New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
url-sanitizer
Advanced tools
url-sanitizer - npm Package Compare versions
Comparing version 0.9.0 to 0.9.1
@@ -1050,8 +1050,16 @@ // bundle_wo_dompurify/lib/file/text-chars.json | ||
| } | ||
| const sanitizedUrl = this.sanitize(url, opt ?? { | ||
| allow: ["blob", "data", "file"] | ||
| }); | ||
| const parsedUrl = /* @__PURE__ */ new Map([ | ||
| ["input", url] | ||
| ]); | ||
| let sanitizedUrl; | ||
| if (this.verify(url)) { | ||
| const { protocol } = new URL(url); | ||
| if (protocol === "blob:") { | ||
| sanitizedUrl = url; | ||
| } else { | ||
| sanitizedUrl = this.sanitize(url, opt ?? { | ||
| allow: ["data", "file"] | ||
| }); | ||
| } | ||
| } | ||
| if (sanitizedUrl) { | ||
@@ -1058,0 +1066,0 @@ const urlObj = new URL(sanitizedUrl); |
@@ -1,2 +0,2 @@ | ||
| var T=[7,8,9,10,11,12,13,27,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255];var I=["aaa","aaas","about","acap","acct","acd","acr","adiumxtra","adt","afp","afs","aim","amss","android","appdata","apt","ar","ark","attachment","aw","barion","beshare","bitcoin","bitcoincash","blob","bolo","browserext","cabal","calculator","callto","cap","cast","casts","chrome","chrome-extension","cid","coap","coaps","com-eventbrite-attendee","content","content-type","crid","cstr","cvs","dab","dat","data","dav","diaspora","dict","did","dis","dlna-playcontainer","dlna-playsingle","dns","dntp","doi","dpp","drm","dtmi","dtn","dvb","dvx","dweb","ed2k","eid","elsi","embedded","ens","ethereum","example","facetime","feed","feedready","fido","file","finger","first-run-pen-experience","fish","fm","ftp","fuchsia-pkg","geo","gg","git","gitoid","gizmoproject","go","gopher","graph","gtalk","h323","ham","hcap","hcp","http","https","hxxp","hxxps","hydrazone","hyper","iax","icap","icon","im","imap","info","iotdisco","ipfs","ipn","ipns","ipp","ipps","irc","irc6","ircs","iris","iris.beep","iris.lwz","iris.xpc","iris.xpcs","isostore","itms","jabber","jar","jms","keyparc","lastfm","lbry","ldap","ldaps","leaptofrogans","lorawan","lpa","lvlt","magnet","mailto","maps","market","matrix","message","microsoft.windows.camera","microsoft.windows.camera.multipicker","microsoft.windows.camera.picker","mid","mms","mongodb","moz","moz-extension","ms-access","ms-appinstaller","ms-browser-extension","ms-calculator","ms-drive-to","ms-enrollment","ms-excel","ms-eyecontrolspeech","ms-gamebarservices","ms-gamingoverlay","ms-getoffice","ms-help","ms-infopath","ms-inputapp","ms-lockscreencomponent-config","ms-media-stream-id","ms-meetnow","ms-mixedrealitycapture","ms-mobileplans","ms-newsandinterests","ms-officeapp","ms-people","ms-powerpoint","ms-project","ms-publisher","ms-remotedesktop-launch","ms-restoretabcompanion","ms-screenclip","ms-screensketch","ms-search","ms-search-repair","ms-secondary-screen-controller","ms-secondary-screen-setup","ms-settings","ms-settings-airplanemode","ms-settings-bluetooth","ms-settings-camera","ms-settings-cellular","ms-settings-cloudstorage","ms-settings-connectabledevices","ms-settings-displays-topology","ms-settings-emailandaccounts","ms-settings-language","ms-settings-location","ms-settings-lock","ms-settings-nfctransactions","ms-settings-notifications","ms-settings-power","ms-settings-privacy","ms-settings-proximity","ms-settings-screenrotation","ms-settings-wifi","ms-settings-workplace","ms-spd","ms-stickers","ms-sttoverlay","ms-transit-to","ms-useractivityset","ms-virtualtouchpad","ms-visio","ms-walk-to","ms-whiteboard","ms-whiteboard-cmd","ms-word","msnim","msrp","msrps","mss","mt","mtqp","mumble","mupdate","mvn","news","nfs","ni","nih","nntp","notes","num","ocf","oid","onenote","onenote-cmd","opaquelocktoken","openpgp4fpr","otpauth","palm","paparazzi","payment","payto","pkcs11","platform","pop","pres","proxy","psyc","pttp","pwid","qb","query","quic-transport","redis","rediss","reload","res","resource","rmi","rsync","rtmfp","rtmp","rtsp","rtsps","rtspu","sarif","secondlife","secret-token","service","session","sftp","sgn","shc","sieve","simpleledger","simplex","sip","sips","skype","smb","smp","sms","smtp","snmp","soap.beep","soap.beeps","soldat","spiffe","spotify","ssb","ssh","starknet","steam","stun","stuns","submit","svn","swh","swid","swidpath","tag","taler","teamspeak","tel","teliaeid","telnet","tftp","things","thismessage","tip","tn3270","tool","turn","turns","tv","udp","unreal","urn","ut2004","uuid-in-package","v-event","vemmi","ventrilo","ves","view-source","vnc","vscode","vscode-insiders","vsls","w3","wcr","web3","webcal","wifi","ws","wss","wtai","wyciwyg","xcon","xcon-userid","xfire","xmlrpc.beep","xmlrpc.beeps","xmpp","xri","ymsgr","z39.50r","z39.50s"];var{DOMPurify:P}=window;var y=t=>Object.prototype.toString.call(t).slice(8,-1),d=t=>typeof t=="string"||t instanceof String;var{FileReader:H}=window;var R=16,W=/^[\da-z+/\-_=]+$/i,z=/data:[^,]*,/,F=/data:[^,]*;?base64,[\da-z+/\-_=]+/i,Z=/data:[^,]*,[^"]+/g,A=/:$/,ee=/(?:#|%23)$/,te=/(?<!(?:#|%23).*)(?:\?|%3F)$/,se=/[<>"'\s]/g,re=/%(?:2(?:2|7)|3(?:C|E))/g,B=/%(?:2(?:2|7)|3(?:C|E))+?/,ie=/^(?:text\/(?:ht|x)ml|application\/(?:xhtml\+)?xml|image\/svg\+xml)/,ae=/^\d+/,oe=/#x?$/,ne=/^#(?:x(?:00)?[2-7]|\d)/,ce=/^x[\dA-F]+/i,pe=/&#(x(?:00)?[\dA-F]{2}|0?\d{1,3});?/ig,le=/^[a-z][\da-z+\-.]*$/,me=/^(?:ext|web)\+[a-z]+$/,q=/(?:java|vb)script/,k=/(?:java|vb)script|blob/,de=/^%[\dA-F]{2}$/i,fe=/%26/g,M=t=>{if(!d(t))throw new TypeError(`Expected String but got ${y(t)}.`);let e=[];for(let s of t)e.push(`%${s.charCodeAt(0).toString(R).toUpperCase()}`);return e.join("")},Y=t=>{d(t)&&de.test(t)&&(t=t.toUpperCase());let[e,s,a,i,o,c]=["&","#","<",">",'"',"'"].map(M),r;return t===e?r=`${e}amp;`:t===a?r=`${e}lt;`:t===i?r=`${e}gt;`:t===o?r=`${e}quot;`:t===c?r=`${e}${s}39;`:r=t,r},he=t=>{if(d(t)){if(!W.test(t))throw new Error(`Invalid base64 data: ${t}`)}else throw new TypeError(`Expected String but got ${y(t)}.`);let e=atob(t),s=Uint8Array.from([...e].map(o=>o.charCodeAt(0))),a=new Set(T),i;return s.every(o=>a.has(o))?i=e.replace(/\s/g,M):i=t,i},X=(t,e=0)=>{if(!d(t))throw new TypeError(`Expected String but got ${y(t)}.`);if(Number.isInteger(e)){if(e>R)throw new Error("Character references nested too deeply.")}else throw new TypeError(`Expected Number but got ${y(e)}.`);let s=decodeURIComponent(t);if(/&#/.test(s)){let a=new Set(T),i=[...s.matchAll(pe)].reverse();for(let o of i){let[c,r]=o,l;if(ce.test(r)?l=parseInt(`0${r}`,R):ae.test(r)&&(l=parseInt(r)),Number.isInteger(l)){let{index:f}=o,[p,n]=[s.substring(0,f),s.substring(f+c.length)];a.has(l)?(s=`${p}${String.fromCharCode(l)}${n}`,(oe.test(p)||ne.test(n))&&(s=X(s,++e))):l<R*R&&(s=`${p}${n}`)}}}return s},ue=t=>new Promise((e,s)=>{let a=new H;a.addEventListener("error",()=>s(a.error)),a.addEventListener("abort",()=>e(a.result)),a.addEventListener("load",()=>e(a.result)),a.readAsDataURL(t)}),D=class{#e;constructor(){this.#e=new Set(I)}get(){return[...this.#e]}has(e){return this.#e.has(e)}add(e){if(d(e)){if(q.test(e)||!le.test(e))throw new Error(`Invalid scheme: ${e}`)}else throw new TypeError(`Expected String but got ${y(e)}.`);return this.#e.add(e),[...this.#e]}remove(e){return this.#e.delete(e)}verify(e){let s;if(d(e))try{let{protocol:a}=new URL(e),i=a.replace(A,""),o=i.split("+");s=!q.test(i)&&me.test(i)||o.every(c=>this.#e.has(c))}catch{s=!1}return!!s}},j=class extends D{#e;#t;constructor(){super(),this.#e=0,this.#t=new Set}replace(e){if(!d(e))throw new TypeError(`Expected String but got ${y(e)}.`);let s=e;if(z.test(s)){let i=[...s.matchAll(Z)].reverse();for(let o of i){let[c]=o;F.test(c)&&([c]=F.exec(c)),this.#e++,this.#t.add(c);let r=this.sanitize(c,{allow:["data"]}),{index:l}=o,[f,p]=[s.substring(0,l),s.substring(l+c.length)];r?s=`${f}${r}${p}`:s=`${f}${p}`}}return s}purify(e){if(!d(e))throw new TypeError(`Expected String but got ${y(e)}.`);let s=P.sanitize(decodeURIComponent(e));return s&&z.test(s)&&(s=this.replace(s)),s=s.replace(ee,"").replace(te,""),encodeURI(s)}sanitize(e,s={allow:[],deny:[],only:[]}){if(this.#e>R)throw this.#e=0,new Error("Data URLs nested too deeply.");let{allow:a,deny:i,only:o,remove:c}=s??{},r=new Map([["blob",!1],["data",!1],["file",!1],["javascrpt",!1],["vbscript",!1]]),l=!1;if(Array.isArray(o)&&o.length){let p=super.get();for(let m of p)r.set(m,!1);let n=Object.values(o);for(let m of n)if(d(m)&&(m=m.trim(),!k.test(m))){if(super.has(m))r.set(m,!0);else{try{super.add(m)}catch{}super.has(m)&&r.set(m,!0)}!l&&r.has(m)&&(l=r.get(m))}}else{if(Array.isArray(a)&&a.length){let p=Object.values(a);for(let n of p)if(d(n)&&(n=n.trim(),!k.test(n)))if(super.has(n))r.set(n,!0);else{try{super.add(n)}catch{}super.has(n)&&r.set(n,!0)}}if(Array.isArray(i)&&i.length){let p=Object.values(i);for(let n of p)d(n)&&(n=n.trim(),n&&r.set(n,!1))}}let f;if(super.verify(e)){let{hash:p,href:n,pathname:m,protocol:U,search:w}=new URL(e),E=U.replace(A,""),L=E.split("+"),_;if(l)_=L.every(b=>r.get(b));else for(let[b,x]of r.entries())if(_=x||E!==b&&L.every(h=>h!==b),!_)break;if(_){let b=L.includes("data"),x,h=n;if(b){let[v,...C]=m.split(","),$=`${C.join(",")}${w}${p}`,S=v.split(";"),G=S[S.length-1]==="base64",u=$;G&&(u=he($));try{let N=X(u).trim(),{protocol:Q}=new URL(N);Q.replace(A,"").split("+").some(J=>k.test(J))&&(h="")}catch{}let O=z.test(u);u!==$||O?O?u=this.replace(u):this.#t.has(e)?this.#t.delete(e):x=!0:this.#t.has(e)?this.#t.delete(e):x=!0,(!v||ie.test(v))&&(u=this.purify(u)),h&&u?(G&&u!==$&&S.pop(),h=`${E}:${S.join(";")},${u}`):h=""}else x=!0;if(!b&&c&&B.test(h)){let v=B.exec(h),{index:C}=v;h=h.substring(0,C)}h?(f=h.replace(se,M).replace(fe,Y),x&&(b||(f=f.replace(re,Y)),this.#e=0)):(f=h,this.#e=0)}}return f||null}parse(e,s){if(!d(e))throw new TypeError(`Expected String but got ${y(e)}.`);let a=this.sanitize(e,s??{allow:["blob","data","file"]}),i=new Map([["input",e]]);if(a){let o=new URL(a),{pathname:c,protocol:r}=o,f=r.replace(A,"").split("+").includes("data");if(i.set("valid",!0),f){let p=new Map,[n,...m]=c.split(","),U=`${m.join(",")}`,w=n.split(";"),E=w[w.length-1]==="base64";E&&w.pop(),p.set("mime",w.join(";")),p.set("base64",E),p.set("data",U),i.set("data",Object.fromEntries(p))}else i.set("data",null);for(let p in o){let n=o[p];d(n)&&i.set(p,n)}}else i.set("valid",!1);return Object.fromEntries(i)}},g=new j,ge=t=>g.verify(t),ye=async t=>g.verify(t),be=t=>g.parse(t),we=async t=>g.parse(t),Ee=(t,e)=>{let s;if(g.verify(t)){let{protocol:a}=new URL(t);a==="blob:"?URL.revokeObjectURL(t):s=g.sanitize(t,e??{allow:[],deny:[],only:[]})}return s||null},xe=async(t,e={allow:[],deny:[],only:[]})=>{let s;if(g.verify(t)){let{protocol:a}=new URL(t);if(a==="blob:"){let{allow:i,deny:o,only:c}=e;if(Array.isArray(i)&&i.includes("blob")&&!(Array.isArray(o)&&o.includes("blob"))||Array.isArray(c)&&c.includes("blob")){let r;try{r=await fetch(t).then(l=>l.blob()).then(ue)}catch{}if(r){if(Array.isArray(c))c.includes("data")||c.push("data");else if(Array.isArray(i)&&(i.includes("data")||i.push("data"),Array.isArray(o)&&o.includes("data"))){let l=o.indexOf("data");o.splice(l,1)}s=g.sanitize(r,e)}}URL.revokeObjectURL(t)}else s=g.sanitize(t,e)}return s||null};export{g as default,ye as isURI,ge as isURISync,we as parseURL,be as parseURLSync,xe as sanitizeURL,Ee as sanitizeURLSync}; | ||
