dompurify - npm Package Compare versions

dompurify

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 0.8.9 to 0.9.0

dist/purify.min.js

		@@ -1,2 +0,2 @@
		(function(e){"use strict";var t=typeof window==="undefined"?null:window;if(typeof define==="function"&&define.amd){define(function(){return e(t)})}else if(typeof module!=="undefined"){module.exports=e(t)}else{t.DOMPurify=e(t)}})(function e(t){"use strict";var r=function(t){return e(t)};r.version="0.8.9";r.removed=[];if(!t\|\|!t.document\|\|t.document.nodeType!==9){r.isSupported=false;return r}var n=t.document;var a=n;var i=t.DocumentFragment;var o=t.HTMLTemplateElement;var l=t.Node;var s=t.NodeFilter;var f=t.NamedNodeMap\|\|t.MozNamedAttrMap;var c=t.Text;var u=t.Comment;var d=t.DOMParser;var m=false;if(typeof o==="function"){var p=n.createElement("template");if(p.content&&p.content.ownerDocument){n=p.content.ownerDocument}}var v=n.implementation;var h=n.createNodeIterator;var g=n.getElementsByTagName;var y=n.createDocumentFragment;var T=a.importNode;var b={};r.isSupported=typeof v.createHTMLDocument!=="undefined"&&n.documentMode!==9;var A=function(e,t){var r=t.length;while(r--){if(typeof t[r]==="string"){t[r]=t[r].toLowerCase()}e[t[r]]=true}return e};var x=function(e){var t={};var r;for(r in e){if(e.hasOwnProperty(r)){t[r]=e[r]}}return t};var k=null;var w=A({},["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr","svg","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","switch","symbol","text","textpath","title","tref","tspan","view","vkern","feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","feSpecularLighting","feTile","feTurbulence","math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmuliscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mpspace","msqrt","mystyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover","#text"]);var S=null;var E=A({},["accept","action","align","alt","autocomplete","background","bgcolor","border","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","coords","datetime","default","dir","disabled","download","enctype","face","for","headers","height","hidden","high","href","hreflang","id","ismap","label","lang","list","loop","low","max","maxlength","media","method","min","multiple","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","span","srclang","start","src","step","style","summary","tabindex","title","type","usemap","valign","value","width","xmlns","accent-height","accumulate","additivive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","clip","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","mode","min","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","surfacescale","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","u1","u2","unicode","values","viewbox","visibility","vert-adv-y","vert-origin-x","vert-origin-y","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","y","y1","y2","z","zoomandpan","accent","accentunder","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","display","displaystyle","fence","frame","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]);var O=null;var D=null;var N=true;var