dompurify
Advanced tools
Comparing version 2.1.0 to 2.1.1
@@ -43,6 +43,4 @@ /*! @license DOMPurify | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.0.8/LICENSE */ | ||
var arrayForEach = unapply(Array.prototype.forEach); | ||
var arrayIndexOf = unapply(Array.prototype.indexOf); | ||
var arrayPop = unapply(Array.prototype.pop); | ||
var arrayPush = unapply(Array.prototype.push); | ||
var arraySlice = unapply(Array.prototype.slice); | ||
@@ -211,3 +209,3 @@ var stringToLowerCase = unapply(String.prototype.toLowerCase); | ||
*/ | ||
DOMPurify.version = '2.1.0'; | ||
DOMPurify.version = '2.1.1'; | ||
@@ -229,3 +227,2 @@ /** | ||
var originalDocument = window.document; | ||
var removeTitle = false; | ||
@@ -569,7 +566,2 @@ var document = window.document; | ||
/* Remove title to fix a mXSS bug in older MS Edge */ | ||
if (removeTitle) { | ||
addToSet(FORBID_TAGS, ['title']); | ||
} | ||
/* Use createHTMLDocument in case DOMParser is not available */ | ||
@@ -593,14 +585,2 @@ if (!doc || !doc.documentElement) { | ||
/* Here we test for a broken feature in Edge that might cause mXSS */ | ||
if (DOMPurify.isSupported) { | ||
(function () { | ||
try { | ||
var doc = _initDocument('<x/><title></title><img>'); | ||
if (regExpTest(/<\/title/, doc.querySelector('title').innerHTML)) { | ||
removeTitle = true; | ||
} | ||
} catch (_) {} | ||
})(); | ||
} | ||
/** | ||
@@ -701,2 +681,8 @@ * _createIterator | ||
/* Take care of an mXSS pattern using p, br inside svg, math */ | ||
if ((tagName === 'svg' || tagName === 'math') && currentNode.querySelectorAll('p, br').length !== 0) { | ||
_forceRemove(currentNode); | ||
return true; | ||
} | ||
/* Detect mXSS attempts abusing namespace confusion */ | ||
@@ -790,3 +776,2 @@ if (!_isNode(currentNode.firstElementChild) && (!_isNode(currentNode.content) || !_isNode(currentNode.content.firstElementChild)) && regExpTest(/<[!/\w]/g, currentNode.innerHTML) && regExpTest(/<[!/\w]/g, currentNode.textContent)) { | ||
var lcName = void 0; | ||
var idAttr = void 0; | ||
var l = void 0; | ||
@@ -835,29 +820,4 @@ /* Execute a hook if present */ | ||
/* Remove attribute */ | ||
// Safari (iOS + Mac), last tested v8.0.5, crashes if you try to | ||
// remove a "name" attribute from an <img> tag that has an "id" | ||
// attribute at the time. | ||
if (lcName === 'name' && currentNode.nodeName === 'IMG' && attributes.id) { | ||
idAttr = attributes.id; | ||
attributes = arraySlice(attributes, []); | ||
_removeAttribute('id', currentNode); | ||
_removeAttribute(name, currentNode); | ||
if (arrayIndexOf(attributes, idAttr) > l) { | ||
currentNode.setAttribute('id', idAttr.value); | ||
} | ||
} else if ( | ||
// This works around a bug in Safari, where input[type=file] | ||
// cannot be dynamically set after type has been removed | ||
currentNode.nodeName === 'INPUT' && lcName === 'type' && value === 'file' && hookEvent.keepAttr && (ALLOWED_ATTR[lcName] || !FORBID_ATTR[lcName])) { | ||
continue; | ||
} else { | ||
// This avoids a crash in Safari v9.0 with double-ids. | ||
// The trick is to first set the id to be empty and then to | ||
// remove the attribute | ||
if (name === 'id') { | ||
currentNode.setAttribute(name, ''); | ||
} | ||
_removeAttribute(name, currentNode); | ||
_removeAttribute(name, currentNode); | ||
} | ||
/* Did the hooks approve of the attribute? */ | ||
@@ -1002,3 +962,3 @@ if (!hookEvent.keepAttr) { | ||
elements being stripped by the parser */ | ||
body = _initDocument('<!-->'); | ||
body = _initDocument('<!---->'); | ||
importedNode = body.ownerDocument.importNode(dirty, true); | ||
@@ -1005,0 +965,0 @@ if (importedNode.nodeType === 1 && importedNode.nodeName === 'BODY') { |
@@ -41,6 +41,4 @@ /*! @license DOMPurify | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.0.8/LICENSE */ | ||
var arrayForEach = unapply(Array.prototype.forEach); | ||
var arrayIndexOf = unapply(Array.prototype.indexOf); | ||
var arrayPop = unapply(Array.prototype.pop); | ||
var arrayPush = unapply(Array.prototype.push); | ||
var arraySlice = unapply(Array.prototype.slice); | ||
@@ -209,3 +207,3 @@ var stringToLowerCase = unapply(String.prototype.toLowerCase); | ||
*/ | ||
DOMPurify.version = '2.1.0'; | ||
DOMPurify.version = '2.1.1'; | ||
@@ -227,3 +225,2 @@ /** | ||
var originalDocument = window.document; | ||
var removeTitle = false; | ||
@@ -567,7 +564,2 @@ var document = window.document; | ||
/* Remove title to fix a mXSS bug in older MS Edge */ | ||
if (removeTitle) { | ||
addToSet(FORBID_TAGS, ['title']); | ||
} | ||
/* Use createHTMLDocument in case DOMParser is not available */ | ||
@@ -591,14 +583,2 @@ if (!doc || !doc.documentElement) { | ||
/* Here we test for a broken feature in Edge that might cause mXSS */ | ||
if (DOMPurify.isSupported) { | ||
(function () { | ||
try { | ||
var doc = _initDocument('<x/><title></title><img>'); | ||
if (regExpTest(/<\/title/, doc.querySelector('title').innerHTML)) { | ||
removeTitle = true; | ||
} | ||
} catch (_) {} | ||
})(); | ||
} | ||
/** | ||
@@ -699,2 +679,8 @@ * _createIterator | ||
/* Take care of an mXSS pattern using p, br inside svg, math */ | ||
if ((tagName === 'svg' || tagName === 'math') && currentNode.querySelectorAll('p, br').length !== 0) { | ||
_forceRemove(currentNode); | ||
return true; | ||
} | ||
/* Detect mXSS attempts abusing namespace confusion */ | ||
@@ -788,3 +774,2 @@ if (!_isNode(currentNode.firstElementChild) && (!_isNode(currentNode.content) || !_isNode(currentNode.content.firstElementChild)) && regExpTest(/<[!/\w]/g, currentNode.innerHTML) && regExpTest(/<[!/\w]/g, currentNode.textContent)) { | ||
