dompurify 0.8.6 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -1
- package/dist/purify.min.js +1 -1
- package/dist/purify.min.js.map +1 -1
- package/package.json +1 -1
- package/src/purify.js +96 -15
package/README.md
CHANGED
|
@@ -8,7 +8,7 @@ It's also very simple to use and get started with.
|
|
|
8
8
|
|
|
9
9
|
DOMPurify is written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Edge, Firefox and Chrome - as well as almost anything else using Blink or WebKit). It doesn't break on IE6 or other legacy browsers. It either uses [a fall-back](#what-about-older-browsers-like-msie8) or simply does nothing.
|
|
10
10
|
|
|
11
|
-
Our automated tests cover [
|
|
11
|
+
Our automated tests cover [16 different browsers](https://github.com/cure53/DOMPurify/blob/master/test/karma.conf.js#L185) right now. We also cover Node.js v4.0.0, v5.0.0 and v6.0.0, running DOMPurify on [jsdom](https://github.com/tmpvar/jsdom).
|
|
12
12
|
|
|
13
13
|
DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not. For more details please also read about our [Security Goals & Threat Model](https://github.com/cure53/DOMPurify/wiki/Security-Goals-&-Threat-Model)
|
|
14
14
|
|
|
@@ -166,6 +166,10 @@ var clean = DOMPurify.sanitize(dirty, {FORCE_BODY: true});
|
|
|
166
166
|
```
|
|
167
167
|
There is even [more examples here](https://github.com/cure53/DOMPurify/tree/master/demos#what-is-this), showing how you can run, customize and configure DOMPurify to fit your needs.
|
|
168
168
|
|
|
169
|
+
## Persistent Configuration
|
|
170
|
+
|
|
171
|
+
Instead of repeatedly passing the same configuration to `DOMPurify.sanitize`, you can use the `DOMPurify.setConfig` method. Your configuration will persist until your next call to `DOMPurify.setConfig`, or until you invoke `DOMPurify.clearConfig` to reset it. Remember that there is only one active configuration, which means once it is set, all extra configuration parameters passed to `DOMPurify.sanitize` are ignored.
|
|
172
|
+
|
|
169
173
|
## Hooks
|
|
170
174
|
|
|
171
175
|
DOMPurify allows you to augment its functionality by attaching one or more functions with the `DOMPurify.addHook` method to one of the following hooks:
|
package/dist/purify.min.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
(function(e){"use strict";var t=typeof window==="undefined"?null:window;if(typeof define==="function"&&define.amd){define(function(){return e(t)})}else if(typeof module!=="undefined"){module.exports=e(t)}else{t.DOMPurify=e(t)}})(function e(t){"use strict";var r=function(t){return e(t)};r.version="0.8.6";r.removed=[];if(!t||!t.document||t.document.nodeType!==9){r.isSupported=false;return r}var n=t.document;var a=n;var i=t.DocumentFragment;var o=t.HTMLTemplateElement;var l=t.Node;var s=t.NodeFilter;var f=t.NamedNodeMap||t.MozNamedAttrMap;var c=t.Text;var u=t.Comment;if(typeof o==="function"){var d=n.createElement("template");if(d.content&&d.content.ownerDocument){n=d.content.ownerDocument}}var m=n.implementation;var p=n.createNodeIterator;var v=n.getElementsByTagName;var h=n.createDocumentFragment;var g=a.importNode;var y={};r.isSupported=typeof m.createHTMLDocument!=="undefined"&&n.documentMode!==9;var T=function(e,t){var r=t.length;while(r--){if(typeof t[r]==="string"){t[r]=t[r].toLowerCase()}e[t[r]]=true}return e};var b=function(e){var t={};var r;for(r in e){if(e.hasOwnProperty(r)){t[r]=e[r]}}return t};var A=null;var x=T({},["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr","svg","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","switch","symbol","text","textpath","title","tref","tspan","view","vkern","feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","feSpecularLighting","feTile","feTurbulence","math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmuliscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mpspace","msqrt","mystyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover","#text"]);var k=null;var w=T({},["accept","action","align","alt","autocomplete","background","bgcolor","border","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","coords","datetime","default","dir","disabled","download","enctype","face","for","headers","height","hidden","high","href","hreflang","id","ismap","label","lang","list","loop","low","max","maxlength","media","method","min","multiple","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","span","srclang","start","src","step","style","summary","tabindex","title","type","usemap","valign","value","width","xmlns","accent-height","accumulate","additivive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","clip","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","mode","min","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","surfacescale","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","u1","u2","unicode","values","viewbox","visibility","vert-adv-y","vert-origin-x","vert-origin-y","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","y","y1","y2","z","zoomandpan","accent","accentunder","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","display","displaystyle","fence","frame","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]);var E=null;var N=null;var O=true;var S=true;var D=false;var L=false;var M=false;var _=/\{\{[\s\S]*|[\s\S]*\}\}/gm;var C=/<%[\s\S]*|[\s\S]*%>/gm;var R=false;var z=false;var F=false;var H=false;var I=false;var B=true;var j=true;var W=T({},["audio","head","math","script","style","svg","video"]);var G=T({},["audio","video","img","source","image"]);var U=T({},["alt","class","for","id","label","name","pattern","placeholder","summary","title","value","style","xmlns"]);var q=null;var P=n.createElement("form");var V=function(e){if(typeof e!=="object"){e={}}A="ALLOWED_TAGS"in e?T({},e.ALLOWED_TAGS):x;k="ALLOWED_ATTR"in e?T({},e.ALLOWED_ATTR):w;E="FORBID_TAGS"in e?T({},e.FORBID_TAGS):{};N="FORBID_ATTR"in e?T({},e.FORBID_ATTR):{};O=e.ALLOW_ARIA_ATTR!==false;S=e.ALLOW_DATA_ATTR!==false;D=e.ALLOW_UNKNOWN_PROTOCOLS||false;L=e.SAFE_FOR_JQUERY||false;M=e.SAFE_FOR_TEMPLATES||false;R=e.WHOLE_DOCUMENT||false;F=e.RETURN_DOM||false;H=e.RETURN_DOM_FRAGMENT||false;I=e.RETURN_DOM_IMPORT||false;z=e.FORCE_BODY||false;B=e.SANITIZE_DOM!==false;j=e.KEEP_CONTENT!==false;if(M){S=false}if(H){F=true}if(e.ADD_TAGS){if(A===x){A=b(A)}T(A,e.ADD_TAGS)}if(e.ADD_ATTR){if(k===w){k=b(k)}T(k,e.ADD_ATTR)}if(e.ADD_URI_SAFE_ATTR){T(U,e.ADD_URI_SAFE_ATTR)}if(j){A["#text"]=true}if(Object&&"freeze"in Object){Object.freeze(e)}q=e};var Y=function(e){r.removed.push({element:e});try{e.parentNode.removeChild(e)}catch(t){e.outerHTML=""}};var K=function(e,t){r.removed.push({attribute:t.getAttributeNode(e),from:t});t.removeAttribute(e)};var $=function(e){var t,r;if(z){e="<remove></remove>"+e}if(!t||!t.documentElement){t=m.createHTMLDocument("");r=t.body;r.parentNode.removeChild(r.parentNode.firstElementChild);r.outerHTML=e}if(typeof t.getElementsByTagName==="function"){return t.getElementsByTagName(R?"html":"body")[0]}return v.call(t,R?"html":"body")[0]};var J=function(e){return p.call(e.ownerDocument||e,e,s.SHOW_ELEMENT|s.SHOW_COMMENT|s.SHOW_TEXT,function(){return s.FILTER_ACCEPT},false)};var Q=function(e){if(e instanceof c||e instanceof u){return false}if(typeof e.nodeName!