M=true;var L=false;var _=false;var C=false;var R=/\{\{[\s\S]\|[\s\S]\}\}/gm;var z=/<%[\s\S]\|[\s\S]%>/gm;var F=false;var H=false;var I=false;var j=false;var W=false;var B=true;var G=true;var q=A({},["audio","head","math","script","style","template","svg","video"]);var P=A({},["audio","video","img","source","image"]);var U=A({},["alt","class","for","id","label","name","pattern","placeholder","summary","title","value","style","xmlns"]);var V=null;var Y=n.createElement("form");var K=function(e){if(typeof e!=="object"){e={}}k="ALLOWED_TAGS"in e?A({},e.ALLOWED_TAGS):w;S="ALLOWED_ATTR"in e?A({},e.ALLOWED_ATTR):E;O="FORBID_TAGS"in e?A({},e.FORBID_TAGS):{};D="FORBID_ATTR"in e?A({},e.FORBID_ATTR):{};N=e.ALLOW_ARIA_ATTR!==false;M=e.ALLOW_DATA_ATTR!==false;L=e.ALLOW_UNKNOWN_PROTOCOLS\|\|false;_=e.SAFE_FOR_JQUERY\|\|false;C=e.SAFE_FOR_TEMPLATES\|\|false;F=e.WHOLE_DOCUMENT\|\|false;I=e.RETURN_DOM\|\|false;j=e.RETURN_DOM_FRAGMENT\|\|false;W=e.RETURN_DOM_IMPORT\|\|false;H=e.FORCE_BODY\|\|false;B=e.SANITIZE_DOM!==false;G=e.KEEP_CONTENT!==false;if(C){M=false}if(j){I=true}if(e.ADD_TAGS){if(k===w){k=x(k)}A(k,e.ADD_TAGS)}if(e.ADD_ATTR){if(S===E){S=x(S)}A(S,e.ADD_ATTR)}if(e.ADD_URI_SAFE_ATTR){A(U,e.ADD_URI_SAFE_ATTR)}if(G){k["#text"]=true}if(Object&&"freeze"in Object){Object.freeze(e)}V=e};var $=function(e){r.removed.push({element:e});try{e.parentNode.removeChild(e)}catch(t){e.outerHTML=""}};var J=function(e,t){r.removed.push({attribute:t.getAttributeNode(e),from:t});t.removeAttribute(e)};var Q=function(e){var t,r;if(H){e="<remove></remove>"+e}if(m){try{t=(new d).parseFromString(e,"text/html")}catch(n){}}if(!t\|\|!t.documentElement){t=v.createHTMLDocument("");r=t.body;r.parentNode.removeChild(r.parentNode.firstElementChild);r.outerHTML=e}return g.call(t,F?"html":"body")[0]};if(r.isSupported){(function(){var e=Q('<svg><p><style><img src="</style><img src=x onerror=alert(1)//">');if(e.querySelector("svg img")){m=true}})()}var X=function(e){return h.call(e.ownerDocument\|\|e,e,s.SHOW_ELEMENT\|s.SHOW_COMMENT\|s.SHOW_TEXT,function(){return s.FILTER_ACCEPT},false)};var Z=function(e){if(e instanceof c\|\|e instanceof u){return false}if(typeof e.nodeName!=="string"\|\|typeof e.textContent!=="string"\|\|typeof e.removeChild!=="function"\|\|!(e.attributes instanceof f)\|\|typeof e.removeAttribute!=="function"\|\|typeof e.setAttribute!=="function"){return true}return false};var ee=function(e){return typeof l==="object"?e instanceof l:e&&typeof e==="object"&&typeof e.nodeType==="number"&&typeof e.nodeName==="string"};var te=function(e){var t,n;fe("beforeSanitizeElements",e,null);if(Z(e)){$(e);return true}t=e.nodeName.toLowerCase();fe("uponSanitizeElement",e,{tagName:t,allowedTags:k});if(!k[t]\|\|O[t]){if(G&&!q[t]&&typeof e.insertAdjacentHTML==="function"){try{e.insertAdjacentHTML("AfterEnd",e.innerHTML)}catch(a){}}$(e);return true}if(_&&!e.firstElementChild&&(!e.content\|\|!e.content.firstElementChild)&&/</g.test(e.textContent)){r.removed.push({element:e.cloneNode()});e.innerHTML=e.textContent.replace(/</g,"<")}if(C&&e.nodeType===3){n=e.textContent;n=n.replace(R," ");n=n.replace(z," ");if(e.textContent!