var lcName = void 0; | ||
var idAttr = void 0; | ||
var l = void 0; | ||
@@ -833,29 +818,4 @@ /* Execute a hook if present */ | ||
/* Remove attribute */ | ||
// Safari (iOS + Mac), last tested v8.0.5, crashes if you try to | ||
// remove a "name" attribute from an <img> tag that has an "id" | ||
// attribute at the time. | ||
if (lcName === 'name' && currentNode.nodeName === 'IMG' && attributes.id) { | ||
idAttr = attributes.id; | ||
attributes = arraySlice(attributes, []); | ||
_removeAttribute('id', currentNode); | ||
_removeAttribute(name, currentNode); | ||
if (arrayIndexOf(attributes, idAttr) > l) { | ||
currentNode.setAttribute('id', idAttr.value); | ||
} | ||
} else if ( | ||
// This works around a bug in Safari, where input[type=file] | ||
// cannot be dynamically set after type has been removed | ||
currentNode.nodeName === 'INPUT' && lcName === 'type' && value === 'file' && hookEvent.keepAttr && (ALLOWED_ATTR[lcName] || !FORBID_ATTR[lcName])) { | ||
continue; | ||
} else { | ||
// This avoids a crash in Safari v9.0 with double-ids. | ||
// The trick is to first set the id to be empty and then to | ||
// remove the attribute | ||
if (name === 'id') { | ||
currentNode.setAttribute(name, ''); | ||
} | ||
_removeAttribute(name, currentNode); | ||
_removeAttribute(name, currentNode); | ||
} | ||
/* Did the hooks approve of the attribute? */ | ||
@@ -1000,3 +960,3 @@ if (!hookEvent.keepAttr) { | ||
elements being stripped by the parser */ | ||
body = _initDocument('<!-->'); | ||
body = _initDocument('<!---->'); | ||
importedNode = body.ownerDocument.importNode(dirty, true); | ||
@@ -1003,0 +963,0 @@ if (importedNode.nodeType === 1 && importedNode.nodeName === 'BODY') { |
@@ -47,6 +47,4 @@ /*! @license DOMPurify | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.0.8/LICENSE */ | ||
var arrayForEach = unapply(Array.prototype.forEach); | ||
var arrayIndexOf = unapply(Array.prototype.indexOf); | ||
var arrayPop = unapply(Array.prototype.pop); | ||
var arrayPush = unapply(Array.prototype.push); | ||
var arraySlice = unapply(Array.prototype.slice); | ||
@@ -215,3 +213,3 @@ var stringToLowerCase = unapply(String.prototype.toLowerCase); | ||
*/ | ||
DOMPurify.version = '2.1.0'; | ||
DOMPurify.version = '2.1.1'; | ||
@@ -233,3 +231,2 @@ /** | ||
var originalDocument = window.document; | ||
var removeTitle = false; | ||
@@ -573,7 +570,2 @@ var document = window.document; | ||
/* Remove title to fix a mXSS bug in older MS Edge */ | ||
if (removeTitle) { | ||
addToSet(FORBID_TAGS, ['title']); | ||
} | ||
/* Use createHTMLDocument in case DOMParser is not available */ | ||
@@ -597,14 +589,2 @@ if (!doc || !doc.documentElement) { | ||
/* Here we test for a broken feature in Edge that might cause mXSS */ | ||
if (DOMPurify.isSupported) { | ||
(function () { | ||
try { | ||
var doc = _initDocument('<x/><title></title><img>'); | ||
if (regExpTest(/<\/title/, doc.querySelector('title').innerHTML)) { | ||
removeTitle = true; | ||
} | ||
} catch (_) {} | ||
})(); | ||
} | ||
/** | ||
@@ -705,2 +685,8 @@ * _createIterator | ||
/* Take care of an mXSS pattern using p, br inside svg, math */ | ||
if ((tagName === 'svg' || tagName === 'math') && currentNode.querySelectorAll('p, br').length !== 0) { | ||
_forceRemove(currentNode); | ||
return true; | ||
} | ||
/* Detect mXSS attempts abusing namespace confusion */ | ||
@@ -794,3 +780,2 @@ if (!_isNode(currentNode.firstElementChild) && (!_isNode(currentNode.content) || !_isNode(currentNode.content.firstElementChild)) && regExpTest(/<[!/\w]/g, currentNode.innerHTML) && regExpTest(/<[!/\w]/g, currentNode.textContent)) { | ||
var lcName = void 0; | ||
var idAttr = void 0; | ||
var l = void 0; | ||
@@ -839,29 +824,4 @@ /* Execute a hook if present */ | ||
/* Remove attribute */ | ||
// Safari (iOS + Mac), last tested v8.0.5, crashes if you try to | ||
// remove a "name" attribute from an <img> tag that has an "id" | ||
// attribute at the time. | ||
if (lcName === 'name' && currentNode.nodeName === 'IMG' && attributes.id) { | ||
idAttr = attributes.id; | ||
attributes = arraySlice(attributes, []); | ||
_removeAttribute('id', currentNode); | ||
_removeAttribute(name, currentNode); | ||
if (arrayIndexOf(attributes, idAttr) > l) { | ||
currentNode.setAttribute('id', idAttr.value); | ||
} | ||
} else if ( | ||
// This works around a bug in Safari, where input[type=file] | ||
// cannot be dynamically set after type has been removed | ||
currentNode.nodeName === 'INPUT' && lcName === 'type' && value === 'file' && hookEvent.keepAttr && (ALLOWED_ATTR[lcName] || !FORBID_ATTR[lcName])) { | ||
continue; | ||
} else { | ||
// This avoids a crash in Safari v9.0 with double-ids. | ||
// The trick is to first set the id to be empty and then to | ||
// remove the attribute | ||
if (name === 'id') { | ||
currentNode.setAttribute(name, ''); | ||
} | ||
_removeAttribute(name, currentNode); | ||
_removeAttribute(name, currentNode); | ||
} | ||
/* Did the hooks approve of the attribute? */ | ||
@@ -1006,3 +966,3 @@ if (!hookEvent.keepAttr) { | ||
elements being stripped by the parser */ | ||
body = _initDocument('<!-->'); | ||
body = _initDocument('<!---->'); | ||
importedNode = body.ownerDocument.importNode(dirty, true); | ||
@@ -1009,0 +969,0 @@ if (importedNode.nodeType === 1 && importedNode.nodeName === 'BODY') { |
/*! @license DOMPurify | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.0.8/LICENSE */ | ||
