dompurify 3.2.1 → 3.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/purify.cjs.d.ts +43 -8
- package/dist/purify.cjs.js +32 -27
- package/dist/purify.cjs.js.map +1 -1
- package/dist/purify.es.d.mts +43 -8
- package/dist/purify.es.mjs +32 -27
- package/dist/purify.es.mjs.map +1 -1
- package/dist/purify.js +32 -27
- package/dist/purify.js.map +1 -1
- package/dist/purify.min.js +2 -2
- package/package.json +4 -3
package/README.md
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
|
|
7
7
|
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.
|
|
8
8
|
|
|
9
|
-
It's also very simple to use and get started with. DOMPurify was [started in February 2014](https://github.com/cure53/DOMPurify/commit/a630922616927373485e0e787ab19e73e3691b2b) and, meanwhile, has reached version **v3.2.
|
|
9
|
+
It's also very simple to use and get started with. DOMPurify was [started in February 2014](https://github.com/cure53/DOMPurify/commit/a630922616927373485e0e787ab19e73e3691b2b) and, meanwhile, has reached version **v3.2.2**.
|
|
10
10
|
|
|
11
11
|
DOMPurify is written in JavaScript and works in all modern browsers (Safari (10+), Opera (15+), Edge, Firefox and Chrome - as well as almost anything else using Blink, Gecko or WebKit). It doesn't break on MSIE or other legacy browsers. It simply does nothing.
|
|
12
12
|
|
package/dist/purify.cjs.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
|
|
1
|
+
/// <reference types="trusted-types" />
|
|
2
|
+
/*! @license DOMPurify 3.2.2 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.2/LICENSE */
|
|
2
3
|
|
|
3
4
|
/**
|
|
4
5
|
* Configuration to control DOMPurify behavior.
|
|
@@ -297,7 +298,21 @@ interface DOMPurify {
|
|
|
297
298
|
* @param entryPoint entry point for the hook to add
|
|
298
299
|
* @param hookFunction function to execute
|
|
299
300
|
*/
|
|
300
|
-
addHook(entryPoint: BasicHookName, hookFunction:
|
|
301
|
+
addHook(entryPoint: BasicHookName, hookFunction: NodeHook): void;
|
|
302
|
+
/**
|
|
303
|
+
* Adds a DOMPurify hook.
|
|
304
|
+
*
|
|
305
|
+
* @param entryPoint entry point for the hook to add
|
|
306
|
+
* @param hookFunction function to execute
|
|
307
|
+
*/
|
|
308
|
+
addHook(entryPoint: ElementHookName, hookFunction: ElementHook): void;
|
|
309
|
+
/**
|
|
310
|
+
* Adds a DOMPurify hook.
|
|
311
|
+
*
|
|
312
|
+
* @param entryPoint entry point for the hook to add
|
|
313
|
+
* @param hookFunction function to execute
|
|
314
|
+
*/
|
|
315
|
+
addHook(entryPoint: DocumentFragmentHookName, hookFunction: DocumentFragmentHook): void;
|
|
301
316
|
/**
|
|
302
317
|
* Adds a DOMPurify hook.
|
|
303
318
|
*
|
|
@@ -319,7 +334,23 @@ interface DOMPurify {
|
|
|
319
334
|
* @param entryPoint entry point for the hook to remove
|
|
320
335
|
* @returns removed(popped) hook
|
|
321
336
|
*/
|
|
322
|
-
removeHook(entryPoint: BasicHookName):
|
|
337
|
+
removeHook(entryPoint: BasicHookName): NodeHook | undefined;
|
|
338
|
+
/**
|
|
339
|
+
* Remove a DOMPurify hook at a given entryPoint
|
|
340
|
+
* (pops it from the stack of hooks if more are present)
|
|
341
|
+
*
|
|
342
|
+
* @param entryPoint entry point for the hook to remove
|
|
343
|
+
* @returns removed(popped) hook
|
|
344
|
+
*/
|
|
345
|
+
removeHook(entryPoint: ElementHookName): ElementHook | undefined;
|
|
346
|
+
/**
|
|
347
|
+
* Remove a DOMPurify hook at a given entryPoint
|
|
348
|
+
* (pops it from the stack of hooks if more are present)
|
|
349
|
+
*
|
|
350
|
+
* @param entryPoint entry point for the hook to remove
|
|
351
|
+
* @returns removed(popped) hook
|
|
352
|
+
*/
|
|
353
|
+
removeHook(entryPoint: DocumentFragmentHookName): DocumentFragmentHook | undefined;
|
|
323
354
|
/**
|
|
324
355
|
* Remove a DOMPurify hook at a given entryPoint
|
|
325
356
|
* (pops it from the stack of hooks if more are present)
|
|
@@ -369,13 +400,17 @@ interface RemovedAttribute {
|
|
|
369
400
|
*/
|
|
370
401
|
from: Node;
|
|
371
402
|
}
|
|
372
|
-
type BasicHookName = 'beforeSanitizeElements' | 'afterSanitizeElements' | '
|
|
403
|
+
type BasicHookName = 'beforeSanitizeElements' | 'afterSanitizeElements' | 'uponSanitizeShadowNode';
|
|
404
|
+
type ElementHookName = 'beforeSanitizeAttributes' | 'afterSanitizeAttributes';
|
|
405
|
+
type DocumentFragmentHookName = 'beforeSanitizeShadowDOM' | 'afterSanitizeShadowDOM';
|
|
373
406
|
type UponSanitizeElementHookName = 'uponSanitizeElement';
|
|
374
407
|
type UponSanitizeAttributeHookName = 'uponSanitizeAttribute';
|
|
375
|
-
type HookName = BasicHookName | UponSanitizeElementHookName | UponSanitizeAttributeHookName;
|
|
376
|
-
type
|
|
408
|
+
type HookName = BasicHookName | ElementHookName | DocumentFragmentHookName | UponSanitizeElementHookName | UponSanitizeAttributeHookName;
|
|
409
|
+
type NodeHook = (this: DOMPurify, currentNode: Node, hookEvent: null, config: Config) => void;
|
|
410
|
+
type ElementHook = (this: DOMPurify, currentNode: Element, hookEvent: null, config: Config) => void;
|
|
411
|
+
type DocumentFragmentHook = (this: DOMPurify, currentNode: DocumentFragment, hookEvent: null, config: Config) => void;
|
|
377
412
|
type UponSanitizeElementHook = (this: DOMPurify, currentNode: Node, hookEvent: UponSanitizeElementHookEvent, config: Config) => void;
|
|
378
|
-
type UponSanitizeAttributeHook = (this: DOMPurify, currentNode:
|
|
413
|
+
type UponSanitizeAttributeHook = (this: DOMPurify, currentNode: Element, hookEvent: UponSanitizeAttributeHookEvent, config: Config) => void;
|
|
379
414
|
interface UponSanitizeElementHookEvent {
|
|
380
415
|
tagName: string;
|
|
381
416
|
allowedTags: Record<string, boolean>;
|
|
@@ -396,7 +431,7 @@ type WindowLike = Pick<typeof globalThis, 'DocumentFragment' | 'HTMLTemplateElem
|
|
|
396
431
|
trustedTypes?: typeof window.trustedTypes;
|
|
397
432
|
};
|
|
398
433
|
|
|
399
|
-
export { type Config, type DOMPurify, type
|
|
434
|
+
export { type Config, type DOMPurify, type DocumentFragmentHook, type ElementHook, type HookName, type NodeHook, type RemovedAttribute, type RemovedElement, type UponSanitizeAttributeHook, type UponSanitizeAttributeHookEvent, type UponSanitizeElementHook, type UponSanitizeElementHookEvent, type WindowLike };
|
|
400
435
|
|
|
401
436
|
// @ts-ignore
|
|
402
437
|
export = _default;
|
package/dist/purify.cjs.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @license DOMPurify 3.2.