==n){r.removed.push({element:e.cloneNode()});e.textContent=n}}fe("afterSanitizeElements",e,null);return false};var re=/^data-[\-\w.\u00B7-\uFFFF]/;var ne=/^aria-[\-\w]+$/;var ae=/^(?:(?:(?:f\|ht)tps?\|mailto\|tel):\|[^a-z]\|[a-z+.\-]+(?:[^a-z+.\-:]\|$))/i;var ie=/^(?:\w+script\|data):/i;var oe=/[\x00-\x20\xA0\u1680\u180E\u2000-\u2029\u205f\u3000]/g;var le=function(e){var a,i,o,l,s,f,c,u;fe("beforeSanitizeAttributes",e,null);f=e.attributes;if(!f){return}c={attrName:"",attrValue:"",keepAttr:true,allowedAttributes:S};u=f.length;while(u--){a=f[u];i=a.name;o=a.value.trim();l=i.toLowerCase();c.attrName=l;c.attrValue=o;c.keepAttr=true;fe("uponSanitizeAttribute",e,c);o=c.attrValue;if(l==="name"&&e.nodeName==="IMG"&&f.id){s=f.id;f=Array.prototype.slice.apply(f);J("id",e);J(i,e);if(f.indexOf(s)>u){e.setAttribute("id",s.value)}}else if(e.nodeName==="INPUT"&&l==="type"&&o==="file"&&(S[l]\|\|!D[l])){continue}else{if(i==="id"){e.setAttribute(i,"")}J(i,e)}if(!c.keepAttr){continue}if(B&&(l==="id"\|\|l==="name")&&(o in t\|\|o in n\|\|o in Y)){continue}if(C){o=o.replace(R," ");o=o.replace(z," ")}if(M&&re.test(l)){}else if(N&&ne.test(l)){}else if(!S[l]\|\|D[l]){continue}else if(U[l]){}else if(ae.test(o.replace(oe,""))){}else if((l==="src"\|\|l==="xlink:href")&&o.indexOf("data:")===0&&P[e.nodeName.toLowerCase()]){}else if(L&&!ie.test(o.replace(oe,""))){}else if(!o){}else{continue}try{e.setAttribute(i,o);r.removed.pop()}catch(d){}}fe("afterSanitizeAttributes",e,null)};var se=function(e){var t;var r=X(e);fe("beforeSanitizeShadowDOM",e,null);while(t=r.nextNode()){fe("uponSanitizeShadowNode",t,null);if(te(t)){continue}if(t.content instanceof i){se(t.content)}le(t)}fe("afterSanitizeShadowDOM",e,null)};var fe=function(e,t,n){if(!b[e]){return}b[e].forEach(function(e){e.call(r,t,n,V)})};r.sanitize=function(e,n){var o,s,f,c,u,d;if(!e){e="<!-->"}if(typeof e!=="string"&&!ee(e)){if(typeof e.toString!=="function"){throw new TypeError("toString is not a function")}else{e=e.toString()}}if(!r.isSupported){if(typeof t.toStaticHTML==="object"\|\|typeof t.toStaticHTML==="function"){if(typeof e==="string"){return t.toStaticHTML(e)}else if(ee(e)){return t.toStaticHTML(e.outerHTML)}}return e}K(n);r.removed=[];if(e instanceof l){o=Q("<!-->");s=o.ownerDocument.importNode(e,true);if(s.nodeType===1&&s.nodeName==="BODY"){o=s}else{o.appendChild(s)}}else{if(!I&&!F&&e.indexOf("<")===-1){return e}o=Q(e);if(!o){return I?null:""}}if(H){$(o.firstChild)}u=X(o);while(f=u.nextNode()){if(f.nodeType===3&&f===c){continue}if(te(f)){continue}if(f.content instanceof i){se(f.content)}le(f);c=f}if(I){if(j){d=y.call(o.ownerDocument);while(o.firstChild){d.appendChild(o.firstChild)}}else{d=o}if(W){d=T.call(a,d,true)}return d}return F?o.outerHTML:o.innerHTML};r.addHook=function(e,t){if(typeof t!=="function"){return}b[e]=b[e]\|\|[];b[e].push(t)};r.removeHook=function(e){if(b[e]){b[e].pop()}};r.removeHooks=function(e){if(b[e]){b[e]=[]}};r.removeAllHooks=function(){b={}};return r});