| var T=[7,8,9,10,11,12,13,27,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255];var I=["aaa","aaas","about","acap","acct","acd","acr","adiumxtra","adt","afp","afs","aim","amss","android","appdata","apt","ar","ark","attachment","aw","barion","beshare","bitcoin","bitcoincash","blob","bolo","browserext","cabal","calculator","callto","cap","cast","casts","chrome","chrome-extension","cid","coap","coaps","com-eventbrite-attendee","content","content-type","crid","cstr","cvs","dab","dat","data","dav","diaspora","dict","did","dis","dlna-playcontainer","dlna-playsingle","dns","dntp","doi","dpp","drm","dtmi","dtn","dvb","dvx","dweb","ed2k","eid","elsi","embedded","ens","ethereum","example","facetime","feed","feedready","fido","file","finger","first-run-pen-experience","fish","fm","ftp","fuchsia-pkg","geo","gg","git","gitoid","gizmoproject","go","gopher","graph","gtalk","h323","ham","hcap","hcp","http","https","hxxp","hxxps","hydrazone","hyper","iax","icap","icon","im","imap","info","iotdisco","ipfs","ipn","ipns","ipp","ipps","irc","irc6","ircs","iris","iris.beep","iris.lwz","iris.xpc","iris.xpcs","isostore","itms","jabber","jar","jms","keyparc","lastfm","lbry","ldap","ldaps","leaptofrogans","lorawan","lpa","lvlt","magnet","mailto","maps","market","matrix","message","microsoft.windows.camera","microsoft.windows.camera.multipicker","microsoft.windows.camera.picker","mid","mms","mongodb","moz","moz-extension","ms-access","ms-appinstaller","ms-browser-extension","ms-calculator","ms-drive-to","ms-enrollment","ms-excel","ms-eyecontrolspeech","ms-gamebarservices","ms-gamingoverlay","ms-getoffice","ms-help","ms-infopath","ms-inputapp","ms-lockscreencomponent-config","ms-media-stream-id","ms-meetnow","ms-mixedrealitycapture","ms-mobileplans","ms-newsandinterests","ms-officeapp","ms-people","ms-powerpoint","ms-project","ms-publisher","ms-remotedesktop-launch","ms-restoretabcompanion","ms-screenclip","ms-screensketch","ms-search","ms-search-repair","ms-secondary-screen-controller","ms-secondary-screen-setup","ms-settings","ms-settings-airplanemode","ms-settings-bluetooth","ms-settings-camera","ms-settings-cellular","ms-settings-cloudstorage","ms-settings-connectabledevices","ms-settings-displays-topology","ms-settings-emailandaccounts","ms-settings-language","ms-settings-location","ms-settings-lock","ms-settings-nfctransactions","ms-settings-notifications","ms-settings-power","ms-settings-privacy","ms-settings-proximity","ms-settings-screenrotation","ms-settings-wifi","ms-settings-workplace","ms-spd","ms-stickers","ms-sttoverlay","ms-transit-to","ms-useractivityset","ms-virtualtouchpad","ms-visio","ms-walk-to","ms-whiteboard","ms-whiteboard-cmd","ms-word","msnim","msrp","msrps","mss","mt","mtqp","mumble","mupdate","mvn","news","nfs","ni","nih","nntp","notes","num","ocf","oid","onenote","onenote-cmd","opaquelocktoken","openpgp4fpr","otpauth","palm","paparazzi","payment","payto","pkcs11","platform","pop","pres","proxy","psyc","pttp","pwid","qb","query","quic-transport","redis","rediss","reload","res","resource","rmi","rsync","rtmfp","rtmp","rtsp","rtsps","rtspu","sarif","secondlife","secret-token","service","session","sftp","sgn","shc","sieve","simpleledger","simplex","sip","sips","skype","smb","smp","sms","smtp","snmp","soap.beep","soap.beeps","soldat","spiffe","spotify","ssb","ssh","starknet","steam","stun","stuns","submit","svn","swh","swid","swidpath","tag","taler","teamspeak","tel","teliaeid","telnet","tftp","things","thismessage","tip","tn3270","tool","turn","turns","tv","udp","unreal","urn","ut2004","uuid-in-package","v-event","vemmi","ventrilo","ves","view-source","vnc","vscode","vscode-insiders","vsls","w3","wcr","web3","webcal","wifi","ws","wss","wtai","wyciwyg","xcon","xcon-userid","xfire","xmlrpc.beep","xmlrpc.beeps","xmpp","xri","ymsgr","z39.50r","z39.50s"];var{DOMPurify:P}=window;var g=t=>Object.prototype.toString.call(t).slice(8,-1),d=t=>typeof t=="string"||t instanceof String;var{FileReader:H}=window;var R=16,W=/^[\da-z+/\-_=]+$/i,z=/data:[^,]*,/,F=/data:[^,]*;?base64,[\da-z+/\-_=]+/i,Z=/data:[^,]*,[^"]+/g,S=/:$/,ee=/(?:#|%23)$/,te=/(?<!(?:#|%23).*)(?:\?|%3F)$/,se=/[<>"'\s]/g,re=/%(?:2(?:2|7)|3(?:C|E))/g,B=/%(?:2(?:2|7)|3(?:C|E))+?/,ie=/^(?:text\/(?:ht|x)ml|application\/(?:xhtml\+)?xml|image\/svg\+xml)/,ae=/^\d+/,oe=/#x?$/,ne=/^#(?:x(?:00)?[2-7]|\d)/,ce=/^x[\dA-F]+/i,pe=/&#(x(?:00)?[\dA-F]{2}|0?\d{1,3});?/ig,le=/^[a-z][\da-z+\-.]*$/,me=/^(?:ext|web)\+[a-z]+$/,q=/(?:java|vb)script/,k=/(?:java|vb)script|blob/,de=/^%[\dA-F]{2}$/i,fe=/%26/g,M=t=>{if(!d(t))throw new TypeError(`Expected String but got ${g(t)}.`);let e=[];for(let s of t)e.push(`%${s.charCodeAt(0).toString(R).toUpperCase()}`);return e.join("")},Y=t=>{d(t)&&de.test(t)&&(t=t.toUpperCase());let[e,s,r,o,a,c]=["&","#","<",">",'"',"'"].map(M),i;return t===e?i=`${e}amp;`:t===r?i=`${e}lt;`:t===o?i=`${e}gt;`:t===a?i=`${e}quot;`:t===c?i=`${e}${s}39;`:i=t,i},he=t=>{if(d(t)){if(!W.test(t))throw new Error(`Invalid base64 data: ${t}`)}else throw new TypeError(`Expected String but got ${g(t)}.`);let e=atob(t),s=Uint8Array.from([...e].map(a=>a.charCodeAt(0))),r=new Set(T),o;return s.every(a=>r.has(a))?o=e.replace(/\s/g,M):o=t,o},X=(t,e=0)=>{if(!d(t))throw new TypeError(`Expected String but got ${g(t)}.`);if(Number.isInteger(e)){if(e>R)throw new Error("Character references nested too deeply.")}else throw new TypeError(`Expected Number but got ${g(e)}.`);let s=decodeURIComponent(t);if(/&#/.test(s)){let r=new Set(T),o=[...s.matchAll(pe)].reverse();for(let a of o){let[c,i]=a,l;if(ce.test(i)?l=parseInt(`0${i}`,R):ae.test(i)&&(l=parseInt(i)),Number.isInteger(l)){let{index:f}=a,[p,n]=[s.substring(0,f),s.substring(f+c.length)];r.has(l)?(s=`${p}${String.fromCharCode(l)}${n}`,(oe.test(p)||ne.test(n))&&(s=X(s,++e))):l<R*R&&(s=`${p}${n}`)}}}return s},ue=t=>new Promise((e,s)=>{let r=new H;r.addEventListener("error",()=>s(r.error)),r.addEventListener("abort",()=>e(r.result)),r.addEventListener("load",()=>e(r.result)),r.readAsDataURL(t)}),D=class{#e;constructor(){this.#e=new Set(I)}get(){return[...this.#e]}has(e){return this.#e.has(e)}add(e){if(d(e)){if(q.test(e)||!le.test(e))throw new Error(`Invalid scheme: ${e}`)}else throw new TypeError(`Expected String but got ${g(e)}.`);return this.#e.add(e),[...this.#e]}remove(e){return this.#e.delete(e)}verify(e){let s;if(d(e))try{let{protocol:r}=new URL(e),o=r.replace(S,""),a=o.split("+");s=!q.test(o)&&me.test(o)||a.every(c=>this.#e.has(c))}catch{s=!1}return!!s}},j=class extends D{#e;#t;constructor(){super(),this.#e=0,this.#t=new Set}replace(e){if(!d(e))throw new TypeError(`Expected String but got ${g(e)}.`);let s=e;if(z.test(s)){let o=[...s.matchAll(Z)].reverse();for(let a of o){let[c]=a;F.test(c)&&([c]=F.exec(c)),this.#e++,this.#t.add(c);let i=this.sanitize(c,{allow:["data"]}),{index:l}=a,[f,p]=[s.substring(0,l),s.substring(l+c.length)];i?s=`${f}${i}${p}`:s=`${f}${p}`}}return s}purify(e){if(!d(e))throw new TypeError(`Expected String but got ${g(e)}.`);let s=P.sanitize(decodeURIComponent(e));return s&&z.test(s)&&(s=this.replace(s)),s=s.replace(ee,"").replace(te,""),encodeURI(s)}sanitize(e,s={allow:[],deny:[],only:[]}){if(this.#e>R)throw this.#e=0,new Error("Data URLs nested too deeply.");let{allow:r,deny:o,only:a,remove:c}=s??{},i=new Map([["blob",!1],["data",!1],["file",!1],["javascrpt",!1],["vbscript",!1]]),l=!1;if(Array.isArray(a)&&a.length){let p=super.get();for(let m of p)i.set(m,!1);let n=Object.values(a);for(let m of n)if(d(m)&&(m=m.trim(),!k.test(m))){if(super.has(m))i.set(m,!0);else{try{super.add(m)}catch{}super.has(m)&&i.set(m,!0)}!l&&i.has(m)&&(l=i.get(m))}}else{if(Array.isArray(r)&&r.length){let p=Object.values(r);for(let n of p)if(d(n)&&(n=n.trim(),!k.test(n)))if(super.has(n))i.set(n,!0);else{try{super.add(n)}catch{}super.has(n)&&i.set(n,!0)}}if(Array.isArray(o)&&o.length){let p=Object.values(o);for(let n of p)d(n)&&(n=n.trim(),n&&i.set(n,!1))}}let f;if(super.verify(e)){let{hash:p,href:n,pathname:m,protocol:U,search:w}=new URL(e),E=U.replace(S,""),A=E.split("+"),_;if(l)_=A.every(b=>i.get(b));else for(let[b,x]of i.entries())if(_=x||E!==b&&A.every(h=>h!==b),!_)break;if(_){let b=A.includes("data"),x,h=n;if(b){let[v,...C]=m.split(","),$=`${C.join(",")}${w}${p}`,L=v.split(";"),G=L[L.length-1]==="base64",u=$;G&&(u=he($));try{let N=X(u).trim(),{protocol:Q}=new URL(N);Q.replace(S,"").split("+").some(J=>k.test(J))&&(h="")}catch{}let O=z.test(u);u!==$||O?O?u=this.replace(u):this.#t.has(e)?this.#t.delete(e):x=!0:this.#t.has(e)?this.#t.delete(e):x=!0,(!v||ie.test(v))&&(u=this.purify(u)),h&&u?(G&&u!==$&&L.pop(),h=`${E}:${L.join(";")},${u}`):h=""}else x=!0;if(!b&&c&&B.test(h)){let v=B.exec(h),{index:C}=v;h=h.substring(0,C)}h?(f=h.replace(se,M).replace(fe,Y),x&&(b||(f=f.replace(re,Y)),this.#e=0)):(f=h,this.#e=0)}}return f||null}parse(e,s){if(!d(e))throw new TypeError(`Expected String but got ${g(e)}.`);let r=new Map([["input",e]]),o;if(this.verify(e)){let{protocol:a}=new URL(e);a==="blob:"?o=e:o=this.sanitize(e,s??{allow:["data","file"]})}if(o){let a=new URL(o),{pathname:c,protocol:i}=a,f=i.replace(S,"").split("+").includes("data");if(r.set("valid",!0),f){let p=new Map,[n,...m]=c.split(","),U=`${m.join(",")}`,w=n.split(";"),E=w[w.length-1]==="base64";E&&w.pop(),p.set("mime",w.join(";")),p.set("base64",E),p.set("data",U),r.set("data",Object.fromEntries(p))}else r.set("data",null);for(let p in a){let n=a[p];d(n)&&r.set(p,n)}}else r.set("valid",!1);return Object.fromEntries(r)}},y=new j,ye=t=>y.verify(t),ge=async t=>y.verify(t),be=t=>y.parse(t),we=async t=>y.parse(t),Ee=(t,e)=>{let s;if(y.verify(t)){let{protocol:r}=new URL(t);r==="blob:"?URL.revokeObjectURL(t):s=y.sanitize(t,e??{allow:[],deny:[],only:[]})}return s||null},xe=async(t,e={allow:[],deny:[],only:[]})=>{let s;if(y.verify(t)){let{protocol:r}=new URL(t);if(r==="blob:"){let{allow:o,deny:a,only:c}=e;if(Array.isArray(o)&&o.includes("blob")&&!(Array.isArray(a)&&a.includes("blob"))||Array.isArray(c)&&c.includes("blob")){let i;try{i=await fetch(t).then(l=>l.blob()).then(ue)}catch{}if(i){if(Array.isArray(c))c.includes("data")||c.push("data");else if(Array.isArray(o)&&(o.includes("data")||o.push("data"),Array.isArray(a)&&a.includes("data"))){let l=a.indexOf("data");a.splice(l,1)}s=y.sanitize(i,e)}}URL.revokeObjectURL(t)}else s=y.sanitize(t,e)}return s||null};export{y as default,ge as isURI,ye as isURISync,we as parseURL,be as parseURLSync,xe as sanitizeURL,Ee as sanitizeURLSync}; | ||
