@seed-ship/mcp-ui-solid 5.2.0 → 5.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +50 -0
- package/dist/components/ElicitationForm.cjs +51 -0
- package/dist/components/ElicitationForm.cjs.map +1 -0
- package/dist/components/ElicitationForm.d.ts +68 -0
- package/dist/components/ElicitationForm.d.ts.map +1 -0
- package/dist/components/ElicitationForm.js +51 -0
- package/dist/components/ElicitationForm.js.map +1 -0
- package/dist/components/UIResourceRenderer.cjs +1 -1
- package/dist/components/UIResourceRenderer.js +1 -1
- package/dist/components/index.d.ts +2 -0
- package/dist/components/index.d.ts.map +1 -1
- package/dist/components.cjs +2 -0
- package/dist/components.cjs.map +1 -1
- package/dist/components.d.cts +2 -0
- package/dist/components.d.ts +2 -0
- package/dist/components.js +2 -0
- package/dist/components.js.map +1 -1
- package/dist/index.cjs +8 -0
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +4 -0
- package/dist/index.d.ts +4 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -0
- package/dist/index.js.map +1 -1
- package/dist/node_modules/.pnpm/{dompurify@3.3.3 → dompurify@3.4.1}/node_modules/dompurify/dist/purify.es.cjs +114 -53
- package/dist/node_modules/.pnpm/dompurify@3.4.1/node_modules/dompurify/dist/purify.es.cjs.map +1 -0
- package/dist/node_modules/.pnpm/{dompurify@3.3.3 → dompurify@3.4.1}/node_modules/dompurify/dist/purify.es.js +114 -53
- package/dist/node_modules/.pnpm/dompurify@3.4.1/node_modules/dompurify/dist/purify.es.js.map +1 -0
- package/dist/stores/server-capabilities-store.cjs +61 -0
- package/dist/stores/server-capabilities-store.cjs.map +1 -0
- package/dist/stores/server-capabilities-store.d.ts +172 -0
- package/dist/stores/server-capabilities-store.d.ts.map +1 -0
- package/dist/stores/server-capabilities-store.js +61 -0
- package/dist/stores/server-capabilities-store.js.map +1 -0
- package/docs/recipes/elicitation-pseudo-spec-adapter.md +171 -0
- package/docs/recipes/feedback-inline-wiring.md +142 -0
- package/package.json +2 -2
- package/src/components/ElicitationForm.test.tsx +197 -0
- package/src/components/ElicitationForm.tsx +126 -0
- package/src/components/index.ts +4 -0
- package/src/index.ts +16 -0
- package/src/stores/server-capabilities-store.test.tsx +206 -0
- package/src/stores/server-capabilities-store.tsx +215 -0
- package/tsconfig.tsbuildinfo +1 -1
- package/dist/node_modules/.pnpm/dompurify@3.3.3/node_modules/dompurify/dist/purify.es.cjs.map +0 -1
- package/dist/node_modules/.pnpm/dompurify@3.3.3/node_modules/dompurify/dist/purify.es.js.map +0 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @license DOMPurify 3.
|
|
1
|
+
/*! @license DOMPurify 3.4.1 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.4.1/LICENSE */
|
|
2
2
|
const {
|
|
3
3
|
entries,
|
|
4
4
|
setPrototypeOf,
|
|
@@ -46,13 +46,19 @@ const arrayLastIndexOf = unapply(Array.prototype.lastIndexOf);
|
|
|
46
46
|
const arrayPop = unapply(Array.prototype.pop);
|
|
47
47
|
const arrayPush = unapply(Array.prototype.push);
|
|
48
48
|
const arraySplice = unapply(Array.prototype.splice);
|
|
49
|
+
const arrayIsArray = Array.isArray;
|
|
49
50
|
const stringToLowerCase = unapply(String.prototype.toLowerCase);
|
|
50
51
|
const stringToString = unapply(String.prototype.toString);
|
|
51
52
|
const stringMatch = unapply(String.prototype.match);
|
|
52
53
|
const stringReplace = unapply(String.prototype.replace);
|
|
53
54
|
const stringIndexOf = unapply(String.prototype.indexOf);
|
|
54
55
|
const stringTrim = unapply(String.prototype.trim);
|
|
56
|
+
const numberToString = unapply(Number.prototype.toString);
|
|
57
|
+
const booleanToString = unapply(Boolean.prototype.toString);
|
|
58
|
+
const bigintToString = typeof BigInt === "undefined" ? null : unapply(BigInt.prototype.toString);
|
|
59
|
+
const symbolToString = typeof Symbol === "undefined" ? null : unapply(Symbol.prototype.toString);
|
|
55
60
|
const objectHasOwnProperty = unapply(Object.prototype.hasOwnProperty);
|
|
61
|
+
