@lipemat/eslint-config 5.0.1 → 5.1.0

package/helpers/config.js

@@ -29,3 +29,4 @@ export function getConfig(configs) {
     };
     return mergedConfig.configs;
 }
+//# sourceMappingURL=config.js.map

package/helpers/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,mBAAmB,EAAC,MAAM,2CAA2C,CAAC;AAM9E;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,SAAS,CAAE,OAA4B;IACtD,MAAM,IAAI,GAAG;QACZ,OAAO;KACP,CAAC;IACF,MAAM,YAAY,GAAqB;QACtC,GAAG,IAAI;QACP,GAAG,mBAAmB,CAAoB,eAAe,EAAE,IAAI,CAAE;KACjE,CAAC;IACF,OAAO,YAAY,CAAC,OAAO,CAAC;AAC7B,CAAC"}

package/{types/helpers/config.d.ts → helpers/config.ts}

@@ -1,7 +1,9 @@
-import type { FlatConfig } from '@typescript-eslint/utils/ts-eslint';
-export type ExtensionConfigs = {
-    configs: FlatConfig.Config[];
-};
+import {getExtensionsConfig} from '@lipemat/js-boilerplate/helpers/config.js';
+import type {FlatConfig} from '@typescript-eslint/utils/ts-eslint';
+
+
+export type ExtensionConfigs = { configs: FlatConfig.Config[] };
+
 /**
  * Get a config from our /index.js merged with any
  * matching configuration from the project directory.
@@ -22,4 +24,13 @@ export type ExtensionConfigs = {
  *     return config
  * }
  */
-export declare function getConfig(configs: FlatConfig.Config[]): FlatConfig.Config[];
+export function getConfig( configs: FlatConfig.Config[] ): FlatConfig.Config[] {
+	const BASE = {
+		configs,
+	};
+	const mergedConfig: ExtensionConfigs = {
+		...BASE,
+		...getExtensionsConfig<ExtensionConfigs>( 'eslint.config', BASE ),
+	};
+	return mergedConfig.configs;
+}

package/index.js

@@ -137,3 +137,4 @@ export default [
     ...fixupConfigRules(flatCompat.extends('plugin:deprecation/recommended')),
     ...mergedConfig,
 ];
+//# sourceMappingURL=index.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lipemat/eslint-config",
-  "version": "5.0.1",
+  "version": "5.1.0",
   "license": "MIT",
   "description": "Eslint configuration for all @lipemat packages",
   "engines": {
@@ -8,12 +8,10 @@
   },
   "type": "module",
   "main": "index.js",
-  "types": "types",
   "files": [
     "index.js",
-    "helpers/**/*.js",
-    "plugins/**/*.js",
-    "types"
+    "helpers",
+    "plugins"
   ],
   "repository": {
     "type": "git",
@@ -24,16 +22,16 @@
   },
   "homepage": "https://github.com/lipemat/eslint-config#readme",
   "scripts": {
-    "build": "tsc --project ./plugins --declaration --declarationDir types",
+    "build": "tsc --project ./plugins",
     "prepublishOnly": "yarn run build",
     "test": "lipemat-js-boilerplate test",
     "validate-ts": "tsc --project ./plugins --noEmit",
-    "watch": "tsc --project ./plugins --watch --inlineSourceMap"
+    "watch": "tsc --project ./plugins --watch"
   },
   "dependencies": {
     "@eslint/compat": "^1.2.4",
     "@eslint/eslintrc": "^3.2.0",
-    "@lipemat/js-boilerplate": "^10.14.1",
+    "@lipemat/js-boilerplate": "^10.14.3",
     "@stylistic/eslint-plugin-ts": "^2.12.1",
     "@types/eslint": "^9",
     "@typescript-eslint/eslint-plugin": "^8.40.0",
@@ -52,18 +50,17 @@
     "@types/jquery": "^3.5.16",
     "@types/node": "^20",
     "@typescript-eslint/rule-tester": "^8.40.0",
-    "@typescript-eslint/types": "^8.40.0",
     "dompurify": "^3.2.6",
     "execa": "^5.1.1",
     "jest": "^29",
     "jest-runner-eslint": "^2.2.1",
-    "typescript": "5.8.3"
+    "typescript": "~5.8.3"
   },
   "peerDependencies": {
-    "typescript": "^5.8.3"
+    "typescript": "~5.8.3"
   },
   "resolutions": {
     "@babel/runtime": "^7.27.0"
   },
-  "packageManager": "yarn@4.9.2"
+  "packageManager": "yarn@4.9.4"
 }

package/plugins/security/helpers/dom-purify.js

@@ -16,3 +16,4 @@ export function isSanitized(node) {
     }
     return false;
 }
+//# sourceMappingURL=dom-purify.js.map

package/plugins/security/helpers/dom-purify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dom-purify.js","sourceRoot":"","sources":["dom-purify.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAgB,MAAM,0BAA0B,CAAC;AAGvE;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAE,IAAsF;IAClH,IAAK,cAAc,CAAC,cAAc,KAAK,IAAI,CAAC,IAAI,EAAG,CAAC;QACnD,OAAO,KAAK,CAAC;IACd,CAAC;IACD,IAAK,cAAc,CAAC,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,EAAG,CAAC;QACzF,OAAO,IAAI,CAAC;IACb,CAAC;IAED,IAAK,cAAc,CAAC,gBAAgB,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,cAAc,CAAC,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAG,CAAC;QACrH,OAAO,WAAW,KAAK,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE;YAC3D,cAAc,CAAC,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;IACtG,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC"}

