6BAA6B,CAAU;AACtE,MAAM,aAAa,GAAG,CAAC,gCAAgC,EAAE,mCAAmC,CAAU;AACtG,MAAM,WAAW,GAAG;IAClB,gCAAgC;IAChC,0BAA0B;IAC1B,8BAA8B;IAC9B,8BAA8B;CACtB;AACV,MAAM,UAAU,GAAG;IACjB,2BAA2B;IAC3B,0BAA0B;IAC1B,8BAA8B;CACtB;AACV,MAAM,SAAS,GAAG;IAChB,gCAAgC;IAChC,mCAAmC;IACnC,0BAA0B;CAClB;AAEV,SAAS,MAAM,CAAC,MAAiC,EAAA;IAC/C,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,KAAsB,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAChG;AAEA,SAAS,WAAW,CAAC,KAAc,EAAA;IACjC,OAAO,KAAK,GAAG,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA,CAAG,GAAG,SAAS;AAC/C;AAEA,SAAS,kBAAkB,CAAC,IAAY,EAAE,MAAgB,EAAA;IACxD,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,GAAG,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI;AACjE;AAEA,SAAS,WAAW,CAAC,MAAc,EAAA;AACjC,IAAA,MAAM,UAAU,GAAG,IAAI,GAAG,EAAoB;IAE9C,KAAK,MAAM,YAAY,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;AAC5C,QAAA,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,EAAE;QACrC,IAAI,CAAC,SAAS,EAAE;YACd;QACF;AAEA,QAAA,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;QACpD,MAAM,CAAC,IAAI,EAAE,GAAG,MAAM,CAAC,GAAG,KAAK;QAC/B,IAAI,CAAC,IAAI,EAAE;YACT;QACF;AAEA,QAAA,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC;IAC9B;AAEA,IAAA,OAAO,UAAU;AACnB;AAEM,SAAU,2BAA2B,CAAC,OAA+B,EAAA;AACzE,IAAA,MAAM,iBAAiB,GAAG,OAAO,EAAE,iBAAiB,IAAI,KAAK;AAC7D,IAAA,MAAM,yBAAyB,GAAG,OAAO,EAAE,yBAAyB,IAAI,IAAI;AAC5E,IAAA,MAAM,wBAAwB,GAAG,OAAO,EAAE,wBAAwB,IAAI,IAAI;IAC1E,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC;IACzC,MAAM,WAAW,GAAG,iBAAiB,GAAG,CAAC,GAAG,YAAY,EAAE,GAAG,qBAAqB,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;IAEvG,OAAO;AACL,QAAA,aAAa,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC;QAC7B,YAAY,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,WAAW,EAAE,yBAAyB,GAAG,aAAa,GAAG,SAAS,CAAC,CAAC;QAC1G,iBAAiB,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,WAAW,CAAC,CAAC;QACxD,aAAa,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,GAAG,aAAa,CAAC,CAAC;QAC/C,SAAS,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC,CAAC;AAC7C,QAAA,WAAW,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,wBAAwB,GAAG,aAAa,GAAG,SAAS,EAAE,GAAG,WAAW,CAAC,CAAC;QACjG,UAAU,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,GAAG,UAAU,EAAE,IAAI,CAAC,CAAC;KAChD;AACH;AAEM,SAAU,uBAAuB,CAAC,OAA+B,EAAA;IACrE,OAAO,MAAM,CAAC,OAAO,CAAC,2BAA2B,CAAC,OAAO,CAAC;AACvD,SAAA,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC;SACxD,IAAI,CAAC,IAAI,CAAC;AACf;AAEM,SAAU,yBAAyB,CAAC,cAAsB,EAAE,OAA+B,EAAA;AAC/F,IAAA,MAAM,UAAU,GAAG,WAAW,CAAC,cAAc,CAAC;AAC9C,IAAA,MAAM,WAAW,GAAG,2BAA2B,CAAC,OAAO,CAAC;AAExD,IAAA,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE;QACxD,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;IAC5E;AAEA,IAAA,OAAO,CAAC,GAAG,UAAU,CAAC,OAAO,EAAE;AAC5B,SAAA,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC;SACxD,IAAI,CAAC,IAAI,CAAC;AACf;;ACzGA;;AAEG;;ACFH;;AAEG;;;;"}
+{"version":3,"file":"siarashield_workspace.mjs","sources":["../../../projects/siarashield-workspace/src/lib/siara-shield.globals.ts","../../../projects/siarashield-workspace/src/lib/siara-shield-log-utils.ts","../../../projects/siarashield-workspace/src/lib/siara-shield-script-utils.ts","../../../projects/siarashield-workspace/src/lib/siara-shield-loader.service.ts","../../../projects/siarashield-workspace/src/lib/siara-shield.component.ts","../../../projects/siarashield-workspace/src/lib/siara-shield.ts","../../../projects/siarashield-workspace/src/lib/siara-shield-csp.ts","../../../projects/siarashield-workspace/src/public-api.ts","../../../projects/siarashield-workspace/src/siarashield_workspace.ts"],"sourcesContent":["export type InitCaptchaFn = (publicKey: string) => void;\nexport type CheckCaptchaFn = () => boolean;\n\nexport interface SiaraShieldGlobals {\n  initCaptcha?: InitCaptchaFn;\n  InitCaptcha?: InitCaptchaFn;\n  CheckCaptcha?: CheckCaptchaFn;\n  AppendValidationJS?: () => void;\n  CyberSiaraToken?: string;\n  jQuery?: unknown;\n  $?: unknown;\n}\n\nexport function getSiaraShieldGlobals(): SiaraShieldGlobals {\n  return (globalThis as unknown as { [k: string]: unknown }) as SiaraShieldGlobals;\n}\n\nexport function getInitCaptchaFn(g: SiaraShieldGlobals): InitCaptchaFn | undefined {\n  return g.initCaptcha ?? g.InitCaptcha;\n}\n","interface ConsolePatchState {\r\n  depth: number;\r\n  originalLog: Console['log'];\r\n  originalInfo: Console['info'];\r\n  originalWarn: Console['warn'];\r\n  originalDebug: Console['debug'];\r\n}\r\n\r\nconst CONSOLE_PATCH_STATE_KEY = '__siaraShieldConsolePatchState__';\r\nconst DEFAULT_SUPPRESS_WINDOW_MS = 2000;\r\n\r\nfunction getConsolePatchState(): ConsolePatchState {\r\n  const globalState = globalThis as typeof globalThis & {\r\n    [CONSOLE_PATCH_STATE_KEY]?: ConsolePatchState;\r\n  };\r\n\r\n  if (!globalState[CONSOLE_PATCH_STATE_KEY]) {\r\n    globalState[CONSOLE_PATCH_STATE_KEY] = {\r\n      depth: 0,\r\n      originalLog: console.log.bind(console),\r\n      originalInfo: console.info.bind(console),\r\n      originalWarn: console.warn.bind(console),\r\n      originalDebug: console.debug.bind(console),\r\n    };\r\n  }\r\n\r\n  return globalState[CONSOLE_PATCH_STATE_KEY];\r\n}\r\n\r\nfunction muteConsole(): void {\r\n  const patchState = getConsolePatchState();\r\n  patchState.depth += 1;\r\n  if (patchState.depth > 1) return;\r\n\r\n  console.log = () => undefined;\r\n  console.info = () => undefined;\r\n  console.warn = () => undefined;\r\n  console.debug = () => undefined;\r\n}\r\n\r\nfunction unmuteConsole(): void {\r\n  const patchState = getConsolePatchState();\r\n  if (patchState.depth === 0) return;\r\n  patchState.depth -= 1;\r\n  if (patchState.depth > 0) return;\r\n\r\n  console.log = patchState.originalLog;\r\n  console.info = patchState.originalInfo;\r\n  console.warn = patchState.originalWarn;\r\n  console.debug = patchState.originalDebug;\r\n}\r\n\r\nexport function suppressVendorConsoleWindow(windowMs = DEFAULT_SUPPRESS_WINDOW_MS): void {\r\n  muteConsole();\r\n  setTimeout(() => {\r\n    unmuteConsole();\r\n  }, windowMs);\r\n}\r\n\r\n","type ScriptStatus = 'loading' | 'loaded' | 'error';\n\nexport interface ScriptLoadOptions {\n  nonce?: string;\n}\n\ninterface DynamicScriptNoncePatchState {\n  nonceByDocument: WeakMap<Document, string>;\n  observerByDocument: WeakMap<Document, MutationObserver>;\n  patched: boolean;\n}\n\nconst SCRIPT_STATUS_BY_DOCUMENT = new WeakMap<Document, Map<string, ScriptStatus>>();\nconst SCRIPT_PENDING_BY_DOCUMENT = new WeakMap<Document, Map<string, Promise<void>>>();\nconst DYNAMIC_SCRIPT_NONCE_STATE_KEY = '__siaraShieldDynamicScriptNonceState__';\n\nfunction getStatusBySrc(documentRef: Document): Map<string, ScriptStatus> {\n  let statusBySrc = SCRIPT_STATUS_BY_DOCUMENT.get(documentRef);\n  if (!statusBySrc) {\n    statusBySrc = new Map<string, ScriptStatus>();\n    SCRIPT_STATUS_BY_DOCUMENT.set(documentRef, statusBySrc);\n  }\n\n  return