const objectToString = unapply(Object.prototype.toString);
|
|
56
62
|
const regExpTest = unapply(RegExp.prototype.test);
|
|
57
63
|
const typeErrorCreate = unconstruct(TypeError);
|
|
58
64
|
function unapply(func) {
|
|
@@ -79,6 +85,9 @@ function addToSet(set, array) {
|
|
|
79
85
|
if (setPrototypeOf) {
|
|
80
86
|
setPrototypeOf(set, null);
|
|
81
87
|
}
|
|
88
|
+
if (!arrayIsArray(array)) {
|
|
89
|
+
return set;
|
|
90
|
+
}
|
|
82
91
|
let l = array.length;
|
|
83
92
|
while (l--) {
|
|
84
93
|
let element = array[l];
|
|
@@ -109,7 +118,7 @@ function clone(object) {
|
|
|
109
118
|
for (const [property, value] of entries(object)) {
|
|
110
119
|
const isPropertyExist = objectHasOwnProperty(object, property);
|
|
111
120
|
if (isPropertyExist) {
|
|
112
|
-
if (
|
|
121
|
+
if (arrayIsArray(value)) {
|
|
113
122
|
newObject[property] = cleanArray(value);
|
|
114
123
|
} else if (value && typeof value === "object" && value.constructor === Object) {
|
|
115
124
|
newObject[property] = clone(value);
|
|
@@ -120,6 +129,44 @@ function clone(object) {
|
|
|
120
129
|
}
|
|
121
130
|
return newObject;
|
|
122
131
|
}
|
|
132
|
+
function stringifyValue(value) {
|
|
133
|
+
switch (typeof value) {
|
|
134
|
+
case "string": {
|
|
135
|
+
return value;
|
|
136
|
+
}
|
|
137
|
+
case "number": {
|
|
138
|
+
return numberToString(value);
|
|
139
|
+
}
|
|
140
|
+
case "boolean": {
|
|
141
|
+
return booleanToString(value);
|
|
142
|
+
}
|
|
143
|
+
case "bigint": {
|
|
144
|
+
return bigintToString ? bigintToString(value) : "0";
|
|
145
|
+
}
|
|
146
|
+
case "symbol": {
|
|
147
|
+
return symbolToString ? symbolToString(value) : "Symbol()";
|
|
148
|
+
}
|
|
149
|
+
case "undefined": {
|
|
150
|
+
return objectToString(value);
|
|
151
|
+
}
|
|
152
|
+
case "function":
|
|
153
|
+
case "object": {
|
|
154
|
+
if (value === null) {
|
|
155
|
+
return objectToString(value);
|
|
156
|
+
}
|
|
157
|
+
const valueAsRecord = value;
|
|
158
|
+
const valueToString = lookupGetter(valueAsRecord, "toString");
|
|
159
|
+
if (typeof valueToString === "function") {
|
|
160
|
+
const stringified = valueToString(valueAsRecord);
|
|
161
|
+
return typeof stringified === "string" ? stringified : objectToString(stringified);
|
|
162
|
+
}
|
|
163
|
+
return objectToString(value);
|
|
164
|
+
}
|
|
165
|
+
default: {
|
|
166
|
+
return objectToString(value);
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
}
|
|
123
170
|
function lookupGetter(object, prop) {
|
|
124
171
|
while (object !== null) {
|
|
125
172
|
const desc = getOwnPropertyDescriptor(object, prop);
|
|
@@ -138,6 +185,14 @@ function lookupGetter(object, prop) {
|
|
|
138
185
|
}
|
|
139
186
|
return fallbackValue;
|
|
140
187
|
}
|
|
188
|
+
function isRegex(value) {
|
|
189
|
+
try {
|
|
190
|
+
regExpTest(value, "");
|
|
191
|
+
return true;
|
|
192
|
+
} catch (_unused) {
|
|
193
|
+
return false;
|
|
194
|
+
}
|
|
195
|
+
}
|
|
141
196
|
const html$1 = freeze(["a", "abbr", "acronym", "address", "area", "article", "aside", "audio", "b", "bdi", "bdo", "big", "blink", "blockquote", "body", "br", "button", "canvas", "caption", "center", "cite", "code", "col", "colgroup", "content", "data", "datalist", "dd", "decorator", "del", "details", "dfn", "dialog", "dir", "div", "dl", "dt", "element", "em", "fieldset", "figcaption", "figure", "font", "footer", "form", "h1", "h2", "h3", "h4", "h5", "h6", "head", "header", "hgroup", "hr", "html", "i", "img", "input", "ins", "kbd", "label", "legend", "li", "main", "map", "mark", "marquee", "menu", "menuitem", "meter", "nav", "nobr", "ol", "optgroup", "option", "output", "p", "picture", "pre", "progress", "q", "rp", "rt", "ruby", "s", "samp", "search", "section", "select", "shadow", "slot", "small", "source", "spacer", "span", "strike", "strong", "style", "sub", "summary", "sup", "table", "tbody", "td", "template", "textarea", "tfoot", "th", "thead", "time", "tr", "track", "tt", "u", "ul", "var", "video", "wbr"]);
|
|
142
197
|