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e=e||self).DOMPurify=t()}(this,(function(){"use strict";var e=Object.hasOwnProperty,t=Object.setPrototypeOf,r=Object.isFrozen,n=Object.freeze,o=Object.seal,i=Object.create,a="undefined"!=typeof Reflect&&Reflect,l=a.apply,c=a.construct;l||(l=function(e,t,r){return e.apply(t,r)}),n||(n=function(e){return e}),o||(o=function(e){return e}),c||(c=function(e,t){return new(Function.prototype.bind.apply(e,[null].concat(function(e){if(Array.isArray(e)){for(var t=0,r=Array(e.length);t<e.length;t++)r[t]=e[t];return r}return Array.from(e)}(t))))});var s,u=x(Array.prototype.forEach),d=x(Array.prototype.indexOf),f=x(Array.prototype.pop),p=x(Array.prototype.push),m=x(Array.prototype.slice),y=x(String.prototype.toLowerCase),h=x(String.prototype.match),g=x(String.prototype.replace),v=x(String.prototype.indexOf),b=x(String.prototype.trim),T=x(RegExp.prototype.test),A=(s=TypeError,function(){for(var e=arguments.length,t=Array(e),r=0;r<e;r++)t[r]=arguments[r];return c(s,t)});function x(e){return function(t){for(var r=arguments.length,n=Array(r>1?r-1:0),o=1;o<r;o++)n[o-1]=arguments[o];return l(e,t,n)}}function S(e,n){t&&t(e,null);for(var o=n.length;o--;){var i=n[o];if("string"==typeof i){var a=y(i);a!==i&&(r(n)||(n[o]=a),i=a)}e[i]=!0}return e}function k(t){var r=i(null),n=void 0;for(n in t)l(e,t,[n])&&(r[n]=t[n]);return r}var _=n(["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","picture","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr"]),D=n(["svg","a","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","audio","canvas","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","style","switch","symbol","text","textpath","title","tref","tspan","video","view","vkern"]),E=n(["feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feDistantLight","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","fePointLight","feSpecularLighting","feSpotLight","feTile","feTurbulence"]),L=n(["math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmultiscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mspace","msqrt","mstyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover"]),M=n(["#text"]),w=n(["accept","action","align","alt","autocapitalize","autocomplete","autopictureinpicture","autoplay","background","bgcolor","border","capture","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","controls","controlslist","coords","crossorigin","datetime","decoding","default","dir","disabled","disablepictureinpicture","disableremoteplayback","download","draggable","enctype","enterkeyhint","face","for","headers","height","hidden","high","href","hreflang","id","inputmode","integrity","ismap","kind","label","lang","list","loading","loop","low","max","maxlength","media","method","min","minlength","multiple","muted","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","playsinline","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","sizes","span","srclang","start","src","srcset","step","style","summary","tabindex","title","translate","type","usemap","valign","value","width","xmlns"]),N=n(["accent-height","accumulate","additive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","class","clip","clippathunits","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","filterunits","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","height","href","id","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lang","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","media","method","mode","min","name","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","preserveaspectratio","primitiveunits","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","startoffset","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","style","surfacescale","systemlanguage","tabindex","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","type","u1","u2","unicode","values","viewbox","visibility","version","vert-adv-y","vert-origin-x","vert-origin-y","width","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","xmlns","y","y1","y2","z","zoomandpan"]),O=n(["accent","accentunder","align","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","dir","display","displaystyle","encoding","fence","frame","height","href","id","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","width","xmlns"]),R=n(["xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]),F=o(/\{\{[\s\S]*|[\s\S]*\}\}/gm),C=o(/<%[\s\S]*|[\s\S]*%>/gm),H=o(/^data-[\-\w.\u00B7-\uFFFF]/),z=o(/^aria-[\-\w]+$/),I=o(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),U=o(/^(?:\w+script|data):/i),j=o(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),P="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e};function G(e){if(Array.isArray(e)){for(var t=0,r=Array(e.length);t<e.length;t++)r[t]=e[t];return r}return Array.from(e)}var W=function(){return"undefined"==typeof window?null:window},B=function(e,t){if("object"!==(void 0===e?"undefined":P(e))||"function"!=typeof e.createPolicy)return null;var r=null;t.currentScript&&t.currentScript.hasAttribute("data-tt-policy-suffix")&&(r=t.currentScript.getAttribute("data-tt-policy-suffix"));var n="dompurify"+(r?"#"+r:"");try{return e.createPolicy(n,{createHTML:function(e){return e}})}catch(e){return console.warn("TrustedTypes policy "+n+" could not be created."),null}};return function e(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:W(),r=function(t){return e(t)};if(r.version="2.1.0",r.removed=[],!t||!t.document||9!