tinymce-rails 8.7.0 → 8.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,5 +1,5 @@
1
1
  /**
2
- * TinyMCE version 8.7.0 (2026-07-01)
2
+ * TinyMCE version 8.8.0 (2026-07-15)
3
3
  */
4
4
 
5
5
  (function () {
@@ -18628,7 +18628,7 @@
18628
18628
  }
18629
18629
  };
18630
18630
 
18631
- /*! @license DOMPurify 3.4.5 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.4.5/LICENSE */
18631
+ /*! @license DOMPurify 3.4.11 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.4.11/LICENSE */
18632
18632
 
18633
18633
  function _arrayLikeToArray(r, a) {
18634
18634
  (null == a || a > r.length) && (a = r.length);
@@ -18957,16 +18957,31 @@
18957
18957
  );
18958
18958
  const DOCTYPE_NAME = seal(/^html$/i);
18959
18959
  const CUSTOM_ELEMENT = seal(/^[a-z][.\w]*(-[.\w]+)+$/i);
18960
+ // Markup-significant character probes used by _sanitizeElements.
18961
+ // Shared module-level instances are safe despite the sticky /g flags:
18962
+ // unapply() resets lastIndex for RegExp receivers before every call.
18963
+ const ELEMENT_MARKUP_PROBE = seal(/<[/\w!]/g);
18964
+ const COMMENT_MARKUP_PROBE = seal(/<[/\w]/g);
18965
+ const FALLBACK_TAG_CLOSE = seal(/<\/no(script|embed|frames)/i);
18966
+ const SELF_CLOSING_TAG = seal(/\/>/i);
18960
18967
 
18961
- /* eslint-disable @typescript-eslint/indent */
18962
18968
  // https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType
18963
18969
  const NODE_TYPE = {
18964
18970
  element: 1,
18971
+ attribute: 2,
18965
18972
  text: 3,
18973
+ cdataSection: 4,
18974
+ entityReference: 5,
18966
18975
  // Deprecated
18967
- progressingInstruction: 7,
18976
+ entityNode: 6,
18977
+ // Deprecated
18978
+ processingInstruction: 7,
18968
18979
  comment: 8,
18969
- document: 9};
18980
+ document: 9,
18981
+ documentType: 10,
18982
+ documentFragment: 11,
18983
+ notation: 12 // Deprecated
18984
+ };
18970
18985
  const getGlobal = function getGlobal() {
18971
18986
  return typeof window === 'undefined' ? null : window;
18972
18987
  };
@@ -19021,10 +19036,25 @@
19021
19036
  uponSanitizeShadowNode: []
19022
19037
  };
19023
19038
  };
19039
+ /**
19040
+ * Resolve a set-valued configuration option: a fresh set built from
19041
+ * cfg[key] when it is an own array property (seeded with a clone of
19042
+ * options.base when given, case-normalized via options.transform),
19043
+ * the fallback set otherwise.
19044
+ *
19045
+ * @param cfg the cloned, prototype-free configuration object
19046
+ * @param key the configuration property to read
19047
+ * @param fallback the set to use when the option is absent or not an array
19048
+ * @param options transform and optional base set to merge into
19049
+ * @returns the resolved set
19050
+ */
19051
+ const _resolveSetOption = function _resolveSetOption(cfg, key, fallback, options) {
19052
+ return objectHasOwnProperty(cfg, key) && arrayIsArray(cfg[key]) ? addToSet(options.base ? clone(options.base) : {}, cfg[key], options.transform) : fallback;
19053
+ };
19024
19054
  function createDOMPurify() {
19025
19055
  let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal();
19026
19056
  const DOMPurify = root => createDOMPurify(root);
19027
- DOMPurify.version = '3.4.5';
19057
+ DOMPurify.version = '3.4.11';
19028
19058
  DOMPurify.removed = [];
19029
19059
  if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document || !window.Element) {
19030
19060
  // Not running in a browser, provide a factory function
@@ -19035,15 +19065,15 @@
19035
19065
  let document = window.document;
19036
19066
  const originalDocument = document;
19037
19067
  const currentScript = originalDocument.currentScript;
19038
- const DocumentFragment = window.DocumentFragment,
19039
- HTMLTemplateElement = window.HTMLTemplateElement,
19068
+ window.DocumentFragment;
19069
+ const HTMLTemplateElement = window.HTMLTemplateElement,
19040
19070
  Node = window.Node,
19041
19071
  Element = window.Element,
19042
19072
  NodeFilter = window.NodeFilter,
19043
- _window$NamedNodeMap = window.NamedNodeMap,
19044
- NamedNodeMap = _window$NamedNodeMap === void 0 ? window.NamedNodeMap || window.MozNamedAttrMap : _window$NamedNodeMap,
19045
- HTMLFormElement = window.HTMLFormElement,
19046
- DOMParser = window.DOMParser,
19073
+ _window$NamedNodeMap = window.NamedNodeMap;
19074
+ _window$NamedNodeMap === void 0 ? window.NamedNodeMap || window.MozNamedAttrMap : _window$NamedNodeMap;
19075
+ window.HTMLFormElement;
19076
+ const DOMParser = window.DOMParser,
19047
19077
  trustedTypes = window.trustedTypes;
19048
19078
  const ElementPrototype = Element.prototype;
19049
19079
  const cloneNode = lookupGetter(ElementPrototype, 'cloneNode');
@@ -19051,7 +19081,10 @@
19051
19081
  const getNextSibling = lookupGetter(ElementPrototype, 'nextSibling');
19052
19082
  const getChildNodes = lookupGetter(ElementPrototype, 'childNodes');
19053
19083
  const getParentNode = lookupGetter(ElementPrototype, 'parentNode');
19084
+ const getShadowRoot = lookupGetter(ElementPrototype, 'shadowRoot');
19085
+ const getAttributes = lookupGetter(ElementPrototype, 'attributes');
19054
19086
  const getNodeType = Node && Node.prototype ? lookupGetter(Node.prototype, 'nodeType') : null;
19087
+ const getNodeName = Node && Node.prototype ? lookupGetter(Node.prototype, 'nodeName') : null;
19055
19088
  // As per issue #47, the web-components registry is inherited by a
19056
19089
  // new document created via createHTMLDocument. As per the spec
19057
19090
  // (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)
@@ -19066,6 +19099,54 @@
19066
19099
  }
19067
19100
  let trustedTypesPolicy;
19068
19101
  let emptyHTML = '';
19102
+ // The instance's own internal Trusted Types policy. Unlike a caller-supplied
19103
+ // `TRUSTED_TYPES_POLICY`, this is created at most once — Trusted Types throws
19104
+ // on duplicate policy names — and is the only policy allowed to persist
19105
+ // across configurations and survive `clearConfig()`.
19106
+ let defaultTrustedTypesPolicy;
19107
+ let defaultTrustedTypesPolicyResolved = false;
19108
+ // Tracks whether we are already inside a call to the configured Trusted Types
19109
+ // policy (`createHTML` or `createScriptURL`). If a supplied policy callback
19110
+ // itself calls `DOMPurify.sanitize` (the cause of #1422), `sanitize` would
19111
+ // re-enter the policy and recurse until the stack overflows. We detect that
19112
+ // re-entry and throw a clear, actionable error instead. The guard is shared
19113
+ // across both callbacks, because either one re-entering `sanitize` triggers
19114
+ // the same unbounded recursion.
19115
+ let IN_TRUSTED_TYPES_POLICY = 0;
19116
+ const _assertNotInTrustedTypesPolicy = function _assertNotInTrustedTypesPolicy() {
19117
+ if (IN_TRUSTED_TYPES_POLICY > 0) {
19118
+ throw typeErrorCreate('A configured TRUSTED_TYPES_POLICY callback (createHTML or ' + 'createScriptURL) must not call DOMPurify.sanitize, as that causes ' + 'infinite recursion. Do not pass a policy whose callbacks wrap ' + 'DOMPurify as TRUSTED_TYPES_POLICY; see the "DOMPurify and Trusted ' + 'Types" section of the README.');
19119
+ }
19120
+ };
19121
+ const _createTrustedHTML = function _createTrustedHTML(html) {
19122
+ _assertNotInTrustedTypesPolicy();
19123
+ IN_TRUSTED_TYPES_POLICY++;
19124
+ try {
19125
+ return trustedTypesPolicy.createHTML(html);
19126
+ } finally {
19127
+ IN_TRUSTED_TYPES_POLICY--;
19128
+ }
19129
+ };
19130
+ const _createTrustedScriptURL = function _createTrustedScriptURL(scriptUrl) {
19131
+ _assertNotInTrustedTypesPolicy();
19132
+ IN_TRUSTED_TYPES_POLICY++;
19133
+ try {
19134
+ return trustedTypesPolicy.createScriptURL(scriptUrl);
19135
+ } finally {
19136
+ IN_TRUSTED_TYPES_POLICY--;
19137
+ }
19138
+ };
19139
+ // Lazily resolve (and cache) the instance's internal default policy.
19140
+ // Resolution is attempted at most once: a successful `createPolicy` cannot be
19141
+ // repeated (Trusted Types throws on duplicate names), and a failed or
19142
+ // unsupported attempt must not be retried on every parse.
19143
+ const _getDefaultTrustedTypesPolicy = function _getDefaultTrustedTypesPolicy() {
19144
+ if (!defaultTrustedTypesPolicyResolved) {
19145
+ defaultTrustedTypesPolicy = _createTrustedTypesPolicy(trustedTypes, currentScript);
19146
+ defaultTrustedTypesPolicyResolved = true;
19147
+ }
19148
+ return defaultTrustedTypesPolicy;
19149
+ };
19069
19150
  const _document = document,
19070
19151
  implementation = _document.implementation,
19071
19152
  createNodeIterator = _document.createNodeIterator,
@@ -19162,6 +19243,13 @@
19162
19243
  let WHOLE_DOCUMENT = false;
19163
19244
  /* Track whether config is already set on this instance of DOMPurify. */
19164
19245
  let SET_CONFIG = false;
19246
+ /* Pristine allowlist bindings captured at setConfig() time. On the
19247
+ * persistent-config path sanitize() restores the sets from these before
19248
+ * the per-walk hook clone-guard, so a hook's in-call widening cannot
19249
+ * carry across calls. Null until setConfig() is called; reset by
19250
+ * clearConfig(). */
19251
+ let SET_CONFIG_ALLOWED_TAGS = null;
19252
+ let SET_CONFIG_ALLOWED_ATTR = null;
19165
19253
  /* Decide if all elements (e.g. style, script) must be children of
19166
19254
  * document.body. By default, browsers might move them to document.head */
19167
19255
  let FORCE_BODY = false;
@@ -19204,7 +19292,17 @@
19204
19292
  let USE_PROFILES = {};
19205
19293
  /* Tags to ignore content of when KEEP_CONTENT is true */
19206
19294
  let FORBID_CONTENTS = null;
19207
- const DEFAULT_FORBID_CONTENTS = addToSet({}, ['annotation-xml', 'audio', 'colgroup', 'desc', 'foreignobject', 'head', 'iframe', 'math', 'mi', 'mn', 'mo', 'ms', 'mtext', 'noembed', 'noframes', 'noscript', 'plaintext', 'script', 'style', 'svg', 'template', 'thead', 'title', 'video', 'xmp']);
19295
+ const DEFAULT_FORBID_CONTENTS = addToSet({}, ['annotation-xml', 'audio', 'colgroup', 'desc', 'foreignobject', 'head', 'iframe', 'math', 'mi', 'mn', 'mo', 'ms', 'mtext', 'noembed', 'noframes', 'noscript', 'plaintext', 'script',
19296
+ // <selectedcontent> mirrors the selected <option>'s subtree, cloned by
19297
+ // the UA (customizable <select>) — including any on* handlers — and the
19298
+ // engine re-mirrors synchronously whenever a removal changes which
19299
+ // option/selectedcontent is current, even inside DOMPurify's inert
19300
+ // DOMParser document. Hoisting its children on removal re-inserts a fresh
19301
+ // mirror target ahead of the walk, which the engine refills, looping
19302
+ // forever (DoS) and amplifying output. Dropping its content on removal
19303
+ // (rather than hoisting) breaks that cascade; the content is a duplicate
19304
+ // of the option, which is sanitized on its own. See campaign-3 F1/F6.