const svg$1 = freeze(["svg", "a", "altglyph", "altglyphdef", "altglyphitem", "animatecolor", "animatemotion", "animatetransform", "circle", "clippath", "defs", "desc", "ellipse", "enterkeyhint", "exportparts", "filter", "font", "g", "glyph", "glyphref", "hkern", "image", "inputmode", "line", "lineargradient", "marker", "mask", "metadata", "mpath", "part", "path", "pattern", "polygon", "polyline", "radialgradient", "rect", "stop", "style", "switch", "symbol", "text", "textpath", "title", "tref", "tspan", "view", "vkern"]);
|
|
143
198
|
const svgFilters = freeze(["feBlend", "feColorMatrix", "feComponentTransfer", "feComposite", "feConvolveMatrix", "feDiffuseLighting", "feDisplacementMap", "feDistantLight", "feDropShadow", "feFlood", "feFuncA", "feFuncB", "feFuncG", "feFuncR", "feGaussianBlur", "feImage", "feMerge", "feMergeNode", "feMorphology", "feOffset", "fePointLight", "feSpecularLighting", "feSpotLight", "feTile", "feTurbulence"]);
|
|
@@ -145,9 +200,9 @@ const svgDisallowed = freeze(["animate", "color-profile", "cursor", "discard", "
|
|
|
145
200
|
const mathMl$1 = freeze(["math", "menclose", "merror", "mfenced", "mfrac", "mglyph", "mi", "mlabeledtr", "mmultiscripts", "mn", "mo", "mover", "mpadded", "mphantom", "mroot", "mrow", "ms", "mspace", "msqrt", "mstyle", "msub", "msup", "msubsup", "mtable", "mtd", "mtext", "mtr", "munder", "munderover", "mprescripts"]);
|
|
146
201
|
const mathMlDisallowed = freeze(["maction", "maligngroup", "malignmark", "mlongdiv", "mscarries", "mscarry", "msgroup", "mstack", "msline", "msrow", "semantics", "annotation", "annotation-xml", "mprescripts", "none"]);
|
|
147
202
|
const text = freeze(["#text"]);
|
|
148
|
-
const html = freeze(["accept", "action", "align", "alt", "autocapitalize", "autocomplete", "autopictureinpicture", "autoplay", "background", "bgcolor", "border", "capture", "cellpadding", "cellspacing", "checked", "cite", "class", "clear", "color", "cols", "colspan", "controls", "controlslist", "coords", "crossorigin", "datetime", "decoding", "default", "dir", "disabled", "disablepictureinpicture", "disableremoteplayback", "download", "draggable", "enctype", "enterkeyhint", "exportparts", "face", "for", "headers", "height", "hidden", "high", "href", "hreflang", "id", "inert", "inputmode", "integrity", "ismap", "kind", "label", "lang", "list", "loading", "loop", "low", "max", "maxlength", "media", "method", "min", "minlength", "multiple", "muted", "name", "nonce", "noshade", "novalidate", "nowrap", "open", "optimum", "part", "pattern", "placeholder", "playsinline", "popover", "popovertarget", "popovertargetaction", "poster", "preload", "pubdate", "radiogroup", "readonly", "rel", "required", "rev", "reversed", "role", "rows", "rowspan", "spellcheck", "scope", "selected", "shape", "size", "sizes", "slot", "span", "srclang", "start", "src", "srcset", "step", "style", "summary", "tabindex", "title", "translate", "type", "usemap", "valign", "value", "width", "wrap", "xmlns"
|
|
203
|
+
const html = freeze(["accept", "action", "align", "alt", "autocapitalize", "autocomplete", "autopictureinpicture", "autoplay", "background", "bgcolor", "border", "capture", "cellpadding", "cellspacing", "checked", "cite", "class", "clear", "color", "cols", "colspan", "controls", "controlslist", "coords", "crossorigin", "datetime", "decoding", "default", "dir", "disabled", "disablepictureinpicture", "disableremoteplayback", "download", "draggable", "enctype", "enterkeyhint", "exportparts", "face", "for", "headers", "height", "hidden", "high", "href", "hreflang", "id", "inert", "inputmode", "integrity", "ismap", "kind", "label", "lang", "list", "loading", "loop", "low", "max", "maxlength", "media", "method", "min", "minlength", "multiple", "muted", "name", "nonce", "noshade", "novalidate", "nowrap", "open", "optimum", "part", "pattern", "placeholder", "playsinline", "popover", "popovertarget", "popovertargetaction", "poster", "preload", "pubdate", "radiogroup", "readonly", "rel", "required", "rev", "reversed", "role", "rows", "rowspan", "spellcheck", "scope", "selected", "shape", "size", "sizes", "slot", "span", "srclang", "start", "src", "srcset", "step", "style", "summary", "tabindex", "title", "translate", "type", "usemap", "valign", "value", "width", "wrap", "xmlns"]);