statusBySrc;\n}\n\nfunction getPendingBySrc(documentRef: Document): Map<string, Promise<void>> {\n  let pendingBySrc = SCRIPT_PENDING_BY_DOCUMENT.get(documentRef);\n  if (!pendingBySrc) {\n    pendingBySrc = new Map<string, Promise<void>>();\n    SCRIPT_PENDING_BY_DOCUMENT.set(documentRef, pendingBySrc);\n  }\n\n  return pendingBySrc;\n}\n\nfunction getDynamicScriptNoncePatchState(): DynamicScriptNoncePatchState {\n  const globalState = globalThis as typeof globalThis & {\n    [DYNAMIC_SCRIPT_NONCE_STATE_KEY]?: DynamicScriptNoncePatchState;\n  };\n\n  if (!globalState[DYNAMIC_SCRIPT_NONCE_STATE_KEY]) {\n    globalState[DYNAMIC_SCRIPT_NONCE_STATE_KEY] = {\n      nonceByDocument: new WeakMap<Document, string>(),\n      observerByDocument: new WeakMap<Document, MutationObserver>(),\n      patched: false,\n    };\n  }\n\n  return globalState[DYNAMIC_SCRIPT_NONCE_STATE_KEY];\n}\n\nfunction normalizeNonce(nonce?: string | null): string | undefined {\n  const trimmed = nonce?.trim();\n  return trimmed ? trimmed : undefined;\n}\n\nfunction isScriptElement(node: Node): node is HTMLScriptElement {\n  return node instanceof Element && node.tagName.toLowerCase() === 'script';\n}\n\nexport function applyScriptNonce(script: HTMLScriptElement, nonce?: string): void {\n  const resolvedNonce = normalizeNonce(nonce);\n  if (!resolvedNonce) {\n    return;\n  }\n\n  script.setAttribute('nonce', resolvedNonce);\n  script.nonce = resolvedNonce;\n}\n\nfunction applyTrackedNonce(node: Node): void {\n  if (!isScriptElement(node)) {\n    return;\n  }\n\n  const documentRef = node.ownerDocument;\n  if (!documentRef) {\n    return;\n  }\n\n  const nonce = getDynamicScriptNoncePatchState().nonceByDocument.get(documentRef);\n  applyScriptNonce(node, nonce);\n}\n\nfunction walkAndApplyNonce(root: Node, nonce?: string): void {\n  if (!nonce) return;\n\n  // Fast path: root itself is a script.\n  if (isScriptElement(root)) {\n    applyScriptNonce(root, nonce);\n    return;\n  }\n\n  // Common path for jQuery: append DocumentFragment containing scripts created via HTML parsing.\n  if (root instanceof Element || root instanceof DocumentFragment) {\n    const scripts = root.querySelectorAll?.('script') ?? [];\n    for (const script of scripts) {\n      applyScriptNonce(script as HTMLScriptElement, nonce);\n    }\n  }\n}\n\nfunction ensureNonceMutationObserver(documentRef: Document): void {\n  const patchState = getDynamicScriptNoncePatchState();\n  if (patchState.observerByDocument.get(documentRef)) {\n    return;\n  }\n\n  const observer = new MutationObserver((records) => {\n    const nonce = patchState.nonceByDocument.get(documentRef);\n    if (!nonce) return;\n\n    for (const record of records) {\n      for (const node of record.addedNodes) {\n        walkAndApplyNonce(node, nonce);\n      }\n    }\n  });\n\n  // Observe the full document because scripts can be injected into body/head by vendor/jQuery.\n  const root = documentRef.documentElement ?? documentRef;\n  observer.observe(root, { childList: true, subtree: true });\n  patchState.observerByDocument.set(documentRef, observer);\n}\n\nfunction teardownNonceMutationObserver(documentRef: Document): void {\n  const patchState = getDynamicScriptNoncePatchState();\n  const observer = patchState.observerByDocument.get(documentRef);\n  if (!observer) return;\n  observer.disconnect();\n  patchState.observerByDocument.delete(documentRef);\n}\n\nfunction patchDynamicScriptInsertion(): void {\n  const patchState = getDynamicScriptNoncePatchState();\n  if (patchState.patched) {\n    return;\n  }\n\n  const originalAppendChild = Node.prototype.appendChild;\n  const originalInsertBefore = Node.prototype.insertBefore;\n  const originalReplaceChild = Node.prototype.replaceChild;\n\n  Node.prototype.appendChild = function <T extends Node>(node: T): T {\n    applyTrackedNonce(node);\n    return originalAppendChild.call(this, node) as T;\n  };\n\n  Node.prototype.insertBefore = function <T extends Node>(node: T, child: Node | null): T {\n    applyTrackedNonce(node);\n    return originalInsertBefore.call(this, node, child) as T;\n  };\n\n  Node.prototype.replaceChild = function <T extends Node>(node: Node, child: T): T {\n    applyTrackedNonce(node);\n    return originalReplaceChild.call(this, node, child) as T;\n  };\n\n  patchState.patched = true;\n}\n\nexport function resolveCspNonce(documentRef: Document, explicitNonce?: string): string | undefined {\n  const resolvedExplicitNonce = normalizeNonce(explicitNonce);\n  if (resolvedExplicitNonce) {\n    return resolvedExplicitNonce;\n  }\n\n  const scriptWithNonce = documentRef.querySelector<HTMLScriptElement>('script[nonce]');\n  const nonceFromScript = normalizeNonce(scriptWithNonce?.getAttribute('nonce') ?? scriptWithNonce?.nonce);\n  if (nonceFromScript) {\n    return nonceFromScript;\n  }\n\n  const nonceMeta = documentRef.querySelector<HTMLMetaElement>('meta[name=\"csp-nonce\"]');\n  return normalizeNonce(nonceMeta?.content);\n}\n\nexport function prepareScriptNonce(documentRef: Document, explicitNonce?: string): string | undefined {\n  const resolvedNonce = resolveCspNonce(documentRef, explicitNonce);\n  const patchState = getDynamicScriptNoncePatchState();\n\n  patchDynamicScriptInsertion();\n\n  if (resolvedNonce) {\n    patchState.nonceByDocument.set(documentRef, resolvedNonce);\n    ensureNonceMutationObserver(documentRef);\n  } else {\n    patchState.nonceByDocument.delete(documentRef);\n    teardownNonceMutationObserver(documentRef);\n  }\n\n  return resolvedNonce;\n}\n\nexport function loadScript(documentRef: Document, src: string, options?: ScriptLoadOptions): Promise<void> {\n  const nonce = prepareScriptNonce(documentRef, options?.nonce);\n  const statusBySrc = getStatusBySrc(documentRef);\n  const pendingBySrc = getPendingBySrc(documentRef);\n  const existing = documentRef.querySelector<HTMLScriptElement>(`script[src=\"${src}\"]`);\n\n  if (existing) {\n    applyScriptNonce(existing, nonce);\n    const status = statusBySrc.get(src);\n    if (status === 'loaded') {\n      return Promise.resolve();\n    }\n\n    const pending = pendingBySrc.get(src);\n    if (pending) {\n      return pending;\n    }\n\n    return Promise.resolve();\n  }\n\n  statusBySrc.set(src, 'loading');\n\n  const pending = new Promise<void>((resolve, reject) => {\n    const script = documentRef.createElement('script');\n    script.src = src;\n    script.async = true;\n    applyScriptNonce(script, nonce);\n    script.onload = () => {\n      statusBySrc.set(src, 'loaded');\n      pendingBySrc.delete(src);\n      resolve();\n    };\n    script.onerror = () => {\n      statusBySrc.set(src, 'error');\n      pendingBySrc.delete(src);\n      reject(new Error(`Failed to load script: ${src}. Check CSP allowlist and nonce configuration.