dompurify
Advanced tools
Comparing version 0.8.5 to 0.8.6
@@ -1,2 +0,2 @@ | ||
(function(e){"use strict";var t=typeof window==="undefined"?null:window;if(typeof define==="function"&&define.amd){define(function(){return e(t)})}else if(typeof module!=="undefined"){module.exports=e(t)}else{t.DOMPurify=e(t)}})(function e(t){"use strict";var r=function(t){return e(t)};r.version="0.8.5";r.removed=[];if(!t||!t.document||t.document.nodeType!==9){r.isSupported=false;return r}var n=t.document;var a=n;var i=t.DocumentFragment;var o=t.HTMLTemplateElement;var l=t.Node;var s=t.NodeFilter;var f=t.NamedNodeMap||t.MozNamedAttrMap;var c=t.Text;var u=t.Comment;var d=t.DOMParser;if(typeof o==="function"){var m=n.createElement("template");if(m.content&&m.content.ownerDocument){n=m.content.ownerDocument}}var p=n.implementation;var v=n.createNodeIterator;var h=n.getElementsByTagName;var g=n.createDocumentFragment;var y=a.importNode;var b={};r.isSupported=typeof p.createHTMLDocument!=="undefined"&&n.documentMode!==9;var T=function(e,t){var r=t.length;while(r--){if(typeof t[r]==="string"){t[r]=t[r].toLowerCase()}e[t[r]]=true}return e};var A=function(e){var t={};var r;for(r in e){if(e.hasOwnProperty(r)){t[r]=e[r]}}return t};var x=null;var k=T({},["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr","svg","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","switch","symbol","text","textpath","title","tref","tspan","view","vkern","feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","feSpecularLighting","feTile","feTurbulence","math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmuliscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mpspace","msqrt","mystyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover","#text"]);var w=null;var E=T({},["accept","action","align","alt","autocomplete","background","bgcolor","border","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","coords","datetime","default","dir","disabled","download","enctype","face","for","headers","height","hidden","high","href","hreflang","id","ismap","label","lang","list","loop","low","max","maxlength","media","method","min","multiple","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","rows","rowspan","spellcheck","scope","selected","shape","size","span","srclang","start","src","step","style","summary","tabindex","title","type","usemap","valign","value","width","xmlns","accent-height","accumulate","additivive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","clip","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","mode","min","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","surfacescale","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","u1","u2","unicode","values","viewbox","visibility","vert-adv-y","vert-origin-x","vert-origin-y","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","y","y1","y2","z","zoomandpan","accent","accentunder","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","display","displaystyle","fence","frame","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]);var S=null;var N=null;var D=true;var M=false;var O=false;var L=false;var _=/\{\{[\s\S]*|[\s\S]*\}\}/gm;var C=/<%[\s\S]*|[\s\S]*%>/gm;var R=false;var z=false;var F=false;var H=false;var j=true;var B=true;var I=T({},["audio","head","math","script","style","svg","video"]);var W=T({},["audio","video","img","source"]);var G=T({},["alt","class","for","id","label","name","pattern","placeholder","summary","title","value","style","xmlns"]);var q=null;var P=n.createElement("form");var U=function(e){if(typeof e!