import type { ArtifactKind } from "./artifacts"; /** * Builders for sandboxed iframe `srcdoc` documents used by live previews * (artifact panel and the fullscreen HTML preview modal). * * Every document gets a hook script that forwards uncaught errors and * unhandled rejections to the parent via postMessage on a per-preview * channel. The same script intercepts link activation: in-page fragment * links scroll within the preview, links whose raw href is an absolute * http(s) URL are forwarded to the parent (which confirms before opening * a new tab), everything else is blocked. The raw-attribute check matters: * srcdoc documents inherit the parent's base URL, so a relative href would * resolve to an app-origin URL the artifact never legitimately points at — * and the confirm dialog would then show the app's own trusted hostname * over an attacker-chosen path. Navigating from inside the sandbox would * be broken anyway — the opened tab would inherit the sandbox's opaque * origin. */ const END_SCRIPT_TAG = ""; function buildPreviewHookScript(channel: string): string { return `\n