19305
+ 'selectedcontent', 'style', 'svg', 'template', 'thead', 'title', 'video', 'xmp']);
19208
19306
  /* Tags that are safe for data: URIs */
19209
19307
  let DATA_URI_TAGS = null;
19210
19308
  const DEFAULT_DATA_URI_TAGS = addToSet({}, ['audio', 'video', 'img', 'source', 'image', 'track']);
@@ -19220,8 +19318,10 @@
19220
19318
  /* Allowed XHTML+XML namespaces */
19221
19319
  let ALLOWED_NAMESPACES = null;
19222
19320
  const DEFAULT_ALLOWED_NAMESPACES = addToSet({}, [MATHML_NAMESPACE, SVG_NAMESPACE, HTML_NAMESPACE], stringToString);
19223
- let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, ['mi', 'mo', 'mn', 'ms', 'mtext']);
19224
- let HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']);
19321
+ const DEFAULT_MATHML_TEXT_INTEGRATION_POINTS = freeze(['mi', 'mo', 'mn', 'ms', 'mtext']);
19322
+ let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, DEFAULT_MATHML_TEXT_INTEGRATION_POINTS);
19323
+ const DEFAULT_HTML_INTEGRATION_POINTS = freeze(['annotation-xml']);
19324
+ let HTML_INTEGRATION_POINTS = addToSet({}, DEFAULT_HTML_INTEGRATION_POINTS);
19225
19325
  // Certain elements are allowed in both SVG and HTML
19226
19326
  // namespace. We need to specify them explicitly
19227
19327
  // so that they don't get erroneously deleted from
@@ -19263,14 +19363,32 @@
19263
19363
  // HTML tags and attributes are not case-sensitive, converting to lowercase. Keeping XHTML as is.
19264
19364
  transformCaseFunc = PARSER_MEDIA_TYPE === 'application/xhtml+xml' ? stringToString : stringToLowerCase;
19265
19365
  /* Set configuration parameters */
19266
- ALLOWED_TAGS = objectHasOwnProperty(cfg, 'ALLOWED_TAGS') && arrayIsArray(cfg.ALLOWED_TAGS) ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc) : DEFAULT_ALLOWED_TAGS;
19267
- ALLOWED_ATTR = objectHasOwnProperty(cfg, 'ALLOWED_ATTR') && arrayIsArray(cfg.ALLOWED_ATTR) ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc) : DEFAULT_ALLOWED_ATTR;
19268
- ALLOWED_NAMESPACES = objectHasOwnProperty(cfg, 'ALLOWED_NAMESPACES') && arrayIsArray(cfg.ALLOWED_NAMESPACES) ? addToSet({}, cfg.ALLOWED_NAMESPACES, stringToString) : DEFAULT_ALLOWED_NAMESPACES;
19269
- URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR') && arrayIsArray(cfg.ADD_URI_SAFE_ATTR) ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), cfg.ADD_URI_SAFE_ATTR, transformCaseFunc) : DEFAULT_URI_SAFE_ATTRIBUTES;
19270
- DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS') && arrayIsArray(cfg.ADD_DATA_URI_TAGS) ? addToSet(clone(DEFAULT_DATA_URI_TAGS), cfg.ADD_DATA_URI_TAGS, transformCaseFunc) : DEFAULT_DATA_URI_TAGS;
19271
- FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS') && arrayIsArray(cfg.FORBID_CONTENTS) ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc) : DEFAULT_FORBID_CONTENTS;
19272
- FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS') && arrayIsArray(cfg.FORBID_TAGS) ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) : clone({});
19273
- FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR') && arrayIsArray(cfg.FORBID_ATTR) ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) : clone({});
19366
+ ALLOWED_TAGS = _resolveSetOption(cfg, 'ALLOWED_TAGS', DEFAULT_ALLOWED_TAGS, {
19367
+ transform: transformCaseFunc
19368
+ });
19369
+ ALLOWED_ATTR = _resolveSetOption(cfg, 'ALLOWED_ATTR', DEFAULT_ALLOWED_ATTR, {
19370
+ transform: transformCaseFunc
19371
+ });
19372
+ ALLOWED_NAMESPACES = _resolveSetOption(cfg, 'ALLOWED_NAMESPACES', DEFAULT_ALLOWED_NAMESPACES, {
19373
+ transform: stringToString
19374
+ });
19375
+ URI_SAFE_ATTRIBUTES = _resolveSetOption(cfg, 'ADD_URI_SAFE_ATTR', DEFAULT_URI_SAFE_ATTRIBUTES, {
19376
+ transform: transformCaseFunc,
19377
+ base: DEFAULT_URI_SAFE_ATTRIBUTES
19378
+ });
19379
+ DATA_URI_TAGS = _resolveSetOption(cfg, 'ADD_DATA_URI_TAGS', DEFAULT_DATA_URI_TAGS, {
19380
+ transform: transformCaseFunc,
19381
+ base: DEFAULT_DATA_URI_TAGS
19382
+ });
19383
+ FORBID_CONTENTS = _resolveSetOption(cfg, 'FORBID_CONTENTS', DEFAULT_FORBID_CONTENTS, {
19384
+ transform: transformCaseFunc
19385
+ });
19386
+ FORBID_TAGS = _resolveSetOption(cfg, 'FORBID_TAGS', clone({}), {
19387
+ transform: transformCaseFunc
19388
+ });
19389
+ FORBID_ATTR = _resolveSetOption(cfg, 'FORBID_ATTR', clone({}), {
19390
+ transform: transformCaseFunc
19391
+ });
19274
19392
  USE_PROFILES = objectHasOwnProperty(cfg, 'USE_PROFILES') ? cfg.USE_PROFILES && typeof cfg.USE_PROFILES === 'object' ? clone(cfg.USE_PROFILES) : cfg.USE_PROFILES : false;
19275
19393
  ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true
19276
19394
  ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true
@@ -19289,8 +19407,8 @@
19289
19407
  IN_PLACE = cfg.IN_PLACE || false; // Default false
19290
19408
  IS_ALLOWED_URI$1 = isRegex(cfg.ALLOWED_URI_REGEXP) ? cfg.ALLOWED_URI_REGEXP : IS_ALLOWED_URI; // Default regexp
19291
19409
  NAMESPACE = typeof cfg.NAMESPACE === 'string' ? cfg.NAMESPACE : HTML_NAMESPACE; // Default HTML namespace
19292
- MATHML_TEXT_INTEGRATION_POINTS = objectHasOwnProperty(cfg, 'MATHML_TEXT_INTEGRATION_POINTS') && cfg.MATHML_TEXT_INTEGRATION_POINTS && typeof cfg.MATHML_TEXT_INTEGRATION_POINTS === 'object' ? clone(cfg.MATHML_TEXT_INTEGRATION_POINTS) : addToSet({}, ['mi', 'mo', 'mn', 'ms', 'mtext']); // Default built-in map
19293
- HTML_INTEGRATION_POINTS = objectHasOwnProperty(cfg, 'HTML_INTEGRATION_POINTS') && cfg.HTML_INTEGRATION_POINTS && typeof cfg.HTML_INTEGRATION_POINTS === 'object' ? clone(cfg.HTML_INTEGRATION_POINTS) : addToSet({}, ['annotation-xml']); // Default built-in map
19410
+ MATHML_TEXT_INTEGRATION_POINTS = objectHasOwnProperty(cfg, 'MATHML_TEXT_INTEGRATION_POINTS') && cfg.MATHML_TEXT_INTEGRATION_POINTS && typeof cfg.MATHML_TEXT_INTEGRATION_POINTS === 'object' ? clone(cfg.MATHML_TEXT_INTEGRATION_POINTS) : addToSet({}, DEFAULT_MATHML_TEXT_INTEGRATION_POINTS); // Default built-in map
19411
+ HTML_INTEGRATION_POINTS = objectHasOwnProperty(cfg, 'HTML_INTEGRATION_POINTS') && cfg.HTML_INTEGRATION_POINTS && typeof cfg.HTML_INTEGRATION_POINTS === 'object' ? clone(cfg.HTML_INTEGRATION_POINTS) : addToSet({}, DEFAULT_HTML_INTEGRATION_POINTS); // Default built-in map
19294
19412
  const customElementHandling = objectHasOwnProperty(cfg, 'CUSTOM_ELEMENT_HANDLING') && cfg.CUSTOM_ELEMENT_HANDLING && typeof cfg.CUSTOM_ELEMENT_HANDLING === 'object' ? clone(cfg.CUSTOM_ELEMENT_HANDLING) : create$7(null);
19295
19413
  CUSTOM_ELEMENT_HANDLING = create$7(null);
19296
19414
  if (objectHasOwnProperty(customElementHandling, 'tagNameCheck') && isRegexOrFunction(customElementHandling.tagNameCheck)) {
@@ -19302,6 +19420,7 @@
19302
19420
  if (objectHasOwnProperty(customElementHandling, 'allowCustomizedBuiltInElements') && typeof customElementHandling.allowCustomizedBuiltInElements === 'boolean') {
19303
19421
  CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements = customElementHandling.allowCustomizedBuiltInElements; // Default undefined
19304
19422
  }
19423
+ seal(CUSTOM_ELEMENT_HANDLING);
19305
19424
  if (SAFE_FOR_TEMPLATES) {
19306
19425
  ALLOW_DATA_ATTR = false;
19307
19426
  }
@@ -19385,6 +19504,13 @@
19385
19504
  addToSet(ALLOWED_TAGS, ['tbody']);
19386
19505
  delete FORBID_TAGS.tbody;
19387
19506
  }
19507
+ // Re-derive the active Trusted Types policy from this configuration on
19508
+ // every parse. The active policy must never be sticky closure state that
19509
+ // outlives the config that set it: a caller-supplied policy left in place
19510
+ // after `clearConfig()` — or after a later call that supplied none, or
19511
+ // `TRUSTED_TYPES_POLICY: null` — could sign a subsequent "default"
19512
+ // `RETURN_TRUSTED_TYPE` result with a foreign, possibly unsafe policy.
19513
+ // See GHSA-vxr8-fq34-vvx9.
19388
19514
  if (cfg.TRUSTED_TYPES_POLICY) {
19389
19515
  if (typeof cfg.TRUSTED_TYPES_POLICY.createHTML !== 'function') {
19390
19516
  throw typeErrorCreate('TRUSTED_TYPES_POLICY configuration option must provide a "createHTML" hook.');
@@ -19392,18 +19518,45 @@
19392
19518
  if (typeof cfg.TRUSTED_TYPES_POLICY.createScriptURL !== 'function') {
19393
19519
  throw typeErrorCreate('TRUSTED_TYPES_POLICY configuration option must provide a "createScriptURL" hook.');
19394
19520
  }
19395
- // Overwrite existing TrustedTypes policy.
19521
+ // A caller-supplied policy applies to this configuration only.
19522
+ const previousTrustedTypesPolicy = trustedTypesPolicy;
19396
19523
  trustedTypesPolicy = cfg.TRUSTED_TYPES_POLICY;
19397
- // Sign local variables required by `sanitize`.
19398
- emptyHTML = trustedTypesPolicy.createHTML('');
19524
+ // Sign local variables required by `sanitize`. If the supplied policy's
19525
+ // `createHTML` is circular (i.e. it calls `DOMPurify.sanitize`), this
19526
+ // throws via the re-entrancy guard. Restore the previous policy first so
19527
+ // the instance is not left in a poisoned state. See #1422.
19528
+ try {
19529
+ emptyHTML = _createTrustedHTML('');
19530
+ } catch (error) {
19531
+ trustedTypesPolicy = previousTrustedTypesPolicy;
19532
+ throw error;
19533
+ }
19534
+ } else if (cfg.TRUSTED_TYPES_POLICY === null) {
19535
+ // Explicit opt-out for this call: perform no Trusted Types signing and
19536
+ // create nothing (so a strict `trusted-types` CSP that disallows a
19537
+ // `dompurify` policy can still call `sanitize` from inside its own
19538
+ // policy — see #1422). Resetting to `undefined` rather than a sticky
19539
+ // `null` also drops any previously retained caller policy, so it cannot
19540
+ // resurface on a later call, while still allowing the next config-less
19541
+ // call to restore the internal default policy. See GHSA-vxr8-fq34-vvx9.