=="object"){e={}}x="ALLOWED_TAGS"in e?T({},e.ALLOWED_TAGS):k;w="ALLOWED_ATTR"in e?T({},e.ALLOWED_ATTR):E;S="FORBID_TAGS"in e?T({},e.FORBID_TAGS):{};N="FORBID_ATTR"in e?T({},e.FORBID_ATTR):{};D=e.ALLOW_DATA_ATTR!==false;M=e.ALLOW_UNKNOWN_PROTOCOLS||false;O=e.SAFE_FOR_JQUERY||false;L=e.SAFE_FOR_TEMPLATES||false;R=e.WHOLE_DOCUMENT||false;z=e.RETURN_DOM||false;F=e.RETURN_DOM_FRAGMENT||false;H=e.RETURN_DOM_IMPORT||false;j=e.SANITIZE_DOM!==false;B=e.KEEP_CONTENT!==false;if(L){D=false}if(F){z=true}if(e.ADD_TAGS){if(x===k){x=A(x)}T(x,e.ADD_TAGS)}if(e.ADD_ATTR){if(w===E){w=A(w)}T(w,e.ADD_ATTR)}if(e.ADD_URI_SAFE_ATTR){T(G,e.ADD_URI_SAFE_ATTR)}if(B){x["#text"]=true}if(Object&&"freeze"in Object){Object.freeze(e)}q=e};var V=function(e){r.removed.push({element:e});try{e.parentNode.removeChild(e)}catch(t){e.outerHTML=""}};var K=function(e,t){r.removed.push({attribute:t.getAttributeNode(e),from:t});t.removeAttribute(e)};var Y=function(e){var t,r;try{t=(new d).parseFromString(e,"text/html")}catch(n){}if(!t||!t.documentElement){t=p.createHTMLDocument("");r=t.body;r.parentNode.removeChild(r.parentNode.firstElementChild);r.outerHTML=e}if(typeof t.getElementsByTagName==="function"){return t.getElementsByTagName(R?"html":"body")[0]}return h.call(t,R?"html":"body")[0]};var J=function(e){return v.call(e.ownerDocument||e,e,s.SHOW_ELEMENT|s.SHOW_COMMENT|s.SHOW_TEXT,function(){return s.FILTER_ACCEPT},false)};var Q=function(e){if(e instanceof c||e instanceof u){return false}if(typeof e.nodeName!=="string"||typeof e.textContent!=="string"||typeof e.removeChild!=="function"||!(e.attributes instanceof f)||typeof e.removeAttribute!=="function"||typeof e.setAttribute!=="function"){return true}return false};var X=function(e){return typeof l==="object"?e instanceof l:e&&typeof e==="object"&&typeof e.nodeType==="number"&&typeof e.nodeName==="string"};var Z=function(e){var t,n;ie("beforeSanitizeElements",e,null);if(Q(e)){V(e);return true}t=e.nodeName.toLowerCase();ie("uponSanitizeElement",e,{tagName:t,allowedTags:x});if(!x[t]||S[t]){if(B&&!I[t]&&typeof e.insertAdjacentHTML==="function"){try{e.insertAdjacentHTML("AfterEnd",e.innerHTML)}catch(a){}}V(e);return true}if(O&&!e.firstElementChild&&(!e.content||!e.content.firstElementChild)&&/</g.test(e.textContent)){r.removed.push({element:e.cloneNode()});e.innerHTML=e.textContent.replace(/</g,"<")}if(L&&e.nodeType===3){n=e.textContent;n=n.replace(_," ");n=n.replace(C," ");if(e.textContent!==n){r.removed.push({element:e.cloneNode()});e.textContent=n}}ie("afterSanitizeElements",e,null);return false};var $=/^data-[\-\w.\u00B7-\uFFFF]/;var ee=/^(?:(?:(?:f|ht)tps?