| /*! | ||
@@ -3,0 +3,0 @@ * URL Sanitizer |
@@ -1,6 +0,6 @@ | ||
| var zr=Object.create;var Wt=Object.defineProperty;var Hr=Object.getOwnPropertyDescriptor;var Gr=Object.getOwnPropertyNames;var $r=Object.getPrototypeOf,Br=Object.prototype.hasOwnProperty;var jr=(n,a)=>()=>(a||n((a={exports:{}}).exports,a),a.exports);var Wr=(n,a,l,d)=>{if(a&&typeof a=="object"||typeof a=="function")for(let m of Gr(a))!Br.call(n,m)&&m!==l&&Wt(n,m,{get:()=>a[m],enumerable:!(d=Hr(a,m))||d.enumerable});return n};var Yr=(n,a,l)=>(l=n!=null?zr($r(n)):{},Wr(a||!n||!n.__esModule?Wt(l,"default",{value:n,enumerable:!0}):l,n));var qt=jr((ct,pt)=>{(function(n,a){typeof ct=="object"&&typeof pt<"u"?pt.exports=a():typeof define=="function"&&define.amd?define(a):(n=typeof globalThis<"u"?globalThis:n||self,n.DOMPurify=a())})(ct,function(){"use strict";function n(r){return n=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(i){return typeof i}:function(i){return i&&typeof Symbol=="function"&&i.constructor===Symbol&&i!==Symbol.prototype?"symbol":typeof i},n(r)}function a(r,i){return a=Object.setPrototypeOf||function(p,y){return p.__proto__=y,p},a(r,i)}function l(){if(typeof Reflect>"u"||!Reflect.construct||Reflect.construct.sham)return!1;if(typeof Proxy=="function")return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch{return!1}}function d(r,i,s){return l()?d=Reflect.construct:d=function(y,w,N){var S=[null];S.push.apply(S,w);var U=Function.bind.apply(y,S),be=new U;return N&&a(be,N.prototype),be},d.apply(null,arguments)}function m(r,i){return h(r)||I(r,i)||g(r,i)||oe()}function f(r){return b(r)||T(r)||g(r)||A()}function b(r){if(Array.isArray(r))return v(r)}function h(r){if(Array.isArray(r))return r}function T(r){if(typeof Symbol<"u"&&r[Symbol.iterator]!=null||r["@@iterator"]!=null)return Array.from(r)}function I(r,i){var s=r==null?null:typeof Symbol<"u"&&r[Symbol.iterator]||r["@@iterator"];if(s!=null){var p=[],y=!0,w=!1,N,S;try{for(s=s.call(r);!(y=(N=s.next()).done)&&(p.push(N.value),!(i&&p.length===i));y=!0);}catch(U){w=!0,S=U}finally{try{!y&&s.return!=null&&s.return()}finally{if(w)throw S}}return p}}function g(r,i){if(r){if(typeof r=="string")return v(r,i);var s=Object.prototype.toString.call(r).slice(8,-1);if(s==="Object"&&r.constructor&&(s=r.constructor.name),s==="Map"||s==="Set")return Array.from(r);if(s==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(s))return v(r,i)}}function v(r,i){(i==null||i>r.length)&&(i=r.length);for(var s=0,p=new Array(i);s<i;s++)p[s]=r[s];return p}function A(){throw new TypeError(`Invalid attempt to spread non-iterable instance. | ||
| var zr=Object.create;var Wt=Object.defineProperty;var Hr=Object.getOwnPropertyDescriptor;var Gr=Object.getOwnPropertyNames;var $r=Object.getPrototypeOf,Br=Object.prototype.hasOwnProperty;var jr=(n,a)=>()=>(a||n((a={exports:{}}).exports,a),a.exports);var Wr=(n,a,l,u)=>{if(a&&typeof a=="object"||typeof a=="function")for(let d of Gr(a))!Br.call(n,d)&&d!==l&&Wt(n,d,{get:()=>a[d],enumerable:!(u=Hr(a,d))||u.enumerable});return n};var Yr=(n,a,l)=>(l=n!=null?zr($r(n)):{},Wr(a||!n||!n.__esModule?Wt(l,"default",{value:n,enumerable:!0}):l,n));var qt=jr((ct,pt)=>{(function(n,a){typeof ct=="object"&&typeof pt<"u"?pt.exports=a():typeof define=="function"&&define.amd?define(a):(n=typeof globalThis<"u"?globalThis:n||self,n.DOMPurify=a())})(ct,function(){"use strict";function n(r){return n=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(i){return typeof i}:function(i){return i&&typeof Symbol=="function"&&i.constructor===Symbol&&i!==Symbol.prototype?"symbol":typeof i},n(r)}function a(r,i){return a=Object.setPrototypeOf||function(p,y){return p.__proto__=y,p},a(r,i)}function l(){if(typeof Reflect>"u"||!Reflect.construct||Reflect.construct.sham)return!1;if(typeof Proxy=="function")return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch{return!1}}function u(r,i,s){return l()?u=Reflect.construct:u=function(y,w,N){var S=[null];S.push.apply(S,w);var U=Function.bind.apply(y,S),be=new U;return N&&a(be,N.prototype),be},u.apply(null,arguments)}function d(r,i){return h(r)||I(r,i)||g(r,i)||oe()}function f(r){return b(r)||T(r)||g(r)||A()}function b(r){if(Array.isArray(r))return v(r)}function h(r){if(Array.isArray(r))return r}function T(r){if(typeof Symbol<"u"&&r[Symbol.iterator]!=null||r["@@iterator"]!=null)return Array.from(r)}function I(r,i){var s=r==null?null:typeof Symbol<"u"&&r[Symbol.iterator]||r["@@iterator"];if(s!=null){var p=[],y=!0,w=!1,N,S;try{for(s=s.call(r);!(y=(N=s.next()).done)&&(p.push(N.value),!(i&&p.length===i));y=!0);}catch(U){w=!0,S=U}finally{try{!y&&s.return!=null&&s.return()}finally{if(w)throw S}}return p}}function g(r,i){if(r){if(typeof r=="string")return v(r,i);var s=Object.prototype.toString.call(r).slice(8,-1);if(s==="Object"&&r.constructor&&(s=r.constructor.name),s==="Map"||s==="Set")return Array.from(r);if(s==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(s))return v(r,i)}}function v(r,i){(i==null||i>r.length)&&(i=r.length);for(var s=0,p=new Array(i);s<i;s++)p[s]=r[s];return p}function A(){throw new TypeError(`Invalid attempt to spread non-iterable instance. | ||
| In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}function oe(){throw new TypeError(`Invalid attempt to destructure non-iterable instance. | ||
| In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}function Z(r,i){var s=typeof Symbol<"u"&&r[Symbol.iterator]||r["@@iterator"];if(!s){if(Array.isArray(r)||(s=g(r))||i&&r&&typeof r.length=="number"){s&&(r=s);var p=0,y=function(){};return{s:y,n:function(){return p>=r.length?{done:!0}:{done:!1,value:r[p++]}},e:function(U){throw U},f:y}}throw new TypeError(`Invalid attempt to iterate non-iterable instance. | ||
| In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}var w=!0,N=!1,S;return{s:function(){s=s.call(r)},n:function(){var U=s.next();return w=U.done,U},e:function(U){N=!0,S=U},f:function(){try{!w&&s.return!=null&&s.return()}finally{if(N)throw S}}}}var q=Object.entries,se=Object.setPrototypeOf,le=Object.isFrozen,j=Object.getPrototypeOf,Q=Object.getOwnPropertyDescriptor,_=Object.freeze,D=Object.seal,Ee=Object.create,te=typeof Reflect<"u"&&Reflect,J=te.apply,ce=te.construct;J||(J=function(i,s,p){return i.apply(s,p)}),_||(_=function(i){return i}),D||(D=function(i){return i}),ce||(ce=function(i,s){return d(i,f(s))});var P=H(Array.prototype.forEach),ge=H(Array.prototype.pop),ee=H(Array.prototype.push),pe=H(String.prototype.toLowerCase),Re=H(String.prototype.toString),Pe=H(String.prototype.match),$=H(String.prototype.replace),er=H(String.prototype.indexOf),tr=H(String.prototype.trim),F=H(RegExp.prototype.test),Fe=rr(TypeError);function H(r){return function(i){for(var s=arguments.length,p=new Array(s>1?s-1:0),y=1;y<s;y++)p[y-1]=arguments[y];return J(r,i,p)}}function rr(r){return function(){for(var i=arguments.length,s=new Array(i),p=0;p<i;p++)s[p]=arguments[p];return ce(r,s)}}function u(r,i,s){s=s||pe,se&&se(r,null);for(var p=i.length;p--;){var y=i[p];if(typeof y=="string"){var w=s(y);w!==y&&(le(i)||(i[p]=w),y=w)}r[y]=!0}return r}function fe(r){var i=Ee(null),s=Z(q(r)),p;try{for(s.s();!(p=s.n()).done;){var y=m(p.value,2),w=y[0],N=y[1];i[w]=N}}catch(S){s.e(S)}finally{s.f()}return i}function we(r,i){for(;r!==null;){var s=Q(r,i);if(s){if(s.get)return H(s.get);if(typeof s.value=="function")return H(s.value)}r=j(r)}function p(y){return console.warn("fallback value for",y),null}return p}var yt=_(["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dialog","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","picture","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr"]),ze=_(["svg","a","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","style","switch","symbol","text","textpath","title","tref","tspan","view","vkern"]),He=_(["feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feDistantLight","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feImage","feMerge","feMergeNode","feMorphology","feOffset","fePointLight","feSpecularLighting","feSpotLight","feTile","feTurbulence"]),ar=_(["animate","color-profile","cursor","discard","fedropshadow","font-face","font-face-format","font-face-name","font-face-src","font-face-uri","foreignobject","hatch","hatchpath","mesh","meshgradient","meshpatch","meshrow","missing-glyph","script","set","solidcolor","unknown","use"]),Ge=_(["math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmultiscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mspace","msqrt","mstyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover"]),nr=_(["maction","maligngroup","malignmark","mlongdiv","mscarries","mscarry","msgroup","mstack","msline","msrow","semantics","annotation","annotation-xml","mprescripts","none"]),_t=_(["#text"]),Et=_(["accept","action","align","alt","autocapitalize","autocomplete","autopictureinpicture","autoplay","background","bgcolor","border","capture","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","controls","controlslist","coords","crossorigin","datetime","decoding","default","dir","disabled","disablepictureinpicture","disableremoteplayback","download","draggable","enctype","enterkeyhint","face","for","headers","height","hidden","high","href","hreflang","id","inputmode","integrity","ismap","kind","label","lang","list","loading","loop","low","max","maxlength","media","method","min","minlength","multiple","muted","name","nonce","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","playsinline","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","sizes","span","srclang","start","src","srcset","step","style","summary","tabindex","title","translate","type","usemap","valign","value","width","xmlns","slot"]),$e=_(["accent-height","accumulate","additive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","class","clip","clippathunits","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","filterunits","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","height","href","id","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lang","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","media","method","mode","min","name","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","preserveaspectratio","primitiveunits","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","startoffset","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","style","surfacescale","systemlanguage","tabindex","targetx","targety","transform","transform-origin","text-anchor","text-decoration","text-rendering","textlength","type","u1","u2","unicode","values","viewbox","visibility","version","vert-adv-y","vert-origin-x","vert-origin-y","width","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","xmlns","y","y1","y2","z","zoomandpan"]),gt=_(["accent","accentunder","align","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","dir","display","displaystyle","encoding","fence","frame","height","href","id","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","width","xmlns"]),Se=_(["xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]),ir=D(/\{\{[\w\W]*|[\w\W]*\}\}/gm),or=D(/<%[\w\W]*|[\w\W]*%>/gm),sr=D(/\${[\w\W]*}/gm),lr=D(/^data-[\-\w.