@fairfox/polly 0.81.0 → 0.82.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/cli/polly.js +21 -1
  2. package/dist/cli/polly.js.map +3 -3
  3. package/dist/gallery/gallery.css +1589 -0
  4. package/dist/gallery/gallery.js +5354 -0
  5. package/dist/gallery/index.html +13 -0
  6. package/dist/src/polly-ui/index.js +32 -1
  7. package/dist/src/polly-ui/index.js.map +3 -3
  8. package/dist/src/polly-ui/markdown.js +547 -233
  9. package/dist/src/polly-ui/markdown.js.map +4 -4
  10. package/dist/tools/gallery/src/cli.js +210 -0
  11. package/dist/tools/gallery/src/cli.js.map +11 -0
  12. package/package.json +3 -11
package/dist/src/polly-ui/markdown.js CHANGED
@@ -69,24 +69,68 @@ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require
69
69
  throw Error('Dynamic require of "' + x + '" is not supported');
70
70
  });
71
71
 
72
- // ../../node_modules/.bun/dompurify@3.4.2/node_modules/dompurify/dist/purify.es.mjs
73
- /*! @license DOMPurify 3.4.2 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.4.2/LICENSE */
74
- var {
75
- entries,
76
- setPrototypeOf,
77
- isFrozen,
78
- getPrototypeOf,
79
- getOwnPropertyDescriptor
80
- } = Object;
81
- var {
82
- freeze,
83
- seal,
84
- create
85
- } = Object;
86
- var {
87
- apply,
88
- construct
89
- } = typeof Reflect !== "undefined" && Reflect;
72
+ // ../../node_modules/.bun/dompurify@3.4.10/node_modules/dompurify/dist/purify.es.mjs
73
+ /*! @license DOMPurify 3.4.10 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.4.10/LICENSE */
74
+ function _arrayLikeToArray(r, a) {
75
+ (a == null || a > r.length) && (a = r.length);
76
+ for (var e = 0, n = Array(a);e < a; e++)
77
+ n[e] = r[e];
78
+ return n;
79
+ }
80
+ function _arrayWithHoles(r) {
81
+ if (Array.isArray(r))
82
+ return r;
83
+ }
84
+ function _iterableToArrayLimit(r, l) {
85
+ var t = r == null ? null : typeof Symbol != "undefined" && r[Symbol.iterator] || r["@@iterator"];
86
+ if (t != null) {
87
+ var e, n, i, u, a = [], f = true, o = false;
88
+ try {
89
+ if (i = (t = t.call(r)).next, l === 0)
90
+ ;
91
+ else
92
+ for (;!(f = (e = i.call(t)).done) && (a.push(e.value), a.length !== l); f = true)
93
+ ;
94
+ } catch (r2) {
95
+ o = true, n = r2;
96
+ } finally {
97
+ try {
98
+ if (!f && t.return != null && (u = t.return(), Object(u) !== u))
99
+ return;
100
+ } finally {
101
+ if (o)
102
+ throw n;
103
+ }
104
+ }
105
+ return a;
106
+ }
107
+ }
108
+ function _nonIterableRest() {
109
+ throw new TypeError(`Invalid attempt to destructure non-iterable instance.
110
+ In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`);
111
+ }
112
+ function _slicedToArray(r, e) {
113
+ return _arrayWithHoles(r) || _iterableToArrayLimit(r, e) || _unsupportedIterableToArray(r, e) || _nonIterableRest();
114
+ }
115
+ function _unsupportedIterableToArray(r, a) {
116
+ if (r) {
117
+ if (typeof r == "string")
118
+ return _arrayLikeToArray(r, a);
119
+ var t = {}.toString.call(r).slice(8, -1);
120
+ return t === "Object" && r.constructor && (t = r.constructor.name), t === "Map" || t === "Set" ? Array.from(r) : t === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray(r, a) : undefined;
121
+ }
122
+ }
123
+ var entries = Object.entries;
124
+ var setPrototypeOf = Object.setPrototypeOf;
125
+ var isFrozen = Object.isFrozen;
126
+ var getPrototypeOf = Object.getPrototypeOf;
127
+ var getOwnPropertyDescriptor = Object.getOwnPropertyDescriptor;
128
+ var freeze = Object.freeze;
129
+ var seal = Object.seal;
130
+ var create = Object.create;
131
+ var _ref = typeof Reflect !== "undefined" && Reflect;
132
+ var apply = _ref.apply;
133
+ var construct = _ref.construct;
90
134
  if (!freeze) {
91
135
  freeze = function freeze2(x) {
92
136
  return x;
@@ -187,7 +231,10 @@ function cleanArray(array) {
187
231
  }
188
232
  function clone(object) {
189
233
  const newObject = create(null);
190
- for (const [property, value] of entries(object)) {
234
+ for (const _ref2 of entries(object)) {
235
+ var _ref3 = _slicedToArray(_ref2, 2);
236
+ const property = _ref3[0];
237
+ const value = _ref3[1];
191
238
  const isPropertyExist = objectHasOwnProperty(object, property);
192
239
  if (isPropertyExist) {
193
240
  if (arrayIsArray(value)) {
@@ -272,13 +319,13 @@ var svgDisallowed = freeze(["animate", "color-profile", "cursor", "discard", "fo
272
319
  var mathMl$1 = freeze(["math", "menclose", "merror", "mfenced", "mfrac", "mglyph", "mi", "mlabeledtr", "mmultiscripts", "mn", "mo", "mover", "mpadded", "mphantom", "mroot", "mrow", "ms", "mspace", "msqrt", "mstyle", "msub", "msup", "msubsup", "mtable", "mtd", "mtext", "mtr", "munder", "munderover", "mprescripts"]);
273
320
  var mathMlDisallowed = freeze(["maction", "maligngroup", "malignmark", "mlongdiv", "mscarries", "mscarry", "msgroup", "mstack", "msline", "msrow", "semantics", "annotation", "annotation-xml", "mprescripts", "none"]);
274
321
  var text = freeze(["#text"]);
275
- var html = freeze(["accept", "action", "align", "alt", "autocapitalize", "autocomplete", "autopictureinpicture", "autoplay", "background", "bgcolor", "border", "capture", "cellpadding", "cellspacing", "checked", "cite", "class", "clear", "color", "cols", "colspan", "controls", "controlslist", "coords", "crossorigin", "datetime", "decoding", "default", "dir", "disabled", "disablepictureinpicture", "disableremoteplayback", "download", "draggable", "enctype", "enterkeyhint", "exportparts", "face", "for", "headers", "height", "hidden", "high", "href", "hreflang", "id", "inert", "inputmode", "integrity", "ismap", "kind", "label", "lang", "list", "loading", "loop", "low", "max", "maxlength", "media", "method", "min", "minlength", "multiple", "muted", "name", "nonce", "noshade", "novalidate", "nowrap", "open", "optimum", "part", "pattern", "placeholder", "playsinline", "popover", "popovertarget", "popovertargetaction", "poster", "preload", "pubdate", "radiogroup", "readonly", "rel", "required", "rev", "reversed", "role", "rows", "rowspan", "spellcheck", "scope", "selected", "shape", "size", "sizes", "slot", "span", "srclang", "start", "src", "srcset", "step", "style", "summary", "tabindex", "title", "translate", "type", "usemap", "valign", "value", "width", "wrap", "xmlns"]);
322
+ var html = freeze(["accept", "action", "align", "alt", "autocapitalize", "autocomplete", "autopictureinpicture", "autoplay", "background", "bgcolor", "border", "capture", "cellpadding", "cellspacing", "checked", "cite", "class", "clear", "color", "cols", "colspan", "command", "commandfor", "controls", "controlslist", "coords", "crossorigin", "datetime", "decoding", "default", "dir", "disabled", "disablepictureinpicture", "disableremoteplayback", "download", "draggable", "enctype", "enterkeyhint", "exportparts", "face", "for", "headers", "height", "hidden", "high", "href", "hreflang", "id", "inert", "inputmode", "integrity", "ismap", "kind", "label", "lang", "list", "loading", "loop", "low", "max", "maxlength", "media", "method", "min", "minlength", "multiple", "muted", "name", "nonce", "noshade", "novalidate", "nowrap", "open", "optimum", "part", "pattern", "placeholder", "playsinline", "popover", "popovertarget", "popovertargetaction", "poster", "preload", "pubdate", "radiogroup", "readonly", "rel", "required", "rev", "reversed", "role", "rows", "rowspan", "spellcheck", "scope", "selected", "shape", "size", "sizes", "slot", "span", "srclang", "start", "src", "srcset", "step", "style", "summary", "tabindex", "title", "translate", "type", "usemap", "valign", "value", "width", "wrap", "xmlns"]);