package/plugins/security/helpers/dom-purify.ts

@@ -0,0 +1,21 @@
+import {AST_NODE_TYPES, type TSESTree} from '@typescript-eslint/utils';
+import type ESTree from 'estree';
+
+/**
+ * Check if a node is a call to a known sanitization function.
+ * - Currently recognizes `sanitize(...)` and `DOMPurify.sanitize(...)`.
+ */
+export function isSanitized( node: ESTree.Expression | TSESTree.Property['value'] | TSESTree.CallExpressionArgument ): boolean {
+	if ( AST_NODE_TYPES.CallExpression !== node.type ) {
+		return false;
+	}
+	if ( AST_NODE_TYPES.Identifier === node.callee.type && 'sanitize' === node.callee.name ) {
+		return true;
+	}
+
+	if ( AST_NODE_TYPES.MemberExpression === node.callee.type && AST_NODE_TYPES.Identifier === node.callee.object.type ) {
+		return 'dompurify' === node.callee.object.name.toLowerCase() &&
+			AST_NODE_TYPES.Identifier === node.callee.property.type && 'sanitize' === node.callee.property.name;
+	}
+	return false;
+}

package/plugins/security/helpers/element.js

@@ -16,3 +16,4 @@ export function isDomElementType(expression, context) {
     }
     return name.startsWith('HTML') && name.endsWith('Element');
 }
+//# sourceMappingURL=element.js.map

package/plugins/security/helpers/element.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"element.js","sourceRoot":"","sources":["element.ts"],"names":[],"mappings":"AAEA,OAAO,EAAC,OAAO,EAAC,MAAM,eAAe,CAAC;AAEtC;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAuE,UAA2C,EAAE,OAAgB;IACnK,MAAM,IAAI,GAAS,OAAO,CAAW,UAAU,EAAE,OAAO,CAAE,CAAC;IAE3D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,EAAE,WAAW,IAAI,EAAE,CAAC;IACjD,4FAA4F;IAC5F,IAAK,SAAS,KAAK,IAAI,EAAG,CAAC;QAC1B,OAAO,IAAI,CAAC;IACb,CAAC;IACD,OAAO,IAAI,CAAC,UAAU,CAAE,MAAM,CAAE,IAAI,IAAI,CAAC,QAAQ,CAAE,SAAS,CAAE,CAAC;AAChE,CAAC"}

package/plugins/security/helpers/element.ts

@@ -0,0 +1,22 @@
+import type {TSESLint, TSESTree} from '@typescript-eslint/utils';
+import type {Type} from 'typescript';
+import {getType} from './ts-types.js';
+
+/**
+ * Is the type of variable being passed a DOM element?
+ *
+ * - DOM elements are of the type `HTML{*}Element`.
+ * - DOM elements do not require sanitization.
+ *
+ * @link https://typescript-eslint.io/developers/custom-rules/#typed-rules
+ */
+export function isDomElementType<Context extends Readonly<TSESLint.RuleContext<string, readonly []>>>( expression: TSESTree.CallExpressionArgument, context: Context ): boolean {
+	const type: Type = getType<Context>( expression, context );
+
+	const name = type.getSymbol()?.escapedName ?? '';
+	// Match any type that ends with "Element", e.g., HTMLElement, HTMLDivElement, Element, etc.
+	if ( 'Element' === name ) {
+		return true;
+	}
+	return name.startsWith( 'HTML' ) && name.endsWith( 'Element' );
+}

package/plugins/security/helpers/string.js

@@ -37,3 +37,4 @@ export function isSafeLiteralString(node) {
     }
     return !/^\s*(?:javascript|data|vbscript|about|livescript)\s*:/i.test(decodeURIComponent(node.value.replace(/[\u0000-\u001F\u007F]+/g, '')));
 }
+//# sourceMappingURL=string.js.map

package/plugins/security/helpers/string.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"string.js","sourceRoot":"","sources":["string.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAA+B,MAAM,0BAA0B,CAAC;AAEtF,OAAO,EAAC,OAAO,EAAC,MAAM,eAAe,CAAC;AAEtC;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAE,IAAqC,EAAE,OAA4D;IAChI,MAAM,IAAI,GAAG,OAAO,CAAE,IAAI,EAAE,OAAO,CAAE,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,eAAe,IAAI,IAAI,IAAI,QAAQ,KAAK,IAAI,CAAC,aAAa,CAAC;IAC7E,OAAO,CAAE,cAAc,CAAC,OAAO,KAAK,IAAI,CAAC,IAAI,IAAI,QAAQ,KAAK,OAAO,IAAI,CAAC,KAAK,CAAE,IAAI,CAAE,cAAc,CAAC,eAAe,KAAK,IAAI,CAAC,IAAI,CAAE,IAAI,OAAO,IAAI,SAAS,CAAC;AAC/J,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAE,IAAkE;IAClG,OAAO,cAAc,CAAC,OAAO,KAAK,IAAI,CAAC,IAAI,IAAI,QAAQ,KAAK,OAAO,IAAI,CAAC,KAAK,CAAC;AAC/E,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAE,IAAkE;IACtG,IAAK,cAAc,CAAC,qBAAqB,KAAK,IAAI,CAAC,IAAI,EAAG,CAAC;QAC1D,OAAO,mBAAmB,CAAE,IAAI,CAAC,UAAU,CAAE,IAAI,mBAAmB,CAAE,IAAI,CAAC,SAAS,CAAE,CAAC;IACxF,CAAC;IAED,IAAK,CAAE,eAAe,CAAE,IAAI,CAAE,EAAG,CAAC;QACjC,OAAO,KAAK,CAAC;IACd,CAAC;IACD,IAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAE,SAAS,CAAE,EAAG,CAAC;QACxC,OAAO,KAAK,CAAC;IACd,CAAC;IACD,OAAO,CAAE,wDAAwD,CAAC,IAAI,CAAE,kBAAkB,CAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAE,yBAAyB,EAAE,EAAE,CAAE,CAAE,CAAE,CAAC;AACrJ,CAAC"}