19542
+ trustedTypesPolicy = undefined;
19543
+ emptyHTML = '';
19399
19544
  } else {
19400
- // Uninitialized policy, attempt to initialize the internal dompurify policy.
19545
+ // No policy supplied: keep the currently active policy if one is set — a
19546
+ // previously supplied policy is intentionally sticky across config-less
19547
+ // calls — otherwise fall back to the instance's own internal policy,
19548
+ // created at most once. (A policy supplied for a *single* call still
19549
+ // lingers by design; what must not linger is a policy whose configuration
19550
+ // has been torn down via `clearConfig()`, which restores the default.)
19401
19551
  if (trustedTypesPolicy === undefined) {
19402
- trustedTypesPolicy = _createTrustedTypesPolicy(trustedTypes, currentScript);
19552
+ trustedTypesPolicy = _getDefaultTrustedTypesPolicy();
19403
19553
  }
19404
- // If creating the internal policy succeeded sign internal variables.
19405
- if (trustedTypesPolicy !== null && typeof emptyHTML === 'string') {
19406
- emptyHTML = trustedTypesPolicy.createHTML('');
19554
+ // Sign internal variables only when a policy is active. A falsy policy
19555
+ // (Trusted Types unsupported, creation failed, or an explicit opt-out)
19556
+ // leaves `emptyHTML` as a plain string, so we never call `.createHTML` on
19557
+ // a non-policy and throw. See #1422.
19558
+ if (trustedTypesPolicy && typeof emptyHTML === 'string') {
19559
+ emptyHTML = _createTrustedHTML('');
19407
19560
  }
19408
19561
  }
19409
19562
  // Prevent further manipulation of configuration.
@@ -19418,6 +19571,77 @@
19418
19571
  * correctly. */
19419
19572
  const ALL_SVG_TAGS = addToSet({}, [...svg$1, ...svgFilters, ...svgDisallowed]);
19420
19573
  const ALL_MATHML_TAGS = addToSet({}, [...mathMl$1, ...mathMlDisallowed]);
19574
+ /**
19575
+ * Namespace rules for an element in the SVG namespace.
19576
+ *
19577
+ * @param tagName the element's lowercase tag name
19578
+ * @param parent the (possibly simulated) parent node
19579
+ * @param parentTagName the parent's lowercase tag name
19580
+ * @returns true if a spec-compliant parser could produce this element
19581
+ */
19582
+ const _checkSvgNamespace = function _checkSvgNamespace(tagName, parent, parentTagName) {
19583
+ // The only way to switch from HTML namespace to SVG
19584
+ // is via <svg>. If it happens via any other tag, then
19585
+ // it should be killed.
19586
+ if (parent.namespaceURI === HTML_NAMESPACE) {
19587
+ return tagName === 'svg';
19588
+ }
19589
+ // The only way to switch from MathML to SVG is via <svg>
19590
+ // if the parent is either <annotation-xml> or a MathML
19591
+ // text integration point.
19592
+ if (parent.namespaceURI === MATHML_NAMESPACE) {
19593
+ return tagName === 'svg' && (parentTagName === 'annotation-xml' || MATHML_TEXT_INTEGRATION_POINTS[parentTagName]);
19594
+ }
19595
+ // We only allow elements that are defined in SVG
19596
+ // spec. All others are disallowed in SVG namespace.
19597
+ return Boolean(ALL_SVG_TAGS[tagName]);
19598
+ };
19599
+ /**
19600
+ * Namespace rules for an element in the MathML namespace.
19601
+ *
19602
+ * @param tagName the element's lowercase tag name
19603
+ * @param parent the (possibly simulated) parent node
19604
+ * @param parentTagName the parent's lowercase tag name
19605
+ * @returns true if a spec-compliant parser could produce this element
19606
+ */
19607
+ const _checkMathMlNamespace = function _checkMathMlNamespace(tagName, parent, parentTagName) {
19608
+ // The only way to switch from HTML namespace to MathML
19609
+ // is via <math>. If it happens via any other tag, then
19610
+ // it should be killed.
19611
+ if (parent.namespaceURI === HTML_NAMESPACE) {
19612
+ return tagName === 'math';
19613
+ }
19614
+ // The only way to switch from SVG to MathML is via
19615
+ // <math> and HTML integration points
19616
+ if (parent.namespaceURI === SVG_NAMESPACE) {
19617
+ return tagName === 'math' && HTML_INTEGRATION_POINTS[parentTagName];
19618
+ }
19619
+ // We only allow elements that are defined in MathML
19620
+ // spec. All others are disallowed in MathML namespace.
19621
+ return Boolean(ALL_MATHML_TAGS[tagName]);
19622
+ };
19623
+ /**
19624
+ * Namespace rules for an element in the HTML namespace.
19625
+ *
19626
+ * @param tagName the element's lowercase tag name
19627
+ * @param parent the (possibly simulated) parent node
19628
+ * @param parentTagName the parent's lowercase tag name
19629
+ * @returns true if a spec-compliant parser could produce this element
19630
+ */
19631
+ const _checkHtmlNamespace = function _checkHtmlNamespace(tagName, parent, parentTagName) {
19632
+ // The only way to switch from SVG to HTML is via
19633
+ // HTML integration points, and from MathML to HTML
19634
+ // is via MathML text integration points
19635
+ if (parent.namespaceURI === SVG_NAMESPACE && !HTML_INTEGRATION_POINTS[parentTagName]) {
19636
+ return false;
19637
+ }
19638
+ if (parent.namespaceURI === MATHML_NAMESPACE && !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]) {
19639
+ return false;
19640
+ }
19641
+ // We disallow tags that are specific for MathML
19642
+ // or SVG and should never appear in HTML namespace
19643
+ return !ALL_MATHML_TAGS[tagName] && (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName]);
19644
+ };
19421
19645
  /**
19422
19646
  * @param element a DOM element whose namespace is being checked
19423
19647
  * @returns Return false if the element has a
@@ -19440,51 +19664,13 @@
19440
19664
  return false;
19441
19665
  }
19442
19666
  if (element.namespaceURI === SVG_NAMESPACE) {
19443
- // The only way to switch from HTML namespace to SVG
19444
- // is via <svg>. If it happens via any other tag, then
19445
- // it should be killed.
19446
- if (parent.namespaceURI === HTML_NAMESPACE) {
19447
- return tagName === 'svg';
19448
- }
19449
- // The only way to switch from MathML to SVG is via`
19450
- // svg if parent is either <annotation-xml> or MathML
19451
- // text integration points.
19452
- if (parent.namespaceURI === MATHML_NAMESPACE) {
19453
- return tagName === 'svg' && (parentTagName === 'annotation-xml' || MATHML_TEXT_INTEGRATION_POINTS[parentTagName]);
19454
- }
19455
- // We only allow elements that are defined in SVG
19456
- // spec. All others are disallowed in SVG namespace.
19457
- return Boolean(ALL_SVG_TAGS[tagName]);
19667
+ return _checkSvgNamespace(tagName, parent, parentTagName);
19458
19668
  }
19459
19669
  if (element.namespaceURI === MATHML_NAMESPACE) {
19460
- // The only way to switch from HTML namespace to MathML
19461
- // is via <math>. If it happens via any other tag, then
19462
- // it should be killed.
19463
- if (parent.namespaceURI === HTML_NAMESPACE) {
19464
- return tagName === 'math';
19465
- }
19466
- // The only way to switch from SVG to MathML is via
19467
- // <math> and HTML integration points
19468
- if (parent.namespaceURI === SVG_NAMESPACE) {
19469
- return tagName === 'math' && HTML_INTEGRATION_POINTS[parentTagName];
19470
- }
19471
- // We only allow elements that are defined in MathML
19472
- // spec. All others are disallowed in MathML namespace.
19473
- return Boolean(ALL_MATHML_TAGS[tagName]);
19670
+ return _checkMathMlNamespace(tagName, parent, parentTagName);
19474
19671
  }
19475
19672
  if (element.namespaceURI === HTML_NAMESPACE) {
19476
- // The only way to switch from SVG to HTML is via
19477
- // HTML integration points, and from MathML to HTML
19478
- // is via MathML text integration points
19479
- if (parent.namespaceURI === SVG_NAMESPACE && !HTML_INTEGRATION_POINTS[parentTagName]) {
19480
- return false;
19481
- }
19482
- if (parent.namespaceURI === MATHML_NAMESPACE && !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]) {
19483
- return false;
19484
- }
19485
- // We disallow tags that are specific for MathML
19486
- // or SVG and should never appear in HTML namespace
19487
- return !ALL_MATHML_TAGS[tagName] && (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName]);
19673
+ return _checkHtmlNamespace(tagName, parent, parentTagName);
19488
19674
  }
19489
19675
  // For XHTML and XML documents that support custom namespaces
19490
19676
  if (PARSER_MEDIA_TYPE === 'application/xhtml+xml' && ALLOWED_NAMESPACES[element.namespaceURI]) {
@@ -19509,7 +19695,74 @@
19509
19695
  // eslint-disable-next-line unicorn/prefer-dom-node-remove
19510
19696
  getParentNode(node).removeChild(node);
19511
19697
  } catch (_) {
19698
+ /* The normal detach failed — this is reached for a parentless node
19699
+ (getParentNode() is null, so .removeChild throws). Element.prototype
19700
+ .remove() is itself a spec no-op on a parentless node, so a recorded
19701
+ "removal" would otherwise hand the caller back an intact,
19702
+ payload-bearing node (e.g. a detached IN_PLACE root the mXSS canary or
19703
+ the style-with-element-child rule decided to kill). Fail closed by
19704
+ throwing — exactly as a clobbered root does at the IN_PLACE entry —
19705
+ rather than trying to "neutralize" the node via its own methods.
19706
+ Neutralizing would mean calling getAttributeNames()/removeAttribute()
19707
+ on the node, both of which a <form> root can clobber via a named child
19708
+ (and _isClobbered does not even probe getAttributeNames), so the
19709
+ neutralize step could itself be silently defeated, leaving the payload
19710
+ intact. A throw touches only the cached, clobber-safe remove() and
19711
+ getParentNode(). Generalizes GHSA-r47g-fvhr-h676 (clobbered-form root)
19712
+ to every root-kill reason. REPORT-3.
19713
+ This lives inside the catch, so it never fires for a normally-removed
19714
+ in-tree node: those have a parent, removeChild() succeeds, and the
19715
+ catch is not entered. Only a kept (parentless) root reaches here. */
19512
19716
  remove(node);
19717
+ if (!getParentNode(node)) {
19718
+ throw typeErrorCreate('a node selected for removal could not be detached from its tree ' + 'and cannot be safely returned; refusing to sanitize in place');
19719
+ }
19720
+ }
19721
+ };
19722
+ /**
19723
+ * _neutralizeRoot
19724
+ *
19725
+ * Fail-closed teardown of an in-place root after the sanitize walk aborts
19726
+ * (campaign-3 F2). An internal throw mid-walk — e.g. a page-registered
19727
+ * custom element's reaction detaches a node so `_forceRemove`'s deliberate
19728
+ * parentless guard throws, or any other re-entrant engine mutation — would
19729
+ * otherwise leave the caller's *live* tree half-sanitized, with everything
19730
+ * after the abort point still carrying its handlers. There is no safe way
19731
+ * to resume the walk (the tree mutated under us), so we strip the root bare:
19732
+ * remove every child and every attribute, then let the caller's catch see
19733
+ * the original error. Clobber-safe (cached `remove`/`childNodes`/`attributes`
19734
+ * getters; the root was already clobber-pre-flighted at the IN_PLACE entry).
