dompurify 0.8.9 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -0
- package/dist/purify.min.js +1 -1
- package/dist/purify.min.js.map +1 -1
- package/package.json +1 -1
- package/src/purify.js +56 -4
package/README.md
CHANGED
|
@@ -166,6 +166,10 @@ var clean = DOMPurify.sanitize(dirty, {FORCE_BODY: true});
|
|
|
166
166
|
```
|
|
167
167
|
There is even [more examples here](https://github.com/cure53/DOMPurify/tree/master/demos#what-is-this), showing how you can run, customize and configure DOMPurify to fit your needs.
|
|
168
168
|
|
|
169
|
+
## Persistent Configuration
|
|
170
|
+
|
|
171
|
+
Instead of repeatedly passing the same configuration to `DOMPurify.sanitize`, you can use the `DOMPurify.setConfig` method. Your configuration will persist until your next call to `DOMPurify.setConfig`, or until you invoke `DOMPurify.clearConfig` to reset it. Remember that there is only one active configuration, which means once it is set, all extra configuration parameters passed to `DOMPurify.sanitize` are ignored.
|
|
172
|
+
|
|
169
173
|
## Hooks
|
|
170
174
|
|
|
171
175
|
DOMPurify allows you to augment its functionality by attaching one or more functions with the `DOMPurify.addHook` method to one of the following hooks:
|
package/dist/purify.min.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
(function(e){"use strict";var t=typeof window==="undefined"?null:window;if(typeof define==="function"&&define.amd){define(function(){return e(t)})}else if(typeof module!=="undefined"){module.exports=e(t)}else{t.DOMPurify=e(t)}})(function e(t){"use strict";var r=function(t){return e(t)};r.version="0.8.9";r.removed=[];if(!t||!t.document||t.document.nodeType!==9){r.isSupported=false;return r}var n=t.document;var a=n;var i=t.DocumentFragment;var o=t.HTMLTemplateElement;var l=t.Node;var s=t.NodeFilter;var f=t.NamedNodeMap||t.MozNamedAttrMap;var c=t.Text;var u=t.Comment;var d=t.DOMParser;var m=false;if(typeof o==="function"){var p=n.createElement("template");if(p.content&&p.content.ownerDocument){n=p.content.ownerDocument}}var v=n.implementation;var h=n.createNodeIterator;var g=n.getElementsByTagName;var y=n.createDocumentFragment;var T=a.importNode;var b={};r.isSupported=typeof v.createHTMLDocument!=="undefined"&&n.documentMode!==9;var A=function(e,t){var r=t.length;while(r--){if(typeof t[r]==="string"){t[r]=t[r].toLowerCase()}e[t[r]]=true}return e};var x=function(e){var t={};var r;for(r in e){if(e.hasOwnProperty(r)){t[r]=e[r]}}return t};var k=null;var w=A({},["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr","svg","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","switch","symbol","text","textpath","title","tref","tspan","view","vkern","feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","feSpecularLighting","feTile","feTurbulence","math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmuliscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mpspace","msqrt","mystyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover","#text"]);var S=null;var E=A({},["accept","action","align","alt","autocomplete","background","bgcolor","border","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","coords","datetime","default","dir","disabled","download","enctype","face","for","headers","height","hidden","high","href","hreflang","id","ismap","label","lang","list","loop","low","max","maxlength","media","method","min","multiple","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","span","srclang","start","src","step","style","summary","tabindex","title","type","usemap","valign","value","width","xmlns","accent-height","accumulate","additivive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","clip","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","mode","min","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","surfacescale","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","u1","u2","unicode","values","viewbox","visibility","vert-adv-y","vert-origin-x","vert-origin-y","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","y","y1","y2","z","zoomandpan","accent","accentunder","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","display","displaystyle","fence","frame","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]);var O=null;var D=null;var N=true;var M=true;var L=false;var _=false;var C=false;var R=/\{\{[\s\S]*|[\s\S]*\}\}/gm;var z=/<%[\s\S]*|[\s\S]*%>/gm;var F=false;var H=false;var I=false;var j=false;var W=false;var B=true;var G=true;var q=A({},["audio","head","math","script","style","template","svg","video"]);var P=A({},["audio","video","img","source","image"]);var U=A({},["alt","class","for","id","label","name","pattern","placeholder","summary","title","value","style","xmlns"]);var V=null;var Y=n.createElement("form");var K=function(e){if(typeof e!=="object"){e={}}k="ALLOWED_TAGS"in e?A({},e.ALLOWED_TAGS):w;S="ALLOWED_ATTR"in e?A({},e.ALLOWED_ATTR):E;O="FORBID_TAGS"in e?A({},e.FORBID_TAGS):{};D="FORBID_ATTR"in e?A({},e.FORBID_ATTR):{};N=e.ALLOW_ARIA_ATTR!==false;M=e.ALLOW_DATA_ATTR!==false;L=e.ALLOW_UNKNOWN_PROTOCOLS||false;_=e.SAFE_FOR_JQUERY||false;C=e.SAFE_FOR_TEMPLATES||false;F=e.WHOLE_DOCUMENT||false;I=e.RETURN_DOM||false;j=e.RETURN_DOM_FRAGMENT||false;W=e.RETURN_DOM_IMPORT||false;H=e.FORCE_BODY||false;B=e.SANITIZE_DOM!==false;G=e.KEEP_CONTENT!==false;if(C){M=false}if(j){I=true}if(e.ADD_TAGS){if(k===w){k=x(k)}A(k,e.ADD_TAGS)}if(e.ADD_ATTR){if(S===E){S=x(S)}A(S,e.ADD_ATTR)}if(e.ADD_URI_SAFE_ATTR){A(U,e.ADD_URI_SAFE_ATTR)}if(G){k["#text"]=true}if(Object&&"freeze"in Object){Object.freeze(e)}V=e};var $=function(e){r.removed.push({element:e});try{e.parentNode.removeChild(e)}catch(t){e.outerHTML=""}};var J=function(e,t){r.removed.push({attribute:t.getAttributeNode(e),from:t});t.removeAttribute(e)};var Q=function(e){var t,r;if(H){e="<remove></remove>"+e}if(m){try{t=(new d).parseFromString(e,"text/html")}catch(n){}}if(!t||!t.documentElement){t=v.createHTMLDocument("");r=t.body;r.parentNode.removeChild(r.parentNode.firstElementChild);r.outerHTML=e}return g.call(t,F?"html":"body")[0]};if(r.isSupported){(function(){var e=Q('<svg><p><style><img src="</style><img src=x onerror=alert(1)//">');if(e.querySelector("svg img")){m=true}})()}var X=function(e){return h.call(e.ownerDocument||e,e,s.SHOW_ELEMENT|s.SHOW_COMMENT|s.SHOW_TEXT,function(){return s.FILTER_ACCEPT},false)};var Z=function(e){if(e instanceof c||e instanceof u){return false}if(typeof e.nodeName!=="string"||typeof e.textContent!=="string"||typeof e.removeChild!=="function"||!