dompurify 2.3.3 → 2.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +52 -16
- package/dist/purify.cjs.js +75 -31
- package/dist/purify.cjs.js.map +1 -1
- package/dist/purify.es.js +75 -31
- package/dist/purify.es.js.map +1 -1
- package/dist/purify.js +75 -31
- package/dist/purify.js.map +1 -1
- package/dist/purify.min.js +2 -2
- package/dist/purify.min.js.map +1 -1
- package/package.json +1 -1
package/dist/purify.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @license DOMPurify 2.3.
|
|
1
|
+
/*! @license DOMPurify 2.3.4 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.3.4/LICENSE */
|
|
2
2
|
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :
|
|
@@ -156,13 +156,13 @@
|
|
|
156
156
|
// SVG
|
|
157
157
|
var svg = freeze(['svg', 'a', 'altglyph', 'altglyphdef', 'altglyphitem', 'animatecolor', 'animatemotion', 'animatetransform', 'circle', 'clippath', 'defs', 'desc', 'ellipse', 'filter', 'font', 'g', 'glyph', 'glyphref', 'hkern', 'image', 'line', 'lineargradient', 'marker', 'mask', 'metadata', 'mpath', 'path', 'pattern', 'polygon', 'polyline', 'radialgradient', 'rect', 'stop', 'style', 'switch', 'symbol', 'text', 'textpath', 'title', 'tref', 'tspan', 'view', 'vkern']);
|
|
158
158
|
|
|
159
|
-
var svgFilters = freeze(['feBlend', 'feColorMatrix', 'feComponentTransfer', 'feComposite', 'feConvolveMatrix', 'feDiffuseLighting', 'feDisplacementMap', 'feDistantLight', 'feFlood', 'feFuncA', 'feFuncB', 'feFuncG', 'feFuncR', 'feGaussianBlur', 'feMerge', 'feMergeNode', 'feMorphology', 'feOffset', 'fePointLight', 'feSpecularLighting', 'feSpotLight', 'feTile', 'feTurbulence']);
|
|
159
|
+
var svgFilters = freeze(['feBlend', 'feColorMatrix', 'feComponentTransfer', 'feComposite', 'feConvolveMatrix', 'feDiffuseLighting', 'feDisplacementMap', 'feDistantLight', 'feFlood', 'feFuncA', 'feFuncB', 'feFuncG', 'feFuncR', 'feGaussianBlur', 'feImage', 'feMerge', 'feMergeNode', 'feMorphology', 'feOffset', 'fePointLight', 'feSpecularLighting', 'feSpotLight', 'feTile', 'feTurbulence']);
|
|
160
160
|
|
|
161
161
|
// List of SVG elements that are disallowed by default.
|
|
162
162
|
// We still need to know them so that we can do namespace
|
|
163
163
|
// checks properly in case one wants to add them to
|
|
164
164
|
// allow-list.
|
|
165
|
-
var svgDisallowed = freeze(['animate', 'color-profile', 'cursor', 'discard', 'fedropshadow', '
|
|
165
|
+
var svgDisallowed = freeze(['animate', 'color-profile', 'cursor', 'discard', 'fedropshadow', 'font-face', 'font-face-format', 'font-face-name', 'font-face-src', 'font-face-uri', 'foreignobject', 'hatch', 'hatchpath', 'mesh', 'meshgradient', 'meshpatch', 'meshrow', 'missing-glyph', 'script', 'set', 'solidcolor', 'unknown', 'use']);
|
|
166
166
|
|
|
167
167
|
var mathMl = freeze(['math', 'menclose', 'merror', 'mfenced', 'mfrac', 'mglyph', 'mi', 'mlabeledtr', 'mmultiscripts', 'mn', 'mo', 'mover', 'mpadded', 'mphantom', 'mroot', 'mrow', 'ms', 'mspace', 'msqrt', 'mstyle', 'msub', 'msup', 'msubsup', 'mtable', 'mtd', 'mtext', 'mtr', 'munder', 'munderover']);
|
|
168
168
|
|
|
@@ -172,7 +172,7 @@
|
|
|
172
172
|
|
|
173
173
|
var text = freeze(['#text']);
|
|
174
174
|
|
|
175
|
-
var html$1 = freeze(['accept', 'action', 'align', 'alt', 'autocapitalize', 'autocomplete', 'autopictureinpicture', 'autoplay', 'background', 'bgcolor', 'border', 'capture', 'cellpadding', 'cellspacing', 'checked', 'cite', 'class', 'clear', 'color', 'cols', 'colspan', 'controls', 'controlslist', 'coords', 'crossorigin', 'datetime', 'decoding', 'default', 'dir', 'disabled', 'disablepictureinpicture', 'disableremoteplayback', 'download', 'draggable', 'enctype', 'enterkeyhint', 'face', 'for', 'headers', 'height', 'hidden', 'high', 'href', 'hreflang', 'id', 'inputmode', 'integrity', 'ismap', 'kind', 'label', 'lang', 'list', 'loading', 'loop', 'low', 'max', 'maxlength', 'media', 'method', 'min', 'minlength', 'multiple', 'muted', 'name', 'noshade', 'novalidate', 'nowrap', 'open', 'optimum', 'pattern', 'placeholder', 'playsinline', 'poster', 'preload', 'pubdate', 'radiogroup', 'readonly', 'rel', 'required', 'rev', 'reversed', 'role', 'rows', 'rowspan', 'spellcheck', 'scope', 'selected', 'shape', 'size', 'sizes', 'span', 'srclang', 'start', 'src', 'srcset', 'step', 'style', 'summary', 'tabindex', 'title', 'translate', 'type', 'usemap', 'valign', 'value', 'width', 'xmlns', 'slot']);