|
|
149
204
|
const svg = freeze(["accent-height", "accumulate", "additive", "alignment-baseline", "amplitude", "ascent", "attributename", "attributetype", "azimuth", "basefrequency", "baseline-shift", "begin", "bias", "by", "class", "clip", "clippathunits", "clip-path", "clip-rule", "color", "color-interpolation", "color-interpolation-filters", "color-profile", "color-rendering", "cx", "cy", "d", "dx", "dy", "diffuseconstant", "direction", "display", "divisor", "dur", "edgemode", "elevation", "end", "exponent", "fill", "fill-opacity", "fill-rule", "filter", "filterunits", "flood-color", "flood-opacity", "font-family", "font-size", "font-size-adjust", "font-stretch", "font-style", "font-variant", "font-weight", "fx", "fy", "g1", "g2", "glyph-name", "glyphref", "gradientunits", "gradienttransform", "height", "href", "id", "image-rendering", "in", "in2", "intercept", "k", "k1", "k2", "k3", "k4", "kerning", "keypoints", "keysplines", "keytimes", "lang", "lengthadjust", "letter-spacing", "kernelmatrix", "kernelunitlength", "lighting-color", "local", "marker-end", "marker-mid", "marker-start", "markerheight", "markerunits", "markerwidth", "maskcontentunits", "maskunits", "max", "mask", "mask-type", "media", "method", "mode", "min", "name", "numoctaves", "offset", "operator", "opacity", "order", "orient", "orientation", "origin", "overflow", "paint-order", "path", "pathlength", "patterncontentunits", "patterntransform", "patternunits", "points", "preservealpha", "preserveaspectratio", "primitiveunits", "r", "rx", "ry", "radius", "refx", "refy", "repeatcount", "repeatdur", "restart", "result", "rotate", "scale", "seed", "shape-rendering", "slope", "specularconstant", "specularexponent", "spreadmethod", "startoffset", "stddeviation", "stitchtiles", "stop-color", "stop-opacity", "stroke-dasharray", "stroke-dashoffset", "stroke-linecap", "stroke-linejoin", "stroke-miterlimit", "stroke-opacity", "stroke", "stroke-width", "style", "surfacescale", "systemlanguage", "tabindex", "tablevalues", "targetx", "targety", "transform", "transform-origin", "text-anchor", "text-decoration", "text-rendering", "textlength", "type", "u1", "u2", "unicode", "values", "viewbox", "visibility", "version", "vert-adv-y", "vert-origin-x", "vert-origin-y", "width", "word-spacing", "wrap", "writing-mode", "xchannelselector", "ychannelselector", "x", "x1", "x2", "xmlns", "y", "y1", "y2", "z", "zoomandpan"]);
|
|
150
|
-
const mathMl = freeze(["accent", "accentunder", "align", "bevelled", "close", "
|
|
205
|
+
const mathMl = freeze(["accent", "accentunder", "align", "bevelled", "close", "columnalign", "columnlines", "columnspacing", "columnspan", "denomalign", "depth", "dir", "display", "displaystyle", "encoding", "fence", "frame", "height", "href", "id", "largeop", "length", "linethickness", "lquote", "lspace", "mathbackground", "mathcolor", "mathsize", "mathvariant", "maxsize", "minsize", "movablelimits", "notation", "numalign", "open", "rowalign", "rowlines", "rowspacing", "rowspan", "rspace", "rquote", "scriptlevel", "scriptminsize", "scriptsizemultiplier", "selection", "separator", "separators", "stretchy", "subscriptshift", "supscriptshift", "symmetric", "voffset", "width", "xmlns"]);
|
|
151
206
|
const xml = freeze(["xlink:href", "xml:id", "xlink:title", "xml:space", "xmlns:xlink"]);
|
|
152
207
|
const MUSTACHE_EXPR = seal(/\{\{[\w\W]*|[\w\W]*\}\}/gm);
|
|
153
208
|
const ERB_EXPR = seal(/<%[\w\W]*|[\w\W]*%>/gm);
|
|
@@ -229,7 +284,7 @@ const _createHooksMap = function _createHooksMap2() {
|
|
|
229
284
|
function createDOMPurify() {
|
|
230
285
|
let window2 = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : getGlobal();
|
|
231
286
|
const DOMPurify = (root) => createDOMPurify(root);
|
|
232
|
-
DOMPurify.version = "3.