19735
+ *
19736
+ * @param root the in-place root to empty
19737
+ */
19738
+ const _neutralizeRoot = function _neutralizeRoot(root) {
19739
+ const childNodes = getChildNodes(root);
19740
+ if (childNodes) {
19741
+ const snapshot = [];
19742
+ arrayForEach(childNodes, child => {
19743
+ arrayPush(snapshot, child);
19744
+ });
19745
+ arrayForEach(snapshot, child => {
19746
+ try {
19747
+ remove(child);
19748
+ } catch (_) {
19749
+ /* Best-effort teardown; a still-attached child is handled below */
19750
+ }
19751
+ });
19752
+ }
19753
+ const attributes = getAttributes(root);
19754
+ if (attributes) {
19755
+ for (let i = attributes.length - 1; i >= 0; --i) {
19756
+ const attribute = attributes[i];
19757
+ const name = attribute && attribute.name;
19758
+ if (typeof name === 'string') {
19759
+ try {
19760
+ root.removeAttribute(name);
19761
+ } catch (_) {
19762
+ /* Clobbered removeAttribute — ignore (fail-closed best effort) */
19763
+ }
19764
+ }
19765
+ }
19513
19766
  }
19514
19767
  };
19515
19768
  /**
@@ -19544,6 +19797,72 @@
19544
19797
  }
19545
19798
  }
19546
19799
  };
19800
+ /**
19801
+ * _stripDisallowedAttributes
19802
+ *
19803
+ * Removes every attribute the active configuration does not allow from a
19804
+ * single element, using the same allowlist as the main attribute pass (so
19805
+ * `on*` handlers go, but no `/^on/` blocklist is introduced). Used only to
19806
+ * neutralise nodes that are being discarded from an in-place tree.
19807
+ *
19808
+ * @param element the element to strip
19809
+ */
19810
+ const _stripDisallowedAttributes = function _stripDisallowedAttributes(element) {
19811
+ const attributes = getAttributes(element);
19812
+ if (!attributes) {
19813
+ return;
19814
+ }
19815
+ for (let i = attributes.length - 1; i >= 0; --i) {
19816
+ const attribute = attributes[i];
19817
+ const name = attribute && attribute.name;
19818
+ if (typeof name !== 'string' || ALLOWED_ATTR[transformCaseFunc(name)]) {
19819
+ continue;
19820
+ }
19821
+ try {
19822
+ element.removeAttribute(name);
19823
+ } catch (_) {
19824
+ /* Clobbered removeAttribute on a doomed node — ignore */
19825
+ }
19826
+ }
19827
+ };
19828
+ /**
19829
+ * _neutralizeSubtree
19830
+ *
19831
+ * Completes the audit-5 F1 fix across every removal path. The KEEP_CONTENT
19832
+ * move-hoist neutralises only disallowed-tag removals; clobber, mXSS-canary,
19833
+ * namespace, comment, processing-instruction and KEEP_CONTENT:false removals
19834
+ * all drop their subtree wholesale via `_forceRemove`. On the IN_PLACE path
19835
+ * those dropped nodes are detached from the caller's LIVE tree but a
19836
+ * handler-bearing original among them (an `<img onerror>`/`<video>` that was
19837
+ * loading) keeps its queued resource event, which fires in page scope after
19838
+ * sanitize returns. This walks a removed subtree and strips every attribute
19839
+ * the active configuration does not allow — so `on*` handlers are cancelled
19840
+ * through the SAME allowlist that governs kept nodes, not a separate `/^on/`
19841
+ * blocklist. Run synchronously before sanitize returns, i.e. before any
19842
+ * queued event can fire. Hook-free by design: these nodes leave the output,
19843
+ * so firing attribute hooks for them would be surprising. Clobber-safe reads;
19844
+ * a doomed clobbered node may shadow `removeAttribute` (its own attributes are
19845
+ * irrelevant — it is discarded — while its non-clobbered descendants, e.g.
19846
+ * the `<img>`, are reached and scrubbed).
19847
+ *
19848
+ * @param root the root of a removed subtree to neutralise
19849
+ */
19850
+ const _neutralizeSubtree = function _neutralizeSubtree(root) {
19851
+ const stack = [root];
19852
+ while (stack.length > 0) {
19853
+ const node = stack.pop();
19854
+ const nodeType = getNodeType ? getNodeType(node) : node.nodeType;
19855
+ if (nodeType === NODE_TYPE.element) {
19856
+ _stripDisallowedAttributes(node);
19857
+ }
19858
+ const childNodes = getChildNodes(node);
19859
+ if (childNodes) {
19860
+ for (let i = childNodes.length - 1; i >= 0; --i) {
19861
+ stack.push(childNodes[i]);
19862
+ }
19863
+ }
19864
+ }
19865
+ };
19547
19866
  /**
19548
19867
  * _initDocument
19549
19868
  *
@@ -19565,7 +19884,7 @@
19565
19884
  // Root of XHTML doc must contain xmlns declaration (see https://www.w3.org/TR/xhtml1/normative.html#strict)
19566
19885
  dirty = '<html xmlns="http://www.w3.org/1999/xhtml"><head></head><body>' + dirty + '</body></html>';
19567
19886
  }
19568
- const dirtyPayload = trustedTypesPolicy ? trustedTypesPolicy.createHTML(dirty) : dirty;
19887
+ const dirtyPayload = trustedTypesPolicy ? _createTrustedHTML(dirty) : dirty;
19569
19888
  /*
19570
19889
  * Use the DOMParser API by default, fallback later if needs be
19571
19890
  * DOMParser not work for svg when has multiple root element.
@@ -19605,6 +19924,20 @@
19605
19924
  // eslint-disable-next-line no-bitwise
19606
19925
  NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT | NodeFilter.SHOW_PROCESSING_INSTRUCTION | NodeFilter.SHOW_CDATA_SECTION, null);
19607
19926
  };
19927
+ /**
19928
+ * Replace template expression syntax (mustache, ERB, template
19929
+ * literal) with a space; shared by all SAFE_FOR_TEMPLATES scrub
19930
+ * sites. Order matters: mustache, then ERB, then template literal.
19931
+ *
19932
+ * @param value the string to scrub
19933
+ * @returns the scrubbed string
19934
+ */
19935
+ const _stripTemplateExpressions = function _stripTemplateExpressions(value) {
19936
+ value = stringReplace(value, MUSTACHE_EXPR$1, ' ');
19937
+ value = stringReplace(value, ERB_EXPR$1, ' ');
19938
+ value = stringReplace(value, TMPLIT_EXPR$1, ' ');
19939
+ return value;
19940
+ };
19608
19941
  /**
19609
19942
  * Strip template-engine expressions ({{...}}, ${...}, <%...%>) from the
19610
19943
  * character data of an element subtree. Used as the final safety net for
@@ -19624,29 +19957,100 @@
19624
19957
  *
19625
19958
  * @param node The root element whose character data should be scrubbed.
19626
19959
  */
19627
- const _scrubTemplateExpressions = function _scrubTemplateExpressions(node) {
19960
+ const _scrubTemplateExpressions2 = function _scrubTemplateExpressions(node) {
19961
+ var _node$querySelectorAl;
19628
19962
  node.normalize();
19629
19963
  const walker = createNodeIterator.call(node.ownerDocument || node, node,
19630
19964
  // eslint-disable-next-line no-bitwise
19631
19965
  NodeFilter.SHOW_TEXT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_CDATA_SECTION | NodeFilter.SHOW_PROCESSING_INSTRUCTION, null);
19632
19966
  let currentNode = walker.nextNode();
19633
19967
  while (currentNode) {
19634
- let data = currentNode.data;
19635
- arrayForEach([MUSTACHE_EXPR$1, ERB_EXPR$1, TMPLIT_EXPR$1], expr => {
19636
- data = stringReplace(data, expr, ' ');
19637
- });
19638
- currentNode.data = data;
19968
+ currentNode.data = _stripTemplateExpressions(currentNode.data);
19639
19969
  currentNode = walker.nextNode();
19640
19970
  }
19971
+ // NodeIterator does not descend into <template>.content per the DOM spec,
19972
+ // so we must explicitly recurse into each template's content fragment,
19973
+ // mirroring the approach used by _sanitizeShadowDOM.
19974
+ const templates = (_node$querySelectorAl = node.querySelectorAll) === null || _node$querySelectorAl === void 0 ? void 0 : _node$querySelectorAl.call(node, 'template');
19975
+ if (templates) {
19976
+ arrayForEach(templates, tmpl => {
19977
+ if (_isDocumentFragment(tmpl.content)) {
19978
+ _scrubTemplateExpressions2(tmpl.content);
19979
+ }
19980
+ });
19981
+ }
19641
19982
  };
19642
19983
  /**
19643
19984
  * _isClobbered
19644
19985
  *
19986
+ * Detect DOM-clobbering on HTMLFormElement nodes. Form is the only HTML
19987
+ * interface with [LegacyOverrideBuiltIns]; a descendant element with a
19988
+ * `name` attribute matching a prototype property shadows that property
19989
+ * on direct reads. We use this check at the IN_PLACE entry-point and
19990
+ * during attribute sanitization to refuse clobbered forms.
19991
+ *
19645
19992
  * @param element element to check for clobbering attacks
19646
19993
  * @return true if clobbered, false if safe
19647
19994
  */
19648
19995
  const _isClobbered = function _isClobbered(element) {
19649
- return element instanceof HTMLFormElement && (typeof element.nodeName !== 'string' || typeof element.textContent !== 'string' || typeof element.removeChild !== 'function' || !(element.attributes instanceof NamedNodeMap) || typeof element.removeAttribute !== 'function' || typeof element.setAttribute !== 'function' || typeof element.namespaceURI !== 'string' || typeof element.insertBefore !== 'function' || typeof element.hasChildNodes !== 'function');
19996
+ // Realm-independent tag-name probe. If we can't determine the tag
19997
+ // name at all, we can't reason about clobbering — return false
19998
+ // (the caller's other defences still apply).
19999
+ const realTagName = getNodeName ? getNodeName(element) : null;
20000
+ if (typeof realTagName !== 'string') {
20001
+ return false;
20002
+ }
20003
+ if (transformCaseFunc(realTagName) !== 'form') {
20004
+ return false;
20005
+ }
20006
+ return typeof element.nodeName !== 'string' || typeof element.textContent !== 'string' || typeof element.removeChild !== 'function' ||
20007
+ // Realm-safe NamedNodeMap detection: equality against the cached
20008
+ // prototype getter. Clobbered .attributes (e.g. <input name="attributes">)
20009
+ // makes the direct read diverge from the cached read; a clean form
20010
+ // (same-realm OR foreign-realm) has both reads pointing at the same
20011
+ // canonical NamedNodeMap.
20012
+ element.attributes !== getAttributes(element) || typeof element.removeAttribute !== 'function' || typeof element.setAttribute !== 'function' || typeof element.namespaceURI !== 'string' || typeof element.insertBefore !== 'function' || typeof element.hasChildNodes !== 'function' ||
20013
+ // NodeType clobbering probe. Cached Node.prototype.nodeType getter
20014
+ // returns the integer 1 for any Element regardless of realm; direct
20015
+ // read on a clobbered form (e.g. <input name="nodeType">) returns
20016
+ // the named child element. Cheap addition — nodeType is read from
20017
+ // an internal slot, no serialization cost — and removes a residual
20018
+ // clobbering surface used by several mXSS / PI / comment branches
20019
+ // in _sanitizeElements that compare currentNode.nodeType directly.
20020
+ element.nodeType !== getNodeType(element) ||
20021
+ // HTMLFormElement has [LegacyOverrideBuiltIns]: a descendant named
20022
+ // "childNodes" shadows the prototype getter. Direct reads of
20023
+ // form.childNodes from a clobbered form return the named child
20024
+ // instead of the real NodeList, so any walk that reads it directly
20025
+ // skips the form's real children. Compare the direct read to the
20026
+ // cached Node.prototype getter — when the form's named-property
20027
+ // getter intercepts the read, the two values differ and we flag
20028
+ // the form. This catches every clobbering child type (input,
20029
+ // select, etc.) regardless of whether the named child happens to
20030
+ // carry a numeric .length, which a typeof-based probe would miss
20031
+ // (e.g. HTMLSelectElement.length is a defined unsigned-long).
20032
+ element.childNodes !== getChildNodes(element);
20033
+ };
20034
+ /**
20035
+ * Checks whether the given value is a DocumentFragment from any realm.
20036
+ *
20037
+ * The realm-independent replacement reads `nodeType` through the cached
20038
+ * Node.prototype getter and compares to the DOCUMENT_FRAGMENT_NODE
20039
+ * constant (11). nodeType is a numeric value resolved from the node's
20040
+ * internal slot, identical across realms for the same kind of node.
