@design-edito/tools 0.1.44 → 0.1.46

package/chunks/chunk-XB3EGDBI.js

@@ -0,0 +1,127 @@
+import {
+  register
+} from "./chunk-TIER4TF4.js";
+
+// src/agnostic/html/sanitize/index.ts
+var Sanitize;
+((Sanitize2) => {
+  Sanitize2.defaultOptions = { depth: 20 };
+  function sanitize(inputStr, options = Sanitize2.defaultOptions) {
+    const actualDocument = options.documentObj ?? window.document;
+    if (actualDocument === null) throw register.getError("no-window-document-on-runtime-please-provide" /* NO_DOCUMENT_PLEASE_PROVIDE */, "See documentObj in the options object");
+    const wrapperDiv = actualDocument.createElement("div");
+    const { inputFreeTransform } = options;
+    wrapperDiv.innerHTML = inputFreeTransform !== void 0 ? inputFreeTransform(inputStr) : inputStr;
+    const sanitizedWrapper = sanitizeElement(wrapperDiv, options);
+    const returned = sanitizedWrapper?.innerHTML;
+    return returned ?? "";
+  }
+  Sanitize2.sanitize = sanitize;
+  function sanitizeElement(element, options = Sanitize2.defaultOptions) {
+    const actualDocument = options.documentObj ?? window.document;
+    if (actualDocument === null) throw register.getError("no-window-document-on-runtime-please-provide" /* NO_DOCUMENT_PLEASE_PROVIDE */, "See documentObj in the options object");
+    const { tagName, attributes, childNodes } = element;
+    const {
+      allowedTags = [],
+      allowedAttributes = {},
+      forbiddenTags = [],
+      forbiddenAttributes = {},
+      depth = 20,
+      verbose = false
+    } = options;
+    if (depth <= 0) {
+      console.warn("Max depth reached");
+      return null;
+    }
+    const normalizedTagName = tagName.toLowerCase().trim();
+    const tagIsInForbidden = forbiddenTags.includes("*") || forbiddenTags.includes(normalizedTagName);
+    if (tagIsInForbidden) {
+      if (verbose === true) console.warn(tagName, "tag is forbidden");
+      return null;
+    }
+    const tagIsInAllowed = allowedTags.includes("*") || allowedTags.includes(normalizedTagName);
+    if (!tagIsInAllowed) {
+      if (verbose === true) console.warn(tagName, "tag is not allowed");
+      return null;
+    }
+    const returnedElement = actualDocument.createElement(tagName);
+    const returnedAttributes = Array.from(attributes).filter(({ name: attributeName, value: attributeValue }) => {
+      const allTagsForbiddenAttributes = forbiddenAttributes["*"] ?? [];
+      const thisTagForbiddenAttributes = forbiddenAttributes[normalizedTagName] ?? [];
+      const mergedForbiddenAttributes = [...allTagsForbiddenAttributes, ...thisTagForbiddenAttributes];
+      const isInForbidden = mergedForbiddenAttributes.some(({
+        attributeName: nameTester,
+        attributeValues: valTesters
+      }) => {
+        if (typeof nameTester === "string" && nameTester !== "*" && attributeName !== nameTester) return false;
+        if (typeof nameTester !== "string" && !nameTester.test(attributeName)) return false;
+        if (valTesters === void 0) {
+          if (verbose === true) console.warn(attributeName, "attribute on", tagName, "tag is forbidden");
+          return true;
+        }
+        if (valTesters.includes("*")) {
+          if (verbose === true) console.warn(attributeName, "attribute on", tagName, "tag is forbidden");
+          return true;
+        }
+        return valTesters.some((valTester) => {
+          if (typeof valTester === "string" && attributeValue === valTester) {
+            if (verbose === true) console.warn(attributeValue, "value for", attributeName, "attribute on", tagName, "tag is forbidden. Rule:", valTester);
+            return true;
+          }
+          if (typeof valTester !== "string" && valTester.test(attributeValue)) {
+            if (verbose === true) console.warn(attributeValue, "value for", attributeName, "attribute on", tagName, "tag is forbidden. Rule:", valTester);
+            return true;
+          }
+          return false;
+        });
+      });
+      if (isInForbidden) return false;
+      const allTagsAllowedAttributes = allowedAttributes["*"] ?? [];
+      const thisTagAllowedAttributes = allowedAttributes[normalizedTagName] ?? [];
+      const mergedAllowedAttributes = [...allTagsAllowedAttributes, ...thisTagAllowedAttributes];
+      let latestNotAllowedReason = [tagName, "has no allowed attributes"];
+      const isInAllowed = mergedAllowedAttributes.some(({
+        attributeName: nameTester,
+        attributeValues: valTesters
+      }) => {
+        if (typeof nameTester === "string" && nameTester !== "*" && attributeName !== nameTester) {
+          latestNotAllowedReason = [attributeName, "attribute on", tagName, "tag is not allowed"];
+          return false;
+        }
+        if (typeof nameTester !== "string" && !nameTester.test(attributeName)) {
+          latestNotAllowedReason = [attributeName, "attribute on", tagName, "tag is not allowed"];
+          return false;
+        }
+        if (valTesters === void 0) return true;
+        if (valTesters.includes("*")) return true;
+        return valTesters.some((valTester) => {
+          if (typeof valTester === "string" && attributeValue === valTester) return true;
+          if (typeof valTester !== "string" && valTester.test(attributeValue)) return true;
+          latestNotAllowedReason = [attributeValue, "value for", attributeName, "attribute on", tagName, "tag is not allowed"];
+          return false;
+        });
+      });
+      if (!isInAllowed) {
+        if (verbose === true) console.warn(...latestNotAllowedReason);
+        return false;
+      }
+      return true;
+    });
+    returnedAttributes.forEach(({ name, value }) => {
+      returnedElement.setAttribute(name, value);
+    });
+    const sanitizedChildNodes = Array.from(childNodes).map((node) => {
+      if (node.nodeType === Node.ELEMENT_NODE) return sanitizeElement(node, { ...options, depth: depth - 1 });
+      else if (node.nodeType === Node.TEXT_NODE) return node;
+      else if (options.keepComments === true && node.nodeType === Node.COMMENT_NODE) return node;
+      return null;
+    }).filter((elt) => elt !== null);
+    returnedElement.replaceChildren(...sanitizedChildNodes);
+    return returnedElement;
+  }
+  Sanitize2.sanitizeElement = sanitizeElement;
+})(Sanitize || (Sanitize = {}));
+
+export {
+  Sanitize
+};