|mailto|tel):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i;var te=/^(?:\w+script|data):/i;var re=/[\x00-\x20\xA0\u1680\u180E\u2000-\u2029\u205f\u3000]/g;var ne=function(e){var a,i,o,l,s,f,c,u;ie("beforeSanitizeAttributes",e,null);f=e.attributes;if(!f){return}c={attrName:"",attrValue:"",keepAttr:true,allowedAttributes:w};u=f.length;while(u--){a=f[u];i=a.name;o=a.value.trim();l=i.toLowerCase();c.attrName=l;c.attrValue=o;c.keepAttr=true;ie("uponSanitizeAttribute",e,c);o=c.attrValue;if(l==="name"&&e.nodeName==="IMG"&&f.id){s=f.id;f=Array.prototype.slice.apply(f);K("id",e);K(i,e);if(f.indexOf(s)>u){e.setAttribute("id",s.value)}}else{if(i==="id"){e.setAttribute(i,"")}K(i,e)}if(!c.keepAttr){continue}if(j&&(l==="id"||l==="name")&&(o in t||o in n||o in P)){continue}if(L){o=o.replace(_," ");o=o.replace(C," ")}if(D&&$.test(l)){}else if(!w[l]||N[l]){continue}else if(G[l]){}else if(ee.test(o.replace(re,""))){}else if(l==="src"&&o.indexOf("data:")===0&&W[e.nodeName.toLowerCase()]){}else if(M&&!te.test(o.replace(re,""))){}else if(!o){}else{continue}try{e.setAttribute(i,o);r.removed.pop()}catch(d){}}ie("afterSanitizeAttributes",e,null)};var ae=function(e){var t;var r=J(e);ie("beforeSanitizeShadowDOM",e,null);while(t=r.nextNode()){ie("uponSanitizeShadowNode",t,null);if(Z(t)){continue}if(t.content instanceof i){ae(t.content)}ne(t)}ie("afterSanitizeShadowDOM",e,null)};var ie=function(e,t,n){if(!b[e]){return}b[e].forEach(function(e){e.call(r,t,n,q)})};r.sanitize=function(e,n){var o,s,f,c,u,d;if(!e){e="<!-->"}if(typeof e!=="string"&&!X(e)){if(typeof e.toString!=="function"){throw new TypeError("toString is not a function")}else{e=e.toString()}}if(!r.isSupported){if(typeof t.toStaticHTML==="object"||typeof t.toStaticHTML==="function"){if(typeof e==="string"){return t.toStaticHTML(e)}else if(X(e)){return t.toStaticHTML(e.outerHTML)}}return e}U(n);r.removed=[];if(e instanceof l){o=Y("<!-->");s=o.ownerDocument.importNode(e,true);if(s.nodeType===1&&s.nodeName==="BODY"){o=s}else{o.appendChild(s)}}else{if(!z&&!R&&e.indexOf("<")===-1){return e}o=Y(e);if(!o){return z?null:""}}u=J(o);while(f=u.nextNode()){if(f.nodeType===3&&f===c){continue}if(Z(f)){continue}if(f.content instanceof i){ae(f.content)}ne(f);c=f}if(z){if(F){d=g.call(o.ownerDocument);while(o.firstChild){d.appendChild(o.firstChild)}}else{d=o}if(H){d=y.call(a,d,true)}return d}return R?o.outerHTML:o.innerHTML};r.addHook=function(e,t){if(typeof t!=="function"){return}b[e]=b[e]||[];b[e].push(t)};r.removeHook=function(e){if(b[e]){b[e].pop()}};r.removeHooks=function(e){if(b[e]){b[e]=[]}};r.removeAllHooks=function(){b={}};return r}); | ||
(function(e){"use strict";var t=typeof window==="undefined"?null:window;if(typeof define==="function"&&define.amd){define(function(){return e(t)})}else if(typeof module!=="undefined"){module.exports=e(t)}else{t.DOMPurify=e(t)}})(function e(t){"use strict";var r=function(t){return e(t)};r.version="0.8.6";r.removed=[];if(!t||!t.document||t.document.nodeType!==9){r.isSupported=false;return r}var n=t.document;var a=n;var i=t.DocumentFragment;var o=t.HTMLTemplateElement;var l=t.Node;var s=t.NodeFilter;var f=t.NamedNodeMap||t.MozNamedAttrMap;var c=t.Text;var u=t.Comment;if(typeof o==="function"){var d=n.createElement("template");if(d.content&&d.content.ownerDocument){n=d.content.ownerDocument}}var m=n.implementation;var p=n.createNodeIterator;var v=n.getElementsByTagName;var h=n.createDocumentFragment;var g=a.importNode;var y={};r.isSupported=typeof m.createHTMLDocument!