\u00B7-\uFFFF]/),cr=D(/^aria-[\-\w]+$/),pr=D(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),fr=D(/^(?:\w+script|data):/i),ur=D(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),mr=D(/^html$/i),dr=function(){return typeof window>"u"?null:window},hr=function(i,s){if(n(i)!=="object"||typeof i.createPolicy!="function")return null;var p=null,y="data-tt-policy-suffix";s.currentScript&&s.currentScript.hasAttribute(y)&&(p=s.currentScript.getAttribute(y));var w="dompurify"+(p?"#"+p:"");try{return i.createPolicy(w,{createHTML:function(S){return S},createScriptURL:function(S){return S}})}catch{return console.warn("TrustedTypes policy "+w+" could not be created."),null}};function bt(){var r=arguments.length>0&&arguments[0]!==void 0?arguments[0]:dr(),i=function(e){return bt(e)};if(i.version="3.0.0",i.removed=[],!r||!r.document||r.document.nodeType!==9)return i.isSupported=!1,i;var s=r.document,p=r.document,y=r.DocumentFragment,w=r.HTMLTemplateElement,N=r.Node,S=r.Element,U=r.NodeFilter,be=r.NamedNodeMap,yr=be===void 0?r.NamedNodeMap||r.MozNamedAttrMap:be,_r=r.HTMLFormElement,Er=r.DOMParser,Le=r.trustedTypes,xe=S.prototype,gr=we(xe,"cloneNode"),br=we(xe,"nextSibling"),Tr=we(xe,"childNodes"),Be=we(xe,"parentNode");if(typeof w=="function"){var je=p.createElement("template");je.content&&je.content.ownerDocument&&(p=je.content.ownerDocument)}var B=hr(Le,s),Tt=B?B.createHTML(""):"",Oe=p,We=Oe.implementation,Ar=Oe.createNodeIterator,Rr=Oe.createDocumentFragment,wr=Oe.getElementsByTagName,Sr=s.importNode,W={};i.isSupported=typeof q=="function"&&typeof Be=="function"&&We&&typeof We.createHTMLDocument<"u";var Ye=ir,qe=or,Xe=sr,Lr=lr,xr=cr,Or=fr,At=ur,Ve=pr,L=null,Rt=u({},[].concat(f(yt),f(ze),f(He),f(Ge),f(_t))),x=null,wt=u({},[].concat(f(Et),f($e),f(gt),f(Se))),R=Object.seal(Object.create(null,{tagNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},attributeNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},allowCustomizedBuiltInElements:{writable:!0,configurable:!1,enumerable:!0,value:!1}})),Te=null,Ke=null,St=!0,Ze=!0,Lt=!1,xt=!0,ue=!1,re=!1,Qe=!1,Je=!1,me=!1,De=!1,Ne=!1,Ot=!0,Dt=!1,Dr="user-content-",et=!0,Ae=!1,de={},he=null,Nt=u({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","noscript","plaintext","script","style","svg","template","thead","title","video","xmp"]),Mt=null,Ct=u({},["audio","video","img","source","image","track"]),tt=null,It=u({},["alt","class","for","id","label","name","pattern","placeholder","role","summary","title","value","style","xmlns"]),Me="http://www.w3.org/1998/Math/MathML",Ce="http://www.w3.org/2000/svg",X="http://www.w3.org/1999/xhtml",ve=X,rt=!1,at=null,Nr=u({},[Me,Ce,X],Re),ae,Mr=["application/xhtml+xml","text/html"],Cr="text/html",O,ye=null,Ir=p.createElement("form"),Ut=function(e){return e instanceof RegExp||e instanceof Function},nt=function(e){ye&&ye===e||((!e||n(e)!=="object")&&(e={}),e=fe(e),ae=Mr.indexOf(e.PARSER_MEDIA_TYPE)===-1?ae=Cr:ae=e.PARSER_MEDIA_TYPE,O=ae==="application/xhtml+xml"?Re:pe,L="ALLOWED_TAGS"in e?u({},e.ALLOWED_TAGS,O):Rt,x="ALLOWED_ATTR"in e?u({},e.ALLOWED_ATTR,O):wt,at="ALLOWED_NAMESPACES"in e?u({},e.ALLOWED_NAMESPACES,Re):Nr,tt="ADD_URI_SAFE_ATTR"in e?u(fe(It),e.ADD_URI_SAFE_ATTR,O):It,Mt="ADD_DATA_URI_TAGS"in e?u(fe(Ct),e.ADD_DATA_URI_TAGS,O):Ct,he="FORBID_CONTENTS"in e?u({},e.FORBID_CONTENTS,O):Nt,Te="FORBID_TAGS"in e?u({},e.FORBID_TAGS,O):{},Ke="FORBID_ATTR"in e?u({},e.FORBID_ATTR,O):{},de="USE_PROFILES"in e?e.USE_PROFILES:!1,St=e.ALLOW_ARIA_ATTR!==!1,Ze=e.ALLOW_DATA_ATTR!==!1,Lt=e.ALLOW_UNKNOWN_PROTOCOLS||!1,xt=e.ALLOW_SELF_CLOSE_IN_ATTR!==!1,ue=e.SAFE_FOR_TEMPLATES||!1,re=e.WHOLE_DOCUMENT||!1,me=e.RETURN_DOM||!1,De=e.RETURN_DOM_FRAGMENT||!1,Ne=e.RETURN_TRUSTED_TYPE||!1,Je=e.FORCE_BODY||!1,Ot=e.SANITIZE_DOM!==!1,Dt=e.SANITIZE_NAMED_PROPS||!1,et=e.KEEP_CONTENT!==!1,Ae=e.IN_PLACE||!1,Ve=e.ALLOWED_URI_REGEXP||Ve,ve=e.NAMESPACE||X,e.CUSTOM_ELEMENT_HANDLING&&Ut(e.CUSTOM_ELEMENT_HANDLING.tagNameCheck)&&(R.tagNameCheck=e.CUSTOM_ELEMENT_HANDLING.tagNameCheck),e.CUSTOM_ELEMENT_HANDLING&&Ut(e.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)&&(R.attributeNameCheck=e.CUSTOM_ELEMENT_HANDLING.attributeNameCheck),e.CUSTOM_ELEMENT_HANDLING&&typeof e.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements=="boolean"&&(R.allowCustomizedBuiltInElements=e.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements),ue&&(Ze=!1),De&&(me=!0),de&&(L=u({},f(_t)),x=[],de.html===!0&&(u(L,yt),u(x,Et)),de.svg===!0&&(u(L,ze),u(x,$e),u(x,Se)),de.svgFilters===!0&&(u(L,He),u(x,$e),u(x,Se)),de.mathMl===!0&&(u(L,Ge),u(x,gt),u(x,Se))),e.ADD_TAGS&&(L===Rt&&(L=fe(L)),u(L,e.ADD_TAGS,O)),e.ADD_ATTR&&(x===wt&&(x=fe(x)),u(x,e.ADD_ATTR,O)),e.ADD_URI_SAFE_ATTR&&u(tt,e.ADD_URI_SAFE_ATTR,O),e.FORBID_CONTENTS&&(he===Nt&&(he=fe(he)),u(he,e.FORBID_CONTENTS,O)),et&&(L["#text"]=!0),re&&u(L,["html","head","body"]),L.table&&(u(L,["tbody"]),delete Te.tbody),_&&_(e),ye=e)},kt=u({},["mi","mo","mn","ms","mtext"]),Pt=u({},["foreignobject","desc","title","annotation-xml"]),Ur=u({},["title","style","font","a","script"]),Ie=u({},ze);u(Ie,He),u(Ie,ar);var it=u({},Ge);u(it,nr);var kr=function(e){var t=Be(e);(!t||!t.tagName)&&(t={namespaceURI:ve,tagName:"template"});var o=pe(e.tagName),E=pe(t.tagName);return at[e.namespaceURI]?e.namespaceURI===Ce?t.namespaceURI===X?o==="svg":t.namespaceURI===Me?o==="svg"&&(E==="annotation-xml"||kt[E]):Boolean(Ie[o]):e.namespaceURI===Me?t.namespaceURI===X?o==="math":t.namespaceURI===Ce?o==="math"&&Pt[E]:Boolean(it[o]):e.namespaceURI===X?t.namespaceURI===Ce&&!Pt[E]||t.namespaceURI===Me&&!kt[E]?!1:!it[o]&&(Ur[o]||!Ie[o]):!!(ae==="application/xhtml+xml"&&at[e.namespaceURI]):!1},ne=function(e){ee(i.removed,{element:e});try{e.parentNode.removeChild(e)}catch{e.remove()}},ot=function(e,t){try{ee(i.removed,{attribute:t.getAttributeNode(e),from:t})}catch{ee(i.removed,{attribute:null,from:t})}if(t.removeAttribute(e),e==="is"&&!x[e])if(me||De)try{ne(t)}catch{}else try{t.setAttribute(e,"")}catch{}},Ft=function(e){var t,o;if(Je)e="<remove></remove>"+e;else{var E=Pe(e,/^[\r\n\t ]+/);o=E&&E[0]}ae==="application/xhtml+xml"&&ve===X&&(e='<html xmlns="http://www.w3.org/1999/xhtml"><head></head><body>'+e+"</body></html>");var M=B?B.createHTML(e):e;if(ve===X)try{t=new Er().parseFromString(M,ae)}catch{}if(!t||!t.documentElement){t=We.createDocument(ve,"template",null);try{t.documentElement.innerHTML=rt?Tt:M}catch{}}var G=t.body||t.documentElement;return e&&o&&G.insertBefore(p.createTextNode(o),G.childNodes[0]||null),ve===X?wr.call(t,re?"html":"body")[0]:re?t.documentElement:G},zt=function(e){return Ar.call(e.ownerDocument||e,e,U.SHOW_ELEMENT|U.SHOW_COMMENT|U.SHOW_TEXT,null,!1)},Pr=function(e){return e instanceof _r&&(typeof e.nodeName!="string"||typeof e.textContent!="string"||typeof e.removeChild!="function"||!(e.attributes instanceof yr)||typeof e.removeAttribute!="function"||typeof e.setAttribute!="function"||typeof e.namespaceURI!="string"||typeof e.insertBefore!="function"||typeof e.hasChildNodes!="function")},Ue=function(e){return n(N)==="object"?e instanceof N:e&&n(e)==="object"&&typeof e.nodeType=="number"&&typeof e.nodeName=="string"},V=function(e,t,o){W[e]&&P(W[e],function(E){E.call(i,t,o,ye)})},Ht=function(e){var t;if(V("beforeSanitizeElements",e,null),Pr(e))return ne(e),!0;var o=O(e.nodeName);if(V("uponSanitizeElement",e,{tagName:o,allowedTags:L}),e.hasChildNodes()&&!Ue(e.firstElementChild)&&(!Ue(e.content)||!Ue(e.content.firstElementChild))&&F(/<[/\w]/g,e.innerHTML)&&F(/<[/\w]/g,e.textContent))return ne(e),!0;if(!L[o]||Te[o]){if(!Te[o]&&$t(o)&&(R.tagNameCheck instanceof RegExp&&F(R.tagNameCheck,o)||R.tagNameCheck instanceof Function&&R.tagNameCheck(o)))return!1;if(et&&!he[o]){var E=Be(e)||e.parentNode,M=Tr(e)||e.childNodes;if(M&&E)for(var G=M.length,C=G-1;C>=0;--C)E.insertBefore(gr(M[C],!0),br(e))}return ne(e),!0}return e instanceof S&&!kr(e)||(o==="noscript"||o==="noembed")&&F(/<\/no(script|embed)/i,e.innerHTML)?(ne(e),!0):(ue&&e.nodeType===3&&(t=e.textContent,t=$(t,Ye," "),t=$(t,qe," "),t=$(t,Xe," "),e.textContent!==t&&(ee(i.removed,{element:e.cloneNode()}),e.textContent=t)),V("afterSanitizeElements",e,null),!1)},Gt=function(e,t,o){if(Ot&&(t==="id"||t==="name")&&(o in p||o in Ir))return!1;if(!(Ze&&!Ke[t]&&F(Lr,t))){if(!(St&&F(xr,t))){if(!x[t]||Ke[t]){if(!($t(e)&&(R.tagNameCheck instanceof RegExp&&F(R.tagNameCheck,e)||R.tagNameCheck instanceof Function&&R.tagNameCheck(e))&&(R.attributeNameCheck instanceof RegExp&&F(R.attributeNameCheck,t)||R.attributeNameCheck instanceof Function&&R.attributeNameCheck(t))||t==="is"&&R.allowCustomizedBuiltInElements&&(R.tagNameCheck instanceof RegExp&&F(R.tagNameCheck,o)||R.tagNameCheck instanceof Function&&R.tagNameCheck(o))))return!1}else if(!tt[t]){if(!F(Ve,$(o,At,""))){if(!((t==="src"||t==="xlink:href"||t==="href")&&e!=="script"&&er(o,"data:")===0&&Mt[e])){if(!(Lt&&!F(Or,$(o,At,"")))){if(o)return!1}}}}}}return!0},$t=function(e){return e.indexOf("-")>0},Bt=function(e){var t,o,E,M;V("beforeSanitizeAttributes",e,null);var G=e.attributes;if(G){var C={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:x};for(M=G.length;M--;){t=G[M];var z=t,ie=z.name,st=z.namespaceURI;if(o=ie==="value"?t.value:tr(t.value),E=O(ie),C.attrName=E,C.attrValue=o,C.keepAttr=!0,C.forceKeepAttr=void 0,V("uponSanitizeAttribute",e,C),o=C.attrValue,!C.forceKeepAttr&&(ot(ie,e),!!C.keepAttr)){if(!xt&&F(/\/>/i,o)){ot(ie,e);continue}ue&&(o=$(o,Ye," "),o=$(o,qe," "),o=$(o,Xe," "));var jt=O(e.nodeName);if(Gt(jt,E,o)){if(Dt&&(E==="id"||E==="name")&&(ot(ie,e),o=Dr+o),B&&n(Le)==="object"&&typeof Le.getAttributeType=="function"&&!st)switch(Le.getAttributeType(jt,E)){case"TrustedHTML":o=B.createHTML(o);break;case"TrustedScriptURL":o=B.createScriptURL(o);break}try{st?e.setAttributeNS(st,ie,o):e.setAttribute(ie,o),ge(i.removed)}catch{}}}}V("afterSanitizeAttributes",e,null)}},Fr=function c(e){var t,o=zt(e);for(V("beforeSanitizeShadowDOM",e,null);t=o.nextNode();)V("uponSanitizeShadowNode",t,null),!Ht(t)&&(t.content instanceof y&&c(t.content),Bt(t));V("afterSanitizeShadowDOM",e,null)};return i.sanitize=function(c){var e=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},t,o,E,M;if(rt=!c,rt&&(c="<!