=="string"||typeof e.textContent!=="string"||typeof e.removeChild!=="function"||!(e.attributes instanceof f)||typeof e.removeAttribute!=="function"||typeof e.setAttribute!=="function"){return true}return false};var X=function(e){return typeof l==="object"?e instanceof l:e&&typeof e==="object"&&typeof e.nodeType==="number"&&typeof e.nodeName==="string"};var Z=function(e){var t,n;le("beforeSanitizeElements",e,null);if(Q(e)){Y(e);return true}t=e.nodeName.toLowerCase();le("uponSanitizeElement",e,{tagName:t,allowedTags:A});if(!A[t]||E[t]){if(j&&!W[t]&&typeof e.insertAdjacentHTML==="function"){try{e.insertAdjacentHTML("AfterEnd",e.innerHTML)}catch(a){}}Y(e);return true}if(L&&!e.firstElementChild&&(!e.content||!e.content.firstElementChild)&&/</g.test(e.textContent)){r.removed.push({element:e.cloneNode()});e.innerHTML=e.textContent.replace(/</g,"<")}if(M&&e.nodeType===3){n=e.textContent;n=n.replace(_," ");n=n.replace(C," ");if(e.textContent!==n){r.removed.push({element:e.cloneNode()});e.textContent=n}}le("afterSanitizeElements",e,null);return false};var ee=/^data-[\-\w.\u00B7-\uFFFF]/;var te=/^aria-[\-\w]+$/;var re=/^(?:(?:(?:f|ht)tps?|mailto|tel):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i;var ne=/^(?:\w+script|data):/i;var ae=/[\x00-\x20\xA0\u1680\u180E\u2000-\u2029\u205f\u3000]/g;var ie=function(e){var a,i,o,l,s,f,c,u;le("beforeSanitizeAttributes",e,null);f=e.attributes;if(!f){return}c={attrName:"",attrValue:"",keepAttr:true,allowedAttributes:k};u=f.length;while(u--){a=f[u];i=a.name;o=a.value.trim();l=i.toLowerCase();c.attrName=l;c.attrValue=o;c.keepAttr=true;le("uponSanitizeAttribute",e,c);o=c.attrValue;if(l==="name"&&e.nodeName==="IMG"&&f.id){s=f.id;f=Array.prototype.slice.apply(f);K("id",e);K(i,e);if(f.indexOf(s)>u){e.setAttribute("id",s.value)}}else if(e.nodeName==="INPUT"&&l==="type"&&o==="file"&&(k[l]||!N[l])){continue}else{if(i==="id"){e.setAttribute(i,"")}K(i,e)}if(!c.keepAttr){continue}if(B&&(l==="id"||l==="name")&&(o in t||o in n||o in P)){continue}if(M){o=o.replace(_," ");o=o.replace(C," ")}if(S&&ee.test(l)){}else if(O&&te.test(l)){}else if(!k[l]||N[l]){continue}else if(U[l]){}else if(re.test(o.replace(ae,""))){}else if((l==="src"||l==="xlink:href")&&o.indexOf("data:")===0&&G[e.nodeName.toLowerCase()]){}else if(D&&!ne.test(o.replace(ae,""))){}else if(!o){}else{continue}try{e.setAttribute(i,o);r.removed.pop()}catch(d){}}le("afterSanitizeAttributes",e,null)};var oe=function(e){var t;var r=J(e);le("beforeSanitizeShadowDOM",e,null);while(t=r.nextNode()){le("uponSanitizeShadowNode",t,null);if(Z(t)){continue}if(t.content instanceof i){oe(t.content)}ie(t)}le("afterSanitizeShadowDOM",e,null)};var le=function(e,t,n){if(!y[e]){return}y[e].forEach(function(e){e.call(r,t,n,q)})};r.sanitize=function(e,n){var o,s,f,c,u,d;if(!e){e="<!-->"}if(typeof e!=="string"&&!X(e)){if(typeof e.toString!=="function"){throw new TypeError("toString is not a function")}else{e=e.toString()}}if(!r.isSupported){if(typeof t.toStaticHTML==="object"||typeof t.toStaticHTML==="function"){if(typeof e==="string"){return t.toStaticHTML(e)}else if(X(e)){return t.toStaticHTML(e.outerHTML)}}return e}V(n);r.removed=[];if(e instanceof l){o=$("<!-->");s=o.ownerDocument.importNode(e,true);if(s.nodeType===1&&s.nodeName==="BODY"){o=s}else{o.appendChild(s)}}else{if(!F&&!R&&e.indexOf("<")===-1){return e}o=$(e);if(!o){return F?null:""}}if(z){Y(o.firstChild)}u=J(o);while(f=u.nextNode()){if(f.nodeType===3&&f===c){continue}if(Z(f)){continue}if(f.content instanceof i){oe(f.content)}ie(f);c=f}if(F){if(H){d=h.call(o.ownerDocument);while(o.firstChild){d.appendChild(o.firstChild)}}else{d=o}if(I){d=g.call(a,d,true)}return d}return R?o.outerHTML:o.innerHTML};r.addHook=function(e,t){if(typeof t!=="function"){return}y[e]=y[e]||[];y[e].push(t)};r.removeHook=function(e){if(y[e]){y[e].pop()}};r.removeHooks=function(e){if(y[e]){y[e]=[]}};r.removeAllHooks=function(){y={}};return r});
|
|
1
|
+
(function(e){"use strict";var t=typeof window==="undefined"?null:window;if(typeof define==="function"&&define.amd){define(function(){return e(t)})}else if(typeof module!=="undefined"){module.exports=e(t)}else{t.DOMPurify=e(t)}})(function e(t){"use strict";var r=function(t){return e(t)};r.version="0.9.0";r.removed=[];if(!t||!t.document||t.document.nodeType!==9){r.isSupported=false;return r}var n=t.document;var a=n;var i=t.DocumentFragment;var o=t.HTMLTemplateElement;var l=t.Node;var s=t.NodeFilter;var f=t.NamedNodeMap||t.MozNamedAttrMap;var c=t.Text;var u=t.Comment;var d=t.DOMParser;var m=t.XMLHttpRequest;var p=t.encodeURI;var v=false;var h=false;if(typeof o==="function"){var g=n.createElement("template");if(g.content&&g.content.ownerDocument){n=g.content.ownerDocument}}var y=n.implementation;var T=n.createNodeIterator;var b=n.getElementsByTagName;var A=n.createDocumentFragment;var x=a.importNode;var k={};r.isSupported=typeof y.createHTMLDocument!=="undefined"&&n.documentMode!==9;var w=function(e,t){var r=t.length;while(r--){if(typeof t[r]==="string"){t[r]=t[r].toLowerCase()}e[t[r]]=true}return e};var S=function(e){var t={};var r;for(r in e){if(e.hasOwnProperty(r)){t[r]=e[r]}}return t};var E=null;var N=w({},["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr","svg","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","switch","symbol","text","textpath","title","tref","tspan","view","vkern","feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","feSpecularLighting","feTile","feTurbulence","math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmuliscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mpspace","msqrt","mystyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover","#text"]);var O=null;var D=w({},["accept","action","align","alt","autocomplete","background","bgcolor","border","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","coords","datetime","default","dir","disabled","download","enctype","face","for","headers","height","hidden","high","href","hreflang","id","ismap","label","lang","list","loop","low","max","maxlength","media","method","min","multiple","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","span","srclang","start","src","step","style","summary","tabindex","title","type","usemap","valign","value","width","xmlns","accent-height","accumulate","additivive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","clip","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","mode","min","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","surfacescale","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","u1","u2","unicode","values","viewbox","visibility","vert-adv-y","vert-origin-x","vert-origin-y","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","y","y1","y2","z","zoomandpan","accent","accentunder","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","display","displaystyle","fence","frame","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]);var M=null;var L=null;var _=true;var C=true;var R=false;var z=false;var F=false;var H=/\{\{[\s\S]*|[\s\S]*\}\}/gm;var I=/<%[\s\S]*|[\s\S]*%>/gm;var j=false;var W=false;var q=false;var B=false;var G=false;var U=false;var P=true;var V=true;var Y=w({},["audio","head","math","script","style","template","svg","video"]);var K=w({},["audio","video","img","source","image"]);var X=w({},["alt","class","for","id","label","name","pattern","placeholder","summary","title","value","style","xmlns"]);var $=null;var J=n.createElement("form");var Q=function(e){if(typeof e!