20041
+ *
20042
+ * @param value object to check
20043
+ * @return true if value is a DocumentFragment-shaped node from any realm
20044
+ */
20045
+ const _isDocumentFragment = function _isDocumentFragment(value) {
20046
+ if (!getNodeType || typeof value !== 'object' || value === null) {
20047
+ return false;
20048
+ }
20049
+ try {
20050
+ return getNodeType(value) === NODE_TYPE.documentFragment;
20051
+ } catch (_) {
20052
+ return false;
20053
+ }
19650
20054
  };
19651
20055
  /**
19652
20056
  * Checks whether the given object is a DOM node, including nodes that
@@ -19656,12 +20060,6 @@
19656
20060
  * sanitize() to silently stringify them and reset IN_PLACE to false,
19657
20061
  * returning the original node unsanitized. See GHSA-4w3q-35jp-p934.
19658
20062
  *
19659
- * Implementation: call the cached `nodeType` getter from Node.prototype
19660
- * directly on the value. This bypasses any clobbered instance property
19661
- * (e.g. a child element named "nodeType") and works across realms
19662
- * because the WebIDL `nodeType` getter reads an internal slot that
19663
- * every real Node has, regardless of which window minted it.
19664
- *
19665
20063
  * @param value object to check whether it's a DOM node
19666
20064
  * @return true if value is a DOM node from any realm
19667
20065
  */
@@ -19676,10 +20074,104 @@
19676
20074
  }
19677
20075
  };
19678
20076
  function _executeHooks(hooks, currentNode, data) {
20077
+ if (hooks.length === 0) {
20078
+ return;
20079
+ }
19679
20080
  arrayForEach(hooks, hook => {
19680
20081
  hook.call(DOMPurify, currentNode, data, CONFIG);
19681
20082
  });
19682
20083
  }
20084
+ /**
20085
+ * Structural-threat checks that condemn a node regardless of the
20086
+ * allowlists: mXSS via namespace confusion, risky CSS construction,
20087
+ * processing instructions, markup-bearing comments. Pure predicate;
20088
+ * the caller removes. Check order is load-bearing.
20089
+ *
20090
+ * @param currentNode the node to inspect
20091
+ * @param tagName the node's transformCaseFunc'd tag name
20092
+ * @return true if the node must be removed
20093
+ */
20094
+ const _isUnsafeNode = function _isUnsafeNode(currentNode, tagName) {
20095
+ /* Detect mXSS attempts abusing namespace confusion */
20096
+ if (SAFE_FOR_XML && currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(ELEMENT_MARKUP_PROBE, currentNode.textContent) && regExpTest(ELEMENT_MARKUP_PROBE, currentNode.innerHTML)) {
20097
+ return true;
20098
+ }
20099
+ /* Remove risky CSS construction leading to mXSS */
20100
+ if (SAFE_FOR_XML && currentNode.namespaceURI === HTML_NAMESPACE && tagName === 'style' && _isNode(currentNode.firstElementChild)) {
20101
+ return true;
20102
+ }
20103
+ /* Remove any occurrence of processing instructions */
20104
+ if (currentNode.nodeType === NODE_TYPE.processingInstruction) {
20105
+ return true;
20106
+ }
20107
+ /* Remove any kind of possibly harmful comments */
20108
+ if (SAFE_FOR_XML && currentNode.nodeType === NODE_TYPE.comment && regExpTest(COMMENT_MARKUP_PROBE, currentNode.data)) {
20109
+ return true;
20110
+ }
20111
+ return false;
20112
+ };
20113
+ /**
20114
+ * Handle a node whose tag is forbidden or not allowlisted: keep
20115
+ * allowed custom elements (false return exits _sanitizeElements
20116
+ * early - namespace/fallback checks and the afterSanitizeElements
20117
+ * hook are intentionally skipped for kept custom elements), else
20118
+ * hoist content per KEEP_CONTENT and remove.
20119
+ *
20120
+ * @param currentNode the disallowed node
20121
+ * @param tagName the node's transformCaseFunc'd tag name
20122
+ * @return true if the node was removed, false if kept
20123
+ */
20124
+ const _sanitizeDisallowedNode = function _sanitizeDisallowedNode(currentNode, tagName) {
20125
+ /* Check if we have a custom element to handle */
20126
+ if (!FORBID_TAGS[tagName] && _isBasicCustomElement(tagName)) {
20127
+ if (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, tagName)) {
20128
+ return false;
20129
+ }
20130
+ if (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.tagNameCheck(tagName)) {
20131
+ return false;
20132
+ }
20133
+ }
20134
+ /* Keep content except for bad-listed elements.
20135
+ Use the cached prototype getters exclusively — the previous code
20136
+ had `|| currentNode.parentNode` / `|| currentNode.childNodes`
20137
+ fallbacks, but the cached getters always return the canonical
20138
+ value (or null for a real parent-less node), so the fallback
20139
+ path was dead in safe cases and a clobbering surface in unsafe
20140
+ ones. Falsy cached results stay falsy; the `if (childNodes &&
20141
+ parentNode)` check already gates correctly. */
20142
+ if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) {
20143
+ const parentNode = getParentNode(currentNode);
20144
+ const childNodes = getChildNodes(currentNode);
20145
+ if (childNodes && parentNode) {
20146
+ const childCount = childNodes.length;
20147
+ /* In-place: hoist the *original* children so the iterator visits
20148
+ and sanitises them through the same allowlist pass as every other
20149
+ node. The caller built the tree in the live document, so the
20150
+ originals carry already-queued resource events (`<img onerror>`,
20151
+ `<video>`/`<audio>` error, lazy/`onload`, …); cloning would leave
20152
+ those originals detached but still armed, firing in page scope
20153
+ while the returned tree looked clean. Moving is safe in-place: the
20154
+ root is pre-validated as an allowed tag and so is never the node
20155
+ being removed, which keeps `parentNode` inside the iterator root
20156
+ and the relocated child inside the serialised tree.
20157
+ Otherwise (string / DOM-copy paths): clone. The iterator is rooted
20158
+ at — and the result serialised from — `body`, so a restrictive
20159
+ ALLOWED_TAGS that removes `body` itself must leave its content in
20160
+ place, which only cloning does; and those paths parse into an
20161
+ inert document, so their discarded originals never had a queued
20162
+ event to neutralise.
20163
+ `childNodes` is live; a tail-to-head walk keeps `childNodes[i]`
20164
+ valid whether we move (drops the trailing entry) or clone (leaves
20165
+ the list intact). */
20166
+ for (let i = childCount - 1; i >= 0; --i) {
20167
+ const hoisted = IN_PLACE ? childNodes[i] : cloneNode(childNodes[i], true);
20168
+ parentNode.insertBefore(hoisted, getNextSibling(currentNode));
20169
+ }
20170
+ }
20171
+ }
20172
+ _forceRemove(currentNode);
20173
+ return true;
20174
+ };
19683
20175
  /**
19684
20176
  * _sanitizeElements
19685
20177
  *
@@ -19690,7 +20182,6 @@
19690
20182
  * @return true if node was killed, false if left alive
19691
20183
  */
19692
20184
  const _sanitizeElements = function _sanitizeElements(currentNode) {
19693
- let content = null;
19694
20185
  /* Execute a hook if present */
19695
20186
  _executeHooks(hooks.beforeSanitizeElements, currentNode, null);
19696
20187
  /* Check if element is clobbered or can clobber */
@@ -19699,75 +20190,41 @@
19699
20190
  return true;
19700
20191
  }
19701
20192
  /* Now let's check the element's type and name */
19702
- const tagName = transformCaseFunc(currentNode.nodeName);
20193
+ const tagName = transformCaseFunc(getNodeName ? getNodeName(currentNode) : currentNode.nodeName);
19703
20194
  /* Execute a hook if present */
19704
20195
  _executeHooks(hooks.uponSanitizeElement, currentNode, {
19705
20196
  tagName,
19706
20197
  allowedTags: ALLOWED_TAGS
19707
20198
  });
19708
- /* Detect mXSS attempts abusing namespace confusion */
19709
- if (SAFE_FOR_XML && currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w!]/g, currentNode.innerHTML) && regExpTest(/<[/\w!]/g, currentNode.textContent)) {
19710
- _forceRemove(currentNode);
19711
- return true;
19712
- }
19713
- /* Remove risky CSS construction leading to mXSS */
19714
- if (SAFE_FOR_XML && currentNode.namespaceURI === HTML_NAMESPACE && tagName === 'style' && _isNode(currentNode.firstElementChild)) {
19715
- _forceRemove(currentNode);
19716
- return true;
19717
- }
19718
- /* Remove any occurrence of processing instructions */
19719
- if (currentNode.nodeType === NODE_TYPE.progressingInstruction) {
19720
- _forceRemove(currentNode);
19721
- return true;
19722
- }
19723
- /* Remove any kind of possibly harmful comments */
19724
- if (SAFE_FOR_XML && currentNode.nodeType === NODE_TYPE.comment && regExpTest(/<[/\w]/g, currentNode.data)) {
20199
+ /* Remove mXSS vectors, processing instructions and risky comments */
20200
+ if (_isUnsafeNode(currentNode, tagName)) {
19725
20201
  _forceRemove(currentNode);
19726
20202
  return true;
19727
20203
  }
19728
20204
  /* Remove element if anything forbids its presence */
19729
20205
  if (FORBID_TAGS[tagName] || !(EXTRA_ELEMENT_HANDLING.tagCheck instanceof Function && EXTRA_ELEMENT_HANDLING.tagCheck(tagName)) && !ALLOWED_TAGS[tagName]) {
19730
- /* Check if we have a custom element to handle */
19731
- if (!FORBID_TAGS[tagName] && _isBasicCustomElement(tagName)) {
19732
- if (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, tagName)) {
19733
- return false;
19734
- }
19735
- if (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.tagNameCheck(tagName)) {
19736
- return false;
19737
- }
19738
- }
19739
- /* Keep content except for bad-listed elements */
19740
- if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) {
19741
- const parentNode = getParentNode(currentNode) || currentNode.parentNode;
19742
- const childNodes = getChildNodes(currentNode) || currentNode.childNodes;
19743
- if (childNodes && parentNode) {
19744
- const childCount = childNodes.length;
19745
- for (let i = childCount - 1; i >= 0; --i) {
19746
- const childClone = cloneNode(childNodes[i], true);
19747
- parentNode.insertBefore(childClone, getNextSibling(currentNode));
19748
- }
19749
- }
19750
- }
19751
- _forceRemove(currentNode);
19752
- return true;
19753
- }
19754
- /* Check whether element has a valid namespace */
19755
- if (currentNode instanceof Element && !_checkValidNamespace(currentNode)) {
20206
+ return _sanitizeDisallowedNode(currentNode, tagName);
20207
+ }
20208
+ /* Check whether element has a valid namespace.