		(function(e){"use strict";var t=typeof window==="undefined"?null:window;if(typeof define==="function"&&define.amd){define(function(){return e(t)})}else if(typeof module!=="undefined"){module.exports=e(t)}else{t.DOMPurify=e(t)}})(function e(t){"use strict";var r=function(t){return e(t)};r.version="0.9.0";r.removed=[];if(!t\|\|!t.document\|\|t.document.nodeType!==9){r.isSupported=false;return r}var n=t.document;var a=n;var i=t.DocumentFragment;var o=t.HTMLTemplateElement;var l=t.Node;var s=t.NodeFilter;var f=t.NamedNodeMap\|\|t.MozNamedAttrMap;var c=t.Text;var u=t.Comment;var d=t.DOMParser;var m=t.XMLHttpRequest;var p=t.encodeURI;var v=false;var h=false;if(typeof o==="function"){var g=n.createElement("template");if(g.content&&g.content.ownerDocument){n=g.content.ownerDocument}}var y=n.implementation;var T=n.createNodeIterator;var b=n.getElementsByTagName;var A=n.createDocumentFragment;var x=a.importNode;var k={};r.isSupported=typeof y.createHTMLDocument!=="undefined"&&n.documentMode!==9;var w=function(e,t){var r=t.length;while(r--){if(typeof t[r]==="string"){t[r]=t[r].toLowerCase()}e[t[r]]=true}return e};var S=function(e){var t={};var r;for(r in e){if(e.hasOwnProperty(r)){t[r]=e[r]}}return t};var E=null;var N=w({},["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr","svg","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","switch","symbol","text","textpath","title","tref","tspan","view","vkern","feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","feSpecularLighting","feTile","feTurbulence","math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmuliscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mpspace","msqrt","mystyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover","#text"]);var O=null;var D=w({},["accept","action","align","alt","autocomplete","background","bgcolor","border","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","coords","datetime","default","dir","disabled","download","enctype","face","for","headers","height","hidden","high","href","hreflang","id","ismap","label","lang","list","loop","low","max","maxlength","media","method","min","multiple","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","span","srclang","start","src","step","style","summary","tabindex","title","type","usemap","valign","value","width","xmlns","accent-height","accumulate","additivive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","clip","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","mode","min","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","surfacescale","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","u1","u2","unicode","values","viewbox","visibility","vert-adv-y","vert-origin-x","vert-origin-y","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","y","y1","y2","z","zoomandpan","accent","accentunder","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","display","displaystyle","fence","frame","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]);var M=null;var L=null;var _=true;var C=true;var R=false;var z=false;var F=false;var H=/\{\{[\s\S]\|[\s\S]\}\}/gm;var I=/<%[\s\S]\|[\s\S]%>/gm;var j=false;var W=false;var q=false;var B=false;var G=false;var U=false;var P=true;var V=true;var Y=w({},["audio","head","math","script","style","template","svg","video"]);var K=w({},["audio","video","img","source","image"]);var X=w({},["alt","class","for","id","label","name","pattern","placeholder","summary","title","value","style","xmlns"]);var $=null;var J=n.createElement("form");var Q=function(e){if(typeof e!