specra 0.2.58 → 0.2.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -23,8 +23,19 @@ export declare function validatePathWithinDirectory(filePath: string, allowedDir
23
23
  */
24
24
  export declare function scanMDXForDangerousPatterns(content: string): string[];
25
25
  /**
26
- * Sanitize MDX content by removing/escaping dangerous patterns
27
- * This is a defensive measure - ideally content should be rejected if dangerous
26
+ * Sanitize MDX content by neutralizing dangerous patterns in executable prose,
27
+ * while leaving fenced code blocks and inline code completely untouched.
28
+ *
29
+ * Code spans are not executable — the code renderer displays their contents as
30
+ * escaped text — so dangerous-looking examples inside them (e.g. a documented
31
+ * `<script>` tag) must be preserved verbatim, never stripped. We mask code spans
32
+ * with placeholder tokens, sanitize only the surrounding prose, then restore
33
+ * them unchanged.
34
+ *
35
+ * In prose, script tags are *escaped* (turned into inert, visible literal text)
36
+ * rather than deleted, so content never silently vanishes. Event-handler
37
+ * attributes and `javascript:` URLs are invisible attack vectors on otherwise
38
+ * valid HTML, so those are removed (neutralizing them deletes no visible text).
28
39
  */
29
40
  export declare function sanitizeMDXContent(content: string, strict?: boolean): string;
30
41
  /**
Binary file
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "specra",
3
- "version": "0.2.58",
3
+ "version": "0.2.59",
4
4
  "description": "A modern documentation library for SvelteKit with built-in versioning, API reference generation, full-text search, and MDX support",
5
5
  "svelte": "./dist/index.js",
6
6
  "types": "./dist/index.d.ts",