|
|
175
|
+
var html$1 = freeze(['accept', 'action', 'align', 'alt', 'autocapitalize', 'autocomplete', 'autopictureinpicture', 'autoplay', 'background', 'bgcolor', 'border', 'capture', 'cellpadding', 'cellspacing', 'checked', 'cite', 'class', 'clear', 'color', 'cols', 'colspan', 'controls', 'controlslist', 'coords', 'crossorigin', 'datetime', 'decoding', 'default', 'dir', 'disabled', 'disablepictureinpicture', 'disableremoteplayback', 'download', 'draggable', 'enctype', 'enterkeyhint', 'face', 'for', 'headers', 'height', 'hidden', 'high', 'href', 'hreflang', 'id', 'inputmode', 'integrity', 'ismap', 'kind', 'label', 'lang', 'list', 'loading', 'loop', 'low', 'max', 'maxlength', 'media', 'method', 'min', 'minlength', 'multiple', 'muted', 'name', 'nonce', 'noshade', 'novalidate', 'nowrap', 'open', 'optimum', 'pattern', 'placeholder', 'playsinline', 'poster', 'preload', 'pubdate', 'radiogroup', 'readonly', 'rel', 'required', 'rev', 'reversed', 'role', 'rows', 'rowspan', 'spellcheck', 'scope', 'selected', 'shape', 'size', 'sizes', 'span', 'srclang', 'start', 'src', 'srcset', 'step', 'style', 'summary', 'tabindex', 'title', 'translate', 'type', 'usemap', 'valign', 'value', 'width', 'xmlns', 'slot']);
|
|
176
176
|
|
|
177
177
|
var svg$1 = freeze(['accent-height', 'accumulate', 'additive', 'alignment-baseline', 'ascent', 'attributename', 'attributetype', 'azimuth', 'basefrequency', 'baseline-shift', 'begin', 'bias', 'by', 'class', 'clip', 'clippathunits', 'clip-path', 'clip-rule', 'color', 'color-interpolation', 'color-interpolation-filters', 'color-profile', 'color-rendering', 'cx', 'cy', 'd', 'dx', 'dy', 'diffuseconstant', 'direction', 'display', 'divisor', 'dur', 'edgemode', 'elevation', 'end', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'filterunits', 'flood-color', 'flood-opacity', 'font-family', 'font-size', 'font-size-adjust', 'font-stretch', 'font-style', 'font-variant', 'font-weight', 'fx', 'fy', 'g1', 'g2', 'glyph-name', 'glyphref', 'gradientunits', 'gradienttransform', 'height', 'href', 'id', 'image-rendering', 'in', 'in2', 'k', 'k1', 'k2', 'k3', 'k4', 'kerning', 'keypoints', 'keysplines', 'keytimes', 'lang', 'lengthadjust', 'letter-spacing', 'kernelmatrix', 'kernelunitlength', 'lighting-color', 'local', 'marker-end', 'marker-mid', 'marker-start', 'markerheight', 'markerunits', 'markerwidth', 'maskcontentunits', 'maskunits', 'max', 'mask', 'media', 'method', 'mode', 'min', 'name', 'numoctaves', 'offset', 'operator', 'opacity', 'order', 'orient', 'orientation', 'origin', 'overflow', 'paint-order', 'path', 'pathlength', 'patterncontentunits', 'patterntransform', 'patternunits', 'points', 'preservealpha', 'preserveaspectratio', 'primitiveunits', 'r', 'rx', 'ry', 'radius', 'refx', 'refy', 'repeatcount', 'repeatdur', 'restart', 'result', 'rotate', 'scale', 'seed', 'shape-rendering', 'specularconstant', 'specularexponent', 'spreadmethod', 'startoffset', 'stddeviation', 'stitchtiles', 'stop-color', 'stop-opacity', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke', 'stroke-width', 'style', 'surfacescale', 'systemlanguage', 'tabindex', 'targetx', 'targety', 'transform', 'text-anchor', 'text-decoration', 'text-rendering', 'textlength', 'type', 'u1', 'u2', 'unicode', 'values', 'viewbox', 'visibility', 'version', 'vert-adv-y', 'vert-origin-x', 'vert-origin-y', 'width', 'word-spacing', 'wrap', 'writing-mode', 'xchannelselector', 'ychannelselector', 'x', 'x1', 'x2', 'xmlns', 'y', 'y1', 'y2', 'z', 'zoomandpan']);
|
|
178
178
|
|
|
@@ -249,7 +249,7 @@
|
|
|
249
249
|
* Version label, exposed for easier checks
|
|
250
250
|
* if DOMPurify is up to date or not
|
|
251
251
|
*/
|
|
252
|
-
DOMPurify.version = '2.3.