package/plugins/security/helpers/string.ts

@@ -0,0 +1,44 @@
+import {AST_NODE_TYPES, type TSESLint, type TSESTree} from '@typescript-eslint/utils';
+
+import {getType} from './ts-types.js';
+
+/**
+ * Is the node of type string.
+ * - String literals.
+ * - constants of type string.
+ * - template literals.
+ * - intrinsic type string.
+ */
+export function isStringLike( node: TSESTree.CallExpressionArgument, context: Readonly<TSESLint.RuleContext<string, readonly []>> ): boolean {
+	const type = getType( node, context );
+	const literal = type.isStringLiteral();
+	const intrinsic = 'intrinsicName' in type && 'string' === type.intrinsicName;
+	return ( AST_NODE_TYPES.Literal === node.type && 'string' === typeof node.value ) || ( AST_NODE_TYPES.TemplateLiteral === node.type ) || literal || intrinsic;
+}
+
+/**
+ * Check if a node is a literal string
+ */
+export function isLiteralString( node: TSESTree.Property['value'] | TSESTree.CallExpressionArgument ): node is TSESTree.StringLiteral {
+	return AST_NODE_TYPES.Literal === node.type && 'string' === typeof node.value;
+}
+
+/**
+ * Check if a node is a literal string that is safe to use in an HTML context.
+ * - Must be a literal string. Or a conditional expression where both branches are safe literal strings.
+ * - Must not contain `<script`.
+ * - Must not start with a dangerous protocol (javascript:, data:, vbscript:, about:, livescript:).
+ */
+export function isSafeLiteralString( node: TSESTree.Property['value'] | TSESTree.CallExpressionArgument ): boolean {
+	if ( AST_NODE_TYPES.ConditionalExpression === node.type ) {
+		return isSafeLiteralString( node.consequent ) && isSafeLiteralString( node.alternate );
+	}
+
+	if ( ! isLiteralString( node ) ) {
+		return false;
+	}
+	if ( node.value.includes( '<script' ) ) {
+		return false;
+	}
+	return ! /^\s*(?:javascript|data|vbscript|about|livescript)\s*:/i.test( decodeURIComponent( node.value.replace( /[\u0000-\u001F\u007F]+/g, '' ) ) );
+}

package/plugins/security/helpers/ts-types.js

@@ -7,3 +7,4 @@ export function getType(expression, context) {
     const type = getTypeAtLocation(expression);
     return type.getNonNullableType();
 }
+//# sourceMappingURL=ts-types.js.map

package/plugins/security/helpers/ts-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ts-types.js","sourceRoot":"","sources":["ts-types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,WAAW,EAA+B,MAAM,0BAA0B,CAAC;AAGnF;;GAEG;AACH,MAAM,UAAU,OAAO,CAAuE,UAA2C,EAAE,OAAgB;IAC1J,MAAM,EAAC,iBAAiB,EAAC,GAAG,WAAW,CAAC,iBAAiB,CAAE,OAAO,CAAE,CAAC;IACrE,MAAM,IAAI,GAAG,iBAAiB,CAAE,UAAU,CAAE,CAAC;IAC7C,OAAO,IAAI,CAAC,kBAAkB,EAAE,CAAC;AAClC,CAAC"}

package/plugins/security/helpers/ts-types.ts

@@ -0,0 +1,11 @@
+import {ESLintUtils, type TSESLint, type TSESTree} from '@typescript-eslint/utils';
+import type {Type} from 'typescript';
+
+/**
+ * Get the TypeScript type of node.
+ */
+export function getType<Context extends Readonly<TSESLint.RuleContext<string, readonly []>>>( expression: TSESTree.CallExpressionArgument, context: Context ): Type {
+	const {getTypeAtLocation} = ESLintUtils.getParserServices( context );
+	const type = getTypeAtLocation( expression );
+	return type.getNonNullableType();
+}

package/plugins/security/index.js

@@ -6,6 +6,7 @@ import htmlStringConcat from './rules/html-string-concat.js';
 import jqueryExecuting from './rules/jquery-executing.js';
 import vulnerableTagStripping from './rules/vulnerable-tag-stripping.js';
 import windowEscaping from './rules/window-escaping.js';
+import noAtHtmlTags from './rules/no-at-html-tags.js';
 import { readFileSync } from 'fs';
 import { resolve } from 'path';
 const pkg = JSON.parse(readFileSync(resolve('./package.json'), 'utf8'));
@@ -21,11 +22,13 @@ const plugin = {
         'html-sinks': htmlSinks,
         'html-string-concat': htmlStringConcat,
         'jquery-executing': jqueryExecuting,
+        'no-at-html-tags': noAtHtmlTags,
         'vulnerable-tag-stripping': vulnerableTagStripping,
         'window-escaping': windowEscaping,
     },
     configs: {
         recommended: {},
+        svelte: {},
     },
 };
 // Freeze the plugin to prevent modifications and use the plugin within.
@@ -45,5 +48,12 @@ plugin.configs = Object.freeze({
             '@lipemat/security/window-escaping': 'error',
         },
     },
+    svelte: {
+        files: ['**/*.svelte', '*.svelte'],
+        rules: {
+            '@lipemat/security/no-at-html-tags': 'error',
+        },
+    },
 });
 export default plugin;
+//# sourceMappingURL=index.js.map