-->"),typeof c!="string"&&!Ue(c)){if(typeof c.toString!="function")throw Fe("toString is not a function");if(c=c.toString(),typeof c!="string")throw Fe("dirty is not a string, aborting")}if(!i.isSupported)return c;if(Qe||nt(e),i.removed=[],typeof c=="string"&&(Ae=!1),Ae){if(c.nodeName){var G=O(c.nodeName);if(!L[G]||Te[G])throw Fe("root node is forbidden and cannot be sanitized in-place")}}else if(c instanceof N)t=Ft("<!---->"),o=t.ownerDocument.importNode(c,!0),o.nodeType===1&&o.nodeName==="BODY"||o.nodeName==="HTML"?t=o:t.appendChild(o);else{if(!me&&!ue&&!re&&c.indexOf("<")===-1)return B&&Ne?B.createHTML(c):c;if(t=Ft(c),!t)return me?null:Ne?Tt:""}t&&Je&&ne(t.firstChild);for(var C=zt(Ae?c:t);E=C.nextNode();)Ht(E)||(E.content instanceof y&&Fr(E.content),Bt(E));if(Ae)return c;if(me){if(De)for(M=Rr.call(t.ownerDocument);t.firstChild;)M.appendChild(t.firstChild);else M=t;return(x.shadowroot||x.shadowrootmod)&&(M=Sr.call(s,M,!0)),M}var z=re?t.outerHTML:t.innerHTML;return re&&L["!doctype"]&&t.ownerDocument&&t.ownerDocument.doctype&&t.ownerDocument.doctype.name&&F(mr,t.ownerDocument.doctype.name)&&(z="<!DOCTYPE "+t.ownerDocument.doctype.name+`> | ||
| `+z),ue&&(z=$(z,Ye," "),z=$(z,qe," "),z=$(z,Xe," ")),B&&Ne?B.createHTML(z):z},i.setConfig=function(c){nt(c),Qe=!0},i.clearConfig=function(){ye=null,Qe=!1},i.isValidAttribute=function(c,e,t){ye||nt({});var o=O(c),E=O(e);return Gt(o,E,t)},i.addHook=function(c,e){typeof e=="function"&&(W[c]=W[c]||[],ee(W[c],e))},i.removeHook=function(c){if(W[c])return ge(W[c])},i.removeHooks=function(c){W[c]&&(W[c]=[])},i.removeAllHooks=function(){W={}},i}var vr=bt();return vr})});var lt=[7,8,9,10,11,12,13,27,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255];var Yt=["aaa","aaas","about","acap","acct","acd","acr","adiumxtra","adt","afp","afs","aim","amss","android","appdata","apt","ar","ark","attachment","aw","barion","beshare","bitcoin","bitcoincash","blob","bolo","browserext","cabal","calculator","callto","cap","cast","casts","chrome","chrome-extension","cid","coap","coaps","com-eventbrite-attendee","content","content-type","crid","cstr","cvs","dab","dat","data","dav","diaspora","dict","did","dis","dlna-playcontainer","dlna-playsingle","dns","dntp","doi","dpp","drm","dtmi","dtn","dvb","dvx","dweb","ed2k","eid","elsi","embedded","ens","ethereum","example","facetime","feed","feedready","fido","file","finger","first-run-pen-experience","fish","fm","ftp","fuchsia-pkg","geo","gg","git","gitoid","gizmoproject","go","gopher","graph","gtalk","h323","ham","hcap","hcp","http","https","hxxp","hxxps","hydrazone","hyper","iax","icap","icon","im","imap","info","iotdisco","ipfs","ipn","ipns","ipp","ipps","irc","irc6","ircs","iris","iris.beep","iris.lwz","iris.xpc","iris.xpcs","isostore","itms","jabber","jar","jms","keyparc","lastfm","lbry","ldap","ldaps","leaptofrogans","lorawan","lpa","lvlt","magnet","mailto","maps","market","matrix","message","microsoft.windows.camera","microsoft.windows.camera.multipicker","microsoft.windows.camera.picker","mid","mms","mongodb","moz","moz-extension","ms-access","ms-appinstaller","ms-browser-extension","ms-calculator","ms-drive-to","ms-enrollment","ms-excel","ms-eyecontrolspeech","ms-gamebarservices","ms-gamingoverlay","ms-getoffice","ms-help","ms-infopath","ms-inputapp","ms-lockscreencomponent-config","ms-media-stream-id","ms-meetnow","ms-mixedrealitycapture","ms-mobileplans","ms-newsandinterests","ms-officeapp","ms-people","ms-powerpoint","ms-project","ms-publisher","ms-remotedesktop-launch","ms-restoretabcompanion","ms-screenclip","ms-screensketch","ms-search","ms-search-repair","ms-secondary-screen-controller","ms-secondary-screen-setup","ms-settings","ms-settings-airplanemode","ms-settings-bluetooth","ms-settings-camera","ms-settings-cellular","ms-settings-cloudstorage","ms-settings-connectabledevices","ms-settings-displays-topology","ms-settings-emailandaccounts","ms-settings-language","ms-settings-location","ms-settings-lock","ms-settings-nfctransactions","ms-settings-notifications","ms-settings-power","ms-settings-privacy","ms-settings-proximity","ms-settings-screenrotation","ms-settings-wifi","ms-settings-workplace","ms-spd","ms-stickers","ms-sttoverlay","ms-transit-to","ms-useractivityset","ms-virtualtouchpad","ms-visio","ms-walk-to","ms-whiteboard","ms-whiteboard-cmd","ms-word","msnim","msrp","msrps","mss","mt","mtqp","mumble","mupdate","mvn","news","nfs","ni","nih","nntp","notes","num","ocf","oid","onenote","onenote-cmd","opaquelocktoken","openpgp4fpr","otpauth","palm","paparazzi","payment","payto","pkcs11","platform","pop","pres","proxy","psyc","pttp","pwid","qb","query","quic-transport","redis","rediss","reload","res","resource","rmi","rsync","rtmfp","rtmp","rtsp","rtsps","rtspu","sarif","secondlife","secret-token","service","session","sftp","sgn","shc","sieve","simpleledger","simplex","sip","sips","skype","smb","smp","sms","smtp","snmp","soap.beep","soap.beeps","soldat","spiffe","spotify","ssb","ssh","starknet","steam","stun","stuns","submit","svn","swh","swid","swidpath","tag","taler","teamspeak","tel","teliaeid","telnet","tftp","things","thismessage","tip","tn3270","tool","turn","turns","tv","udp","unreal","urn","ut2004","uuid-in-package","v-event","vemmi","ventrilo","ves","view-source","vnc","vscode","vscode-insiders","vsls","w3","wcr","web3","webcal","wifi","ws","wss","wtai","wyciwyg","xcon","xcon-userid","xfire","xmlrpc.beep","xmlrpc.beeps","xmpp","xri","ymsgr","z39.50r","z39.50s"];var ft=Yr(qt(),1);var K=n=>Object.prototype.toString.call(n).slice(8,-1),k=n=>typeof n=="string"||n instanceof String;var{FileReader:Xt}=window;var _e=16,Vr=/^[\da-z+/\-_=]+$/i,ut=/data:[^,]*,/,Vt=/data:[^,]*;?base64,[\da-z+/\-_=]+/i,Kr=/data:[^,]*,[^"]+/g,ke=/:$/,Zr=/(?:#|%23)$/,Qr=/(?<!(?:#|%23).*)(?:\?|%3F)$/,Jr=/[<>"'\s]/g,ea=/%(?:2(?:2|7)|3(?:C|E))/g,Kt=/%(?:2(?:2|7)|3(?:C|E))+?/,ta=/^(?:text\/(?:ht|x)ml|application\/(?:xhtml\+)?xml|image\/svg\+xml)/,ra=/^\d+/,aa=/#x?$/,na=/^#(?:x(?:00)?[2-7]|\d)/,ia=/^x[\dA-F]+/i,oa=/&#(x(?:00)?[\dA-F]{2}|0?\d{1,3});?/ig,sa=/^[a-z][\da-z+\-.]*$/,la=/^(?:ext|web)\+[a-z]+$/,Zt=/(?:java|vb)script/,mt=/(?:java|vb)script|blob/,ca=/^%[\dA-F]{2}$/i,pa=/%26/g,vt=n=>{if(!k(n))throw new TypeError(`Expected String but got ${K(n)}.`);let a=[];for(let l of n)a.push(`%${l.charCodeAt(0).toString(_e).toUpperCase()}`);return a.join("")},Qt=n=>{k(n)&&ca.test(n)&&(n=n.toUpperCase());let[a,l,d,m,f,b]=["&","#","<",">",'"',"'"].map(vt),h;return n===a?h=`${a}amp;`:n===d?h=`${a}lt;`:n===m?h=`${a}gt;`:n===f?h=`${a}quot;`:n===b?h=`${a}${l}39;`:h=n,h},fa=n=>{if(k(n)){if(!Vr.test(n))throw new Error(`Invalid base64 data: ${n}`)}else throw new TypeError(`Expected String but got ${K(n)}.`);let a=atob(n),l=Uint8Array.from([...a].map(f=>f.charCodeAt(0))),d=new Set(lt),m;return l.every(f=>d.has(f))?m=a.replace(/\s/g,vt):m=n,m},Jt=(n,a=0)=>{if(!k(n))throw new TypeError(`Expected String but got ${K(n)}.`);if(Number.isInteger(a)){if(a>_e)throw new Error("Character references nested too deeply.")}else throw new TypeError(`Expected Number but got ${K(a)}.`);let l=decodeURIComponent(n);if(/&#/.test(l)){let d=new Set(lt),m=[...l.matchAll(oa)].reverse();for(let f of m){let[b,h]=f,T;if(ia.test(h)?T=parseInt(`0${h}`,_e):ra.test(h)&&(T=parseInt(h)),Number.isInteger(T)){let{index:I}=f,[g,v]=[l.substring(0,I),l.substring(I+b.length)];d.has(T)?(l=`${g}${String.fromCharCode(T)}${v}`,(aa.test(g)||na.test(v))&&(l=Jt(l,++a))):T<_e*_e&&(l=`${g}${v}`)}}}return l},ua=n=>new Promise((a,l)=>{let d=new Xt;d.addEventListener("error",()=>l(d.error)),d.addEventListener("abort",()=>a(d.result)),d.addEventListener("load",()=>a(d.result)),d.readAsDataURL(n)}),dt=class{#e;constructor(){this.#e=new Set(Yt)}get(){return[...this.#e]}has(a){return this.#e.has(a)}add(a){if(k(a)){if(Zt.test(a)||!sa.test(a))throw new Error(`Invalid scheme: ${a}`)}else throw new TypeError(`Expected String but got ${K(a)}.`);return this.#e.add(a),[...this.#e]}remove(a){return this.#e.delete(a)}verify(a){let l;if(k(a))try{let{protocol:d}=new URL(a),m=d.replace(ke,""),f=m.split("+");l=!Zt.test(m)&&la.test(m)||f.every(b=>this.#e.has(b))}catch{l=!1}return!!l}},ht=class extends dt{#e;#t;constructor(){super(),this.#e=0,this.#t=new Set}replace(a){if(!k(a))throw new TypeError(`Expected String but got ${K(a)}.`);let l=a;if(ut.test(l)){let m=[...l.matchAll(Kr)].reverse();for(let f of m){let[b]=f;Vt.test(b)&&([b]=Vt.exec(b)),this.#e++,this.#t.add(b);let h=this.sanitize(b,{allow:["data"]}),{index:T}=f,[I,g]=[l.substring(0,T),l.substring(T+b.length)];h?l=`${I}${h}${g}`:l=`${I}${g}`}}return l}purify(a){if(!k(a))throw new TypeError(`Expected String but got ${K(a)}.`);let l=ft.default.sanitize(decodeURIComponent(a));return l&&ut.test(l)&&(l=this.replace(l)),l=l.replace(Zr,"").replace(Qr,""),encodeURI(l)}sanitize(a,l={allow:[],deny:[],only:[]}){if(this.#e>_e)throw this.#e=0,new Error("Data URLs nested too deeply.");let{allow:d,deny:m,only:f,remove:b}=l??{},h=new Map([["blob",!1],["data",!1],["file",!1],["javascrpt",!1],["vbscript",!1]]),T=!1;if(Array.isArray(f)&&f.length){let g=super.get();for(let A of g)h.set(A,!1);let v=Object.values(f);for(let A of v)if(k(A)&&(A=A.trim(),!mt.test(A))){if(super.has(A))h.set(A,!0);else{try{super.add(A)}catch{}super.has(A)&&h.set(A,!0)}!T&&h.has(A)&&(T=h.get(A))}}else{if(Array.isArray(d)&&d.length){let g=Object.values(d);for(let v of g)if(k(v)&&(v=v.trim(),!mt.test(v)))if(super.has(v))h.set(v,!0);else{try{super.add(v)}catch{}super.has(v)&&h.set(v,!0)}}if(Array.isArray(m)&&m.length){let g=Object.values(m);for(let v of g)k(v)&&(v=v.trim(),v&&h.set(v,!1))}}let I;if(super.verify(a)){let{hash:g,href:v,pathname:A,protocol:oe,search:Z}=new URL(a),q=oe.replace(ke,""),se=q.split("+"),le;if(T)le=se.every(j=>h.get(j));else for(let[j,Q]of h.entries())if(le=Q||q!==j&&se.every(_=>_!==j),!le)break;if(le){let j=se.includes("data"),Q,_=v;if(j){let[D,...Ee]=A.split(","),te=`${Ee.join(",")}${Z}${g}`,J=D.split(";"),ce=J[J.length-1]==="base64",P=te;ce&&(P=fa(te));try{let ee=Jt(P).trim(),{protocol:pe}=new URL(ee);pe.replace(ke,"").split("+").some(Pe=>mt.test(Pe))&&(_="")}catch{}let ge=ut.test(P);P!