|
|
1
|
+
/*! @license DOMPurify 3.2.2 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.2/LICENSE */
|
|
2
2
|
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
@@ -281,10 +281,23 @@ const _createTrustedTypesPolicy = function _createTrustedTypesPolicy(trustedType
|
|
|
281
281
|
return null;
|
|
282
282
|
}
|
|
283
283
|
};
|
|
284
|
+
const _createHooksMap = function _createHooksMap() {
|
|
285
|
+
return {
|
|
286
|
+
afterSanitizeAttributes: [],
|
|
287
|
+
afterSanitizeElements: [],
|
|
288
|
+
afterSanitizeShadowDOM: [],
|
|
289
|
+
beforeSanitizeAttributes: [],
|
|
290
|
+
beforeSanitizeElements: [],
|
|
291
|
+
beforeSanitizeShadowDOM: [],
|
|
292
|
+
uponSanitizeAttribute: [],
|
|
293
|
+
uponSanitizeElement: [],
|
|
294
|
+
uponSanitizeShadowNode: []
|
|
295
|
+
};
|
|
296
|
+
};
|
|
284
297
|
function createDOMPurify() {
|
|
285
298
|
let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal();
|
|
286
299
|
const DOMPurify = root => createDOMPurify(root);
|
|
287
|
-
DOMPurify.version = '3.2.
|
|
300
|
+
DOMPurify.version = '3.2.2';
|
|
288
301
|
DOMPurify.removed = [];
|
|
289
302
|
if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document) {
|
|
290
303
|
// Not running in a browser, provide a factory function
|
|
@@ -337,7 +350,7 @@ function createDOMPurify() {
|
|
|
337
350
|
const {
|
|
338
351
|
importNode
|
|
339
352
|
} = originalDocument;
|
|
340
|
-
let hooks =
|
|
353
|
+
let hooks = _createHooksMap();
|
|
341
354
|
/**
|
|
342
355
|
* Expose whether this browser supports running the full DOMPurify.
|
|
343
356
|
*/
|
|
@@ -766,8 +779,8 @@ function createDOMPurify() {
|
|
|
766
779
|
});
|
|
767
780
|
}
|
|
768
781
|
element.removeAttribute(name);
|
|
769
|
-
// We void attribute values for unremovable "is"
|
|
770
|
-
if (name === 'is'
|
|
782
|
+
// We void attribute values for unremovable "is" attributes
|
|
783
|
+
if (name === 'is') {
|
|
771
784
|
if (RETURN_DOM || RETURN_DOM_FRAGMENT) {
|
|
772
785
|
try {
|
|
773
786
|
_forceRemove(element);
|
|
@@ -858,11 +871,8 @@ function createDOMPurify() {
|
|
|
858
871
|
const _isNode = function _isNode(value) {
|
|
859
872
|
return typeof Node === 'function' && value instanceof Node;
|
|
860
873
|
};
|
|
861
|
-
function
|
|
862
|
-
|
|
863
|
-
return;
|
|
864
|
-
}
|
|
865
|
-
arrayForEach(hooks[entryPoint], hook => {
|
|
874
|
+
function _executeHooks(hooks, currentNode, data) {
|
|
875
|
+
arrayForEach(hooks, hook => {
|
|
866
876
|
hook.call(DOMPurify, currentNode, data, CONFIG);
|
|
867
877
|
});
|
|
868
878
|
}
|
|
@@ -878,7 +888,7 @@ function createDOMPurify() {
|
|
|
878
888
|
const _sanitizeElements = function _sanitizeElements(currentNode) {
|
|
879
889
|
let content = null;
|
|
880
890
|
/* Execute a hook if present */
|
|
881
|
-
|
|
891
|
+
_executeHooks(hooks.beforeSanitizeElements, currentNode, null);
|
|
882
892
|
/* Check if element is clobbered or can clobber */
|
|
883
893
|
if (_isClobbered(currentNode)) {
|
|
884
894
|
_forceRemove(currentNode);
|
|
@@ -887,7 +897,7 @@ function createDOMPurify() {
|
|
|
887
897
|
/* Now let's check the element's type and name */
|
|
888
898
|
const tagName = transformCaseFunc(currentNode.nodeName);
|
|
889
899
|
/* Execute a hook if present */
|
|
890
|
-
|
|
900
|
+
_executeHooks(hooks.uponSanitizeElement, currentNode, {
|
|
891
901
|
tagName,
|
|
892
902
|
allowedTags: ALLOWED_TAGS
|
|
893
903
|
});
|
|
@@ -958,7 +968,7 @@ function createDOMPurify() {
|
|
|
958
968
|
}
|
|
959
969
|
}
|
|
960
970
|
/* Execute a hook if present */
|
|
961
|
-
|
|
971
|
+
_executeHooks(hooks.afterSanitizeElements, currentNode, null);
|
|
962
972
|
return false;
|
|
963
973
|
};
|
|
964
974
|
/**
|
|
@@ -1019,7 +1029,7 @@ function createDOMPurify() {
|
|
|
1019
1029
|
*/
|
|
1020
1030
|
const _sanitizeAttributes = function _sanitizeAttributes(currentNode) {
|
|
1021
1031
|
/* Execute a hook if present */
|
|
1022
|
-
|
|
1032
|
+
_executeHooks(hooks.beforeSanitizeAttributes, currentNode, null);
|
|
1023
1033
|
const {
|
|
1024
1034
|
attributes
|
|
1025
1035
|
} = currentNode;
|
|
@@ -1050,7 +1060,7 @@ function createDOMPurify() {
|
|
|
1050
1060