package/plugins/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,uBAAuB,MAAM,uCAAuC,CAAC;AAC5E,OAAO,uBAAuB,MAAM,sCAAsC,CAAC;AAC3E,OAAO,qBAAqB,MAAM,oCAAoC,CAAC;AACvE,OAAO,SAAS,MAAM,uBAAuB,CAAC;AAC9C,OAAO,gBAAgB,MAAM,+BAA+B,CAAC;AAC7D,OAAO,eAAe,MAAM,6BAA6B,CAAC;AAC1D,OAAO,sBAAsB,MAAM,qCAAqC,CAAC;AACzE,OAAO,cAAc,MAAM,4BAA4B,CAAC;AACxD,OAAO,YAAY,MAAM,4BAA4B,CAAC;AACtD,OAAO,EAAC,YAAY,EAAC,MAAM,IAAI,CAAC;AAChC,OAAO,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAI7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CACrB,YAAY,CAAE,OAAO,CAAE,gBAAgB,CAAE,EAAE,MAAM,CAAE,CACnD,CAAC;AAUF,MAAM,MAAM,GAAW;IACtB,IAAI,EAAE;QACL,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,OAAO,EAAE,GAAG,CAAC,OAAO;KACpB;IACD,KAAK,EAAE;QACN,4BAA4B,EAAE,uBAAuB;QACrD,2BAA2B,EAAE,uBAAuB;QACpD,yBAAyB,EAAE,qBAAqB;QAChD,YAAY,EAAE,SAAS;QACvB,oBAAoB,EAAE,gBAAgB;QACtC,kBAAkB,EAAE,eAAe;QACnC,iBAAiB,EAAE,YAAY;QAC/B,0BAA0B,EAAE,sBAAsB;QAClD,iBAAiB,EAAE,cAAc;KACjC;IACD,OAAO,EAAE;QACR,WAAW,EAAE,EAAE;QACf,MAAM,EAAE,EAAE;KACV;CACD,CAAC;AAEF,wEAAwE;AACxE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAE;IAC/B,WAAW,EAAE;QACZ,OAAO,EAAE;YACR,mBAAmB,EAAE,MAAM;SAC3B;QACD,KAAK,EAAE;YACN,8CAA8C,EAAE,OAAO;YACvD,6CAA6C,EAAE,OAAO;YACtD,2CAA2C,EAAE,OAAO;YACpD,8BAA8B,EAAE,OAAO;YACvC,sCAAsC,EAAE,OAAO;YAC/C,oCAAoC,EAAE,OAAO;YAC7C,4CAA4C,EAAE,OAAO;YACrD,mCAAmC,EAAE,OAAO;SAC5C;KACD;IACD,MAAM,EAAE;QACP,KAAK,EAAE,CAAE,aAAa,EAAE,UAAU,CAAE;QACpC,KAAK,EAAE;YACN,mCAAmC,EAAE,OAAO;SAC5C;KACD;CACD,CAAE,CAAC;AAEJ,eAAe,MAAM,CAAC"}

package/plugins/security/index.ts

@@ -0,0 +1,74 @@
+import dangerouslySetInnerHtml from './rules/dangerously-set-inner-html.js';
+import htmlExecutingAssignment from './rules/html-executing-assignment.js';
+import htmlExecutingFunction from './rules/html-executing-function.js';
+import htmlSinks from './rules/html-sinks.js';
+import htmlStringConcat from './rules/html-string-concat.js';
+import jqueryExecuting from './rules/jquery-executing.js';
+import vulnerableTagStripping from './rules/vulnerable-tag-stripping.js';
+import windowEscaping from './rules/window-escaping.js';
+import noAtHtmlTags from './rules/no-at-html-tags.js';
+import {readFileSync} from 'fs';
+import {resolve} from 'path';
+import type {FlatConfig} from '@typescript-eslint/utils/ts-eslint';
+
+
+const pkg = JSON.parse(
+	readFileSync( resolve( './package.json' ), 'utf8' ),
+);
+
+
+type Plugin = FlatConfig.Plugin & {
+	configs: {
+		recommended: FlatConfig.Config;
+		svelte: FlatConfig.Config;
+	}
+}
+
+const plugin: Plugin = {
+	meta: {
+		name: pkg.name,
+		version: pkg.version,
+	},
+	rules: {
+		'dangerously-set-inner-html': dangerouslySetInnerHtml,
+		'html-executing-assignment': htmlExecutingAssignment,
+		'html-executing-function': htmlExecutingFunction,
+		'html-sinks': htmlSinks,
+		'html-string-concat': htmlStringConcat,
+		'jquery-executing': jqueryExecuting,
+		'no-at-html-tags': noAtHtmlTags,
+		'vulnerable-tag-stripping': vulnerableTagStripping,
+		'window-escaping': windowEscaping,
+	},
+	configs: {
+		recommended: {},
+		svelte: {},
+	},
+};
+
+// Freeze the plugin to prevent modifications and use the plugin within.
+plugin.configs = Object.freeze( {
+	recommended: {
+		plugins: {
+			'@lipemat/security': plugin,
+		},
+		rules: {
+			'@lipemat/security/dangerously-set-inner-html': 'error',
+			'@lipemat/security/html-executing-assignment': 'error',
+			'@lipemat/security/html-executing-function': 'error',
+			'@lipemat/security/html-sinks': 'error',
+			'@lipemat/security/html-string-concat': 'error',
+			'@lipemat/security/jquery-executing': 'error',
+			'@lipemat/security/vulnerable-tag-stripping': 'error',
+			'@lipemat/security/window-escaping': 'error',
+		},
+	},
+	svelte: {
+		files: [ '**/*.svelte', '*.svelte' ],
+		rules: {
+			'@lipemat/security/no-at-html-tags': 'error',
+		},
+	},
+} );
+
+export default plugin;