(e.attributes instanceof f)||typeof e.removeAttribute!=="function"||typeof e.setAttribute!=="function"){return true}return false};var ee=function(e){return typeof l==="object"?e instanceof l:e&&typeof e==="object"&&typeof e.nodeType==="number"&&typeof e.nodeName==="string"};var te=function(e){var t,n;fe("beforeSanitizeElements",e,null);if(Z(e)){$(e);return true}t=e.nodeName.toLowerCase();fe("uponSanitizeElement",e,{tagName:t,allowedTags:k});if(!k[t]||O[t]){if(G&&!q[t]&&typeof e.insertAdjacentHTML==="function"){try{e.insertAdjacentHTML("AfterEnd",e.innerHTML)}catch(a){}}$(e);return true}if(_&&!e.firstElementChild&&(!e.content||!e.content.firstElementChild)&&/</g.test(e.textContent)){r.removed.push({element:e.cloneNode()});e.innerHTML=e.textContent.replace(/</g,"<")}if(C&&e.nodeType===3){n=e.textContent;n=n.replace(R," ");n=n.replace(z," ");if(e.textContent!==n){r.removed.push({element:e.cloneNode()});e.textContent=n}}fe("afterSanitizeElements",e,null);return false};var re=/^data-[\-\w.\u00B7-\uFFFF]/;var ne=/^aria-[\-\w]+$/;var ae=/^(?:(?:(?:f|ht)tps?|mailto|tel):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i;var ie=/^(?:\w+script|data):/i;var oe=/[\x00-\x20\xA0\u1680\u180E\u2000-\u2029\u205f\u3000]/g;var le=function(e){var a,i,o,l,s,f,c,u;fe("beforeSanitizeAttributes",e,null);f=e.attributes;if(!f){return}c={attrName:"",attrValue:"",keepAttr:true,allowedAttributes:S};u=f.length;while(u--){a=f[u];i=a.name;o=a.value.trim();l=i.toLowerCase();c.attrName=l;c.attrValue=o;c.keepAttr=true;fe("uponSanitizeAttribute",e,c);o=c.attrValue;if(l==="name"&&e.nodeName==="IMG"&&f.id){s=f.id;f=Array.prototype.slice.apply(f);J("id",e);J(i,e);if(f.indexOf(s)>u){e.setAttribute("id",s.value)}}else if(e.nodeName==="INPUT"&&l==="type"&&o==="file"&&(S[l]||!D[l])){continue}else{if(i==="id"){e.setAttribute(i,"")}J(i,e)}if(!c.keepAttr){continue}if(B&&(l==="id"||l==="name")&&(o in t||o in n||o in Y)){continue}if(C){o=o.replace(R," ");o=o.replace(z," ")}if(M&&re.test(l)){}else if(N&&ne.test(l)){}else if(!S[l]||D[l]){continue}else if(U[l]){}else if(ae.test(o.replace(oe,""))){}else if((l==="src"||l==="xlink:href")&&o.indexOf("data:")===0&&P[e.nodeName.toLowerCase()]){}else if(L&&!ie.test(o.replace(oe,""))){}else if(!o){}else{continue}try{e.setAttribute(i,o);r.removed.pop()}catch(d){}}fe("afterSanitizeAttributes",e,null)};var se=function(e){var t;var r=X(e);fe("beforeSanitizeShadowDOM",e,null);while(t=r.nextNode()){fe("uponSanitizeShadowNode",t,null);if(te(t)){continue}if(t.content instanceof i){se(t.content)}le(t)}fe("afterSanitizeShadowDOM",e,null)};var fe=function(e,t,n){if(!b[e]){return}b[e].forEach(function(e){e.call(r,t,n,V)})};r.sanitize=function(e,n){var o,s,f,c,u,d;if(!e){e="<!-->"}if(typeof e!=="string"&&!ee(e)){if(typeof e.toString!=="function"){throw new TypeError("toString is not a function")}else{e=e.toString()}}if(!r.isSupported){if(typeof t.toStaticHTML==="object"||typeof t.toStaticHTML==="function"){if(typeof e==="string"){return t.toStaticHTML(e)}else if(ee(e)){return t.toStaticHTML(e.outerHTML)}}return e}K(n);r.removed=[];if(e instanceof l){o=Q("<!-->");s=o.ownerDocument.importNode(e,true);if(s.nodeType===1&&s.nodeName==="BODY"){o=s}else{o.appendChild(s)}}else{if(!I&&!F&&e.indexOf("<")===-1){return e}o=Q(e);if(!o){return I?null:""}}if(H){$(o.firstChild)}u=X(o);while(f=u.nextNode()){if(f.nodeType===3&&f===c){continue}if(te(f)){continue}if(f.content instanceof i){se(f.content)}le(f);c=f}if(I){if(j){d=y.call(o.ownerDocument);while(o.firstChild){d.appendChild(o.firstChild)}}else{d=o}if(W){d=T.call(a,d,true)}return d}return F?o.outerHTML:o.innerHTML};r.addHook=function(e,t){if(typeof t!=="function"){return}b[e]=b[e]||[];b[e].push(t)};r.removeHook=function(e){if(b[e]){b[e].pop()}};r.removeHooks=function(e){if(b[e]){b[e]=[]}};r.removeAllHooks=function(){b={}};return r});
|
|
1
|
+
(function(e){"use strict";var t=typeof window==="undefined"?null:window;if(typeof define==="function"&&define.amd){define(function(){return e(t)})}else if(typeof module!=="undefined"){module.exports=e(t)}else{t.DOMPurify=e(t)}})(function e(t){"use strict";var r=function(t){return e(t)};r.version="0.9.0";r.removed=[];if(!t||!t.document||t.document.nodeType!==9){r.isSupported=false;return r}var n=t.document;var a=n;var i=t.DocumentFragment;var o=t.HTMLTemplateElement;var l=t.Node;var s=t.NodeFilter;var f=t.NamedNodeMap||t.MozNamedAttrMap;var c=t.Text;var u=t.Comment;var d=t.DOMParser;var m=t.XMLHttpRequest;var p=t.encodeURI;var v=false;var h=false;if(typeof o==="function"){var g=n.createElement("template");if(g.content&&g.content.ownerDocument){n=g.content.ownerDocument}}var y=n.implementation;var T=n.createNodeIterator;var b=n.getElementsByTagName;var A=n.createDocumentFragment;var x=a.importNode;var k={};r.isSupported=typeof y.createHTMLDocument!=="undefined"&&n.documentMode!==9;var w=function(e,t){var r=t.length;while(r--){if(typeof t[r]==="string"){t[r]=t[r].toLowerCase()}e[t[r]]=true}return e};var S=function(e){var t={};var r;for(r in e){if(e.hasOwnProperty(r)){t[r]=e[r]}}return t};var E=null;var N=w({},["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr","svg","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","switch","symbol","text","textpath","title","tref","tspan","view","vkern","feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","feSpecularLighting","feTile","feTurbulence","math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmuliscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mpspace","msqrt","mystyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover","#text"]);var O=null;var D=w({},["accept","action","align","alt","autocomplete","background","bgcolor","border","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","coords","datetime","default","dir","disabled","download","enctype","face","for","headers","height","hidden","high","href","hreflang","id","ismap","label","lang","list","loop","low","max","maxlength","media","method","min","multiple","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","span","srclang","start","src","step","style","summary","tabindex","title","type","usemap","valign","value","width","xmlns","accent-height","accumulate","additivive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","clip","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","mode","min","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","surfacescale","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","u1","u2","unicode","values","viewbox","visibility","vert-adv-y","vert-origin-x","vert-origin-y","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","y","y1","y2","z","zoomandpan","accent","accentunder","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","display","displaystyle","fence","frame","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]);var M=null;var L=null;var _=true;var C=true;var R=false;var z=false;var F=false;var H=/\{\{[\s\S]*|[\s\S]*\}\}/gm;var I=/<%[\s\S]*|[\s\S]*%>/gm;var j=false;var W=false;var q=false;var B=false;var G=false;var U=false;var P=true;var V=true;var Y=w({},["audio","head","math","script","style","template","svg","video"]);var K=w({},["audio","video","img","source","image"]);var X=w({},["alt","class","for","id","label","name","pattern","placeholder","summary","title","value","style","xmlns"]);var $=null;var J=n.createElement("form");var Q=function(e){if(typeof e!