|
|
252
|
+
DOMPurify.version = '2.3.4';
|
|
253
253
|
|
|
254
254
|
/**
|
|
255
255
|
* Array of elements that DOMPurify removed during sanitation.
|
|
@@ -275,8 +275,7 @@
|
|
|
275
275
|
NodeFilter = window.NodeFilter,
|
|
276
276
|
_window$NamedNodeMap = window.NamedNodeMap,
|
|
277
277
|
NamedNodeMap = _window$NamedNodeMap === undefined ? window.NamedNodeMap || window.MozNamedAttrMap : _window$NamedNodeMap,
|
|
278
|
-
|
|
279
|
-
Comment = window.Comment,
|
|
278
|
+
HTMLFormElement = window.HTMLFormElement,
|
|
280
279
|
DOMParser = window.DOMParser,
|
|
281
280
|
trustedTypes = window.trustedTypes;
|
|
282
281
|
|
|
@@ -346,6 +345,33 @@
|
|
|
346
345
|
var ALLOWED_ATTR = null;
|
|
347
346
|
var DEFAULT_ALLOWED_ATTR = addToSet({}, [].concat(_toConsumableArray$1(html$1), _toConsumableArray$1(svg$1), _toConsumableArray$1(mathMl$1), _toConsumableArray$1(xml)));
|
|
348
347
|
|
|
348
|
+
/*
|
|
349
|
+
* Configure how DOMPUrify should handle custom elements and their attributes as well as customized built-in elements.
|
|
350
|
+
* @property {RegExp|Function|null} tagNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any custom elements)
|
|
351
|
+
* @property {RegExp|Function|null} attributeNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any attributes not on the allow list)
|
|
352
|
+
* @property {boolean} allowCustomizedBuiltInElements allow custom elements derived from built-ins if they pass CUSTOM_ELEMENT_HANDLING.tagNameCheck. Default: `false`.
|
|
353
|
+
*/
|
|
354
|
+
var CUSTOM_ELEMENT_HANDLING = Object.seal(Object.create(null, {
|
|
355
|
+
tagNameCheck: {
|
|
356
|
+
writable: true,
|
|
357
|
+
configurable: false,
|
|
358
|
+
enumerable: true,
|
|
359
|
+
value: null
|
|
360
|
+
},
|
|
361
|
+
attributeNameCheck: {
|
|
362
|
+
writable: true,
|
|
363
|
+
configurable: false,
|
|
364
|
+
enumerable: true,
|
|
365
|
+
value: null
|
|
366
|
+
},
|
|
367
|
+
allowCustomizedBuiltInElements: {
|
|
368
|
+
writable: true,
|
|
369
|
+
configurable: false,
|
|
370
|
+
enumerable: true,
|
|
371
|
+
value: false
|
|
372
|
+
}
|
|
373
|
+
}));
|
|
374
|
+
|
|
349
375
|
/* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */
|
|
350
376
|
var FORBID_TAGS = null;
|
|
351
377
|
|
|
@@ -386,17 +412,6 @@
|
|
|
386
412
|
* string (or a TrustedHTML object if Trusted Types are supported) */
|
|
387
413
|
var RETURN_DOM_FRAGMENT = false;
|
|
388
414
|
|
|
389
|
-
/* If `RETURN_DOM` or `RETURN_DOM_FRAGMENT` is enabled, decide if the returned DOM
|
|
390
|
-
* `Node` is imported into the current `Document`. If this flag is not enabled the
|
|
391
|
-
* `Node` will belong (its ownerDocument) to a fresh `HTMLDocument`, created by
|
|
392
|
-
* DOMPurify.