==t.document.nodeType)return r.isSupported=!1,r;var o=t.document,i=!1,a=t.document,l=t.DocumentFragment,c=t.HTMLTemplateElement,s=t.Node,x=t.NodeFilter,q=t.NamedNodeMap,K=void 0===q?t.NamedNodeMap||t.MozNamedAttrMap:q,V=t.Text,Y=t.Comment,X=t.DOMParser,$=t.trustedTypes;if("function"==typeof c){var Z=a.createElement("template");Z.content&&Z.content.ownerDocument&&(a=Z.content.ownerDocument)}var J=B($,o),Q=J&&Ne?J.createHTML(""):"",ee=a,te=ee.implementation,re=ee.createNodeIterator,ne=ee.getElementsByTagName,oe=ee.createDocumentFragment,ie=o.importNode,ae={};try{ae=k(a).documentMode?a.documentMode:{}}catch(e){}var le={};r.isSupported=te&&void 0!==te.createHTMLDocument&&9!==ae;var ce=F,se=C,ue=H,de=z,fe=U,pe=j,me=I,ye=null,he=S({},[].concat(G(_),G(D),G(E),G(L),G(M))),ge=null,ve=S({},[].concat(G(w),G(N),G(O),G(R))),be=null,Te=null,Ae=!0,xe=!0,Se=!1,ke=!1,_e=!1,De=!1,Ee=!1,Le=!1,Me=!1,we=!1,Ne=!1,Oe=!0,Re=!0,Fe=!1,Ce={},He=S({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","plaintext","script","style","svg","template","thead","title","video","xmp"]),ze=null,Ie=S({},["audio","video","img","source","image","track"]),Ue=null,je=S({},["alt","class","for","id","label","name","pattern","placeholder","summary","title","value","style","xmlns"]),Pe=null,Ge=a.createElement("form"),We=function(e){Pe&&Pe===e||(e&&"object"===(void 0===e?"undefined":P(e))||(e={}),e=k(e),ye="ALLOWED_TAGS"in e?S({},e.ALLOWED_TAGS):he,ge="ALLOWED_ATTR"in e?S({},e.ALLOWED_ATTR):ve,Ue="ADD_URI_SAFE_ATTR"in e?S(k(je),e.ADD_URI_SAFE_ATTR):je,ze="ADD_DATA_URI_TAGS"in e?S(k(Ie),e.ADD_DATA_URI_TAGS):Ie,be="FORBID_TAGS"in e?S({},e.FORBID_TAGS):{},Te="FORBID_ATTR"in e?S({},e.FORBID_ATTR):{},Ce="USE_PROFILES"in e&&e.USE_PROFILES,Ae=!1!==e.ALLOW_ARIA_ATTR,xe=!1!==e.ALLOW_DATA_ATTR,Se=e.ALLOW_UNKNOWN_PROTOCOLS||!1,ke=e.SAFE_FOR_TEMPLATES||!1,_e=e.WHOLE_DOCUMENT||!1,Le=e.RETURN_DOM||!1,Me=e.RETURN_DOM_FRAGMENT||!1,we=e.RETURN_DOM_IMPORT||!1,Ne=e.RETURN_TRUSTED_TYPE||!1,Ee=e.FORCE_BODY||!1,Oe=!1!==e.SANITIZE_DOM,Re=!1!==e.KEEP_CONTENT,Fe=e.IN_PLACE||!1,me=e.ALLOWED_URI_REGEXP||me,ke&&(xe=!1),Me&&(Le=!0),Ce&&(ye=S({},[].concat(G(M))),ge=[],!0===Ce.html&&(S(ye,_),S(ge,w)),!0===Ce.svg&&(S(ye,D),S(ge,N),S(ge,R)),!0===Ce.svgFilters&&(S(ye,E),S(ge,N),S(ge,R)),!0===Ce.mathMl&&(S(ye,L),S(ge,O),S(ge,R))),e.ADD_TAGS&&(ye===he&&(ye=k(ye)),S(ye,e.ADD_TAGS)),e.ADD_ATTR&&(ge===ve&&(ge=k(ge)),S(ge,e.ADD_ATTR)),e.ADD_URI_SAFE_ATTR&&S(Ue,e.ADD_URI_SAFE_ATTR),Re&&(ye["#text"]=!0),_e&&S(ye,["html","head","body"]),ye.table&&(S(ye,["tbody"]),delete be.tbody),n&&n(e),Pe=e)},Be=function(e){p(r.removed,{element:e});try{e.parentNode.removeChild(e)}catch(t){e.outerHTML=Q}},qe=function(e,t){try{p(r.removed,{attribute:t.getAttributeNode(e),from:t})}catch(e){p(r.removed,{attribute:null,from:t})}t.removeAttribute(e)},Ke=function(e){var t=void 0,r=void 0;if(Ee)e="<remove></remove>"+e;else{var n=h(e,/^[\r\n\t ]+/);r=n&&n[0]}var o=J?J.createHTML(e):e;try{t=(new X).parseFromString(o,"text/html")}catch(e){}if(i&&S(be,["title"]),!t||!t.documentElement){var l=(t=te.createHTMLDocument("")).body;l.parentNode.removeChild(l.parentNode.firstElementChild),l.outerHTML=o}return e&&r&&t.body.insertBefore(a.createTextNode(r),t.body.childNodes[0]||null),ne.call(t,_e?"html":"body")[0]};r.isSupported&&function(){try{var e=Ke("<x/><title></title><img>");T(/<\/title/,e.querySelector("title").innerHTML)&&(i=!0)}catch(e){}}();var Ve=function(e){return re.call(e.ownerDocument||e,e,x.SHOW_ELEMENT|x.SHOW_COMMENT|x.SHOW_TEXT,(function(){return x.FILTER_ACCEPT}),!1)},Ye=function(e){return!(e instanceof V||e instanceof Y)&&!("string"==typeof e.nodeName&&"string"==typeof e.textContent&&"function"==typeof e.removeChild&&e.attributes instanceof K&&"function"==typeof e.removeAttribute&&"function"==typeof e.setAttribute&&"string"==typeof e.namespaceURI)},Xe=function(e){return"object"===(void 0===s?"undefined":P(s))?e instanceof s:e&&"object"===(void 0===e?"undefined":P(e))&&"number"==typeof e.nodeType&&"string"==typeof e.nodeName},$e=function(e,t,n){le[e]&&u(le[e],(function(e){e.call(r,t,n,Pe)}))},Ze=function(e){var t=void 0;if($e("beforeSanitizeElements",e,null),Ye(e))return Be(e),!0;if(h(e.nodeName,/[\u0080-\uFFFF]/))return Be(e),!0;var n=y(e.nodeName);if($e("uponSanitizeElement",e,{tagName:n,allowedTags:ye}),!Xe(e.firstElementChild)&&(!Xe(e.content)||!Xe(e.content.firstElementChild))&&T(/<[!/\w]/g,e.innerHTML)&&T(/<[!/\w]/g,e.textContent))return Be(e),!0;if(!ye[n]||be[n]){if(Re&&!He[n]&&"function"==typeof e.insertAdjacentHTML)try{var o=e.innerHTML;e.insertAdjacentHTML("AfterEnd",J?J.createHTML(o):o)}catch(e){}return Be(e),!0}return"noscript"!==n&&"noembed"!==n||!T(/<\/no(script|embed)/i,e.innerHTML)?(ke&&3===e.nodeType&&(t=e.textContent,t=g(t,ce," "),t=g(t,se," "),e.textContent!==t&&(p(r.removed,{element:e.cloneNode()}),e.textContent=t)),$e("afterSanitizeElements",e,null),!1):(Be(e),!0)},Je=function(e,t,r){if(Oe&&("id"===t||"name"===t)&&(r in a||r in Ge))return!1;if(xe&&T(ue,t));else if(Ae&&T(de,t));else{if(!ge[t]||Te[t])return!1;if(Ue[t]);else if(T(me,g(r,pe,"")));else if("src"!==t&&"xlink:href"!==t&&"href"!==t||"script"===e||0!