=="undefined"&&n.documentMode!==9;var T=function(e,t){var r=t.length;while(r--){if(typeof t[r]==="string"){t[r]=t[r].toLowerCase()}e[t[r]]=true}return e};var b=function(e){var t={};var r;for(r in e){if(e.hasOwnProperty(r)){t[r]=e[r]}}return t};var A=null;var x=T({},["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr","svg","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","switch","symbol","text","textpath","title","tref","tspan","view","vkern","feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","feSpecularLighting","feTile","feTurbulence","math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmuliscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mpspace","msqrt","mystyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover","#text"]);var k=null;var w=T({},["accept","action","align","alt","autocomplete","background","bgcolor","border","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","coords","datetime","default","dir","disabled","download","enctype","face","for","headers","height","hidden","high","href","hreflang","id","ismap","label","lang","list","loop","low","max","maxlength","media","method","min","multiple","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","span","srclang","start","src","step","style","summary","tabindex","title","type","usemap","valign","value","width","xmlns","accent-height","accumulate","additivive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","clip","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","mode","min","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","surfacescale","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","u1","u2","unicode","values","viewbox","visibility","vert-adv-y","vert-origin-x","vert-origin-y","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","y","y1","y2","z","zoomandpan","accent","accentunder","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","display","displaystyle","fence","frame","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]);var E=null;var N=null;var O=true;var S=true;var D=false;var L=false;var M=false;var _=/\{\{[\s\S]*|[\s\S]*\}\}/gm;var C=/<%[\s\S]*|[\s\S]*%>/gm;var R=false;var z=false;var F=false;var H=false;var I=false;var B=true;var j=true;var W=T({},["audio","head","math","script","style","svg","video"]);var G=T({},["audio","video","img","source","image"]);var U=T({},["alt","class","for","id","label","name","pattern","placeholder","summary","title","value","style","xmlns"]);var q=null;var P=n.createElement("form");var V=function(e){if(typeof e!=="object"){e={}}A="ALLOWED_TAGS"in e?T({},e.ALLOWED_TAGS):x;k="ALLOWED_ATTR"in e?T({},e.ALLOWED_ATTR):w;E="FORBID_TAGS"in e?T({},e.FORBID_TAGS):{};N="FORBID_ATTR"in e?T({},e.FORBID_ATTR):{};O=e.ALLOW_ARIA_ATTR!==false;S=e.ALLOW_DATA_ATTR!==false;D=e.ALLOW_UNKNOWN_PROTOCOLS||false;L=e.SAFE_FOR_JQUERY||false;M=e.SAFE_FOR_TEMPLATES||false;R=e.WHOLE_DOCUMENT||false;F=e.RETURN_DOM||false;H=e.RETURN_DOM_FRAGMENT||false;I=e.RETURN_DOM_IMPORT||false;z=e.FORCE_BODY||false;B=e.SANITIZE_DOM!==false;j=e.KEEP_CONTENT!