|
|
287
|
+
DOMPurify.version = "3.4.1";
|
|
233
288
|
DOMPurify.removed = [];
|
|
234
289
|
if (!window2 || !window2.document || window2.document.nodeType !== NODE_TYPE.document || !window2.Element) {
|
|
235
290
|
DOMPurify.isSupported = false;
|
|
@@ -384,15 +439,15 @@ function createDOMPurify() {
|
|
|
384
439
|
PARSER_MEDIA_TYPE = // eslint-disable-next-line unicorn/prefer-includes
|
|
385
440
|
SUPPORTED_PARSER_MEDIA_TYPES.indexOf(cfg.PARSER_MEDIA_TYPE) === -1 ? DEFAULT_PARSER_MEDIA_TYPE : cfg.PARSER_MEDIA_TYPE;
|
|
386
441
|
transformCaseFunc = PARSER_MEDIA_TYPE === "application/xhtml+xml" ? stringToString : stringToLowerCase;
|
|
387
|
-
ALLOWED_TAGS = objectHasOwnProperty(cfg, "ALLOWED_TAGS") ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc) : DEFAULT_ALLOWED_TAGS;
|
|
388
|
-
ALLOWED_ATTR = objectHasOwnProperty(cfg, "ALLOWED_ATTR") ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc) : DEFAULT_ALLOWED_ATTR;
|
|
389
|
-
ALLOWED_NAMESPACES = objectHasOwnProperty(cfg, "ALLOWED_NAMESPACES") ? addToSet({}, cfg.ALLOWED_NAMESPACES, stringToString) : DEFAULT_ALLOWED_NAMESPACES;
|
|
390
|
-
URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, "ADD_URI_SAFE_ATTR") ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), cfg.ADD_URI_SAFE_ATTR, transformCaseFunc) : DEFAULT_URI_SAFE_ATTRIBUTES;
|
|
391
|
-
DATA_URI_TAGS = objectHasOwnProperty(cfg, "ADD_DATA_URI_TAGS") ? addToSet(clone(DEFAULT_DATA_URI_TAGS), cfg.ADD_DATA_URI_TAGS, transformCaseFunc) : DEFAULT_DATA_URI_TAGS;
|
|
392
|
-
FORBID_CONTENTS = objectHasOwnProperty(cfg, "FORBID_CONTENTS") ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc) : DEFAULT_FORBID_CONTENTS;
|
|
393
|
-
FORBID_TAGS = objectHasOwnProperty(cfg, "FORBID_TAGS") ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) : clone({});
|
|
394
|
-
FORBID_ATTR = objectHasOwnProperty(cfg, "FORBID_ATTR") ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) : clone({});
|
|
395
|
-
USE_PROFILES = objectHasOwnProperty(cfg, "USE_PROFILES") ? cfg.USE_PROFILES : false;
|
|
442
|
+
ALLOWED_TAGS = objectHasOwnProperty(cfg, "ALLOWED_TAGS") && arrayIsArray(cfg.ALLOWED_TAGS) ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc) : DEFAULT_ALLOWED_TAGS;
|
|
443
|
+
ALLOWED_ATTR = objectHasOwnProperty(cfg, "ALLOWED_ATTR") && arrayIsArray(cfg.ALLOWED_ATTR) ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc) : DEFAULT_ALLOWED_ATTR;
|
|
444
|
+
ALLOWED_NAMESPACES = objectHasOwnProperty(cfg, "ALLOWED_NAMESPACES") && arrayIsArray(cfg.ALLOWED_NAMESPACES) ? addToSet({}, cfg.ALLOWED_NAMESPACES, stringToString) : DEFAULT_ALLOWED_NAMESPACES;
|
|
445
|
+
URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, "ADD_URI_SAFE_ATTR") && arrayIsArray(cfg.ADD_URI_SAFE_ATTR) ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), cfg.ADD_URI_SAFE_ATTR, transformCaseFunc) : DEFAULT_URI_SAFE_ATTRIBUTES;
|
|
446
|
+
DATA_URI_TAGS = objectHasOwnProperty(cfg, "ADD_DATA_URI_TAGS") && arrayIsArray(cfg.ADD_DATA_URI_TAGS) ? addToSet(clone(DEFAULT_DATA_URI_TAGS), cfg.ADD_DATA_URI_TAGS, transformCaseFunc) : DEFAULT_DATA_URI_TAGS;
|
|
447
|
+
FORBID_CONTENTS = objectHasOwnProperty(cfg, "FORBID_CONTENTS") && arrayIsArray(cfg.FORBID_CONTENTS) ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc) : DEFAULT_FORBID_CONTENTS;
|
|
448
|
+
FORBID_TAGS = objectHasOwnProperty(cfg, "FORBID_TAGS") && arrayIsArray(cfg.FORBID_TAGS) ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) : clone({});
|
|
449
|
+
FORBID_ATTR = objectHasOwnProperty(cfg, "FORBID_ATTR") && arrayIsArray(cfg.FORBID_ATTR) ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) : clone({});