=="object"){e={}}E="ALLOWED_TAGS"in e?w({},e.ALLOWED_TAGS):N;O="ALLOWED_ATTR"in e?w({},e.ALLOWED_ATTR):D;M="FORBID_TAGS"in e?w({},e.FORBID_TAGS):{};L="FORBID_ATTR"in e?w({},e.FORBID_ATTR):{};_=e.ALLOW_ARIA_ATTR!==false;C=e.ALLOW_DATA_ATTR!==false;R=e.ALLOW_UNKNOWN_PROTOCOLS\|\|false;z=e.SAFE_FOR_JQUERY\|\|false;F=e.SAFE_FOR_TEMPLATES\|\|false;j=e.WHOLE_DOCUMENT\|\|false;B=e.RETURN_DOM\|\|false;G=e.RETURN_DOM_FRAGMENT\|\|false;U=e.RETURN_DOM_IMPORT\|\|false;q=e.FORCE_BODY\|\|false;P=e.SANITIZE_DOM!==false;V=e.KEEP_CONTENT!==false;if(F){C=false}if(G){B=true}if(e.ADD_TAGS){if(E===N){E=S(E)}w(E,e.ADD_TAGS)}if(e.ADD_ATTR){if(O===D){O=S(O)}w(O,e.ADD_ATTR)}if(e.ADD_URI_SAFE_ATTR){w(X,e.ADD_URI_SAFE_ATTR)}if(V){E["#text"]=true}if(Object&&"freeze"in Object){Object.freeze(e)}$=e};var Z=function(e){r.removed.push({element:e});try{e.parentNode.removeChild(e)}catch(t){e.outerHTML=""}};var ee=function(e,t){r.removed.push({attribute:t.getAttributeNode(e),from:t});t.removeAttribute(e)};var te=function(e){var t,r;if(q){e="<remove></remove>"+e}if(v){try{e=p(e)}catch(n){}var a=new m;a.responseType="document";a.open("GET","data:text/html;charset=utf-8,"+e,false);a.send(null);t=a.response}if(h){try{t=(new d).parseFromString(e,"text/html")}catch(n){}}if(!t\|\|!t.documentElement){t=y.createHTMLDocument("");r=t.body;r.parentNode.removeChild(r.parentNode.firstElementChild);r.outerHTML=e}return b.call(t,j?"html":"body")[0]};if(r.isSupported){(function(){var e=te('<svg><g onload="this.parentNode.remove()"></g></svg>');if(!e.querySelector("svg")){v=true}e=te('<svg><p><style><img src="</style><img src=x onerror=alert(1)//">');if(e.querySelector("svg img")){h=true}})()}var re=function(e){return T.call(e.ownerDocument\|\|e,e,s.SHOW_ELEMENT\|s.SHOW_COMMENT\|s.SHOW_TEXT,function(){return s.FILTER_ACCEPT},false)};var ne=function(e){if(e instanceof c\|\|e instanceof u){return false}if(typeof e.nodeName!=="string"\|\|typeof e.textContent!=="string"\|\|typeof e.removeChild!=="function"\|\|!(e.attributes instanceof f)\|\|typeof e.removeAttribute!=="function"\|\|typeof e.setAttribute!=="function"){return true}return false};var ae=function(e){return typeof l==="object"?e instanceof l:e&&typeof e==="object"&&typeof e.nodeType==="number"&&typeof e.nodeName==="string"};var ie=function(e){var t,n;me("beforeSanitizeElements",e,null);if(ne(e)){Z(e);return true}t=e.nodeName.toLowerCase();me("uponSanitizeElement",e,{tagName:t,allowedTags:E});if(!E[t]\|\|M[t]){if(V&&!Y[t]&&typeof e.insertAdjacentHTML==="function"){try{e.insertAdjacentHTML("AfterEnd",e.innerHTML)}catch(a){}}Z(e);return true}if(z&&!e.firstElementChild&&(!e.content\|\|!e.content.firstElementChild)&&/</g.test(e.textContent)){r.removed.push({element:e.cloneNode()});e.innerHTML=e.textContent.replace(/</g,"<")}if(F&&e.nodeType===3){n=e.textContent;n=n.replace(H," ");n=n.replace(I," ");if(e.textContent!