package/plugins/security/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "@lipemat/eslint-plugin-security",
+  "description": "ESLint rules to replace PHPCS security scanning",
+  "version": "1.0.0",
+  "private": true,
+  "license": "MIT",
+  "type": "module",
+  "main": "index.js",
+  "source": "index.ts",
+  "files": [
+    "index.ts",
+    "index.js",
+    "rules/",
+    "helpers/"
+  ],
+  "dependencies": {
+    "eslint": "^9",
+    "@typescript-eslint/utils": "^8.40.0"
+  },
+  "peerDependencies": {
+    "eslint": "^9",
+    "@typescript-eslint/parser": "^8.40.0",
+    "typescript": "~5.8.3"
+  }
+}

package/plugins/security/rules/dangerously-set-inner-html.js

@@ -74,3 +74,4 @@ const plugin = {
     },
 };
 export default plugin;
+//# sourceMappingURL=dangerously-set-inner-html.js.map

package/plugins/security/rules/dangerously-set-inner-html.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dangerously-set-inner-html.js","sourceRoot":"","sources":["dangerously-set-inner-html.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAA+B,MAAM,0BAA0B,CAAC;AAEtF,OAAO,EAAC,WAAW,EAAC,MAAM,0BAA0B,CAAC;AAKrD,SAAS,yBAAyB,CAAE,IAA2B;IAC9D,OAAO,CACN,cAAc,KAAK,IAAI,CAAC,IAAI;QAC5B,yBAAyB,KAAK,IAAI,CAAC,IAAI,CAAC,IAAI,CAC5C,CAAC;AACH,CAAC;AAED,SAAS,+BAA+B,CAAE,IAA2B;IACpE,2CAA2C;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC;IACvB,IAAK,IAAI,KAAK,GAAG,EAAG,CAAC;QACpB,OAAO,IAAI,CAAC,CAAC,oBAAoB;IAClC,CAAC;IACD,IAAK,cAAc,CAAC,sBAAsB,KAAK,GAAG,CAAC,IAAI,EAAG,CAAC;QAC1D,OAAO,IAAI,CAAC;IACb,CAAC;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC;IAC5B,IAAK,cAAc,CAAC,gBAAgB,KAAK,IAAI,CAAC,IAAI,EAAG,CAAC;QACrD,OAAO,IAAI,CAAC;IACb,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAE,CAAC,CAAC,EAAE,CAAC,CAC3C,cAAc,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI;QAClC,CACC,CAAE,cAAc,CAAC,UAAU,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,QAAQ,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,CAAE;YACvE,CAAE,cAAc,CAAC,OAAO,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,QAAQ,KAAK,CAAC,CAAC,GAAG,CAAC,KAAK,CAAE,CACrE,CACD,CAAE,CAAC;IACJ,IAAK,SAAS,KAAK,QAAQ,IAAI,OAAO,IAAI,QAAQ,EAAG,CAAC;QACrD,OAAO,QAAQ,CAAC,KAAK,CAAC;IACvB,CAAC;IACD,OAAO,IAAI,CAAC;AACb,CAAC;AAGD,MAAM,MAAM,GAAkC;IAC7C,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACL,IAAI,EAAE,SAAS;QACf,cAAc,EAAE,IAAI;QACpB,IAAI,EAAE;YACL,WAAW,EAAE,8DAA8D;SAC3E;QACD,QAAQ,EAAE;YACT,kBAAkB,EAAE,sGAAsG;YAE1H,cAAc;YACd,SAAS,EAAE,sDAAsD;YACjE,QAAQ,EAAE,4CAA4C;SACtD;QACD,MAAM,EAAE,EAAE;KACV;IACD,MAAM,CAAE,OAAgB;QACvB,OAAO;YACN,YAAY,CAAE,IAA2B;gBACxC,IAAK,CAAE,yBAAyB,CAAE,IAAI,CAAE,EAAG,CAAC;oBAC3C,OAAO;gBACR,CAAC;gBACD,MAAM,SAAS,GAAG,+BAA+B,CAAE,IAAI,CAAE,CAAC;gBAC1D,IAAK,IAAI,KAAK,SAAS,IAAI,WAAW,CAAE,SAAS,CAAE,EAAG,CAAC;oBACtD,OAAO;gBACR,CAAC;gBAED,OAAO,CAAC,MAAM,CAAE;oBACf,IAAI;oBACJ,SAAS,EAAE,oBAAoB;oBAC/B,OAAO,EAAE;wBACR;4BACC,SAAS,EAAE,WAAW;4BACtB,GAAG,EAAE,CAAE,KAAyB,EAAG,EAAE;gCACpC,OAAO,KAAK,CAAC,WAAW,CAAE,IAAI,EAAE,yDAAyD,OAAO,CAAC,UAAU,CAAC,OAAO,CAAE,SAAS,CAAE,MAAM,CAAE,CAAC;4BAC1I,CAAC;yBACD;wBACD;4BACC,SAAS,EAAE,UAAU;4BACrB,GAAG,EAAE,CAAE,KAAyB,EAAG,EAAE;gCACpC,OAAO,KAAK,CAAC,WAAW,CAAE,IAAI,EAAE,+CAA+C,OAAO,CAAC,UAAU,CAAC,OAAO,CAAE,SAAS,CAAE,MAAM,CAAE,CAAC;4BAChI,CAAC;yBACD;qBACD;iBACD,CAAE,CAAC;YACL,CAAC;SACD,CAAC;IACH,CAAC;CACD,CAAC;AAEF,eAAe,MAAM,CAAC"}