|
hookEvent.attrValue = value;
|
|
1051
1061
|
hookEvent.keepAttr = true;
|
|
1052
1062
|
hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set
|
|
1053
|
-
|
|
1063
|
+
_executeHooks(hooks.uponSanitizeAttribute, currentNode, hookEvent);
|
|
1054
1064
|
value = hookEvent.attrValue;
|
|
1055
1065
|
/* Full DOM Clobbering protection via namespace isolation,
|
|
1056
1066
|
* Prefix id and name attributes with `user-content-`
|
|
@@ -1125,7 +1135,7 @@ function createDOMPurify() {
|
|
|
1125
1135
|
} catch (_) {}
|
|
1126
1136
|
}
|
|
1127
1137
|
/* Execute a hook if present */
|
|
1128
|
-
|
|
1138
|
+
_executeHooks(hooks.afterSanitizeAttributes, currentNode, null);
|
|
1129
1139
|
};
|
|
1130
1140
|
/**
|
|
1131
1141
|
* _sanitizeShadowDOM
|
|
@@ -1136,10 +1146,10 @@ function createDOMPurify() {
|
|
|
1136
1146
|
let shadowNode = null;
|
|
1137
1147
|
const shadowIterator = _createNodeIterator(fragment);
|
|
1138
1148
|
/* Execute a hook if present */
|
|
1139
|
-
|
|
1149
|
+
_executeHooks(hooks.beforeSanitizeShadowDOM, fragment, null);
|
|
1140
1150
|
while (shadowNode = shadowIterator.nextNode()) {
|
|
1141
1151
|
/* Execute a hook if present */
|
|
1142
|
-
|
|
1152
|
+
_executeHooks(hooks.uponSanitizeShadowNode, shadowNode, null);
|
|
1143
1153
|
/* Sanitize tags and elements */
|
|
1144
1154
|
if (_sanitizeElements(shadowNode)) {
|
|
1145
1155
|
continue;
|
|
@@ -1152,7 +1162,7 @@ function createDOMPurify() {
|
|
|
1152
1162
|
_sanitizeAttributes(shadowNode);
|
|
1153
1163
|
}
|
|
1154
1164
|
/* Execute a hook if present */
|
|
1155
|
-
|
|
1165
|
+
_executeHooks(hooks.afterSanitizeShadowDOM, fragment, null);
|
|
1156
1166
|
};
|
|
1157
1167
|
// eslint-disable-next-line complexity
|
|
1158
1168
|
DOMPurify.sanitize = function (dirty) {
|
|
@@ -1310,21 +1320,16 @@ function createDOMPurify() {
|
|
|
1310
1320
|
if (typeof hookFunction !== 'function') {
|
|
1311
1321
|
return;
|
|
1312
1322
|
}
|
|
1313
|
-
hooks[entryPoint] = hooks[entryPoint] || [];
|
|
1314
1323
|
arrayPush(hooks[entryPoint], hookFunction);
|
|
1315
1324
|
};
|
|
1316
1325
|
DOMPurify.removeHook = function (entryPoint) {
|
|
1317
|
-
|
|
1318
|
-
return arrayPop(hooks[entryPoint]);
|
|
1319
|
-
}
|
|
1326
|
+
return arrayPop(hooks[entryPoint]);
|
|
1320
1327
|
};
|
|
1321
1328
|
DOMPurify.removeHooks = function (entryPoint) {
|
|
1322
|
-
|
|
1323
|
-
hooks[entryPoint] = [];
|
|
1324
|
-
}
|
|
1329
|
+
hooks[entryPoint] = [];
|
|
1325
1330
|
};
|
|
1326
1331
|
DOMPurify.removeAllHooks = function () {
|
|
1327
|
-
hooks =
|
|
1332
|
+
hooks = _createHooksMap();
|
|
1328
1333
|
};
|
|
1329
1334
|
return DOMPurify;
|
|
1330
1335
|
}
|
package/dist/purify.cjs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"purify.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"purify.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
|
package/dist/purify.es.d.mts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
|
|
1
|
+
/// <reference types="trusted-types" />
|
|
2
|
+
/*! @license DOMPurify 3.2.2 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.2/LICENSE */
|
|
2
3
|
|
|
3
4
|
/**
|
|
4
5
|
* Configuration to control DOMPurify behavior.
|
|
@@ -297,7 +298,21 @@ interface DOMPurify {
|
|
|
297
298
|
* @param entryPoint entry point for the hook to add
|
|
298
299
|
* @param hookFunction function to execute
|
|
299
300
|
*/
|
|
300
|
-
addHook(entryPoint: BasicHookName, hookFunction:
|
|
301
|
+
addHook(entryPoint: BasicHookName, hookFunction: NodeHook): void;
|
|
302
|
+
/**
|
|
303
|
+
* Adds a DOMPurify hook.
|
|
304
|
+
*
|
|
305
|
+
* @param entryPoint entry point for the hook to add
|
|
306
|
+
* @param hookFunction function to execute
|
|
307
|
+
*/
|
|
308
|
+
addHook(entryPoint: ElementHookName, hookFunction: ElementHook): void;
|
|
309
|
+
/**
|
|
310
|
+
* Adds a DOMPurify hook.
|
|
311
|
+
*
|
|
312
|
+
* @param entryPoint entry point for the hook to add
|
|
313
|
+
* @param hookFunction function to execute
|
|
314
|
+
*/
|
|
315
|
+
addHook(entryPoint: DocumentFragmentHookName, hookFunction: DocumentFragmentHook): void;
|
|
301
316
|
/**
|
|
302
317
|
* Adds a DOMPurify hook.