==false;if(M){S=false}if(H){F=true}if(e.ADD_TAGS){if(A===x){A=b(A)}T(A,e.ADD_TAGS)}if(e.ADD_ATTR){if(k===w){k=b(k)}T(k,e.ADD_ATTR)}if(e.ADD_URI_SAFE_ATTR){T(U,e.ADD_URI_SAFE_ATTR)}if(j){A["#text"]=true}if(Object&&"freeze"in Object){Object.freeze(e)}q=e};var Y=function(e){r.removed.push({element:e});try{e.parentNode.removeChild(e)}catch(t){e.outerHTML=""}};var K=function(e,t){r.removed.push({attribute:t.getAttributeNode(e),from:t});t.removeAttribute(e)};var $=function(e){var t,r;if(z){e="<remove></remove>"+e}if(!t||!t.documentElement){t=m.createHTMLDocument("");r=t.body;r.parentNode.removeChild(r.parentNode.firstElementChild);r.outerHTML=e}if(typeof t.getElementsByTagName==="function"){return t.getElementsByTagName(R?"html":"body")[0]}return v.call(t,R?"html":"body")[0]};var J=function(e){return p.call(e.ownerDocument||e,e,s.SHOW_ELEMENT|s.SHOW_COMMENT|s.SHOW_TEXT,function(){return s.FILTER_ACCEPT},false)};var Q=function(e){if(e instanceof c||e instanceof u){return false}if(typeof e.nodeName!=="string"||typeof e.textContent!=="string"||typeof e.removeChild!=="function"||!(e.attributes instanceof f)||typeof e.removeAttribute!=="function"||typeof e.setAttribute!=="function"){return true}return false};var X=function(e){return typeof l==="object"?e instanceof l:e&&typeof e==="object"&&typeof e.nodeType==="number"&&typeof e.nodeName==="string"};var Z=function(e){var t,n;le("beforeSanitizeElements",e,null);if(Q(e)){Y(e);return true}t=e.nodeName.toLowerCase();le("uponSanitizeElement",e,{tagName:t,allowedTags:A});if(!A[t]||E[t]){if(j&&!W[t]&&typeof e.insertAdjacentHTML==="function"){try{e.insertAdjacentHTML("AfterEnd",e.innerHTML)}catch(a){}}Y(e);return true}if(L&&!e.firstElementChild&&(!e.content||!e.content.firstElementChild)&&/</g.test(e.textContent)){r.removed.push({element:e.cloneNode()});e.innerHTML=e.textContent.replace(/</g,"<")}if(M&&e.nodeType===3){n=e.textContent;n=n.replace(_," ");n=n.replace(C," ");if(e.textContent!==n){r.removed.push({element:e.cloneNode()});e.textContent=n}}le("afterSanitizeElements",e,null);return false};var ee=/^data-[\-\w.\u00B7-\uFFFF]/;var te=/^aria-[\-\w]+$/;var re=/^(?:(?:(?:f|ht)tps?|mailto|tel):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i;var ne=/^(?:\w+script|data):/i;var ae=/[\x00-\x20\xA0\u1680\u180E\u2000-\u2029\u205f\u3000]/g;var ie=function(e){var a,i,o,l,s,f,c,u;le("beforeSanitizeAttributes",e,null);f=e.attributes;if(!f){return}c={attrName:"",attrValue:"",keepAttr:true,allowedAttributes:k};u=f.length;while(u--){a=f[u];i=a.name;o=a.value.trim();l=i.toLowerCase();c.attrName=l;c.attrValue=o;c.keepAttr=true;le("uponSanitizeAttribute",e,c);o=c.attrValue;if(l==="name"&&e.nodeName==="IMG"&&f.id){s=f.id;f=Array.prototype.slice.apply(f);K("id",e);K(i,e);if(f.indexOf(s)>u){e.setAttribute("id",s.value)}}else if(e.nodeName==="INPUT"&&l==="type"&&o==="file"&&(k[l]||!N[l])){continue}else{if(i==="id"){e.setAttribute(i,"")}K(i,e)}if(!c.keepAttr){continue}if(B&&(l==="id"||l==="name")&&(o in t||o in n||o in P)){continue}if(M){o=o.replace(_," ");o=o.replace(C," ")}if(S&&ee.test(l)){}else if(O&&te.test(l)){}else if(!k[l]||N[l]){continue}else if(U[l]){}else if(re.test(o.replace(ae,""))){}else if((l==="src"||l==="xlink:href")&&o.indexOf("data:")===0&&G[e.nodeName.toLowerCase()]){}else