==te||ge?ge?P=this.replace(P):this.#t.has(a)?this.#t.delete(a):Q=!0:this.#t.has(a)?this.#t.delete(a):Q=!0,(!D||ta.test(D))&&(P=this.purify(P)),_&&P?(ce&&P!==te&&J.pop(),_=`${q}:${J.join(";")},${P}`):_=""}else Q=!0;if(!j&&b&&Kt.test(_)){let D=Kt.exec(_),{index:Ee}=D;_=_.substring(0,Ee)}_?(I=_.replace(Jr,vt).replace(pa,Qt),Q&&(j||(I=I.replace(ea,Qt)),this.#e=0)):(I=_,this.#e=0)}}return I||null}parse(a,l){if(!k(a))throw new TypeError(`Expected String but got ${K(a)}.`);let d=this.sanitize(a,l??{allow:["blob","data","file"]}),m=new Map([["input",a]]);if(d){let f=new URL(d),{pathname:b,protocol:h}=f,I=h.replace(ke,"").split("+").includes("data");if(m.set("valid",!0),I){let g=new Map,[v,...A]=b.split(","),oe=`${A.join(",")}`,Z=v.split(";"),q=Z[Z.length-1]==="base64";q&&Z.pop(),g.set("mime",Z.join(";")),g.set("base64",q),g.set("data",oe),m.set("data",Object.fromEntries(g))}else m.set("data",null);for(let g in f){let v=f[g];k(v)&&m.set(g,v)}}else m.set("valid",!1);return Object.fromEntries(m)}},Y=new ht,ma=n=>Y.verify(n),da=async n=>Y.verify(n),ha=n=>Y.parse(n),va=async n=>Y.parse(n),ya=(n,a)=>{let l;if(Y.verify(n)){let{protocol:d}=new URL(n);d==="blob:"?URL.revokeObjectURL(n):l=Y.sanitize(n,a??{allow:[],deny:[],only:[]})}return l||null},_a=async(n,a={allow:[],deny:[],only:[]})=>{let l;if(Y.verify(n)){let{protocol:d}=new URL(n);if(d==="blob:"){let{allow:m,deny:f,only:b}=a;if(Array.isArray(m)&&m.includes("blob")&&!(Array.isArray(f)&&f.includes("blob"))||Array.isArray(b)&&b.includes("blob")){let h;try{h=await fetch(n).then(T=>T.blob()).then(ua)}catch{}if(h){if(Array.isArray(b))b.includes("data")||b.push("data");else if(Array.isArray(m)&&(m.includes("data")||m.push("data"),Array.isArray(f)&&f.includes("data"))){let T=f.indexOf("data");f.splice(T,1)}l=Y.sanitize(h,a)}}URL.revokeObjectURL(n)}else l=Y.sanitize(n,a)}return l||null};export{Y as default,da as isURI,ma as isURISync,va as parseURL,ha as parseURLSync,_a as sanitizeURL,ya as sanitizeURLSync}; | ||
| In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}var w=!0,N=!1,S;return{s:function(){s=s.call(r)},n:function(){var U=s.next();return w=U.done,U},e:function(U){N=!0,S=U},f:function(){try{!w&&s.return!=null&&s.return()}finally{if(N)throw S}}}}var q=Object.entries,se=Object.setPrototypeOf,le=Object.isFrozen,j=Object.getPrototypeOf,Q=Object.getOwnPropertyDescriptor,_=Object.freeze,D=Object.seal,Ee=Object.create,te=typeof Reflect<"u"&&Reflect,J=te.apply,ce=te.construct;J||(J=function(i,s,p){return i.apply(s,p)}),_||(_=function(i){return i}),D||(D=function(i){return i}),ce||(ce=function(i,s){return u(i,f(s))});var P=H(Array.prototype.forEach),ge=H(Array.prototype.pop),ee=H(Array.prototype.push),pe=H(String.prototype.toLowerCase),Re=H(String.prototype.toString),Pe=H(String.prototype.match),$=H(String.prototype.replace),er=H(String.prototype.indexOf),tr=H(String.prototype.trim),F=H(RegExp.prototype.test),Fe=rr(TypeError);function H(r){return function(i){for(var s=arguments.length,p=new Array(s>1?s-1:0),y=1;y<s;y++)p[y-1]=arguments[y];return J(r,i,p)}}function rr(r){return function(){for(var i=arguments.length,s=new Array(i),p=0;p<i;p++)s[p]=arguments[p];return ce(r,s)}}function m(r,i,s){s=s||pe,se&&se(r,null);for(var p=i.length;p--;){var y=i[p];if(typeof y=="string"){var w=s(y);w!==y&&(le(i)||(i[p]=w),y=w)}r[y]=!0}return r}function fe(r){var i=Ee(null),s=Z(q(r)),p;try{for(s.s();!(p=s.n()).done;){var y=d(p.value,2),w=y[0],N=y[1];i[w]=N}}catch(S){s.e(S)}finally{s.f()}return i}function we(r,i){for(;r!==null;){var s=Q(r,i);if(s){if(s.get)return H(s.get);if(typeof s.value=="function")return H(s.value)}r=j(r)}function p(y){return console.warn("fallback value for",y),null}return p}var yt=_(["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dialog","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","picture","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr"]),ze=_(["svg","a","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","style","switch","symbol","text","textpath","title","tref","tspan","view","vkern"]),He=_(["feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feDistantLight","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feImage","feMerge","feMergeNode","feMorphology","feOffset","fePointLight","feSpecularLighting","feSpotLight","feTile","feTurbulence"]),ar=_(["animate","color-profile","cursor","discard","fedropshadow","font-face","font-face-format","font-face-name","font-face-src","font-face-uri","foreignobject","hatch","hatchpath","mesh","meshgradient","meshpatch","meshrow","missing-glyph","script","set","solidcolor","unknown","use"]),Ge=_(["math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmultiscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mspace","msqrt","mstyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover"]),nr=_(["maction","maligngroup","malignmark","mlongdiv","mscarries","mscarry","msgroup","mstack","msline","msrow","semantics","annotation","annotation-xml","mprescripts","none"]),_t=_(["#text"]),Et=_(["accept","action","align","alt","autocapitalize","autocomplete","autopictureinpicture","autoplay","background","bgcolor","border","capture","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","controls","controlslist","coords","crossorigin","datetime","decoding","default","dir","disabled","disablepictureinpicture","disableremoteplayback","download","draggable","enctype","enterkeyhint","face","for","headers","height","hidden","high","href","hreflang","id","inputmode","integrity","ismap","kind","label","lang","list","loading","loop","low","max","maxlength","media","method","min","minlength","multiple","muted","name","nonce","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","playsinline","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","sizes","span","srclang","start","src","srcset","step","style","summary","tabindex","title","translate","type","usemap","valign","value","width","xmlns","slot"]),$e=_(["accent-height","accumulate","additive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","class","clip","clippathunits","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","filterunits","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","height","href","id","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lang","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","media","method","mode","min","name","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","preserveaspectratio","primitiveunits","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","startoffset","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","style","surfacescale","systemlanguage","tabindex","targetx","targety","transform","transform-origin","text-anchor","text-decoration","text-rendering","textlength","type","u1","u2","unicode","values","viewbox","visibility","version","vert-adv-y","vert-origin-x","vert-origin-y","width","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","xmlns","y","y1","y2","z","zoomandpan"]),gt=_(["accent","accentunder","align","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","dir","display","displaystyle","encoding","fence","frame","height","href","id","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","width","xmlns"]),Se=_(["xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]),ir=D(/\{\{[\w\W]*|[\w\W]*\}\}/gm),or=D(/<%[\w\W]*|[\w\W]*%>/gm),sr=D(/\${[\w\W]*}/gm),lr=D(/^data-[\-\w.\u00B7-\uFFFF]/),cr=D(/^aria-[\-\w]+$/),pr=D(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),fr=D(/^(?:\w+script|data):/i),ur=D(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),mr=D(/^html$/i),dr=function(){return typeof window>"u"?null:window},hr=function(i,s){if(n(i)!=="object"||typeof i.createPolicy!="function")return null;var p=null,y="data-tt-policy-suffix";s.currentScript&&s.currentScript.hasAttribute(y)&&(p=s.currentScript.getAttribute(y));var w="dompurify"+(p?"#"+p:"");try{return i.createPolicy(w,{createHTML:function(S){return S},createScriptURL:function(S){return S}})}catch{return console.warn("TrustedTypes policy "+w+" could not be created."),null}};function bt(){var r=arguments.length>0&&arguments[0]!==void 0?arguments[0]:dr(),i=function(e){return bt(e)};if(i.version="3.0.0",i.removed=[],!r||!r.document||r.document.nodeType!==9)return i.isSupported=!1,i;var s=r.document,p=r.document,y=r.DocumentFragment,w=r.HTMLTemplateElement,N=r.Node,S=r.Element,U=r.NodeFilter,be=r.NamedNodeMap,yr=be===void 0?r.NamedNodeMap||r.MozNamedAttrMap:be,_r=r.HTMLFormElement,Er=r.DOMParser,Le=r.trustedTypes,xe=S.prototype,gr=we(xe,"cloneNode"),br=we(xe,"nextSibling"),Tr=we(xe,"childNodes"),Be=we(xe,"parentNode");if(typeof w=="function"){var je=p.createElement("template");je.content&&je.content.ownerDocument&&(p=je.content.ownerDocument)}var B=hr(Le,s),Tt=B?B.createHTML(""):"",Oe=p,We=Oe.implementation,Ar=Oe.createNodeIterator,Rr=Oe.createDocumentFragment,wr=Oe.getElementsByTagName,Sr=s.importNode,W={};i.isSupported=typeof q=="function"&&typeof Be=="function"&&We&&typeof We.createHTMLDocument<"u";var Ye=ir,qe=or,Xe=sr,Lr=lr,xr=cr,Or=fr,At=ur,Ve=pr,L=null,Rt=m({},[].concat(f(yt),f(ze),f(He),f(Ge),f(_t))),x=null,wt=m({},[].concat(f(Et),f($e),f(gt),f(Se))),R=Object.seal(Object.create(null,{tagNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},attributeNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},allowCustomizedBuiltInElements:{writable:!0,configurable:!1,enumerable:!0,value:!1}})),Te=null,Ke=null,St=!0,Ze=!0,Lt=!1,xt=!0,ue=!1,re=!1,Qe=!1,Je=!1,me=!1,De=!1,Ne=!1,Ot=!0,Dt=!1,Dr="user-content-",et=!0,Ae=!1,de={},he=null,Nt=m({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","noscript","plaintext","script","style","svg","template","thead","title","video","xmp"]),Mt=null,Ct=m({},["audio","video","img","source","image","track"]),tt=null,It=m({},["alt","class","for","id","label","name","pattern","placeholder","role","summary","title","value","style","xmlns"]),Me="http://www.w3.org/1998/Math/MathML",Ce="http://www.w3.org/2000/svg",X="http://www.w3.org/1999/xhtml",ve=X,rt=!1,at=null,Nr=m({},[Me,Ce,X],Re),ae,Mr=["application/xhtml+xml","text/html"],Cr="text/html",O,ye=null,Ir=p.createElement("form"),Ut=function(e){return e instanceof RegExp||e instanceof Function},nt=function(e){ye&&ye===e||((!e||n(e)!