|
|
303
318
|
*
|
|
@@ -319,7 +334,23 @@ interface DOMPurify {
|
|
|
319
334
|
* @param entryPoint entry point for the hook to remove
|
|
320
335
|
* @returns removed(popped) hook
|
|
321
336
|
*/
|
|
322
|
-
removeHook(entryPoint: BasicHookName):
|
|
337
|
+
removeHook(entryPoint: BasicHookName): NodeHook | undefined;
|
|
338
|
+
/**
|
|
339
|
+
* Remove a DOMPurify hook at a given entryPoint
|
|
340
|
+
* (pops it from the stack of hooks if more are present)
|
|
341
|
+
*
|
|
342
|
+
* @param entryPoint entry point for the hook to remove
|
|
343
|
+
* @returns removed(popped) hook
|
|
344
|
+
*/
|
|
345
|
+
removeHook(entryPoint: ElementHookName): ElementHook | undefined;
|
|
346
|
+
/**
|
|
347
|
+
* Remove a DOMPurify hook at a given entryPoint
|
|
348
|
+
* (pops it from the stack of hooks if more are present)
|
|
349
|
+
*
|
|
350
|
+
* @param entryPoint entry point for the hook to remove
|
|
351
|
+
* @returns removed(popped) hook
|
|
352
|
+
*/
|
|
353
|
+
removeHook(entryPoint: DocumentFragmentHookName): DocumentFragmentHook | undefined;
|
|
323
354
|
/**
|
|
324
355
|
* Remove a DOMPurify hook at a given entryPoint
|
|
325
356
|
* (pops it from the stack of hooks if more are present)
|
|
@@ -369,13 +400,17 @@ interface RemovedAttribute {
|
|
|
369
400
|
*/
|
|
370
401
|
from: Node;
|
|
371
402
|
}
|
|
372
|
-
type BasicHookName = 'beforeSanitizeElements' | 'afterSanitizeElements' | '
|
|
403
|
+
type BasicHookName = 'beforeSanitizeElements' | 'afterSanitizeElements' | 'uponSanitizeShadowNode';
|
|
404
|
+
type ElementHookName = 'beforeSanitizeAttributes' | 'afterSanitizeAttributes';
|
|
405
|
+
type DocumentFragmentHookName = 'beforeSanitizeShadowDOM' | 'afterSanitizeShadowDOM';
|
|
373
406
|
type UponSanitizeElementHookName = 'uponSanitizeElement';
|
|
374
407
|
type UponSanitizeAttributeHookName = 'uponSanitizeAttribute';
|
|
375
|
-
type HookName = BasicHookName | UponSanitizeElementHookName | UponSanitizeAttributeHookName;
|
|
376
|
-
type
|
|
408
|
+
type HookName = BasicHookName | ElementHookName | DocumentFragmentHookName | UponSanitizeElementHookName | UponSanitizeAttributeHookName;
|
|
409
|
+
type NodeHook = (this: DOMPurify, currentNode: Node, hookEvent: null, config: Config) => void;
|
|
410
|
+
type ElementHook = (this: DOMPurify, currentNode: Element, hookEvent: null, config: Config) => void;
|
|
411
|
+
type DocumentFragmentHook = (this: DOMPurify, currentNode: DocumentFragment, hookEvent: null, config: Config) => void;
|
|
377
412
|
type UponSanitizeElementHook = (this: DOMPurify, currentNode: Node, hookEvent: UponSanitizeElementHookEvent, config: Config) => void;
|
|
378
|
-
type UponSanitizeAttributeHook = (this: DOMPurify, currentNode:
|
|
413
|
+
type UponSanitizeAttributeHook = (this: DOMPurify, currentNode: Element, hookEvent: UponSanitizeAttributeHookEvent, config: Config) => void;
|
|
379
414
|
interface UponSanitizeElementHookEvent {
|
|
380
415
|
tagName: string;
|
|
381
416
|
allowedTags: Record<string, boolean>;
|
|
@@ -396,4 +431,4 @@ type WindowLike = Pick<typeof globalThis, 'DocumentFragment' | 'HTMLTemplateElem
|
|
|
396
431
|
trustedTypes?: typeof window.trustedTypes;
|
|
397
432
|
};
|
|
398
433
|
|
|
399
|
-
export { type Config, type DOMPurify, type
|
|
434
|
+
export { type Config, type DOMPurify, type DocumentFragmentHook, type ElementHook, type HookName, type NodeHook, type RemovedAttribute, type RemovedElement, type UponSanitizeAttributeHook, type UponSanitizeAttributeHookEvent, type UponSanitizeElementHook, type UponSanitizeElementHookEvent, type WindowLike, _default as default };
|
package/dist/purify.es.mjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @license DOMPurify 3.2.
|
|
1
|
+
/*! @license DOMPurify 3.2.2 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.2/LICENSE */
|
|
2
2
|
|
|
3
3
|
const {
|
|
4
4
|
entries,
|
|
@@ -279,10 +279,23 @@ const _createTrustedTypesPolicy = function _createTrustedTypesPolicy(trustedType
|
|
|
279
279
|
return null;
|
|
280
280
|
}
|
|
281
281
|
};
|
|
282
|
+
const _createHooksMap = function _createHooksMap() {
|
|
283
|
+
return {
|
|
284
|
+
afterSanitizeAttributes: [],
|
|
285
|
+
afterSanitizeElements: [],
|
|
286
|
+
afterSanitizeShadowDOM: [],
|
|
287
|
+
beforeSanitizeAttributes: [],
|
|
288
|
+
beforeSanitizeElements: [],
|
|
289
|
+
beforeSanitizeShadowDOM: [],
|
|
290
|
+
uponSanitizeAttribute: [],
|
|
291
|
+
uponSanitizeElement: [],
|
|
292
|
+
uponSanitizeShadowNode: []
|
|
293
|
+
};
|
|
294
|
+
};
|
|
282
295
|
function createDOMPurify() {
|
|
283
296
|
let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal();
|
|
284
297
|
const DOMPurify = root => createDOMPurify(root);
|
|
285
|
-
DOMPurify.version = '3.2.
|
|
298
|
+
DOMPurify.version = '3.2.2';
|
|
286
299
|
DOMPurify.removed = [];
|
|
287
300
|
if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document) {
|
|
288
301
|
// Not running in a browser, provide a factory function
|
|
@@ -335,7 +348,7 @@ function createDOMPurify() {
|
|
|
335
348
|
const {
|
|
336
349
|
importNode
|
|
337
350
|
} = originalDocument;
|
|
338
|
-
let hooks =
|
|
351
|
+
let hooks = _createHooksMap();
|
|
339
352
|
/**
|
|
340
353
|
* Expose whether this browser supports running the full DOMPurify.