=="object"){e={}}E="ALLOWED_TAGS"in e?w({},e.ALLOWED_TAGS):N;O="ALLOWED_ATTR"in e?w({},e.ALLOWED_ATTR):D;M="FORBID_TAGS"in e?w({},e.FORBID_TAGS):{};L="FORBID_ATTR"in e?w({},e.FORBID_ATTR):{};_=e.ALLOW_ARIA_ATTR!==false;C=e.ALLOW_DATA_ATTR!==false;R=e.ALLOW_UNKNOWN_PROTOCOLS||false;z=e.SAFE_FOR_JQUERY||false;F=e.SAFE_FOR_TEMPLATES||false;j=e.WHOLE_DOCUMENT||false;B=e.RETURN_DOM||false;G=e.RETURN_DOM_FRAGMENT||false;U=e.RETURN_DOM_IMPORT||false;q=e.FORCE_BODY||false;P=e.SANITIZE_DOM!==false;V=e.KEEP_CONTENT!==false;if(F){C=false}if(G){B=true}if(e.ADD_TAGS){if(E===N){E=S(E)}w(E,e.ADD_TAGS)}if(e.ADD_ATTR){if(O===D){O=S(O)}w(O,e.ADD_ATTR)}if(e.ADD_URI_SAFE_ATTR){w(X,e.ADD_URI_SAFE_ATTR)}if(V){E["#text"]=true}if(Object&&"freeze"in Object){Object.freeze(e)}$=e};var Z=function(e){r.removed.push({element:e});try{e.parentNode.removeChild(e)}catch(t){e.outerHTML=""}};var ee=function(e,t){r.removed.push({attribute:t.getAttributeNode(e),from:t});t.removeAttribute(e)};var te=function(e){var t,r;if(q){e="<remove></remove>"+e}if(v){try{e=p(e)}catch(n){}var a=new m;a.responseType="document";a.open("GET","data:text/html;charset=utf-8,"+e,false);a.send(null);t=a.response}if(h){try{t=(new d).parseFromString(e,"text/html")}catch(n){}}if(!t||!t.documentElement){t=y.createHTMLDocument("");r=t.body;r.parentNode.removeChild(r.parentNode.firstElementChild);r.outerHTML=e}return b.call(t,j?"html":"body")[0]};if(r.isSupported){(function(){var e=te('<svg><g onload="this.parentNode.remove()"></g></svg>');if(!e.querySelector("svg")){v=true}e=te('<svg><p><style><img src="</style><img src=x onerror=alert(1)//">');if(e.querySelector("svg img")){h=true}})()}var re=function(e){return T.call(e.ownerDocument||e,e,s.SHOW_ELEMENT|s.SHOW_COMMENT|s.SHOW_TEXT,function(){return s.FILTER_ACCEPT},false)};var ne=function(e){if(e instanceof c||e instanceof u){return false}if(typeof e.nodeName!=="string"||typeof e.textContent!=="string"||typeof e.removeChild!=="function"||!(e.attributes instanceof f)||typeof e.removeAttribute!=="function"||typeof e.setAttribute!=="function"){return true}return false};var ae=function(e){return typeof l==="object"?e instanceof l:e&&typeof e==="object"&&typeof e.nodeType==="number"&&typeof e.nodeName==="string"};var ie=function(e){var t,n;me("beforeSanitizeElements",e,null);if(ne(e)){Z(e);return true}t=e.nodeName.toLowerCase();me("uponSanitizeElement",e,{tagName:t,allowedTags:E});if(!E[t]||M[t]){if(V&&!Y[t]&&typeof e.insertAdjacentHTML==="function"){try{e.insertAdjacentHTML("AfterEnd",e.innerHTML)}catch(a){}}Z(e);return true}if(z&&!e.firstElementChild&&(!e.content||!e.content.firstElementChild)&&/</g.test(e.textContent)){r.removed.push({element:e.cloneNode()});e.innerHTML=e.textContent.replace(/</g,"<")}if(F&&e.nodeType===3){n=e.textContent;n=n.replace(H," ");n=n.replace(I," ");if(e.textContent!==n){r.removed.push({element:e.cloneNode()});e.textContent=n}}me("afterSanitizeElements",e,null);return false};var oe=/^data-[\-\w.\u00B7-\uFFFF]/;var le=/^aria-[\-\w]+$/;var se=/^(?:(?:(?:f|ht)tps?|mailto|tel):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i;var fe=/^(?:\w+script|data):/i;var ce=/[\x00-\x20\xA0\u1680\u180E\u2000-\u2029\u205f\u3000]/g;var ue=function(e){var a,i,o,l,s,f,c,u;me("beforeSanitizeAttributes",e,null);f=e.attributes;if(!f){return}c={attrName:"",attrValue:"",keepAttr:true,allowedAttributes:O};u=f.length;while(u--){a=f[u];i=a.name;o=a.value.trim();l=i.toLowerCase();c.attrName=l;c.attrValue=o;c.keepAttr=true;me("uponSanitizeAttribute",e,c);o=c.attrValue;if(l==="name"&&e.nodeName==="IMG"&&f.id){s=f.id;f=Array.prototype.slice.apply(f);ee("id",e);ee(i,e);if(f.indexOf(s)>u){e.setAttribute("id",s.value)}}else if(e.nodeName==="INPUT"&&l==="type"&&o==="file"&&(O[l]||!L[l])){continue}else{if(i==="id"){e.setAttribute(i,"")}ee(i,e)}if(!c.keepAttr){continue}if(P&&(l==="id"||l==="name")&&(o in t||o in n||o in J)){continue}if(F){o=o.replace(H," ");o=o.replace(I," ")}if(C&&oe.test(l)){}else if(_&&le.test(l)){}else if(!O[l]||L[l]){continue}else if(X[l]){}else if(se.test(o.replace(ce,""))){}else if((l==="src"||l==="xlink:href")&&o.indexOf("data:")===0&&K[e.nodeName.toLowerCase()]){}else if(R&&!fe.test(o.replace(ce,""))){}else if(!o){}else{continue}try{e.setAttribute(i,o);r.removed.pop()}catch(d){}}me("afterSanitizeAttributes",e,null)};var de=function(e){var t;var r=re(e);me("beforeSanitizeShadowDOM",e,null);while(t=r.nextNode()){me("uponSanitizeShadowNode",t,null);if(ie(t)){continue}if(t.content instanceof i){de(t.content)}ue(t)}me("afterSanitizeShadowDOM",e,null)};var me=function(e,t,n){if(!k[e]){return}k[e].forEach(function(e){e.call(r,t,n,$)})};r.sanitize=function(e,n){var o,s,f,c,u,d;if(!e){e="<!-->"}if(typeof e!=="string"&&!ae(e)){if(typeof e.toString!=="function"){throw new TypeError("toString is not a function")}else{e=e.toString()}}if(!r.isSupported){if(typeof t.toStaticHTML==="object"||typeof t.toStaticHTML==="function"){if(typeof e==="string"){return t.toStaticHTML(e)}else if(ae(e)){return t.toStaticHTML(e.outerHTML)}}return e}if(!W){Q(n)}r.removed=[];if(e instanceof l){o=te("<!-->");s=o.ownerDocument.importNode(e,true);if(s.nodeType===1&&s.nodeName==="BODY"){o=s}else{o.appendChild(s)}}else{if(!B&&!j&&e.indexOf("<")===-1){return e}o=te(e);if(!o){return B?null:""}}if(q){Z(o.firstChild)}u=re(o);while(f=u.nextNode()){if(f.nodeType===3&&f===c){continue}if(ie(f)){continue}if(f.content instanceof i){de(f.content)}ue(f);c=f}if(B){if(G){d=A.call(o.ownerDocument);while(o.firstChild){d.appendChild(o.firstChild)}}else{d=o}if(U){d=x.call(a,d,true)}return d}return j?o.outerHTML:o.innerHTML};r.setConfig=function(e){Q(e);W=true};r.clearConfig=function(){$=null;W=false};r.addHook=function(e,t){if(typeof t!=="function"){return}k[e]=k[e]||[];k[e].push(t)};r.removeHook=function(e){if(k[e]){k[e].pop()}};r.removeHooks=function(e){if(k[e]){k[e]=[]}};r.removeAllHooks=function(){k={}};return r});