=="object"){e={}}E="ALLOWED_TAGS"in e?w({},e.ALLOWED_TAGS):N;O="ALLOWED_ATTR"in e?w({},e.ALLOWED_ATTR):D;M="FORBID_TAGS"in e?w({},e.FORBID_TAGS):{};L="FORBID_ATTR"in e?w({},e.FORBID_ATTR):{};_=e.ALLOW_ARIA_ATTR!==false;C=e.ALLOW_DATA_ATTR!==false;R=e.ALLOW_UNKNOWN_PROTOCOLS||false;z=e.SAFE_FOR_JQUERY||false;F=e.SAFE_FOR_TEMPLATES||false;j=e.WHOLE_DOCUMENT||false;B=e.RETURN_DOM||false;G=e.RETURN_DOM_FRAGMENT||false;U=e.RETURN_DOM_IMPORT||false;q=e.FORCE_BODY||false;P=e.SANITIZE_DOM!==false;V=e.KEEP_CONTENT!==false;if(F){C=false}if(G){B=true}if(e.ADD_TAGS){if(E===N){E=S(E)}w(E,e.ADD_TAGS)}if(e.ADD_ATTR){if(O===D){O=S(O)}w(O,e.ADD_ATTR)}if(e.ADD_URI_SAFE_ATTR){w(X,e.ADD_URI_SAFE_ATTR)}if(V){E["#text"]=true}if(Object&&"freeze"in Object){Object.freeze(e)}$=e};var Z=function(e){r.removed.push({element:e});try{e.parentNode.removeChild(e)}catch(t){e.outerHTML=""}};var ee=function(e,t){r.removed.push({attribute:t.getAttributeNode(e),from:t});t.removeAttribute(e)};var te=function(e){var t,r;if(q){e="<remove></remove>"+e}if(v){try{e=p(e)}catch(n){}var a=new m;a.responseType="document";a.open("GET","data:text/html;charset=utf-8,"+e,false);a.send(null);t=a.response}if(h){try{t=(new d).parseFromString(e,"text/html")}catch(n){}}if(!t||!t.documentElement){t=y.createHTMLDocument("");r=t.body;r.parentNode.removeChild(r.parentNode.firstElementChild);r.outerHTML=e}return b.call(t,j?"html":"body")[0]};if(r.isSupported){(function(){var e=te('<svg><g onload="this.parentNode.remove()"></g></svg>');if(!e.querySelector("svg")){v=true}e=te('<svg><p><style><img src="</style><img src=x onerror=alert(1)//">');if(e.querySelector("svg img")){h=true}})()}var re=function(e){return T.call(e.ownerDocument||e,e,s.SHOW_ELEMENT|s.SHOW_COMMENT|s.SHOW_TEXT,function(){return s.FILTER_ACCEPT},false)};var ne=function(e){if(e instanceof c||e instanceof u){return false}if(typeof e.nodeName!=="string"||typeof e.textContent!=="string"||typeof e.removeChild!=="function"||!(e.attributes instanceof f)||typeof e.removeAttribute!=="function"||typeof e.setAttribute!=="function"){return true}return false};var ae=function(e){return typeof l==="object"?e instanceof l:e&&typeof e==="object"&&typeof e.nodeType==="number"&&typeof e.nodeName==="string"};var ie=function(e){var t,n;me("beforeSanitizeElements",e,null);if(ne(e)){Z(e);return true}t=e.nodeName.toLowerCase();me("uponSanitizeElement",e,{tagName:t,allowedTags:E});if(!E[t]||M[t]){if(V&&!Y[t]&&typeof e.insertAdjacentHTML==="function"){try{e.insertAdjacentHTML("AfterEnd",e.innerHTML)}catch(a){}}Z(e);return true}if(z&&!e.firstElementChild&&(!e.content||!e.content.firstElementChild)&&/</g.test(e.textContent)){r.removed.push({element:e.cloneNode()});e.innerHTML=e.textContent.replace(/</g,"<")}if(F&&e.nodeType===3){n=e.textContent;n=n.replace(H," ");n=n.replace(I," ");if(e.textContent!==n){r.removed.push({element:e.cloneNode()});e.textContent=n}}me("afterSanitizeElements",e,null);return false};var oe=/^data-[\-\w.\u00B7-\uFFFF]/;var le=/^aria-[\-\w]+$/;var se=/^(?:(?:(?:f|ht)tps?|mailto|tel):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i;var fe=/^(?:\w+script|data):/i;var ce=/[\x00-\x20\xA0\u1680\u180E\u2000-\u2029\u205f\u3000]/g;var ue=function(e){var a,i,o,l,s,f,c,u;me("beforeSanitizeAttributes",e,null);f=e.attributes;if(!f){return}c={attrName:"",attrValue:"",keepAttr:true,allowedAttributes:O};u=f.length;while(u--){a=f[u];i=a.name;o=a.value.trim();l=i.toLowerCase();c.attrName=l;c.attrValue=o;c.keepAttr=true;me("uponSanitizeAttribute",e,c);o=c.attrValue;if(l==="name"&&e.nodeName==="IMG"&&f.id){s=f.id;f=Array.prototype.slice.apply(f);ee("id",e);ee(i,e);if(f.indexOf(s)>u){e.setAttribute("id",s.value)}}else if(e.nodeName==="INPUT"&&l==="type"&&o==="file"&&(O[l]||!L[l])){continue}else{if(i==="id"){e.setAttribute(i,"")}ee(i,e)}if(!c.keepAttr){continue}if(P&&(l==="id"||l==="name")&&(o in t||o in n||o in J)){continue}if(F){o=o.replace(H," ");o=o.replace(I," ")}if(C&&oe.test(l)){}else if(_&&le.test(l)){}else if(!O[l]||L[l]){continue}else if(X[l]){}else if(se.test(o.replace(ce,""))){}else if((l==="src"||l==="xlink:href")&&o.indexOf("data:")===0&&K[e.nodeName.toLowerCase()]){}else if(R&&!fe.test(o.replace(ce,""))){}else if(!o){}else{continue}try{e.setAttribute(i,o);r.removed.pop()}catch(d){}}me("afterSanitizeAttributes",e,null)};var de=function(e){var t;var r=re(e);me("beforeSanitizeShadowDOM",e,null);while(t=r.nextNode()){me("uponSanitizeShadowNode",t,null);if(ie(t)){continue}if(t.content instanceof i){de(t.content)}ue(t)}me("afterSanitizeShadowDOM",e,null)};var me=function(e,t,n){if(!k[e]){return}k[e].forEach(function(e){e.call(r,t,n,$)})};r.sanitize=function(e,n){var o,s,f,c,u,d;if(!e){e="<!-->"}if(typeof e!=="string"&&!ae(e)){if(typeof e.toString!=="function"){throw new TypeError("toString is not a function")}else{e=e.toString()}}if(!r.isSupported){if(typeof t.toStaticHTML==="object"||typeof t.toStaticHTML==="function"){if(typeof e==="string"){return t.toStaticHTML(e)}else if(ae(e)){return t.toStaticHTML(e.outerHTML)}}return e}if(!W){Q(n)}r.removed=[];if(e instanceof l){o=te("<!-->");s=o.ownerDocument.importNode(e,true);if(s.nodeType===1&&s.nodeName==="BODY"){o=s}else{o.appendChild(s)}}else{if(!B&&!j&&e.indexOf("<")===-1){return e}o=te(e);if(!o){return B?null:""}}if(q){Z(o.firstChild)}u=re(o);while(f=u.nextNode()){if(f.nodeType===3&&f===c){continue}if(ie(f)){continue}if(f.content instanceof i){de(f.content)}ue(f);c=f}if(B){if(G){d=A.call(o.ownerDocument);while(o.firstChild){d.appendChild(o.firstChild)}}else{d=o}if(U){d=x.call(a,d,true)}return d}return j?o.outerHTML:o.innerHTML};r.setConfig=function(e){Q(e);W=true};r.clearConfig=function(){$=null;W=false};r.addHook=function(e,t){if(typeof t!=="function"){return}k[e]=k[e]||[];k[e].push(t)};r.removeHook=function(e){if(k[e]){k[e].pop()}};r.removeHooks=function(e){if(k[e]){k[e]=[]}};r.removeAllHooks=function(){k={}};return r});