|
|
341
354
|
*/
|
|
@@ -764,8 +777,8 @@ function createDOMPurify() {
|
|
|
764
777
|
});
|
|
765
778
|
}
|
|
766
779
|
element.removeAttribute(name);
|
|
767
|
-
// We void attribute values for unremovable "is"
|
|
768
|
-
if (name === 'is'
|
|
780
|
+
// We void attribute values for unremovable "is" attributes
|
|
781
|
+
if (name === 'is') {
|
|
769
782
|
if (RETURN_DOM || RETURN_DOM_FRAGMENT) {
|
|
770
783
|
try {
|
|
771
784
|
_forceRemove(element);
|
|
@@ -856,11 +869,8 @@ function createDOMPurify() {
|
|
|
856
869
|
const _isNode = function _isNode(value) {
|
|
857
870
|
return typeof Node === 'function' && value instanceof Node;
|
|
858
871
|
};
|
|
859
|
-
function
|
|
860
|
-
|
|
861
|
-
return;
|
|
862
|
-
}
|
|
863
|
-
arrayForEach(hooks[entryPoint], hook => {
|
|
872
|
+
function _executeHooks(hooks, currentNode, data) {
|
|
873
|
+
arrayForEach(hooks, hook => {
|
|
864
874
|
hook.call(DOMPurify, currentNode, data, CONFIG);
|
|
865
875
|
});
|
|
866
876
|
}
|
|
@@ -876,7 +886,7 @@ function createDOMPurify() {
|
|
|
876
886
|
const _sanitizeElements = function _sanitizeElements(currentNode) {
|
|
877
887
|
let content = null;
|
|
878
888
|
/* Execute a hook if present */
|
|
879
|
-
|
|
889
|
+
_executeHooks(hooks.beforeSanitizeElements, currentNode, null);
|
|
880
890
|
/* Check if element is clobbered or can clobber */
|
|
881
891
|
if (_isClobbered(currentNode)) {
|
|
882
892
|
_forceRemove(currentNode);
|
|
@@ -885,7 +895,7 @@ function createDOMPurify() {
|
|
|
885
895
|
/* Now let's check the element's type and name */
|
|
886
896
|
const tagName = transformCaseFunc(currentNode.nodeName);
|
|
887
897
|
/* Execute a hook if present */
|
|
888
|
-
|
|
898
|
+
_executeHooks(hooks.uponSanitizeElement, currentNode, {
|
|
889
899
|
tagName,
|
|
890
900
|
allowedTags: ALLOWED_TAGS
|
|
891
901
|
});
|
|
@@ -956,7 +966,7 @@ function createDOMPurify() {
|
|
|
956
966
|
}
|
|
957
967
|
}
|
|
958
968
|
/* Execute a hook if present */
|
|
959
|
-
|
|
969
|
+
_executeHooks(hooks.afterSanitizeElements, currentNode, null);
|
|
960
970
|
return false;
|
|
961
971
|
};
|
|
962
972
|
/**
|
|
@@ -1017,7 +1027,7 @@ function createDOMPurify() {
|
|
|
1017
1027
|
*/
|
|
1018
1028
|
const _sanitizeAttributes = function _sanitizeAttributes(currentNode) {
|
|
1019
1029
|
/* Execute a hook if present */
|
|
1020
|
-
|
|
1030
|
+
_executeHooks(hooks.beforeSanitizeAttributes, currentNode, null);
|
|
1021
1031
|
const {
|
|
1022
1032
|
attributes
|
|
1023
1033
|
} = currentNode;
|
|
@@ -1048,7 +1058,7 @@ function createDOMPurify() {
|
|
|
1048
1058
|
hookEvent.attrValue = value;
|
|
1049
1059
|
hookEvent.keepAttr = true;
|
|
1050
1060
|
hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set
|
|
1051
|
-
|
|
1061
|
+
_executeHooks(hooks.uponSanitizeAttribute, currentNode, hookEvent);
|
|
1052
1062
|
value = hookEvent.attrValue;
|
|
1053
1063
|
/* Full DOM Clobbering protection via namespace isolation,
|
|
1054
1064
|
* Prefix id and name attributes with `user-content-`
|
|
@@ -1123,7 +1133,7 @@ function createDOMPurify() {
|
|
|
1123
1133
|
} catch (_) {}
|
|
1124
1134
|
}
|
|
1125
1135
|
/* Execute a hook if present */
|
|
1126
|
-
|
|
1136
|
+
_executeHooks(hooks.afterSanitizeAttributes, currentNode, null);
|
|
1127
1137
|
};
|
|
1128
1138
|
/**
|
|
1129
1139
|
* _sanitizeShadowDOM
|
|
@@ -1134,10 +1144,10 @@ function createDOMPurify() {
|
|
|
1134
1144
|
let shadowNode = null;
|
|
1135
1145
|
const shadowIterator = _createNodeIterator(fragment);
|
|
1136
1146
|
/* Execute a hook if present */
|
|
1137
|
-
|
|
1147
|
+
_executeHooks(hooks.beforeSanitizeShadowDOM, fragment, null);
|
|
1138
1148
|
while (shadowNode = shadowIterator.nextNode()) {
|
|
1139
1149
|
/* Execute a hook if present */
|
|
1140
|
-
|
|
1150
|
+
_executeHooks(hooks.uponSanitizeShadowNode, shadowNode, null);
|
|
1141
1151
|
/* Sanitize tags and elements */
|
|
1142
1152
|
if (_sanitizeElements(shadowNode)) {
|
|
1143
1153
|
continue;
|
|
@@ -1150,7 +1160,7 @@ function createDOMPurify() {
|
|
|
1150
1160
|
_sanitizeAttributes(shadowNode);
|
|
1151
1161
|
}
|
|
1152
1162
|
/* Execute a hook if present */
|
|
1153
|
-
|
|
1163
|
+
_executeHooks(hooks.afterSanitizeShadowDOM, fragment, null);
|
|
1154
1164
|
};
|
|
1155
1165
|
// eslint-disable-next-line complexity
|
|
1156
1166
|
DOMPurify.sanitize = function (dirty) {
|
|
@@ -1308,21 +1318,16 @@ function createDOMPurify() {
|
|
|
1308
1318
|
if (typeof hookFunction !== 'function') {
|
|
1309
1319
|
return;
|
|
1310
1320
|
}
|
|
1311
|
-
hooks[entryPoint] = hooks[entryPoint] || [];
|
|
1312
1321
|
arrayPush(hooks[entryPoint], hookFunction);
|
|
1313
1322
|
};
|
|
1314
1323
|
DOMPurify.removeHook = function (entryPoint) {
|
|
1315
|
-
|
|
1316
|
-
return arrayPop(hooks[entryPoint]);
|
|
1317
|
-
}
|
|
1324
|
+
return arrayPop(hooks[entryPoint]);
|
|
1318
1325
|
};
|
|
1319
1326
|
DOMPurify.removeHooks = function (entryPoint) {
|
|
1320
|
-
|
|
1321
|
-
hooks[entryPoint] = [];
|
|
1322
|
-
}
|
|
1327
|
+
hooks[entryPoint] = [];
|
|
1323
1328
|
};
|
|
1324
1329
|
DOMPurify.removeAllHooks = function () {
|
|
1325
|
-
hooks =
|
|
1330
|
+
hooks = _createHooksMap();
|
|
1326
1331
|
};
|
|
1327
1332
|
return DOMPurify;
|
|
1328
1333
|
}
|
package/dist/purify.es.mjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"purify.es.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"purify.es.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
|
package/dist/purify.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @license DOMPurify 3.2.
|
|
1
|
+
/*! @license DOMPurify 3.2.2 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.2/LICENSE */
|
|
2
2
|
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :
|
|
@@ -285,10 +285,23 @@
|
|
|
285
285
|
return null;
|
|
286
286
|
}
|
|
287
287
|
};
|
|
288
|
+
const _createHooksMap = function _createHooksMap() {
|
|
289
|
+
return {
|
|
290
|
+
afterSanitizeAttributes: [],
|
|
291
|
+
afterSanitizeElements: [],
|
|
292
|
+
afterSanitizeShadowDOM: [],
|
|
293
|
+
beforeSanitizeAttributes: [],
|
|
294
|
+
beforeSanitizeElements: [],
|
|
295
|
+
beforeSanitizeShadowDOM: [],
|
|
296
|
+
uponSanitizeAttribute: [],
|
|
297
|
+
uponSanitizeElement: [],
|
|
298
|
+
uponSanitizeShadowNode: []
|
|
299
|
+
};
|
|
300
|
+
};
|
|
288
301
|
function createDOMPurify() {
|
|
289
302
|
let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal();
|
|
290
303
|
const DOMPurify = root => createDOMPurify(root);
|
|
291
|
-
DOMPurify.version = '3.2.