|
|
450
|
+
USE_PROFILES = objectHasOwnProperty(cfg, "USE_PROFILES") ? cfg.USE_PROFILES && typeof cfg.USE_PROFILES === "object" ? clone(cfg.USE_PROFILES) : cfg.USE_PROFILES : false;
|
|
396
451
|
ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false;
|
|
397
452
|
ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false;
|
|
398
453
|
ALLOW_UNKNOWN_PROTOCOLS = cfg.ALLOW_UNKNOWN_PROTOCOLS || false;
|
|
@@ -408,19 +463,20 @@ function createDOMPurify() {
|
|
|
408
463
|
SANITIZE_NAMED_PROPS = cfg.SANITIZE_NAMED_PROPS || false;
|
|
409
464
|
KEEP_CONTENT = cfg.KEEP_CONTENT !== false;
|
|
410
465
|
IN_PLACE = cfg.IN_PLACE || false;
|
|
411
|
-
IS_ALLOWED_URI$1 = cfg.ALLOWED_URI_REGEXP
|
|
412
|
-
NAMESPACE = cfg.NAMESPACE
|
|
413
|
-
MATHML_TEXT_INTEGRATION_POINTS = cfg.MATHML_TEXT_INTEGRATION_POINTS
|
|
414
|
-
HTML_INTEGRATION_POINTS = cfg.HTML_INTEGRATION_POINTS
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
466
|
+
IS_ALLOWED_URI$1 = isRegex(cfg.ALLOWED_URI_REGEXP) ? cfg.ALLOWED_URI_REGEXP : IS_ALLOWED_URI;
|
|
467
|
+
NAMESPACE = typeof cfg.NAMESPACE === "string" ? cfg.NAMESPACE : HTML_NAMESPACE;
|
|
468
|
+
MATHML_TEXT_INTEGRATION_POINTS = objectHasOwnProperty(cfg, "MATHML_TEXT_INTEGRATION_POINTS") && cfg.MATHML_TEXT_INTEGRATION_POINTS && typeof cfg.MATHML_TEXT_INTEGRATION_POINTS === "object" ? clone(cfg.MATHML_TEXT_INTEGRATION_POINTS) : addToSet({}, ["mi", "mo", "mn", "ms", "mtext"]);
|
|
469
|
+
HTML_INTEGRATION_POINTS = objectHasOwnProperty(cfg, "HTML_INTEGRATION_POINTS") && cfg.HTML_INTEGRATION_POINTS && typeof cfg.HTML_INTEGRATION_POINTS === "object" ? clone(cfg.HTML_INTEGRATION_POINTS) : addToSet({}, ["annotation-xml"]);
|
|
470
|
+
const customElementHandling = objectHasOwnProperty(cfg, "CUSTOM_ELEMENT_HANDLING") && cfg.CUSTOM_ELEMENT_HANDLING && typeof cfg.CUSTOM_ELEMENT_HANDLING === "object" ? clone(cfg.CUSTOM_ELEMENT_HANDLING) : create(null);
|
|
471
|
+
CUSTOM_ELEMENT_HANDLING = create(null);
|
|
472
|
+
if (objectHasOwnProperty(customElementHandling, "tagNameCheck") && isRegexOrFunction(customElementHandling.tagNameCheck)) {
|
|
473
|
+
CUSTOM_ELEMENT_HANDLING.tagNameCheck = customElementHandling.tagNameCheck;
|
|
418
474
|
}
|
|
419
|
-
if (
|
|
420
|
-
CUSTOM_ELEMENT_HANDLING.attributeNameCheck =
|
|
475
|
+
if (objectHasOwnProperty(customElementHandling, "attributeNameCheck") && isRegexOrFunction(customElementHandling.attributeNameCheck)) {
|
|
476
|
+
CUSTOM_ELEMENT_HANDLING.attributeNameCheck = customElementHandling.attributeNameCheck;
|
|
421
477
|
}
|
|
422
|
-
if (
|
|
423
|
-
CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements =
|
|
478
|
+
if (objectHasOwnProperty(customElementHandling, "allowCustomizedBuiltInElements") && typeof customElementHandling.allowCustomizedBuiltInElements === "boolean") {
|
|
479
|
+
CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements = customElementHandling.allowCustomizedBuiltInElements;
|
|
424
480
|
}
|
|
425
481
|
if (SAFE_FOR_TEMPLATES) {
|
|
426
482
|
ALLOW_DATA_ATTR = false;
|
|
@@ -451,42 +507,38 @@ function createDOMPurify() {
|
|
|
451
507
|
addToSet(ALLOWED_ATTR, xml);
|
|
452
508
|
}
|
|
453
509
|
}
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
if (!objectHasOwnProperty(cfg, "ADD_ATTR")) {
|
|
458
|
-
EXTRA_ELEMENT_HANDLING.attributeCheck = null;
|
|
459
|
-
}
|
|
460
|
-
if (cfg.ADD_TAGS) {
|
|
510
|
+
EXTRA_ELEMENT_HANDLING.tagCheck = null;
|
|
511
|
+
EXTRA_ELEMENT_HANDLING.attributeCheck = null;
|
|
512
|
+
if (objectHasOwnProperty(cfg, "ADD_TAGS")) {
|
|
461