`));\n    };\n    documentRef.head.appendChild(script);\n  });\n\n  pendingBySrc.set(src, pending);\n  return pending;\n}\n","import { DOCUMENT } from '@angular/common';\nimport { Inject, Injectable } from '@angular/core';\n\nimport { loadScript, type ScriptLoadOptions } from './siara-shield-script-utils';\n\n@Injectable({ providedIn: 'root' })\nexport class SiaraShieldLoaderService {\n  constructor(@Inject(DOCUMENT) private readonly document: Document) {}\n\n  loadScript(src: string, options?: ScriptLoadOptions): Promise<void> {\n    return loadScript(this.document, src, options);\n  }\n}\n","import { AfterViewInit, Component, ElementRef, EventEmitter, Input, Output, ViewEncapsulation } from '@angular/core';\r\nimport { SiaraShieldLoaderService } from './siara-shield-loader.service';\r\nimport { getInitCaptchaFn, getSiaraShieldGlobals } from './siara-shield.globals';\r\nimport { suppressVendorConsoleWindow } from './siara-shield-log-utils';\r\nimport { prepareScriptNonce } from './siara-shield-script-utils';\r\n\r\nconst JQUERY_FALLBACK_SRC = 'https://embedcdn.mycybersiara.com/capcha-temple/js/jquery.min.js';\r\nconst CAPTCHA_SCRIPT_SRC = 'https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js';\r\nconst VALIDATION_SCRIPT_SRC = 'https://embed.mycybersiara.com/CaptchaFormate/SiaraShield_Validation.js';\r\nconst CAPTCHA_READY_TIMEOUT_MS = 8000;\r\n\r\nexport interface SiaraShieldInitOptions {\r\n  /** SiaraShield public key. Use \"TEST-CYBERSIARA\" for staging/development. */\r\n  publicKey: string;\r\n  /** Loads jQuery before SiaraShield script. Default is true for easier integration. Set to false only if your page already includes jQuery. */\r\n  loadJQuery?: boolean;\r\n  /** CSP nonce for strict policies (`script-src 'nonce-...'`). Pair with `getSiaraShieldCspPolicy()`. */\r\n  cspNonce?: string;\r\n  /** Set true only when actively debugging vendor/runtime internals in browser console. */\r\n  allowVendorConsoleLogs?: boolean;\r\n}\r\n\r\n@Component({\r\n  selector: 'siara-shield',\r\n  standalone: true,\r\n  template: `<div class=\"SiaraShield\"></div>`,\r\n  encapsulation: ViewEncapsulation.None,\r\n})\r\nexport class SiaraShieldComponent implements AfterViewInit {\r\n  @Input({ required: true }) publicKey!: string;\r\n  @Input() loadJQuery = true;\r\n  @Input() cspNonce?: string;\r\n  @Input() allowVendorConsoleLogs = false;\r\n\r\n  /**\r\n   * Emits the current `CyberSiaraToken` right after a successful `checkCaptcha()`.\r\n   */\r\n  @Output() token = new EventEmitter<string>();\r\n\r\n  private initialized = false;\r\n\r\n  constructor(\r\n    private readonly host: ElementRef<HTMLElement>,\r\n    private readonly loader: SiaraShieldLoaderService,\r\n  ) {}\r\n\r\n  async ngAfterViewInit(): Promise<void> {\r\n    await this.init({\r\n      publicKey: this.publicKey,\r\n      loadJQuery: this.loadJQuery,\r\n      cspNonce: this.cspNonce,\r\n      allowVendorConsoleLogs: this.allowVendorConsoleLogs,\r\n    });\r\n  }\r\n\r\n  async init(options: SiaraShieldInitOptions): Promise<void> {\r\n    if (this.initialized) return;\r\n\r\n    // Ensure the host element is in DOM before scripts run.\r\n    void this.host.nativeElement;\r\n\r\n    if (!options.publicKey) {\r\n      throw new Error('SiaraShieldComponent: publicKey is required.');\r\n    }\r\n    const cspNonce = prepareScriptNonce(this.host.nativeElement.ownerDocument, options.cspNonce);\r\n\r\n    if ((options.loadJQuery ?? true) && !this.isJQueryAlreadyAvailable()) {\r\n      await this.loader.loadScript(JQUERY_FALLBACK_SRC, { nonce: cspNonce });\r\n    }\r\n\r\n    await this.loader.loadScript(CAPTCHA_SCRIPT_SRC, {\r\n      nonce: cspNonce,\r\n    });\r\n    await this.loader.loadScript(VALIDATION_SCRIPT_SRC, {\r\n      nonce: cspNonce,\r\n    });\r\n\r\n    const g = getSiaraShieldGlobals();\r\n    this.preventDuplicateValidationBootstrap(g);\r\n    const initCaptchaFn = getInitCaptchaFn(g);\r\n    if (!initCaptchaFn) {\r\n      throw new Error(\r\n        'SiaraShield: InitCaptcha() is not available after loading scripts. Check whether CSP blocked vendor scripts or inline execution.',\r\n      );\r\n    }\r\n\r\n    if (!options.allowVendorConsoleLogs) {\r\n      suppressVendorConsoleWindow();\r\n    }\r\n    initCaptchaFn(options.publicKey);\r\n    await this.waitForCheckCaptchaApi();\r\n    this.initialized = true;\r\n  }\r\n\r\n  /**\r\n   * Detect preloaded jQuery from global object or an existing script tag.\r\n   */\r\n  private isJQueryAlreadyAvailable(): boolean {\r\n    const g = getSiaraShieldGlobals();\r\n    if (typeof g.jQuery === 'function' || typeof g.$ === 'function') {\r\n      return true;\r\n    }\r\n\r\n    const existingJqueryScript = this.host.nativeElement.ownerDocument.querySelector<HTMLScriptElement>(\r\n      'script[src*=\"jquery\"]',\r\n    );\r\n    return Boolean(existingJqueryScript);\r\n  }\r\n\r\n  private preventDuplicateValidationBootstrap(g: ReturnType<typeof getSiaraShieldGlobals>): void {\r\n    const originalAppendValidation = g.AppendValidationJS;\r\n    if (typeof originalAppendValidation !== 'function') {\r\n      return;\r\n    }\r\n\r\n    g.AppendValidationJS = () => {\r\n      const existing = this.host.nativeElement.ownerDocument.querySelector<HTMLScriptElement>(\r\n        `script[src=\"${VALIDATION_SCRIPT_SRC}\"]`,\r\n      );\r\n      if (existing) {\r\n        return;\r\n      }\r\n\r\n      originalAppendValidation();\r\n    };\r\n  }\r\n\r\n  private async waitForCheckCaptchaApi(timeoutMs = CAPTCHA_READY_TIMEOUT_MS): Promise<void> {\r\n    const startedAt = Date.now();\r\n    while (Date.now() - startedAt < timeoutMs) {\r\n      if (getSiaraShieldGlobals().CheckCaptcha) {\r\n        return;\r\n      }\r\n      await new Promise((resolve) => setTimeout(resolve, 100));\r\n    }\r\n    throw new Error('SiaraShield: CheckCaptcha() was not available within timeout. This can happen when CSP blocks the captcha runtime.');\r\n  }\r\n\r\n  /**\r\n   * Calls the global `CheckCaptcha()` from SiaraShield script.\r\n   * Returns true when captcha is valid; emits token if available.\r\n   */\r\n  checkCaptcha(): boolean {\r\n    const g = getSiaraShieldGlobals();\r\n    if (!g.CheckCaptcha) {\r\n      throw new Error('SiaraShield: CheckCaptcha() is not available. Did init() run, and is CSP allowing the captcha scripts?');\r\n    }\r\n\r\n    if (!this.allowVendorConsoleLogs) {\r\n      suppressVendorConsoleWindow();\r\n    }\r\n    const ok = g.CheckCaptcha();\r\n    if (ok && typeof g.CyberSiaraToken === 'string') {\r\n      this.token.emit(g.CyberSiaraToken);\r\n    }\r\n    return ok;\r\n  }\r\n\r\n  /**\r\n   * Async-friendly captcha validation to avoid first-click timing issues.\r\n   * Retries briefly until token/check API settles.\r\n   */\r\n  async checkCaptchaAsync(options?: { timeoutMs?: number; pollIntervalMs?: number }): Promise<boolean> {\r\n    const timeoutMs = options?.timeoutMs ?? 2000;\r\n    const pollIntervalMs = options?.pollIntervalMs ?? 