|
|
304
|
+
DOMPurify.version = '3.2.2';
|
|
292
305
|
DOMPurify.removed = [];
|
|
293
306
|
if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document) {
|
|
294
307
|
// Not running in a browser, provide a factory function
|
|
@@ -341,7 +354,7 @@
|
|
|
341
354
|
const {
|
|
342
355
|
importNode
|
|
343
356
|
} = originalDocument;
|
|
344
|
-
let hooks =
|
|
357
|
+
let hooks = _createHooksMap();
|
|
345
358
|
/**
|
|
346
359
|
* Expose whether this browser supports running the full DOMPurify.
|
|
347
360
|
*/
|
|
@@ -770,8 +783,8 @@
|
|
|
770
783
|
});
|
|
771
784
|
}
|
|
772
785
|
element.removeAttribute(name);
|
|
773
|
-
// We void attribute values for unremovable "is"
|
|
774
|
-
if (name === 'is'
|
|
786
|
+
// We void attribute values for unremovable "is" attributes
|
|
787
|
+
if (name === 'is') {
|
|
775
788
|
if (RETURN_DOM || RETURN_DOM_FRAGMENT) {
|
|
776
789
|
try {
|
|
777
790
|
_forceRemove(element);
|
|
@@ -862,11 +875,8 @@
|
|
|
862
875
|
const _isNode = function _isNode(value) {
|
|
863
876
|
return typeof Node === 'function' && value instanceof Node;
|
|
864
877
|
};
|
|
865
|
-
function
|
|
866
|
-
|
|
867
|
-
return;
|
|
868
|
-
}
|
|
869
|
-
arrayForEach(hooks[entryPoint], hook => {
|
|
878
|
+
function _executeHooks(hooks, currentNode, data) {
|
|
879
|
+
arrayForEach(hooks, hook => {
|
|
870
880
|
hook.call(DOMPurify, currentNode, data, CONFIG);
|
|
871
881
|
});
|
|
872
882
|
}
|
|
@@ -882,7 +892,7 @@
|
|
|
882
892
|
const _sanitizeElements = function _sanitizeElements(currentNode) {
|
|
883
893
|
let content = null;
|
|
884
894
|
/* Execute a hook if present */
|
|
885
|
-
|
|
895
|
+
_executeHooks(hooks.beforeSanitizeElements, currentNode, null);
|
|
886
896
|
/* Check if element is clobbered or can clobber */
|
|
887
897
|
if (_isClobbered(currentNode)) {
|
|
888
898
|
_forceRemove(currentNode);
|
|
@@ -891,7 +901,7 @@
|
|
|
891
901
|
/* Now let's check the element's type and name */
|
|
892
902
|
const tagName = transformCaseFunc(currentNode.nodeName);
|
|
893
903
|
/* Execute a hook if present */
|
|
894
|
-
|
|
904
|
+
_executeHooks(hooks.uponSanitizeElement, currentNode, {
|
|
895
905
|
tagName,
|
|
896
906
|
allowedTags: ALLOWED_TAGS
|
|
897
907
|
});
|
|
@@ -962,7 +972,7 @@
|
|
|
962
972
|
}
|
|
963
973
|
}
|
|
964
974
|
/* Execute a hook if present */
|
|
965
|
-
|
|
975
|
+
_executeHooks(hooks.afterSanitizeElements, currentNode, null);
|
|
966
976
|
return false;
|
|
967
977
|
};
|
|
968
978
|
/**
|
|
@@ -1023,7 +1033,7 @@
|
|
|
1023
1033
|
*/
|
|
1024
1034
|
const _sanitizeAttributes = function _sanitizeAttributes(currentNode) {
|
|
1025
1035
|
/* Execute a hook if present */
|
|
1026
|
-
|
|
1036
|
+
_executeHooks(hooks.beforeSanitizeAttributes, currentNode, null);
|
|
1027
1037
|
const {
|
|
1028
1038
|
attributes
|
|
1029
1039
|
} = currentNode;
|
|
@@ -1054,7 +1064,7 @@
|
|
|
1054
1064
|
hookEvent.attrValue = value;
|
|
1055
1065
|
hookEvent.keepAttr = true;
|
|
1056
1066
|
hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set
|
|
1057
|
-
|
|
1067
|
+
_executeHooks(hooks.uponSanitizeAttribute, currentNode, hookEvent);
|
|
1058
1068
|
value = hookEvent.attrValue;
|
|
1059
1069
|
/* Full DOM Clobbering protection via namespace isolation,
|
|
1060
1070
|
* Prefix id and name attributes with `user-content-`
|
|
@@ -1129,7 +1139,7 @@
|
|
|
1129
1139
|
} catch (_) {}
|
|
1130
1140
|
}
|
|
1131
1141
|
/* Execute a hook if present */
|
|
1132
|
-
|
|
1142
|
+
_executeHooks(hooks.afterSanitizeAttributes, currentNode, null);
|
|
1133
1143
|
};
|
|
1134
1144
|
/**
|
|
1135
1145
|
* _sanitizeShadowDOM
|
|
@@ -1140,10 +1150,10 @@
|
|
|
1140
1150
|
let shadowNode = null;
|
|
1141
1151
|
const shadowIterator = _createNodeIterator(fragment);
|
|
1142
1152
|
/* Execute a hook if present */
|
|
1143
|
-
|
|
1153
|
+
_executeHooks(hooks.beforeSanitizeShadowDOM, fragment, null);
|
|
1144
1154
|
while (shadowNode = shadowIterator.nextNode()) {
|
|
1145
1155
|
/* Execute a hook if present */
|
|
1146
|
-
|
|
1156
|
+
_executeHooks(hooks.uponSanitizeShadowNode, shadowNode, null);
|
|
1147
1157
|
/* Sanitize tags and elements */
|
|
1148
1158
|
if (_sanitizeElements(shadowNode)) {
|
|
1149
1159
|
continue;
|
|
@@ -1156,7 +1166,7 @@
|
|
|
1156
1166
|
_sanitizeAttributes(shadowNode);
|
|
1157
1167
|
}
|
|
1158
1168
|
/* Execute a hook if present */
|
|
1159
|
-
|
|
1169
|
+
_executeHooks(hooks.afterSanitizeShadowDOM, fragment, null);
|
|
1160
1170
|
};
|
|
1161
1171
|
// eslint-disable-next-line complexity
|
|
1162
1172
|
DOMPurify.sanitize = function (dirty) {
|
|
@@ -1314,21 +1324,16 @@
|
|
|
1314
1324
|
if (typeof hookFunction !== 'function') {
|
|
1315
1325
|
return;
|
|
1316
1326
|
}
|
|
1317
|
-
hooks[entryPoint] = hooks[entryPoint] || [];
|
|
1318
1327
|
arrayPush(hooks[entryPoint], hookFunction);
|
|
1319
1328
|
};
|
|
1320
1329
|
DOMPurify.removeHook = function (entryPoint) {
|
|
1321
|
-
|
|
1322
|
-
return arrayPop(hooks[entryPoint]);
|
|
1323
|
-
}
|
|
1330
|
+
return arrayPop(hooks[entryPoint]);
|
|
1324
1331
|
};
|
|
1325
1332
|
DOMPurify.removeHooks = function (entryPoint) {
|
|
1326
|
-
|
|
1327
|
-
hooks[entryPoint] = [];
|
|
1328
|
-
}
|
|
1333
|
+
hooks[entryPoint] = [];
|
|
1329
1334
|
};
|
|
1330
1335
|
DOMPurify.removeAllHooks = function () {
|
|
1331
|
-
hooks =
|
|
1336
|
+
hooks = _createHooksMap();
|
|
1332
1337
|
};
|
|
1333
1338
|
return DOMPurify;
|
|
1334
1339
|
}
|
package/dist/purify.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"purify.js","sources":[],"sourcesContent":[],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"purify.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
|
package/dist/purify.min.js
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
/*! @license DOMPurify 3.2.