==v(r,"data:")||!ze[e]){if(Se&&!T(fe,g(r,pe,"")));else if(r)return!1}else;}return!0},Qe=function(e){var t=void 0,n=void 0,o=void 0,i=void 0,a=void 0;$e("beforeSanitizeAttributes",e,null);var l=e.attributes;if(l){var c={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:ge};for(a=l.length;a--;){var s=t=l[a],u=s.name,p=s.namespaceURI;if(n=b(t.value),o=y(u),c.attrName=o,c.attrValue=n,c.keepAttr=!0,c.forceKeepAttr=void 0,$e("uponSanitizeAttribute",e,c),n=c.attrValue,!c.forceKeepAttr){if("name"===o&&"IMG"===e.nodeName&&l.id)i=l.id,l=m(l,[]),qe("id",e),qe(u,e),d(l,i)>a&&e.setAttribute("id",i.value);else{if("INPUT"===e.nodeName&&"type"===o&&"file"===n&&c.keepAttr&&(ge[o]||!Te[o]))continue;"id"===u&&e.setAttribute(u,""),qe(u,e)}if(c.keepAttr)if(T(/\/>/i,n))qe(u,e);else{ke&&(n=g(n,ce," "),n=g(n,se," "));var h=e.nodeName.toLowerCase();if(Je(h,o,n))try{p?e.setAttributeNS(p,u,n):e.setAttribute(u,n),f(r.removed)}catch(e){}}}}$e("afterSanitizeAttributes",e,null)}},et=function e(t){var r=void 0,n=Ve(t);for($e("beforeSanitizeShadowDOM",t,null);r=n.nextNode();)$e("uponSanitizeShadowNode",r,null),Ze(r)||(r.content instanceof l&&e(r.content),Qe(r));$e("afterSanitizeShadowDOM",t,null)};return r.sanitize=function(e,n){var i=void 0,a=void 0,c=void 0,u=void 0,d=void 0;if(e||(e="\x3c!--\x3e"),"string"!=typeof e&&!Xe(e)){if("function"!=typeof e.toString)throw A("toString is not a function");if("string"!=typeof(e=e.toString()))throw A("dirty is not a string, aborting")}if(!r.isSupported){if("object"===P(t.toStaticHTML)||"function"==typeof t.toStaticHTML){if("string"==typeof e)return t.toStaticHTML(e);if(Xe(e))return t.toStaticHTML(e.outerHTML)}return e}if(De||We(n),r.removed=[],"string"==typeof e&&(Fe=!1),Fe);else if(e instanceof s)1===(a=(i=Ke("\x3c!--\x3e")).ownerDocument.importNode(e,!0)).nodeType&&"BODY"===a.nodeName||"HTML"===a.nodeName?i=a:i.appendChild(a);else{if(!Le&&!ke&&!_e&&-1===e.indexOf("<"))return J&&Ne?J.createHTML(e):e;if(!(i=Ke(e)))return Le?null:Q}i&&Ee&&Be(i.firstChild);for(var f=Ve(Fe?e:i);c=f.nextNode();)3===c.nodeType&&c===u||Ze(c)||(c.content instanceof l&&et(c.content),Qe(c),u=c);if(u=null,Fe)return e;if(Le){if(Me)for(d=oe.call(i.ownerDocument);i.firstChild;)d.appendChild(i.firstChild);else d=i;return we&&(d=ie.call(o,d,!0)),d}var p=_e?i.outerHTML:i.innerHTML;return ke&&(p=g(p,ce," "),p=g(p,se," ")),J&&Ne?J.createHTML(p):p},r.setConfig=function(e){We(e),De=!0},r.clearConfig=function(){Pe=null,De=!1},r.isValidAttribute=function(e,t,r){Pe||We({});var n=y(e),o=y(t);return Je(n,o,r)},r.addHook=function(e,t){"function"==typeof t&&(le[e]=le[e]||[],p(le[e],t))},r.removeHook=function(e){le[e]&&f(le[e])},r.removeHooks=function(e){le[e]&&(le[e]=[])},r.removeAllHooks=function(){le={}},r}()})); | ||
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e=e||self).DOMPurify=t()}(this,(function(){"use strict";var e=Object.hasOwnProperty,t=Object.setPrototypeOf,n=Object.isFrozen,r=Object.freeze,o=Object.seal,i=Object.create,a="undefined"!=typeof Reflect&&Reflect,l=a.apply,c=a.construct;l||(l=function(e,t,n){return e.apply(t,n)}),r||(r=function(e){return e}),o||(o=function(e){return e}),c||(c=function(e,t){return new(Function.prototype.bind.apply(e,[null].concat(function(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}(t))))});var s,u=T(Array.prototype.forEach),d=T(Array.prototype.pop),f=T(Array.prototype.push),p=T(String.prototype.toLowerCase),m=T(String.prototype.match),y=T(String.prototype.replace),h=T(String.prototype.indexOf),g=T(String.prototype.trim),v=T(RegExp.prototype.test),b=(s=TypeError,function(){for(var e=arguments.length,t=Array(e),n=0;n<e;n++)t[n]=arguments[n];return c(s,t)});function T(e){return function(t){for(var n=arguments.length,r=Array(n>1?n-1:0),o=1;o<n;o++)r[o-1]=arguments[o];return l(e,t,r)}}function A(e,r){t&&t(e,null);for(var o=r.length;o--;){var i=r[o];if("string"==typeof i){var a=p(i);a!==i&&(n(r)||(r[o]=a),i=a)}e[i]=!0}return e}function x(t){var n=i(null),r=void 0;for(r in t)l(e,t,[r])&&(n[r]=t[r]);return n}var S=r(["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","picture","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr"]),k=r(["svg","a","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","audio","canvas","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","style","switch","symbol","text","textpath","title","tref","tspan","video","view","vkern"]),_=r(["feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feDistantLight","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","fePointLight","feSpecularLighting","feSpotLight","feTile","feTurbulence"]),D=r(["math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmultiscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mspace","msqrt","mstyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover"]),E=r(["#text"]),L=r(["accept","action","align","alt","autocapitalize","autocomplete","autopictureinpicture","autoplay","background","bgcolor","border","capture","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","controls","controlslist","coords","crossorigin","datetime","decoding","default","dir","disabled","disablepictureinpicture","disableremoteplayback","download","draggable","enctype","enterkeyhint","face","for","headers","height","hidden","high","href","hreflang","id","inputmode","integrity","ismap","kind","label","lang","list","loading","loop","low","max","maxlength","media","method","min","minlength","multiple","muted","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","playsinline","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","sizes","span","srclang","start","src","srcset","step","style","summary","tabindex","title","translate","type","usemap","valign","value","width","xmlns"]),w=r(["accent-height","accumulate","additive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","class","clip","clippathunits","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","filterunits","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","height","href","id","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lang","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","media","method","mode