120;\r\n    const startedAt = Date.now();\r\n\r\n    if (this.checkCaptcha()) {\r\n      return true;\r\n    }\r\n\r\n    while (Date.now() - startedAt < timeoutMs) {\r\n      await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));\r\n      if (this.checkCaptcha()) {\r\n        return true;\r\n      }\r\n    }\r\n\r\n    return false;\r\n  }\r\n}\r\n\r\n","import { getInitCaptchaFn, getSiaraShieldGlobals } from './siara-shield.globals';\r\nimport { suppressVendorConsoleWindow } from './siara-shield-log-utils';\r\nimport { loadScript, prepareScriptNonce } from './siara-shield-script-utils';\r\n\r\nconst JQUERY_FALLBACK_SRC = 'https://embedcdn.mycybersiara.com/capcha-temple/js/jquery.min.js';\r\nconst CAPTCHA_SCRIPT_SRC = 'https://embedcdn.mycybersiara.com/CaptchaFormate/CaptchaResources.js';\r\nconst VALIDATION_SCRIPT_SRC = 'https://embed.mycybersiara.com/CaptchaFormate/SiaraShield_Validation.js';\r\nconst CAPTCHA_READY_TIMEOUT_MS = 8000;\r\n\r\nexport interface InitSiaraShieldOptions {\r\n  /** SiaraShield public key. Use \"TEST-CYBERSIARA\" for staging/development. */\r\n  publicKey: string;\r\n  /**\r\n   * Loads jQuery before SiaraShield script.\r\n   * Default is true for easier integration.\r\n   * Set to false only if your site/app already loads jQuery.\r\n   */\r\n  loadJQuery?: boolean;\r\n  /** CSP nonce for strict policies (`script-src 'nonce-...'`). Pair with `getSiaraShieldCspPolicy()`. */\r\n  cspNonce?: string;\r\n  /** Set true only when actively debugging vendor/runtime internals in browser console. */\r\n  allowVendorConsoleLogs?: boolean;\r\n}\r\n\r\nlet pending: Promise<void> | null = null;\r\nlet initialized = false;\r\n\r\nfunction isJQueryAlreadyAvailable(): boolean {\r\n  const g = getSiaraShieldGlobals();\r\n  if (typeof g.jQuery === 'function' || typeof g.$ === 'function') {\r\n    return true;\r\n  }\r\n\r\n  const existingJqueryScript = document.querySelector<HTMLScriptElement>('script[src*=\"jquery\"]');\r\n  return Boolean(existingJqueryScript);\r\n}\r\n\r\nfunction preventDuplicateValidationBootstrap(g: ReturnType<typeof getSiaraShieldGlobals>): void {\r\n  const originalAppendValidation = g.AppendValidationJS;\r\n  if (typeof originalAppendValidation !== 'function') {\r\n    return;\r\n  }\r\n\r\n  g.AppendValidationJS = () => {\r\n    const existing = document.querySelector<HTMLScriptElement>(`script[src=\"${VALIDATION_SCRIPT_SRC}\"]`);\r\n    if (existing) {\r\n      return;\r\n    }\r\n\r\n    originalAppendValidation();\r\n  };\r\n}\r\n\r\nasync function waitForCheckCaptchaApi(timeoutMs = CAPTCHA_READY_TIMEOUT_MS): Promise<void> {\r\n  const startedAt = Date.now();\r\n  while (Date.now() - startedAt < timeoutMs) {\r\n    if (getSiaraShieldGlobals().CheckCaptcha) {\r\n      return;\r\n    }\r\n    await new Promise((resolve) => setTimeout(resolve, 100));\r\n  }\r\n  throw new Error('SiaraShield: CheckCaptcha() was not available within timeout. This can happen when CSP blocks the captcha runtime.');\r\n}\r\n\r\n/**\r\n * Drop-in initializer for SiaraShield.\r\n * - Loads required scripts (optionally jQuery)\r\n * - Calls global `initCaptcha(publicKey)`\r\n *\r\n * Requirements in your HTML/template:\r\n * - You must render: `<div class=\"SiaraShield\"></div>`\r\n */\r\nexport async function initSiaraShield(options: InitSiaraShieldOptions): Promise<void> {\r\n  if (initialized) return;\r\n  if (pending) return pending;\r\n\r\n  if (!options?.publicKey) {\r\n    throw new Error('initSiaraShield: publicKey is required.');\r\n  }\r\n\r\n  pending = (async () => {\r\n    const cspNonce = prepareScriptNonce(document, options.cspNonce);\r\n\r\n    if ((options.loadJQuery ?? true) && !isJQueryAlreadyAvailable()) {\r\n      await loadScript(document, JQUERY_FALLBACK_SRC, { nonce: cspNonce });\r\n    }\r\n\r\n    await loadScript(document, CAPTCHA_SCRIPT_SRC, {\r\n      nonce: cspNonce,\r\n    });\r\n    await loadScript(document, VALIDATION_SCRIPT_SRC, {\r\n      nonce: cspNonce,\r\n    });\r\n\r\n    const g = getSiaraShieldGlobals();\r\n    preventDuplicateValidationBootstrap(g);\r\n    const initCaptchaFn = getInitCaptchaFn(g);\r\n    if (!initCaptchaFn) {\r\n      throw new Error(\r\n        'SiaraShield: InitCaptcha() is not available after loading scripts. Check whether CSP blocked vendor scripts or inline execution.',\r\n      );\r\n    }\r\n\r\n    if (!options.allowVendorConsoleLogs) {\r\n      suppressVendorConsoleWindow();\r\n    }\r\n    initCaptchaFn(options.publicKey);\r\n    await waitForCheckCaptchaApi();\r\n    initialized = true;\r\n  })();\r\n\r\n  try {\r\n    await pending;\r\n  } finally {\r\n    // keep `pending` cached for subsequent callers\r\n  }\r\n}\r\n\r\n/**\r\n * Calls global `CheckCaptcha()` and returns its boolean result.\r\n * If successful, returns `{ ok: true, token?: string }`.\r\n */\r\nexport function checkSiaraShieldCaptcha(options?: { allowVendorConsoleLogs?: boolean }): { ok: boolean; token?: string } {\r\n  const g = getSiaraShieldGlobals();\r\n  if (!g.CheckCaptcha) {\r\n    throw new Error('SiaraShield: CheckCaptcha() is not available. Did initSiaraShield() run, and is CSP allowing the captcha scripts?');\r\n  }\r\n\r\n  if (!options?.allowVendorConsoleLogs) {\r\n    suppressVendorConsoleWindow();\r\n  }\r\n  const ok = g.CheckCaptcha();\r\n  const token = typeof g.CyberSiaraToken === 'string' ? g.CyberSiaraToken : undefined;\r\n  return ok ? { ok: true, token } : { ok: false };\r\n}\r\n\r\n/**\r\n * Async-friendly captcha check to handle delayed token population.\r\n */\r\nexport async function checkSiaraShieldCaptchaAsync(options?: {\r\n  timeoutMs?: number;\r\n  pollIntervalMs?: number;\r\n}): Promise<{ ok: boolean; token?: string }> {\r\n  const timeoutMs = options?.timeoutMs ?? 1200;\r\n  const pollIntervalMs = options?.pollIntervalMs ?? 120;\r\n  const firstCheck = checkSiaraShieldCaptcha(); // one API call only\r\n  if (!firstCheck.ok) return firstCheck;\r\n  if (firstCheck.token) return firstCheck;\r\n\r\n  const startedAt = Date.now();\r\n  // Token can be assigned slightly after successful verification.