==n){r.removed.push({element:e.cloneNode()});e.textContent=n}}me("afterSanitizeElements",e,null);return false};var oe=/^data-[\-\w.\u00B7-\uFFFF]/;var le=/^aria-[\-\w]+$/;var se=/^(?:(?:(?:f\|ht)tps?\|mailto\|tel):\|[^a-z]\|[a-z+.\-]+(?:[^a-z+.\-:]\|$))/i;var fe=/^(?:\w+script\|data):/i;var ce=/[\x00-\x20\xA0\u1680\u180E\u2000-\u2029\u205f\u3000]/g;var ue=function(e){var a,i,o,l,s,f,c,u;me("beforeSanitizeAttributes",e,null);f=e.attributes;if(!f){return}c={attrName:"",attrValue:"",keepAttr:true,allowedAttributes:O};u=f.length;while(u--){a=f[u];i=a.name;o=a.value.trim();l=i.toLowerCase();c.attrName=l;c.attrValue=o;c.keepAttr=true;me("uponSanitizeAttribute",e,c);o=c.attrValue;if(l==="name"&&e.nodeName==="IMG"&&f.id){s=f.id;f=Array.prototype.slice.apply(f);ee("id",e);ee(i,e);if(f.indexOf(s)>u){e.setAttribute("id",s.value)}}else if(e.nodeName==="INPUT"&&l==="type"&&o==="file"&&(O[l]\|\|!L[l])){continue}else{if(i==="id"){e.setAttribute(i,"")}ee(i,e)}if(!c.keepAttr){continue}if(P&&(l==="id"\|\|l==="name")&&(o in t\|\|o in n\|\|o in J)){continue}if(F){o=o.replace(H," ");o=o.replace(I," ")}if(C&&oe.test(l)){}else if(_&&le.test(l)){}else if(!O[l]\|\|L[l]){continue}else if(X[l]){}else if(se.test(o.replace(ce,""))){}else if((l==="src"\|\|l==="xlink:href")&&o.indexOf("data:")===0&&K[e.nodeName.toLowerCase()]){}else if(R&&!fe.test(o.replace(ce,""))){}else if(!o){}else{continue}try{e.setAttribute(i,o);r.removed.pop()}catch(d){}}me("afterSanitizeAttributes",e,null)};var de=function(e){var t;var r=re(e);me("beforeSanitizeShadowDOM",e,null);while(t=r.nextNode()){me("uponSanitizeShadowNode",t,null);if(ie(t)){continue}if(t.content instanceof i){de(t.content)}ue(t)}me("afterSanitizeShadowDOM",e,null)};var me=function(e,t,n){if(!k[e]){return}k[e].forEach(function(e){e.call(r,t,n,$)})};r.sanitize=function(e,n){var o,s,f,c,u,d;if(!e){e="<!-->"}if(typeof e!=="string"&&!ae(e)){if(typeof e.toString!=="function"){throw new TypeError("toString is not a function")}else{e=e.toString()}}if(!r.isSupported){if(typeof t.toStaticHTML==="object"\|\|typeof t.toStaticHTML==="function"){if(typeof e==="string"){return t.toStaticHTML(e)}else if(ae(e)){return t.toStaticHTML(e.outerHTML)}}return e}if(!W){Q(n)}r.removed=[];if(e instanceof l){o=te("<!-->");s=o.ownerDocument.importNode(e,true);if(s.nodeType===1&&s.nodeName==="BODY"){o=s}else{o.appendChild(s)}}else{if(!B&&!j&&e.indexOf("<")===-1){return e}o=te(e);if(!o){return B?null:""}}if(q){Z(o.firstChild)}u=re(o);while(f=u.nextNode()){if(f.nodeType===3&&f===c){continue}if(ie(f)){continue}if(f.content instanceof i){de(f.content)}ue(f);c=f}if(B){if(G){d=A.call(o.ownerDocument);while(o.firstChild){d.appendChild(o.firstChild)}}else{d=o}if(U){d=x.call(a,d,true)}return d}return j?o.outerHTML:o.innerHTML};r.setConfig=function(e){Q(e);W=true};r.clearConfig=function(){$=null;W=false};r.addHook=function(e,t){if(typeof t!=="function"){return}k[e]=k[e]\|\|[];k[e].push(t)};r.removeHook=function(e){if(k[e]){k[e].pop()}};r.removeHooks=function(e){if(k[e]){k[e]=[]}};r.removeAllHooks=function(){k={}};return r});
		//# sourceMappingURL=./dist/purify.min.js.map