|
|
2
|
-
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).DOMPurify=t()}(this,(function(){"use strict";const{entries:e,setPrototypeOf:t,isFrozen:n,getPrototypeOf:o,getOwnPropertyDescriptor:r}=Object;let{freeze:i,seal:a,create:l}=Object,{apply:c,construct:s}="undefined"!=typeof Reflect&&Reflect;i||(i=function(e){return e}),a||(a=function(e){return e}),c||(c=function(e,t,n){return e.apply(t,n)}),s||(s=function(e,t){return new e(...t)});const u=b(Array.prototype.forEach),m=b(Array.prototype.pop),p=b(Array.prototype.push),f=b(String.prototype.toLowerCase),d=b(String.prototype.toString),h=b(String.prototype.match),g=b(String.prototype.replace),T=b(String.prototype.indexOf),y=b(String.prototype.trim),E=b(Object.prototype.hasOwnProperty),_=b(RegExp.prototype.test),A=(N=TypeError,function(){for(var e=arguments.length,t=new Array(e),n=0;n<e;n++)t[n]=arguments[n];return s(N,t)});var N;function b(e){return function(t){for(var n=arguments.length,o=new Array(n>1?n-1:0),r=1;r<n;r++)o[r-1]=arguments[r];return c(e,t,o)}}function S(e,o){let r=arguments.length>2&&void 0!==arguments[2]?arguments[2]:f;t&&t(e,null);let i=o.length;for(;i--;){let t=o[i];if("string"==typeof t){const e=r(t);e!==t&&(n(o)||(o[i]=e),t=e)}e[t]=!0}return e}function R(e){for(let t=0;t<e.length;t++){E(e,t)||(e[t]=null)}return e}function w(t){const n=l(null);for(const[o,r]of e(t)){E(t,o)&&(Array.isArray(r)?n[o]=R(r):r&&"object"==typeof r&&r.constructor===Object?n[o]=w(r):n[o]=r)}return n}function L(e,t){for(;null!==e;){const n=r(e,t);if(n){if(n.get)return b(n.get);if("function"==typeof n.value)return b(n.value)}e=o(e)}return function(){return null}}const v=i(["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dialog","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","picture","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr"]),C=i(["svg","a","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","style","switch","symbol","text","textpath","title","tref","tspan","view","vkern"]),O=i(["feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feDistantLight","feDropShadow","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feImage","feMerge","feMergeNode","feMorphology","feOffset","fePointLight","feSpecularLighting","feSpotLight","feTile","feTurbulence"]),D=i(["animate","color-profile","cursor","discard","font-face","font-face-format","font-face-name","font-face-src","font-face-uri","foreignobject","hatch","hatchpath","mesh","meshgradient","meshpatch","meshrow","missing-glyph","script","set","solidcolor","unknown","use"]),x=i(["math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmultiscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mspace","msqrt","mstyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover","mprescripts"]),k=i(["maction","maligngroup","malignmark","mlongdiv","mscarries","mscarry","msgroup","mstack","msline","msrow","semantics","annotation","annotation-xml","mprescripts","none"]),I=i(["#text"]),M=i(["accept","action","align","alt","autocapitalize","autocomplete","autopictureinpicture","autoplay","background","bgcolor","border","capture","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","controls","controlslist","coords","crossorigin","datetime","decoding","default","dir","disabled","disablepictureinpicture","disableremoteplayback","download","draggable","enctype","enterkeyhint","face","for","headers","height","hidden","high","href","hreflang","id","inputmode","integrity","ismap","kind","label","lang","list","loading","loop","low","max","maxlength","media","method","min","minlength","multiple","muted","name","nonce","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","playsinline","popover","popovertarget","popovertargetaction","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","sizes","span","srclang","start","src","srcset","step","style","summary","tabindex","title","translate","type","usemap","valign","value","width","wrap","xmlns","slot"]),U=i(["accent-height","accumulate","additive","alignment-baseline","amplitude","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","class","clip","clippathunits","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","exponent","fill","fill-opacity","fill-rule","filter","filterunits","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","height","href","id","image-rendering","in","in2","intercept","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lang","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","media","method","mode","min","name","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","preserveaspectratio","primitiveunits","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","slope","specularconstant","specularexponent","spreadmethod","startoffset","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","style","surfacescale","systemlanguage","tabindex","tablevalues","targetx","targety","transform","transform-origin","text-anchor","text-decoration","text-rendering","textlength","type","u1","u2","unicode","values","viewbox","visibility","version","vert-adv-y","vert-origin-x","vert-origin-y","width","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","xmlns","y","y1","y2","z","zoomandpan"]),P=i(["accent","accentunder","align","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","dir","display","displaystyle","encoding","fence","frame","height","href","id","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","width","xmlns"]),H=i(["xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]),F=a(/\{\{[\w\W]*|[\w\W]*\}\}/gm),z=a(/<%[\w\W]*|[\w\W]*%>/gm),B=a(/\${[\w\W]*}/gm),W=a(/^data-[\-\w.