package/plugins/security/rules/dangerously-set-inner-html.ts

@@ -0,0 +1,93 @@
+import {AST_NODE_TYPES, type TSESLint, type TSESTree} from '@typescript-eslint/utils';
+
+import {isSanitized} from '../helpers/dom-purify.js';
+
+type Messages = 'dangerousInnerHtml' | 'sanitize' | 'domPurify';
+type Context = TSESLint.RuleContext<Messages, []>;
+
+function isDangerouslySetInnerHTML( node: TSESTree.JSXAttribute ): boolean {
+	return (
+		'JSXAttribute' === node.type &&
+		'dangerouslySetInnerHTML' === node.name.name
+	);
+}
+
+function getDangerouslySetInnerHTMLValue( node: TSESTree.JSXAttribute ): null | TSESTree.Property['value'] {
+	// Expecting value like: {{ __html: expr }}
+	const val = node.value;
+	if ( null === val ) {
+		return null; // No value provided
+	}
+	if ( AST_NODE_TYPES.JSXExpressionContainer !== val.type ) {
+		return null;
+	}
+	const expr = val.expression;
+	if ( AST_NODE_TYPES.ObjectExpression !== expr.type ) {
+		return null;
+	}
+	const htmlProp = expr.properties.find( p => (
+		AST_NODE_TYPES.Property === p.type &&
+		(
+			( AST_NODE_TYPES.Identifier === p.key.type && '__html' === p.key.name ) ||
+			( AST_NODE_TYPES.Literal === p.key.type && '__html' === p.key.value )
+		)
+	) );
+	if ( undefined !== htmlProp && 'value' in htmlProp ) {
+		return htmlProp.value;
+	}
+	return null;
+}
+
+
+const plugin: TSESLint.RuleModule<Messages> = {
+	defaultOptions: [],
+	meta: {
+		type: 'problem',
+		hasSuggestions: true,
+		docs: {
+			description: 'Disallow using unsanitized values in dangerouslySetInnerHTML',
+		},
+		messages: {
+			dangerousInnerHtml: 'Any HTML passed to `dangerouslySetInnerHTML` gets executed. Please make sure it\'s properly escaped.',
+
+			// Suggestions
+			domPurify: 'Wrap the content with a `DOMPurify.sanitize()` call.',
+			sanitize: 'Wrap the content with a `sanitize()` call.',
+		},
+		schema: [],
+	},
+	create( context: Context ): TSESLint.RuleListener {
+		return {
+			JSXAttribute( node: TSESTree.JSXAttribute ) {
+				if ( ! isDangerouslySetInnerHTML( node ) ) {
+					return;
+				}
+				const htmlValue = getDangerouslySetInnerHTMLValue( node );
+				if ( null === htmlValue || isSanitized( htmlValue ) ) {
+					return;
+				}
+
+				context.report( {
+					node,
+					messageId: 'dangerousInnerHtml',
+					suggest: [
+						{
+							messageId: 'domPurify',
+							fix: ( fixer: TSESLint.RuleFixer ) => {
+								return fixer.replaceText( node, `dangerouslySetInnerHTML={{__html: DOMPurify.sanitize( ${context.sourceCode.getText( htmlValue )} )}}` );
+							},
+						},
+						{
+							messageId: 'sanitize',
+							fix: ( fixer: TSESLint.RuleFixer ) => {
+								return fixer.replaceText( node, `dangerouslySetInnerHTML={{__html: sanitize( ${context.sourceCode.getText( htmlValue )} )}}` );
+							},
+						},
+					],
+				} );
+			},
+		};
+	},
+};
+
+export default plugin;

package/plugins/security/rules/html-executing-assignment.js

@@ -66,3 +66,4 @@ const plugin = {
     },
 };
 export default plugin;
+//# sourceMappingURL=html-executing-assignment.js.map

package/plugins/security/rules/html-executing-assignment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"html-executing-assignment.js","sourceRoot":"","sources":["html-executing-assignment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAA+B,MAAM,0BAA0B,CAAC;AACtF,OAAO,EAAC,mBAAmB,EAAC,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAC,WAAW,EAAC,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAC,gBAAgB,EAAC,MAAM,uBAAuB,CAAC;AAOvD,MAAM,iBAAiB,GAAuB;IAC7C,WAAW;IACX,WAAW;CACX,CAAC;AAEF,SAAS,gBAAgB,CAAE,YAAoB;IAC9C,OAAO,iBAAiB,CAAC,QAAQ,CAAE,YAAgC,CAAE,CAAC;AACvE,CAAC;AAED,MAAM,MAAM,GAAkC;IAC7C,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACL,IAAI,EAAE;YACL,WAAW,EAAE,0EAA0E;SACvF;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACT,QAAQ,EAAE,wFAAwF;YAElG,cAAc;YACd,SAAS,EAAE,uDAAuD;YAClE,QAAQ,EAAE,6CAA6C;SACvD;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KACf;IACD,MAAM,CAAE,OAAgB;QACvB,OAAO;YACN,oBAAoB,CAAE,IAAmC;gBACxD,IAAK,cAAc,CAAC,gBAAgB,KAAK,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,cAAc,CAAC,UAAU,KAAK,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAG,CAAC;oBACnH,OAAO;gBACR,CAAC;gBACD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAC7C,IAAK,CAAE,gBAAgB,CAAE,YAAY,CAAE,EAAG,CAAC;oBAC1C,OAAO;gBACR,CAAC;gBACD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;gBACzB,IAAK,CAAE,mBAAmB,CAAE,KAAK,CAAE,IAAI,CAAE,WAAW,CAAE,KAAK,CAAE,IAAI,gBAAgB,CAAW,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAE,EAAG,CAAC;oBAC1H,OAAO,CAAC,MAAM,CAAE;wBACf,IAAI;wBACJ,SAAS,EAAE,UAAU;wBACrB,IAAI,EAAE;4BACL,YAAY;yBACZ;wBACD,OAAO,EAAE;4BACR;gCACC,SAAS,EAAE,WAAW;gCACtB,GAAG,EAAE,CAAE,KAAyB,EAAG,EAAE;oCACpC,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAE,KAAK,CAAE,CAAC;oCACtD,OAAO,KAAK,CAAC,WAAW,CAAE,KAAK,EAAE,uBAAuB,SAAS,IAAI,CAAE,CAAC;gCACzE,CAAC;6BACD;4BACD;gCACC,SAAS,EAAE,UAAU;gCACrB,GAAG,EAAE,CAAE,KAAyB,EAAG,EAAE;oCACpC,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAE,KAAK,CAAE,CAAC;oCACtD,OAAO,KAAK,CAAC,WAAW,CAAE,KAAK,EAAE,aAAa,SAAS,IAAI,CAAE,CAAC;gCAC/D,CAAC;6BACD;yBACD;qBACD,CAAE,CAAC;gBACL,CAAC;YACF,CAAC;SACD,CAAC;IACH,CAAC;CACD,CAAC;AAEF,eAAe,MAAM,CAAC"}