276
323
  var svg = freeze(["accent-height", "accumulate", "additive", "alignment-baseline", "amplitude", "ascent", "attributename", "attributetype", "azimuth", "basefrequency", "baseline-shift", "begin", "bias", "by", "class", "clip", "clippathunits", "clip-path", "clip-rule", "color", "color-interpolation", "color-interpolation-filters", "color-profile", "color-rendering", "cx", "cy", "d", "dx", "dy", "diffuseconstant", "direction", "display", "divisor", "dur", "edgemode", "elevation", "end", "exponent", "fill", "fill-opacity", "fill-rule", "filter", "filterunits", "flood-color", "flood-opacity", "font-family", "font-size", "font-size-adjust", "font-stretch", "font-style", "font-variant", "font-weight", "fx", "fy", "g1", "g2", "glyph-name", "glyphref", "gradientunits", "gradienttransform", "height", "href", "id", "image-rendering", "in", "in2", "intercept", "k", "k1", "k2", "k3", "k4", "kerning", "keypoints", "keysplines", "keytimes", "lang", "lengthadjust", "letter-spacing", "kernelmatrix", "kernelunitlength", "lighting-color", "local", "marker-end", "marker-mid", "marker-start", "markerheight", "markerunits", "markerwidth", "maskcontentunits", "maskunits", "max", "mask", "mask-type", "media", "method", "mode", "min", "name", "numoctaves", "offset", "operator", "opacity", "order", "orient", "orientation", "origin", "overflow", "paint-order", "path", "pathlength", "patterncontentunits", "patterntransform", "patternunits", "points", "preservealpha", "preserveaspectratio", "primitiveunits", "r", "rx", "ry", "radius", "refx", "refy", "repeatcount", "repeatdur", "restart", "result", "rotate", "scale", "seed", "shape-rendering", "slope", "specularconstant", "specularexponent", "spreadmethod", "startoffset", "stddeviation", "stitchtiles", "stop-color", "stop-opacity", "stroke-dasharray", "stroke-dashoffset", "stroke-linecap", "stroke-linejoin", "stroke-miterlimit", "stroke-opacity", "stroke", "stroke-width", "style", "surfacescale", "systemlanguage", "tabindex", "tablevalues", "targetx", "targety", "transform", "transform-origin", "text-anchor", "text-decoration", "text-rendering", "textlength", "type", "u1", "u2", "unicode", "values", "viewbox", "visibility", "version", "vert-adv-y", "vert-origin-x", "vert-origin-y", "width", "word-spacing", "wrap", "writing-mode", "xchannelselector", "ychannelselector", "x", "x1", "x2", "xmlns", "y", "y1", "y2", "z", "zoomandpan"]);
277
324
  var mathMl = freeze(["accent", "accentunder", "align", "bevelled", "close", "columnalign", "columnlines", "columnspacing", "columnspan", "denomalign", "depth", "dir", "display", "displaystyle", "encoding", "fence", "frame", "height", "href", "id", "largeop", "length", "linethickness", "lquote", "lspace", "mathbackground", "mathcolor", "mathsize", "mathvariant", "maxsize", "minsize", "movablelimits", "notation", "numalign", "open", "rowalign", "rowlines", "rowspacing", "rowspan", "rspace", "rquote", "scriptlevel", "scriptminsize", "scriptsizemultiplier", "selection", "separator", "separators", "stretchy", "subscriptshift", "supscriptshift", "symmetric", "voffset", "width", "xmlns"]);
278
325
  var xml = freeze(["xlink:href", "xml:id", "xlink:title", "xml:space", "xmlns:xlink"]);
279
- var MUSTACHE_EXPR = seal(/\{\{[\w\W]*|[\w\W]*\}\}/gm);
280
- var ERB_EXPR = seal(/<%[\w\W]*|[\w\W]*%>/gm);
281
- var TMPLIT_EXPR = seal(/\$\{[\w\W]*/gm);
326
+ var MUSTACHE_EXPR = seal(/{{[\w\W]*|^[\w\W]*}}/g);
327
+ var ERB_EXPR = seal(/<%[\w\W]*|^[\w\W]*%>/g);
328
+ var TMPLIT_EXPR = seal(/\${[\w\W]*/g);
282
329
  var DATA_ATTR = seal(/^data-[\-\w.\u00B7-\uFFFF]+$/);
283
330
  var ARIA_ATTR = seal(/^aria-[\-\w]+$/);
284
331
  var IS_ALLOWED_URI = seal(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp|matrix):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i);
@@ -286,25 +333,23 @@ var IS_SCRIPT_OR_DATA = seal(/^(?:\w+script|data):/i);
286
333
  var ATTR_WHITESPACE = seal(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g);
287
334
  var DOCTYPE_NAME = seal(/^html$/i);
288
335
  var CUSTOM_ELEMENT = seal(/^[a-z][.\w]*(-[.\w]+)+$/i);
289
- var EXPRESSIONS = /* @__PURE__ */ Object.freeze({
290
- __proto__: null,
291
- ARIA_ATTR,
292
- ATTR_WHITESPACE,
293
- CUSTOM_ELEMENT,
294
- DATA_ATTR,
295
- DOCTYPE_NAME,
296
- ERB_EXPR,
297
- IS_ALLOWED_URI,
298
- IS_SCRIPT_OR_DATA,
299
- MUSTACHE_EXPR,
300
- TMPLIT_EXPR
301
- });
336
+ var ELEMENT_MARKUP_PROBE = seal(/<[/\w!]/g);
337
+ var COMMENT_MARKUP_PROBE = seal(/<[/\w]/g);
338
+ var FALLBACK_TAG_CLOSE = seal(/<\/no(script|embed|frames)/i);
339
+ var SELF_CLOSING_TAG = seal(/\/>/i);
302
340
  var NODE_TYPE = {
303
341
  element: 1,
342
+ attribute: 2,
304
343
  text: 3,
305
- progressingInstruction: 7,
344
+ cdataSection: 4,
345
+ entityReference: 5,
346
+ entityNode: 6,
347
+ processingInstruction: 7,
306
348
  comment: 8,
307
- document: 9
349
+ document: 9,
350
+ documentType: 10,
351
+ documentFragment: 11,
352
+ notation: 12
308
353
  };
309
354
  var getGlobal = function getGlobal2() {
310
355
  return typeof window === "undefined" ? null : window;
@@ -346,37 +391,36 @@ var _createHooksMap = function _createHooksMap2() {
346
391
  uponSanitizeShadowNode: []
347
392
  };
348
393
  };
394
+ var _resolveSetOption = function _resolveSetOption2(cfg, key, fallback, options) {
395
+ return objectHasOwnProperty(cfg, key) && arrayIsArray(cfg[key]) ? addToSet(options.base ? clone(options.base) : {}, cfg[key], options.transform) : fallback;
396
+ };
349
397
  function createDOMPurify() {
350
398
  let window2 = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal();
351
399
  const DOMPurify = (root) => createDOMPurify(root);
352
- DOMPurify.version = "3.4.2";
400
+ DOMPurify.version = "3.4.10";
353
401
  DOMPurify.removed = [];
354
402
  if (!window2 || !window2.document || window2.document.nodeType !== NODE_TYPE.document || !window2.Element) {
355
403
  DOMPurify.isSupported = false;
356
404
  return DOMPurify;
357
405
  }
358
- let {
359
- document
360
- } = window2;
406
+ let document = window2.document;
361
407
  const originalDocument = document;
362
408
  const currentScript = originalDocument.currentScript;
363
- const {
364
- DocumentFragment,
365
- HTMLTemplateElement,
366
- Node,
367
- Element,
368
- NodeFilter,
369
- NamedNodeMap = window2.NamedNodeMap || window2.MozNamedAttrMap,
370
- HTMLFormElement,
371
- DOMParser,
372
- trustedTypes
373
- } = window2;
409
+ window2.DocumentFragment;
410
+ const { HTMLTemplateElement, Node, Element, NodeFilter, NamedNodeMap: _window$NamedNodeMap } = window2;
411
+ _window$NamedNodeMap === undefined && (window2.NamedNodeMap || window2.MozNamedAttrMap);
412
+ window2.HTMLFormElement;
413
+ const { DOMParser, trustedTypes } = window2;
374
414
  const ElementPrototype = Element.prototype;
375