|
|
2
2
|
//# sourceMappingURL=./dist/purify.min.js.map
|
package/dist/purify.min.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["./src/purify.js"],"names":["factory","root","window","define","amd","module","exports","DOMPurify","version","removed","document","nodeType","isSupported","originalDocument","DocumentFragment","HTMLTemplateElement","Node","NodeFilter","NamedNodeMap","MozNamedAttrMap","Text","Comment","DOMParser","useDOMParser","template","createElement","content","ownerDocument","implementation","createNodeIterator","getElementsByTagName","createDocumentFragment","importNode","hooks","createHTMLDocument","documentMode","_addToSet","set","array","l","length","toLowerCase","_cloneObj","object","newObject","property","hasOwnProperty","ALLOWED_TAGS","DEFAULT_ALLOWED_TAGS","ALLOWED_ATTR","DEFAULT_ALLOWED_ATTR","FORBID_TAGS","FORBID_ATTR","ALLOW_ARIA_ATTR","ALLOW_DATA_ATTR","ALLOW_UNKNOWN_PROTOCOLS","SAFE_FOR_JQUERY","SAFE_FOR_TEMPLATES","MUSTACHE_EXPR","ERB_EXPR","WHOLE_DOCUMENT","FORCE_BODY","RETURN_DOM","RETURN_DOM_FRAGMENT","RETURN_DOM_IMPORT","SANITIZE_DOM","KEEP_CONTENT","FORBID_CONTENTS","DATA_URI_TAGS","URI_SAFE_ATTRIBUTES","CONFIG","formElement","_parseConfig","cfg","ADD_TAGS","ADD_ATTR","ADD_URI_SAFE_ATTR","Object","freeze","_forceRemove","node","push","element","parentNode","removeChild","e","outerHTML","_removeAttribute","name","attribute","getAttributeNode","from","removeAttribute","_initDocument","dirty","doc","body","parseFromString","documentElement","firstElementChild","call","querySelector","_createIterator","SHOW_ELEMENT","SHOW_COMMENT","SHOW_TEXT","FILTER_ACCEPT","_isClobbered","elm","nodeName","textContent","attributes","setAttribute","_isNode","obj","_sanitizeElements","currentNode","tagName","_executeHook","allowedTags","insertAdjacentHTML","innerHTML","test","cloneNode","replace","DATA_ATTR","ARIA_ATTR","IS_ALLOWED_URI","IS_SCRIPT_OR_DATA","ATTR_WHITESPACE","_sanitizeAttributes","attr","value","lcName","idAttr","hookEvent","attrName","attrValue","keepAttr","allowedAttributes","trim","id","Array","prototype","slice","apply","indexOf","pop","_sanitizeShadowDOM","fragment","shadowNode","shadowIterator","nextNode","entryPoint","data","forEach","hook","sanitize","importedNode","oldNode","nodeIterator","returnNode","toString","TypeError","toStaticHTML","appendChild","firstChild","addHook","hookFunction","removeHook","removeHooks","removeAllHooks"],"mappings":"CAAE,SAASA,GACP,YAEA,IAAIC,SAAcC,UAAW,YAAc,KAAOA,MAElD,UAAWC,UAAW,YAAcA,OAAOC,IAAK,CAC5CD,OAAO,WAAY,MAAOH,GAAQC,SAC/B,UAAWI,UAAW,YAAa,CACtCA,OAAOC,QAAUN,EAAQC,OACtB,CACHA,EAAKM,UAAYP,EAAQC,MAE/B,QAASD,GAAQE,GACf,YAEA,IAAIK,GAAY,SAASL,GACrB,MAAOF,GAAQE,GAOnBK,GAAUC,QAAU,OAMpBD,GAAUE,UAEV,KAAKP,IAAWA,EAAOQ,UAAYR,EAAOQ,SAASC,WAAa,EAAG,CAG/DJ,EAAUK,YAAc,KACxB,OAAOL,GAGX,GAAIG,GAAWR,EAAOQ,QACtB,IAAIG,GAAmBH,CACvB,IAAII,GAAmBZ,EAAOY,gBAC9B,IAAIC,GAAsBb,EAAOa,mBACjC,IAAIC,GAAOd,EAAOc,IAClB,IAAIC,GAAaf,EAAOe,UACxB,IAAIC,GAAehB,EAAOgB,cAAgBhB,EAAOiB,eACjD,IAAIC,GAAOlB,EAAOkB,IAClB,IAAIC,GAAUnB,EAAOmB,OACrB,IAAIC,GAAYpB,EAAOoB,SACvB,IAAIC,GAAe,KAQnB,UAAWR,KAAwB,WAAY,CAC3C,GAAIS,GAAWd,EAASe,cAAc,WACtC,IAAID,EAASE,SAAWF,EAASE,QAAQC,cAAe,CACpDjB,EAAWc,EAASE,QAAQC,eAGpC,GAAIC,GAAiBlB,EAASkB,cAC9B,IAAIC,GAAqBnB,EAASmB,kBAClC,IAAIC,GAAuBpB,EAASoB,oBACpC,IAAIC,GAAyBrB,EAASqB,sBACtC,IAAIC,GAAanB,EAAiBmB,UAElC,IAAIC,KAKJ1B,GAAUK,kBACCgB,GAAeM,qBAAuB,aAC7CxB,EAASyB,eAAiB,CAG9B,IAAIC,GAAY,SAASC,EAAKC,GAC1B,GAAIC,GAAID,EAAME,MACd,OAAOD,IAAK,CACR,SAAWD,GAAMC,KAAO,SAAU,CAC9BD,EAAMC,GAAKD,EAAMC,GAAGE,cAExBJ,EAAIC,EAAMC,IAAM,KAEpB,MAAOF,GAIX,IAAIK,GAAY,SAASC,GACrB,GAAIC,KACJ,IAAIC,EACJ,KAAKA,IAAYF,GAAQ,CACrB,GAAIA,EAAOG,eAAeD,GAAW,CACjCD,EAAUC,GAAYF,EAAOE,IAGrC,MAAOD,GASX,IAAIG,GAAe,IACnB,IAAIC,GAAuBZ,MAGvB,IAAI,OAAO,UAAU,UAAU,OAAO,UAAU,QAAQ,QAAQ,IAChE,MAAM,MAAM,MAAM,QAAQ,aAAa,OAAO,KAAK,SAAS,SAC5D,UAAU,SAAS,OAAO,OAAO,MAAM,WAAW,UAAU,OAC5D,WAAW,KAAK,YAAY,MAAM,UAAU,MAAM,MAAM,MAAM,KAAK,KACnE,UAAU,KAAK,WAAW,aAAa,SAAS,OAAO,SAAS,OAChE,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,OAAO,SAAS,SAAS,KAAK,OAAO,IACnE,MAAM,QAAQ,MAAM,MAAM,QAAQ,SAAS,KAAK,OAAO,MAAM,OAC7D,UAAU,OAAO,WAAW,QAAQ,MAAM,OAAO,KAAK,WACtD,SAAS,SAAS,IAAI,MAAM,WAAW,IAAI,KAAK,KAAK,OAAO,IAAI,OAChE,UAAU,SAAS,SAAS,QAAQ,SAAS,SAAS,OAAO,SAC7D,SAAS,QAAQ,MAAM,UAAU,MAAM,QAAQ,QAAQ,KAAK,WAC5D,WAAW,QAAQ,KAAK,QAAQ,OAAO,KAAK,QAAQ,KAAK,IAAI,KAAK,MAClE,QAAQ,MAGR,MAAM,WAAW,cAAc,eAAe,eAC9C,gBAAgB,mBAAmB,SAAS,WAAW,OAAO,OAC9D,UAAU,SAAS,OAAO,IAAI,QAAQ,WAAW,QAAQ,QAAQ,OACjE,iBAAiB,SAAS,OAAO,WAAW,QAAQ,OAAO,UAC3D,UAAU,WAAW,iBAAiB,OAAO,OAAO,SAAS,SAC7D,OAAO,WAAW,QAAQ,OAAO,QAAQ,OAAO,QAGhD,UAAU,gBAAgB,sBAAsB,cAChD,mBAAmB,oBAAoB,oBACvC,UAAU,UAAU,UAAU,UAAU,UAAU,iBAClD,UAAU,cAAc,eAAe,WACvC,qBAAqB,SAAS,eAG9B,OAAO,WAAW,SAAS,UAAU,QAAQ,SAAS,KAAK,aAC3D,eAAe,KAAK,KAAK,QAAQ,UAAU,WAAW,QAAQ,OAC9D,KAAK,UAAU,QAAQ,UAAU,OAAO,OAAO,UAAU,SAAS,MAClE,QAAQ,MAAM,SAAS,aAGvB,SAIJ,IAAIa,GAAe,IACnB,IAAIC,GAAuBd,MAGvB,SAAS,SAAS,QAAQ,MAAM,eAAe,aAAa,UAC5D,SAAS,cAAc,cAAc,UAAU,OAAO,QAAQ,QAAQ,QACtE,OAAO,UAAU,SAAS,WAAW,UAAU,MAAM,WACrD,WAAW,UAAU,OAAO,MAAM,UAAU,SAAS,SAAS,OAAO,OACrE,WAAW,KAAK,QAAQ,QAAQ,OAAO,OAAO,OAAQ,MAAM,MAC5D,YAAY,QAAQ,SAAS,MAAM,WAAW,OAAO,UAAU,aAC/D,SAAS,OAAO,UAAU,UAAU,cAAc,SAAS,UAAU,UACrE,aAAa,WAAW,MAAM,WAAW,MAAM,WAAW,OAAO,OACjE,UAAU,aAAa,QAAQ,WAAW,QAAQ,OAAO,OACzD,UAAU,QAAQ,MAAM,OAAO,QAAQ,UAAU,WAAW,QAC5D,OAAO,SAAS,SAAS,QAAQ,QAAQ,QAGzC,gBAAgB,aAAa,aAAa,qBAC1C,SAAS,gBAAgB,gBAAgB,UAAU,gBACnD,iBAAiB,QAAQ,OAAO,KAAK,OAAO,YAAY,YACxD,QAAQ,sBAAsB,8BAA8B,gBAC5D,kBAAkB,KAAK,KAAK,IAAI,KAAK,KAAK,kBAAkB,YAC5D,UAAU,UAAU,MAAM,WAAW,YAAY,MAAM,OAAO,eAC9D,YAAY,SAAS,cAAc,gBAAgB,cAAc,YACjE,mBAAmB,eAAe,aAAa,eAAe,cAC9D,KAAM,KAAK,KAAK,KAAK,aAAa,WAAW,gBAAgB,oBAC7D,kBAAkB,KAAK,MAAM,IAAI,KAAK,KAAK,KAAK,KAAK,UAAU,YAC/D,aAAa,WAAW,eAAe,iBAAiB,eACxD,mBAAmB,iBAAiB,QAAQ,aAAa,aACzD,eAAe,eAAe,cAAc,cAAc,mBAC1D,YAAY,MAAM,OAAO,OAAO,MAAM,aAAa,SAAS,WAC5D,UAAU,QAAQ,SAAS,cAAc,SAAS,WAAW,cAC7D,OAAO,aAAa,sBAAsB,mBAAmB,eAC7D,SAAS,gBAAgB,IAAI,KAAK,KAAK,SAAS,OAAO,OAAO,cAC9D,YAAY,UAAU,SAAS,SAAS,QAAQ,OAAO,kBACvD,mBAAmB,mBAAmB,eAAe,eAAe,cACpE,aAAa,eAAe,mBAAmB,oBAAoB,iBACnE,kBAAkB,oBAAoB,iBAAiB,SAAS,eAChE,eAAe,UAAU,UAAU,YAAY,cAAc,kBAC7D,iBAAiB,aAAa,KAAK,KAAK,UAAU,SAAS,UAC3D,aAAa,aAAa,gBAAgB,gBAAgB,eAC1D,OAAO,eAAe,mBAAmB,mBAAmB,IAAI,KAAK,KACrE,IAAI,KAAK,KAAK,IAAI,aAGlB,SAAS,cAAc,WAAW,QAAQ,eAAe,cACzD,aAAa,aAAa,QAAQ,UAAU,eAAe,QAC3D,QAAQ,UAAU,SAAS,gBAAgB