|
|
2
2
|
//# sourceMappingURL=./dist/purify.min.js.map
|
package/dist/purify.min.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["./src/purify.js"],"names":["factory","root","window","define","amd","module","exports","DOMPurify","version","removed","document","nodeType","isSupported","originalDocument","DocumentFragment","HTMLTemplateElement","Node","NodeFilter","NamedNodeMap","MozNamedAttrMap","Text","Comment","template","createElement","content","ownerDocument","implementation","createNodeIterator","getElementsByTagName","createDocumentFragment","importNode","hooks","createHTMLDocument","documentMode","_addToSet","set","array","l","length","toLowerCase","_cloneObj","object","newObject","property","hasOwnProperty","ALLOWED_TAGS","DEFAULT_ALLOWED_TAGS","ALLOWED_ATTR","DEFAULT_ALLOWED_ATTR","FORBID_TAGS","FORBID_ATTR","ALLOW_ARIA_ATTR","ALLOW_DATA_ATTR","ALLOW_UNKNOWN_PROTOCOLS","SAFE_FOR_JQUERY","SAFE_FOR_TEMPLATES","MUSTACHE_EXPR","ERB_EXPR","WHOLE_DOCUMENT","FORCE_BODY","RETURN_DOM","RETURN_DOM_FRAGMENT","RETURN_DOM_IMPORT","SANITIZE_DOM","KEEP_CONTENT","FORBID_CONTENTS","DATA_URI_TAGS","URI_SAFE_ATTRIBUTES","CONFIG","formElement","_parseConfig","cfg","ADD_TAGS","ADD_ATTR","ADD_URI_SAFE_ATTR","Object","freeze","_forceRemove","node","push","element","parentNode","removeChild","e","outerHTML","_removeAttribute","name","attribute","getAttributeNode","from","removeAttribute","_initDocument","dirty","doc","body","documentElement","firstElementChild","call","_createIterator","SHOW_ELEMENT","SHOW_COMMENT","SHOW_TEXT","FILTER_ACCEPT","_isClobbered","elm","nodeName","textContent","attributes","setAttribute","_isNode","obj","_sanitizeElements","currentNode","tagName","_executeHook","allowedTags","insertAdjacentHTML","innerHTML","test","cloneNode","replace","DATA_ATTR","ARIA_ATTR","IS_ALLOWED_URI","IS_SCRIPT_OR_DATA","ATTR_WHITESPACE","_sanitizeAttributes","attr","value","lcName","idAttr","hookEvent","attrName","attrValue","keepAttr","allowedAttributes","trim","id","Array","prototype","slice","apply","indexOf","pop","_sanitizeShadowDOM","fragment","shadowNode","shadowIterator","nextNode","entryPoint","data","forEach","hook","sanitize","importedNode","oldNode","nodeIterator","returnNode","toString","TypeError","toStaticHTML","appendChild","firstChild","addHook","hookFunction","removeHook","removeHooks","removeAllHooks"],"mappings":"CAAE,SAASA,GACP,YAEA,IAAIC,SAAcC,UAAW,YAAc,KAAOA,MAElD,UAAWC,UAAW,YAAcA,OAAOC,IAAK,CAC5CD,OAAO,WAAY,MAAOH,GAAQC,SAC/B,UAAWI,UAAW,YAAa,CACtCA,OAAOC,QAAUN,EAAQC,OACtB,CACHA,EAAKM,UAAYP,EAAQC,MAE/B,QAASD,GAAQE,GACf,YAEA,IAAIK,GAAY,SAASL,GACrB,MAAOF,GAAQE,GAOnBK,GAAUC,QAAU,OAMpBD,GAAUE,UAEV,KAAKP,IAAWA,EAAOQ,UAAYR,EAAOQ,SAASC,WAAa,EAAG,CAG/DJ,EAAUK,YAAc,KACxB,OAAOL,GAGX,GAAIG,GAAWR,EAAOQ,QACtB,IAAIG,GAAmBH,CACvB,IAAII,GAAmBZ,EAAOY,gBAC9B,IAAIC,GAAsBb,EAAOa,mBACjC,IAAIC,GAAOd,EAAOc,IAClB,IAAIC,GAAaf,EAAOe,UACxB,IAAIC,GAAehB,EAAOgB,cAAgBhB,EAAOiB,eACjD,IAAIC,GAAOlB,EAAOkB,IAClB,IAAIC,GAAUnB,EAAOmB,OAQrB,UAAWN,KAAwB,WAAY,CAC3C,GAAIO,GAAWZ,EAASa,cAAc,WACtC,IAAID,EAASE,SAAWF,EAASE,QAAQC,cAAe,CACpDf,EAAWY,EAASE,QAAQC,eAGpC,GAAIC,GAAiBhB,EAASgB,cAC9B,IAAIC,GAAqBjB,EAASiB,kBAClC,IAAIC,GAAuBlB,EAASkB,oBACpC,IAAIC,GAAyBnB,EAASmB,sBACtC,IAAIC,GAAajB,EAAiBiB,UAElC,IAAIC,KAKJxB,GAAUK,kBACCc,GAAeM,qBAAuB,aAC7CtB,EAASuB,eAAiB,CAG9B,IAAIC,GAAY,SAASC,EAAKC,GAC1B,GAAIC,GAAID,EAAME,MACd,OAAOD,IAAK,CACR,SAAWD,GAAMC,KAAO,SAAU,CAC9BD,EAAMC,GAAKD,EAAMC,GAAGE,cAExBJ,EAAIC,EAAMC,IAAM,KAEpB,MAAOF,GAIX,IAAIK,GAAY,SAASC,GACrB,GAAIC,KACJ,IAAIC,EACJ,KAAKA,IAAYF,GAAQ,CACrB,GAAIA,EAAOG,eAAeD,GAAW,CACjCD,EAAUC,GAAYF,EAAOE,IAGrC,MAAOD,GASX,IAAIG,GAAe,IACnB,IAAIC,GAAuBZ,MAGvB,IAAI,OAAO,UAAU,UAAU,OAAO,UAAU,QAAQ,QAAQ,IAChE,MAAM,MAAM,MAAM,QAAQ,aAAa,OAAO,KAAK,SAAS,SAC5D,UAAU,SAAS,OAAO,OAAO,MAAM,WAAW,UAAU,OAC5D,WAAW,KAAK,YAAY,MAAM,UAAU,MAAM,MAAM,MAAM,KAAK,KACnE,UAAU,KAAK,WAAW,aAAa,SAAS,OAAO,SAAS,OAChE,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,OAAO,SAAS,SAAS,KAAK,OAAO,IACnE,MAAM,QAAQ,MAAM,MAAM,QAAQ,SAAS,KAAK,OAAO,MAAM,OAC7D,UAAU,OAAO,WAAW,QAAQ,MAAM,OAAO,KAAK,WACtD,SAAS,SAAS,IAAI,MAAM,WAAW,IAAI,KAAK,KAAK,OAAO,IAAI,OAChE,UAAU,SAAS,SAAS,QAAQ,SAAS,SAAS,OAAO,SAC7D,SAAS,QAAQ,MAAM,UAAU,MAAM,QAAQ,QAAQ,KAAK,WAC5D,WAAW,QAAQ,KAAK,QAAQ,OAAO,KAAK,QAAQ,KAAK,IAAI,KAAK,MAClE,QAAQ,MAGR,MAAM,WAAW,cAAc,eAAe,eAC9C,gBAAgB,mBAAmB,SAAS,WAAW,OAAO,OAC9D,UAAU,SAAS,OAAO,IAAI,QAAQ,WAAW,QAAQ,QAAQ,OACjE,iBAAiB,SAAS,OAAO,WAAW,QAAQ,OAAO,UAC3D,UAAU,WAAW,iBAAiB,OAAO,OAAO,SAAS,SAC7D,OAAO,WAAW,QAAQ,OAAO,QAAQ,OAAO,QAGhD,UAAU,gBAAgB,sBAAsB,cAChD,mBAAmB,oBAAoB,oBACvC,UAAU,UAAU,UAAU,UAAU,UAAU,iBAClD,UAAU,cAAc,eAAe,WACvC,qBAAqB,SAAS,eAG9B,OAAO,WAAW,SAAS,UAAU,QAAQ,SAAS,KAAK,aAC3D,eAAe,KAAK,KAAK,QAAQ,UAAU,WAAW,QAAQ,OAC9D,KAAK,UAAU,QAAQ,UAAU,OAAO,OAAO,UAAU,SAAS,MAClE,QAAQ,MAAM,SAAS,aAGvB,SAIJ,IAAIa,GAAe,IACnB,IAAIC,GAAuBd,MAGvB,SAAS,SAAS,QAAQ,MAAM,eAAe,aAAa,UAC5D,SAAS,cAAc,cAAc,UAAU,OAAO,QAAQ,QAAQ,QACtE,OAAO,UAAU,SAAS,WAAW,UAAU,MAAM,WACrD,WAAW,UAAU,OAAO,MAAM,UAAU,SAAS,SAAS,OAAO,OACrE,WAAW,KAAK,QAAQ,QAAQ,OAAO,OAAO,OAAQ,MAAM,MAC5D,YAAY,QAAQ,SAAS,MAAM,WAAW,OAAO,UAAU,aAC/D,SAAS,OAAO,UAAU,UAAU,cAAc,SAAS,UAAU,UACrE,aAAa,WAAW,MAAM,WAAW,MAAM,WAAW,OAAO,OACjE,UAAU,aAAa,QAAQ,WAAW,QAAQ,OAAO,OACzD,UAAU,QAAQ,MAAM,OAAO,QAAQ,UAAU,WAAW,QAC5D,OAAO,SAAS,SAAS,QAAQ,QAAQ,QAGzC,gBAAgB,aAAa,aAAa,qBAC1C,SAAS,gBAAgB,gBAAgB,UAAU,gBACnD,iBAAiB,QAAQ,OAAO,KAAK,OAAO,YAAY,YACxD,QAAQ,sBAAsB,8BAA8B,gBAC5D,kBAAkB,KAAK,KAAK,IAAI,KAAK,KAAK,kBAAkB,YAC5D,UAAU,UAAU,MAAM,WAAW,YAAY,MAAM,OAAO,eAC9D,YAAY,SAAS,cAAc,gBAAgB,cAAc,YACjE,mBAAmB,eAAe,aAAa,eAAe,cAC9D,KAAM,KAAK,KAAK,KAAK,aAAa,WAAW,gBAAgB,oBAC7D,kBAAkB,KAAK,MAAM,IAAI,KAAK,KAAK,KAAK,KAAK,UAAU,YAC/D,aAAa,WAAW,eAAe,iBAAiB,eACxD,mBAAmB,iBAAiB,QAAQ,aAAa,aACzD,eAAe,eAAe,cAAc,cAAc,mBAC1D,YAAY,MAAM,OAAO,OAAO,MAAM,aAAa,SAAS,WAC5D,UAAU,QAAQ,SAAS,cAAc,SAAS,WAAW,cAC7D,OAAO,aAAa,sBAAsB,mBAAmB,eAC7D,SAAS,gBAAgB,IAAI,KAAK,KAAK,SAAS,OAAO,OAAO,cAC9D,YAAY,UAAU,SAAS,SAAS,QAAQ,OAAO,kBACvD,mBAAmB,mBAAmB,eAAe,eAAe,cACpE,aAAa,eAAe,mBAAmB,oBAAoB,iBACnE,kBAAkB,oBAAoB,iBAAiB,SAAS,eAChE,eAAe,UAAU,UAAU,YAAY,cAAc,kBAC7D,iBAAiB,aAAa,KAAK,KAAK,UAAU,SAAS,UAC3D,aAAa,aAAa,gBAAgB,gBAAgB,eAC1D,OAAO,eAAe,mBAAmB,mBAAmB,IAAI,KAAK,KACrE,IAAI,KAAK,KAAK,IAAI,aAGlB,SAAS,cAAc,WAAW,QAAQ,eAAe,cACzD,aAAa,aAAa,QAAQ,UAAU,eAAe,QAC3D,QAAQ,UAAU,SAAS,gBAAgB,SAAS,SACpD,iBAAiB,YAAY,WAAW,cAAc,UACtD,UAAU,gBAAgB,WAAW,WAAW,OAAO,WACvD,WAAW,aAAa,UAAU,SAAS,SAAS,cACpD,gBAAgB,uBAAuB,YAAY,YACnD,aAAa,WAAW,iBAAiB,iBAAiB,YAC1D,UAGA,aAAa,SAAS,cAAc,YAAY,eAIpD,IAAIe,GAAc,IAGlB,IAAIC,GAAc,IAGlB,IAAIC,GAAkB,IAGtB,IAAIC,GAAkB,IAGtB,IAAIC,GAA0B,KAG9B,IAAIC,GAAkB,KAKtB,IAAIC,GAAqB,KAGzB,IAAIC,GAAgB,2BACpB,IAAIC,GAAW,uBAGf,IAAIC,GAAiB,KAIrB,IAAIC,GAAa,KAKjB,IAAIC,GAAa,KAGjB,IAAIC,GAAsB,KAM1B,IAAIC,GAAoB,KAGxB,IAAIC,GAAe,IAGnB,IAAIC,GAAe,IAGnB,IAAIC,GAAkB/B,MAClB,QAAS,OAAQ,OAAQ,SAAU,QAAS,MAAO,SAIvD,IAAIgC,GAAgBhC,MAChB,QAAS,QAAS,MAAO,SAAU,SAIvC,IAAIiC,GAAsBjC,MACtB,MAAM,QAAQ,MAAM,KAAK,QAAQ,OAAO,UAAU,cAClD,UAAU,QAAQ,QAAQ,QAAQ,SAItC,IAAIkC,GAAS,IAKb,IAAIC,GAAc3D,EAASa,cAAc,OAOzC,IAAI+C,GAAe,SAASC,GAExB,SAAWA,KAAQ,SAAU,CACzBA,KAIJ1B,EAAe,gBAAkB0B,GAC7BrC,KAAcqC,EAAI1B,cAAgBC,CACtCC,GAAe,gBAAkBwB,GAC7BrC,KAAcqC,EAAIxB,cAAgBC,CACtCC,GAAc,eAAiBsB,GAC3BrC,KAAcqC,EAAItB,eACtBC,GAAc,eAAiBqB,GAC3BrC,KAAcqC,EAAIrB,eACtBC,GAAsBoB,EAAIpB,kBAAwB,KAClDC,GAAsBmB,EAAInB,kBAAwB,KAClDC,GAA0BkB,EAAIlB,yBAA2B,KACzDC,GAAsBiB,EAAIjB,iBAAwB,KAClDC,GAAsBgB,EAAIhB,oBAAwB,KAClDG,GAAsBa,EAAIb,gBAAwB,KAClDE,GAAsBW,EAAIX,YAAwB,KAClDC,GAAsBU,EAAIV,qBAAwB,KAClDC,GAAsBS,EAAIT,mBAAwB,KAClDH,GAAsBY,EAAIZ,YAAwB,KAClDI,GAAsBQ,EAAIR,eAAwB,KAClDC,GAAsBO,EAAIP,eAAwB,KAElD,IAAIT,EAAoB,CACpBH,EAAkB,MAGtB,GAAIS,EAAqB,CACrBD,EAAa,KAIjB,GAAIW,EAAIC,SAAU,CACd,GAAI3B,IAAiBC,EAAsB,CACvCD,EAAeL,EAAUK,GAE7BX,EAAUW,EAAc0B,EAAIC,UAEhC,GAAID,EAAIE,SAAU,CACd,GAAI1B,IAAiBC,EAAsB,CACvCD,EAAeP,EAAUO,GAE7Bb,EAAUa,EAAcwB,EAAIE,UAEhC,GAAIF,EAAIG,kBAAmB,CACvBxC,EAAUiC,EAAqBI,EAAIG,mBAIvC,GAAIV,EAAc,CAAEnB,EAAa,SAAW,KAI5C,GAAI8B,QAAU,UAAYA,QAAQ,CAAEA,OAAOC,OAAOL,GAElDH,EAASG,EAQb,IAAIM,GAAe,SAASC,GACxBvE,EAAUE,QAAQsE,MAAMC,QAASF,GACjC,KACIA,EAAKG,WAAWC,YAAYJ,GAC9B,MAAOK,GACLL,EAAKM,UAAY,IAUzB,IAAIC,GAAmB,SAASC,EAAMR,GAClCvE,EAAUE,QAAQsE,MACdQ,UAAWT,EAAKU,iBAAiBF,GACjCG,KAAMX,GAEVA,GAAKY,gBAAgBJ,GASzB,IAAIK,GAAgB,SAASC,GAEzB,GAAIC,GAAKC,CAET,IAAInC,EAAY,CACZiC,EAAQ,oBAAsBA,EAGlC,IAAKC,IAAQA,EAAIE,gBAAiB,CAC9BF,EAAMnE,EAAeM,mBAAmB,GACxC8D,GAAOD,EAAIC,IACXA,GAAKb,WAAWC,YAAYY,EAAKb,WAAWe,kBAC5CF,GAAKV,UAAYQ,EAIrB,SAAWC,GAAIjE,uBAAyB,WAAY,CAChD,MAAOiE,GAAIjE,qBACP8B,EAAiB,OAAS,QAAQ,GAE1C,MAAO9B,GAAqBqE,KAAKJ,EAC7BnC,EAAiB,OAAS,QAAQ,GAS1C,IAAIwC,GAAkB,SAASjG,GAC3B,MAAO0B,GAAmBsE,KAAKhG,EAAKwB,eAAiBxB,EACjDA,EACAgB,EAAWkF,aACTlF,EAAWmF,aACXnF,EAAWoF,UACb,WAAa,MAAOpF,GAAWqF,eAC/B,OAUR,IAAIC,GAAe,SAASC,GACxB,GAAIA,YAAepF,IAAQoF,YAAenF,GAAS,CAC/C,MAAO,OAEX,SAAamF,GAAIC,WAAa,gBACjBD,GAAIE,cAAgB,gBACpBF,GAAItB,cAAgB,cACzBsB,EAAIG,qBAAsBzF,WACrBsF,GAAId,kBAAoB,kBACxBc,GAAII,eAAiB,WAChC,CACE,MAAO,MAEX,MAAO,OASX,IAAIC,GAAU,SAASC,GACnB,aACW9F,KAAS,SAAW8F,YAAe9F,GAAO8F,SACnCA,KAAQ,gBAAmBA,GAAInG,WAAa,gBAC5CmG,GAAIL,WAAW,SAcrC,IAAIM,GAAoB,SAASC,GAC7B,GAAIC,GAASzF,CAGb0F,IAAa,yBAA0BF,EAAa,KAGpD,IAAIT,EAAaS,GAAc,CAC3BnC,EAAamC,EACb,OAAO,MAIXC,EAAUD,EAAYP,SAASlE,aAG/B2E,IAAa,sBAAuBF,GAChCC,QAASA,EACTE,YAAatE,GAIjB,KAAKA,EAAaoE,IAAYhE,EAAYgE,GAAU,CAEhD,GAAIjD,IAAiBC,EAAgBgD,UACnBD,GAAYI,qBAAuB,WAAY,CAC7D,IACIJ,EAAYI,mBAAmB,WAAYJ,EAAYK,WACzD,MAAOlC,KAEbN,EAAamC,EACb,OAAO,MAIX,GAAI1D,IAAoB0D,EAAYhB,qBAC1BgB,EAAYxF,UAAYwF,EAAYxF,QAAQwE,oBAC9C,KAAKsB,KAAKN,EAAYN,aAAc,CACxCnG,EAAUE,QAAQsE,MAAMC,QAASgC,EAAYO,aAC7CP,GAAYK,UAAYL,EAAYN,YAAYc,QAAQ,KAAM,QAIlE,GAAIjE,GAAsByD,EAAYrG,WAAa,EAAG,CAElDa,EAAUwF,EAAYN,WACtBlF,GAAUA,EAAQgG,QAAQhE,EAAe,IACzChC,GAAUA,EAAQgG,QAAQ/D,EAAU,IACpC,IAAIuD,EAAYN,cAAgBlF,EAAS,CACrCjB,EAAUE,QAAQsE,MAAMC,QAASgC,EAAYO,aAC7CP,GAAYN,YAAclF,GAKlC0F,GAAa,wBAAyBF,EAAa,KAEnD,OAAO,OAGX,IAAIS,IAAY,4BAChB,IAAIC,IAAY,gBAChB,IAAIC,IAAiB,uEACrB,IAAIC,IAAoB,uBAExB,IAAIC,IAAkB,uDAatB,IAAIC,IAAsB,SAASd,GAC/B,GAAIe,GAAMzC,EAAM0C,EAAOC,EAAQC,EAAQvB,EAAYwB,EAAW9F,CAE9D6E,IAAa,2BAA4BF,EAAa,KAEtDL,GAAaK,EAAYL,UAGzB,KAAKA,EAAY,CAAE,OAEnBwB,GACIC,SAAU,GACVC,UAAW,GACXC,SAAU,KACVC,kBAAmBxF,EAEvBV,GAAIsE,EAAWrE,MAGf,OAAOD,IAAK,CACR0F,EAAOpB,EAAWtE,EAClBiD,GAAOyC,EAAKzC,IACZ0C,GAAQD,EAAKC,MAAMQ,MACnBP,GAAS3C,EAAK/C,aAGd4F,GAAUC,SAAWH,CACrBE,GAAUE,UAAYL,CACtBG,GAAUG,SAAW,IACrBpB,IAAa,wBAAyBF,EAAamB,EACnDH,GAAQG,EAAUE,SAMlB,IAAIJ,IAAW,QACPjB,EAAYP,WAAa,OAASE,EAAW8B,GAAI,CACrDP,EAASvB,EAAW8B,EACpB9B,GAAa+B,MAAMC,UAAUC,MAAMC,MAAMlC,EACzCtB,GAAiB,KAAM2B,EACvB3B,GAAiBC,EAAM0B,EACvB,IAAIL,EAAWmC,QAAQZ,GAAU7F,EAAG,CAChC2E,EAAYJ,aAAa,KAAMsB,EAAOF,YAEvC,IAGDhB,EAAYP,WAAa,SAAWwB,IAAW,QAC/CD,IAAU,SAAWjF,EAAakF,KAAY/E,EAAY+E,IAAU,CACpE,aAEC,CAIH,GAAI3C,IAAS,KAAM,CACf0B,EAAYJ,aAAatB,EAAM,IAEnCD,EAAiBC,EAAM0B,GAI3B,IAAKmB,EAAUG,SAAU,CACrB,SAIJ,GAAIvE,IACKkE,IAAW,MAAQA,IAAW,UAC9BD,IAAS9H,IAAU8H,IAAStH,IAAYsH,IAAS3D,IAAc,CACpE,SAIJ,GAAId,EAAoB,CACpByE,EAAQA,EAAMR,QAAQhE,EAAe,IACrCwE,GAAQA,EAAMR,QAAQ/D,EAAU,KAOpC,GAAIL,GAAmBqE,GAAUH,KAAKW,GAAS,MAG1C,IAAI9E,GAAmBuE,GAAUJ,KAAKW,GAAS,MAI/C,KAAKlF,EAAakF,IAAW/E,EAAY+E,GAAS,CACnD,aAGC,IAAI9D,EAAoB8D,GAAS,MAKjC,IAAIN,GAAeL,KAAKU,EAAMR,QAAQK,GAAgB,KAAM,MAI5D,KACAI,IAAW,OAASA,IAAW,eAChCD,EAAMc,QAAQ,WAAa,GAC3B5E,EAAc8C,EAAYP,SAASlE,eAAgB,MAMlD,IACDc,IACCuE,GAAkBN,KAAKU,EAAMR,QAAQK,GAAgB,KAAM,MAI3D,KAAKG,EAAO,MAIZ,CACD,SAIJ,IACIhB,EAAYJ,aAAatB,EAAM0C,EAC/BzH,GAAUE,QAAQsI,MACpB,MAAO5D,KAIb+B,GAAa,0BAA2BF,EAAa,MASzD,IAAIgC,IAAqB,SAASC,GAC9B,GAAIC,EACJ,IAAIC,GAAiBjD,EAAgB+C,EAGrC/B,IAAa,0BAA2B+B,EAAU,KAElD,OAASC,EAAaC,EAAeC,WAAc,CAE/ClC,GAAa,yBAA0BgC,EAAY,KAGnD,IAAInC,EAAkBmC,GAAa,CAC/B,SAIJ,GAAIA,EAAW1H,kBAAmBV,GAAkB,CAChDkI,GAAmBE,EAAW1H,SAIlCsG,GAAoBoB,GAIxBhC,GAAa,yBAA0B+B,EAAU,MAUrD,IAAI/B,IAAe,SAASmC,EAAYrC,EAAasC,GACjD,IAAKvH,EAAMsH,GAAa,CAAE,OAE1BtH,EAAMsH,GAAYE,QAAQ,SAASC,GAC/BA,EAAKvD,KAAK1F,EAAWyG,EAAasC,EAAMlF,KAWhD7D,GAAUkJ,SAAW,SAAS7D,EAAOrB,GACjC,GAAIuB,GAAM4D,EAAc1C,EAAa2C,EAASC,EAAcC,CAI5D,KAAKjE,EAAO,CACRA,EAAQ,QAIZ,SAAWA,KAAU,WAAaiB,EAAQjB,GAAQ,CAC9C,SAAWA,GAAMkE,WAAa,WAAY,CACtC,KAAM,IAAIC,WAAU,kCACjB,CACHnE,EAAQA,EAAMkE,YAKtB,IAAKvJ,EAAUK,YAAa,CACxB,SAAWV,GAAO8J,eAAiB,gBACrB9J,GAAO8J,eAAiB,WAAY,CAC9C,SAAWpE,KAAU,SAAU,CAC3B,MAAO1F,GAAO8J,aAAapE,OACxB,IAAIiB,EAAQjB,GAAQ,CACvB,MAAO1F,GAAO8J,aAAapE,EAAMR,YAGzC,MAAOQ,GAIXtB,EAAaC,EAGbhE,GAAUE,UAEV,IAAImF,YAAiB5E,GAAM,CAGvB8E,EAAOH,EAAc,QACrB+D,GAAe5D,EAAKrE,cAAcK,WAAW8D,EAAO,KACpD,IAAI8D,EAAa/I,WAAa,GAAK+I,EAAajD,WAAa,OAAQ,CAEjEX,EAAO4D,MACJ,CACH5D,EAAKmE,YAAaP,QAEnB,CAEH,IAAK9F,IAAeF,GAAkBkC,EAAMkD,QAAQ,QAAU,EAAG,CAC7D,MAAOlD,GAIXE,EAAOH,EAAcC,EAGrB,KAAKE,EAAM,CACP,MAAOlC,GAAa,KAAO,IAKnC,GAAID,EAAY,CACZkB,EAAaiB,EAAKoE,YAItBN,EAAe1D,EAAgBJ,EAG/B,OAASkB,EAAc4C,EAAaR,WAAc,CAG9C,GAAIpC,EAAYrG,WAAa,GAAKqG,IAAgB2C,EAAS,CACvD,SAIJ,GAAI5C,EAAkBC,GAAc,CAChC,SAIJ,GAAIA,EAAYxF,kBAAmBV,GAAkB,CACjDkI,GAAmBhC,EAAYxF,SAInCsG,GAAoBd,EAEpB2C,GAAU3C,EAId,GAAIpD,EAAY,CAEZ,GAAIC,EAAqB,CACrBgG,EAAahI,EAAuBoE,KAAKH,EAAKrE,cAE9C,OAAOqE,EAAKoE,WAAY,CACpBL,EAAWI,YAAYnE,EAAKoE,iBAE7B,CACHL,EAAa/D,EAGjB,GAAIhC,EAAmB,CAMnB+F,EAAa/H,EAAWmE,KAAKpF,EAAkBgJ,EAAY,MAG/D,MAAOA,GAGX,MAAOnG,GAAiBoC,EAAKV,UAAYU,EAAKuB,UAUlD9G,GAAU4J,QAAU,SAASd,EAAYe,GACrC,SAAWA,KAAiB,WAAY,CAAE,OAC1CrI,EAAMsH,GAActH,EAAMsH,MAC1BtH,GAAMsH,GAAYtE,KAAKqF,GAW3B7J,GAAU8J,WAAa,SAAShB,GAC5B,GAAItH,EAAMsH,GAAa,CACnBtH,EAAMsH,GAAYN,OAW1BxI,GAAU+J,YAAc,SAASjB,GAC7B,GAAItH,EAAMsH,GAAa,CACnBtH,EAAMsH,OAUd9I,GAAUgK,eAAiB,WACvBxI,KAGJ,OAAOxB","file":"./dist/purify.min.js"}
|
|
1
|
+