\r\n  while (Date.now() - startedAt < timeoutMs) {\r\n    await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));\r\n    const token = getSiaraShieldGlobals().CyberSiaraToken;\r\n    if (typeof token === 'string' && token.length > 0) {\r\n      return { ok: true, token };\r\n    }\r\n  }\r\n\r\n  return { ok: true };\r\n}\r\n\r\n","export interface SiaraShieldCspOptions {\n  /** Server-generated nonce value without the `'nonce-'` prefix. */\n  nonce?: string;\n  /** Optional if the customer still loads jQuery from Google's CDN. */\n  includeGoogleApis?: boolean;\n  /** Include `script-src 'unsafe-inline'` (not recommended for production). */\n  includeUnsafeInlineScript?: boolean;\n  /** Include `style-src 'unsafe-inline'` (not recommended for production). */\n  includeUnsafeInlineStyle?: boolean;\n}\n\nexport type SiaraShieldCspDirectives = Record<string, string[]>;\n\nconst SELF = \"'self'\";\nconst DATA = 'data:';\nconst UNSAFE_INLINE = \"'unsafe-inline'\";\n\nconst SCRIPT_HOSTS = ['https://embedcdn.mycybersiara.com', 'https://embed.mycybersiara.com'] as const;\nconst OPTIONAL_SCRIPT_HOSTS = ['https://ajax.googleapis.com'] as const;\nconst CONNECT_HOSTS = ['https://embed.mycybersiara.com', 'https://embedcdn.mycybersiara.com'] as const;\nconst STYLE_HOSTS = [\n  'https://embed.mycybersiara.com',\n  'https://mycybersiara.com',\n  'https://fonts.googleapis.com',\n  'https://cdnjs.cloudflare.com',\n] as const;\nconst FONT_HOSTS = [\n  'https://fonts.gstatic.com',\n  'https://mycybersiara.com',\n  'https://cdnjs.cloudflare.com',\n] as const;\nconst IMG_HOSTS = [\n  'https://embed.mycybersiara.com',\n  'https://embedcdn.mycybersiara.com',\n  'https://mycybersiara.com',\n] as const;\n\nfunction unique(values: Array<string | undefined>): string[] {\n  return [...new Set(values.filter((value): value is string => Boolean(value && value.trim())))];\n}\n\nfunction nonceSource(nonce?: string): string | undefined {\n  return nonce ? `'nonce-${nonce}'` : undefined;\n}\n\nfunction serializeDirective(name: string, values: string[]): string {\n  return values.length > 0 ? `${name} ${values.join(' ')}` : name;\n}\n\nfunction parsePolicy(policy: string): Map<string, string[]> {\n  const directives = new Map<string, string[]>();\n\n  for (const rawDirective of policy.split(';')) {\n    const directive = rawDirective.trim();\n    if (!directive) {\n      continue;\n    }\n\n    const parts = directive.split(/\\s+/).filter(Boolean);\n    const [name, ...values] = parts;\n    if (!name) {\n      continue;\n    }\n\n    directives.set(name, values);\n  }\n\n  return directives;\n}\n\nexport function getSiaraShieldCspDirectives(options?: SiaraShieldCspOptions): SiaraShieldCspDirectives {\n  const includeGoogleApis = options?.includeGoogleApis ?? false;\n  // Default to strict/safe CSP. Customers can explicitly opt-in if they accept the risk.\n  const includeUnsafeInlineScript = options?.includeUnsafeInlineScript ?? false;\n  const includeUnsafeInlineStyle = options?.includeUnsafeInlineStyle ?? false;\n  const nonce = nonceSource(options?.nonce);\n  const scriptHosts = includeGoogleApis ? [...SCRIPT_HOSTS, ...OPTIONAL_SCRIPT_HOSTS] : [...SCRIPT_HOSTS];\n\n  return {\n    'default-src': unique([SELF]),\n    'script-src': unique([SELF, nonce, ...scriptHosts, includeUnsafeInlineScript ? UNSAFE_INLINE : undefined]),\n    'script-src-elem': unique([SELF, nonce, ...scriptHosts]),\n    'connect-src': unique([SELF, ...CONNECT_HOSTS]),\n    'img-src': unique([SELF, DATA, ...IMG_HOSTS]),\n    'style-src': unique([SELF, includeUnsafeInlineStyle ? UNSAFE_INLINE : undefined, ...STYLE_HOSTS]),\n    'font-src': unique([SELF, ...FONT_HOSTS, DATA]),\n  };\n}\n\nexport function getSiaraShieldCspPolicy(options?: SiaraShieldCspOptions): string {\n  return Object.entries(getSiaraShieldCspDirectives(options))\n    .map(([name, values]) => serializeDirective(name, values))\n    .join('; ');\n}\n\nexport function mergeSiaraShieldCspPolicy(existingPolicy: string, options?: SiaraShieldCspOptions): string {\n  const directives = parsePolicy(existingPolicy);\n  const recommended = getSiaraShieldCspDirectives(options);\n\n  for (const [name, values] of Object.entries(recommended)) {\n    directives.set(name, unique([...(directives.get(name) ?? []), ...values]));\n  }\n\n  return [...directives.entries()]\n    .map(([name, values]) => serializeDirective(name, values))\n    .join('; ');\n}\n","/*\n * Public API Surface of siarashield-workspace\n */\n\nexport * from './lib/siarashield-workspace';\nexport * from './lib/siara-shield.component';\nexport * from './lib/siara-shield-loader.service';\nexport * from './lib/siara-shield.globals';\nexport * from './lib/siara-shield';\nexport * from './lib/siara-shield-csp';\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './public-api';\n"],"names":["JQUERY_FALLBACK_SRC","CAPTCHA_SCRIPT_SRC","VALIDATION_SCRIPT_SRC","CAPTCHA_READY_TIMEOUT_MS","i1.SiaraShieldLoaderService"],"mappings":";;;;SAagB,qBAAqB,GAAA;AACnC,IAAA,OAAQ,UAAwE;AAClF;AAEM,SAAU,gBAAgB,CAAC,CAAqB,EAAA;AACpD,IAAA,OAAO,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW;AACvC;;ACXA,MAAM,uBAAuB,GAAG,kCAAkC;AAClE,MAAM,0BAA0B,GAAG,IAAI;AAEvC,SAAS,oBAAoB,GAAA;IAC3B,MAAM,WAAW,GAAG,UAEnB;AAED,IAAA,IAAI,CAAC,WAAW,CAAC,uBAAuB,CAAC,EAAE;QACzC,WAAW,CAAC,uBAAuB,CAAC,GAAG;AACrC,YAAA,KAAK,EAAE,CAAC;YACR,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC;YACtC,YAAY,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;YACxC,YAAY,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;YACxC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC;SAC3C;IACH;AAEA,IAAA,OAAO,WAAW,CAAC,uBAAuB,CAAC;AAC7C;AAEA,SAAS,WAAW,GAAA;AAClB,IAAA,MAAM,UAAU,GAAG,oBAAoB,EAAE;AACzC,IAAA,UAAU,CAAC,KAAK,IAAI,CAAC;AACrB,IAAA,IAAI,UAAU,CAAC,KAAK,GAAG,CAAC;QAAE;AAE1B,IAAA,OAAO,CAAC,GAAG,GAAG,MAAM,SAAS;AAC7B,IAAA,OAAO,CAAC,IAAI,GAAG,MAAM,SAAS;AAC9B,IAAA,OAAO,CAAC,IAAI,GAAG,MAAM,SAAS;AAC9B,IAAA,OAAO,CAAC,KAAK,GAAG,MAAM,SAAS;AACjC;AAEA,SAAS,aAAa,GAAA;AACpB,IAAA,MAAM,UAAU,GAAG,oBAAoB,EAAE;AACzC,IAAA,IAAI,UAAU,CAAC,KAAK,KAAK,CAAC;QAAE;AAC5B,IAAA,UAAU,CAAC,KAAK,IAAI,CAAC;AACrB,IAAA,IAAI,UAAU,CAAC,KAAK,GAAG,CAAC;QAAE;AAE1B,IAAA,OAAO,CAAC,GAAG,GAAG,UAAU,CAAC,WAAW;AACpC,IAAA,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC,YAAY;AACtC,IAAA,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC,YAAY;AACtC,IAAA,OAAO,CAAC,KAAK,GAAG,UAAU,CAAC,aAAa;AAC1C;AAEM,SAAU,2BAA2B,CAAC,QAAQ,GAAG,0BAA0B,EAAA;AAC/E,IAAA,WAAW,EAAE;IACb,UAAU,CAAC,MAAK;AACd,QAAA,aAAa,EAAE;IACjB,CAAC,EAAE,QAAQ,CAAC;AACd;;AC7CA,MAAM,yBAAyB,GAAG,IAAI,OAAO,EAAuC;AACpF,MAAM,0BAA0B,GAAG,IAAI,OAAO,EAAwC;AACtF,MAAM,8BAA8B,GAAG,wCAAwC;AAE/E,SAAS,cAAc,CAAC,WAAqB,EAAA;IAC3C,IAAI,WAAW,GAAG,yBAAyB,CAAC,GAAG,CAAC,WAAW,CAAC;IAC5D,IAAI,CAAC,WAAW,EAAE;AAChB,QAAA,WAAW,GAAG,IAAI,GAAG,EAAwB;AAC7C,QAAA,yBAAyB,CAAC,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC;IACzD;AAEA,IAAA,OAAO,WAAW;AACpB;AAEA,SAAS,eAAe,CAAC,WAAqB,EAAA;IAC5C,IAAI,YAAY,GAAG,0BAA0B,CAAC,GAAG,CAAC,WAAW,CAAC;IAC9D,IAAI,CAAC,YAAY,EAAE;AACjB,QAAA,YAAY,GAAG,IAAI,GAAG,EAAyB;AAC/C,QAAA,0BAA0B,CAAC,GAAG,CAAC,WAAW,EAAE,YAAY,CAAC;IAC3D;AAEA,IAAA,OAAO,YAAY;AACrB;AAEA,SAAS,+BAA+B,GAAA;IACtC,MAAM,WAAW,GAAG,UAEnB;AAED,IAAA,IAAI,CAAC,WAAW,CAAC,8BAA8B,CAAC,EAAE;QAChD,WAAW,CAAC,8BAA8B,CAAC,GAAG;YAC5C,eAAe,EAAE,IAAI,OAAO,EAAoB;YAChD,kBAAkB,EAAE,IAAI,OAAO,EAA8B;AAC7D,YAAA,OAAO,EAAE,KAAK;SACf;IACH;AAEA,IAAA,OAAO,WAAW,CAAC,8BAA8B,CAAC;AACpD;AAEA,SAAS,cAAc,CAAC,KAAqB,EAAA;AAC3C,IAAA,MAAM,OAAO,GAAG,KAAK,EAAE,IAAI,EAAE;IAC7B,OAAO,OAAO,GAAG,OAAO,GAAG,SAAS;AACtC;AAEA,SAAS,eAAe,CAAC,IAAU,EAAA;AACjC,IAAA,OAAO,IAAI,YAAY,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,QAAQ;AAC3E;AAEM,SAAU,gBAAgB,CAAC,MAAyB,EAAE,KAAc,EAAA;AACxE,IAAA,MAAM,aAAa,GAAG,cAAc,CAAC,KAAK,CAAC;IAC3C,IAAI,CAAC,aAAa,EAAE;QAClB;IACF;AAEA,IAAA,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,aAAa,CAAC;AAC3C,IAAA,MAAM,CAAC,KAAK,GAAG,aAAa;AAC9B;AAEA,SAAS,iBAAiB,CAAC,IAAU,EAAA;AACnC,IAAA,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE;QAC1B;IACF;AAEA,IAAA,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa;IACtC,IAAI,CAAC,WAAW,EAAE;QAChB;IACF;IAEA,MAAM,KAAK,GAAG,+BAA+B,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,WAAW,CAAC;AAChF,IAAA,gBAAgB,CAAC,IAAI,EAAE,KAAK,CAAC;AAC/B;AAEA,SAAS,iBAAiB,CAAC,IAAU,EAAE,KAAc,EAAA;AACnD,IAAA,IAAI,CAAC,KAAK;QAAE;;AAGZ,IAAA,IAAI,eAAe,CAAC,IAAI,CAAC,EAAE;AACzB,QAAA,gBAAgB,CAAC,IAAI,EAAE,KAAK,CAAC;QAC7B;IACF;;IAGA,IAAI,IAAI,YAAY,OAAO,IAAI,IAAI,YAAY,gBAAgB,EAAE;QAC/D,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,GAAG,QAAQ,CAAC,IAAI,EAAE;AACvD,QAAA,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;AAC5B,YAAA,gBAAgB,CAAC,MAA2B,EAAE,KAAK,CAAC;QACtD;IACF;AACF;AAEA,SAAS,2BAA2B,CAAC,WAAqB,EAAA;AACxD,IAAA,MAAM,UAAU,GAAG,+BAA+B,EAAE;IACpD,IAAI,UAAU,CAAC,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;QAClD;IACF;IAEA,MAAM,QAAQ,GAAG,IAAI,gBAAgB,CAAC,CAAC,OAAO,KAAI;QAChD,MAAM,KAAK,GAAG,UAAU,CAAC,eAAe,CAAC,GAAG,CAAC,WAAW,CAAC;AACzD,QAAA,IAAI,CAAC,KAAK;YAAE;AAEZ,QAAA,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;AAC5B,YAAA,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,UAAU,EAAE;AACpC,gBAAA,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC;YAChC;QACF;AACF,IAAA,CAAC,CAAC;;AAGF,IAAA,MAAM,IAAI,GAAG,WAAW,CAAC,eAAe,IAAI,WAAW;AACvD,IAAA,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC1D,UAAU,CAAC,kBAAkB,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC;AAC1D;AAEA,SAAS,6BAA6B,CAAC,WAAqB,EAAA;AAC1D,IAAA,MAAM,UAAU,GAAG,+BAA+B,EAAE;IACpD,MAAM,QAAQ,GAAG,UAAU,CAAC,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC;AAC/D,IAAA,IAAI,CAAC,QAAQ;QAAE;IACf,QAAQ,CAAC,UAAU,EAAE;AACrB,IAAA,UAAU,CAAC,kBAAkB,CAAC,MAAM,CAAC,WAAW,CAAC;AACnD;AAEA,SAAS,2BAA2B,GAAA;AAClC,IAAA,MAAM,UAAU,GAAG,+BAA+B,EAAE;AACpD,IAAA,IAAI,UAAU,CAAC,OAAO,EAAE;QACtB;IACF;AAEA,IAAA,MAAM,mBAAmB,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW;AACtD,IAAA,MAAM,oBAAoB,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY;AACxD,IAAA,MAAM,oBAAoB,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY;AAExD,IAAA,IAAI,CAAC,SAAS,CAAC,WAAW,GAAG,UAA0B,IAAO,EAAA;QAC5D,iBAAiB,CAAC,IAAI,CAAC;QACvB,OAAO,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAM;AAClD,IAAA,CAAC;IAED,IAAI,CAAC,SAAS,CAAC,YAAY,GAAG,UAA0B,IAAO,EAAE,KAAkB,EAAA;QACjF,iBAAiB,CAAC,IAAI,CAAC;QACvB,OAAO,oBAAoB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAM;AAC1D,IAAA,CAAC;IAED,IAAI,CAAC,SAAS,CAAC,YAAY,GAAG,UAA0B,IAAU,EAAE,KAAQ,EAAA;QAC1E,iBAAiB,CAAC,IAAI,CAAC;QACvB,OAAO,oBAAoB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAM;AAC1D,IAAA,CAAC;AAED,IAAA,UAAU,CAAC,OAAO,GAAG,IAAI;AAC3B;AAEM,SAAU,eAAe,CAAC,WAAqB,EAAE,aAAsB,EAAA;AAC3E,IAAA,MAAM,qBAAqB,GAAG,cAAc,CAAC,aAAa,CAAC;IAC3D,IAAI,qBAAqB,EAAE;AACzB,QAAA,OAAO,qBAAqB;IAC9B;IAEA,MAAM,eAAe,GAAG,WAAW,CAAC,aAAa,CAAoB,eAAe,CAAC;AACrF,IAAA,MAAM,eAAe,GAAG,cAAc,CAAC,eAAe,EAAE,YAAY,CAAC,OAAO,CAAC,IAAI,eAAe,EAAE,KAAK,CAAC;IACxG,IAAI,eAAe,EAAE;AACnB,QAAA,OAAO,eAAe;IACxB;IAEA,MAAM,SAAS,GAAG,WAAW,CAAC,aAAa,CAAkB,wBAAwB,CAAC;AACtF,IAAA,OAAO,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC;AAC3C;AAEM,SAAU,kBAAkB,CAAC,WAAqB,EAAE,aAAsB,EAAA;IAC9E,MAAM,aAAa,GAAG,eAAe,CAAC,WAAW,EAAE,aAAa,CAAC;AACjE,IAAA,MAAM,UAAU,GAAG,+BAA+B,EAAE;AAEpD,IAAA,2BAA2B,EAAE;IAE7B,IAAI,aAAa,EAAE;QACjB,UAAU,CAAC,eAAe,CAAC,GAAG,CAAC,WAAW,EAAE,aAAa,CAAC;QAC1D,2BAA2B,CAAC,WAAW,CAAC;IAC1C;SAAO;AACL,QAAA,UAAU,CAAC,eAAe,CAAC,MAAM,CAAC,WAAW,CAAC;QAC9C,6BAA6B,CAAC,WAAW,CAAC;IAC5C;AAEA,IAAA,OAAO,aAAa;AACtB;SAEgB,UAAU,CAAC,WAAqB,EAAE,GAAW,EAAE,OAA2B,EAAA;IACxF,MAAM,KAAK,GAAG,kBAAkB,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC;AAC7D,IAAA,MAAM,WAAW,GAAG,cAAc,CAAC,WAAW,CAAC;AAC/C,IAAA,MAAM,YAAY,GAAG,eAAe,CAAC,WAAW,CAAC;IACjD,MAAM,QAAQ,GAAG,WAAW,CAAC,aAAa,CAAoB,CAAA,YAAA,EAAe,GAAG,CAAA,EAAA,CAAI,CAAC;IAErF,IAAI,QAAQ,EAAE;AACZ,QAAA,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC;QACjC,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC;AACnC,QAAA,IAAI,MAAM,KAAK,QAAQ,EAAE;AACvB,YAAA,OAAO,OAAO,CAAC,OAAO,EAAE;QAC1B;QAEA,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;QACrC,IAAI,OAAO,EAAE;AACX,YAAA,OAAO,OAAO;QAChB;AAEA,QAAA,OAAO,OAAO,CAAC,OAAO,EAAE;IAC1B;AAEA,IAAA,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC;IAE/B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,KAAI;QACpD,MAAM,MAAM,GAAG,WAAW,CAAC,aAAa,CAAC,QAAQ,CAAC;AAClD,QAAA,MAAM,CAAC,GAAG,GAAG,GAAG;AAChB,QAAA,MAAM,CAAC,KAAK,GAAG,IAAI;AACnB,QAAA,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC;AAC/B,QAAA,MAAM,CAAC,MAAM,GAAG,MAAK;AACnB,YAAA,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC;AAC9B,YAAA,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC;AACxB,YAAA,OAAO,EAAE;AACX,QAAA,CAAC;AACD,QAAA,MAAM,CAAC,OAAO,GAAG,MAAK;AACpB,YAAA,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC;AAC7B,YAAA,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC;YACxB,MAAM,CAAC,IAAI,KAAK,CAAC,0BAA0B,GAAG,CAAA,8CAAA,CAAgD,CAAC,CAAC;AAClG,QAAA,CAAC;AACD,QAAA,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;AACtC,IAAA,CAAC,CAAC;AAEF,IAAA,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC;AAC9B,IAAA,OAAO,OAAO;AAChB;;MCxOa,wBAAwB,CAAA;AACY,IAAA,QAAA;AAA/C,IAAA,WAAA,CAA+C,QAAkB,EAAA;QAAlB,IAAA,CAAA,QAAQ,GAAR,QAAQ;IAAa;IAEpE,UAAU,CAAC,GAAW,EAAE,OAA2B,EAAA;QACjD,OAAO,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,OAAO,CAAC;IAChD;AALW,IAAA,OAAA,IAAA,GAAA,EAAA,CAAA,kBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,QAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,wBAAwB,kBACf,QAAQ,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA;AADjB,IAAA,OAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,QAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,wBAAwB,cADX,MAAM,EAAA,CAAA;;2FACnB,wBAAwB,EAAA,UAAA,EAAA,CAAA;kBADpC,UAAU;mBAAC,EAAE,UAAU,EAAE,MAAM,EAAE;;0BAEnB,MAAM;2BAAC,QAAQ;;;ACD9B,MAAMA,qBAAmB,GAAG,kEAAkE;AAC9F,MAAMC,oBAAkB,GAAG,sEAAsE;AACjG,MAAMC,uBAAqB,GAAG,yEAAyE;AACvG,MAAMC,0BAAwB,GAAG,IAAI;MAmBxB,oBAAoB,CAAA;AAcZ,IAAA,IAAA;AACA,IAAA,MAAA;AAdQ,IAAA,SAAS;IAC3B,UAAU,GAAG,IAAI;AACjB,IAAA,QAAQ;IACR,sBAAsB,GAAG,KAAK;AAEvC;;AAEG;AACO,IAAA,KAAK,GAAG,IAAI,YAAY,EAAU;IAEpC,WAAW,GAAG,KAAK;IAE3B,WAAA,CACmB,IAA6B,EAC7B,MAAgC,EAAA;QADhC,IAAA,CAAA,IAAI,GAAJ,IAAI;QACJ,IAAA,CAAA,MAAM,GAAN,MAAM;IACtB;AAEH,IAAA,MAAM,eAAe,GAAA;QACnB,MAAM,IAAI,CAAC,IAAI,CAAC;YACd,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,sBAAsB,EAAE,IAAI,CAAC,sBAAsB;AACpD,SAAA,CAAC;IACJ;IAEA,MAAM,IAAI,CAAC,OAA+B,EAAA;QACxC,IAAI,IAAI,CAAC,WAAW;YAAE;;AAGtB,QAAA,KAAK,IAAI,CAAC,IAAI,CAAC,aAAa;AAE5B,QAAA,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;AACtB,YAAA,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC;QACjE;AACA,QAAA,