|
|
393
|
-
*
|
|
394
|
-
* This defaults to `true` starting DOMPurify 2.2.0. Note that setting it to `false`
|
|
395
|
-
* might cause XSS from attacks hidden in closed shadowroots in case the browser
|
|
396
|
-
* supports Declarative Shadow: DOM https://web.dev/declarative-shadow-dom/
|
|
397
|
-
*/
|
|
398
|
-
var RETURN_DOM_IMPORT = true;
|
|
399
|
-
|
|
400
415
|
/* Try to return a Trusted Type object instead of a string, return a string in
|
|
401
416
|
* case Trusted Types are not supported */
|
|
402
417
|
var RETURN_TRUSTED_TYPE = false;
|
|
@@ -447,6 +462,10 @@
|
|
|
447
462
|
|
|
448
463
|
var formElement = document.createElement('form');
|
|
449
464
|
|
|
465
|
+
var isRegexOrFunction = function isRegexOrFunction(testValue) {
|
|
466
|
+
return testValue instanceof RegExp || testValue instanceof Function;
|
|
467
|
+
};
|
|
468
|
+
|
|
450
469
|
/**
|
|
451
470
|
* _parseConfig
|
|
452
471
|
*
|
|
@@ -482,7 +501,6 @@
|
|
|
482
501
|
WHOLE_DOCUMENT = cfg.WHOLE_DOCUMENT || false; // Default false
|
|
483
502
|
RETURN_DOM = cfg.RETURN_DOM || false; // Default false
|
|
484
503
|
RETURN_DOM_FRAGMENT = cfg.RETURN_DOM_FRAGMENT || false; // Default false
|
|
485
|
-
RETURN_DOM_IMPORT = cfg.RETURN_DOM_IMPORT !== false; // Default true
|
|
486
504
|
RETURN_TRUSTED_TYPE = cfg.RETURN_TRUSTED_TYPE || false; // Default false
|
|
487
505
|
FORCE_BODY = cfg.FORCE_BODY || false; // Default false
|
|
488
506
|
SANITIZE_DOM = cfg.SANITIZE_DOM !== false; // Default true
|
|
@@ -490,6 +508,17 @@
|
|
|
490
508
|
IN_PLACE = cfg.IN_PLACE || false; // Default false
|
|
491
509
|
IS_ALLOWED_URI$$1 = cfg.ALLOWED_URI_REGEXP || IS_ALLOWED_URI$$1;
|
|
492
510
|
NAMESPACE = cfg.NAMESPACE || HTML_NAMESPACE;
|
|
511
|
+
if (cfg.CUSTOM_ELEMENT_HANDLING && isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck)) {
|
|
512
|
+
CUSTOM_ELEMENT_HANDLING.tagNameCheck = cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck;
|
|
513
|
+
}
|
|
514
|
+
|
|
515
|
+
if (cfg.CUSTOM_ELEMENT_HANDLING && isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)) {
|
|
516
|
+
CUSTOM_ELEMENT_HANDLING.attributeNameCheck = cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck;
|
|
517
|
+
}
|
|
518
|
+
|
|
519
|
+
if (cfg.CUSTOM_ELEMENT_HANDLING && typeof cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements === 'boolean') {
|
|
520
|
+
CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements = cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements;
|
|
521
|
+
}
|
|
493
522
|
|
|
494
523
|
PARSER_MEDIA_TYPE =
|
|
495
524
|
// eslint-disable-next-line unicorn/prefer-includes
|
|
@@ -825,15 +854,7 @@
|
|
|
825
854
|
* @return {Boolean} true if clobbered, false if safe
|
|
826
855
|
*/
|
|
827
856
|
var _isClobbered = function _isClobbered(elm) {
|
|
828
|
-
|
|
829
|
-
return false;
|
|
830
|
-
}
|
|
831
|
-
|
|
832
|
-
if (typeof elm.nodeName !== 'string' || typeof elm.textContent !== 'string' || typeof elm.removeChild !== 'function' || !(elm.attributes instanceof NamedNodeMap) || typeof elm.removeAttribute !== 'function' || typeof elm.setAttribute !== 'function' || typeof elm.namespaceURI !== 'string' || typeof elm.insertBefore !== 'function') {
|
|
833
|
-
return true;
|
|
834
|
-
}
|
|
835
|
-
|
|
836
|
-
return false;
|
|
857
|
+
return elm instanceof HTMLFormElement && (typeof elm.nodeName !== 'string' || typeof elm.textContent !== 'string' || typeof elm.removeChild !== 'function' || !(elm.attributes instanceof NamedNodeMap) || typeof elm.removeAttribute !== 'function' || typeof elm.setAttribute !== 'function' || typeof elm.namespaceURI !== 'string' || typeof elm.insertBefore !== 'function');
|
|
837
858
|
};
