/** * XML utility helpers * * Security hardening * ────────────────── * • decodeEntities enforces a maximum expansion length to prevent * Billion Laughs / exponential entity expansion attacks. * • Custom (non-predefined, non-numeric) entity references are left * unexpanded by default – callers that need DTD entity expansion must * supply an explicit entity map. */ /** * Decode XML character references and the five predefined entity references. * * - `&#nnn;` numeric decimal * - `&#xHHH;` numeric hex * - `&` `<` `>` `'` `"` * * Unknown named entities (e.g. `&foo;`) are left as-is to avoid silent data * corruption and to prevent DTD-based entity expansion attacks. * * @param entityMap Optional map of additional named entities (e.g. from DTD). * Expansion is still bounded by MAX_EXPANSION. */ export declare function decodeEntities(value: string, entityMap?: Readonly>): string; /** * Encode special XML characters for use in text content. * Does NOT encode single-quote (only needed inside single-quoted attributes). */ export declare function encodeEntities(value: string): string; /** * Encode special XML characters for use inside an attribute value. * Encodes both quote styles to be safe regardless of delimiter choice. */ export declare function encodeAttrValue(value: string): string; /** * Normalise an attribute value per XML 1.0 §3.3.3 (CDATA normalisation). * Replaces tab, carriage-return and newline with a single space. */ export declare function normalizeAttrValue(value: string): string; /** Returns true if `name` is a valid XML NCName (no colon). */ export declare function isValidNCName(name: string): boolean; /** Returns true if `name` is a valid XML QName (optional prefix:localName). */ export declare function isValidQName(name: string): boolean; /** Splits a QName into { prefix, local } */ export declare function splitQName(qname: string): { prefix: string; local: string; }; /** * G10: Resolve an `xml:base` relative URI against a base URI per RFC 3986. * * - If `ref` is absolute (has a scheme like `http://`), it is returned as-is. * - If `ref` starts with `/`, it replaces the path on the base URI's origin. * - Otherwise, `ref` is appended to the directory portion of `base`. * - Empty `ref` returns `base` unchanged. * * Works in any environment (no URL constructor required for common cases, * but will delegate to `URL` when available for correctness). * * @example * resolveXmlBase('http://example.com/docs/a.xml', '../images/logo.png') * // → 'http://example.com/images/logo.png' * * resolveXmlBase('', 'http://example.com/base/') * // → 'http://example.com/base/' */ export declare function resolveXmlBase(base: string, ref: string): string; //# sourceMappingURL=xmlUtils.d.ts.map