513
|
if (typeof cfg.ADD_TAGS === "function") {
|
|
462
514
|
EXTRA_ELEMENT_HANDLING.tagCheck = cfg.ADD_TAGS;
|
|
463
|
-
} else {
|
|
515
|
+
} else if (arrayIsArray(cfg.ADD_TAGS)) {
|
|
464
516
|
if (ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) {
|
|
465
517
|
ALLOWED_TAGS = clone(ALLOWED_TAGS);
|
|
466
518
|
}
|
|
467
519
|
addToSet(ALLOWED_TAGS, cfg.ADD_TAGS, transformCaseFunc);
|
|
468
520
|
}
|
|
469
521
|
}
|
|
470
|
-
if (cfg
|
|
522
|
+
if (objectHasOwnProperty(cfg, "ADD_ATTR")) {
|
|
471
523
|
if (typeof cfg.ADD_ATTR === "function") {
|
|
472
524
|
EXTRA_ELEMENT_HANDLING.attributeCheck = cfg.ADD_ATTR;
|
|
473
|
-
} else {
|
|
525
|
+
} else if (arrayIsArray(cfg.ADD_ATTR)) {
|
|
474
526
|
if (ALLOWED_ATTR === DEFAULT_ALLOWED_ATTR) {
|
|
475
527
|
ALLOWED_ATTR = clone(ALLOWED_ATTR);
|
|
476
528
|
}
|
|
477
529
|
addToSet(ALLOWED_ATTR, cfg.ADD_ATTR, transformCaseFunc);
|
|
478
530
|
}
|
|
479
531
|
}
|
|
480
|
-
if (cfg.ADD_URI_SAFE_ATTR) {
|
|
532
|
+
if (objectHasOwnProperty(cfg, "ADD_URI_SAFE_ATTR") && arrayIsArray(cfg.ADD_URI_SAFE_ATTR)) {
|
|
481
533
|
addToSet(URI_SAFE_ATTRIBUTES, cfg.ADD_URI_SAFE_ATTR, transformCaseFunc);
|
|
482
534
|
}
|
|
483
|
-
if (cfg.FORBID_CONTENTS) {
|
|
535
|
+
if (objectHasOwnProperty(cfg, "FORBID_CONTENTS") && arrayIsArray(cfg.FORBID_CONTENTS)) {
|
|
484
536
|
if (FORBID_CONTENTS === DEFAULT_FORBID_CONTENTS) {
|
|
485
537
|
FORBID_CONTENTS = clone(FORBID_CONTENTS);
|
|
486
538
|
}
|
|
487
539
|
addToSet(FORBID_CONTENTS, cfg.FORBID_CONTENTS, transformCaseFunc);
|
|
488
540
|
}
|
|
489
|
-
if (cfg.ADD_FORBID_CONTENTS) {
|
|
541
|
+
if (objectHasOwnProperty(cfg, "ADD_FORBID_CONTENTS") && arrayIsArray(cfg.ADD_FORBID_CONTENTS)) {
|
|
490
542
|
if (FORBID_CONTENTS === DEFAULT_FORBID_CONTENTS) {
|
|
491
543
|
FORBID_CONTENTS = clone(FORBID_CONTENTS);
|
|
492
544
|
}
|
|
@@ -679,6 +731,10 @@ function createDOMPurify() {
|
|
|
679
731
|
_forceRemove(currentNode);
|
|
680
732
|
return true;
|
|
681
733
|
}
|
|
734
|
+
if (SAFE_FOR_XML && currentNode.namespaceURI === HTML_NAMESPACE && tagName === "style" && _isNode(currentNode.firstElementChild)) {
|
|
735
|
+
_forceRemove(currentNode);
|
|
736
|
+
return true;
|
|
737
|
+
}
|
|
682
738
|
if (currentNode.nodeType === NODE_TYPE.progressingInstruction) {
|
|
683
739
|
_forceRemove(currentNode);
|
|
684
740
|
return true;
|
|
@@ -687,7 +743,7 @@ function createDOMPurify() {
|
|
|
687
743
|
_forceRemove(currentNode);
|
|
688
744
|
return true;
|
|
689
745
|
}
|
|
690
|
-
if (!(EXTRA_ELEMENT_HANDLING.tagCheck instanceof Function && EXTRA_ELEMENT_HANDLING.tagCheck(tagName)) &&
|
|
746
|
+
if (FORBID_TAGS[tagName] || !(EXTRA_ELEMENT_HANDLING.tagCheck instanceof Function && EXTRA_ELEMENT_HANDLING.tagCheck(tagName)) && !ALLOWED_TAGS[tagName]) {
|
|
691
747
|
if (!FORBID_TAGS[tagName] && _isBasicCustomElement(tagName)) {
|
|
692
748
|
if (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, tagName)) {
|
|
693
749
|
return false;
|
|
@@ -703,7 +759,6 @@ function createDOMPurify() {
|
|
|
703
759
|
const childCount = childNodes.length;
|
|
704
760
|
for (let i = childCount - 1; i >= 0; --i) {
|
|
705
761
|
const childClone = cloneNode(childNodes[i], true);
|
|
706
|
-
childClone.__removalCount = (currentNode.__removalCount || 0) + 1;
|
|
707
762
|
parentNode.insertBefore(childClone, getNextSibling(currentNode));
|
|
708
763
|
}
|
|
709
764
|
}
|
|
@@ -765,8 +820,9 @@ function createDOMPurify() {
|
|
|
765
820
|
} else ;
|
|
766
821
|
return true;
|
|
767
822
|
};
|
|
823
|
+