415
  const cloneNode = lookupGetter(ElementPrototype, "cloneNode");
376
416
  const remove = lookupGetter(ElementPrototype, "remove");
377
417
  const getNextSibling = lookupGetter(ElementPrototype, "nextSibling");
378
418
  const getChildNodes = lookupGetter(ElementPrototype, "childNodes");
379
419
  const getParentNode = lookupGetter(ElementPrototype, "parentNode");
420
+ const getShadowRoot = lookupGetter(ElementPrototype, "shadowRoot");
421
+ const getAttributes = lookupGetter(ElementPrototype, "attributes");
422
+ const getNodeType = Node && Node.prototype ? lookupGetter(Node.prototype, "nodeType") : null;
423
+ const getNodeName = Node && Node.prototype ? lookupGetter(Node.prototype, "nodeName") : null;
380
424
  if (typeof HTMLTemplateElement === "function") {
381
425
  const template = document.createElement("template");
382
426
  if (template.content && template.content.ownerDocument) {
@@ -385,30 +429,45 @@ function createDOMPurify() {
385
429
  }
386
430
  let trustedTypesPolicy;
387
431
  let emptyHTML = "";
388
- const {
389
- implementation,
390
- createNodeIterator,
391
- createDocumentFragment,
392
- getElementsByTagName
393
- } = document;
394
- const {
395
- importNode
396
- } = originalDocument;
432
+ let defaultTrustedTypesPolicy;
433
+ let defaultTrustedTypesPolicyResolved = false;
434
+ let IN_TRUSTED_TYPES_POLICY = 0;
435
+ const _assertNotInTrustedTypesPolicy = function _assertNotInTrustedTypesPolicy2() {
436
+ if (IN_TRUSTED_TYPES_POLICY > 0) {
437
+ throw typeErrorCreate("A configured TRUSTED_TYPES_POLICY callback (createHTML or " + "createScriptURL) must not call DOMPurify.sanitize, as that causes " + "infinite recursion. Do not pass a policy whose callbacks wrap " + 'DOMPurify as TRUSTED_TYPES_POLICY; see the "DOMPurify and Trusted ' + 'Types" section of the README.');
438
+ }
439
+ };
440
+ const _createTrustedHTML = function _createTrustedHTML2(html2) {
441
+ _assertNotInTrustedTypesPolicy();
442
+ IN_TRUSTED_TYPES_POLICY++;
443
+ try {
444
+ return trustedTypesPolicy.createHTML(html2);
445
+ } finally {
446
+ IN_TRUSTED_TYPES_POLICY--;
447
+ }
448
+ };
449
+ const _createTrustedScriptURL = function _createTrustedScriptURL2(scriptUrl) {
450
+ _assertNotInTrustedTypesPolicy();
451
+ IN_TRUSTED_TYPES_POLICY++;
452
+ try {
453
+ return trustedTypesPolicy.createScriptURL(scriptUrl);
454
+ } finally {
455
+ IN_TRUSTED_TYPES_POLICY--;
456
+ }
457
+ };
458
+ const _getDefaultTrustedTypesPolicy = function _getDefaultTrustedTypesPolicy2() {
459
+ if (!defaultTrustedTypesPolicyResolved) {
460
+ defaultTrustedTypesPolicy = _createTrustedTypesPolicy(trustedTypes, currentScript);
461
+ defaultTrustedTypesPolicyResolved = true;
462
+ }
463
+ return defaultTrustedTypesPolicy;
464
+ };
465
+ const _document = document, implementation = _document.implementation, createNodeIterator = _document.createNodeIterator, createDocumentFragment = _document.createDocumentFragment, getElementsByTagName = _document.getElementsByTagName;
466
+ const importNode = originalDocument.importNode;
397
467
  let hooks = _createHooksMap();
398
468
  DOMPurify.isSupported = typeof entries === "function" && typeof getParentNode === "function" && implementation && implementation.createHTMLDocument !== undefined;
399
- const {
400
- MUSTACHE_EXPR: MUSTACHE_EXPR2,
401
- ERB_EXPR: ERB_EXPR2,
402
- TMPLIT_EXPR: TMPLIT_EXPR2,
403
- DATA_ATTR: DATA_ATTR2,
404
- ARIA_ATTR: ARIA_ATTR2,
405
- IS_SCRIPT_OR_DATA: IS_SCRIPT_OR_DATA2,
406
- ATTR_WHITESPACE: ATTR_WHITESPACE2,
407
- CUSTOM_ELEMENT: CUSTOM_ELEMENT2
408
- } = EXPRESSIONS;
409
- let {
410
- IS_ALLOWED_URI: IS_ALLOWED_URI$1
411
- } = EXPRESSIONS;
469
+ const MUSTACHE_EXPR$1 = MUSTACHE_EXPR, ERB_EXPR$1 = ERB_EXPR, TMPLIT_EXPR$1 = TMPLIT_EXPR, DATA_ATTR$1 = DATA_ATTR, ARIA_ATTR$1 = ARIA_ATTR, IS_SCRIPT_OR_DATA$1 = IS_SCRIPT_OR_DATA, ATTR_WHITESPACE$1 = ATTR_WHITESPACE, CUSTOM_ELEMENT$1 = CUSTOM_ELEMENT;
470
+ let IS_ALLOWED_URI$1 = IS_ALLOWED_URI;
412
471
  let ALLOWED_TAGS = null;
413
472
  const DEFAULT_ALLOWED_TAGS = addToSet({}, [...html$1, ...svg$1, ...svgFilters, ...mathMl$1, ...text]);
414
473
  let ALLOWED_ATTR = null;
@@ -468,7 +527,34 @@ function createDOMPurify() {
468
527
  let IN_PLACE = false;
469
528
  let USE_PROFILES = {};
470
529
  let FORBID_CONTENTS = null;
471
- const DEFAULT_FORBID_CONTENTS = addToSet({}, ["annotation-xml", "audio", "colgroup", "desc", "foreignobject", "head", "iframe", "math", "mi", "mn", "mo", "ms", "mtext", "noembed", "noframes", "noscript", "plaintext", "script", "style", "svg", "template", "thead", "title", "video", "xmp"]);
530
+ const DEFAULT_FORBID_CONTENTS = addToSet({}, [
531
+ "annotation-xml",
532
+ "audio",
533
+ "colgroup",
534
+ "desc",
535
+ "foreignobject",
536
+ "head",
537
+ "iframe",
538
+ "math",
539
+ "mi",
540
+ "mn",
541
+ "mo",
542
+ "ms",
543
+ "mtext",
544
+ "noembed",
545
+ "noframes",
546
+ "noscript",
547
+ "plaintext",
548
+ "script",
549
+ "selectedcontent",
550
+ "style",
551
+ "svg",
552
+ "template",
553
+ "thead",
554
+ "title",
555
+ "video",
556
+ "xmp"
557
+ ]);
472
558
  let DATA_URI_TAGS = null;
473
559
  const DEFAULT_DATA_URI_TAGS = addToSet({}, ["audio", "video", "img", "source", "image", "track"]);
474
560
  let URI_SAFE_ATTRIBUTES = null;
@@ -480,8 +566,10 @@ function createDOMPurify() {
480
566
  let IS_EMPTY_INPUT = false;
481
567
  let ALLOWED_NAMESPACES = null;
482
568
  const DEFAULT_ALLOWED_NAMESPACES = addToSet({}, [MATHML_NAMESPACE, SVG_NAMESPACE, HTML_NAMESPACE], stringToString);
483
- let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, ["mi", "mo", "mn", "ms", "mtext"]);
484
- let HTML_INTEGRATION_POINTS = addToSet({}, ["annotation-xml"]);
569
+ const DEFAULT_MATHML_TEXT_INTEGRATION_POINTS = freeze(["mi", "mo", "mn", "ms", "mtext"]);
570
+ let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, DEFAULT_MATHML_TEXT_INTEGRATION_POINTS);
571
+ const DEFAULT_HTML_INTEGRATION_POINTS = freeze(["annotation-xml"]);
572
+ let HTML_INTEGRATION_POINTS = addToSet({}, DEFAULT_HTML_INTEGRATION_POINTS);
485
573
  const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, ["title", "style", "font", "a", "script"]);
486
574
  let PARSER_MEDIA_TYPE = null;
487
575
  const SUPPORTED_PARSER_MEDIA_TYPES = ["application/xhtml+xml", "text/html"];
@@ -503,14 +591,32 @@ function createDOMPurify() {
503
591
  cfg = clone(cfg);
504
592
  PARSER_MEDIA_TYPE = SUPPORTED_PARSER_MEDIA_TYPES.indexOf(cfg.PARSER_MEDIA_TYPE) === -1 ? DEFAULT_PARSER_MEDIA_TYPE : cfg.PARSER_MEDIA_TYPE;
505
593
  transformCaseFunc = PARSER_MEDIA_TYPE === "application/xhtml+xml" ? stringToString : stringToLowerCase;
506
- ALLOWED_TAGS = objectHasOwnProperty(cfg, "ALLOWED_TAGS") && arrayIsArray(cfg.ALLOWED_TAGS) ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc) : DEFAULT_ALLOWED_TAGS;
507
- ALLOWED_ATTR = objectHasOwnProperty(cfg, "ALLOWED_ATTR") && arrayIsArray(cfg.ALLOWED_ATTR) ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc) : DEFAULT_ALLOWED_ATTR;
508
- ALLOWED_NAMESPACES = objectHasOwnProperty(cfg, "ALLOWED_NAMESPACES") && arrayIsArray(cfg.ALLOWED_NAMESPACES) ? addToSet({}, cfg.ALLOWED_NAMESPACES, stringToString) : DEFAULT_ALLOWED_NAMESPACES;