20209
+ Realm-safe check (GHSA-hpcv-96wg-7vj8): use the cached Node.prototype
20210
+ nodeType getter rather than `instanceof Element`, which is realm-
20211
+ bound and short-circuits to false for any node minted in a different
20212
+ realm — letting a foreign-realm element with a forbidden namespace
20213
+ slip past the namespace check entirely. */
20214
+ const nt = getNodeType ? getNodeType(currentNode) : currentNode.nodeType;
20215
+ if (nt === NODE_TYPE.element && !_checkValidNamespace(currentNode)) {
19756
20216
  _forceRemove(currentNode);
19757
20217
  return true;
19758
20218
  }
19759
20219
  /* Make sure that older browsers don't get fallback-tag mXSS */
19760
- if ((tagName === 'noscript' || tagName === 'noembed' || tagName === 'noframes') && regExpTest(/<\/no(script|embed|frames)/i, currentNode.innerHTML)) {
20220
+ if ((tagName === 'noscript' || tagName === 'noembed' || tagName === 'noframes') && regExpTest(FALLBACK_TAG_CLOSE, currentNode.innerHTML)) {
19761
20221
  _forceRemove(currentNode);
19762
20222
  return true;
19763
20223
  }
19764
20224
  /* Sanitize element content to be template-safe */
19765
20225
  if (SAFE_FOR_TEMPLATES && currentNode.nodeType === NODE_TYPE.text) {
19766
20226
  /* Get the element's text content */
19767
- content = currentNode.textContent;
19768
- arrayForEach([MUSTACHE_EXPR$1, ERB_EXPR$1, TMPLIT_EXPR$1], expr => {
19769
- content = stringReplace(content, expr, ' ');
19770
- });
20227
+ const content = _stripTemplateExpressions(currentNode.textContent);
19771
20228
  if (currentNode.textContent !== content) {
19772
20229
  arrayPush(DOMPurify.removed, {
19773
20230
  element: currentNode.cloneNode()
@@ -19802,7 +20259,7 @@
19802
20259
  (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)
19803
20260
  XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804)
19804
20261
  We don't need to check the value; it's always URI safe. */
19805
- if (ALLOW_DATA_ATTR && !FORBID_ATTR[lcName] && regExpTest(DATA_ATTR$1, lcName)) ; else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR$1, lcName)) ; else if (!nameIsPermitted || FORBID_ATTR[lcName]) {
20262
+ if (ALLOW_DATA_ATTR && regExpTest(DATA_ATTR$1, lcName)) ; else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR$1, lcName)) ; else if (!nameIsPermitted) {
19806
20263
  if (
19807
20264
  // First condition does a very basic check if a) it's basically a valid custom element tagname AND
19808
20265
  // b) if the tagName passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck
@@ -19834,6 +20291,63 @@
19834
20291
  const _isBasicCustomElement = function _isBasicCustomElement(tagName) {
19835
20292
  return !RESERVED_CUSTOM_ELEMENT_NAMES[stringToLowerCase(tagName)] && regExpTest(CUSTOM_ELEMENT$1, tagName);
19836
20293
  };
20294
+ /**
20295
+ * Wrap an attribute value in the matching Trusted Types object when
20296
+ * the active policy requires it. Namespaced attributes pass through
20297
+ * unchanged (no TT support yet, see
20298
+ * https://bugs.chromium.org/p/chromium/issues/detail?id=1305293).
20299
+ *
20300
+ * @param lcTag lowercase tag name of the containing element
20301
+ * @param lcName lowercase attribute name
20302
+ * @param namespaceURI the attribute's namespace, if any
20303
+ * @param value the attribute value to wrap
20304
+ * @return the value, wrapped when Trusted Types demand it
20305
+ */
20306
+ const _applyTrustedTypesToAttribute = function _applyTrustedTypesToAttribute(lcTag, lcName, namespaceURI, value) {
20307
+ if (trustedTypesPolicy && typeof trustedTypes === 'object' && typeof trustedTypes.getAttributeType === 'function' && !namespaceURI) {
20308
+ switch (trustedTypes.getAttributeType(lcTag, lcName)) {
20309
+ case 'TrustedHTML':
20310
+ {
20311
+ return _createTrustedHTML(value);
20312
+ }
20313
+ case 'TrustedScriptURL':
20314
+ {
20315
+ return _createTrustedScriptURL(value);
20316
+ }
20317
+ }
20318
+ }
20319
+ return value;
20320
+ };
20321
+ /**
20322
+ * Write a modified attribute value back onto the element. On
20323
+ * success, re-probe for clobbering introduced by the new value and
20324
+ * remove the element when found; otherwise pop the removal entry
20325
+ * recorded by the earlier _removeAttribute (long-standing pairing
20326
+ * with the SANITIZE_NAMED_PROPS path - do not "fix" casually). On
20327
+ * failure, remove the attribute instead.
20328
+ *
20329
+ * @param currentNode the element carrying the attribute
20330
+ * @param name the attribute name as present on the element
20331
+ * @param namespaceURI the attribute's namespace, if any
20332
+ * @param value the new attribute value
20333
+ */
20334
+ const _setAttributeValue = function _setAttributeValue(currentNode, name, namespaceURI, value) {
20335
+ try {
20336
+ if (namespaceURI) {
20337
+ currentNode.setAttributeNS(namespaceURI, name, value);
20338
+ } else {
20339
+ /* Fallback to setAttribute() for browser-unrecognized namespaces e.g. "x-schema". */
20340
+ currentNode.setAttribute(name, value);
20341
+ }
20342
+ if (_isClobbered(currentNode)) {
20343
+ _forceRemove(currentNode);
20344
+ } else {
20345
+ arrayPop(DOMPurify.removed);
20346
+ }
20347
+ } catch (_) {
20348
+ _removeAttribute(name, currentNode);
20349
+ }
20350
+ };
19837
20351
  /**
19838
20352
  * _sanitizeAttributes
19839
20353
  *
@@ -19860,6 +20374,7 @@
19860
20374
  forceKeepAttr: undefined
19861
20375
  };
19862
20376
  let l = attributes.length;
20377
+ const lcTag = transformCaseFunc(currentNode.nodeName);
19863
20378
  /* Go backwards over all attributes; safely remove bad ones */
19864
20379
  while (l--) {
19865
20380
  const attr = attributes[l];
@@ -19897,7 +20412,7 @@
19897
20412
  _removeAttribute(name, currentNode);
19898
20413
  continue;
19899
20414
  }
19900
- /* Did the hooks approve of the attribute? */
20415
+ /* Did the hooks force-keep the attribute? */
19901
20416
  if (hookEvent.forceKeepAttr) {
19902
20417
  continue;
19903
20418
  }
@@ -19907,56 +20422,24 @@
19907
20422
  continue;
19908
20423
  }
19909
20424
  /* Work around a security issue in jQuery 3.0 */
19910
- if (!ALLOW_SELF_CLOSE_IN_ATTR && regExpTest(/\/>/i, value)) {
20425
+ if (!ALLOW_SELF_CLOSE_IN_ATTR && regExpTest(SELF_CLOSING_TAG, value)) {
19911
20426
  _removeAttribute(name, currentNode);
19912
20427
  continue;
19913
20428
  }
19914
20429
  /* Sanitize attribute content to be template-safe */
19915
20430
  if (SAFE_FOR_TEMPLATES) {
19916
- arrayForEach([MUSTACHE_EXPR$1, ERB_EXPR$1, TMPLIT_EXPR$1], expr => {
19917
- value = stringReplace(value, expr, ' ');
19918
- });
20431
+ value = _stripTemplateExpressions(value);
19919
20432
  }
19920
20433
  /* Is `value` valid for this attribute? */
19921
- const lcTag = transformCaseFunc(currentNode.nodeName);
19922
20434
  if (!_isValidAttribute(lcTag, lcName, value)) {
19923
20435
  _removeAttribute(name, currentNode);
19924
20436
  continue;
19925
20437
  }
19926
20438
  /* Handle attributes that require Trusted Types */
19927
- if (trustedTypesPolicy && typeof trustedTypes === 'object' && typeof trustedTypes.getAttributeType === 'function') {
19928
- if (namespaceURI) ; else {
19929
- switch (trustedTypes.getAttributeType(lcTag, lcName)) {
19930
- case 'TrustedHTML':
19931
- {
19932
- value = trustedTypesPolicy.createHTML(value);
19933
- break;
19934
- }
19935
- case 'TrustedScriptURL':
19936
- {
19937
- value = trustedTypesPolicy.createScriptURL(value);
19938
- break;
19939
- }
19940
- }
19941
- }
19942
- }
20439
+ value = _applyTrustedTypesToAttribute(lcTag, lcName, namespaceURI, value);
19943
20440
  /* Handle invalid data-* attribute set by try-catching it */
19944
20441
  if (value !== initValue) {
19945
- try {
19946
- if (namespaceURI) {
19947
- currentNode.setAttributeNS(namespaceURI, name, value);
19948
- } else {
19949
- /* Fallback to setAttribute() for browser-unrecognized namespaces e.g. "x-schema". */
19950
- currentNode.setAttribute(name, value);
19951
- }
19952
- if (_isClobbered(currentNode)) {
19953
- _forceRemove(currentNode);
19954
- } else {
19955
- arrayPop(DOMPurify.removed);
19956
- }
19957
- } catch (_) {
19958
- _removeAttribute(name, currentNode);
19959
- }
20442
+ _setAttributeValue(currentNode, name, namespaceURI, value);
19960
20443
  }
19961
20444
  }
19962
20445
  /* Execute a hook if present */
@@ -19979,10 +20462,31 @@
19979
20462
  _sanitizeElements(shadowNode);
19980
20463
  /* Check attributes next */
19981
20464
  _sanitizeAttributes(shadowNode);
19982
- /* Deep shadow DOM detected */
19983
- if (shadowNode.content instanceof DocumentFragment) {
20465
+ /* Deep shadow DOM detected.
20466
+ Realm-safe check (GHSA-hpcv-96wg-7vj8): use nodeType against the
20467
+ DOCUMENT_FRAGMENT_NODE constant rather than instanceof, so we
20468
+ recurse into <template>.content from foreign realms too. */
20469
+ if (_isDocumentFragment(shadowNode.content)) {
19984
20470
  _sanitizeShadowDOM2(shadowNode.content);
19985
20471
  }
20472
+ /* An element iterated here may itself host an attached
20473
+ shadow root. The default NodeIterator does not enter shadow
20474
+ trees, so a shadow root nested inside template.content was
20475
+ previously reached by no walk at all (the pre-pass at
20476
+ _sanitizeAttachedShadowRoots descends via childNodes, which
20477
+ doesn't enter template.content; the template-content recursion
20478
+ above iterates the content but never inspected shadowRoot).
20479
+ Walk it explicitly. The nodeType guard avoids reading
20480
+ shadowRoot off text / comment / CDATA / PI nodes that the
20481
+ iterator also surfaces. */
20482
+ const shadowNodeType = getNodeType ? getNodeType(shadowNode) : shadowNode.nodeType;
20483
+ if (shadowNodeType === NODE_TYPE.element) {
20484
+ const innerSr = getShadowRoot(shadowNode);
20485
+ if (_isDocumentFragment(innerSr)) {
20486
+ _sanitizeAttachedShadowRoots(innerSr);
20487
+ _sanitizeShadowDOM2(innerSr);
20488
+ }
20489
+ }
19986
20490
  }
19987
20491
  /* Execute a hook if present */
19988
20492
  _executeHooks(hooks.afterSanitizeShadowDOM, fragment, null);
@@ -20006,28 +20510,83 @@
20006
20510
  *
20007
20511
  * @param root the subtree root to walk for attached shadow roots
20008
20512
  */
20009
- const _sanitizeAttachedShadowRoots2 = function _sanitizeAttachedShadowRoots(root) {
20010
- if (root.nodeType === NODE_TYPE.element && root.shadowRoot instanceof DocumentFragment) {
20011
- const sr = root.shadowRoot;
20012
- // Recurse first so that nested shadow roots are reached even if
20013
- // _sanitizeShadowDOM removes hosts at this level.
20014
- _sanitizeAttachedShadowRoots2(sr);
20015
- _sanitizeShadowDOM2(sr);
20016
- }
20017
- // Snapshot children before recursing. Sanitization of one subtree
20018
- // (e.g. via an uponSanitizeShadowNode hook) may detach siblings,
20019
- // and naive nextSibling traversal would silently skip the rest of
20020
- // the list once a node is detached.
20021
- const childNodes = root.childNodes;
20022
- if (!childNodes) {
20023
- return;
20024
- }
20025
- const snapshot = [];
20026
- arrayForEach(childNodes, child => {
20027
- arrayPush(snapshot, child);
20028
- });
20029
- for (const child of snapshot) {
20030
- _sanitizeAttachedShadowRoots2(child);
20513
+ const _sanitizeAttachedShadowRoots = function _sanitizeAttachedShadowRoots(root) {
20514
+ /* Iterative (explicit stack) rather than per-child recursion. DOM APIs
20515
+ impose no depth cap, so an attacker-shaped tree (JSON/CRDT/editor data
20516
+ built straight into the DOM the IN_PLACE surface) deeper than the JS
20517
+ call-stack budget would otherwise overflow native recursion here and
20518
+ throw at the IN_PLACE entry pre-pass, before a single node is
20519
+ sanitized, leaving the caller's live tree untouched (fail-open). See
20520
+ campaign-3 F4. A heap stack keeps depth off the call stack.