,SAAS,SACpD,iBAAiB,YAAY,WAAW,cAAc,UACtD,UAAU,gBAAgB,WAAW,WAAW,OAAO,WACvD,WAAW,aAAa,UAAU,SAAS,SAAS,cACpD,gBAAgB,uBAAuB,YAAY,YACnD,aAAa,WAAW,iBAAiB,iBAAiB,YAC1D,UAGA,aAAa,SAAS,cAAc,YAAY,eAIpD,IAAIe,GAAc,IAGlB,IAAIC,GAAc,IAGlB,IAAIC,GAAkB,IAGtB,IAAIC,GAAkB,IAGtB,IAAIC,GAA0B,KAG9B,IAAIC,GAAkB,KAKtB,IAAIC,GAAqB,KAGzB,IAAIC,GAAgB,2BACpB,IAAIC,GAAW,uBAGf,IAAIC,GAAiB,KAIrB,IAAIC,GAAa,KAKjB,IAAIC,GAAa,KAGjB,IAAIC,GAAsB,KAM1B,IAAIC,GAAoB,KAGxB,IAAIC,GAAe,IAGnB,IAAIC,GAAe,IAGnB,IAAIC,GAAkB/B,MAClB,QAAS,OAAQ,OAAQ,SAAU,QAAS,WAAY,MAAO,SAInE,IAAIgC,GAAgBhC,MAChB,QAAS,QAAS,MAAO,SAAU,SAIvC,IAAIiC,GAAsBjC,MACtB,MAAM,QAAQ,MAAM,KAAK,QAAQ,OAAO,UAAU,cAClD,UAAU,QAAQ,QAAQ,QAAQ,SAItC,IAAIkC,GAAS,IAKb,IAAIC,GAAc7D,EAASe,cAAc,OAOzC,IAAI+C,GAAe,SAASC,GAExB,SAAWA,KAAQ,SAAU,CACzBA,KAIJ1B,EAAe,gBAAkB0B,GAC7BrC,KAAcqC,EAAI1B,cAAgBC,CACtCC,GAAe,gBAAkBwB,GAC7BrC,KAAcqC,EAAIxB,cAAgBC,CACtCC,GAAc,eAAiBsB,GAC3BrC,KAAcqC,EAAItB,eACtBC,GAAc,eAAiBqB,GAC3BrC,KAAcqC,EAAIrB,eACtBC,GAAsBoB,EAAIpB,kBAAwB,KAClDC,GAAsBmB,EAAInB,kBAAwB,KAClDC,GAA0BkB,EAAIlB,yBAA2B,KACzDC,GAAsBiB,EAAIjB,iBAAwB,KAClDC,GAAsBgB,EAAIhB,oBAAwB,KAClDG,GAAsBa,EAAIb,gBAAwB,KAClDE,GAAsBW,EAAIX,YAAwB,KAClDC,GAAsBU,EAAIV,qBAAwB,KAClDC,GAAsBS,EAAIT,mBAAwB,KAClDH,GAAsBY,EAAIZ,YAAwB,KAClDI,GAAsBQ,EAAIR,eAAwB,KAClDC,GAAsBO,EAAIP,eAAwB,KAElD,IAAIT,EAAoB,CACpBH,EAAkB,MAGtB,GAAIS,EAAqB,CACrBD,EAAa,KAIjB,GAAIW,EAAIC,SAAU,CACd,GAAI3B,IAAiBC,EAAsB,CACvCD,EAAeL,EAAUK,GAE7BX,EAAUW,EAAc0B,EAAIC,UAEhC,GAAID,EAAIE,SAAU,CACd,GAAI1B,IAAiBC,EAAsB,CACvCD,EAAeP,EAAUO,GAE7Bb,EAAUa,EAAcwB,EAAIE,UAEhC,GAAIF,EAAIG,kBAAmB,CACvBxC,EAAUiC,EAAqBI,EAAIG,mBAIvC,GAAIV,EAAc,CAAEnB,EAAa,SAAW,KAI5C,GAAI8B,QAAU,UAAYA,QAAQ,CAAEA,OAAOC,OAAOL,GAElDH,EAASG,EAQb,IAAIM,GAAe,SAASC,GACxBzE,EAAUE,QAAQwE,MAAMC,QAASF,GACjC,KACIA,EAAKG,WAAWC,YAAYJ,GAC9B,MAAOK,GACLL,EAAKM,UAAY,IAUzB,IAAIC,GAAmB,SAASC,EAAMR,GAClCzE,EAAUE,QAAQwE,MACdQ,UAAWT,EAAKU,iBAAiBF,GACjCG,KAAMX,GAEVA,GAAKY,gBAAgBJ,GASzB,IAAIK,GAAgB,SAASC,GAEzB,GAAIC,GAAKC,CAGT,IAAInC,EAAY,CACZiC,EAAQ,oBAAsBA,EAIlC,GAAIvE,EAAc,CACd,IACIwE,GAAM,GAAIzE,IAAY2E,gBAAgBH,EAAO,aAC/C,MAAOT,KAKb,IAAKU,IAAQA,EAAIG,gBAAiB,CAC9BH,EAAMnE,EAAeM,mBAAmB,GACxC8D,GAAOD,EAAIC,IACXA,GAAKb,WAAWC,YAAYY,EAAKb,WAAWgB,kBAC5CH,GAAKV,UAAYQ,EAIrB,MAAOhE,GAAqBsE,KAAKL,EAC7BnC,EAAiB,OAAS,QAAQ,GAgB1C,IAAIrD,EAAUK,YAAa,EACtB,WACG,GAAImF,GAAMF,EAAc,mEACxB,IAAIE,EAAIM,cAAc,WAAY,CAC9B9E,EAAe,UAW3B,GAAI+E,GAAkB,SAASrG,GAC3B,MAAO4B,GAAmBuE,KAAKnG,EAAK0B,eAAiB1B,EACjDA,EACAgB,EAAWsF,aACTtF,EAAWuF,aACXvF,EAAWwF,UACb,WAAa,MAAOxF,GAAWyF,eAC/B,OAUR,IAAIC,GAAe,SAASC,GACxB,GAAIA,YAAexF,IAAQwF,YAAevF,GAAS,CAC/C,MAAO,OAEX,SAAauF,GAAIC,WAAa,gBACjBD,GAAIE,cAAgB,gBACpBF,GAAIxB,cAAgB,cACzBwB,EAAIG,qBAAsB7F,WACrB0F,GAAIhB,kBAAoB,kBACxBgB,GAAII,eAAiB,WAChC,CACE,MAAO,MAEX,MAAO,OASX,IAAIC,IAAU,SAASC,GACnB,aACWlG,KAAS,SAAWkG,YAAelG,GAAOkG,SACnCA,KAAQ,gBAAmBA,GAAIvG,WAAa,gBAC5CuG,GAAIL,WAAW,SAcrC,IAAIM,IAAoB,SAASC,GAC7B,GAAIC,GAAS3F,CAGb4F,IAAa,yBAA0BF,EAAa,KAGpD,IAAIT,EAAaS,GAAc,CAC3BrC,EAAaqC,EACb,OAAO,MAIXC,EAAUD,EAAYP,SAASpE,aAG/B6E,IAAa,sBAAuBF,GAChCC,QAASA,EACTE,YAAaxE,GAIjB,KAAKA,EAAasE,IAAYlE,EAAYkE,GAAU,CAEhD,GAAInD,IAAiBC,EAAgBkD,UACnBD,GAAYI,qBAAuB,WAAY,CAC7D,IACIJ,EAAYI,mBAAmB,WAAYJ,EAAYK,WACzD,MAAOpC,KAEbN,EAAaqC,EACb,OAAO,MAIX,GAAI5D,IAAoB4D,EAAYjB,qBAC1BiB,EAAY1F,UAAY0F,EAAY1F,QAAQyE,oBAC9C,KAAKuB,KAAKN,EAAYN,aAAc,CACxCvG,EAAUE,QAAQwE,MAAMC,QAASkC,EAAYO,aAC7CP,GAAYK,UAAYL,EAAYN,YAAYc,QAAQ,KAAM,QAIlE,GAAInE,GAAsB2D,EAAYzG,WAAa,EAAG,CAElDe,EAAU0F,EAAYN,WACtBpF,GAAUA,EAAQkG,QAAQlE,EAAe,IACzChC,GAAUA,EAAQkG,QAAQjE,EAAU,IACpC,IAAIyD,EAAYN,cAAgBpF,EAAS,CACrCnB,EAAUE,QAAQwE,MAAMC,QAASkC,EAAYO,aAC7CP,GAAYN,YAAcpF,GAKlC4F,GAAa,wBAAyBF,EAAa,KAEnD,OAAO,OAGX,IAAIS,IAAY,4BAChB,IAAIC,IAAY,gBAChB,IAAIC,IAAiB,uEACrB,IAAIC,IAAoB,uBAExB,IAAIC,IAAkB,uDAatB,IAAIC,IAAsB,SAASd,GAC/B,GAAIe,GAAM3C,EAAM4C,EAAOC,EAAQC,EAAQvB,EAAYwB,EAAWhG,CAE9D+E,IAAa,2BAA4BF,EAAa,KAEtDL,GAAaK,EAAYL,UAGzB,KAAKA,EAAY,CAAE,OAEnBwB,GACIC,SAAU,GACVC,UAAW,GACXC,SAAU,KACVC,kBAAmB1F,EAEvBV,GAAIwE,EAAWvE,MAGf,OAAOD,IAAK,CACR4F,EAAOpB,EAAWxE,EAClBiD,GAAO2C,EAAK3C,IACZ4C,GAAQD,EAAKC,MAAMQ,MACnBP,GAAS7C,EAAK/C,aAGd8F,GAAUC,SAAWH,CACrBE,GAAUE,UAAYL,CACtBG,GAAUG,SAAW,IACrBpB,IAAa,wBAAyBF,EAAamB,EACnDH,GAAQG,EAAUE,SAMlB,IAAIJ,IAAW,QACPjB,EAAYP,WAAa,OAASE,EAAW8B,GAAI,CACrDP,EAASvB,EAAW8B,EACpB9B,GAAa+B,MAAMC,UAAUC,MAAMC,MAAMlC,EACzCxB,GAAiB,KAAM6B,EACvB7B,GAAiBC,EAAM4B,EACvB,IAAIL,EAAWmC,QAAQZ,GAAU/F,EAAG,CAChC6E,EAAYJ,aAAa,KAAMsB,EAAOF,YAEvC,IAGDhB,EAAYP,WAAa,SAAWwB,IAAW,QAC/CD,IAAU,SAAWnF,EAAaoF,KAAYjF,EAAYiF,IAAU,CACpE,aACC,CAIH,GAAI7C,IAAS,KAAM,CACf4B,EAAYJ,aAAaxB,EAAM,IAEnCD,EAAiBC,EAAM4B,GAI3B,IAAKmB,EAAUG,SAAU,CACrB,SAIJ,GAAIzE,IACKoE,IAAW,MAAQA,IAAW,UAC9BD,IAASlI,IAAUkI,IAAS1H,IAAY0H,IAAS7D,IAAc,CACpE,SAIJ,GAAId,EAAoB,CACpB2E,EAAQA,EAAMR,QAAQlE,EAAe,IACrC0E,GAAQA,EAAMR,QAAQjE,EAAU,KAOpC,GAAIL,GAAmBuE,GAAUH,KAAKW,GAAS,MAG1C,IAAIhF,GAAmByE,GAAUJ,KAAKW,GAAS,MAI/C,KAAKpF,EAAaoF,IAAWjF,EAAYiF,GAAS,CACnD,aAGC,IAAIhE,EAAoBgE,GAAS,MAKjC,IAAIN,GAAeL,KAAKU,EAAMR,QAAQK,GAAgB,KAAM,MAI5D,KACAI,IAAW,OAASA,IAAW,eAChCD,EAAMc,QAAQ,WAAa,GAC3B9E,EAAcgD,EAAYP,SAASpE,eAAgB,MAMlD,IACDc,IACCyE,GAAkBN,KAAKU,EAAMR,QAAQK,GAAgB,KAAM,MAI3D,KAAKG,EAAO,MAIZ,CACD,SAIJ,IACIhB,EAAYJ,aAAaxB,EAAM4C,EAC/B7H,GAAUE,QAAQ0I,MACpB,MAAO9D,KAIbiC,GAAa,0BAA2BF,EAAa,MASzD,IAAIgC,IAAqB,SAASC,GAC9B,GAAIC,EACJ,IAAIC,GAAiBjD,EAAgB+C,EAGrC/B,IAAa,0BAA2B+B,EAAU,KAElD,OAASC,EAAaC,EAAeC,WAAc,CAE/ClC,GAAa,yBAA0BgC,EAAY,KAGnD,IAAInC,GAAkBmC,GAAa,CAC/B,SAIJ,GAAIA,EAAW5H,kBAAmBZ,GAAkB,CAChDsI,GAAmBE,EAAW5H,SAIlCwG,GAAoBoB,GAIxBhC,GAAa,yBAA0B+B,EAAU,MAUrD,IAAI/B,IAAe,SAASmC,EAAYrC,EAAasC,GACjD,IAAKzH,EAAMwH,GAAa,CAAE,OAE1BxH,EAAMwH,GAAYE,QAAQ,SAASC,GAC/BA,EAAKxD,KAAK7F,EAAW6G,EAAasC,EAAMpF,KAWhD/D,GAAUsJ,SAAW,SAAS/D,EAAOrB,GACjC,GAAIuB,GAAM8D,EAAc1C,EAAa2C,EAASC,EAAcC,CAI5D,KAAKnE,EAAO,CACRA,EAAQ,QAIZ,SAAWA,KAAU,WAAamB,GAAQnB,GAAQ,CAC9C,SAAWA,GAAMoE,WAAa,WAAY,CACtC,KAAM,IAAIC,WAAU,kCACjB,CACHrE,EAAQA,EAAMoE,YAKtB,IAAK3J,EAAUK,YAAa,CACxB,SAAWV,GAAOkK,eAAiB,gBACrBlK,GAAOkK,eAAiB,WAAY,CAC9C,SAAWtE,KAAU,SAAU,CAC3B,MAAO5F,GAAOkK,aAAatE,OACxB,IAAImB,GAAQnB,GAAQ,CACvB,MAAO5F,GAAOkK,aAAatE,EAAMR,YAGzC,MAAOQ,GAIXtB,EAAaC,EAGblE,GAAUE,UAEV,IAAIqF,YAAiB9E,GAAM,CAGvBgF,EAAOH,EAAc,QACrBiE,GAAe9D,EAAKrE,cAAcK,WAAW8D,EAAO,KACpD,IAAIgE,EAAanJ,WAAa,GAAKmJ,EAAajD,WAAa,OAAQ,CAEjEb,EAAO8D,MACJ,CACH9D,EAAKqE,YAAYP,QAElB,CAEH,IAAKhG,IAAeF,GAAkBkC,EAAMoD,QAAQ,QAAU,EAAG,CAC7D,MAAOpD,GAIXE,EAAOH,EAAcC,EAGrB,KAAKE,EAAM,CACP,MAAOlC,GAAa,KAAO,IAKnC,GAAID,EAAY,CACZkB,EAAaiB,EAAKsE,YAItBN,EAAe1D,EAAgBN,EAG/B,OAASoB,EAAc4C,EAAaR,WAAc,CAG9C,GAAIpC,EAAYzG,WAAa,GAAKyG,IAAgB2C,EAAS,CACvD,SAIJ,GAAI5C,GAAkBC,GAAc,CAChC,SAIJ,GAAIA,EAAY1F,kBAAmBZ,GAAkB,CACjDsI,GAAmBhC,EAAY1F,SAInCwG,GAAoBd,EAEpB2C,GAAU3C,EAId,GAAItD,EAAY,CAEZ,GAAIC,EAAqB,CACrBkG,EAAalI,EAAuBqE,KAAKJ,EAAKrE,cAE9C,OAAOqE,EAAKsE,WAAY,CACpBL,EAAWI,YAAYrE,EAAKsE,iBAE7B,CACHL,EAAajE,EAGjB,GAAIhC,EAAmB,CAMnBiG,EAAajI,EAAWoE,KAAKvF,EAAkBoJ,EAAY,MAG/D,MAAOA,GAGX,MAAOrG,GAAiBoC,EAAKV,UAAYU,EAAKyB,UAUlDlH,GAAUgK,QAAU,SAASd,EAAYe,GACrC,SAAWA,KAAiB,WAAY,CAAE,OAC1CvI,EAAMwH,GAAcxH,EAAMwH,MAC1BxH,GAAMwH,GAAYxE,KAAKuF,GAW3BjK,GAAUkK,WAAa,SAAShB,GAC5B,GAAIxH,EAAMwH,GAAa,CACnBxH,EAAMwH,GAAYN,OAW1B5I,GAAUmK,YAAc,SAASjB,GAC7B,GAAIxH,EAAMwH,GAAa,CACnBxH,EAAMwH,OAUdlJ,GAAUoK,eAAiB,WACvB1I,KAGJ,OAAO1B","file":"./dist/purify.min.js"}