if(D&&!ne.test(o.replace(ae,""))){}else if(!o){}else{continue}try{e.setAttribute(i,o);r.removed.pop()}catch(d){}}le("afterSanitizeAttributes",e,null)};var oe=function(e){var t;var r=J(e);le("beforeSanitizeShadowDOM",e,null);while(t=r.nextNode()){le("uponSanitizeShadowNode",t,null);if(Z(t)){continue}if(t.content instanceof i){oe(t.content)}ie(t)}le("afterSanitizeShadowDOM",e,null)};var le=function(e,t,n){if(!y[e]){return}y[e].forEach(function(e){e.call(r,t,n,q)})};r.sanitize=function(e,n){var o,s,f,c,u,d;if(!e){e="<!-->"}if(typeof e!=="string"&&!X(e)){if(typeof e.toString!=="function"){throw new TypeError("toString is not a function")}else{e=e.toString()}}if(!r.isSupported){if(typeof t.toStaticHTML==="object"||typeof t.toStaticHTML==="function"){if(typeof e==="string"){return t.toStaticHTML(e)}else if(X(e)){return t.toStaticHTML(e.outerHTML)}}return e}V(n);r.removed=[];if(e instanceof l){o=$("<!-->");s=o.ownerDocument.importNode(e,true);if(s.nodeType===1&&s.nodeName==="BODY"){o=s}else{o.appendChild(s)}}else{if(!F&&!R&&e.indexOf("<")===-1){return e}o=$(e);if(!o){return F?null:""}}if(z){Y(o.firstChild)}u=J(o);while(f=u.nextNode()){if(f.nodeType===3&&f===c){continue}if(Z(f)){continue}if(f.content instanceof i){oe(f.content)}ie(f);c=f}if(F){if(H){d=h.call(o.ownerDocument);while(o.firstChild){d.appendChild(o.firstChild)}}else{d=o}if(I){d=g.call(a,d,true)}return d}return R?o.outerHTML:o.innerHTML};r.addHook=function(e,t){if(typeof t!=="function"){return}y[e]=y[e]||[];y[e].push(t)};r.removeHook=function(e){if(y[e]){y[e].pop()}};r.removeHooks=function(e){if(y[e]){y[e]=[]}};r.removeAllHooks=function(){y={}};return r}); | ||
//# sourceMappingURL=./dist/purify.min.js.map |
@@ -44,3 +44,3 @@ { | ||
"description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.", | ||
"version": "0.8.5", | ||
"version": "0.8.6", | ||
"main": "src/purify.js", | ||
@@ -47,0 +47,0 @@ "directories": { |
@@ -24,3 +24,3 @@ ;(function(factory) { | ||
*/ | ||
DOMPurify.version = '0.8.5'; | ||
DOMPurify.version = '0.8.6'; | ||
@@ -49,3 +49,2 @@ /** | ||
var Comment = window.Comment; | ||
var DOMParser = window.DOMParser; | ||
@@ -164,3 +163,3 @@ // As per issue #47, the web-components registry is inherited by a | ||
'nowrap','open','optimum','pattern','placeholder','poster','preload','pubdate', | ||
'radiogroup','readonly','rel','required','rev','reversed','rows', | ||
'radiogroup','readonly','rel','required','rev','reversed','role','rows', | ||
'rowspan','spellcheck','scope','selected','shape','size','span', | ||
@@ -219,2 +218,5 @@ 'srclang','start','src','step','style','summary','tabindex','title', | ||
/* Decide if ARIA attributes are okay */ | ||
var ALLOW_ARIA_ATTR = true; | ||
/* Decide if custom data attributes are okay */ | ||
@@ -241,2 +243,6 @@ var ALLOW_DATA_ATTR = true; | ||
/* Decide if all elements (e.g. style, script) must be children of | ||
* document.body. By default, browsers might move them to document.head */ | ||
var FORCE_BODY = false; | ||
/* Decide if a DOM `HTMLBodyElement` should be returned, instead of a html string. | ||
@@ -269,3 +275,3 @@ * If `WHOLE_DOCUMENT` is enabled a `HTMLHtmlElement` will be returned instead | ||