509
- URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, "ADD_URI_SAFE_ATTR") && arrayIsArray(cfg.ADD_URI_SAFE_ATTR) ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), cfg.ADD_URI_SAFE_ATTR, transformCaseFunc) : DEFAULT_URI_SAFE_ATTRIBUTES;
510
- DATA_URI_TAGS = objectHasOwnProperty(cfg, "ADD_DATA_URI_TAGS") && arrayIsArray(cfg.ADD_DATA_URI_TAGS) ? addToSet(clone(DEFAULT_DATA_URI_TAGS), cfg.ADD_DATA_URI_TAGS, transformCaseFunc) : DEFAULT_DATA_URI_TAGS;
511
- FORBID_CONTENTS = objectHasOwnProperty(cfg, "FORBID_CONTENTS") && arrayIsArray(cfg.FORBID_CONTENTS) ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc) : DEFAULT_FORBID_CONTENTS;
512
- FORBID_TAGS = objectHasOwnProperty(cfg, "FORBID_TAGS") && arrayIsArray(cfg.FORBID_TAGS) ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) : clone({});
513
- FORBID_ATTR = objectHasOwnProperty(cfg, "FORBID_ATTR") && arrayIsArray(cfg.FORBID_ATTR) ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) : clone({});
594
+ ALLOWED_TAGS = _resolveSetOption(cfg, "ALLOWED_TAGS", DEFAULT_ALLOWED_TAGS, {
595
+ transform: transformCaseFunc
596
+ });
597
+ ALLOWED_ATTR = _resolveSetOption(cfg, "ALLOWED_ATTR", DEFAULT_ALLOWED_ATTR, {
598
+ transform: transformCaseFunc
599
+ });
600
+ ALLOWED_NAMESPACES = _resolveSetOption(cfg, "ALLOWED_NAMESPACES", DEFAULT_ALLOWED_NAMESPACES, {
601
+ transform: stringToString
602
+ });
603
+ URI_SAFE_ATTRIBUTES = _resolveSetOption(cfg, "ADD_URI_SAFE_ATTR", DEFAULT_URI_SAFE_ATTRIBUTES, {
604
+ transform: transformCaseFunc,
605
+ base: DEFAULT_URI_SAFE_ATTRIBUTES
606
+ });
607
+ DATA_URI_TAGS = _resolveSetOption(cfg, "ADD_DATA_URI_TAGS", DEFAULT_DATA_URI_TAGS, {
608
+ transform: transformCaseFunc,
609
+ base: DEFAULT_DATA_URI_TAGS
610
+ });
611
+ FORBID_CONTENTS = _resolveSetOption(cfg, "FORBID_CONTENTS", DEFAULT_FORBID_CONTENTS, {
612
+ transform: transformCaseFunc
613
+ });
614
+ FORBID_TAGS = _resolveSetOption(cfg, "FORBID_TAGS", clone({}), {
615
+ transform: transformCaseFunc
616
+ });
617
+ FORBID_ATTR = _resolveSetOption(cfg, "FORBID_ATTR", clone({}), {
618
+ transform: transformCaseFunc
619
+ });
514
620
  USE_PROFILES = objectHasOwnProperty(cfg, "USE_PROFILES") ? cfg.USE_PROFILES && typeof cfg.USE_PROFILES === "object" ? clone(cfg.USE_PROFILES) : cfg.USE_PROFILES : false;
515
621
  ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false;
516
622
  ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false;
@@ -529,8 +635,8 @@ function createDOMPurify() {
529
635
  IN_PLACE = cfg.IN_PLACE || false;
530
636
  IS_ALLOWED_URI$1 = isRegex(cfg.ALLOWED_URI_REGEXP) ? cfg.ALLOWED_URI_REGEXP : IS_ALLOWED_URI;
531
637
  NAMESPACE = typeof cfg.NAMESPACE === "string" ? cfg.NAMESPACE : HTML_NAMESPACE;
532
- MATHML_TEXT_INTEGRATION_POINTS = objectHasOwnProperty(cfg, "MATHML_TEXT_INTEGRATION_POINTS") && cfg.MATHML_TEXT_INTEGRATION_POINTS && typeof cfg.MATHML_TEXT_INTEGRATION_POINTS === "object" ? clone(cfg.MATHML_TEXT_INTEGRATION_POINTS) : addToSet({}, ["mi", "mo", "mn", "ms", "mtext"]);
533
- HTML_INTEGRATION_POINTS = objectHasOwnProperty(cfg, "HTML_INTEGRATION_POINTS") && cfg.HTML_INTEGRATION_POINTS && typeof cfg.HTML_INTEGRATION_POINTS === "object" ? clone(cfg.HTML_INTEGRATION_POINTS) : addToSet({}, ["annotation-xml"]);
638
+ MATHML_TEXT_INTEGRATION_POINTS = objectHasOwnProperty(cfg, "MATHML_TEXT_INTEGRATION_POINTS") && cfg.MATHML_TEXT_INTEGRATION_POINTS && typeof cfg.MATHML_TEXT_INTEGRATION_POINTS === "object" ? clone(cfg.MATHML_TEXT_INTEGRATION_POINTS) : addToSet({}, DEFAULT_MATHML_TEXT_INTEGRATION_POINTS);
639
+ HTML_INTEGRATION_POINTS = objectHasOwnProperty(cfg, "HTML_INTEGRATION_POINTS") && cfg.HTML_INTEGRATION_POINTS && typeof cfg.HTML_INTEGRATION_POINTS === "object" ? clone(cfg.HTML_INTEGRATION_POINTS) : addToSet({}, DEFAULT_HTML_INTEGRATION_POINTS);
534
640
  const customElementHandling = objectHasOwnProperty(cfg, "CUSTOM_ELEMENT_HANDLING") && cfg.CUSTOM_ELEMENT_HANDLING && typeof cfg.CUSTOM_ELEMENT_HANDLING === "object" ? clone(cfg.CUSTOM_ELEMENT_HANDLING) : create(null);
535
641
  CUSTOM_ELEMENT_HANDLING = create(null);
536
642
  if (objectHasOwnProperty(customElementHandling, "tagNameCheck") && isRegexOrFunction(customElementHandling.tagNameCheck)) {
@@ -542,6 +648,7 @@ function createDOMPurify() {
542
648
  if (objectHasOwnProperty(customElementHandling, "allowCustomizedBuiltInElements") && typeof customElementHandling.allowCustomizedBuiltInElements === "boolean") {
543
649
  CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements = customElementHandling.allowCustomizedBuiltInElements;
544
650
  }
651
+ seal(CUSTOM_ELEMENT_HANDLING);
545
652
  if (SAFE_FOR_TEMPLATES) {
546
653
  ALLOW_DATA_ATTR = false;
547
654
  }
@@ -625,16 +732,31 @@ function createDOMPurify() {
625
732
  if (typeof cfg.TRUSTED_TYPES_POLICY.createScriptURL !== "function") {
626
733
  throw typeErrorCreate('TRUSTED_TYPES_POLICY configuration option must provide a "createScriptURL" hook.');
627
734
  }
735
+ const previousTrustedTypesPolicy = trustedTypesPolicy;
628
736
  trustedTypesPolicy = cfg.TRUSTED_TYPES_POLICY;
629
- emptyHTML = trustedTypesPolicy.createHTML("");
737
+ try {
738
+ emptyHTML = _createTrustedHTML("");
739
+ } catch (error) {
740
+ trustedTypesPolicy = previousTrustedTypesPolicy;
741
+ throw error;
742
+ }
743
+ } else if (cfg.TRUSTED_TYPES_POLICY === null) {
744
+ trustedTypesPolicy = undefined;
745
+ emptyHTML = "";
630
746
  } else {
631
747
  if (trustedTypesPolicy === undefined) {
632
- trustedTypesPolicy = _createTrustedTypesPolicy(trustedTypes, currentScript);
748
+ trustedTypesPolicy = _getDefaultTrustedTypesPolicy();
633
749
  }
634
- if (trustedTypesPolicy !== null && typeof emptyHTML === "string") {
635
- emptyHTML = trustedTypesPolicy.createHTML("");
750
+ if (trustedTypesPolicy && typeof emptyHTML === "string") {
751
+ emptyHTML = _createTrustedHTML("");
636
752
  }
637
753
  }
754
+ if ((hooks.uponSanitizeElement.length > 0 || hooks.uponSanitizeAttribute.length > 0) && ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) {
755
+ ALLOWED_TAGS = clone(ALLOWED_TAGS);
756
+ }
757
+ if (hooks.uponSanitizeAttribute.length > 0 && ALLOWED_ATTR === DEFAULT_ALLOWED_ATTR) {
758
+ ALLOWED_ATTR = clone(ALLOWED_ATTR);
759
+ }
638
760
  if (freeze) {
639
761
  freeze(cfg);
640
762
  }
@@ -642,6 +764,33 @@ function createDOMPurify() {
642
764
  };
643
765
  const ALL_SVG_TAGS = addToSet({}, [...svg$1, ...svgFilters, ...svgDisallowed]);
644
766
  const ALL_MATHML_TAGS = addToSet({}, [...mathMl$1, ...mathMlDisallowed]);
767
+ const _checkSvgNamespace = function _checkSvgNamespace2(tagName, parent, parentTagName) {
768
+ if (parent.namespaceURI === HTML_NAMESPACE) {
769
+ return tagName === "svg";
770
+ }
771
+ if (parent.namespaceURI === MATHML_NAMESPACE) {
772
+ return tagName === "svg" && (parentTagName === "annotation-xml" || MATHML_TEXT_INTEGRATION_POINTS[parentTagName]);
773
+ }
774
+ return Boolean(ALL_SVG_TAGS[tagName]);
775
+ };
776
+ const _checkMathMlNamespace = function _checkMathMlNamespace2(tagName, parent, parentTagName) {
777
+ if (parent.namespaceURI === HTML_NAMESPACE) {
778
+ return tagName === "math";