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE,OAAO,CAAC,QAAQ,CAAC;AAE5F,QAAA,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE;AACpE,YAAA,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAACH,qBAAmB,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;QACxE;AAEA,QAAA,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAACC,oBAAkB,EAAE;AAC/C,YAAA,KAAK,EAAE,QAAQ;AAChB,SAAA,CAAC;AACF,QAAA,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAACC,uBAAqB,EAAE;AAClD,YAAA,KAAK,EAAE,QAAQ;AAChB,SAAA,CAAC;AAEF,QAAA,MAAM,CAAC,GAAG,qBAAqB,EAAE;AACjC,QAAA,IAAI,CAAC,mCAAmC,CAAC,CAAC,CAAC;AAC3C,QAAA,MAAM,aAAa,GAAG,gBAAgB,CAAC,CAAC,CAAC;QACzC,IAAI,CAAC,aAAa,EAAE;AAClB,YAAA,MAAM,IAAI,KAAK,CACb,kIAAkI,CACnI;QACH;AAEA,QAAA,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE;AACnC,YAAA,2BAA2B,EAAE;QAC/B;AACA,QAAA,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC;AAChC,QAAA,MAAM,IAAI,CAAC,sBAAsB,EAAE;AACnC,QAAA,IAAI,CAAC,WAAW,GAAG,IAAI;IACzB;AAEA;;AAEG;IACK,wBAAwB,GAAA;AAC9B,QAAA,MAAM,CAAC,GAAG,qBAAqB,EAAE;AACjC,QAAA,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,UAAU,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE;AAC/D,YAAA,OAAO,IAAI;QACb;AAEA,QAAA,MAAM,oBAAoB,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,aAAa,CAC9E,uBAAuB,CACxB;AACD,QAAA,OAAO,OAAO,CAAC,oBAAoB,CAAC;IACtC;AAEQ,IAAA,mCAAmC,CAAC,CAA2C,EAAA;AACrF,QAAA,MAAM,wBAAwB,GAAG,CAAC,CAAC,kBAAkB;AACrD,QAAA,IAAI,OAAO,wBAAwB,KAAK,UAAU,EAAE;YAClD;QACF;AAEA,QAAA,CAAC,CAAC,kBAAkB,GAAG,MAAK;AAC1B,YAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,aAAa,CAClE,CAAA,YAAA,EAAeA,uBAAqB,CAAA,EAAA,CAAI,CACzC;YACD,IAAI,QAAQ,EAAE;gBACZ;YACF;AAEA,YAAA,wBAAwB,EAAE;AAC5B,QAAA,CAAC;IACH;AAEQ,IAAA,MAAM,sBAAsB,CAAC,SAAS,GAAGC,0BAAwB,EAAA;AACvE,QAAA,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;QAC5B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE;AACzC,YAAA,IAAI,qBAAqB,EAAE,CAAC,YAAY,EAAE;gBACxC;YACF;AACA,YAAA,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC1D;AACA,QAAA,MAAM,IAAI,KAAK,CAAC,oHAAoH,CAAC;IACvI;AAEA;;;AAGG;IACH,YAAY,GAAA;AACV,QAAA,MAAM,CAAC,GAAG,qBAAqB,EAAE;AACjC,QAAA,IAAI,CAAC,CAAC,CAAC,YAAY,EAAE;AACnB,YAAA,MAAM,IAAI,KAAK,CAAC,wGAAwG,CAAC;QAC3H;AAEA,QAAA,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE;AAChC,YAAA,2BAA2B,EAAE;QAC/B;AACA,QAAA,MAAM,EAAE,GAAG,CAAC,CAAC,YAAY,EAAE;QAC3B,IAAI,EAAE,IAAI,OAAO,CAAC,CAAC,eAAe,KAAK,QAAQ,EAAE;YAC/C,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC;QACpC;AACA,QAAA,OAAO,EAAE;IACX;AAEA;;;AAGG;IACH,MAAM,iBAAiB,CAAC,OAAyD,EAAA;AAC/E,QAAA,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,IAAI;AAC5C,QAAA,MAAM,cAAc,GAAG,OAAO,EAAE,cAAc,IAAI,GAAG;AACrD,QAAA,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;AAE5B,QAAA,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE;AACvB,YAAA,OAAO,IAAI;QACb;QAEA,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE;AACzC,YAAA,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;AACnE,YAAA,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE;AACvB,gBAAA,OAAO,IAAI;YACb;QACF;AAEA,QAAA,OAAO,KAAK;IACd;uGAvJW,oBAAoB,EAAA,IAAA,EAAA,CAAA,EAAA,KAAA,EAAA,EAAA,CAAA,UAAA,EAAA,EAAA,EAAA,KAAA,EAAAC,wBAAA,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,SAAA,EAAA,CAAA;AAApB,IAAA,OAAA,IAAA,GAAA,EAAA,CAAA,oBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,QAAA,EAAA,IAAA,EAAA,oBAAoB,2OAHrB,CAAA,+BAAA,CAAiC,EAAA,QAAA,EAAA,IAAA,EAAA,aAAA,EAAA,EAAA,CAAA,iBAAA,CAAA,IAAA,EAAA,CAAA;;2FAGhC,oBAAoB,EAAA,UAAA,EAAA,CAAA;kBANhC,SAAS;AAAC,YAAA,IAAA,EAAA,CAAA;AACT,oBAAA,QAAQ,EAAE,cAAc;AACxB,oBAAA,UAAU,EAAE,IAAI;AAChB,oBAAA,QAAQ,EAAE,CAAA,+BAAA,CAAiC;oBAC3C,aAAa,EAAE,iBAAiB,CAAC,IAAI;AACtC,iBAAA;;sBAEE,KAAK;uBAAC,EAAE,QAAQ,EAAE,IAAI,EAAE;;sBACxB;;sBACA;;sBACA;;sBAKA;;;ACjCH,MAAM,mBAAmB,GAAG,kEAAkE;AAC9F,MAAM,kBAAkB,GAAG,sEAAsE;AACjG,MAAM,qBAAqB,GAAG,yEAAyE;AACvG,MAAM,wBAAwB,GAAG,IAAI;AAiBrC,IAAI,OAAO,GAAyB,IAAI;AACxC,IAAI,WAAW,GAAG,KAAK;AAEvB,SAAS,wBAAwB,GAAA;AAC/B,IAAA,MAAM,CAAC,GAAG,qBAAqB,EAAE;AACjC,IAAA,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,UAAU,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE;AAC/D,QAAA,OAAO,IAAI;IACb;IAEA,MAAM,oBAAoB,GAAG,QAAQ,CAAC,aAAa,CAAoB,uBAAuB,CAAC;AAC/F,IAAA,OAAO,OAAO,CAAC,oBAAoB,CAAC;AACtC;AAEA,SAAS,mCAAmC,CAAC,CAA2C,EAAA;AACtF,IAAA,MAAM,wBAAwB,GAAG,CAAC,CAAC,kBAAkB;AACrD,IAAA,IAAI,OAAO,wBAAwB,KAAK,UAAU,EAAE;QAClD;IACF;AAEA,IAAA,CAAC,CAAC,kBAAkB,GAAG,MAAK;QAC1B,MAAM,QAAQ,GAAG,QAAQ,CAAC,aAAa,CAAoB,CAAA,YAAA,EAAe,qBAAqB,CAAA,EAAA,CAAI,CAAC;QACpG,IAAI,QAAQ,EAAE;YACZ;QACF;AAEA,QAAA,wBAAwB,EAAE;AAC5B,IAAA,CAAC;AACH;AAEA,eAAe,sBAAsB,CAAC,SAAS,GAAG,wBAAwB,EAAA;AACxE,IAAA,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;IAC5B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE;AACzC,QAAA,IAAI,qBAAqB,EAAE,CAAC,YAAY,EAAE;YACxC;QACF;AACA,QAAA,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAC1D;AACA,IAAA,MAAM,IAAI,KAAK,CAAC,oHAAoH,CAAC;AACvI;AAEA;;;;;;;AAOG;AACI,eAAe,eAAe,CAAC,OAA+B,EAAA;AACnE,IAAA,IAAI,WAAW;QAAE;AACjB,IAAA,IAAI,OAAO;AAAE,QAAA,OAAO,OAAO;AAE3B,IAAA,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE;AACvB,QAAA,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC;IAC5D;AAEA,IAAA,OAAO,GAAG,CAAC,YAAW;QACpB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC;AAE/D,QAAA,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,IAAI,KAAK,CAAC,wBAAwB,EAAE,EAAE;AAC/D,YAAA,MAAM,UAAU,CAAC,QAAQ,EAAE,mBAAmB,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;QACtE;AAEA,QAAA,MAAM,UAAU,CAAC,QAAQ,EAAE,kBAAkB,EAAE;AAC7C,YAAA,KAAK,EAAE,QAAQ;AAChB,SAAA,CAAC;AACF,QAAA,MAAM,UAAU,CAAC,QAAQ,EAAE,qBAAqB,EAAE;AAChD,YAAA,KAAK,EAAE,QAAQ;AAChB,SAAA,CAAC;AAEF,QAAA,MAAM,CAAC,GAAG,qBAAqB,EAAE;QACjC,mCAAmC,CAAC,CAAC,CAAC;AACtC,QAAA,MAAM,aAAa,GAAG,gBAAgB,CAAC,CAAC,CAAC;QACzC,IAAI,CAAC,aAAa,EAAE;AAClB,YAAA,MAAM,IAAI,KAAK,CACb,kIAAkI,CACnI;QACH;AAEA,QAAA,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE;AACnC,YAAA,2BAA2B,EAAE;QAC/B;AACA,QAAA,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC;QAChC,MAAM,sBAAsB,EAAE;QAC9B,WAAW,GAAG,IAAI;IACpB,CAAC,GAAG;AAEJ,IAAA,IAAI;AACF,QAAA,MAAM,OAAO;IACf;YAAU;;IAEV;AACF;AAEA;;;AAGG;AACG,SAAU,uBAAuB,CAAC,OAA8C,EAAA;AACpF,IAAA,MAAM,CAAC,GAAG,qBAAqB,EAAE;AACjC,IAAA,IAAI,CAAC,CAAC,CAAC,YAAY,EAAE;AACnB,QAAA,MAAM,IAAI,KAAK,CAAC,mHAAmH,CAAC;IACtI;AAEA,IAAA,IAAI,CAAC,OAAO,EAAE,sBAAsB,EAAE;AACpC,QAAA,2BAA2B,EAAE;IAC/B;AACA,IAAA,MAAM,EAAE,GAAG,CAAC,CAAC,YAAY,EAAE;AAC3B,IAAA,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,eAAe,KAAK,QAAQ,GAAG,CAAC,CAAC,eAAe,GAAG,SAAS;AACnF,IAAA,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE;AACjD;AAEA;;AAEG;AACI,eAAe,4BAA4B,CAAC,OAGlD,EAAA;AACC,IAAA,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,IAAI;AAC5C,IAAA,MAAM,cAAc,GAAG,OAAO,EAAE,cAAc,IAAI,GAAG;AACrD,IAAA,MAAM,UAAU,GAAG,uBAAuB,EAAE,CAAC;IAC7C,IAAI,CAAC,UAAU,CAAC,EAAE;AAAE,QAAA,OAAO,UAAU;IACrC,IAAI,UAAU,CAAC,KAAK;AAAE,QAAA,OAAO,UAAU;AAEvC,IAAA,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;;IAE5B