|
|
1
|
+
{"version":3,"sources":["./src/purify.js"],"names":["factory","root","window","define","amd","module","exports","DOMPurify","version","removed","document","nodeType","isSupported","originalDocument","DocumentFragment","HTMLTemplateElement","Node","NodeFilter","NamedNodeMap","MozNamedAttrMap","Text","Comment","DOMParser","XMLHttpRequest","encodeURI","useXHR","useDOMParser","template","createElement","content","ownerDocument","implementation","createNodeIterator","getElementsByTagName","createDocumentFragment","importNode","hooks","createHTMLDocument","documentMode","_addToSet","set","array","l","length","toLowerCase","_cloneObj","object","newObject","property","hasOwnProperty","ALLOWED_TAGS","DEFAULT_ALLOWED_TAGS","ALLOWED_ATTR","DEFAULT_ALLOWED_ATTR","FORBID_TAGS","FORBID_ATTR","ALLOW_ARIA_ATTR","ALLOW_DATA_ATTR","ALLOW_UNKNOWN_PROTOCOLS","SAFE_FOR_JQUERY","SAFE_FOR_TEMPLATES","MUSTACHE_EXPR","ERB_EXPR","WHOLE_DOCUMENT","SET_CONFIG","FORCE_BODY","RETURN_DOM","RETURN_DOM_FRAGMENT","RETURN_DOM_IMPORT","SANITIZE_DOM","KEEP_CONTENT","FORBID_CONTENTS","DATA_URI_TAGS","URI_SAFE_ATTRIBUTES","CONFIG","formElement","_parseConfig","cfg","ADD_TAGS","ADD_ATTR","ADD_URI_SAFE_ATTR","Object","freeze","_forceRemove","node","push","element","parentNode","removeChild","e","outerHTML","_removeAttribute","name","attribute","getAttributeNode","from","removeAttribute","_initDocument","dirty","doc","body","xhr","responseType","open","send","response","parseFromString","documentElement","firstElementChild","call","querySelector","_createIterator","SHOW_ELEMENT","SHOW_COMMENT","SHOW_TEXT","FILTER_ACCEPT","_isClobbered","elm","nodeName","textContent","attributes","setAttribute","_isNode","obj","_sanitizeElements","currentNode","tagName","_executeHook","allowedTags","insertAdjacentHTML","innerHTML","test","cloneNode","replace","DATA_ATTR","ARIA_ATTR","IS_ALLOWED_URI","IS_SCRIPT_OR_DATA","ATTR_WHITESPACE","_sanitizeAttributes","attr","value","lcName","idAttr","hookEvent","attrName","attrValue","keepAttr","allowedAttributes","trim","id","Array","prototype","slice","apply","indexOf","pop","_sanitizeShadowDOM","fragment","shadowNode","shadowIterator","nextNode","entryPoint","data","forEach","hook","sanitize","importedNode","oldNode","nodeIterator","returnNode","toString","TypeError","toStaticHTML","appendChild","firstChild","setConfig","clearConfig","addHook","hookFunction","removeHook","removeHooks","removeAllHooks"],"mappings":"CAAE,SAASA,GACP,YAEA,IAAIC,SAAcC,UAAW,YAAc,KAAOA,MAElD,UAAWC,UAAW,YAAcA,OAAOC,IAAK,CAC5CD,OAAO,WAAY,MAAOH,GAAQC,SAC/B,UAAWI,UAAW,YAAa,CACtCA,OAAOC,QAAUN,EAAQC,OACtB,CACHA,EAAKM,UAAYP,EAAQC,MAE/B,QAASD,GAAQE,GACf,YAEA,IAAIK,GAAY,SAASL,GACrB,MAAOF,GAAQE,GAOnBK,GAAUC,QAAU,OAMpBD,GAAUE,UAEV,KAAKP,IAAWA,EAAOQ,UAAYR,EAAOQ,SAASC,WAAa,EAAG,CAG/DJ,EAAUK,YAAc,KACxB,OAAOL,GAGX,GAAIG,GAAWR,EAAOQ,QACtB,IAAIG,GAAmBH,CACvB,IAAII,GAAmBZ,EAAOY,gBAC9B,IAAIC,GAAsBb,EAAOa,mBACjC,IAAIC,GAAOd,EAAOc,IAClB,IAAIC,GAAaf,EAAOe,UACxB,IAAIC,GAAehB,EAAOgB,cAAgBhB,EAAOiB,eACjD,IAAIC,GAAOlB,EAAOkB,IAClB,IAAIC,GAAUnB,EAAOmB,OACrB,IAAIC,GAAYpB,EAAOoB,SACvB,IAAIC,GAAiBrB,EAAOqB,cAC5B,IAAIC,GAAYtB,EAAOsB,SACvB,IAAIC,GAAS,KACb,IAAIC,GAAe,KAQnB,UAAWX,KAAwB,WAAY,CAC3C,GAAIY,GAAWjB,EAASkB,cAAc,WACtC,IAAID,EAASE,SAAWF,EAASE,QAAQC,cAAe,CACpDpB,EAAWiB,EAASE,QAAQC,eAGpC,GAAIC,GAAiBrB,EAASqB,cAC9B,IAAIC,GAAqBtB,EAASsB,kBAClC,IAAIC,GAAuBvB,EAASuB,oBACpC,IAAIC,GAAyBxB,EAASwB,sBACtC,IAAIC,GAAatB,EAAiBsB,UAElC,IAAIC,KAKJ7B,GAAUK,kBACCmB,GAAeM,qBAAuB,aAC7C3B,EAAS4B,eAAiB,CAG9B,IAAIC,GAAY,SAASC,EAAKC,GAC1B,GAAIC,GAAID,EAAME,MACd,OAAOD,IAAK,CACR,SAAWD,GAAMC,KAAO,SAAU,CAC9BD,EAAMC,GAAKD,EAAMC,GAAGE,cAExBJ,EAAIC,EAAMC,IAAM,KAEpB,MAAOF,GAIX,IAAIK,GAAY,SAASC,GACrB,GAAIC,KACJ,IAAIC,EACJ,KAAKA,IAAYF,GAAQ,CACrB,GAAIA,EAAOG,eAAeD,GAAW,CACjCD,EAAUC,GAAYF,EAAOE,IAGrC,MAAOD,GASX,IAAIG,GAAe,IACnB,IAAIC,GAAuBZ,MAGvB,IAAI,OAAO,UAAU,UAAU,OAAO,UAAU,QAAQ,QAAQ,IAChE,MAAM,MAAM,MAAM,QAAQ,aAAa,OAAO,KAAK,SAAS,SAC5D,UAAU,SAAS,OAAO,OAAO,MAAM,WAAW,UAAU,OAC5D,WAAW,KAAK,YAAY,MAAM,UAAU,MAAM,MAAM,MAAM,KAAK,KACnE,UAAU,KAAK,WAAW,aAAa,SAAS,OAAO,SAAS,OAChE,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,OAAO,SAAS,SAAS,KAAK,OAAO,IACnE,MAAM,QAAQ,MAAM,MAAM,QAAQ,SAAS,KAAK,OAAO,MAAM,OAC7D,UAAU,OAAO,WAAW,QAAQ,MAAM,OAAO,KAAK,WACtD,SAAS,SAAS,IAAI,MAAM,WAAW,IAAI,KAAK,KAAK,OAAO,IAAI,OAChE,UAAU,SAAS,SAAS,QAAQ,SAAS,SAAS,OAAO,SAC7D,SAAS,QAAQ,MAAM,UAAU,MAAM,QAAQ,QAAQ,KAAK,WAC5D,WAAW,QAAQ,KAAK,QAAQ,OAAO,KAAK,QAAQ,KAAK,IAAI,KAAK,MAClE,QAAQ,MAGR,MAAM,WAAW,cAAc,eAAe,eAC9C,gBAAgB,mBAAmB,SAAS,WAAW,OAAO,OAC9D,UAAU,SAAS,OAAO,IAAI,QAAQ,WAAW,QAAQ,QAAQ,OACjE,iBAAiB,SAAS,OAAO,WAAW,QAAQ,OAAO,UAC3D,UAAU,WAAW,iBAAiB,OAAO,OAAO,SAAS,SAC7D,OAAO,WAAW,QAAQ,OAAO,QAAQ,OAAO,QAGhD,UAAU,gBAAgB,sBAAsB,cAChD,mBAAmB,oBAAoB,oBACvC,UAAU,UAAU,UAAU,UAAU,UAAU,iBAClD,UAAU,cAAc,eAAe,WACvC,qBAAqB,SAAS,eAG9B,OAAO,WAAW,SAAS,UAAU,QAAQ,SAAS,KAAK,aAC3D,eAAe,KAAK,KAAK,QAAQ,UAAU,WAAW,QAAQ,OAC9D,KAAK,UAAU,QAAQ,UAAU,OAAO,OAAO,UAAU,SAAS,MAClE,QAAQ,MAAM,SAAS,aAGvB,SAIJ,IAAIa,GAAe,IACnB,IAAIC,GAAuBd,MAGvB,SAAS,SAAS,QAAQ,MAAM,eAAe,aAAa,UAC5D,SAAS,cAAc,cAAc,UAAU,OAAO,QAAQ,QAAQ,QACtE,OAAO,UAAU,SAAS,WAAW,UAAU,MAAM,WACrD,WAAW,UAAU,OAAO,MAAM,UAAU,SAAS,SAAS,OAAO,OACrE,WAAW,KAAK,QAAQ,QAAQ,OAAO,OAAO,OAAQ,MAAM,MAC5D,YAAY,QAAQ,SAAS,MAAM,WAAW,OAAO,UAAU,aAC/D,SAAS,OAAO,UAAU,UAAU,cAAc,SAAS,UAAU,UACrE,aAAa,WAAW,MAAM,WAAW,MAAM,WAAW,OAAO,OACjE,UAAU,aAAa,QAAQ,WAAW,QAAQ,OAAO,OACzD,UAAU,QAAQ,MAAM,OAAO,QAAQ,UAAU,WAAW,QAC5D,OAAO,SAAS,SAAS,QAAQ,QAAQ,QAGzC,gBAAgB,aAAa,aAAa,qBAC1C,SAAS,gBAAgB,gBAAgB,UAAU,gBACnD,iBAAiB,QAAQ,OAAO,KAAK,OAAO,YAAY,YACxD,QAAQ,sBAAsB,8BAA8B,gBAC5D,kBAAkB,KAAK,KAAK,IAAI,KAAK,KAAK,kBAAkB,YAC5D,UAAU,UAAU,MAAM,WAAW,YAAY,MAAM,OAAO,eAC9D,YAAY,SAAS,cAAc,gBAAgB,cAAc,YACjE,mBAAmB,eAAe,aAAa,eAAe,cAC9D,KAAM,KAAK,KAAK,KAAK,aAAa,WAAW,gBAAgB,oBAC7D,kBAAkB,KAAK,MAAM,IAAI,KAAK,KAAK,KAAK,KAAK,UAAU,YAC/D,aAAa,WAAW,eAAe,iBAAiB,eACxD,mBAAmB,iBAAiB,QAAQ,aAAa,aACzD,eAAe,eAAe,cAAc,cAAc,mBAC1D,YAAY,MAAM,OAAO,OAAO,MAAM,aAAa,SAAS,WAC5D,UAAU,QAAQ,SAAS,cAAc,SAAS,WAAW,cAC7D,OAAO,aAAa,sBAAsB,mBAAmB,eAC7D,SAAS,gBAAgB,IAAI,KAAK,KAAK,SAAS,OAAO,OAAO,cAC9D,YAAY,UAAU,SAAS,SAAS,QAAQ,OAAO,kBACvD,mBAAmB,mBAAmB,eAAe,eAAe,cACpE,aAAa,eAAe,mBAAmB,oBAAoB,iBACnE,kBAAkB,oBAAoB,iBAAiB,SAAS,eAChE,eAAe,UAAU,UAAU,YAAY,cAAc,kBAC7D,iBAAiB,aAAa,KAAK,KAAK,UAAU,SAAS,UAC3D,aAAa,aAAa,gBAAgB,gBAAgB,eAC1D,OAAO,eAAe,mBAAmB,mBAAmB,IAAI,KAAK,KACrE,IAAI,KAAK,KAAK,IAAI,aAGlB,SAAS,cAAc,WAAW,QAAQ,eAAe,cACzD,aAAa,aAAa,QAAQ,UAAU,eAAe,QAC3D,QAAQ,UAAU,SAAS,gBAAgB,SAAS,SACpD,iBAAiB,YAAY,WAAW,cAAc,UACtD,UAAU,gBAAgB,WAAW,WAAW,OAAO,WACvD,WAAW,aAAa,UAAU,SAAS,SAAS,cACpD,gBAAgB,uBAAuB,YAAY,YACnD,aAAa,WAAW,iBAAiB,iBAAiB,YAC1D,UAGA,aAAa,SAAS,cAAc,YAAY,eAIpD,IAAIe,GAAc,IAGlB,IAAIC,GAAc,IAGlB,IAAIC,GAAkB,IAGtB,IAAIC,GAAkB,IAGtB,IAAIC,GAA0B,KAG9B,IAAIC,GAAkB,KAKtB,IAAIC,GAAqB,KAGzB,IAAIC,GAAgB,2BACpB,IAAIC,GAAW,uBAGf,IAAIC,GAAiB,KAGrB,IAAIC,GAAa,KAIjB,IAAIC,GAAa,KAKjB,IAAIC,GAAa,KAGjB,IAAIC,GAAsB,KAM1B,IAAIC,GAAoB,KAGxB,IAAIC,GAAe,IAGnB,IAAIC,GAAe,IAGnB,IAAIC,GAAkBhC,MAClB,QAAS,OAAQ,OAAQ,SAAU,QAAS,WAAY,MAAO,SAInE,IAAIiC,GAAgBjC,MAChB,QAAS,QAAS,MAAO,SAAU,SAIvC,IAAIkC,GAAsBlC,MACtB,MAAM,QAAQ,MAAM,KAAK,QAAQ,OAAO,UAAU,cAClD,UAAU,QAAQ,QAAQ,QAAQ,SAItC,IAAImC,GAAS,IAKb,IAAIC,GAAcjE,EAASkB,cAAc,OAOzC,IAAIgD,GAAe,SAASC,GAExB,SAAWA,KAAQ,SAAU,CACzBA,KAIJ3B,EAAe,gBAAkB2B,GAC7BtC,KAAcsC,EAAI3B,cAAgBC,CACtCC,GAAe,gBAAkByB,GAC7BtC,KAAcsC,EAAIzB,cAAgBC,CACtCC,GAAc,eAAiBuB,GAC3BtC,KAAcsC,EAAIvB,eACtBC,GAAc,eAAiBsB,GAC3BtC,KAAcsC,EAAItB,eACtBC,GAAsBqB,EAAIrB,kBAAwB,KAClDC,GAAsBoB,EAAIpB,kBAAwB,KAClDC,GAA0BmB,EAAInB,yBAA2B,KACzDC,GAAsBkB,EAAIlB,iBAAwB,KAClDC,GAAsBiB,EAAIjB,oBAAwB,KAClDG,GAAsBc,EAAId,gBAAwB,KAClDG,GAAsBW,EAAIX,YAAwB,KAClDC,GAAsBU,EAAIV,qBAAwB,KAClDC,GAAsBS,EAAIT,mBAAwB,KAClDH,GAAsBY,EAAIZ,YAAwB,KAClDI,GAAsBQ,EAAIR,eAAwB,KAClDC,GAAsBO,EAAIP,eAAwB,KAElD,IAAIV,EAAoB,CACpBH,EAAkB,MAGtB,GAAIU,EAAqB,CACrBD,EAAa,KAIjB,GAAIW,EAAIC,SAAU,CACd,GAAI5B,IAAiBC,EAAsB,CACvCD,EAAeL,EAAUK,GAE7BX,EAAUW,EAAc2B,EAAIC,UAEhC,GAAID,EAAIE,SAAU,CACd,GAAI3B,IAAiBC,EAAsB,CACvCD,EAAeP,EAAUO,GAE7Bb,EAAUa,EAAcyB,EAAIE,UAEhC,GAAIF,EAAIG,kBAAmB,CACvBzC,EAAUkC,EAAqBI,EAAIG,mBAIvC,GAAIV,EAAc,CAAEpB,EAAa,SAAW,KAI5C,GAAI+B,QAAU,UAAYA,QAAQ,CAAEA,OAAOC,OAAOL,GAElDH,EAASG,EAQb,IAAIM,GAAe,SAASC,GACxB7E,EAAUE,QAAQ4E,MAAMC,QAASF,GACjC,KACIA,EAAKG,WAAWC,YAAYJ,GAC9B,MAAOK,GACLL,EAAKM,UAAY,IAUzB,IAAIC,IAAmB,SAASC,EAAMR,GAClC7E,EAAUE,QAAQ4E,MACdQ,UAAWT,EAAKU,iBAAiBF,GACjCG,KAAMX,GAEVA,GAAKY,gBAAgBJ,GASzB,IAAIK,IAAgB,SAASC,GAEzB,GAAIC,GAAKC,CAGT,IAAInC,EAAY,CACZiC,EAAQ,oBAAsBA,EAIlC,GAAIzE,EAAQ,CACR,IACIyE,EAAQ1E,EAAU0E,GACpB,MAAOT,IACT,GAAIY,GAAM,GAAI9E,EACd8E,GAAIC,aAAe,UACnBD,GAAIE,KAAK,MAAO,gCAAkCL,EAAO,MACzDG,GAAIG,KAAK,KACTL,GAAME,EAAII,SAId,GAAI/E,EAAc,CACd,IACIyE,GAAM,GAAI7E,IAAYoF,gBAAgBR,EAAO,aAC/C,MAAOT,KAKb,IAAKU,IAAQA,EAAIQ,gBAAiB,CAC9BR,EAAMpE,EAAeM,mBAAmB,GACxC+D,GAAOD,EAAIC,IACXA,GAAKb,WAAWC,YAAYY,EAAKb,WAAWqB,kBAC5CR,GAAKV,UAAYQ,EAIrB,MAAOjE,GAAqB4E,KAAKV,EAC7BpC,EAAiB,OAAS,QAAQ,GAqB1C,IAAIxD,EAAUK,YAAa,EACtB,WACG,GAAIuF,GAAOF,GAAc,uDACzB,KAAKE,EAAIW,cAAc,OAAQ,CAC3BrF,EAAS,KAEb0E,EAAMF,GAAc,mEACpB,IAAIE,EAAIW,cAAc,WAAY,CAC9BpF,EAAe,UAW3B,GAAIqF,IAAkB,SAAS9G,GAC3B,MAAO+B,GAAmB6E,KAAK5G,EAAK6B,eAAiB7B,EACjDA,EACAgB,EAAW+F,aACT/F,EAAWgG,aACXhG,EAAWiG,UACb,WAAa,MAAOjG,GAAWkG,eAC/B,OAUR,IAAIC,IAAe,SAASC,GACxB,GAAIA,YAAejG,IAAQiG,YAAehG,GAAS,CAC/C,MAAO,OAEX,SAAagG,GAAIC,WAAa,gBACjBD,GAAIE,cAAgB,gBACpBF,GAAI7B,cAAgB,cACzB6B,EAAIG,qBAAsBtG,WACrBmG,GAAIrB,kBAAoB,kBACxBqB,GAAII,eAAiB,WAChC,CACE,MAAO,MAEX,MAAO,OASX,IAAIC,IAAU,SAASC,GACnB,aACW3G,KAAS,SAAW2G,YAAe3G,GAAO2G,SACnCA,KAAQ,gBAAmBA,GAAIhH,WAAa,gBAC5CgH,GAAIL,WAAW,SAcrC,IAAIM,IAAoB,SAASC,GAC7B,GAAIC,GAASjG,CAGbkG,IAAa,yBAA0BF,EAAa,KAGpD,IAAIT,GAAaS,GAAc,CAC3B1C,EAAa0C,EACb,OAAO,MAIXC,EAAUD,EAAYP,SAAS1E,aAG/BmF,IAAa,sBAAuBF,GAChCC,QAASA,EACTE,YAAa9E,GAIjB,KAAKA,EAAa4E,IAAYxE,EAAYwE,GAAU,CAEhD,GAAIxD,IAAiBC,EAAgBuD,UACnBD,GAAYI,qBAAuB,WAAY,CAC7D,IACIJ,EAAYI,mBAAmB,WAAYJ,EAAYK,WACzD,MAAOzC,KAEbN,EAAa0C,EACb,OAAO,MAIX,GAAIlE,IAAoBkE,EAAYjB,qBAC1BiB,EAAYhG,UAAYgG,EAAYhG,QAAQ+E,oBAC9C,KAAKuB,KAAKN,EAAYN,aAAc,CACxChH,EAAUE,QAAQ4E,MAAMC,QAASuC,EAAYO,aAC7CP,GAAYK,UAAYL,EAAYN,YAAYc,QAAQ,KAAM,QAIlE,GAAIzE,GAAsBiE,EAAYlH,WAAa,EAAG,CAElDkB,EAAUgG,EAAYN,WACtB1F,GAAUA,EAAQwG,QAAQxE,EAAe,IACzChC,GAAUA,EAAQwG,QAAQvE,EAAU,IACpC,IAAI+D,EAAYN,cAAgB1F,EAAS,CACrCtB,EAAUE,QAAQ4E,MAAMC,QAASuC,EAAYO,aAC7CP,GAAYN,YAAc1F,GAKlCkG,GAAa,wBAAyBF,EAAa,KAEnD,OAAO,OAGX,IAAIS,IAAY,4BAChB,IAAIC,IAAY,gBAChB,IAAIC,IAAiB,uEACrB,IAAIC,IAAoB,uBAExB,IAAIC,IAAkB,uDAatB,IAAIC,IAAsB,SAASd,GAC/B,GAAIe,GAAMhD,EAAMiD,EAAOC,EAAQC,EAAQvB,EAAYwB,EAAWtG,CAE9DqF,IAAa,2BAA4BF,EAAa,KAEtDL,GAAaK,EAAYL,UAGzB,KAAKA,EAAY,CAAE,OAEnBwB,GACIC,SAAU,GACVC,UAAW,GACXC,SAAU,KACVC,kBAAmBhG,EAEvBV,GAAI8E,EAAW7E,MAGf,OAAOD,IAAK,CACRkG,EAAOpB,EAAW9E,EAClBkD,GAAOgD,EAAKhD,IACZiD,GAAQD,EAAKC,MAAMQ,MACnBP,GAASlD,EAAKhD,aAGdoG,GAAUC,SAAWH,CACrBE,GAAUE,UAAYL,CACtBG,GAAUG,SAAW,IACrBpB,IAAa,wBAAyBF,EAAamB,EACnDH,GAAQG,EAAUE,SAMlB,IAAIJ,IAAW,QACPjB,EAAYP,WAAa,OAASE,EAAW8B,GAAI,CACrDP,EAASvB,EAAW8B,EACpB9B,GAAa+B,MAAMC,UAAUC,MAAMC,MAAMlC,EACzC7B,IAAiB,KAAMkC,EACvBlC,IAAiBC,EAAMiC,EACvB,IAAIL,EAAWmC,QAAQZ,GAAUrG,EAAG,CAChCmF,EAAYJ,aAAa,KAAMsB,EAAOF,YAEvC,IAGDhB,EAAYP,WAAa,SAAWwB,IAAW,QAC/CD,IAAU,SAAWzF,EAAa0F,KAAYvF,EAAYuF,IAAU,CACpE,aACC,CAIH,GAAIlD,IAAS,KAAM,CACfiC,EAAYJ,aAAa7B,EAAM,IAEnCD,GAAiBC,EAAMiC,GAI3B,IAAKmB,EAAUG,SAAU,CACrB,SAIJ,GAAI9E,IACKyE,IAAW,MAAQA,IAAW,UAC9BD,IAAS3I,IAAU2I,IAASnI,IAAYmI,IAASlE,IAAc,CACpE,SAIJ,GAAIf,EAAoB,CACpBiF,EAAQA,EAAMR,QAAQxE,EAAe,IACrCgF,GAAQA,EAAMR,QAAQvE,EAAU,KAOpC,GAAIL,GAAmB6E,GAAUH,KAAKW,GAAS,MAG1C,IAAItF,GAAmB+E,GAAUJ,KAAKW,GAAS,MAI/C,KAAK1F,EAAa0F,IAAWvF,EAAYuF,GAAS,CACnD,aAGC,IAAIrE,EAAoBqE,GAAS,MAKjC,IAAIN,GAAeL,KAAKU,EAAMR,QAAQK,GAAgB,KAAM,MAI5D,KACAI,IAAW,OAASA,IAAW,eAChCD,EAAMc,QAAQ,WAAa,GAC3BnF,EAAcqD,EAAYP,SAAS1E,eAAgB,MAMlD,IACDc,IACC+E,GAAkBN,KAAKU,EAAMR,QAAQK,GAAgB,KAAM,MAI3D,KAAKG,EAAO,MAIZ,CACD,SAIJ,IACIhB,EAAYJ,aAAa7B,EAAMiD,EAC/BtI,GAAUE,QAAQmJ,MACpB,MAAOnE,KAIbsC,GAAa,0BAA2BF,EAAa,MASzD,IAAIgC,IAAqB,SAASC,GAC9B,GAAIC,EACJ,IAAIC,GAAiBjD,GAAgB+C,EAGrC/B,IAAa,0BAA2B+B,EAAU,KAElD,OAASC,EAAaC,EAAeC,WAAc,CAE/ClC,GAAa,yBAA0BgC,EAAY,KAGnD,IAAInC,GAAkBmC,GAAa,CAC/B,SAIJ,GAAIA,EAAWlI,kBAAmBf,GAAkB,CAChD+I,GAAmBE,EAAWlI,SAIlC8G,GAAoBoB,GAIxBhC,GAAa,yBAA0B+B,EAAU,MAUrD,IAAI/B,IAAe,SAASmC,EAAYrC,EAAasC,GACjD,IAAK/H,EAAM8H,GAAa,CAAE,OAE1B9H,EAAM8H,GAAYE,QAAQ,SAASC,GAC/BA,EAAKxD,KAAKtG,EAAWsH,EAAasC,EAAMzF,KAWhDnE,GAAU+J,SAAW,SAASpE,EAAOrB,GACjC,GAAIuB,GAAMmE,EAAc1C,EAAa2C,EAASC,EAAcC,CAI5D,KAAKxE,EAAO,CACRA,EAAQ,QAIZ,SAAWA,KAAU,WAAawB,GAAQxB,GAAQ,CAC9