/** * DOCX Module - Internal Utilities (unified shared helpers) * * This is the single source of truth for cross-cutting low-level utilities * used throughout the word module. Consolidates previously duplicated * implementations of base64, UUID, UTF-16LE encoding, and XML helpers. */ /** * Shared `TextEncoder` instance for UTF-8 encoding. Reusing this avoids the * cost of constructing a fresh encoder on every call site (each `new * TextEncoder()` allocates a small native object). */ export declare const utf8Encoder: TextEncoder; /** * Shared `TextDecoder` instance for UTF-8 decoding. Stateless — safe to share * across modules. Use this instead of `new TextDecoder("utf-8")`. */ export declare const utf8Decoder: TextDecoder; /** * Encode a byte array to base64. Uses native Node `Buffer` if available; * otherwise falls back to chunked `btoa()` for browser environments. * * The chunked approach avoids the O(n²) string concatenation cost that naïve * `String.fromCharCode(...data)` implementations exhibit on large buffers. */ export declare function bytesToBase64(data: Uint8Array): string; /** * Decode a base64 string to a byte array. Uses native Node `Buffer` if available. */ export declare function base64ToBytes(s: string): Uint8Array; /** * Generate a GUID in braced format: "{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}". * Used by font obfuscation (w:fontKey) and building blocks. */ export declare function generateGuid(): string; /** * Encode a string as UTF-16LE bytes. * Required by ECMA-376 password hashing and OLE operations. */ export declare function stringToUtf16LE(str: string): Uint8Array; /** * Generate cryptographically secure random bytes. * Throws `DocxError` if `crypto.getRandomValues` is unavailable on the host. */ export declare function randomBytes(length: number): Uint8Array; /** * Make all properties of T mutable (remove readonly). * Used in mutation APIs (acceptAllRevisions, replaceText, etc.) that operate * on document models in-place. Preferred over `as any` casts. */ export type Mutable = { -readonly [P in keyof T]: T[P]; }; /** * Deep mutable version — recursively removes readonly from nested objects. */ export type DeepMutable = { -readonly [P in keyof T]: T[P] extends ReadonlyArray ? Array> : T[P] extends ReadonlyMap ? Map> : T[P] extends object ? DeepMutable : T[P]; }; /** * Validate and normalize a URL for use in a hyperlink. Returns a safe URL * string, or `undefined` if the input is unsafe. * * Rules: * - Empty/whitespace input → `undefined`. * - Fragment-only (`#anchor`) and protocol-relative (`//host`) URLs → kept. * - Relative URLs without a scheme → kept (no host injection possible since * they resolve against the document base). * - URLs with a scheme are accepted only if the scheme is in * {@link SAFE_URL_SCHEMES}. * - Surrounding whitespace and control characters that browsers historically * strip when parsing URLs are removed before scheme detection so attackers * can't bypass the check with `" java\tscript:..."`. */ export declare function sanitizeUrl(url: string | undefined | null): string | undefined; /** * Strip path-traversal segments and other unsafe characters from a * caller-supplied media file name so it can be used as a leaf entry * inside an OPC ZIP package without enabling zipslip. * * The previous behaviour was to forward `image.fileName` / * `font.fileName` straight into `archive.add`, which let a hostile DOCX * round-tripped through `readDocx` write entries like * `word/media/../../etc/passwd.png` into the output package — a real * attack vector when the file is later unpacked by a third-party tool. * * Returns a single safe leaf name. Falls back to `fallback` (default * `"file.bin"`) when the cleaned name would be empty. */ export declare function sanitizeMediaFileName(raw: string | undefined, fallback?: string): string;