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,SAAS,EAAE;AACzC,QAAA,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;AACnE,QAAA,MAAM,KAAK,GAAG,qBAAqB,EAAE,CAAC,eAAe;QACrD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;AACjD,YAAA,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;QAC5B;IACF;AAEA,IAAA,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE;AACrB;;ACnJA,MAAM,IAAI,GAAG,QAAQ;AACrB,MAAM,IAAI,GAAG,OAAO;AACpB,MAAM,aAAa,GAAG,iBAAiB;AAEvC,MAAM,YAAY,GAAG,CAAC,mCAAmC,EAAE,gCAAgC,CAAU;AACrG,MAAM,qBAAqB,GAAG,CAAC,6BAA6B,CAAU;AACtE,MAAM,aAAa,GAAG,CAAC,gCAAgC,EAAE,mCAAmC,CAAU;AACtG,MAAM,WAAW,GAAG;IAClB,gCAAgC;IAChC,0BAA0B;IAC1B,8BAA8B;IAC9B,8BAA8B;CACtB;AACV,MAAM,UAAU,GAAG;IACjB,2BAA2B;IAC3B,0BAA0B;IAC1B,8BAA8B;CACtB;AACV,MAAM,SAAS,GAAG;IAChB,gCAAgC;IAChC,mCAAmC;IACnC,0BAA0B;CAClB;AAEV,SAAS,MAAM,CAAC,MAAiC,EAAA;IAC/C,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,KAAsB,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAChG;AAEA,SAAS,WAAW,CAAC,KAAc,EAAA;IACjC,OAAO,KAAK,GAAG,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA,CAAG,GAAG,SAAS;AAC/C;AAEA,SAAS,kBAAkB,CAAC,IAAY,EAAE,MAAgB,EAAA;IACxD,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,GAAG,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI;AACjE;AAEA,SAAS,WAAW,CAAC,MAAc,EAAA;AACjC,IAAA,MAAM,UAAU,GAAG,IAAI,GAAG,EAAoB;IAE9C,KAAK,MAAM,YAAY,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;AAC5C,QAAA,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,EAAE;QACrC,IAAI,CAAC,SAAS,EAAE;YACd;QACF;AAEA,QAAA,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;QACpD,MAAM,CAAC,IAAI,EAAE,GAAG,MAAM,CAAC,GAAG,KAAK;QAC/B,IAAI,CAAC,IAAI,EAAE;YACT;QACF;AAEA,QAAA,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC;IAC9B;AAEA,IAAA,OAAO,UAAU;AACnB;AAEM,SAAU,2BAA2B,CAAC,OAA+B,EAAA;AACzE,IAAA,MAAM,iBAAiB,GAAG,OAAO,EAAE,iBAAiB,IAAI,KAAK;;AAE7D,IAAA,MAAM,yBAAyB,GAAG,OAAO,EAAE,yBAAyB,IAAI,KAAK;AAC7E,IAAA,MAAM,wBAAwB,GAAG,OAAO,EAAE,wBAAwB,IAAI,KAAK;IAC3E,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC;IACzC,MAAM,WAAW,GAAG,iBAAiB,GAAG,CAAC,GAAG,YAAY,EAAE,GAAG,qBAAqB,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;IAEvG,OAAO;AACL,QAAA,aAAa,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC;QAC7B,YAAY,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,WAAW,EAAE,yBAAyB,GAAG,aAAa,GAAG,SAAS,CAAC,CAAC;QAC1G,iBAAiB,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,WAAW,CAAC,CAAC;QACxD,aAAa,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,GAAG,aAAa,CAAC,CAAC;QAC/C,SAAS,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC,CAAC;AAC7C,QAAA,WAAW,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,wBAAwB,GAAG,aAAa,GAAG,SAAS,EAAE,GAAG,WAAW,CAAC,CAAC;QACjG,UAAU,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,GAAG,UAAU,EAAE,IAAI,CAAC,CAAC;KAChD;AACH;AAEM,SAAU,uBAAuB,CAAC,OAA+B,EAAA;IACrE,OAAO,MAAM,CAAC,OAAO,CAAC,2BAA2B,CAAC,OAAO,CAAC;AACvD,SAAA,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC;SACxD,IAAI,CAAC,IAAI,CAAC;AACf;AAEM,SAAU,yBAAyB,CAAC,cAAsB,EAAE,OAA+B,EAAA;AAC/F,IAAA,MAAM,UAAU,GAAG,WAAW,CAAC,cAAc,CAAC;AAC9C,IAAA,MAAM,WAAW,GAAG,2BAA2B,CAAC,OAAO,CAAC;AAExD,IAAA,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE;QACxD,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;IAC5E;AAEA,IAAA,OAAO,CAAC,GAAG,UAAU,CAAC,OAAO,EAAE;AAC5B,SAAA,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC;SACxD,IAAI,CAAC,IAAI,CAAC;AACf;;AC1GA;;AAEG;;ACFH;;AAEG;;;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "siarashield_workspace",
-  "version": "0.0.24",
+  "version": "0.0.26",
   "description": "Angular wrapper for CyberSiara SiaraShield captcha embed.",
   "keywords": [
     "cybersiara",

package/types/siarashield_workspace.d.ts

@@ -20,6 +20,8 @@ interface SiaraShieldInitOptions {
     loadJQuery?: boolean;
     /** CSP nonce for strict policies (`script-src 'nonce-...'`). Pair with `getSiaraShieldCspPolicy()`. */
     cspNonce?: string;
+    /** Set true only when actively debugging vendor/runtime internals in browser console. */
+    allowVendorConsoleLogs?: boolean;
 }
 declare class SiaraShieldComponent implements AfterViewInit {
     private readonly host;
@@ -27,6 +29,7 @@ declare class SiaraShieldComponent implements AfterViewInit {
     publicKey: string;
     loadJQuery: boolean;
     cspNonce?: string;
+    allowVendorConsoleLogs: boolean;
     /**
      * Emits the current `CyberSiaraToken` right after a successful `checkCaptcha()`.
      */
@@ -55,7 +58,7 @@ declare class SiaraShieldComponent implements AfterViewInit {
         pollIntervalMs?: number;
     }): Promise<boolean>;
     static ɵfac: i0.ɵɵFactoryDeclaration<SiaraShieldComponent, never>;
-    static ɵcmp: i0.ɵɵComponentDeclaration<SiaraShieldComponent, "siara-shield", never, { "publicKey": { "alias": "publicKey"; "required": true; }; "loadJQuery": { "alias": "loadJQuery"; "required": false; }; "cspNonce": { "alias": "cspNonce"; "required": false; }; }, { "token": "token"; }, never, never, true, never>;
+    static ɵcmp: i0.ɵɵComponentDeclaration<SiaraShieldComponent, "siara-shield", never, { "publicKey": { "alias": "publicKey"; "required": true; }; "loadJQuery": { "alias": "loadJQuery"; "required": false; }; "cspNonce": { "alias": "cspNonce"; "required": false; }; "allowVendorConsoleLogs": { "alias": "allowVendorConsoleLogs"; "required": false; }; }, { "token": "token"; }, never, never, true, never>;
 }
 
 type InitCaptchaFn = (publicKey: string) => void;
@@ -83,6 +86,8 @@ interface InitSiaraShieldOptions {
     loadJQuery?: boolean;
     /** CSP nonce for strict policies (`script-src 'nonce-...'`). Pair with `getSiaraShieldCspPolicy()`. */
     cspNonce?: string;
+    /** Set true only when actively debugging vendor/runtime internals in browser console. */
+    allowVendorConsoleLogs?: boolean;
 }
 /**
  * Drop-in initializer for SiaraShield.
@@ -97,7 +102,9 @@ declare function initSiaraShield(options: InitSiaraShieldOptions): Promise<void>
  * Calls global `CheckCaptcha()` and returns its boolean result.
  * If successful, returns `{ ok: true, token?: string }`.
  */
-declare function checkSiaraShieldCaptcha(): {
+declare function checkSiaraShieldCaptcha(options?: {
+    allowVendorConsoleLogs?: boolean;
+}): {
     ok: boolean;
     token?: string;
 };
@@ -117,9 +124,9 @@ interface SiaraShieldCspOptions {
     nonce?: string;
     /** Optional if the customer still loads jQuery from Google's CDN. */
     includeGoogleApis?: boolean;
-    /** Keep `'unsafe-inline'` in `script-src` for strict vendor compatibility. */
+    /** Include `script-src 'unsafe-inline'` (not recommended for production). */
     includeUnsafeInlineScript?: boolean;
-    /** Keep `style-src 'unsafe-inline'` for current vendor markup/styles. */
+    /** Include `style-src 'unsafe-inline'` (not recommended for production). */
     includeUnsafeInlineStyle?: boolean;
 }
 type SiaraShieldCspDirectives = Record<string, string[]>;