779
+ }
780
+ if (parent.namespaceURI === SVG_NAMESPACE) {
781
+ return tagName === "math" && HTML_INTEGRATION_POINTS[parentTagName];
782
+ }
783
+ return Boolean(ALL_MATHML_TAGS[tagName]);
784
+ };
785
+ const _checkHtmlNamespace = function _checkHtmlNamespace2(tagName, parent, parentTagName) {
786
+ if (parent.namespaceURI === SVG_NAMESPACE && !HTML_INTEGRATION_POINTS[parentTagName]) {
787
+ return false;
788
+ }
789
+ if (parent.namespaceURI === MATHML_NAMESPACE && !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]) {
790
+ return false;
791
+ }
792
+ return !ALL_MATHML_TAGS[tagName] && (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName]);
793
+ };
645
794
  const _checkValidNamespace = function _checkValidNamespace2(element) {
646
795
  let parent = getParentNode(element);
647
796
  if (!parent || !parent.tagName) {
@@ -656,31 +805,13 @@ function createDOMPurify() {
656
805
  return false;
657
806
  }
658
807
  if (element.namespaceURI === SVG_NAMESPACE) {
659
- if (parent.namespaceURI === HTML_NAMESPACE) {
660
- return tagName === "svg";
661
- }
662
- if (parent.namespaceURI === MATHML_NAMESPACE) {
663
- return tagName === "svg" && (parentTagName === "annotation-xml" || MATHML_TEXT_INTEGRATION_POINTS[parentTagName]);
664
- }
665
- return Boolean(ALL_SVG_TAGS[tagName]);
808
+ return _checkSvgNamespace(tagName, parent, parentTagName);
666
809
  }
667
810
  if (element.namespaceURI === MATHML_NAMESPACE) {
668
- if (parent.namespaceURI === HTML_NAMESPACE) {
669
- return tagName === "math";
670
- }
671
- if (parent.namespaceURI === SVG_NAMESPACE) {
672
- return tagName === "math" && HTML_INTEGRATION_POINTS[parentTagName];
673
- }
674
- return Boolean(ALL_MATHML_TAGS[tagName]);
811
+ return _checkMathMlNamespace(tagName, parent, parentTagName);
675
812
  }
676
813
  if (element.namespaceURI === HTML_NAMESPACE) {
677
- if (parent.namespaceURI === SVG_NAMESPACE && !HTML_INTEGRATION_POINTS[parentTagName]) {
678
- return false;
679
- }
680
- if (parent.namespaceURI === MATHML_NAMESPACE && !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]) {
681
- return false;
682
- }
683
- return !ALL_MATHML_TAGS[tagName] && (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName]);
814
+ return _checkHtmlNamespace(tagName, parent, parentTagName);
684
815
  }
685
816
  if (PARSER_MEDIA_TYPE === "application/xhtml+xml" && ALLOWED_NAMESPACES[element.namespaceURI]) {
686
817
  return true;
@@ -695,6 +826,35 @@ function createDOMPurify() {
695
826
  getParentNode(node).removeChild(node);
696
827
  } catch (_) {
697
828
  remove(node);
829
+ if (!getParentNode(node)) {
830
+ throw typeErrorCreate("a node selected for removal could not be detached from its tree " + "and cannot be safely returned; refusing to sanitize in place");
831
+ }
832
+ }
833
+ };
834
+ const _neutralizeRoot = function _neutralizeRoot2(root) {
835
+ const childNodes = getChildNodes(root);
836
+ if (childNodes) {
837
+ const snapshot = [];
838
+ arrayForEach(childNodes, (child) => {
839
+ arrayPush(snapshot, child);
840
+ });
841
+ arrayForEach(snapshot, (child) => {
842
+ try {
843
+ remove(child);
844
+ } catch (_) {}
845
+ });
846
+ }
847
+ const attributes = getAttributes(root);
848
+ if (attributes) {
849
+ for (let i = attributes.length - 1;i >= 0; --i) {
850
+ const attribute = attributes[i];
851
+ const name = attribute && attribute.name;
852
+ if (typeof name === "string") {
853
+ try {
854
+ root.removeAttribute(name);
855
+ } catch (_) {}
856
+ }
857
+ }
698
858
  }
699
859
  };
700
860
  const _removeAttribute = function _removeAttribute2(name, element) {
@@ -722,6 +882,38 @@ function createDOMPurify() {
722
882
  }
723
883
  }
724
884
  };
885
+ const _stripDisallowedAttributes = function _stripDisallowedAttributes2(element) {
886
+ const attributes = getAttributes(element);
887
+ if (!attributes) {
888
+ return;
889
+ }
890
+ for (let i = attributes.length - 1;i >= 0; --i) {
891
+ const attribute = attributes[i];
892
+ const name = attribute && attribute.name;
893
+ if (typeof name !== "string" || ALLOWED_ATTR[transformCaseFunc(name)]) {
894
+ continue;
895
+ }
896
+ try {
897
+ element.removeAttribute(name);
898
+ } catch (_) {}
899
+ }
900
+ };
901
+ const _neutralizeSubtree = function _neutralizeSubtree2(root) {
902
+ const stack = [root];
903
+ while (stack.length > 0) {
904
+ const node = stack.pop();
905
+ const nodeType = getNodeType ? getNodeType(node) : node.nodeType;
906
+ if (nodeType === NODE_TYPE.element) {
907
+ _stripDisallowedAttributes(node);
908
+ }
909
+ const childNodes = getChildNodes(node);
910
+ if (childNodes) {
911
+ for (let i = childNodes.length - 1;i >= 0; --i) {
912
+ stack.push(childNodes[i]);
913
+ }
914
+ }
915
+ }
916
+ };
725
917
  const _initDocument = function _initDocument2(dirty) {
726
918
  let doc = null;
727
919
  let leadingWhitespace = null;
@@ -734,7 +926,7 @@ function createDOMPurify() {
734
926
  if (PARSER_MEDIA_TYPE === "application/xhtml+xml" && NAMESPACE === HTML_NAMESPACE) {
735
927
  dirty = '<html xmlns="http://www.w3.org/1999/xhtml"><head></head><body>' + dirty + "</body></html>";
736
928
  }
737
- const dirtyPayload = trustedTypesPolicy ? trustedTypesPolicy.createHTML(dirty) : dirty;
929
+ const dirtyPayload = trustedTypesPolicy ? _createTrustedHTML(dirty) : dirty;
738
930
  if (NAMESPACE === HTML_NAMESPACE) {
739
931
  try {
740
932
  doc = new DOMParser().parseFromString(dirtyPayload, PARSER_MEDIA_TYPE);
@@ -758,81 +950,135 @@ function createDOMPurify() {
758
950
  const _createNodeIterator = function _createNodeIterator2(root) {
759
951
  return createNodeIterator.call(root.ownerDocument || root, root, NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT | NodeFilter.SHOW_PROCESSING_INSTRUCTION | NodeFilter.SHOW_CDATA_SECTION, null);
760
952
  };
953
+ const _stripTemplateExpressions = function _stripTemplateExpressions2(value) {
954
+ value = stringReplace(value, MUSTACHE_EXPR$1, " ");
955
+ value = stringReplace(value, ERB_EXPR$1, " ");
956
+ value = stringReplace(value, TMPLIT_EXPR$1, " ");
957
+ return value;
958
+ };
959
+ const _scrubTemplateExpressions2 = function _scrubTemplateExpressions(node) {
960
+ var _node$querySelectorAl;
961
+ node.normalize();
962
+ const walker = createNodeIterator.call(node.ownerDocument || node, node, NodeFilter.SHOW_TEXT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_CDATA_SECTION | NodeFilter.SHOW_PROCESSING_INSTRUCTION, null);
963
+ let currentNode = walker.nextNode();
964
+ while (currentNode) {
965
+ currentNode.data = _stripTemplateExpressions(currentNode.data);
966
+ currentNode = walker.nextNode();
967
+ }
968
+ const templates = (_node$querySelectorAl = node.querySelectorAll) === null || _node$querySelectorAl === undefined ? undefined : _node$querySelectorAl.call(node, "template");
969
+ if (templates) {
970
+ arrayForEach(templates, (tmpl) => {
971
+ if (_isDocumentFragment(tmpl.content)) {
972
+ _scrubTemplateExpressions2(tmpl.content);
973
+ }
974
+ });
975
+ }
976
+ };
761
977
  const _isClobbered = function _isClobbered2(element) {
762