package.json

		@@ -44,3 +44,3 @@ {
		"description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.",
		"version": "0.8.9",
		"version": "0.9.0",
		"main": "src/purify.js",
		@@ -47,0 +47,0 @@ "directories": {

README.md

		@@ -169,2 +169,6 @@ # DOMPurify [![Bower version](https://badge.fury.io/bo/dompurify.svg)](http://badge.fury.io/bo/dompurify) · [![npm version](https://badge.fury.io/js/dompurify.svg)](http://badge.fury.io/js/dompurify) · [![Build Status](https://travis-ci.org/cure53/DOMPurify.svg)](https://travis-ci.org/cure53/DOMPurify) · [![Downloads](https://img.shields.io/npm/dm/dompurify.svg)](https://www.npmjs.com/package/dompurify)

		## Persistent Configuration

		Instead of repeatedly passing the same configuration to `DOMPurify.sanitize`, you can use the `DOMPurify.setConfig` method. Your configuration will persist until your next call to `DOMPurify.setConfig`, or until you invoke `DOMPurify.clearConfig` to reset it. Remember that there is only one active configuration, which means once it is set, all extra configuration parameters passed to `DOMPurify.sanitize` are ignored.

		## Hooks
		@@ -171,0 +175,0 @@

src/purify.js

		@@ -24,3 +24,3 @@ ;(function(factory) {
		*/
		DOMPurify.version = '0.8.9';
		DOMPurify.version = '0.9.0';

		@@ -50,4 +50,7 @@ /**
		var DOMParser = window.DOMParser;
		var XMLHttpRequest = window.XMLHttpRequest;
		var encodeURI = window.encodeURI;
		var useXHR = false;
		var useDOMParser = false; // See comment below


		// As per issue #47, the web-components registry is inherited by a
		@@ -243,2 +246,5 @@ // new document created via createHTMLDocument. As per the spec

		/* Track whether config is already set on this instance of DOMPurify. */
		var SET_CONFIG = false;

		/* Decide if all elements (e.g. style, script) must be children of
		@@ -403,2 +409,14 @@ * document.body. By default, browsers might move them to document.head */

		/* Use XHR if necessary because Safari 10.1 and newer are buggy */
		if (useXHR) {
		try {
		dirty = encodeURI(dirty);
		} catch (e) {}
		var xhr = new XMLHttpRequest();
		xhr.responseType = 'document';
		xhr.open('GET', 'data:text/html;charset=utf-8,' + dirty, false);
		xhr.send(null);
		doc = xhr.response;
		}

		/* Use DOMParser to workaround Firefox bug (see comment below) */
		@@ -432,2 +450,7 @@ if (useDOMParser) {
		//
		// Later, it was also noticed that even more assumed benign and inert ways
		// of creating a document are now insecure thanks to Safari. So we work
		// around that with a feature test and use XHR to create the document in
		// case we really have to. That one seems safe for now.
		//
		// However, Firefox uses a different parser for innerHTML rather than
		@@ -441,3 +464,7 @@ // DOMParser (see https://bugzilla.mozilla.org/show_bug.cgi?id=1205631)
		(function () {
		var doc = _initDocument('<svg><p><style><img src="</style><img src=x onerror=alert(1)//">');
		var doc = _initDocument('<svg><g onload="this.parentNode.remove()"></g></svg>');
		if (!doc.querySelector('svg')) {
		useXHR = true;
		}
		doc = _initDocument('<svg><p><style><img src="</style><img src=x onerror=alert(1)//">');
		if (doc.querySelector('svg img')) {
		@@ -816,3 +843,5 @@ useDOMParser = true;
		/* Assign config vars */
		_parseConfig(cfg);
		if (!SET_CONFIG) {
		_parseConfig(cfg);
		}

		@@ -909,2 +938,25 @@ /* Clean up removed elements */
		/**
		* setConfig
		* Public method to set the configuration once
		*
		* @param {Object} configuration object
		* @return void
		*/
		DOMPurify.setConfig = function(cfg) {
		_parseConfig(cfg);
		SET_CONFIG = true;
		};

		/**
		* clearConfig
		* Public method to remove the configuration
		*
		* @return void
		*/
		DOMPurify.clearConfig = function() {
		CONFIG = null;
		SET_CONFIG = false;
		};

		/**
		* addHook
		@@ -911,0 +963,0 @@ * Public method to add DOMPurify hooks

dist/purify.min.js.map

Sorry, the diff of this file is not supported yet

Improved metrics