{"version":3,"sources":["./src/purify.js"],"names":["factory","root","window","define","amd","module","exports","DOMPurify","version","removed","document","nodeType","isSupported","originalDocument","DocumentFragment","HTMLTemplateElement","Node","NodeFilter","NamedNodeMap","MozNamedAttrMap","Text","Comment","DOMParser","XMLHttpRequest","encodeURI","useXHR","useDOMParser","template","createElement","content","ownerDocument","implementation","createNodeIterator","getElementsByTagName","createDocumentFragment","importNode","hooks","createHTMLDocument","documentMode","_addToSet","set","array","l","length","toLowerCase","_cloneObj","object","newObject","property","hasOwnProperty","ALLOWED_TAGS","DEFAULT_ALLOWED_TAGS","ALLOWED_ATTR","DEFAULT_ALLOWED_ATTR","FORBID_TAGS","FORBID_ATTR","ALLOW_ARIA_ATTR","ALLOW_DATA_ATTR","ALLOW_UNKNOWN_PROTOCOLS","SAFE_FOR_JQUERY","SAFE_FOR_TEMPLATES","MUSTACHE_EXPR","ERB_EXPR","WHOLE_DOCUMENT","SET_CONFIG","FORCE_BODY","RETURN_DOM","RETURN_DOM_FRAGMENT","RETURN_DOM_IMPORT","SANITIZE_DOM","KEEP_CONTENT","FORBID_CONTENTS","DATA_URI_TAGS","URI_SAFE_ATTRIBUTES","CONFIG","formElement","_parseConfig","cfg","ADD_TAGS","ADD_ATTR","ADD_URI_SAFE_ATTR","Object","freeze","_forceRemove","node","push","element","parentNode","removeChild","e","outerHTML","_removeAttribute","name","attribute","getAttributeNode","from","removeAttribute","_initDocument","dirty","doc","body","xhr","responseType","open","send","response","parseFromString","documentElement","firstElementChild","call","querySelector","_createIterator","SHOW_ELEMENT","SHOW_COMMENT","SHOW_TEXT","FILTER_ACCEPT","_isClobbered","elm","nodeName","textContent","attributes","setAttribute","_isNode","obj","_sanitizeElements","currentNode","tagName","_executeHook","allowedTags","insertAdjacentHTML","innerHTML","test","cloneNode","replace","DATA_ATTR","ARIA_ATTR","IS_ALLOWED_URI","IS_SCRIPT_OR_DATA","ATTR_WHITESPACE","_sanitizeAttributes","attr","value","lcName","idAttr","hookEvent","attrName","attrValue","keepAttr","allowedAttributes","trim","id","Array","prototype","slice","apply","indexOf","pop","_sanitizeShadowDOM","fragment","shadowNode","shadowIterator","nextNode","entryPoint","data","forEach","hook","sanitize","importedNode","oldNode","nodeIterator","returnNode","toString","TypeError","toStaticHTML","appendChild","firstChild","setConfig","clearConfig","addHook","hookFunction","removeHook","removeHooks","removeAllHooks"],"mappings":"CAAE,SAASA,GACP,YAEA,IAAIC,SAAcC,UAAW,YAAc,KAAOA,MAElD,UAAWC,UAAW,YAAcA,OAAOC,IAAK,CAC5CD,OAAO,WAAY,MAAOH,GAAQC,SAC/B,UAAWI,UAAW,YAAa,CACtCA,OAAOC,QAAUN,EAAQC,OACtB,CACHA,EAAKM,UAAYP,EAAQC,MAE/B,QAASD,GAAQE,GACf,YAEA,IAAIK,GAAY,SAASL,GACrB,MAAOF,GAAQE,GAOnBK,GAAUC,QAAU,OAMpBD,GAAUE,UAEV,KAAKP,IAAWA,EAAOQ,UAAYR,EAAOQ,SAASC,WAAa,EAAG,CAG/DJ,EAAUK,YAAc,KACxB,OAAOL,GAGX,GAAIG,GAAWR,EAAOQ,QACtB,IAAIG,GAAmBH,CACvB,IAAII,GAAmBZ,EAAOY,gBAC9B,IAAIC,GAAsBb,EAAOa,mBACjC,IAAIC,GAAOd,EAAOc,IAClB,IAAIC,GAAaf,EAAOe,UACxB,IAAIC,GAAehB,EAAOgB,cAAgBhB,EAAOiB,eACjD,IAAIC,GAAOlB,EAAOkB,IAClB,IAAIC,GAAUnB,EAAOmB,OACrB,IAAIC,GAAYpB,EAAOoB,SACvB,IAAIC,GAAiBrB,EAAOqB,cAC5B,IAAIC,GAAYtB,EAAOsB,SACvB,IAAIC,GAAS,KACb,IAAIC,GAAe,KAQnB,UAAWX,KAAwB,WAAY,CAC3C,GAAIY,GAAWjB,EAASkB,cAAc,WACtC,IAAID,EAASE,SAAWF,EAASE,QAAQC,cAAe,CACpDpB,EAAWiB,EAASE,QAAQC,eAGpC,GAAIC,GAAiBrB,EAASqB,cAC9B,IAAIC,GAAqBtB,EAASsB,kBAClC,IAAIC,GAAuBvB,EAASuB,oBACpC,IAAIC,GAAyBxB,EAASwB,sBACtC,IAAIC,GAAatB,EAAiBsB,UAElC,IAAIC,KAKJ7B,GAAUK,kBACCmB,GAAeM,qBAAuB,aAC7C3B,EAAS4B,eAAiB,CAG9B,IAAIC,GAAY,SAASC,EAAKC,GAC1B,GAAIC,GAAID,EAAME,MACd,OAAOD,IAAK,CACR,SAAWD,GAAMC,KAAO,SAAU,CAC9BD,EAAMC,GAAKD,EAAMC,GAAGE,cAExBJ,EAAIC,EAAMC,IAAM,KAEpB,MAAOF,GAIX,IAAIK,GAAY,SAASC,GACrB,GAAIC,KACJ,IAAIC,EACJ,KAAKA,IAAYF,GAAQ,CACrB,GAAIA,EAAOG,eAAeD,GAAW,CACjCD,EAAUC,GAAYF,EAAOE,IAGrC,MAAOD,GASX,IAAIG,GAAe,IACnB,IAAIC,GAAuBZ,MAGvB,IAAI,OAAO,UAAU,UAAU,OAAO,UAAU,QAAQ,QAAQ,IAChE,MAAM,MAAM,MAAM,QAAQ,aAAa,OAAO,KAAK,SAAS,SAC5D,UAAU,SAAS,OAAO,OAAO,MAAM,WAAW,UAAU,OAC5D,WAAW,KAAK,YAAY,MAAM,UAAU,MAAM,MAAM,MAAM,KAAK,KACnE,UAAU,KAAK,WAAW,aAAa,SAAS,OAAO,SAAS,OAChE,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,OAAO,SAAS,SAAS,KAAK,OAAO,IACnE,MAAM,QAAQ,MAAM,MAAM,QAAQ,SAAS,KAAK,OAAO,MAAM,OAC7D,UAAU,OAAO,WAAW,QAAQ,MAAM,OAAO,KAAK,WACtD,SAAS,SAAS,IAAI,MAAM,WAAW,IAAI,KAAK,KAAK,OAAO,IAAI,OAChE,UAAU,SAAS,SAAS,QAAQ,SAAS,SAAS,OAAO,SAC7D,SAAS,QAAQ,MAAM,UAAU,MAAM,QAAQ,QAAQ,KAAK,WAC5D,WAAW,QAAQ,KAAK,QAAQ,OAAO,KAAK,QAAQ,KAAK,IAAI,KAAK,MAClE,QAAQ,MAGR,MAAM,WAAW,cAAc,eAAe,eAC9C,gBAAgB,mBAAmB,SAAS,WAAW,OAAO,OAC9D,UAAU,SAAS,OAAO,IAAI,QAAQ,WAAW,QAAQ,QAAQ,OACjE,iBAAiB,SAAS,OAAO,WAAW,QAAQ,OAAO,UAC3D,UAAU,WAAW,iBAAiB,OAAO,OAAO,SAAS,SAC7D,OAAO,WAAW,QAAQ,OAAO,QAAQ,OAAO,QAGhD,UAAU,gBAAgB,sBAAsB,cAChD,mBAAmB,oBAAoB,oBACvC,UAAU,UAAU,UAAU,UAAU,UAAU,iBAClD,UAAU,cAAc,eAAe,WACvC,qBAAqB,SAAS,eAG9B,OAAO,WAAW,SAAS,UAAU,QAAQ,SAAS,KAAK,aAC3D,eAAe,KAAK,KAAK,QAAQ,UAAU,WAAW,QAAQ,OAC9D,KAAK,UAAU,QAAQ,UAAU,OAAO,OAAO,UAAU,SAAS,MAClE,QAAQ,MAAM,SAAS,aAGvB,SAIJ,IAAIa,GAAe,IACnB,IAAIC,GAAuBd,MAGvB,SAAS,SAAS,QAAQ,MAAM,eAAe,aAAa,UAC5D,SAAS,cAAc,cAAc,UAAU,OAAO,QAAQ,QAAQ,QACtE,OAAO,UAAU,SAAS,WAAW,UAAU,MAAM,WACrD,WAAW,UAAU,OAAO,MAAM,UAAU,SAAS,SAAS,OAAO,OACrE,WAAW,KAAK,QAAQ,QAAQ,OAAO,OAAO,OAAQ,MAAM,MAC5D,YAAY,QAAQ,SAAS,MAAM,WAAW,OAAO,UAAU,aAC/D,SAAS,OAAO,UAAU,UAAU,cAAc,SAAS,UAAU,UACrE,aAAa,WAAW,MAAM,WAAW,MAAM,WAAW,OAAO,OACjE,UAAU,aAAa,QAAQ,WAAW,QAAQ,OAAO,OACzD,UAAU,QAAQ,MAAM,OAAO,QAAQ,UAAU,WAAW,QAC5D,OAAO,SAAS,SAAS,QAAQ,QAAQ,QAGzC,gBAAgB,aAAa,aAAa,qBAC1C,SAAS,gBAAgB,gBAAgB,UAAU,gBACnD,iBAAiB,QAAQ,OAAO,KAAK,OAAO,YAAY,YACxD,QAAQ,sBAAsB,8BAA8B,gBAC5D,kBAAkB,KAAK,KAAK,IAAI,KAAK,KAAK,kBAAkB,YAC5D,UAAU,UAAU,MAAM,WAAW,YAAY,MAAM,OAAO,eAC9D,YAAY,SAAS,cAAc,gBAAgB,cAAc,YACjE,mBAAmB,eAAe,aAAa,eAAe,cAC9D,KAAM,KAAK,KAAK,KAAK,aAAa,WAAW,gBAAgB,oBAC7D,kBAAkB,KAAK,MAAM,IAAI,KAAK,KAAK,KAAK,KAAK,UAAU,YAC/D,aAAa,WAAW,eAAe,iBAAiB,eACxD,mBAAmB,iBAAiB,QAAQ,aAAa,aACzD,eAAe,eAAe,cAAc,cAAc,mBAC1D,YAAY,MAAM,OAAO,OAAO,MAAM,aAAa,SAAS,WAC5D,UAAU,QAAQ,SAAS,cAAc,SAAS,WAAW,cAC7D,OAAO,aAAa,sBAAsB,mBAAmB,eAC7D,SAAS,gBAAgB,IAAI,KAAK,KAAK,SAAS,OAAO,OAAO,cAC9D,YAAY,UAAU,SAAS,SAAS,QAAQ,OAAO,kBACvD,mBAAmB,mBAAmB,eAAe,eAAe,cACpE,aAAa,eAAe,mBAAmB,oBAAoB,iBACnE,kBAAkB,oBAAoB,iBAAiB,SAAS,eAChE,eAAe,UAAU,UAAU,YAAY,cAAc,kBAC7D,iBAAiB,aAAa,KAAK,KAAK,UAAU,SAAS,UAC3D,aAAa,aAAa,gBAAgB,gBAAgB,eAC1D,OAAO,eAAe,mBAAmB,mBAAmB,IAAI,KAAK,KACrE,IAAI,KAAK,KAAK,IAAI,aAGlB,SAAS,cAAc,WAAW,QAAQ,eAAe,cACzD,aAAa,aAAa,QAAQ,UAAU,eAAe,QAC3D,QAAQ,UAAU,SAAS,gBAAgB,SAAS,SACpD,iBAAiB,YAAY,WAAW,cAAc,UACtD,UAAU,gBAAgB,WAAW,WAAW,OAAO,WACvD,WAAW,aAAa,UAAU,SAAS,SAAS,cACpD,gBAAgB,uBAAuB,YAAY,YACnD,aAAa,WAAW,iBAAiB,iBAAiB,YAC1D,UAGA,aAAa,SAAS,cAAc,YAAY,eAIpD,IAAIe,GAAc,IAGlB,IAAIC,GAAc,IAGlB,IAAIC,GAAkB,IAGtB,IAAIC,GAAkB,IAGtB,IAAIC,GAA0B,KAG9B,IAAIC,GAAkB,KAKtB,IAAIC,GAAqB,KAGzB,IAAIC,GAAgB,2BACpB,IAAIC,GAAW,uBAGf,IAAIC,GAAiB,KAGrB,IAAIC,GAAa,KAIjB,IAAIC,GAAa,KAKjB,IAAIC,GAAa,KAGjB,IAAIC,GAAsB,KAM1B,IAAIC,GAAoB,KAGxB,IAAIC,GAAe,IAGnB,IAAIC,GAAe,IAGnB,IAAIC,GAAkBhC,MAClB,QAAS,OAAQ,OAAQ,SAAU,QAAS,WAAY,MAAO,SAInE,IAAIiC,GAAgBjC,MAChB,QAAS,QAAS,MAAO,SAAU,SAIvC,IAAIkC,GAAsBlC,MACtB,MAAM,QAAQ,MAAM,KAAK,QAAQ,OAAO,UAAU,cAClD,UAAU,QAAQ,QAAQ,QAAQ,SAItC,IAAImC,GAAS,IAKb,IAAIC,GAAcjE,EAASkB,cAAc,OAOzC,IAAIgD,GAAe,SAASC,GAExB,SAAWA,KAAQ,SAAU,CACzBA,KAIJ3B,EAAe,gBAAkB2B,GAC7BtC,KAAcsC,EAAI3B,cAAgBC,CACtCC,GAAe,gBAAkByB,GAC7BtC,KAAcsC,EAAIzB,cAAgBC,CACtCC,GAAc