20521
+ Each work item is either a node to descend into, or a deferred
20522
+ `_sanitizeShadowDOM` for an already-walked shadow root. The deferred
20523
+ form preserves the original post-order discipline: a shadow root's
20524
+ nested shadow roots are discovered before the outer shadow is
20525
+ sanitized (which may remove hosts). Pushes are in reverse of the
20526
+ desired processing order (LIFO): template content, then children, then
20527
+ the shadow-sanitize, then the shadow walk — so the order matches the
20528
+ previous recursion exactly. */
20529
+ const stack = [{
20530
+ node: root,
20531
+ shadow: null
20532
+ }];
20533
+ while (stack.length > 0) {
20534
+ const item = stack.pop();
20535
+ /* Deferred shadow-DOM sanitisation: runs after its subtree was walked. */
20536
+ if (item.shadow) {
20537
+ _sanitizeShadowDOM2(item.shadow);
20538
+ continue;
20539
+ }
20540
+ const node = item.node;
20541
+ const nodeType = getNodeType ? getNodeType(node) : node.nodeType;
20542
+ const isElement = nodeType === NODE_TYPE.element;
20543
+ /* (pushed last → processed first) Children, snapshotted in reverse so
20544
+ the first child is processed first. Snapshotting matters because a
20545
+ hook may detach siblings mid-walk. */
20546
+ const childNodes = getChildNodes(node);
20547
+ if (childNodes) {
20548
+ for (let i = childNodes.length - 1; i >= 0; --i) {
20549
+ stack.push({
20550
+ node: childNodes[i],
20551
+ shadow: null
20552
+ });
20553
+ }
20554
+ }
20555
+ /* (pushed before children → processed after them, matching the old
20556
+ "template content last" order) When the node is a <template>,
20557
+ descend into its content. */
20558
+ if (isElement) {
20559
+ const rootName = getNodeName ? getNodeName(node) : null;
20560
+ if (typeof rootName === 'string' && transformCaseFunc(rootName) === 'template') {
20561
+ const content = node.content;
20562
+ if (_isDocumentFragment(content)) {
20563
+ stack.push({
20564
+ node: content,
20565
+ shadow: null
20566
+ });
20567
+ }
20568
+ }
20569
+ }
20570
+ /* Shadow root (processed first): walk its subtree, then sanitise it.
20571
+ Realm-safe check (GHSA-hpcv-96wg-7vj8): nodeType-based detection
20572
+ rather than `instanceof DocumentFragment`, which is realm-bound and
20573
+ silently skipped foreign-realm shadow roots (e.g.
20574
+ iframe.contentDocument attachShadow). */
20575
+ if (isElement) {
20576
+ const sr = getShadowRoot(node);
20577
+ if (_isDocumentFragment(sr)) {
20578
+ /* Push the deferred sanitise first so it pops after the shadow
20579
+ walk we push next, i.e. nested shadow roots are discovered
20580
+ before this one is sanitised. */
20581
+ stack.push({
20582
+ node: null,
20583
+ shadow: sr
20584
+ }, {
20585
+ node: sr,
20586
+ shadow: null
20587
+ });
20588
+ }
20589
+ }
20031
20590
  }
20032
20591
  };
20033
20592
  // eslint-disable-next-line complexity
@@ -20056,27 +20615,77 @@
20056
20615
  return dirty;
20057
20616
  }
20058
20617
  /* Assign config vars */
20059
- if (!SET_CONFIG) {
20618
+ if (SET_CONFIG) {
20619
+ /* Persistent setConfig() path: _parseConfig is skipped, so the sets are
20620
+ * not re-derived per call. Restore them from the pristine bindings
20621
+ * captured at setConfig() time so a previous call's hook clone (mutated
20622
+ * below) does not carry over. */
20623
+ ALLOWED_TAGS = SET_CONFIG_ALLOWED_TAGS;
20624
+ ALLOWED_ATTR = SET_CONFIG_ALLOWED_ATTR;
20625
+ } else {
20060
20626
  _parseConfig(cfg);
20061
20627
  }
20628
+ /* Clone the hook-mutable allowlists before the walk whenever an
20629
+ * uponSanitize* hook is registered. The hook event exposes ALLOWED_TAGS
20630
+ * and ALLOWED_ATTR by reference (as allowedTags / allowedAttributes), so
20631
+ * a hook that widens them would otherwise mutate the shared set
20632
+ * permanently: across later calls and across every element. Cloning per
20633
+ * walk keeps documented in-call widening working while scoping it to the
20634
+ * call. A single guard for both config paths - the per-call path rebinds
20635
+ * the sets in _parseConfig each call, the persistent path restores them
20636
+ * from the captured bindings just above - so the two cannot diverge. */
20637
+ if (hooks.uponSanitizeElement.length > 0 || hooks.uponSanitizeAttribute.length > 0) {
20638
+ ALLOWED_TAGS = clone(ALLOWED_TAGS);
20639
+ }
20640
+ if (hooks.uponSanitizeAttribute.length > 0) {
20641
+ ALLOWED_ATTR = clone(ALLOWED_ATTR);
20642
+ }
20062
20643
  /* Clean up removed elements */
20063
20644
  DOMPurify.removed = [];
20064
- /* Check if dirty is correctly typed for IN_PLACE */
20065
- if (typeof dirty === 'string') {
20066
- IN_PLACE = false;
20067
- }
20068
- if (IN_PLACE) {
20069
- /* Do some early pre-sanitization to avoid unsafe root nodes */
20070
- const nn = dirty.nodeName;
20645
+ /* Resolve IN_PLACE for this call without mutating persistent config.
20646
+ Writing the IN_PLACE closure variable here leaks under setConfig(),
20647
+ where _parseConfig is skipped on later calls: a single string call would
20648
+ disable in-place mode for every subsequent node call, returning a
20649
+ sanitized copy while leaving the caller's node — which in-place callers
20650
+ keep using and whose return value they ignore unsanitized. REPORT-2. */
20651
+ const inPlace = IN_PLACE && typeof dirty !== 'string' && _isNode(dirty);
20652
+ if (inPlace) {
20653
+ /* Do some early pre-sanitization to avoid unsafe root nodes.
20654
+ Read nodeName through the cached prototype getter — a clobbering
20655
+ child named "nodeName" on the form root would otherwise shadow
20656
+ the property and let this check skip the root-allowlist
20657
+ validation entirely. */
20658
+ const nn = getNodeName ? getNodeName(dirty) : dirty.nodeName;
20071
20659
  if (typeof nn === 'string') {
20072
20660
  const tagName = transformCaseFunc(nn);
20073
20661
  if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {
20074
20662
  throw typeErrorCreate('root node is forbidden and cannot be sanitized in-place');
20075
20663
  }
20076
20664
  }
20665
+ /* Pre-flight the root through _isClobbered. The iterator-driven
20666
+ removal path can not detach a parent-less root: _forceRemove
20667
+ falls through to Element.prototype.remove(), which per spec
20668
+ is a no-op on a node with no parent. A clobbered root would
20669
+ then survive the main loop with its attributes uninspected,
20670
+ because _sanitizeAttributes early-returns on _isClobbered. The
20671
+ result would be an attacker-controlled form, complete with any
20672
+ event-handler attributes the caller passed in, handed back to
20673
+ the application unsanitized. Refuse to sanitize such a root
20674
+ the same way we refuse a forbidden tag. GHSA-r47g-fvhr-h676. */
20675
+ if (_isClobbered(dirty)) {
20676
+ throw typeErrorCreate('root node is clobbered and cannot be sanitized in-place');
20677
+ }
20077
20678
  /* Sanitize attached shadow roots before the main iterator runs.
20078
- The iterator does not descend into shadow trees. */
20079
- _sanitizeAttachedShadowRoots2(dirty);
20679
+ The iterator does not descend into shadow trees. Same fail-closed
20680
+ barrier as the main walk (campaign-3 F2): a custom-element reaction
20681
+ inside a shadow root could abort this pre-pass before the walk runs,
20682
+ which would otherwise leave the entire live tree unsanitized. */
20683
+ try {
20684
+ _sanitizeAttachedShadowRoots(dirty);
20685
+ } catch (error) {
20686
+ _neutralizeRoot(dirty);
20687
+ throw error;
20688
+ }
20080
20689
  } else if (_isNode(dirty)) {
20081
20690
  /* If dirty is a DOM element, append to an empty document to avoid
20082
20691
  elements being stripped by the parser */
@@ -20093,14 +20702,16 @@
20093
20702
  }
20094
20703
  /* Clonable shadow roots are deep-cloned by importNode(); sanitize
20095
20704
  them before the main iterator runs, since the iterator does not
20096
- descend into shadow trees. */
20097
- _sanitizeAttachedShadowRoots2(importedNode);
20705
+ descend into shadow trees. The walk routes every read through a
20706
+ cached prototype getter so clobbering descendants on a form root
20707
+ cannot hide a shadow host from this pass. */
20708
+ _sanitizeAttachedShadowRoots(importedNode);
20098
20709
  } else {
20099
20710
  /* Exit directly if we have nothing to do */
20100
20711
  if (!RETURN_DOM && !SAFE_FOR_TEMPLATES && !WHOLE_DOCUMENT &&
20101
20712
  // eslint-disable-next-line unicorn/prefer-includes
20102
20713
  dirty.indexOf('<') === -1) {
20103
- return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(dirty) : dirty;
20714
+ return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? _createTrustedHTML(dirty) : dirty;
20104
20715
  }
20105
20716
  /* Initialize the document to work on */
20106
20717
  body = _initDocument(dirty);
@@ -20114,29 +20725,59 @@
20114
20725
  _forceRemove(body.firstChild);
20115
20726
  }
20116
20727
  /* Get node iterator */
20117
- const nodeIterator = _createNodeIterator(IN_PLACE ? dirty : body);
20118
- /* Now start iterating over the created document */
20119
- while (currentNode = nodeIterator.nextNode()) {
20120
- /* Sanitize tags and elements */
20121
- _sanitizeElements(currentNode);
20122
- /* Check attributes next */
20123
- _sanitizeAttributes(currentNode);
20124
- /* Shadow DOM detected, sanitize it */
20125
- if (currentNode.content instanceof DocumentFragment) {
20126
- _sanitizeShadowDOM2(currentNode.content);
20728
+ const nodeIterator = _createNodeIterator(inPlace ? dirty : body);
20729
+ /* Now start iterating over the created document.
20730
+ The walk runs inside an exception barrier (campaign-3 F2): a re-entrant
20731
+ engine/custom-element mutation can detach a node mid-walk so
20732
+ `_forceRemove`'s parentless guard throws, aborting the loop. Without the
20733
+ barrier the caller's in-place tree would be left half-sanitized with the
20734
+ unvisited tail still armed. On any throw we fail closed — strip the
20735
+ in-place root bare then rethrow so the existing throw contract is
20736
+ preserved. (String/DOM-copy paths never return the partial body, so the
20737
+ propagating throw is already fail-closed there.) */
20738
+ try {
20739
+ while (currentNode = nodeIterator.nextNode()) {
20740
+ /* Sanitize tags and elements */
20741
+ _sanitizeElements(currentNode);
20742
+ /* Check attributes next */
20743
+ _sanitizeAttributes(currentNode);
20744
+ /* Shadow DOM detected, sanitize it.