- return element instanceof HTMLFormElement && (typeof element.nodeName !== "string" || typeof element.textContent !== "string" || typeof element.removeChild !== "function" || !(element.attributes instanceof NamedNodeMap) || typeof element.removeAttribute !== "function" || typeof element.setAttribute !== "function" || typeof element.namespaceURI !== "string" || typeof element.insertBefore !== "function" || typeof element.hasChildNodes !== "function");
978
+ const realTagName = getNodeName ? getNodeName(element) : null;
979
+ if (typeof realTagName !== "string") {
980
+ return false;
981
+ }
982
+ if (transformCaseFunc(realTagName) !== "form") {
983
+ return false;
984
+ }
985
+ return typeof element.nodeName !== "string" || typeof element.textContent !== "string" || typeof element.removeChild !== "function" || element.attributes !== getAttributes(element) || typeof element.removeAttribute !== "function" || typeof element.setAttribute !== "function" || typeof element.namespaceURI !== "string" || typeof element.insertBefore !== "function" || typeof element.hasChildNodes !== "function" || element.nodeType !== getNodeType(element) || element.childNodes !== getChildNodes(element);
986
+ };
987
+ const _isDocumentFragment = function _isDocumentFragment2(value) {
988
+ if (!getNodeType || typeof value !== "object" || value === null) {
989
+ return false;
990
+ }
991
+ try {
992
+ return getNodeType(value) === NODE_TYPE.documentFragment;
993
+ } catch (_) {
994
+ return false;
995
+ }
763
996
  };
764
997
  const _isNode = function _isNode2(value) {
765
- return typeof Node === "function" && value instanceof Node;
998
+ if (!getNodeType || typeof value !== "object" || value === null) {
999
+ return false;
1000
+ }
1001
+ try {
1002
+ return typeof getNodeType(value) === "number";
1003
+ } catch (_) {
1004
+ return false;
1005
+ }
766
1006
  };
767
1007
  function _executeHooks(hooks2, currentNode, data) {
1008
+ if (hooks2.length === 0) {
1009
+ return;
1010
+ }
768
1011
  arrayForEach(hooks2, (hook) => {
769
1012
  hook.call(DOMPurify, currentNode, data, CONFIG);
770
1013
  });
771
1014
  }
772
- const _sanitizeElements = function _sanitizeElements2(currentNode) {
773
- let content = null;
774
- _executeHooks(hooks.beforeSanitizeElements, currentNode, null);
775
- if (_isClobbered(currentNode)) {
776
- _forceRemove(currentNode);
777
- return true;
778
- }
779
- const tagName = transformCaseFunc(currentNode.nodeName);
780
- _executeHooks(hooks.uponSanitizeElement, currentNode, {
781
- tagName,
782
- allowedTags: ALLOWED_TAGS
783
- });
784
- if (SAFE_FOR_XML && currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w!]/g, currentNode.innerHTML) && regExpTest(/<[/\w!]/g, currentNode.textContent)) {
785
- _forceRemove(currentNode);
1015
+ const _isUnsafeNode = function _isUnsafeNode2(currentNode, tagName) {
1016
+ if (SAFE_FOR_XML && currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(ELEMENT_MARKUP_PROBE, currentNode.textContent) && regExpTest(ELEMENT_MARKUP_PROBE, currentNode.innerHTML)) {
786
1017
  return true;
787
1018
  }
788
1019
  if (SAFE_FOR_XML && currentNode.namespaceURI === HTML_NAMESPACE && tagName === "style" && _isNode(currentNode.firstElementChild)) {
789
- _forceRemove(currentNode);
790
1020
  return true;
791
1021
  }
792
- if (currentNode.nodeType === NODE_TYPE.progressingInstruction) {
793
- _forceRemove(currentNode);
1022
+ if (currentNode.nodeType === NODE_TYPE.processingInstruction) {
794
1023
  return true;
795
1024
  }
796
- if (SAFE_FOR_XML && currentNode.nodeType === NODE_TYPE.comment && regExpTest(/<[/\w]/g, currentNode.data)) {
797
- _forceRemove(currentNode);
1025
+ if (SAFE_FOR_XML && currentNode.nodeType === NODE_TYPE.comment && regExpTest(COMMENT_MARKUP_PROBE, currentNode.data)) {
798
1026
  return true;
799
1027
  }
800
- if (FORBID_TAGS[tagName] || !(EXTRA_ELEMENT_HANDLING.tagCheck instanceof Function && EXTRA_ELEMENT_HANDLING.tagCheck(tagName)) && !ALLOWED_TAGS[tagName]) {
801
- if (!FORBID_TAGS[tagName] && _isBasicCustomElement(tagName)) {
802
- if (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, tagName)) {
803
- return false;
804
- }
805
- if (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.tagNameCheck(tagName)) {
806
- return false;
807
- }
1028
+ return false;
1029
+ };
1030
+ const _sanitizeDisallowedNode = function _sanitizeDisallowedNode2(currentNode, tagName) {
1031
+ if (!FORBID_TAGS[tagName] && _isBasicCustomElement(tagName)) {
1032
+ if (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, tagName)) {
1033
+ return false;
808
1034
  }
809
- if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) {
810
- const parentNode = getParentNode(currentNode) || currentNode.parentNode;
811
- const childNodes = getChildNodes(currentNode) || currentNode.childNodes;
812
- if (childNodes && parentNode) {
813
- const childCount = childNodes.length;
814
- for (let i = childCount - 1;i >= 0; --i) {
815
- const childClone = cloneNode(childNodes[i], true);
816
- parentNode.insertBefore(childClone, getNextSibling(currentNode));
817
- }
1035
+ if (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.tagNameCheck(tagName)) {
1036
+ return false;
1037
+ }
1038
+ }
1039
+ if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) {
1040
+ const parentNode = getParentNode(currentNode);
1041
+ const childNodes = getChildNodes(currentNode);
1042
+ if (childNodes && parentNode) {
1043
+ const childCount = childNodes.length;
1044
+ for (let i = childCount - 1;i >= 0; --i) {
1045
+ const hoisted = IN_PLACE ? childNodes[i] : cloneNode(childNodes[i], true);
1046
+ parentNode.insertBefore(hoisted, getNextSibling(currentNode));
818
1047
  }
819
1048
  }
1049
+ }
1050
+ _forceRemove(currentNode);
1051
+ return true;
1052
+ };
1053
+ const _sanitizeElements = function _sanitizeElements2(currentNode) {
1054
+ _executeHooks(hooks.beforeSanitizeElements, currentNode, null);
1055
+ if (_isClobbered(currentNode)) {
1056
+ _forceRemove(currentNode);
1057
+ return true;
1058
+ }
1059
+ const tagName = transformCaseFunc(getNodeName ? getNodeName(currentNode) : currentNode.nodeName);
1060
+ _executeHooks(hooks.uponSanitizeElement, currentNode, {
1061
+ tagName,
1062
+ allowedTags: ALLOWED_TAGS
1063
+ });
1064
+ if (_isUnsafeNode(currentNode, tagName)) {
820
1065
  _forceRemove(currentNode);
821
1066
  return true;
822
1067
  }
823
- if (currentNode instanceof Element && !_checkValidNamespace(currentNode)) {
1068
+ if (FORBID_TAGS[tagName] || !(EXTRA_ELEMENT_HANDLING.tagCheck instanceof Function && EXTRA_ELEMENT_HANDLING.tagCheck(tagName)) && !ALLOWED_TAGS[tagName]) {
1069
+ return _sanitizeDisallowedNode(currentNode, tagName);
1070
+ }
1071
+ const nt = getNodeType ? getNodeType(currentNode) : currentNode.nodeType;
1072
+ if (nt === NODE_TYPE.element && !_checkValidNamespace(currentNode)) {
824
1073
  _forceRemove(currentNode);
825
1074
  return true;
826
1075
  }
827
- if ((tagName === "noscript" || tagName === "noembed" || tagName === "noframes") && regExpTest(/<\/no(script|embed|frames)/i, currentNode.innerHTML)) {
1076
+ if ((tagName === "noscript" || tagName === "noembed" || tagName === "noframes") && regExpTest(FALLBACK_TAG_CLOSE, currentNode.innerHTML)) {
828
