/** * @file csp-generator.browser.ts * @description * Browser-compatible version of SecureCSPGenerator. * This version uses native browser APIs and omits Node.js-specific features. */ import type { SecureCSPGeneratorOptions } from './types'; /** * SecureCSPGenerator: * Fetches an HTML page, extracts resource origins, * and constructs a robust CSP header string. */ export declare class SecureCSPGenerator { /** The target URL to analyze. */ readonly url: URL; private readonly opts; private readonly logger; private html; private readonly sources; private nonce; private detectedInlineScript; private detectedInlineStyle; private detectedEval; /** * @param inputUrl - URL of the page to analyze (must be non-empty) * @param opts - Configuration options to control fetching and policy * @throws Error on invalid URL or insecure scheme when allowHttp=false */ constructor(inputUrl: string, opts?: SecureCSPGeneratorOptions); /** * Generates a random nonce for use in CSP headers. */ private generateNonce; private generateHash; /** * Downloads HTML via fetch, respecting timeouts and size limits. * @throws Error if HTTP status not OK, type mismatch, or size exceeded */ private fetchHtml; /** * Adds a source to a directive's set, creating the set if needed. */ private ensureSet; /** * Parses HTML content to extract resource references. */ private parse; private cssUrlRe; private cssImportRe; /** * Extracts CSS resource URLs from inline CSS text and adds them. */ private extractCssUrls; /** * Public entry point: fetches, parses, and constructs the final CSP header. * @returns A fully-formed CSP header string. */ generate(): Promise; }