,eAAiBuB,GAC3BtC,KAAcsC,EAAIvB,eACtBC,GAAc,eAAiBsB,GAC3BtC,KAAcsC,EAAItB,eACtBC,GAAsBqB,EAAIrB,kBAAwB,KAClDC,GAAsBoB,EAAIpB,kBAAwB,KAClDC,GAA0BmB,EAAInB,yBAA2B,KACzDC,GAAsBkB,EAAIlB,iBAAwB,KAClDC,GAAsBiB,EAAIjB,oBAAwB,KAClDG,GAAsBc,EAAId,gBAAwB,KAClDG,GAAsBW,EAAIX,YAAwB,KAClDC,GAAsBU,EAAIV,qBAAwB,KAClDC,GAAsBS,EAAIT,mBAAwB,KAClDH,GAAsBY,EAAIZ,YAAwB,KAClDI,GAAsBQ,EAAIR,eAAwB,KAClDC,GAAsBO,EAAIP,eAAwB,KAElD,IAAIV,EAAoB,CACpBH,EAAkB,MAGtB,GAAIU,EAAqB,CACrBD,EAAa,KAIjB,GAAIW,EAAIC,SAAU,CACd,GAAI5B,IAAiBC,EAAsB,CACvCD,EAAeL,EAAUK,GAE7BX,EAAUW,EAAc2B,EAAIC,UAEhC,GAAID,EAAIE,SAAU,CACd,GAAI3B,IAAiBC,EAAsB,CACvCD,EAAeP,EAAUO,GAE7Bb,EAAUa,EAAcyB,EAAIE,UAEhC,GAAIF,EAAIG,kBAAmB,CACvBzC,EAAUkC,EAAqBI,EAAIG,mBAIvC,GAAIV,EAAc,CAAEpB,EAAa,SAAW,KAI5C,GAAI+B,QAAU,UAAYA,QAAQ,CAAEA,OAAOC,OAAOL,GAElDH,EAASG,EAQb,IAAIM,GAAe,SAASC,GACxB7E,EAAUE,QAAQ4E,MAAMC,QAASF,GACjC,KACIA,EAAKG,WAAWC,YAAYJ,GAC9B,MAAOK,GACLL,EAAKM,UAAY,IAUzB,IAAIC,IAAmB,SAASC,EAAMR,GAClC7E,EAAUE,QAAQ4E,MACdQ,UAAWT,EAAKU,iBAAiBF,GACjCG,KAAMX,GAEVA,GAAKY,gBAAgBJ,GASzB,IAAIK,IAAgB,SAASC,GAEzB,GAAIC,GAAKC,CAGT,IAAInC,EAAY,CACZiC,EAAQ,oBAAsBA,EAIlC,GAAIzE,EAAQ,CACR,IACIyE,EAAQ1E,EAAU0E,GACpB,MAAOT,IACT,GAAIY,GAAM,GAAI9E,EACd8E,GAAIC,aAAe,UACnBD,GAAIE,KAAK,MAAO,gCAAkCL,EAAO,MACzDG,GAAIG,KAAK,KACTL,GAAME,EAAII,SAId,GAAI/E,EAAc,CACd,IACIyE,GAAM,GAAI7E,IAAYoF,gBAAgBR,EAAO,aAC/C,MAAOT,KAKb,IAAKU,IAAQA,EAAIQ,gBAAiB,CAC9BR,EAAMpE,EAAeM,mBAAmB,GACxC+D,GAAOD,EAAIC,IACXA,GAAKb,WAAWC,YAAYY,EAAKb,WAAWqB,kBAC5CR,GAAKV,UAAYQ,EAIrB,MAAOjE,GAAqB4E,KAAKV,EAC7BpC,EAAiB,OAAS,QAAQ,GAqB1C,IAAIxD,EAAUK,YAAa,EACtB,WACG,GAAIuF,GAAOF,GAAc,uDACzB,KAAKE,EAAIW,cAAc,OAAQ,CAC3BrF,EAAS,KAEb0E,EAAMF,GAAc,mEACpB,IAAIE,EAAIW,cAAc,WAAY,CAC9BpF,EAAe,UAW3B,GAAIqF,IAAkB,SAAS9G,GAC3B,MAAO+B,GAAmB6E,KAAK5G,EAAK6B,eAAiB7B,EACjDA,EACAgB,EAAW+F,aACT/F,EAAWgG,aACXhG,EAAWiG,UACb,WAAa,MAAOjG,GAAWkG,eAC/B,OAUR,IAAIC,IAAe,SAASC,GACxB,GAAIA,YAAejG,IAAQiG,YAAehG,GAAS,CAC/C,MAAO,OAEX,SAAagG,GAAIC,WAAa,gBACjBD,GAAIE,cAAgB,gBACpBF,GAAI7B,cAAgB,cACzB6B,EAAIG,qBAAsBtG,WACrBmG,GAAIrB,kBAAoB,kBACxBqB,GAAII,eAAiB,WAChC,CACE,MAAO,MAEX,MAAO,OASX,IAAIC,IAAU,SAASC,GACnB,aACW3G,KAAS,SAAW2G,YAAe3G,GAAO2G,SACnCA,KAAQ,gBAAmBA,GAAIhH,WAAa,gBAC5CgH,GAAIL,WAAW,SAcrC,IAAIM,IAAoB,SAASC,GAC7B,GAAIC,GAASjG,CAGbkG,IAAa,yBAA0BF,EAAa,KAGpD,IAAIT,GAAaS,GAAc,CAC3B1C,EAAa0C,EACb,OAAO,MAIXC,EAAUD,EAAYP,SAAS1E,aAG/BmF,IAAa,sBAAuBF,GAChCC,QAASA,EACTE,YAAa9E,GAIjB,KAAKA,EAAa4E,IAAYxE,EAAYwE,GAAU,CAEhD,GAAIxD,IAAiBC,EAAgBuD,UACnBD,GAAYI,qBAAuB,WAAY,CAC7D,IACIJ,EAAYI,mBAAmB,WAAYJ,EAAYK,WACzD,MAAOzC,KAEbN,EAAa0C,EACb,OAAO,MAIX,GAAIlE,IAAoBkE,EAAYjB,qBAC1BiB,EAAYhG,UAAYgG,EAAYhG,QAAQ+E,oBAC9C,KAAKuB,KAAKN,EAAYN,aAAc,CACxChH,EAAUE,QAAQ4E,MAAMC,QAASuC,EAAYO,aAC7CP,GAAYK,UAAYL,EAAYN,YAAYc,QAAQ,KAAM,QAIlE,GAAIzE,GAAsBiE,EAAYlH,WAAa,EAAG,CAElDkB,EAAUgG,EAAYN,WACtB1F,GAAUA,EAAQwG,QAAQxE,EAAe,IACzChC,GAAUA,EAAQwG,QAAQvE,EAAU,IACpC,IAAI+D,EAAYN,cAAgB1F,EAAS,CACrCtB,EAAUE,QAAQ4E,MAAMC,QAASuC,EAAYO,aAC7CP,GAAYN,YAAc1F,GAKlCkG,GAAa,wBAAyBF,EAAa,KAEnD,OAAO,OAGX,IAAIS,IAAY,4BAChB,IAAIC,IAAY,gBAChB,IAAIC,IAAiB,uEACrB,IAAIC,IAAoB,uBAExB,IAAIC,IAAkB,uDAatB,IAAIC,IAAsB,SAASd,GAC/B,GAAIe,GAAMhD,EAAMiD,EAAOC,EAAQC,EAAQvB,EAAYwB,EAAWtG,CAE9DqF,IAAa,2BAA4BF,EAAa,KAEtDL,GAAaK,EAAYL,UAGzB,KAAKA,EAAY,CAAE,OAEnBwB,GACIC,SAAU,GACVC,UAAW,GACXC,SAAU,KACVC,kBAAmBhG,EAEvBV,GAAI8E,EAAW7E,MAGf,OAAOD,IAAK,CACRkG,EAAOpB,EAAW9E,EAClBkD,GAAOgD,EAAKhD,IACZiD,GAAQD,EAAKC,MAAMQ,MACnBP,GAASlD,EAAKhD,aAGdoG,GAAUC,SAAWH,CACrBE,GAAUE,UAAYL,CACtBG,GAAUG,SAAW,IACrBpB,IAAa,wBAAyBF,EAAamB,EACnDH,GAAQG,EAAUE,SAMlB,IAAIJ,IAAW,QACPjB,EAAYP,WAAa,OAASE,EAAW8B,GAAI,CACrDP,EAASvB,EAAW8B,EACpB9B,GAAa+B,MAAMC,UAAUC,MAAMC,MAAMlC,EACzC7B,IAAiB,KAAMkC,EACvBlC,IAAiBC,EAAMiC,EACvB,IAAIL,EAAWmC,QAAQZ,GAAUrG,EAAG,CAChCmF,EAAYJ,aAAa,KAAMsB,EAAOF,YAEvC,IAGDhB,EAAYP,WAAa,SAAWwB,IAAW,QAC/CD,IAAU,SAAWzF,EAAa0F,KAAYvF,EAAYuF,IAAU,CACpE,aACC,CAIH,GAAIlD,IAAS,KAAM,CACfiC,EAAYJ,aAAa7B,EAAM,IAEnCD,GAAiBC,EAAMiC,GAI3B,IAAKmB,EAAUG,SAAU,CACrB,SAIJ,GAAI9E,IACKyE,IAAW,MAAQA,IAAW,UAC9BD,IAAS3I,IAAU2I,IAASnI,IAAYmI,IAASlE,IAAc,CACpE,SAIJ,GAAIf,EAAoB,CACpBiF,EAAQA,EAAMR,QAAQxE,EAAe,IACrCgF,GAAQA,EAAMR,QAAQvE,EAAU,KAOpC,GAAIL,GAAmB6E,GAAUH,KAAKW,GAAS,MAG1C,IAAItF,GAAmB+E,GAAUJ,KAAKW,GAAS,MAI/C,KAAK1F,EAAa0F,IAAWvF,EAAYuF,GAAS,CACnD,aAGC,IAAIrE,EAAoBqE,GAAS,MAKjC,IAAIN,GAAeL,KAAKU,EAAMR,QAAQK,GAAgB,KAAM,MAI5D,KACAI,IAAW,OAASA,IAAW,eAChCD,EAAMc,QAAQ,WAAa,GAC3BnF,EAAcqD,EAAYP,SAAS1E,eAAgB,MAMlD,IACDc,IACC+E,GAAkBN,KAAKU,EAAMR,QAAQK,GAAgB,KAAM,MAI3D,KAAKG,EAAO,MAIZ,CACD,SAIJ,IACIhB,EAAYJ,aAAa7B,EAAMiD,EAC/BtI,GAAUE,QAAQmJ,MACpB,MAAOnE,KAIbsC,GAAa,0BAA2BF,EAAa,MASzD,IAAIgC,IAAqB,SAASC,GAC9B,GAAIC,EACJ,IAAIC,GAAiBjD,GAAgB+C,EAGrC/B,IAAa,0BAA2B+B,EAAU,KAElD,OAASC,EAAaC,EAAeC,WAAc,CAE/ClC,GAAa,yBAA0BgC,EAAY,KAGnD,IAAInC,GAAkBmC,GAAa,CAC/B,SAIJ,GAAIA,EAAWlI,kBAAmBf,GAAkB,CAChD+I,GAAmBE,EAAWlI,SAIlC8G,GAAoBoB,GAIxBhC,GAAa,yBAA0B+B,EAAU,MAUrD,IAAI/B,IAAe,SAASmC,EAAYrC,EAAasC,GACjD,IAAK/H,EAAM8H,GAAa,CAAE,OAE1B9H,EAAM8H,GAAYE,QAAQ,SAASC,GAC/BA,EAAKxD,KAAKtG,EAAWsH,EAAasC,EAAMzF,KAWhDnE,GAAU+J,SAAW,SAASpE,EAAOrB,GACjC,GAAIuB,GAAMmE,EAAc1C,EAAa2C,EAASC,EAAcC,CAI5D,KAAKxE,EAAO,CACRA,EAAQ,QAIZ,SAAWA,KAAU,WAAawB,GAAQxB,GAAQ,CAC9C,SAAWA,GAAMyE,WAAa,WAAY,CACtC,KAAM,IAAIC,WAAU,kCACjB,CACH1E,EAAQA,EAAMyE,YAKtB,IAAKpK,EAAUK,YAAa,CACxB,SAAWV,GAAO2K,eAAiB,gBACrB3K,GAAO2K,eAAiB,WAAY,CAC9C,SAAW3E,KAAU,SAAU,CAC3B,MAAOhG,GAAO2K,aAAa3E,OACxB,IAAIwB,GAAQxB,GAAQ,CACvB,MAAOhG,GAAO2K,aAAa3E,EAAMR,YAGzC,MAAOQ,GAIX,IAAKlC,EAAY,CACbY,EAAaC,GAIjBtE,EAAUE,UAEV,IAAIyF,YAAiBlF,GAAM,CAGvBoF,EAAOH,GAAc,QACrBsE,GAAenE,EAAKtE,cAAcK,WAAW+D,EAAO,KACpD,IAAIqE,EAAa5J,WAAa,GAAK4J,EAAajD,WAAa,OAAQ,CAEjElB,EAAOmE,MACJ,CACHnE,EAAK0E,YAAYP,QAElB,CAEH,IAAKrG,IAAeH,GAAkBmC,EAAMyD,QAAQ,QAAU,EAAG,CAC7D,MAAOzD,GAIXE,EAAOH,GAAcC,EAGrB,KAAKE,EAAM,CACP,MAAOlC,GAAa,KAAO,IAKnC,GAAID,EAAY,CACZkB,EAAaiB,EAAK2E,YAItBN,EAAe1D,GAAgBX,EAG/B,OAASyB,EAAc4C,EAAaR,WAAc,CAG9C,GAAIpC,EAAYlH,WAAa,GAAKkH,IAAgB2C,EAAS,CACvD,SAIJ,GAAI5C,GAAkBC,GAAc,CAChC,SAIJ,GAAIA,EAAYhG,kBAAmBf,GAAkB,CACjD+I,GAAmBhC,EAAYhG,SAInC8G,GAAoBd,EAEpB2C,GAAU3C,EAId,GAAI3D,EAAY,CAEZ,GAAIC,EAAqB,CACrBuG,EAAaxI,EAAuB2E,KAAKT,EAAKtE,cAE9C,OAAOsE,EAAK2E,WAAY,CACpBL,EAAWI,YAAY1E,EAAK2E,iBAE7B,CACHL,EAAatE,EAGjB,GAAIhC,EAAmB,CAMnBsG,EAAavI,EAAW0E,KAAKhG,EAAkB6J,EAAY,MAG/D,MAAOA,GAGX,MAAO3G,GAAiBqC,EAAKV,UAAYU,EAAK8B,UAUlD3H,GAAUyK,UAAY,SAASnG,GAC3BD,EAAaC,EACbb,GAAa,KASjBzD,GAAU0K,YAAc,WACpBvG,EAAS,IACTV,GAAa,MAUjBzD,GAAU2K,QAAU,SAAShB,EAAYiB,GACrC,SAAWA,KAAiB,WAAY,CAAE,OAC1C/I,EAAM8H,GAAc9H,EAAM8H,MAC1B9H,GAAM8H,GAAY7E,KAAK8F,GAW3B5K,GAAU6K,WAAa,SAASlB,GAC5B,GAAI9H,EAAM8H,GAAa,CACnB9H,EAAM8H,GAAYN,OAW1BrJ,GAAU8K,YAAc,SAASnB,GAC7B,GAAI9H,EAAM8H,GAAa,CACnB9H,EAAM8H,OAUd3J,GAAU+K,eAAiB,WACvBlJ,KAGJ,OAAO7B","file":"./dist/purify.min.js"}
|
package/package.json
CHANGED
|
@@ -41,7 +41,7 @@
|
|
|
41
41
|
},
|
|
42
42
|
"name": "dompurify",
|
|
43
43
|
"description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.",
|
|
44
|
-
"version": "0.