const RESERVED_CUSTOM_ELEMENT_NAMES = addToSet({}, ["annotation-xml", "color-profile", "font-face", "font-face-format", "font-face-name", "font-face-src", "font-face-uri", "missing-glyph"]);
|
|
768
824
|
const _isBasicCustomElement = function _isBasicCustomElement2(tagName) {
|
|
769
|
-
return tagName
|
|
825
|
+
return !RESERVED_CUSTOM_ELEMENT_NAMES[stringToLowerCase(tagName)] && regExpTest(CUSTOM_ELEMENT2, tagName);
|
|
770
826
|
};
|
|
771
827
|
const _sanitizeAttributes = function _sanitizeAttributes2(currentNode) {
|
|
772
828
|
_executeHooks(hooks.beforeSanitizeAttributes, currentNode, null);
|
|
@@ -800,7 +856,7 @@ function createDOMPurify() {
|
|
|
800
856
|
hookEvent.forceKeepAttr = void 0;
|
|
801
857
|
_executeHooks(hooks.uponSanitizeAttribute, currentNode, hookEvent);
|
|
802
858
|
value = hookEvent.attrValue;
|
|
803
|
-
if (SANITIZE_NAMED_PROPS && (lcName === "id" || lcName === "name")) {
|
|
859
|
+
if (SANITIZE_NAMED_PROPS && (lcName === "id" || lcName === "name") && stringIndexOf(value, SANITIZE_NAMED_PROPS_PREFIX) !== 0) {
|
|
804
860
|
_removeAttribute(name, currentNode);
|
|
805
861
|
value = SANITIZE_NAMED_PROPS_PREFIX + value;
|
|
806
862
|
}
|
|
@@ -867,7 +923,7 @@ function createDOMPurify() {
|
|
|
867
923
|
}
|
|
868
924
|
_executeHooks(hooks.afterSanitizeAttributes, currentNode, null);
|
|
869
925
|
};
|
|
870
|
-
const
|
|
926
|
+
const _sanitizeShadowDOM2 = function _sanitizeShadowDOM(fragment) {
|
|
871
927
|
let shadowNode = null;
|
|
872
928
|
const shadowIterator = _createNodeIterator(fragment);
|
|
873
929
|
_executeHooks(hooks.beforeSanitizeShadowDOM, fragment, null);
|
|
@@ -892,13 +948,9 @@ function createDOMPurify() {
|
|
|
892
948
|
dirty = "<!-->";
|
|
893
949
|
}
|
|
894
950
|
if (typeof dirty !== "string" && !_isNode(dirty)) {
|
|
895
|
-
|
|
896
|
-
|
|
897
|
-
|
|
898
|
-
throw typeErrorCreate("dirty is not a string, aborting");
|
|
899
|
-
}
|
|
900
|
-
} else {
|
|
901
|
-
throw typeErrorCreate("toString is not a function");
|
|
951
|
+
dirty = stringifyValue(dirty);
|
|
952
|
+
if (typeof dirty !== "string") {
|
|
953
|
+
throw typeErrorCreate("dirty is not a string, aborting");
|
|
902
954
|
}
|
|
903
955
|
}
|
|
904
956
|
if (!DOMPurify.isSupported) {
|
|
@@ -912,8 +964,9 @@ function createDOMPurify() {
|
|
|
912
964
|
IN_PLACE = false;
|
|
913
965
|
}
|
|
914
966
|
if (IN_PLACE) {
|
|
915
|
-
|
|
916
|
-
|
|
967
|
+
const nn = dirty.nodeName;
|
|
968
|
+
if (typeof nn === "string") {
|
|
969
|
+
const tagName = transformCaseFunc(nn);
|
|
917
970
|
if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {
|
|
918
971
|
throw typeErrorCreate("root node is forbidden and cannot be sanitized in-place");
|
|
919
972
|
}
|
|
@@ -946,13 +999,21 @@ function createDOMPurify() {
|
|
|
946
999
|
_sanitizeElements(currentNode);
|
|
947
1000
|
_sanitizeAttributes(currentNode);
|
|
948
1001
|
if (currentNode.content instanceof DocumentFragment) {
|
|
949
|
-
|
|
1002
|
+
_sanitizeShadowDOM2(currentNode.content);
|
|
950
1003
|
}
|
|
951
1004
|
}
|
|
952
1005
|
if (IN_PLACE) {
|
|
953
1006
|
return dirty;
|
|
954
1007
|
}
|
|
955
1008
|
if (RETURN_DOM) {
|
|
1009
|
+
if (SAFE_FOR_TEMPLATES) {
|
|
1010
|
+
body.normalize();
|
|
1011
|
+
let html2 = body.innerHTML;
|
|
1012
|
+
arrayForEach([MUSTACHE_EXPR2, ERB_EXPR2, TMPLIT_EXPR2], (expr) => {
|
|
1013
|
+
html2 = stringReplace(html2, expr, " ");
|
|
1014
|
+
});
|
|
1015
|
+
body.innerHTML = html2;
|
|
1016
|
+
}
|
|
956
1017
|
if (RETURN_DOM_FRAGMENT) {
|
|
957
1018
|
returnNode = createDocumentFragment.call(body.ownerDocument);
|
|
958
1019
|
while (body.firstChild) {
|