C,SAAWA,GAAMyE,WAAa,WAAY,CACtC,KAAM,IAAIC,WAAU,kCACjB,CACH1E,EAAQA,EAAMyE,YAKtB,IAAKpK,EAAUK,YAAa,CACxB,SAAWV,GAAO2K,eAAiB,gBACrB3K,GAAO2K,eAAiB,WAAY,CAC9C,SAAW3E,KAAU,SAAU,CAC3B,MAAOhG,GAAO2K,aAAa3E,OACxB,IAAIwB,GAAQxB,GAAQ,CACvB,MAAOhG,GAAO2K,aAAa3E,EAAMR,YAGzC,MAAOQ,GAIX,IAAKlC,EAAY,CACbY,EAAaC,GAIjBtE,EAAUE,UAEV,IAAIyF,YAAiBlF,GAAM,CAGvBoF,EAAOH,GAAc,QACrBsE,GAAenE,EAAKtE,cAAcK,WAAW+D,EAAO,KACpD,IAAIqE,EAAa5J,WAAa,GAAK4J,EAAajD,WAAa,OAAQ,CAEjElB,EAAOmE,MACJ,CACHnE,EAAK0E,YAAYP,QAElB,CAEH,IAAKrG,IAAeH,GAAkBmC,EAAMyD,QAAQ,QAAU,EAAG,CAC7D,MAAOzD,GAIXE,EAAOH,GAAcC,EAGrB,KAAKE,EAAM,CACP,MAAOlC,GAAa,KAAO,IAKnC,GAAID,EAAY,CACZkB,EAAaiB,EAAK2E,YAItBN,EAAe1D,GAAgBX,EAG/B,OAASyB,EAAc4C,EAAaR,WAAc,CAG9C,GAAIpC,EAAYlH,WAAa,GAAKkH,IAAgB2C,EAAS,CACvD,SAIJ,GAAI5C,GAAkBC,GAAc,CAChC,SAIJ,GAAIA,EAAYhG,kBAAmBf,GAAkB,CACjD+I,GAAmBhC,EAAYhG,SAInC8G,GAAoBd,EAEpB2C,GAAU3C,EAId,GAAI3D,EAAY,CAEZ,GAAIC,EAAqB,CACrBuG,EAAaxI,EAAuB2E,KAAKT,EAAKtE,cAE9C,OAAOsE,EAAK2E,WAAY,CACpBL,EAAWI,YAAY1E,EAAK2E,iBAE7B,CACHL,EAAatE,EAGjB,GAAIhC,EAAmB,CAMnBsG,EAAavI,EAAW0E,KAAKhG,EAAkB6J,EAAY,MAG/D,MAAOA,GAGX,MAAO3G,GAAiBqC,EAAKV,UAAYU,EAAK8B,UAUlD3H,GAAUyK,UAAY,SAASnG,GAC3BD,EAAaC,EACbb,GAAa,KASjBzD,GAAU0K,YAAc,WACpBvG,EAAS,IACTV,GAAa,MAUjBzD,GAAU2K,QAAU,SAAShB,EAAYiB,GACrC,SAAWA,KAAiB,WAAY,CAAE,OAC1C/I,EAAM8H,GAAc9H,EAAM8H,MAC1B9H,GAAM8H,GAAY7E,KAAK8F,GAW3B5K,GAAU6K,WAAa,SAASlB,GAC5B,GAAI9H,EAAM8H,GAAa,CACnB9H,EAAM8H,GAAYN,OAW1BrJ,GAAU8K,YAAc,SAASnB,GAC7B,GAAI9H,EAAM8H,GAAa,CACnB9H,EAAM8H,OAUd3J,GAAU+K,eAAiB,WACvBlJ,KAGJ,OAAO7B","file":"./dist/purify.min.js"}
|
package/package.json
CHANGED
|
@@ -41,7 +41,7 @@
|
|
|
41
41
|
},
|
|
42
42
|
"name": "dompurify",
|
|
43
43
|
"description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.",
|
|
44
|
-
"version": "0.
|
|
44
|
+
"version": "0.9.0",
|
|
45
45
|
"main": "src/purify.js",
|
|
46
46
|
"directories": {
|
|
47
47
|
"test": "test"
|
package/src/purify.js
CHANGED
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
* Version label, exposed for easier checks
|
|
22
22
|
* if DOMPurify is up to date or not
|
|
23
23
|
*/
|
|
24
|
-
DOMPurify.version = '0.
|
|
24
|
+
DOMPurify.version = '0.9.0';
|
|
25
25
|
|
|
26
26
|
/**
|
|
27
27
|
* Array of elements that DOMPurify removed during sanitation.
|
|
@@ -46,8 +46,11 @@
|
|
|
46
46
|
var Text = window.Text;
|
|
47
47
|
var Comment = window.Comment;
|
|
48
48
|
var DOMParser = window.DOMParser;
|
|
49
|
+
var XMLHttpRequest = window.XMLHttpRequest;
|
|
50
|
+
var encodeURI = window.encodeURI;
|
|
51
|
+
var useXHR = false;
|
|
49
52
|
var useDOMParser = false; // See comment below
|
|
50
|
-
|
|
53
|
+
|
|
51
54
|
// As per issue #47, the web-components registry is inherited by a
|
|
52
55
|
// new document created via createHTMLDocument. As per the spec
|
|
53
56
|
// (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)
|
|
@@ -238,6 +241,9 @@
|
|
|
238
241
|
/* Decide if document with <html>... should be returned */
|
|
239
242
|
var WHOLE_DOCUMENT = false;
|
|
240
243
|
|
|
244
|
+
/* Track whether config is already set on this instance of DOMPurify. */
|
|
245
|
+
var SET_CONFIG = false;
|
|
246
|
+
|
|
241
247
|
/* Decide if all elements (e.g. style, script) must be children of
|
|
242
248
|
* document.body. By default, browsers might move them to document.head */
|
|
243
249
|
var FORCE_BODY = false;
|
|
@@ -397,6 +403,18 @@
|
|
|
397
403
|
dirty = '<remove></remove>' + dirty;
|
|
398
404
|
}
|
|
399
405
|
|
|
406
|
+
/* Use XHR if necessary because Safari 10.1 and newer are buggy */
|
|
407
|
+
if (useXHR) {
|
|
408
|
+
try {
|
|
409
|
+
dirty = encodeURI(dirty);
|
|
410
|
+
} catch (e) {}
|
|
411
|
+
var xhr = new XMLHttpRequest();
|
|
412
|
+
xhr.responseType = 'document';
|
|
413
|
+
xhr.open('GET', 'data:text/html;charset=utf-8,' + dirty, false);
|
|
414
|
+
xhr.send(null);
|
|
415
|
+
doc = xhr.response;
|
|
416
|
+
}
|
|
417
|
+
|
|
400
418
|
/* Use DOMParser to workaround Firefox bug (see comment below) */
|
|
401
419
|
if (useDOMParser) {
|
|
402
420
|
try {
|
|
@@ -425,6 +443,11 @@
|
|
|
425
443
|
// new DOMParser()
|
|
426
444
|
// .parseFromString('<svg onload=alert(document.domain)>', 'text/html');
|
|
427
445
|
//
|
|
446
|
+
// Later, it was also noticed that even more assumed benign and inert ways
|
|
447
|
+
// of creating a document are now insecure thanks to Safari. So we work
|
|
448
|
+
// around that with a feature test and use XHR to create the document in
|
|
449
|
+
// case we really have to. That one seems safe for now.
|
|
450
|
+
//
|
|
428
451
|
// However, Firefox uses a different parser for innerHTML rather than
|
|
429
452
|
// DOMParser (see https://bugzilla.mozilla.org/show_bug.cgi?id=1205631)
|
|
430
453
|
// which means that you *must* use DOMParser, otherwise the output may
|
|
@@ -433,7 +456,11 @@
|
|
|
433
456
|
// So we feature detect the Firefox bug and use the DOMParser if necessary.
|
|
434
457
|
if (DOMPurify.isSupported) {
|
|
435
458
|
(function () {
|
|
436
|
-
var doc
|
|
459
|
+
var doc = _initDocument('<svg><g onload="this.parentNode.remove()"></g></svg>');
|
|
460
|
+
if (!doc.querySelector('svg')) {
|
|
461
|
+
useXHR = true;
|
|
462
|
+
}
|
|
463
|
+
doc = _initDocument('<svg><p><style><img src="</style><img src=x onerror=alert(1)//">');
|
|
437
464
|
if (doc.querySelector('svg img')) {
|
|
438
465
|
useDOMParser = true;
|
|
439
466
|
}
|
|
@@ -807,7 +834,9 @@
|
|
|
807
834
|
}
|
|
808
835
|
|
|
809
836
|
/* Assign config vars */
|
|
810
|
-
|
|
837
|
+
if (!SET_CONFIG) {
|
|
838
|
+
_parseConfig(cfg);
|
|
839
|
+
}
|
|
811
840
|
|
|
812
841
|
/* Clean up removed elements */
|
|
813
842
|
DOMPurify.removed = [];
|
|
@@ -898,6 +927,29 @@
|
|
|
898
927
|
return WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML;
|
|
899
928
|
};
|
|
900
929
|
|
|
930
|
+
/**
|
|
931
|
+
* setConfig
|
|
932
|
+
* Public method to set the configuration once
|
|
933
|
+
*
|
|
934
|
+
* @param {Object} configuration object
|
|
935
|
+
* @return void
|
|
936
|
+
*/
|
|
937
|
+
DOMPurify.setConfig = function(cfg) {
|
|
938
|
+
_parseConfig(cfg);
|
|
939
|
+
SET_CONFIG = true;
|
|
940
|
+
};
|
|
941
|
+
|
|
942
|
+
/**
|
|
943
|
+
* clearConfig
|
|
944
|
+
* Public method to remove the configuration
|
|
945
|
+
*
|
|
946
|
+
* @return void
|
|
947
|
+
*/
|
|
948
|
+
DOMPurify.clearConfig = function() {
|
|
949
|
+
CONFIG = null;
|
|
950
|
+
SET_CONFIG = false;
|
|
951
|
+
};
|
|
952
|
+
|
|
901
953
|
/**
|
|
902
954
|
* addHook
|
|
903
955
|
* Public method to add DOMPurify hooks
|