{"version":3,"file":"const.mjs","names":[],"sources":["../../src/HtmlPreview/const.ts"],"sourcesContent":["/**\n * Default sandbox attribute for HTML preview iframes.\n *\n * Why this exact set:\n * - `allow-scripts`  — required by the use case (three.js / p5.js / Tailwind\n *   CDN style demos). Without it inline preview degrades to source view.\n * - `allow-forms`    — lets demos handle `<form>` submissions in-frame.\n * - `allow-modals`   — `alert`/`confirm`/`prompt` are common in toy demos.\n *\n * Deliberately omitted:\n * - `allow-same-origin` — would let scripts read parent cookies / localStorage\n *   under cloud deployments, and bridge the IPC boundary on desktop builds.\n * - `allow-popups`, `allow-top-navigation` — phishing surface.\n *\n * Override at your own risk via `sandbox` prop.\n */\nexport const DEFAULT_SANDBOX = 'allow-scripts allow-forms allow-modals';\n\nexport const DEFAULT_HEIGHT = 400;\n\n/**\n * Cap for srcDoc length. Beyond a few MB browsers start misbehaving;\n * we fall back to source-only above this threshold.\n */\nexport const SRCDOC_MAX_LENGTH = 5 * 1024 * 1024;\n\nconst FULL_HTML_MARKERS = ['<!doctype html', '<html', '<HTML'];\n\n/**\n * Is the content a \"full\" HTML document (has `<html>` or `<!DOCTYPE html>`)?\n * Fragments without these markers render poorly inline and should not auto-mount.\n */\nexport const isFullHtmlDocument = (content: string): boolean => {\n  if (!content) return false;\n  const head = content.slice(0, 1024).toLowerCase();\n  return FULL_HTML_MARKERS.some((marker) => head.includes(marker.toLowerCase()));\n};\n\n/**\n * Heuristic for whether streaming HTML is \"stable enough to mount the iframe\".\n * Re-mounting srcDoc on every token reboots scripts (p5.js setup runs each\n * time), so we wait for a clear closing signal.\n */\nexport const isHtmlContentClosed = (content: string): boolean => {\n  if (!content) return false;\n  const tail = content.slice(-1024).toLowerCase();\n  return tail.includes('</html>');\n};\n\n/**\n * Does the content contain a `<script>` tag?\n *\n * Used by `streamingMode: 'auto'` to decide whether live-streaming the\n * iframe is safe. Script-bearing content gets deferred until stable so we\n * don't re-run `setup()` on every token; script-less content (pure\n * markup + styles) streams live for a more responsive feel.\n */\nexport const containsScript = (content: string): boolean => {\n  if (!content) return false;\n  return /<script\\b/i.test(content);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;AAgBA,MAAa,kBAAkB;AAE/B,MAAa,iBAAiB;;;;;AAM9B,MAAa,oBAAoB,IAAI,OAAO;AAE5C,MAAM,oBAAoB;CAAC;CAAkB;CAAS;CAAQ;;;;;AAM9D,MAAa,sBAAsB,YAA6B;AAC9D,KAAI,CAAC,QAAS,QAAO;CACrB,MAAM,OAAO,QAAQ,MAAM,GAAG,KAAK,CAAC,aAAa;AACjD,QAAO,kBAAkB,MAAM,WAAW,KAAK,SAAS,OAAO,aAAa,CAAC,CAAC;;;;;;;AAQhF,MAAa,uBAAuB,YAA6B;AAC/D,KAAI,CAAC,QAAS,QAAO;AAErB,QADa,QAAQ,MAAM,MAAM,CAAC,aACvB,CAAC,SAAS,UAAU;;;;;;;;;;AAWjC,MAAa,kBAAkB,YAA6B;AAC1D,KAAI,CAAC,QAAS,QAAO;AACrB,QAAO,aAAa,KAAK,QAAQ"}