package/plugins/security/rules/html-executing-assignment.ts

@@ -0,0 +1,78 @@
+import {AST_NODE_TYPES, type TSESLint, type TSESTree} from '@typescript-eslint/utils';
+import {isSafeLiteralString} from '../helpers/string.js';
+import {isSanitized} from '../helpers/dom-purify.js';
+import {isDomElementType} from '../helpers/element.js';
+
+type UnsafeProperties = 'innerHTML' | 'outerHTML';
+
+type Messages = 'executed' | 'sanitize' | 'domPurify';
+type Context = TSESLint.RuleContext<Messages, []>;
+
+const UNSAFE_PROPERTIES: UnsafeProperties[] = [
+	'innerHTML',
+	'outerHTML',
+];
+
+function isUnsafeProperty( propertyName: string ): propertyName is UnsafeProperties {
+	return UNSAFE_PROPERTIES.includes( propertyName as UnsafeProperties );
+}
+
+const plugin: TSESLint.RuleModule<Messages> = {
+	defaultOptions: [],
+	meta: {
+		docs: {
+			description: 'Disallow using unsanitized values in HTML executing property assignments',
+		},
+		hasSuggestions: true,
+		messages: {
+			executed: 'Any HTML used with `{{propertyName}}` gets executed. Make sure it\'s properly escaped.',
+
+			// Suggestions
+			domPurify: 'Wrap the argument with a `DOMPurify.sanitize()` call.',
+			sanitize: 'Wrap the argument with a `sanitize()` call.',
+		},
+		schema: [],
+		type: 'problem',
+	},
+	create( context: Context ): TSESLint.RuleListener {
+		return {
+			AssignmentExpression( node: TSESTree.AssignmentExpression ) {
+				if ( AST_NODE_TYPES.MemberExpression !== node.left.type || AST_NODE_TYPES.Identifier !== node.left.property.type ) {
+					return;
+				}
+				const propertyName = node.left.property.name;
+				if ( ! isUnsafeProperty( propertyName ) ) {
+					return;
+				}
+				const value = node.right;
+				if ( ! isSafeLiteralString( value ) && ! isSanitized( value ) && isDomElementType<Context>( node.left.object, context ) ) {
+					context.report( {
+						node,
+						messageId: 'executed',
+						data: {
+							propertyName,
+						},
+						suggest: [
+							{
+								messageId: 'domPurify',
+								fix: ( fixer: TSESLint.RuleFixer ) => {
+									const valueText = context.sourceCode.getText( value );
+									return fixer.replaceText( value, `DOMPurify.sanitize( ${valueText} )` );
+								},
+							},
+							{
+								messageId: 'sanitize',
+								fix: ( fixer: TSESLint.RuleFixer ) => {
+									const valueText = context.sourceCode.getText( value );
+									return fixer.replaceText( value, `sanitize( ${valueText} )` );
+								},
+							},
+						],
+					} );
+				}
+			},
+		};
+	},
+};
+
+export default plugin;

package/plugins/security/rules/html-executing-function.js

@@ -129,3 +129,4 @@ const plugin = {
     },
 };
 export default plugin;
+//# sourceMappingURL=html-executing-function.js.map