|
|
838
859
|
|
|
839
860
|
/**
|
|
@@ -929,6 +950,11 @@
|
|
|
929
950
|
}
|
|
930
951
|
}
|
|
931
952
|
|
|
953
|
+
if (!FORBID_TAGS[tagName] && _basicCustomElementTest(tagName)) {
|
|
954
|
+
if (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, tagName)) return false;
|
|
955
|
+
if (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.tagNameCheck(tagName)) return false;
|
|
956
|
+
}
|
|
957
|
+
|
|
932
958
|
_forceRemove(currentNode);
|
|
933
959
|
return true;
|
|
934
960
|
}
|
|
@@ -982,8 +1008,16 @@
|
|
|
982
1008
|
XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804)
|
|
983
1009
|
We don't need to check the value; it's always URI safe. */
|
|
984
1010
|
if (ALLOW_DATA_ATTR && !FORBID_ATTR[lcName] && regExpTest(DATA_ATTR$$1, lcName)) ; else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR$$1, lcName)) ; else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) {
|
|
985
|
-
|
|
986
|
-
|
|
1011
|
+
if (
|
|
1012
|
+
// First condition does a very basic check if a) it's basically a valid custom element tagname AND
|
|
1013
|
+
// b) if the tagName passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck
|
|
1014
|
+
// and c) if the attribute name passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.attributeNameCheck
|
|
1015
|
+
_basicCustomElementTest(lcTag) && (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, lcTag) || CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.tagNameCheck(lcTag)) && (CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.attributeNameCheck, lcName) || CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.attributeNameCheck(lcName)) ||
|
|
1016
|
+
// Alternative, second condition checks if it's an `is`-attribute, AND
|
|
1017
|
+
// the value passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck
|
|
1018
|
+
lcName === 'is' && CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements && (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, value) || CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.tagNameCheck(value))) ; else {
|
|
1019
|
+
return false;
|
|
1020
|
+
}
|
|
987
1021
|
/* Check value is safe. First, is attr inert? If so, is safe */
|
|
988
1022
|
} else if (URI_SAFE_ATTRIBUTES[lcName]) ; else if (regExpTest(IS_ALLOWED_URI$$1, stringReplace(value, ATTR_WHITESPACE$$1, ''))) ; else if ((lcName === 'src' || lcName === 'xlink:href' || lcName === 'href') && lcTag !== 'script' && stringIndexOf(value, 'data:') === 0 && DATA_URI_TAGS[lcTag]) ; else if (ALLOW_UNKNOWN_PROTOCOLS && !regExpTest(IS_SCRIPT_OR_DATA$$1, stringReplace(value, ATTR_WHITESPACE$$1, ''))) ; else if (!value) ; else {
|
|
989
1023
|
return false;
|
|
@@ -992,6 +1026,16 @@
|
|
|
992
1026
|
return true;
|
|
993
1027
|
};
|
|
994
1028
|
|
|
1029
|
+
/**
|
|
1030
|
+
* _basicCustomElementCheck
|
|
1031
|
+
* checks if at least one dash is included in tagName, and it's not the first char
|
|
1032
|
+
* for more sophisticated checking see https://github.com/sindresorhus/validate-element-name
|
|
1033
|
+
* @param {string} tagName name of the tag of the node to sanitize
|
|
1034
|
+
*/
|
|
1035
|
+
var _basicCustomElementTest = function _basicCustomElementTest(tagName) {
|
|
1036
|
+
return tagName.indexOf('-') > 0;
|
|
1037
|
+
};
|
|
1038
|
+
|
|
995
1039
|
/**
|
|
996
1040
|
* _sanitizeAttributes
|
|
997
1041
|
*
|
|
@@ -1270,7 +1314,7 @@
|
|
|
1270
1314
|
returnNode = body;
|
|
1271
1315
|
}
|
|
1272
1316
|
|
|
1273
|
-
if (
|
|
1317
|
+
if (ALLOWED_ATTR.shadowroot) {
|
|
1274
1318
|
/*
|
|
1275
1319
|
AdoptNode() is not used because internal state is not reset
|
|
1276
1320
|
(e.g. the past names map of a HTMLFormElement), this is safe
|