20745
+ Realm-safe check (GHSA-hpcv-96wg-7vj8): nodeType-based detection
20746
+ instead of instanceof, so foreign-realm <template>.content is
20747
+ walked correctly. */
20748
+ if (_isDocumentFragment(currentNode.content)) {
20749
+ _sanitizeShadowDOM2(currentNode.content);
20750
+ }
20127
20751
  }
20752
+ } catch (error) {
20753
+ if (inPlace) {
20754
+ _neutralizeRoot(dirty);
20755
+ }
20756
+ throw error;
20128
20757
  }
20129
20758
  /* If we sanitized `dirty` in-place, return it. */
20130
- if (IN_PLACE) {
20759
+ if (inPlace) {
20760
+ /* Fail-closed completion of the audit-5 F1 fix: every node removed from
20761
+ the caller's live tree is detached but may still hold a queued
20762
+ resource-event handler that fires in page scope after we return. The
20763
+ move-hoist covers only disallowed-tag KEEP_CONTENT removals; strip the
20764
+ non-allow-listed attributes off every other removed subtree (clobber,
20765
+ mXSS, namespace, comments, KEEP_CONTENT:false, …) so those handlers are
20766
+ cancelled before any event can fire. Runs synchronously, pre-return. */
20767
+ arrayForEach(DOMPurify.removed, entry => {
20768
+ if (entry.element) {
20769
+ _neutralizeSubtree(entry.element);
20770
+ }
20771
+ });
20131
20772
  if (SAFE_FOR_TEMPLATES) {
20132
- _scrubTemplateExpressions(dirty);
20773
+ _scrubTemplateExpressions2(dirty);
20133
20774
  }
20134
20775
  return dirty;
20135
20776
  }
20136
20777
  /* Return sanitized string or DOM */
20137
20778
  if (RETURN_DOM) {
20138
20779
  if (SAFE_FOR_TEMPLATES) {
20139
- _scrubTemplateExpressions(body);
20780
+ _scrubTemplateExpressions2(body);
20140
20781
  }
20141
20782
  if (RETURN_DOM_FRAGMENT) {
20142
20783
  returnNode = createDocumentFragment.call(body.ownerDocument);
@@ -20166,20 +20807,28 @@
20166
20807
  }
20167
20808
  /* Sanitize final string template-safe */
20168
20809
  if (SAFE_FOR_TEMPLATES) {
20169
- arrayForEach([MUSTACHE_EXPR$1, ERB_EXPR$1, TMPLIT_EXPR$1], expr => {
20170
- serializedHTML = stringReplace(serializedHTML, expr, ' ');
20171
- });
20810
+ serializedHTML = _stripTemplateExpressions(serializedHTML);
20172
20811
  }
20173
- return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(serializedHTML) : serializedHTML;
20812
+ return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? _createTrustedHTML(serializedHTML) : serializedHTML;
20174
20813
  };
20175
20814
  DOMPurify.setConfig = function () {
20176
20815
  let cfg = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
20177
20816
  _parseConfig(cfg);
20178
20817
  SET_CONFIG = true;
20818
+ SET_CONFIG_ALLOWED_TAGS = ALLOWED_TAGS;
20819
+ SET_CONFIG_ALLOWED_ATTR = ALLOWED_ATTR;
20179
20820
  };
20180
20821
  DOMPurify.clearConfig = function () {
20181
20822
  CONFIG = null;
20182
20823
  SET_CONFIG = false;
20824
+ SET_CONFIG_ALLOWED_TAGS = null;
20825
+ SET_CONFIG_ALLOWED_ATTR = null;
20826
+ // Drop any caller-supplied Trusted Types policy so it cannot poison later
20827
+ // `RETURN_TRUSTED_TYPE` output. The internal default policy (cached, and
20828
+ // never recreated — Trusted Types throws on duplicate names) is restored by
20829
+ // the next `_parseConfig`. See GHSA-vxr8-fq34-vvx9.
20830
+ trustedTypesPolicy = defaultTrustedTypesPolicy;
20831
+ emptyHTML = '';
20183
20832
  };
20184
20833
  DOMPurify.isValidAttribute = function (tag, attr, value) {
20185
20834
  /* Initialize shared config vars if necessary. */
@@ -20194,9 +20843,19 @@
20194
20843
  if (typeof hookFunction !== 'function') {
20195
20844
  return;
20196
20845
  }
20846
+ /* Reject unknown entry points. Without this, a non-hook key (e.g.
20847
+ * '__proto__') indexes off the prototype chain rather than a real
20848
+ * hook array, and arrayPush then writes to Object.prototype. Guard
20849
+ * with an own-property check against the known hook names. */
20850
+ if (!objectHasOwnProperty(hooks, entryPoint)) {
20851
+ return;
20852
+ }
20197
20853
  arrayPush(hooks[entryPoint], hookFunction);
20198
20854
  };
20199
20855
  DOMPurify.removeHook = function (entryPoint, hookFunction) {
20856
+ if (!objectHasOwnProperty(hooks, entryPoint)) {
20857
+ return undefined;
20858
+ }
20200
20859
  if (hookFunction !== undefined) {
20201
20860
  const index = arrayLastIndexOf(hooks[entryPoint], hookFunction);
20202
20861
  return index === -1 ? undefined : arraySplice(hooks[entryPoint], index, 1)[0];
@@ -20204,6 +20863,9 @@
20204
20863
  return arrayPop(hooks[entryPoint]);
20205
20864
  };
20206
20865
  DOMPurify.removeHooks = function (entryPoint) {
20866
+ if (!objectHasOwnProperty(hooks, entryPoint)) {
20867
+ return;
20868
+ }
20207
20869
  hooks[entryPoint] = [];
20208
20870
  };
20209
20871
  DOMPurify.removeAllHooks = function () {
@@ -20687,22 +21349,44 @@
20687
21349
  const bogus = get$a(element, 'data-mce-bogus');
20688
21350
  if (!isInternalElement && isString(bogus)) {
20689
21351
  if (bogus === 'all') {
21352
+ // Empty before removing so a detached raw-text element (e.g. script/style) can't carry
21353
+ // markup-like content into DOMPurify's unsafe-node check, which would then throw trying
21354
+ // to _forceRemove the now-parentless node.
21355
+ empty(element);
20690
21356
  remove$8(element);
20691
21357
  }
20692
21358
  else {
20693
21359
  unwrap(element);
20694
21360
  }
21361
+ // We detach the element above; DOMPurify throws if it then tries to _forceRemove the
21362
+ // now-parentless node, so mark the tag allowed to stop that second removal.
21363
+ if (isNonNullable(evt)) {
21364
+ evt.allowedTags[lcTagName] = true;
21365
+ }
20695
21366
  return;
20696
21367
  }
20697
21368
  // Determine if the schema allows the element and either add it or remove it
20698
21369
  const rule = schema.getElementRule(lcTagName);
20699
21370
  if (validate && !rule) {
20700
- // If a special element is invalid, then remove the entire element instead of unwrapping
20701
- if (has$2(specialElements, lcTagName)) {
20702
- remove$8(element);
21371
+ // Don't detach invalid special / non-HTML-namespace elements: DOMPurify throws if it later
21372
+ // _forceRemoves a parentless node (its unsafe-content and namespace checks do this regardless
21373
+ // of allowedTags). Empty and leave attached instead, so DOMPurify removes it without hoisting content.
21374
+ if (settings.sanitize && (has$2(specialElements, lcTagName) || scope !== 'html')) {
21375
+ empty(element);
20703
21376
  }
20704
21377
  else {
20705
- unwrap(element);
21378
+ // No DOMPurify to remove it (sanitize disabled), or a plain invalid HTML element: detach it ourselves.
21379
+ if (has$2(specialElements, lcTagName)) {
21380
+ remove$8(element);
21381
+ }
21382
+ else {
21383
+ unwrap(element);
21384
+ }
21385
+ // The element is now detached; mark the tag allowed so DOMPurify won't _forceRemove the
21386
+ // parentless node and throw. Safe here: it's empty and HTML-namespaced, so no earlier check fires.
21387
+ if (isNonNullable(evt)) {
21388
+ evt.allowedTags[lcTagName] = true;
21389
+ }
20706
21390
  }
20707
21391
  return;
20708
21392
  }
@@ -20885,7 +21569,9 @@
20885
21569
  evt.allowedTags[lcTagName] = keepElement;
20886
21570
  if (!keepElement && settings.sanitize) {
20887
21571
  if (isElement$7(node)) {
20888
- node.remove();
21572
+ // Empty the node and leave it attached so DOMPurify removes it (allowedTags is false).
21573
+ // Detaching it would make DOMPurify throw when it _forceRemoves the parentless node.
21574
+ empty(SugarElement.fromDom(node));
20889
21575
  }
20890
21576
  }
20891
21577
  });
@@ -25605,7 +26291,8 @@
25605
26291
  }, (href) => {
25606
26292
  e.preventDefault();
25607
26293
  if (/^#/.test(href)) {
25608
- const targetEl = editor.dom.select(`${href},[name="${removeLeading(href, '#')}"]`);
26294
+ const id = removeLeading(href, '#');
26295
+ const targetEl = editor.dom.select(`[id="${id}"],[name="${id}"]`);
25609
26296
  if (targetEl.length) {
25610
26297
  editor.selection.scrollIntoView(targetEl[0], true);
25611
26298
  }
@@ -31040,10 +31727,14 @@
31040
31727
  };
31041
31728
  const isInDragStartEvent = checkEvent(0 /* Event.Dragstart */);
31042
31729
 
31043
- const createEmptyFileList = () => Object.freeze({
31044
- length: 0,
31045
- item: (_) => null
31046
- });
31730
+ const createEmptyFileList = () => {
31731
+ const empty = [];
31732
+ return Object.freeze({
31733
+ length: 0,
31734
+ item: (_) => null,
31735
+ [Symbol.iterator]: () => empty[Symbol.iterator]()
31736
+ });
31737
+ };
31047
31738
 
31048
31739
  const modeId = generate('mode');
31049
31740
  const getMode = (transfer) => {
@@ -36876,7 +37567,12 @@
36876
37567
  **/
36877
37568
  const isValidSibling = (el) => getClientRects([el.dom]).length > 0;
36878
37569
  const firstBlockChildOrNewLine = (target) => child(target, (child) => isBr$6(child) || isElement$8(child) && get$8(child, 'display') === 'block');
36879
- const clickAfterEl = (clientX, clientY, rect) => clientX >= rect.right && clientY >= rect.top && clientY <= rect.bottom;
37570
+ const clickAfterEl = (clientX, clientY, el) => get$c(getClientRects([el.dom]), 0).exists((rect) => clientX >= rect.right && clientY >= rect.top && clientY <= rect.bottom);
37571
+ const selectPos = (editor, e, pos) => {
37572
+ e.preventDefault();
37573
+ editor.focus();
37574
+ editor.selection.setRng(pos.toRange());
37575
+ };
36880
37576
  /**
36881
37577
  * In Chrome in a `LI` that contains a block element and where the first child is an inline element
36882
37578
  * clicking on the right side of the first child the carret goes at the start of the element instead that in the end of it
@@ -36886,15 +37582,16 @@
36886
37582
  editor.on('mousedown', (e) => {
36887
37583
  const target = SugarElement.fromDom(e.target);
36888
37584
  if (isListItem$2(target)) {
36889
- firstBlockChildOrNewLine(target).each((firstBlock) => {
36890
- const prevSiblings$1 = prevSiblings(firstBlock);
36891
- findLast(prevSiblings$1, isValidSibling).each((lastInlineBeforeBlock) => {
36892
- if (get$c(getClientRects([lastInlineBeforeBlock.dom]), 0).exists((rect) => clickAfterEl(e.clientX, e.clientY, rect))) {
36893
- prevPosition(target.dom, CaretPosition(firstBlock.dom, 0)).each((pos) => {
36894
- e.preventDefault();
36895
- editor.focus();
36896
- editor.selection.setRng(pos.toRange());
36897
- });
37585
+ firstBlockChildOrNewLine(target).fold(() => {
37586
+ lastChild(target).each((lastChild) => {
37587
+ if (clickAfterEl(e.clientX, e.clientY, lastChild)) {
37588
+ lastPositionIn(target.dom).each((pos) => selectPos(editor, e, pos));
37589
+ }
37590
+ });
37591
+ }, (firstBlock) => {
37592
+ findLast(prevSiblings(firstBlock), isValidSibling).each((lastInlineBeforeBlock) => {
37593
+ if (clickAfterEl(e.clientX, e.clientY, lastInlineBeforeBlock)) {
37594
+ prevPosition(target.dom, CaretPosition(firstBlock.dom, 0)).each((pos) => selectPos(editor, e, pos));
36898
37595
  }
36899
37596
  });
36900
37597
  });
@@ -41185,14 +41882,14 @@
41185
41882
  * @property minorVersion
41186
41883
  * @type String
41187
41884
  */
41188
- minorVersion: '7.0',
41885
+ minorVersion: '8.0',
41189
41886
  /**
41190
41887
  * Release date of TinyMCE build.
41191
41888
  *
41192
41889
  * @property releaseDate
41193
41890
  * @type String
41194
41891
  */
41195
- releaseDate: '2026-07-01',
41892
+ releaseDate: '2026-07-15',
41196
41893
  /**
41197
41894
  * Collection of language pack data.
41198
41895
  *
@@ -42109,7 +42806,7 @@
42109
42806
  }
42110
42807
  catch {
42111
42808
  // It will thrown an error when running this module
42112
- // within webpack where the module.exports object is sealed
42809
+ // within rspack where the module.exports object is sealed
42113
42810
  }
42114
42811
  }
42115
42812
  };