package/plugins/security/rules/html-executing-function.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"html-executing-function.js","sourceRoot":"","sources":["html-executing-function.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAA+B,MAAM,0BAA0B,CAAC;AACtF,OAAO,EAAC,YAAY,EAAC,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAC,mBAAmB,EAAC,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAC,WAAW,EAAC,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAC,gBAAgB,EAAC,MAAM,uBAAuB,CAAC;AAkBvD,MAAM,gBAAgB,GAA6B;IAClD,gBAAgB;IAChB,kBAAkB;CAClB,CAAC;AAEF,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAe;IAChD,oBAAoB;IACpB,cAAc;CACd,CAAE,CAAC;AAEJ,MAAM,cAAc,GAAG;IACtB,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,oBAAoB,EAAE,SAAS,EAAE,aAAa,EAAE,cAAc;CACjD,CAAC;AAE5C,SAAS,gBAAgB,CAAE,UAAkB;IAC5C,OAAO,gBAAgB,CAAC,QAAQ,CAAE,UAAoC,CAAE,CAAC;AAC1E,CAAC;AAED,SAAS,cAAc,CAAE,UAAkB;IAC1C,OAAO,cAAc,CAAC,QAAQ,CAAE,UAAyB,CAAE,CAAC;AAC7D,CAAC;AAED,SAAS,iBAAiB,CAAE,UAAkB;IAC7C,OAAO,kBAAkB,CAAC,GAAG,CAAE,UAAyB,CAAE,CAAC;AAC5D,CAAC;AAGD,SAAS,eAAe,CAAE,IAA6B;IACtD,IAAI,UAAU,GAAG,EAAE,CAAC;IACpB,IAAK,cAAc,CAAC,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,EAAG,CAAC;QACtD,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;IAC/B,CAAC;SAAM,IAAK,cAAc,CAAC,gBAAgB,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,EAAG,CAAC;QACnE,IAAK,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAG,CAAC;YACpC,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;YACrC,IAAK,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAG,CAAC;gBACtC,UAAU,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC/C,CAAC;QACF,CAAC;aAAM,IAAK,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAG,CAAC;YAC7C,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QACxC,CAAC;IACF,CAAC;IACD,IAAK,gBAAgB,CAAE,UAAU,CAAE,EAAG,CAAC;QACtC,OAAO,UAAU,CAAC;IACnB,CAAC;IAED,OAAO,IAAI,CAAC;AACb,CAAC;AAGD,SAAS,oBAAoB,CAAE,IAA6B,EAAE,OAAgB;IAC7E,IAAK,cAAc,CAAC,gBAAgB,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,cAAc,CAAC,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAG,CAAC;QACvH,OAAO,IAAI,CAAC;IACb,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC7C,IAAK,CAAE,gBAAgB,CAAE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAE,EAAG,CAAC;QACzD,OAAO,IAAI,CAAC,CAAC,+CAA+C;IAC7D,CAAC;IAED,IAAK,CAAE,cAAc,CAAE,UAAU,CAAE,EAAG,CAAC;QACtC,OAAO,IAAI,CAAC;IACb,CAAC;IACD,IAAK,YAAY,CAAE,IAAI,CAAE,EAAG,CAAC;QAC5B,OAAO,IAAI,CAAC,CAAC,mCAAmC;IACjD,CAAC;IACD,OAAO,UAAU,CAAC;AACnB,CAAC;AAGD,MAAM,MAAM,GAAkC;IAC7C,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACL,IAAI,EAAE;YACL,WAAW,EAAE,kEAAkE;SAC/E;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACT,gBAAgB,EAAE,sFAAsF;YACxG,kBAAkB,EAAE,wFAAwF;YAC5G,KAAK,EAAE,6EAA6E;YACpF,MAAM,EAAE,8EAA8E;YACtF,MAAM,EAAE,8EAA8E;YACtF,kBAAkB,EAAE,0FAA0F;YAC9G,OAAO,EAAE,+EAA+E;YACxF,WAAW,EAAE,mFAAmF;YAChG,YAAY,EAAE,sFAAsF;YAEpG,cAAc;YACd,SAAS,EAAE,uDAAuD;YAClE,QAAQ,EAAE,6CAA6C;SACvD;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAEf;IACD,MAAM,CAAE,OAAgB;QACvB,OAAO;YACN,cAAc,CAAE,IAA6B;gBAC5C,IAAI,MAAmD,CAAC;gBACxD,MAAM,cAAc,GAAG,eAAe,CAAE,IAAI,CAAE,CAAC;gBAE/C,IAAK,IAAI,KAAK,cAAc,EAAG,CAAC;oBAC/B,MAAM,GAAG,cAAc,CAAC;gBACzB,CAAC;qBAAM,CAAC;oBACP,MAAM,GAAG,oBAAoB,CAAE,IAAI,EAAE,OAAO,CAAE,CAAC;oBAC/C,IAAK,IAAI,KAAK,MAAM,EAAG,CAAC;wBACvB,OAAO;oBACR,CAAC;gBACF,CAAC;gBAED,IAAI,GAAG,GAAoC,IAAI,CAAC,SAAS,CAAE,CAAC,CAAE,CAAC;gBAC/D,IAAK,iBAAiB,CAAE,MAAM,CAAE,EAAG,CAAC;oBACnC,GAAG,GAAG,IAAI,CAAC,SAAS,CAAE,CAAC,CAAE,CAAC;gBAC3B,CAAC;gBAED,IAAK,CAAE,mBAAmB,CAAE,GAAG,CAAE,IAAI,CAAE,WAAW,CAAE,GAAG,CAAE,IAAI,CAAE,gBAAgB,CAAW,GAAG,EAAE,OAAO,CAAE,EAAG,CAAC;oBAC3G,OAAO,CAAC,MAAM,CAAE;wBACf,IAAI;wBACJ,SAAS,EAAE,MAAM;wBACjB,OAAO,EAAE;4BACR;gCACC,SAAS,EAAE,WAAW;gCACtB,GAAG,EAAE,CAAE,KAAyB,EAAG,EAAE;oCACpC,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAE,GAAG,CAAE,CAAC;oCAClD,OAAO,KAAK,CAAC,WAAW,CAAE,GAAG,EAAE,uBAAuB,OAAO,IAAI,CAAE,CAAC;gCACrE,CAAC;6BACD;4BACD;gCACC,SAAS,EAAE,UAAU;gCACrB,GAAG,EAAE,CAAE,KAAyB,EAAG,EAAE;oCACpC,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAE,GAAG,CAAE,CAAC;oCAClD,OAAO,KAAK,CAAC,WAAW,CAAE,GAAG,EAAE,aAAa,OAAO,IAAI,CAAE,CAAC;gCAC3D,CAAC;6BACD;yBACD;qBACD,CAAE,CAAC;gBACL,CAAC;YACF,CAAC;SACD,CAAC;IACH,CAAC;CACD,CAAC;AAEF,eAAe,MAAM,CAAC"}