|
|
44
|
+
"version": "0.9.0",
|
|
45
45
|
"main": "src/purify.js",
|
|
46
46
|
"directories": {
|
|
47
47
|
"test": "test"
|
package/src/purify.js
CHANGED
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
* Version label, exposed for easier checks
|
|
22
22
|
* if DOMPurify is up to date or not
|
|
23
23
|
*/
|
|
24
|
-
DOMPurify.version = '0.
|
|
24
|
+
DOMPurify.version = '0.9.0';
|
|
25
25
|
|
|
26
26
|
/**
|
|
27
27
|
* Array of elements that DOMPurify removed during sanitation.
|
|
@@ -45,7 +45,12 @@
|
|
|
45
45
|
var NamedNodeMap = window.NamedNodeMap || window.MozNamedAttrMap;
|
|
46
46
|
var Text = window.Text;
|
|
47
47
|
var Comment = window.Comment;
|
|
48
|
-
|
|
48
|
+
var DOMParser = window.DOMParser;
|
|
49
|
+
var XMLHttpRequest = window.XMLHttpRequest;
|
|
50
|
+
var encodeURI = window.encodeURI;
|
|
51
|
+
var useXHR = false;
|
|
52
|
+
var useDOMParser = false; // See comment below
|
|
53
|
+
|
|
49
54
|
// As per issue #47, the web-components registry is inherited by a
|
|
50
55
|
// new document created via createHTMLDocument. As per the spec
|
|
51
56
|
// (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)
|
|
@@ -236,7 +241,10 @@
|
|
|
236
241
|
/* Decide if document with <html>... should be returned */
|
|
237
242
|
var WHOLE_DOCUMENT = false;
|
|
238
243
|
|
|
239
|
-
/*
|
|
244
|
+
/* Track whether config is already set on this instance of DOMPurify. */
|
|
245
|
+
var SET_CONFIG = false;
|
|
246
|
+
|
|
247
|
+
/* Decide if all elements (e.g. style, script) must be children of
|
|
240
248
|
* document.body. By default, browsers might move them to document.head */
|
|
241
249
|
var FORCE_BODY = false;
|
|
242
250
|
|
|
@@ -262,7 +270,7 @@
|
|
|
262
270
|
|
|
263
271
|
/* Tags to ignore content of when KEEP_CONTENT is true */
|
|
264
272
|
var FORBID_CONTENTS = _addToSet({}, [
|
|
265
|
-
'audio', 'head', 'math', 'script', 'style', 'svg', 'video'
|
|
273
|
+
'audio', 'head', 'math', 'script', 'style', 'template', 'svg', 'video'
|
|
266
274
|
]);
|
|
267
275
|
|
|
268
276
|
/* Tags that are safe for data: URIs */
|
|
@@ -389,11 +397,33 @@
|
|
|
389
397
|
var _initDocument = function(dirty) {
|
|
390
398
|
/* Create a HTML document */
|
|
391
399
|
var doc, body;
|
|
392
|
-
|
|
400
|
+
|
|
401
|
+
/* Fill body with bogus element */
|
|
393
402
|
if (FORCE_BODY) {
|
|
394
403
|
dirty = '<remove></remove>' + dirty;
|
|
395
404
|
}
|
|
396
405
|
|
|
406
|
+
/* Use XHR if necessary because Safari 10.1 and newer are buggy */
|
|
407
|
+
if (useXHR) {
|
|
408
|
+
try {
|
|
409
|
+
dirty = encodeURI(dirty);
|
|
410
|
+
} catch (e) {}
|
|
411
|
+
var xhr = new XMLHttpRequest();
|
|
412
|
+
xhr.responseType = 'document';
|
|
413
|
+
xhr.open('GET', 'data:text/html;charset=utf-8,' + dirty, false);
|
|
414
|
+
xhr.send(null);
|
|
415
|
+
doc = xhr.response;
|
|
416
|
+
}
|
|
417
|
+
|
|
418
|
+
/* Use DOMParser to workaround Firefox bug (see comment below) */
|
|
419
|
+
if (useDOMParser) {
|
|
420
|
+
try {
|
|
421
|
+
doc = new DOMParser().parseFromString(dirty, 'text/html');
|
|
422
|
+
} catch (e) {}
|
|
423
|
+
}
|
|
424
|
+
|
|
425
|
+
/* Otherwise use createHTMLDocument, because DOMParser is unsafe in
|
|
426
|
+
Safari (see comment below) */
|
|
397
427
|
if (!doc || !doc.documentElement) {
|
|
398
428
|
doc = implementation.createHTMLDocument('');
|
|
399
429
|
body = doc.body;
|
|
@@ -402,14 +432,41 @@
|
|
|
402
432
|
}
|
|
403
433
|
|
|
404
434
|
/* Work on whole document or just its body */
|
|
405
|
-
if (typeof doc.getElementsByTagName === 'function') {
|
|
406
|
-
return doc.getElementsByTagName(
|
|
407
|
-
WHOLE_DOCUMENT ? 'html' : 'body')[0];
|
|
408
|
-
}
|
|
409
435
|
return getElementsByTagName.call(doc,
|
|
410
436
|
WHOLE_DOCUMENT ? 'html' : 'body')[0];
|
|
411
437
|
};
|
|
412
438
|
|
|
439
|
+
// Safari 10.1+ (unfixed as of time of writing) has a catastrophic bug in
|
|
440
|
+
// its implementation of DOMParser such that the following executes the
|
|
441
|
+
// JavaScript:
|
|
442
|
+
//
|
|
443
|
+
// new DOMParser()
|
|
444
|
+
// .parseFromString('<svg onload=alert(document.domain)>', 'text/html');
|
|
445
|
+
//
|
|
446
|
+
// Later, it was also noticed that even more assumed benign and inert ways
|
|
447
|
+
// of creating a document are now insecure thanks to Safari. So we work
|
|
448
|
+
// around that with a feature test and use XHR to create the document in
|
|
449
|
+
// case we really have to. That one seems safe for now.
|
|
450
|
+
//
|
|
451
|
+
// However, Firefox uses a different parser for innerHTML rather than
|
|
452
|
+
// DOMParser (see https://bugzilla.mozilla.org/show_bug.cgi?id=1205631)
|
|
453
|
+
// which means that you *must* use DOMParser, otherwise the output may
|
|
454
|
+
// not be safe if used in a document.write context later.
|
|
455
|
+
//
|
|
456
|
+
// So we feature detect the Firefox bug and use the DOMParser if necessary.
|
|
457
|
+
if (DOMPurify.isSupported) {
|
|
458
|
+
(function () {
|
|
459
|
+
var doc = _initDocument('<svg><g onload="this.parentNode.remove()"></g></svg>');
|
|
460
|
+
if (!doc.querySelector('svg')) {
|
|
461
|
+
useXHR = true;
|
|
462
|
+
}
|
|
463
|
+
doc = _initDocument('<svg><p><style><img src="</style><img src=x onerror=alert(1)//">');
|
|
464
|
+
if (doc.querySelector('svg img')) {
|
|
465
|
+
useDOMParser = true;
|
|
466
|
+
}
|
|
467
|
+
}());
|
|
468
|
+
}
|
|
469
|
+
|
|
413
470
|
/**
|
|
414
471
|
* _createIterator
|
|
415
472
|
*
|
|
@@ -597,16 +654,15 @@
|
|
|
597
654
|
currentNode.setAttribute('id', idAttr.value);
|
|
598
655
|
}
|
|
599
656
|
} else if (
|
|
600
|
-
// This works around a bug in Safari, where input[type=file]
|
|
657
|
+
// This works around a bug in Safari, where input[type=file]
|
|
601
658
|
// cannot be dynamically set after type has been removed
|
|
602
|
-
currentNode.nodeName === 'INPUT' && lcName === 'type' &&
|
|
659
|
+
currentNode.nodeName === 'INPUT' && lcName === 'type' &&
|
|
603
660
|
value === 'file' && (ALLOWED_ATTR[lcName] || !FORBID_ATTR[lcName])) {
|
|
604
661
|
continue;
|
|
605
|
-
|
|
606
662
|
} else {
|
|
607
663
|
// This avoids a crash in Safari v9.0 with double-ids.
|
|
608
664
|
// The trick is to first set the id to be empty and then to
|
|
609
|
-
// remove the
|
|
665
|
+
// remove the attribute
|
|
610
666
|
if (name === 'id') {
|
|
611
667
|
currentNode.setAttribute(name, '');
|
|
612
668
|
}
|
|
@@ -778,7 +834,9 @@
|
|
|
778
834
|
}
|
|
779
835
|
|
|
780
836
|
/* Assign config vars */
|
|
781
|
-
|
|
837
|
+
if (!SET_CONFIG) {
|
|
838
|
+
_parseConfig(cfg);
|
|
839
|
+
}
|
|
782
840
|
|
|
783
841
|
/* Clean up removed elements */
|
|
784
842
|
DOMPurify.removed = [];
|
|
@@ -792,7 +850,7 @@
|
|
|
792
850
|
/* Node is already a body, use as is */
|
|
793
851
|
body = importedNode;
|
|
794
852
|
} else {
|
|
795
|
-
body.appendChild(
|
|
853
|
+
body.appendChild(importedNode);
|
|
796
854
|
}
|
|
797
855
|
} else {
|
|
798
856
|
/* Exit directly if we have nothing to do */
|
|
@@ -869,6 +927,29 @@
|
|
|
869
927
|
return WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML;
|
|
870
928
|
};
|
|
871
929
|
|
|
930
|
+
/**
|
|
931
|
+
* setConfig
|
|
932
|
+
* Public method to set the configuration once
|
|
933
|
+
*
|
|
934
|
+
* @param {Object} configuration object
|
|
935
|
+
* @return void
|
|
936
|
+
*/
|
|
937
|
+
DOMPurify.setConfig = function(cfg) {
|
|
938
|
+
_parseConfig(cfg);
|
|
939
|
+
SET_CONFIG = true;
|
|
940
|
+
};
|
|
941
|
+
|
|
942
|
+
/**
|
|
943
|
+
* clearConfig
|
|
944
|
+
* Public method to remove the configuration
|
|
945
|
+
*
|
|
946
|
+
* @return void
|
|
947
|
+
*/
|
|
948
|
+
DOMPurify.clearConfig = function() {
|
|
949
|
+
CONFIG = null;
|
|
950
|
+
SET_CONFIG = false;
|
|
951
|
+
};
|
|
952
|
+
|
|
872
953
|
/**
|
|
873
954
|
* addHook
|
|
874
955
|
* Public method to add DOMPurify hooks
|