=="object")&&(e={}),e=fe(e),ae=Mr.indexOf(e.PARSER_MEDIA_TYPE)===-1?ae=Cr:ae=e.PARSER_MEDIA_TYPE,O=ae==="application/xhtml+xml"?Re:pe,L="ALLOWED_TAGS"in e?m({},e.ALLOWED_TAGS,O):Rt,x="ALLOWED_ATTR"in e?m({},e.ALLOWED_ATTR,O):wt,at="ALLOWED_NAMESPACES"in e?m({},e.ALLOWED_NAMESPACES,Re):Nr,tt="ADD_URI_SAFE_ATTR"in e?m(fe(It),e.ADD_URI_SAFE_ATTR,O):It,Mt="ADD_DATA_URI_TAGS"in e?m(fe(Ct),e.ADD_DATA_URI_TAGS,O):Ct,he="FORBID_CONTENTS"in e?m({},e.FORBID_CONTENTS,O):Nt,Te="FORBID_TAGS"in e?m({},e.FORBID_TAGS,O):{},Ke="FORBID_ATTR"in e?m({},e.FORBID_ATTR,O):{},de="USE_PROFILES"in e?e.USE_PROFILES:!1,St=e.ALLOW_ARIA_ATTR!==!1,Ze=e.ALLOW_DATA_ATTR!==!1,Lt=e.ALLOW_UNKNOWN_PROTOCOLS||!1,xt=e.ALLOW_SELF_CLOSE_IN_ATTR!==!1,ue=e.SAFE_FOR_TEMPLATES||!1,re=e.WHOLE_DOCUMENT||!1,me=e.RETURN_DOM||!1,De=e.RETURN_DOM_FRAGMENT||!1,Ne=e.RETURN_TRUSTED_TYPE||!1,Je=e.FORCE_BODY||!1,Ot=e.SANITIZE_DOM!==!1,Dt=e.SANITIZE_NAMED_PROPS||!1,et=e.KEEP_CONTENT!==!1,Ae=e.IN_PLACE||!1,Ve=e.ALLOWED_URI_REGEXP||Ve,ve=e.NAMESPACE||X,e.CUSTOM_ELEMENT_HANDLING&&Ut(e.CUSTOM_ELEMENT_HANDLING.tagNameCheck)&&(R.tagNameCheck=e.CUSTOM_ELEMENT_HANDLING.tagNameCheck),e.CUSTOM_ELEMENT_HANDLING&&Ut(e.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)&&(R.attributeNameCheck=e.CUSTOM_ELEMENT_HANDLING.attributeNameCheck),e.CUSTOM_ELEMENT_HANDLING&&typeof e.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements=="boolean"&&(R.allowCustomizedBuiltInElements=e.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements),ue&&(Ze=!1),De&&(me=!0),de&&(L=m({},f(_t)),x=[],de.html===!0&&(m(L,yt),m(x,Et)),de.svg===!0&&(m(L,ze),m(x,$e),m(x,Se)),de.svgFilters===!0&&(m(L,He),m(x,$e),m(x,Se)),de.mathMl===!0&&(m(L,Ge),m(x,gt),m(x,Se))),e.ADD_TAGS&&(L===Rt&&(L=fe(L)),m(L,e.ADD_TAGS,O)),e.ADD_ATTR&&(x===wt&&(x=fe(x)),m(x,e.ADD_ATTR,O)),e.ADD_URI_SAFE_ATTR&&m(tt,e.ADD_URI_SAFE_ATTR,O),e.FORBID_CONTENTS&&(he===Nt&&(he=fe(he)),m(he,e.FORBID_CONTENTS,O)),et&&(L["#text"]=!0),re&&m(L,["html","head","body"]),L.table&&(m(L,["tbody"]),delete Te.tbody),_&&_(e),ye=e)},kt=m({},["mi","mo","mn","ms","mtext"]),Pt=m({},["foreignobject","desc","title","annotation-xml"]),Ur=m({},["title","style","font","a","script"]),Ie=m({},ze);m(Ie,He),m(Ie,ar);var it=m({},Ge);m(it,nr);var kr=function(e){var t=Be(e);(!t||!t.tagName)&&(t={namespaceURI:ve,tagName:"template"});var o=pe(e.tagName),E=pe(t.tagName);return at[e.namespaceURI]?e.namespaceURI===Ce?t.namespaceURI===X?o==="svg":t.namespaceURI===Me?o==="svg"&&(E==="annotation-xml"||kt[E]):Boolean(Ie[o]):e.namespaceURI===Me?t.namespaceURI===X?o==="math":t.namespaceURI===Ce?o==="math"&&Pt[E]:Boolean(it[o]):e.namespaceURI===X?t.namespaceURI===Ce&&!Pt[E]||t.namespaceURI===Me&&!kt[E]?!1:!it[o]&&(Ur[o]||!Ie[o]):!!(ae==="application/xhtml+xml"&&at[e.namespaceURI]):!1},ne=function(e){ee(i.removed,{element:e});try{e.parentNode.removeChild(e)}catch{e.remove()}},ot=function(e,t){try{ee(i.removed,{attribute:t.getAttributeNode(e),from:t})}catch{ee(i.removed,{attribute:null,from:t})}if(t.removeAttribute(e),e==="is"&&!x[e])if(me||De)try{ne(t)}catch{}else try{t.setAttribute(e,"")}catch{}},Ft=function(e){var t,o;if(Je)e="<remove></remove>"+e;else{var E=Pe(e,/^[\r\n\t ]+/);o=E&&E[0]}ae==="application/xhtml+xml"&&ve===X&&(e='<html xmlns="http://www.w3.org/1999/xhtml"><head></head><body>'+e+"</body></html>");var M=B?B.createHTML(e):e;if(ve===X)try{t=new Er().parseFromString(M,ae)}catch{}if(!t||!t.documentElement){t=We.createDocument(ve,"template",null);try{t.documentElement.innerHTML=rt?Tt:M}catch{}}var G=t.body||t.documentElement;return e&&o&&G.insertBefore(p.createTextNode(o),G.childNodes[0]||null),ve===X?wr.call(t,re?"html":"body")[0]:re?t.documentElement:G},zt=function(e){return Ar.call(e.ownerDocument||e,e,U.SHOW_ELEMENT|U.SHOW_COMMENT|U.SHOW_TEXT,null,!1)},Pr=function(e){return e instanceof _r&&(typeof e.nodeName!="string"||typeof e.textContent!="string"||typeof e.removeChild!="function"||!(e.attributes instanceof yr)||typeof e.removeAttribute!="function"||typeof e.setAttribute!="function"||typeof e.namespaceURI!="string"||typeof e.insertBefore!="function"||typeof e.hasChildNodes!="function")},Ue=function(e){return n(N)==="object"?e instanceof N:e&&n(e)==="object"&&typeof e.nodeType=="number"&&typeof e.nodeName=="string"},V=function(e,t,o){W[e]&&P(W[e],function(E){E.call(i,t,o,ye)})},Ht=function(e){var t;if(V("beforeSanitizeElements",e,null),Pr(e))return ne(e),!0;var o=O(e.nodeName);if(V("uponSanitizeElement",e,{tagName:o,allowedTags:L}),e.hasChildNodes()&&!Ue(e.firstElementChild)&&(!Ue(e.content)||!Ue(e.content.firstElementChild))&&F(/<[/\w]/g,e.innerHTML)&&F(/<[/\w]/g,e.textContent))return ne(e),!0;if(!L[o]||Te[o]){if(!Te[o]&&$t(o)&&(R.tagNameCheck instanceof RegExp&&F(R.tagNameCheck,o)||R.tagNameCheck instanceof Function&&R.tagNameCheck(o)))return!1;if(et&&!he[o]){var E=Be(e)||e.parentNode,M=Tr(e)||e.childNodes;if(M&&E)for(var G=M.length,C=G-1;C>=0;--C)E.insertBefore(gr(M[C],!0),br(e))}return ne(e),!0}return e instanceof S&&!kr(e)||(o==="noscript"||o==="noembed")&&F(/<\/no(script|embed)/i,e.innerHTML)?(ne(e),!0):(ue&&e.nodeType===3&&(t=e.textContent,t=$(t,Ye," "),t=$(t,qe," "),t=$(t,Xe," "),e.textContent!==t&&(ee(i.removed,{element:e.cloneNode()}),e.textContent=t)),V("afterSanitizeElements",e,null),!1)},Gt=function(e,t,o){if(Ot&&(t==="id"||t==="name")&&(o in p||o in Ir))return!1;if(!(Ze&&!Ke[t]&&F(Lr,t))){if(!(St&&F(xr,t))){if(!x[t]||Ke[t]){if(!($t(e)&&(R.tagNameCheck instanceof RegExp&&F(R.tagNameCheck,e)||R.tagNameCheck instanceof Function&&R.tagNameCheck(e))&&(R.attributeNameCheck instanceof RegExp&&F(R.attributeNameCheck,t)||R.attributeNameCheck instanceof Function&&R.attributeNameCheck(t))||t==="is"&&R.allowCustomizedBuiltInElements&&(R.tagNameCheck instanceof RegExp&&F(R.tagNameCheck,o)||R.tagNameCheck instanceof Function&&R.tagNameCheck(o))))return!1}else if(!tt[t]){if(!F(Ve,$(o,At,""))){if(!((t==="src"||t==="xlink:href"||t==="href")&&e!=="script"&&er(o,"data:")===0&&Mt[e])){if(!(Lt&&!F(Or,$(o,At,"")))){if(o)return!1}}}}}}return!0},$t=function(e){return e.indexOf("-")>0},Bt=function(e){var t,o,E,M;V("beforeSanitizeAttributes",e,null);var G=e.attributes;if(G){var C={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:x};for(M=G.length;M--;){t=G[M];var z=t,ie=z.name,st=z.namespaceURI;if(o=ie==="value"?t.value:tr(t.value),E=O(ie),C.attrName=E,C.attrValue=o,C.keepAttr=!0,C.forceKeepAttr=void 0,V("uponSanitizeAttribute",e,C),o=C.attrValue,!C.forceKeepAttr&&(ot(ie,e),!!C.keepAttr)){if(!xt&&F(/\/>/i,o)){ot(ie,e);continue}ue&&(o=$(o,Ye," "),o=$(o,qe," "),o=$(o,Xe," "));var jt=O(e.nodeName);if(Gt(jt,E,o)){if(Dt&&(E==="id"||E==="name")&&(ot(ie,e),o=Dr+o),B&&n(Le)==="object"&&typeof Le.getAttributeType=="function"&&!st)switch(Le.getAttributeType(jt,E)){case"TrustedHTML":o=B.createHTML(o);break;case"TrustedScriptURL":o=B.createScriptURL(o);break}try{st?e.setAttributeNS(st,ie,o):e.setAttribute(ie,o),ge(i.removed)}catch{}}}}V("afterSanitizeAttributes",e,null)}},Fr=function c(e){var t,o=zt(e);for(V("beforeSanitizeShadowDOM",e,null);t=o.nextNode();)V("uponSanitizeShadowNode",t,null),!Ht(t)&&(t.content instanceof y&&c(t.content),Bt(t));V("afterSanitizeShadowDOM",e,null)};return i.sanitize=function(c){var e=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},t,o,E,M;if(rt=!c,rt&&(c="<!-->"),typeof c!="string"&&!Ue(c)){if(typeof c.toString!="function")throw Fe("toString is not a function");if(c=c.toString(),typeof c!="string")throw Fe("dirty is not a string, aborting")}if(!i.isSupported)return c;if(Qe||nt(e),i.removed=[],typeof c=="string"&&(Ae=!1),Ae){if(c.nodeName){var G=O(c.nodeName);if(!L[G]||Te[G])throw Fe("root node is forbidden and cannot be sanitized in-place")}}else if(c instanceof N)t=Ft("<!---->"),o=t.ownerDocument.importNode(c,!0),o.nodeType===1&&o.nodeName==="BODY"||o.nodeName==="HTML"?t=o:t.appendChild(o);else{if(!me&&!ue&&!re&&c.indexOf("<")===-1)return B&&Ne?B.createHTML(c):c;if(t=Ft(c),!t)return me?null:Ne?Tt:""}t&&Je&&ne(t.firstChild);for(var C=zt(Ae?c:t);E=C.nextNode();)Ht(E)||(E.content instanceof y&&Fr(E.content),Bt(E));if(Ae)return c;if(me){if(De)for(M=Rr.call(t.ownerDocument);t.firstChild;)M.appendChild(t.firstChild);else M=t;return(x.shadowroot||x.shadowrootmod)&&(M=Sr.call(s,M,!0)),M}var z=re?t.outerHTML:t.innerHTML;return re&&L["!doctype"]&&t.ownerDocument&&t.ownerDocument.doctype&&t.ownerDocument.doctype.name&&F(mr,t.ownerDocument.doctype.name)&&(z="<!DOCTYPE "+t.ownerDocument.doctype.name+`> | ||
| `+z),ue&&(z=$(z,Ye," "),z=$(z,qe," "),z=$(z,Xe," ")),B&&Ne?B.createHTML(z):z},i.setConfig=function(c){nt(c),Qe=!0},i.clearConfig=function(){ye=null,Qe=!1},i.isValidAttribute=function(c,e,t){ye||nt({});var o=O(c),E=O(e);return Gt(o,E,t)},i.addHook=function(c,e){typeof e=="function"&&(W[c]=W[c]||[],ee(W[c],e))},i.removeHook=function(c){if(W[c])return ge(W[c])},i.removeHooks=function(c){W[c]&&(W[c]=[])},i.removeAllHooks=function(){W={}},i}var vr=bt();return vr})});var lt=[7,8,9,10,11,12,13,27,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255];var Yt=["aaa","aaas","about","acap","acct","acd","acr","adiumxtra","adt","afp","afs","aim","amss","android","appdata","apt","ar","ark","attachment","aw","barion","beshare","bitcoin","bitcoincash","blob","bolo","browserext","cabal","calculator","callto","cap","cast","casts","chrome","chrome-extension","cid","coap","coaps","com-eventbrite-attendee","content","content-type","crid","cstr","cvs","dab","dat","data","dav","diaspora","dict","did","dis","dlna-playcontainer","dlna-playsingle","dns","dntp","doi","dpp","drm","dtmi","dtn","dvb","dvx","dweb","ed2k","eid","elsi","embedded","ens","ethereum","example","facetime","feed","feedready","fido","file","finger","first-run-pen-experience","fish","fm","ftp","fuchsia-pkg","geo","gg","git","gitoid","gizmoproject","go","gopher","graph","gtalk","h323","ham","hcap","hcp","http","https","hxxp","hxxps","hydrazone","hyper","iax","icap","icon","im","imap","info","iotdisco","ipfs","ipn","ipns","ipp","ipps","irc","irc6","ircs","iris","iris.beep","iris.lwz","iris.xpc","iris.xpcs","isostore","itms","jabber","jar","jms","keyparc","lastfm","lbry","ldap","ldaps","leaptofrogans","lorawan","lpa","lvlt","magnet","mailto","maps","market","matrix","message","microsoft.windows.camera","microsoft.windows.camera.multipicker","microsoft.windows.camera.picker","mid","mms","mongodb","moz","moz-extension","ms-access","ms-appinstaller","ms-browser-extension","ms-calculator","ms-drive-to","ms-enrollment","ms-excel","ms-eyecontrolspeech","ms-gamebarservices","ms-gamingoverlay","ms-getoffice","ms-help","ms-infopath","ms-inputapp","ms-lockscreencomponent-config","ms-media-stream-id","ms-meetnow","ms-mixedrealitycapture","ms-mobileplans","ms-newsandinterests","ms-officeapp","ms-people","ms-powerpoint","