1077
  _forceRemove(currentNode);
829
1078
  return true;
830
1079
  }
831
1080
  if (SAFE_FOR_TEMPLATES && currentNode.nodeType === NODE_TYPE.text) {
832
- content = currentNode.textContent;
833
- arrayForEach([MUSTACHE_EXPR2, ERB_EXPR2, TMPLIT_EXPR2], (expr) => {
834
- content = stringReplace(content, expr, " ");
835
- });
1081
+ const content = _stripTemplateExpressions(currentNode.textContent);
836
1082
  if (currentNode.textContent !== content) {
837
1083
  arrayPush(DOMPurify.removed, {
838
1084
  element: currentNode.cloneNode()
@@ -851,11 +1097,11 @@ function createDOMPurify() {
851
1097
  return false;
852
1098
  }
853
1099
  const nameIsPermitted = ALLOWED_ATTR[lcName] || EXTRA_ELEMENT_HANDLING.attributeCheck instanceof Function && EXTRA_ELEMENT_HANDLING.attributeCheck(lcName, lcTag);
854
- if (ALLOW_DATA_ATTR && !FORBID_ATTR[lcName] && regExpTest(DATA_ATTR2, lcName))
1100
+ if (ALLOW_DATA_ATTR && regExpTest(DATA_ATTR$1, lcName))
855
1101
  ;
856
- else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR2, lcName))
1102
+ else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR$1, lcName))
857
1103
  ;
858
- else if (!nameIsPermitted || FORBID_ATTR[lcName]) {
1104
+ else if (!nameIsPermitted) {
859
1105
  if (_isBasicCustomElement(lcTag) && (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, lcTag) || CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.tagNameCheck(lcTag)) && (CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.attributeNameCheck, lcName) || CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.attributeNameCheck(lcName, lcTag)) || lcName === "is" && CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements && (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, value) || CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.tagNameCheck(value)))
860
1106
  ;
861
1107
  else {
@@ -863,11 +1109,11 @@ function createDOMPurify() {
863
1109
  }
864
1110
  } else if (URI_SAFE_ATTRIBUTES[lcName])
865
1111
  ;
866
- else if (regExpTest(IS_ALLOWED_URI$1, stringReplace(value, ATTR_WHITESPACE2, "")))
1112
+ else if (regExpTest(IS_ALLOWED_URI$1, stringReplace(value, ATTR_WHITESPACE$1, "")))
867
1113
  ;
868
1114
  else if ((lcName === "src" || lcName === "xlink:href" || lcName === "href") && lcTag !== "script" && stringIndexOf(value, "data:") === 0 && DATA_URI_TAGS[lcTag])
869
1115
  ;
870
- else if (ALLOW_UNKNOWN_PROTOCOLS && !regExpTest(IS_SCRIPT_OR_DATA2, stringReplace(value, ATTR_WHITESPACE2, "")))
1116
+ else if (ALLOW_UNKNOWN_PROTOCOLS && !regExpTest(IS_SCRIPT_OR_DATA$1, stringReplace(value, ATTR_WHITESPACE$1, "")))
871
1117
  ;
872
1118
  else if (value) {
873
1119
  return false;
@@ -876,13 +1122,40 @@ function createDOMPurify() {
876
1122
  };
877
1123
  const RESERVED_CUSTOM_ELEMENT_NAMES = addToSet({}, ["annotation-xml", "color-profile", "font-face", "font-face-format", "font-face-name", "font-face-src", "font-face-uri", "missing-glyph"]);
878
1124
  const _isBasicCustomElement = function _isBasicCustomElement2(tagName) {
879
- return !RESERVED_CUSTOM_ELEMENT_NAMES[stringToLowerCase(tagName)] && regExpTest(CUSTOM_ELEMENT2, tagName);
1125
+ return !RESERVED_CUSTOM_ELEMENT_NAMES[stringToLowerCase(tagName)] && regExpTest(CUSTOM_ELEMENT$1, tagName);
1126
+ };
1127
+ const _applyTrustedTypesToAttribute = function _applyTrustedTypesToAttribute2(lcTag, lcName, namespaceURI, value) {
1128
+ if (trustedTypesPolicy && typeof trustedTypes === "object" && typeof trustedTypes.getAttributeType === "function" && !namespaceURI) {
1129
+ switch (trustedTypes.getAttributeType(lcTag, lcName)) {
1130
+ case "TrustedHTML": {
1131
+ return _createTrustedHTML(value);
1132
+ }
1133
+ case "TrustedScriptURL": {
1134
+ return _createTrustedScriptURL(value);
1135
+ }
1136
+ }
1137
+ }
1138
+ return value;
1139
+ };
1140
+ const _setAttributeValue = function _setAttributeValue2(currentNode, name, namespaceURI, value) {
1141
+ try {
1142
+ if (namespaceURI) {
1143
+ currentNode.setAttributeNS(namespaceURI, name, value);
1144
+ } else {
1145
+ currentNode.setAttribute(name, value);
1146
+ }
1147
+ if (_isClobbered(currentNode)) {
1148
+ _forceRemove(currentNode);
1149
+ } else {
1150
+ arrayPop(DOMPurify.removed);
1151
+ }
1152
+ } catch (_) {
1153
+ _removeAttribute(name, currentNode);
1154
+ }
880
1155
  };
881
1156
  const _sanitizeAttributes = function _sanitizeAttributes2(currentNode) {
882
1157
  _executeHooks(hooks.beforeSanitizeAttributes, currentNode, null);
883
- const {
884
- attributes
885
- } = currentNode;
1158
+ const attributes = currentNode.attributes;
886
1159
  if (!attributes || _isClobbered(currentNode)) {
887
1160
  return;
888
1161
  }
@@ -894,13 +1167,10 @@ function createDOMPurify() {
894
1167
  forceKeepAttr: undefined
895
1168
  };
896
1169
  let l = attributes.length;
1170
+ const lcTag = transformCaseFunc(currentNode.nodeName);
897
1171
  while (l--) {
898
1172
  const attr = attributes[l];
899
- const {
900
- name,
901
- namespaceURI,
902
- value: attrValue
903
- } = attr;
1173
+ const { name, namespaceURI, value: attrValue } = attr;
904
1174
  const lcName = transformCaseFunc(name);
905
1175
  const initValue = attrValue;
906
1176
  let value = name === "value" ? initValue : stringTrim(initValue);
@@ -929,51 +1199,20 @@ function createDOMPurify() {
929
1199
  _removeAttribute(name, currentNode);
930
1200
  continue;
931
1201
  }
932
- if (!ALLOW_SELF_CLOSE_IN_ATTR && regExpTest(/\/>/i, value)) {
1202
+ if (!ALLOW_SELF_CLOSE_IN_ATTR && regExpTest(SELF_CLOSING_TAG, value)) {
933
1203
  _removeAttribute(name, currentNode);
934
1204
  continue;
935
1205
  }
936
1206
  if (SAFE_FOR_TEMPLATES) {
937
- arrayForEach([MUSTACHE_EXPR2, ERB_EXPR2, TMPLIT_EXPR2], (expr) => {
938
- value = stringReplace(value, expr, " ");
939
- });
1207
+ value = _stripTemplateExpressions(value);
940
1208
  }
941
- const lcTag = transformCaseFunc(currentNode.nodeName);
942
1209
  if (!_isValidAttribute(lcTag, lcName, value)) {
943
1210
  _removeAttribute(name, currentNode);
944
1211
  continue;
945
1212
  }
946
- if (trustedTypesPolicy && typeof trustedTypes === "object" && typeof trustedTypes.getAttributeType === "function") {
947
- if (namespaceURI)
948
- ;
949
- else {
950
- switch (trustedTypes.getAttributeType(lcTag, lcName)) {
951
- case "TrustedHTML": {
952
- value = trustedTypesPolicy.createHTML(value);
953
- break;
954
- }
955
- case "TrustedScriptURL": {
956
- value = trustedTypesPolicy.createScriptURL(value);
957
- break;
958
- }
959
- }
960
- }
961
- }
1213
+ value = _applyTrustedTypesToAttribute(lcTag, lcName, namespaceURI, value);
962
1214
  if (value !== initValue) {
963
- try {
964
- if (namespaceURI) {
965
- currentNode.setAttributeNS(namespaceURI, name, value);
966
- } else {
967
- currentNode.setAttribute(name, value);
968
- }
969
- if (_isClobbered(currentNode)) {
970
- _forceRemove(currentNode);
971
- } else {
972
- arrayPop(DOMPurify.removed);
973
- }
974
- } catch (_) {
975
- _removeAttribute(name, currentNode);
976
- }
1215
+ _setAttributeValue(currentNode, name, namespaceURI, value);
977
1216
  }
978
1217
  }
979
1218
  _executeHooks(hooks.afterSanitizeAttributes, currentNode, null);