","min","name","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","preserveaspectratio","primitiveunits","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","startoffset","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","style","surfacescale","systemlanguage","tabindex","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","type","u1","u2","unicode","values","viewbox","visibility","version","vert-adv-y","vert-origin-x","vert-origin-y","width","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","xmlns","y","y1","y2","z","zoomandpan"]),M=r(["accent","accentunder","align","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","dir","display","displaystyle","encoding","fence","frame","height","href","id","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","width","xmlns"]),O=r(["xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]),N=o(/\{\{[\s\S]*|[\s\S]*\}\}/gm),R=o(/<%[\s\S]*|[\s\S]*%>/gm),F=o(/^data-[\-\w.\u00B7-\uFFFF]/),C=o(/^aria-[\-\w]+$/),H=o(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),z=o(/^(?:\w+script|data):/i),I=o(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),j="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e};function U(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}var P=function(){return"undefined"==typeof window?null:window},W=function(e,t){if("object"!==(void 0===e?"undefined":j(e))||"function"!=typeof e.createPolicy)return null;var n=null;t.currentScript&&t.currentScript.hasAttribute("data-tt-policy-suffix")&&(n=t.currentScript.getAttribute("data-tt-policy-suffix"));var r="dompurify"+(n?"#"+n:"");try{return e.createPolicy(r,{createHTML:function(e){return e}})}catch(e){return console.warn("TrustedTypes policy "+r+" could not be created."),null}};return function e(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:P(),n=function(t){return e(t)};if(n.version="2.1.1",n.removed=[],!t||!t.document||9!==t.document.nodeType)return n.isSupported=!1,n;var o=t.document,i=t.document,a=t.DocumentFragment,l=t.HTMLTemplateElement,c=t.Node,s=t.NodeFilter,T=t.NamedNodeMap,B=void 0===T?t.NamedNodeMap||t.MozNamedAttrMap:T,G=t.Text,q=t.Comment,K=t.DOMParser,V=t.trustedTypes;if("function"==typeof l){var Y=i.createElement("template");Y.content&&Y.content.ownerDocument&&(i=Y.content.ownerDocument)}var X=W(V,o),$=X&&Le?X.createHTML(""):"",Z=i,J=Z.implementation,Q=Z.createNodeIterator,ee=Z.getElementsByTagName,te=Z.createDocumentFragment,ne=o.importNode,re={};try{re=x(i).documentMode?i.documentMode:{}}catch(e){}var oe={};n.isSupported=J&&void 0!==J.createHTMLDocument&&9!==re;var ie=N,ae=R,le=F,ce=C,se=z,ue=I,de=H,fe=null,pe=A({},[].concat(U(S),U(k),U(_),U(D),U(E))),me=null,ye=A({},[].concat(U(L),U(w),U(M),U(O))),he=null,ge=null,ve=!0,be=!0,Te=!1,Ae=!1,xe=!1,Se=!1,ke=!1,_e=!1,De=!1,Ee=!1,Le=!1,we=!0,Me=!0,Oe=!1,Ne={},Re=A({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","plaintext","script","style","svg","template","thead","title","video","xmp"]),Fe=null,Ce=A({},["audio","video","img","source","image","track"]),He=null,ze=A({},["alt","class","for","id","label","name","pattern","placeholder","summary","title","value","style","xmlns"]),Ie=null,je=i.createElement("form"),Ue=function(e){Ie&&Ie===e||(e&&"object"===(void 0===e?"undefined":j(e))||(e={}),e=x(e),fe="ALLOWED_TAGS"in e?A({},e.ALLOWED_TAGS):pe,me="ALLOWED_ATTR"in e?A({},e.ALLOWED_ATTR):ye,He="ADD_URI_SAFE_ATTR"in e?A(x(ze),e.ADD_URI_SAFE_ATTR):ze,Fe="ADD_DATA_URI_TAGS"in e?A(x(Ce),e.ADD_DATA_URI_TAGS):Ce,he="FORBID_TAGS"in e?A({},e.FORBID_TAGS):{},ge="FORBID_ATTR"in e?A({},e.FORBID_ATTR):{},Ne="USE_PROFILES"in e&&e.USE_PROFILES,ve=!1!==e.ALLOW_ARIA_ATTR,be=!1!==e.ALLOW_DATA_ATTR,Te=e.ALLOW_UNKNOWN_PROTOCOLS||!1,Ae=e.SAFE_FOR_TEMPLATES||!1,xe=e.WHOLE_DOCUMENT||!1,_e=e.RETURN_DOM||!1,De=e.RETURN_DOM_FRAGMENT||!1,Ee=e.RETURN_DOM_IMPORT||!1,Le=e.RETURN_TRUSTED_TYPE||!1,ke=e.FORCE_BODY||!1,we=!1!==e.SANITIZE_DOM,Me=!1!==e.KEEP_CONTENT,Oe=e.IN_PLACE||!1,de=e.ALLOWED_URI_REGEXP||de,Ae&&(be=!1),De&&(_e=!0),Ne&&(fe=A({},[].concat(U(E))),me=[],!0===Ne.html&&(A(fe,S),A(me,L)),!0===Ne.svg&&(A(fe,k),A(me,w),A(me,O)),!0===Ne.svgFilters&&(A(fe,_),A(me,w),A(me,O)),!0===Ne.mathMl&&(A(fe,D),A(me,M),A(me,O))),e.ADD_TAGS&&(fe===pe&&(fe=x(fe)),A(fe,e.ADD_TAGS)),e.ADD_ATTR&&(me===ye&&(me=x(me)),A(me,e.ADD_ATTR)),e.ADD_URI_SAFE_ATTR&&A(He,e.ADD_URI_SAFE_ATTR),Me&&(fe["#text"]=!0),xe&&A(fe,["html","head","body"]),fe.table&&(A(fe,["tbody"]),delete he.tbody),r&&r(e),Ie=e)},Pe=function(e){f(n.removed,{element:e});try{e.parentNode.removeChild(e)}catch(t){e.outerHTML=$}},We=function(e,t){try{f(n.removed,{attribute:t.getAttributeNode(e),from:t})}catch(e){f(n.removed,{attribute:null,from:t})}t.removeAttribute(e)},Be=function(e){var t=void 0,n=void 0;if(ke)e="<remove></remove>"+e;else{var r=m(e,/^[\r\n\t ]+/);n=r&&r[0]}var o=X?X.createHTML(e):e;try{t=(new K).parseFromString(o,"text/html")}catch(e){}if(!t||!t.documentElement){var a=(t=J.createHTMLDocument("")).body;a.parentNode.removeChild(a.parentNode.firstElementChild),a.outerHTML=o}return e&&n&&t.body.insertBefore(i.createTextNode(n),t.body.childNodes[0]||null),ee.call(t,xe?"html":"body")[0]},Ge=function(e){return Q.call(e.ownerDocument||e,e,s.SHOW_ELEMENT|s.SHOW_COMMENT|s.SHOW_TEXT,(function(){return s.FILTER_ACCEPT}),!1)},qe=function(e){return!(e instanceof G||e instanceof q)&&!