var DATA_URI_TAGS = _addToSet({}, [ | ||
'audio', 'video', 'img', 'source' | ||
'audio', 'video', 'img', 'source', 'image' | ||
]); | ||
@@ -307,2 +313,3 @@ | ||
_addToSet({}, cfg.FORBID_ATTR) : {}; | ||
ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true | ||
ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true | ||
@@ -316,2 +323,3 @@ ALLOW_UNKNOWN_PROTOCOLS = cfg.ALLOW_UNKNOWN_PROTOCOLS || false; // Default false | ||
RETURN_DOM_IMPORT = cfg.RETURN_DOM_IMPORT || false; // Default false | ||
FORCE_BODY = cfg.FORCE_BODY || false; // Default false | ||
SANITIZE_DOM = cfg.SANITIZE_DOM !== false; // Default true | ||
@@ -390,11 +398,9 @@ KEEP_CONTENT = cfg.KEEP_CONTENT !== false; // Default true | ||
var _initDocument = function(dirty) { | ||
/* Create a HTML document using DOMParser */ | ||
/* Create a HTML document */ | ||
var doc, body; | ||
try { | ||
doc = new DOMParser().parseFromString(dirty, 'text/html'); | ||
} catch (e) {} | ||
if (FORCE_BODY) { | ||
dirty = '<remove></remove>' + dirty; | ||
} | ||
/* Some browsers throw, some browsers return null for the code above | ||
DOMParser with text/html support is only in very recent browsers. | ||
See #159 why the check here is extra-thorough */ | ||
if (!doc || !doc.documentElement) { | ||
@@ -481,2 +487,3 @@ doc = implementation.createHTMLDocument(''); | ||
var tagName, content; | ||
/* Execute a hook if present */ | ||
@@ -540,2 +547,3 @@ _executeHook('beforeSanitizeElements', currentNode, null); | ||
var DATA_ATTR = /^data-[\-\w.\u00B7-\uFFFF]/; | ||
var ARIA_ATTR = /^aria-[\-\w]+$/; | ||
var IS_ALLOWED_URI = /^(?:(?:(?:f|ht)tps?|mailto|tel):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i; | ||
@@ -602,2 +610,9 @@ var IS_SCRIPT_OR_DATA = /^(?:\w+script|data):/i; | ||
} | ||
} else if ( | ||
// This works around a bug in Safari, where input[type=file] | ||
// cannot be dynamically set after type has been removed | ||
currentNode.nodeName === 'INPUT' && lcName === 'type' && | ||
value === 'file' && (ALLOWED_ATTR[lcName] || !FORBID_ATTR[lcName])) { | ||
continue; | ||
} else { | ||
@@ -638,2 +653,5 @@ // This avoids a crash in Safari v9.0 with double-ids. | ||
} | ||
else if (ALLOW_ARIA_ATTR && ARIA_ATTR.test(lcName)) { | ||
// This attribute is safe | ||
} | ||
/* Otherwise, check the name is permitted */ | ||
@@ -652,5 +670,5 @@ else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) { | ||
} | ||
/* Keep image data URIs alive if src is allowed */ | ||
/* Keep image data URIs alive if src/xlink:href is allowed */ | ||
else if ( | ||
lcName === 'src' && | ||
(lcName === 'src' || lcName === 'xlink:href') && | ||
value.indexOf('data:') === 0 && | ||
@@ -808,2 +826,7 @@ DATA_URI_TAGS[currentNode.nodeName.toLowerCase()]) { | ||
/* Remove first element node (ours) if FORCE_BODY is set */ | ||
if (FORCE_BODY) { | ||
_forceRemove(body.firstChild); | ||
} | ||
/* Get node iterator */ | ||
@@ -810,0 +833,0 @@ nodeIterator = _createIterator(body); |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No README
QualityPackage does not have a README. This may indicate a failed publish or a low quality package.
Found 1 instance in 1 package
91965
6
848
0
223