ms-project","ms-publisher","ms-remotedesktop-launch","ms-restoretabcompanion","ms-screenclip","ms-screensketch","ms-search","ms-search-repair","ms-secondary-screen-controller","ms-secondary-screen-setup","ms-settings","ms-settings-airplanemode","ms-settings-bluetooth","ms-settings-camera","ms-settings-cellular","ms-settings-cloudstorage","ms-settings-connectabledevices","ms-settings-displays-topology","ms-settings-emailandaccounts","ms-settings-language","ms-settings-location","ms-settings-lock","ms-settings-nfctransactions","ms-settings-notifications","ms-settings-power","ms-settings-privacy","ms-settings-proximity","ms-settings-screenrotation","ms-settings-wifi","ms-settings-workplace","ms-spd","ms-stickers","ms-sttoverlay","ms-transit-to","ms-useractivityset","ms-virtualtouchpad","ms-visio","ms-walk-to","ms-whiteboard","ms-whiteboard-cmd","ms-word","msnim","msrp","msrps","mss","mt","mtqp","mumble","mupdate","mvn","news","nfs","ni","nih","nntp","notes","num","ocf","oid","onenote","onenote-cmd","opaquelocktoken","openpgp4fpr","otpauth","palm","paparazzi","payment","payto","pkcs11","platform","pop","pres","proxy","psyc","pttp","pwid","qb","query","quic-transport","redis","rediss","reload","res","resource","rmi","rsync","rtmfp","rtmp","rtsp","rtsps","rtspu","sarif","secondlife","secret-token","service","session","sftp","sgn","shc","sieve","simpleledger","simplex","sip","sips","skype","smb","smp","sms","smtp","snmp","soap.beep","soap.beeps","soldat","spiffe","spotify","ssb","ssh","starknet","steam","stun","stuns","submit","svn","swh","swid","swidpath","tag","taler","teamspeak","tel","teliaeid","telnet","tftp","things","thismessage","tip","tn3270","tool","turn","turns","tv","udp","unreal","urn","ut2004","uuid-in-package","v-event","vemmi","ventrilo","ves","view-source","vnc","vscode","vscode-insiders","vsls","w3","wcr","web3","webcal","wifi","ws","wss","wtai","wyciwyg","xcon","xcon-userid","xfire","xmlrpc.beep","xmlrpc.beeps","xmpp","xri","ymsgr","z39.50r","z39.50s"];var ft=Yr(qt(),1);var K=n=>Object.prototype.toString.call(n).slice(8,-1),k=n=>typeof n=="string"||n instanceof String;var{FileReader:Xt}=window;var _e=16,Vr=/^[\da-z+/\-_=]+$/i,ut=/data:[^,]*,/,Vt=/data:[^,]*;?base64,[\da-z+/\-_=]+/i,Kr=/data:[^,]*,[^"]+/g,ke=/:$/,Zr=/(?:#|%23)$/,Qr=/(?<!(?:#|%23).*)(?:\?|%3F)$/,Jr=/[<>"'\s]/g,ea=/%(?:2(?:2|7)|3(?:C|E))/g,Kt=/%(?:2(?:2|7)|3(?:C|E))+?/,ta=/^(?:text\/(?:ht|x)ml|application\/(?:xhtml\+)?xml|image\/svg\+xml)/,ra=/^\d+/,aa=/#x?$/,na=/^#(?:x(?:00)?[2-7]|\d)/,ia=/^x[\dA-F]+/i,oa=/&#(x(?:00)?[\dA-F]{2}|0?\d{1,3});?/ig,sa=/^[a-z][\da-z+\-.]*$/,la=/^(?:ext|web)\+[a-z]+$/,Zt=/(?:java|vb)script/,mt=/(?:java|vb)script|blob/,ca=/^%[\dA-F]{2}$/i,pa=/%26/g,vt=n=>{if(!k(n))throw new TypeError(`Expected String but got ${K(n)}.`);let a=[];for(let l of n)a.push(`%${l.charCodeAt(0).toString(_e).toUpperCase()}`);return a.join("")},Qt=n=>{k(n)&&ca.test(n)&&(n=n.toUpperCase());let[a,l,u,d,f,b]=["&","#","<",">",'"',"'"].map(vt),h;return n===a?h=`${a}amp;`:n===u?h=`${a}lt;`:n===d?h=`${a}gt;`:n===f?h=`${a}quot;`:n===b?h=`${a}${l}39;`:h=n,h},fa=n=>{if(k(n)){if(!Vr.test(n))throw new Error(`Invalid base64 data: ${n}`)}else throw new TypeError(`Expected String but got ${K(n)}.`);let a=atob(n),l=Uint8Array.from([...a].map(f=>f.charCodeAt(0))),u=new Set(lt),d;return l.every(f=>u.has(f))?d=a.replace(/\s/g,vt):d=n,d},Jt=(n,a=0)=>{if(!k(n))throw new TypeError(`Expected String but got ${K(n)}.`);if(Number.isInteger(a)){if(a>_e)throw new Error("Character references nested too deeply.")}else throw new TypeError(`Expected Number but got ${K(a)}.`);let l=decodeURIComponent(n);if(/&#/.test(l)){let u=new Set(lt),d=[...l.matchAll(oa)].reverse();for(let f of d){let[b,h]=f,T;if(ia.test(h)?T=parseInt(`0${h}`,_e):ra.test(h)&&(T=parseInt(h)),Number.isInteger(T)){let{index:I}=f,[g,v]=[l.substring(0,I),l.substring(I+b.length)];u.has(T)?(l=`${g}${String.fromCharCode(T)}${v}`,(aa.test(g)||na.test(v))&&(l=Jt(l,++a))):T<_e*_e&&(l=`${g}${v}`)}}}return l},ua=n=>new Promise((a,l)=>{let u=new Xt;u.addEventListener("error",()=>l(u.error)),u.addEventListener("abort",()=>a(u.result)),u.addEventListener("load",()=>a(u.result)),u.readAsDataURL(n)}),dt=class{#e;constructor(){this.#e=new Set(Yt)}get(){return[...this.#e]}has(a){return this.#e.has(a)}add(a){if(k(a)){if(Zt.test(a)||!sa.test(a))throw new Error(`Invalid scheme: ${a}`)}else throw new TypeError(`Expected String but got ${K(a)}.`);return this.#e.add(a),[...this.#e]}remove(a){return this.#e.delete(a)}verify(a){let l;if(k(a))try{let{protocol:u}=new URL(a),d=u.replace(ke,""),f=d.split("+");l=!Zt.test(d)&&la.test(d)||f.every(b=>this.#e.has(b))}catch{l=!1}return!!l}},ht=class extends dt{#e;#t;constructor(){super(),this.#e=0,this.#t=new Set}replace(a){if(!k(a))throw new TypeError(`Expected String but got ${K(a)}.`);let l=a;if(ut.test(l)){let d=[...l.matchAll(Kr)].reverse();for(let f of d){let[b]=f;Vt.test(b)&&([b]=Vt.exec(b)),this.#e++,this.#t.add(b);let h=this.sanitize(b,{allow:["data"]}),{index:T}=f,[I,g]=[l.substring(0,T),l.substring(T+b.length)];h?l=`${I}${h}${g}`:l=`${I}${g}`}}return l}purify(a){if(!k(a))throw new TypeError(`Expected String but got ${K(a)}.`);let l=ft.default.sanitize(decodeURIComponent(a));return l&&ut.test(l)&&(l=this.replace(l)),l=l.replace(Zr,"").replace(Qr,""),encodeURI(l)}sanitize(a,l={allow:[],deny:[],only:[]}){if(this.#e>_e)throw this.#e=0,new Error("Data URLs nested too deeply.");let{allow:u,deny:d,only:f,remove:b}=l??{},h=new Map([["blob",!1],["data",!1],["file",!1],["javascrpt",!1],["vbscript",!1]]),T=!1;if(Array.isArray(f)&&f.length){let g=super.get();for(let A of g)h.set(A,!1);let v=Object.values(f);for(let A of v)if(k(A)&&(A=A.trim(),!mt.test(A))){if(super.has(A))h.set(A,!0);else{try{super.add(A)}catch{}super.has(A)&&h.set(A,!0)}!T&&h.has(A)&&(T=h.get(A))}}else{if(Array.isArray(u)&&u.length){let g=Object.values(u);for(let v of g)if(k(v)&&(v=v.trim(),!mt.test(v)))if(super.has(v))h.set(v,!0);else{try{super.add(v)}catch{}super.has(v)&&h.set(v,!0)}}if(Array.isArray(d)&&d.length){let g=Object.values(d);for(let v of g)k(v)&&(v=v.trim(),v&&h.set(v,!1))}}let I;if(super.verify(a)){let{hash:g,href:v,pathname:A,protocol:oe,search:Z}=new URL(a),q=oe.replace(ke,""),se=q.split("+"),le;if(T)le=se.every(j=>h.get(j));else for(let[j,Q]of h.entries())if(le=Q||q!==j&&se.every(_=>_!==j),!le)break;if(le){let j=se.includes("data"),Q,_=v;if(j){let[D,...Ee]=A.split(","),te=`${Ee.join(",")}${Z}${g}`,J=D.split(";"),ce=J[J.length-1]==="base64",P=te;ce&&(P=fa(te));try{let ee=Jt(P).trim(),{protocol:pe}=new URL(ee);pe.replace(ke,"").split("+").some(Pe=>mt.test(Pe))&&(_="")}catch{}let ge=ut.test(P);P!==te||ge?ge?P=this.replace(P):this.#t.has(a)?this.#t.delete(a):Q=!0:this.#t.has(a)?this.#t.delete(a):Q=!0,(!D||ta.test(D))&&(P=this.purify(P)),_&&P?(ce&&P!==te&&J.pop(),_=`${q}:${J.join(";")},${P}`):_=""}else Q=!0;if(!j&&b&&Kt.test(_)){let D=Kt.exec(_),{index:Ee}=D;_=_.substring(0,Ee)}_?(I=_.replace(Jr,vt).replace(pa,Qt),Q&&(j||(I=I.replace(ea,Qt)),this.#e=0)):(I=_,this.#e=0)}}return I||null}parse(a,l){if(!k(a))throw new TypeError(`Expected String but got ${K(a)}.`);let u=new Map([["input",a]]),d;if(this.verify(a)){let{protocol:f}=new URL(a);f==="blob:"?d=a:d=this.sanitize(a,l??{allow:["data","file"]})}if(d){let f=new URL(d),{pathname:b,protocol:h}=f,I=h.replace(ke,"").split("+").includes("data");if(u.set("valid",!0),I){let g=new Map,[v,...A]=b.split(","),oe=`${A.join(",")}`,Z=v.split(";"),q=Z[Z.length-1]==="base64";q&&Z.pop(),g.set("mime",Z.join(";")),g.set("base64",q),g.set("data",oe),u.set("data",Object.fromEntries(g))}else u.set("data",null);for(let g in f){let v=f[g];k(v)&&u.set(g,v)}}else u.set("valid",!1);return Object.fromEntries(u)}},Y=new ht,ma=n=>Y.verify(n),da=async n=>Y.verify(n),ha=n=>Y.parse(n),va=async n=>Y.parse(n),ya=(n,a)=>{let l;if(Y.verify(n)){let{protocol:u}=new URL(n);u==="blob:"?URL.revokeObjectURL(n):l=Y.sanitize(n,a??{allow:[],deny:[],only:[]})}return l||null},_a=async(n,a={allow:[],deny:[],only:[]})=>{let l;if(Y.verify(n)){let{protocol:u}=new URL(n);if(u==="blob:"){let{allow:d,deny:f,only:b}=a;if(Array.isArray(d)&&d.includes("blob")&&!(Array.isArray(f)&&f.includes("blob"))||Array.isArray(b)&&b.includes("blob")){let h;try{h=await fetch(n).then(T=>T.blob()).then(ua)}catch{}if(h){if(Array.isArray(b))b.includes("data")||b.push("data");else if(Array.isArray(d)&&(d.includes("data")||d.push("data"),Array.isArray(f)&&f.includes("data"))){let T=f.indexOf("data");f.splice(T,1)}l=Y.sanitize(h,a)}}URL.revokeObjectURL(n)}else l=Y.sanitize(n,a)}return l||null};export{Y as default,da as isURI,ma as isURISync,va as parseURL,ha as parseURLSync,_a as sanitizeURL,ya as sanitizeURLSync}; | ||
| /*! | ||
@@ -7,0 +7,0 @@ * URL Sanitizer |
@@ -37,3 +37,3 @@ { | ||
| "csvtojson": "^2.0.10", | ||
| "esbuild": "^0.17.8", | ||
| "esbuild": "^0.17.10", | ||
| "eslint": "^8.34.0", | ||
@@ -73,3 +73,3 @@ "eslint-config-standard": "^17.0.0", | ||
| }, | ||
| "version": "0.9.0" | ||
| "version": "0.9.1" | ||
| } |
@@ -165,2 +165,3 @@ # URL Sanitizer | ||
| Parse the given URL. | ||
| * Blob URLs are simply parsed and not yet sanitized. | ||
@@ -254,2 +255,18 @@ ### Parameters | ||
| } */ | ||
| // Note that blob URLs are parsed but not yet sanitized | ||
| const blob4 = new Blob(['<svg><g onload="alert(1)"/></svg>'], { | ||
| type: 'image/svg+xml' | ||
| }); | ||
| const url4 = URL.createObjectURL(blob); | ||
| const res4 = await parseURL(url); | ||
| /* => { | ||
| input: 'blob:nodedata:82ecc5a4-aea8-48d7-a407-64e2ef0913da', | ||
| valid: true, | ||
| data: null, | ||
| href: 'blob:nodedata:82ecc5a4-aea8-48d7-a407-64e2ef0913da', | ||
| origin: 'null', | ||
| protocol: 'blob:', | ||
| pathname: 'nodedata:82ecc5a4-aea8-48d7-a407-64e2ef0913da', | ||
| } */ | ||
| ``` | ||
@@ -256,0 +273,0 @@ |
@@ -554,8 +554,16 @@ /** | ||
| } | ||
| const sanitizedUrl = this.sanitize(url, opt ?? { | ||
| allow: ['blob', 'data', 'file'] | ||
| }); | ||
| const parsedUrl = new Map([ | ||
| ['input', url] | ||
| ]); | ||
| let sanitizedUrl; | ||
| if (this.verify(url)) { | ||
| const { protocol } = new URL(url); | ||
| if (protocol === 'blob:') { | ||
| sanitizedUrl = url; | ||
| } else { | ||
| sanitizedUrl = this.sanitize(url, opt ?? { | ||
| allow: ['data', 'file'] | ||
| }); | ||
| } | ||
| } | ||
| if (sanitizedUrl) { | ||
@@ -562,0 +570,0 @@ const urlObj = new URL(sanitizedUrl); |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by0.43%
585655
- Lines of code
- increased by0.45%
5346
- Number of lines in readme file
- increased by4.19%
423
No dependency changes