("string"==typeof e.nodeName&&"string"==typeof e.textContent&&"function"==typeof e.removeChild&&e.attributes instanceof B&&"function"==typeof e.removeAttribute&&"function"==typeof e.setAttribute&&"string"==typeof e.namespaceURI)},Ke=function(e){return"object"===(void 0===c?"undefined":j(c))?e instanceof c:e&&"object"===(void 0===e?"undefined":j(e))&&"number"==typeof e.nodeType&&"string"==typeof e.nodeName},Ve=function(e,t,r){oe[e]&&u(oe[e],(function(e){e.call(n,t,r,Ie)}))},Ye=function(e){var t=void 0;if(Ve("beforeSanitizeElements",e,null),qe(e))return Pe(e),!0;if(m(e.nodeName,/[\u0080-\uFFFF]/))return Pe(e),!0;var r=p(e.nodeName);if(Ve("uponSanitizeElement",e,{tagName:r,allowedTags:fe}),("svg"===r||"math"===r)&&0!==e.querySelectorAll("p, br").length)return Pe(e),!0;if(!Ke(e.firstElementChild)&&(!Ke(e.content)||!Ke(e.content.firstElementChild))&&v(/<[!/\w]/g,e.innerHTML)&&v(/<[!/\w]/g,e.textContent))return Pe(e),!0;if(!fe[r]||he[r]){if(Me&&!Re[r]&&"function"==typeof e.insertAdjacentHTML)try{var o=e.innerHTML;e.insertAdjacentHTML("AfterEnd",X?X.createHTML(o):o)}catch(e){}return Pe(e),!0}return"noscript"!==r&&"noembed"!==r||!v(/<\/no(script|embed)/i,e.innerHTML)?(Ae&&3===e.nodeType&&(t=e.textContent,t=y(t,ie," "),t=y(t,ae," "),e.textContent!==t&&(f(n.removed,{element:e.cloneNode()}),e.textContent=t)),Ve("afterSanitizeElements",e,null),!1):(Pe(e),!0)},Xe=function(e,t,n){if(we&&("id"===t||"name"===t)&&(n in i||n in je))return!1;if(be&&v(le,t));else if(ve&&v(ce,t));else{if(!me[t]||ge[t])return!1;if(He[t]);else if(v(de,y(n,ue,"")));else if("src"!==t&&"xlink:href"!==t&&"href"!==t||"script"===e||0!==h(n,"data:")||!Fe[e]){if(Te&&!v(se,y(n,ue,"")));else if(n)return!1}else;}return!0},$e=function(e){var t=void 0,r=void 0,o=void 0,i=void 0;Ve("beforeSanitizeAttributes",e,null);var a=e.attributes;if(a){var l={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:me};for(i=a.length;i--;){var c=t=a[i],s=c.name,u=c.namespaceURI;if(r=g(t.value),o=p(s),l.attrName=o,l.attrValue=r,l.keepAttr=!0,l.forceKeepAttr=void 0,Ve("uponSanitizeAttribute",e,l),r=l.attrValue,!l.forceKeepAttr&&(We(s,e),l.keepAttr))if(v(/\/>/i,r))We(s,e);else{Ae&&(r=y(r,ie," "),r=y(r,ae," "));var f=e.nodeName.toLowerCase();if(Xe(f,o,r))try{u?e.setAttributeNS(u,s,r):e.setAttribute(s,r),d(n.removed)}catch(e){}}}Ve("afterSanitizeAttributes",e,null)}},Ze=function e(t){var n=void 0,r=Ge(t);for(Ve("beforeSanitizeShadowDOM",t,null);n=r.nextNode();)Ve("uponSanitizeShadowNode",n,null),Ye(n)||(n.content instanceof a&&e(n.content),$e(n));Ve("afterSanitizeShadowDOM",t,null)};return n.sanitize=function(e,r){var i=void 0,l=void 0,s=void 0,u=void 0,d=void 0;if(e||(e="\x3c!--\x3e"),"string"!=typeof e&&!Ke(e)){if("function"!=typeof e.toString)throw b("toString is not a function");if("string"!=typeof(e=e.toString()))throw b("dirty is not a string, aborting")}if(!n.isSupported){if("object"===j(t.toStaticHTML)||"function"==typeof t.toStaticHTML){if("string"==typeof e)return t.toStaticHTML(e);if(Ke(e))return t.toStaticHTML(e.outerHTML)}return e}if(Se||Ue(r),n.removed=[],"string"==typeof e&&(Oe=!1),Oe);else if(e instanceof c)1===(l=(i=Be("\x3c!----\x3e")).ownerDocument.importNode(e,!0)).nodeType&&"BODY"===l.nodeName||"HTML"===l.nodeName?i=l:i.appendChild(l);else{if(!_e&&!Ae&&!xe&&-1===e.indexOf("<"))return X&&Le?X.createHTML(e):e;if(!(i=Be(e)))return _e?null:$}i&&ke&&Pe(i.firstChild);for(var f=Ge(Oe?e:i);s=f.nextNode();)3===s.nodeType&&s===u||Ye(s)||(s.content instanceof a&&Ze(s.content),$e(s),u=s);if(u=null,Oe)return e;if(_e){if(De)for(d=te.call(i.ownerDocument);i.firstChild;)d.appendChild(i.firstChild);else d=i;return Ee&&(d=ne.call(o,d,!0)),d}var p=xe?i.outerHTML:i.innerHTML;return Ae&&(p=y(p,ie," "),p=y(p,ae," ")),X&&Le?X.createHTML(p):p},n.setConfig=function(e){Ue(e),Se=!0},n.clearConfig=function(){Ie=null,Se=!1},n.isValidAttribute=function(e,t,n){Ie||Ue({});var r=p(e),o=p(t);return Xe(r,o,n)},n.addHook=function(e,t){"function"==typeof t&&(oe[e]=oe[e]||[],f(oe[e],t))},n.removeHook=function(e){oe[e]&&d(oe[e])},n.removeHooks=function(e){oe[e]&&(oe[e]=[])},n.removeAllHooks=function(){oe={}},n}()})); | ||
//# sourceMappingURL=purify.min.js.map |
@@ -109,3 +109,3 @@ { | ||
"description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.", | ||
"version": "2.1.0", | ||
"version": "2.1.1", | ||
"directories": { | ||
@@ -112,0 +112,0 @@ "test": "test" |
@@ -11,5 +11,5 @@ # DOMPurify | ||
DOMPurify is written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Edge, Firefox and Chrome - as well as almost anything else using Blink or WebKit). It doesn't break on MSIE6 or other legacy browsers. It either uses [a fall-back](#what-about-older-browsers-like-msie8) or simply does nothing. | ||
DOMPurify is written in JavaScript and works in all modern browsers (Safari (10+), Opera (15+), Internet Explorer (10+), Edge, Firefox and Chrome - as well as almost anything else using Blink or WebKit). It doesn't break on MSIE6 or other legacy browsers. It either uses [a fall-back](#what-about-older-browsers-like-msie8) or simply does nothing. | ||
Our automated tests cover [15 different browsers](https://github.com/cure53/DOMPurify/blob/main/test/karma.custom-launchers.config.js#L5) right now, more to come. We also cover Node.js v12.0.0 and v13.0.0, running DOMPurify on [jsdom](https://github.com/tmpvar/jsdom). Older Node.js versions are known to work as well. | ||
Our automated tests cover [15 different browsers](https://github.com/cure53/DOMPurify/blob/main/test/karma.custom-launchers.config.js#L5) right now, more to come. We also cover Node.js v12, v13, v14.0.0, running DOMPurify on [jsdom](https://github.com/tmpvar/jsdom). Older Node.js versions are known to work as well. | ||