@@ -986,12 +1225,69 @@ function createDOMPurify() {
986
1225
  _executeHooks(hooks.uponSanitizeShadowNode, shadowNode, null);
987
1226
  _sanitizeElements(shadowNode);
988
1227
  _sanitizeAttributes(shadowNode);
989
- if (shadowNode.content instanceof DocumentFragment) {
1228
+ if (_isDocumentFragment(shadowNode.content)) {
990
1229
  _sanitizeShadowDOM2(shadowNode.content);
991
1230
  }
1231
+ const shadowNodeType = getNodeType ? getNodeType(shadowNode) : shadowNode.nodeType;
1232
+ if (shadowNodeType === NODE_TYPE.element) {
1233
+ const innerSr = getShadowRoot(shadowNode);
1234
+ if (_isDocumentFragment(innerSr)) {
1235
+ _sanitizeAttachedShadowRoots(innerSr);
1236
+ _sanitizeShadowDOM2(innerSr);
1237
+ }
1238
+ }
992
1239
  }
993
1240
  _executeHooks(hooks.afterSanitizeShadowDOM, fragment, null);
994
1241
  };
1242
+ const _sanitizeAttachedShadowRoots = function _sanitizeAttachedShadowRoots2(root) {
1243
+ const stack = [{
1244
+ node: root,
1245
+ shadow: null
1246
+ }];
1247
+ while (stack.length > 0) {
1248
+ const item = stack.pop();
1249
+ if (item.shadow) {
1250
+ _sanitizeShadowDOM2(item.shadow);
1251
+ continue;
1252
+ }
1253
+ const node = item.node;
1254
+ const nodeType = getNodeType ? getNodeType(node) : node.nodeType;
1255
+ const isElement = nodeType === NODE_TYPE.element;
1256
+ const childNodes = getChildNodes(node);
1257
+ if (childNodes) {
1258
+ for (let i = childNodes.length - 1;i >= 0; --i) {
1259
+ stack.push({
1260
+ node: childNodes[i],
1261
+ shadow: null
1262
+ });
1263
+ }
1264
+ }
1265
+ if (isElement) {
1266
+ const rootName = getNodeName ? getNodeName(node) : null;
1267
+ if (typeof rootName === "string" && transformCaseFunc(rootName) === "template") {
1268
+ const content = node.content;
1269
+ if (_isDocumentFragment(content)) {
1270
+ stack.push({
1271
+ node: content,
1272
+ shadow: null
1273
+ });
1274
+ }
1275
+ }
1276
+ }
1277
+ if (isElement) {
1278
+ const sr = getShadowRoot(node);
1279
+ if (_isDocumentFragment(sr)) {
1280
+ stack.push({
1281
+ node: null,
1282
+ shadow: sr
1283
+ }, {
1284
+ node: sr,
1285
+ shadow: null
1286
+ });
1287
+ }
1288
+ }
1289
+ }
1290
+ };
995
1291
  DOMPurify.sanitize = function(dirty) {
996
1292
  let cfg = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
997
1293
  let body = null;
@@ -1015,18 +1311,25 @@ function createDOMPurify() {
1015
1311
  _parseConfig(cfg);
1016
1312
  }
1017
1313
  DOMPurify.removed = [];
1018
- if (typeof dirty === "string") {
1019
- IN_PLACE = false;
1020
- }
1021
- if (IN_PLACE) {
1022
- const nn = dirty.nodeName;
1314
+ const inPlace = IN_PLACE && typeof dirty !== "string" && _isNode(dirty);
1315
+ if (inPlace) {
1316
+ const nn = getNodeName ? getNodeName(dirty) : dirty.nodeName;
1023
1317
  if (typeof nn === "string") {
1024
1318
  const tagName = transformCaseFunc(nn);
1025
1319
  if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {
1026
1320
  throw typeErrorCreate("root node is forbidden and cannot be sanitized in-place");
1027
1321
  }
1028
1322
  }
1029
- } else if (dirty instanceof Node) {
1323
+ if (_isClobbered(dirty)) {
1324
+ throw typeErrorCreate("root node is clobbered and cannot be sanitized in-place");
1325
+ }
1326
+ try {
1327
+ _sanitizeAttachedShadowRoots(dirty);
1328
+ } catch (error) {
1329
+ _neutralizeRoot(dirty);
1330
+ throw error;
1331
+ }
1332
+ } else if (_isNode(dirty)) {
1030
1333
  body = _initDocument("<!---->");
1031
1334
  importedNode = body.ownerDocument.importNode(dirty, true);
1032
1335
  if (importedNode.nodeType === NODE_TYPE.element && importedNode.nodeName === "BODY") {
@@ -1036,9 +1339,10 @@ function createDOMPurify() {
1036
1339
  } else {
1037
1340
  body.appendChild(importedNode);
1038
1341
  }
1342
+ _sanitizeAttachedShadowRoots(importedNode);
1039
1343
  } else {
1040
1344
  if (!RETURN_DOM && !SAFE_FOR_TEMPLATES && !WHOLE_DOCUMENT && dirty.indexOf("<") === -1) {
1041
- return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(dirty) : dirty;
1345
+ return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? _createTrustedHTML(dirty) : dirty;
1042
1346
  }
1043
1347
  body = _initDocument(dirty);
1044
1348
  if (!body) {
@@ -1048,25 +1352,35 @@ function createDOMPurify() {
1048
1352
  if (body && FORCE_BODY) {
1049
1353
  _forceRemove(body.firstChild);
1050
1354
  }
1051
- const nodeIterator = _createNodeIterator(IN_PLACE ? dirty : body);
1052
- while (currentNode = nodeIterator.nextNode()) {
1053
- _sanitizeElements(currentNode);
1054
- _sanitizeAttributes(currentNode);
1055
- if (currentNode.content instanceof DocumentFragment) {
1056
- _sanitizeShadowDOM2(currentNode.content);
1355
+ const nodeIterator = _createNodeIterator(inPlace ? dirty : body);
1356
+ try {
1357
+ while (currentNode = nodeIterator.nextNode()) {
1358
+ _sanitizeElements(currentNode);
1359
+ _sanitizeAttributes(currentNode);
1360
+ if (_isDocumentFragment(currentNode.content)) {
1361
+ _sanitizeShadowDOM2(currentNode.content);
1362
+ }
1363
+ }
1364
+ } catch (error) {
1365
+ if (inPlace) {
1366
+ _neutralizeRoot(dirty);
1057
1367
  }
1368
+ throw error;
1058
1369
  }
1059
- if (IN_PLACE) {
1370
+ if (inPlace) {
1371
+ arrayForEach(DOMPurify.removed, (entry) => {
1372
+ if (entry.element) {
1373
+ _neutralizeSubtree(entry.element);
1374
+ }
1375
+ });
1376
+ if (SAFE_FOR_TEMPLATES) {
1377
+ _scrubTemplateExpressions2(dirty);
1378
+ }
1060
1379
  return dirty;
1061
1380
  }
1062
1381
  if (RETURN_DOM) {
1063
1382
  if (SAFE_FOR_TEMPLATES) {
1064
- body.normalize();
1065
- let html2 = body.innerHTML;
1066
- arrayForEach([MUSTACHE_EXPR2, ERB_EXPR2, TMPLIT_EXPR2], (expr) => {
1067
- html2 = stringReplace(html2, expr, " ");
1068
- });
1069
- body.innerHTML = html2;
1383
+ _scrubTemplateExpressions2(body);
1070
1384
  }
1071
1385
  if (RETURN_DOM_FRAGMENT) {
1072
1386
  returnNode = createDocumentFragment.call(body.ownerDocument);
@@ -1087,11 +1401,9 @@ function createDOMPurify() {
1087
1401
  ` + serializedHTML;
1088
1402
  }
1089
1403
  if (SAFE_FOR_TEMPLATES) {
1090
- arrayForEach([MUSTACHE_EXPR2, ERB_EXPR2, TMPLIT_EXPR2], (expr) => {
1091
- serializedHTML = stringReplace(serializedHTML, expr, " ");
1092
- });
1404
+ serializedHTML = _stripTemplateExpressions(serializedHTML);
1093
1405
  }
1094
- return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(serializedHTML) : serializedHTML;
1406
+ return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? _createTrustedHTML(serializedHTML) : serializedHTML;
1095
1407
  };
1096
1408
  DOMPurify.setConfig = function() {
1097
1409
  let cfg = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
@@ -1101,6 +1413,8 @@ function createDOMPurify() {
1101
1413
  DOMPurify.clearConfig = function() {
1102
1414
  CONFIG = null;
1103
1415
  SET_CONFIG = false;
1416
+ trustedTypesPolicy = defaultTrustedTypesPolicy;
1417
+ emptyHTML = "";
1104
1418
  };
1105
1419
  DOMPurify.isValidAttribute = function(tag, attr, value) {
1106
1420
  if (!CONFIG) {
@@ -2474,4 +2788,4 @@ export {
2474
2788
  renderMarkdown
2475
2789
  };
2476
2790
 
2477
- //# debugId=DF2CAA8054D7574864756E2164756E21
2791
+ //# debugId=1624B26CF4552B7564756E2164756E21