@@ -330,3 +330,3 @@ DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not. For more details please also read about our [Security Goals & Threat Model](https://github.com/cure53/DOMPurify/wiki/Security-Goals-&-Threat-Model). Please, read it. Like, really. | ||
[oreoshake 💸](https://github.com/oreoshake), [dcramer 💸](https://github.com/dcramer),[tdeekens ❤️](https://github.com/tdeekens), [peernohell ❤️](https://github.com/peernohell), [neilj](https://github.com/neilj), [fhemberger](https://github.com/fhemberger), [Joris-van-der-Wel](https://github.com/Joris-van-der-Wel), [ydaniv](https://github.com/ydaniv), [filedescriptor](https://github.com/filedescriptor), [ConradIrwin](https://github.com/ConradIrwin), [gibson042](https://github.com/gibson042), [choumx](https://github.com/choumx), [0xSobky](https://github.com/0xSobky), [styfle](https://github.com/styfle), [koto](https://github.com/koto), [tlau88](https://github.com/tlau88), [strugee](https://github.com/strugee), [oparoz](https://github.com/oparoz), [mathiasbynens](https://github.com/mathiasbynens), [edg2s](https://github.com/edg2s), [dnkolegov](https://github.com/dnkolegov), [dhardtke](https://github.com/dhardtke), [wirehead](https://github.com/wirehead), [thorn0](https://github.com/thorn0), [styu](https://github.com/styu), [mozfreddyb](https://github.com/mozfreddyb), [mikesamuel](https://github.com/mikesamuel), [jorangreef](https://github.com/jorangreef), [jimmyhchan](https://github.com/jimmyhchan), [jameydeorio](https://github.com/jameydeorio), [jameskraus](https://github.com/jameskraus), [hyderali](https://github.com/hyderali), [hansottowirtz](https://github.com/hansottowirtz), [hackvertor](https://github.com/hackvertor), [freddyb](https://github.com/freddyb), [flavorjones](https://github.com/flavorjones), [djfarrelly](https://github.com/djfarrelly), [devd](https://github.com/devd), [camerondunford](https://github.com/camerondunford), [buu700](https://github.com/buu700), [buildog](https://github.com/buildog), [alabiaga](https://github.com/alabiaga), [Vector919](https://github.com/Vector919), [Robbert](https://github.com/Robbert), [GreLI](https://github.com/GreLI), [FuzzySockets](https://github.com/FuzzySockets), [ArtemBernatskyy](https://github.com/ArtemBernatskyy), [@garethheyes](https://twitter.com/garethheyes), [@filedescriptor](https://twitter.com/filedescriptor), [@shafigullin](https://twitter.com/shafigullin), [@mmrupp](https://twitter.com/mmrupp), [@irsdl](https://twitter.com/irsdl),[ShikariSenpai](https://github.com/ShikariSenpai), [ansjdnakjdnajkd](https://github.com/ansjdnakjdnajkd), [@asutherland](https://twitter.com/asutherland), [@mathias](https://twitter.com/mathias), [@cgvwzq](https://twitter.com/cgvwzq), [@robbertatwork](https://twitter.com/robbertatwork), [@giutro](https://twitter.com/giutro) and especially [@masatokinugawa](https://twitter.com/masatokinugawa) | ||
[oreoshake 💸](https://github.com/oreoshake), [dcramer 💸](https://github.com/dcramer),[tdeekens ❤️](https://github.com/tdeekens), [peernohell ❤️](https://github.com/peernohell), [neilj](https://github.com/neilj), [fhemberger](https://github.com/fhemberger), [Joris-van-der-Wel](https://github.com/Joris-van-der-Wel), [ydaniv](https://github.com/ydaniv), [terjanq](https://twitter.com/terjanq), [filedescriptor](https://github.com/filedescriptor), [ConradIrwin](https://github.com/ConradIrwin), [gibson042](https://github.com/gibson042), [choumx](https://github.com/choumx), [0xSobky](https://github.com/0xSobky), [styfle](https://github.com/styfle), [koto](https://github.com/koto), [tlau88](https://github.com/tlau88), [strugee](https://github.com/strugee), [oparoz](https://github.com/oparoz), [mathiasbynens](https://github.com/mathiasbynens), [edg2s](https://github.com/edg2s), [dnkolegov](https://github.com/dnkolegov), [dhardtke](https://github.com/dhardtke), [wirehead](https://github.com/wirehead), [thorn0](https://github.com/thorn0), [styu](https://github.com/styu), [mozfreddyb](https://github.com/mozfreddyb), [mikesamuel](https://github.com/mikesamuel), [jorangreef](https://github.com/jorangreef), [jimmyhchan](https://github.com/jimmyhchan), [jameydeorio](https://github.com/jameydeorio), [jameskraus](https://github.com/jameskraus), [hyderali](https://github.com/hyderali), [hansottowirtz](https://github.com/hansottowirtz), [hackvertor](https://github.com/hackvertor), [freddyb](https://github.com/freddyb), [flavorjones](https://github.com/flavorjones), [djfarrelly](https://github.com/djfarrelly), [devd](https://github.com/devd), [camerondunford](https://github.com/camerondunford), [buu700](https://github.com/buu700), [buildog](https://github.com/buildog), [alabiaga](https://github.com/alabiaga), [Vector919](https://github.com/Vector919), [Robbert](https://github.com/Robbert), [GreLI](https://github.com/GreLI), [FuzzySockets](https://github.com/FuzzySockets), [ArtemBernatskyy](https://github.com/ArtemBernatskyy), [@garethheyes](https://twitter.com/garethheyes), [@shafigullin](https://twitter.com/shafigullin), [@mmrupp](https://twitter.com/mmrupp), [@irsdl](https://twitter.com/irsdl),[ShikariSenpai](https://github.com/ShikariSenpai), [ansjdnakjdnajkd](https://github.com/ansjdnakjdnajkd), [@asutherland](https://twitter.com/asutherland), [@mathias](https://twitter.com/mathias), [@cgvwzq](https://twitter.com/cgvwzq), [@robbertatwork](https://twitter.com/robbertatwork), [@giutro](https://twitter.com/giutro) and especially [@masatokinugawa](https://twitter.com/masatokinugawa) | ||
@@ -333,0 +333,0 @@ ## Testing powered by |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
491440
2999