\u00B7-\uFFFF]/),G=a(/^aria-[\-\w]+$/),Y=a(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),j=a(/^(?:\w+script|data):/i),X=a(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),q=a(/^html$/i),K=a(/^[a-z][.\w]*(-[.\w]+)+$/i);var $=Object.freeze({__proto__:null,ARIA_ATTR:G,ATTR_WHITESPACE:X,CUSTOM_ELEMENT:K,DATA_ATTR:W,DOCTYPE_NAME:q,ERB_EXPR:z,IS_ALLOWED_URI:Y,IS_SCRIPT_OR_DATA:j,MUSTACHE_EXPR:F,TMPLIT_EXPR:B});const V=1,Z=3,J=7,Q=8,ee=9,te=function(){return"undefined"==typeof window?null:window};var ne=function t(){let n=arguments.length>0&&void 0!==arguments[0]?arguments[0]:te();const o=e=>t(e);if(o.version="3.2.1",o.removed=[],!n||!n.document||n.document.nodeType!==ee)return o.isSupported=!1,o;let{document:r}=n;const a=r,c=a.currentScript,{DocumentFragment:s,HTMLTemplateElement:N,Node:b,Element:R,NodeFilter:F,NamedNodeMap:z=n.NamedNodeMap||n.MozNamedAttrMap,HTMLFormElement:B,DOMParser:W,trustedTypes:G}=n,j=R.prototype,X=L(j,"cloneNode"),K=L(j,"remove"),ne=L(j,"nextSibling"),oe=L(j,"childNodes"),re=L(j,"parentNode");if("function"==typeof N){const e=r.createElement("template");e.content&&e.content.ownerDocument&&(r=e.content.ownerDocument)}let ie,ae="";const{implementation:le,createNodeIterator:ce,createDocumentFragment:se,getElementsByTagName:ue}=r,{importNode:me}=a;let pe={};o.isSupported="function"==typeof e&&"function"==typeof re&&le&&void 0!==le.createHTMLDocument;const{MUSTACHE_EXPR:fe,ERB_EXPR:de,TMPLIT_EXPR:he,DATA_ATTR:ge,ARIA_ATTR:Te,IS_SCRIPT_OR_DATA:ye,ATTR_WHITESPACE:Ee,CUSTOM_ELEMENT:_e}=$;let{IS_ALLOWED_URI:Ae}=$,Ne=null;const be=S({},[...v,...C,...O,...x,...I]);let Se=null;const Re=S({},[...M,...U,...P,...H]);let we=Object.seal(l(null,{tagNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},attributeNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},allowCustomizedBuiltInElements:{writable:!0,configurable:!1,enumerable:!0,value:!1}})),Le=null,ve=null,Ce=!0,Oe=!0,De=!1,xe=!0,ke=!1,Ie=!0,Me=!1,Ue=!1,Pe=!1,He=!1,Fe=!1,ze=!1,Be=!0,We=!1,Ge=!0,Ye=!1,je={},Xe=null;const qe=S({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","noscript","plaintext","script","style","svg","template","thead","title","video","xmp"]);let Ke=null;const $e=S({},["audio","video","img","source","image","track"]);let Ve=null;const Ze=S({},["alt","class","for","id","label","name","pattern","placeholder","role","summary","title","value","style","xmlns"]),Je="http://www.w3.org/1998/Math/MathML",Qe="http://www.w3.org/2000/svg",et="http://www.w3.org/1999/xhtml";let tt=et,nt=!1,ot=null;const rt=S({},[Je,Qe,et],d);let it=S({},["mi","mo","mn","ms","mtext"]),at=S({},["annotation-xml"]);const lt=S({},["title","style","font","a","script"]);let ct=null;const st=["application/xhtml+xml","text/html"];let ut=null,mt=null;const pt=r.createElement("form"),ft=function(e){return e instanceof RegExp||e instanceof Function},dt=function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};if(!mt||mt!==e){if(e&&"object"==typeof e||(e={}),e=w(e),ct=-1===st.indexOf(e.PARSER_MEDIA_TYPE)?"text/html":e.PARSER_MEDIA_TYPE,ut="application/xhtml+xml"===ct?d:f,Ne=E(e,"ALLOWED_TAGS")?S({},e.ALLOWED_TAGS,ut):be,Se=E(e,"ALLOWED_ATTR")?S({},e.ALLOWED_ATTR,ut):Re,ot=E(e,"ALLOWED_NAMESPACES")?S({},e.ALLOWED_NAMESPACES,d):rt,Ve=E(e,"ADD_URI_SAFE_ATTR")?S(w(Ze),e.ADD_URI_SAFE_ATTR,ut):Ze,Ke=E(e,"ADD_DATA_URI_TAGS")?S(w($e),e.ADD_DATA_URI_TAGS,ut):$e,Xe=E(e,"FORBID_CONTENTS")?S({},e.FORBID_CONTENTS,ut):qe,Le=E(e,"FORBID_TAGS")?S({},e.FORBID_TAGS,ut):{},ve=E(e,"FORBID_ATTR")?S({},e.FORBID_ATTR,ut):{},je=!!E(e,"USE_PROFILES")&&e.USE_PROFILES,Ce=!1!==e.ALLOW_ARIA_ATTR,Oe=!1!==e.ALLOW_DATA_ATTR,De=e.ALLOW_UNKNOWN_PROTOCOLS||!1,xe=!1!==e.ALLOW_SELF_CLOSE_IN_ATTR,ke=e.SAFE_FOR_TEMPLATES||!1,Ie=!1!==e.SAFE_FOR_XML,Me=e.WHOLE_DOCUMENT||!1,He=e.RETURN_DOM||!1,Fe=e.RETURN_DOM_FRAGMENT||!1,ze=e.RETURN_TRUSTED_TYPE||!1,Pe=e.FORCE_BODY||!1,Be=!1!==e.SANITIZE_DOM,We=e.SANITIZE_NAMED_PROPS||!1,Ge=!1!==e.KEEP_CONTENT,Ye=e.IN_PLACE||!1,Ae=e.ALLOWED_URI_REGEXP||Y,tt=e.NAMESPACE||et,it=e.MATHML_TEXT_INTEGRATION_POINTS||it,at=e.HTML_INTEGRATION_POINTS||at,we=e.CUSTOM_ELEMENT_HANDLING||{},e.CUSTOM_ELEMENT_HANDLING&&ft(e.CUSTOM_ELEMENT_HANDLING.tagNameCheck)&&(we.tagNameCheck=e.CUSTOM_ELEMENT_HANDLING.tagNameCheck),e.CUSTOM_ELEMENT_HANDLING&&ft(e.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)&&(we.attributeNameCheck=e.CUSTOM_ELEMENT_HANDLING.attributeNameCheck),e.CUSTOM_ELEMENT_HANDLING&&"boolean"==typeof e.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements&&(we.allowCustomizedBuiltInElements=e.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements),ke&&(Oe=!1),Fe&&(He=!0),je&&(Ne=S({},I),Se=[],!0===je.html&&(S(Ne,v),S(Se,M)),!0===je.svg&&(S(Ne,C),S(Se,U),S(Se,H)),!0===je.svgFilters&&(S(Ne,O),S(Se,U),S(Se,H)),!0===je.mathMl&&(S(Ne,x),S(Se,P),S(Se,H))),e.ADD_TAGS&&(Ne===be&&(Ne=w(Ne)),S(Ne,e.ADD_TAGS,ut)),e.ADD_ATTR&&(Se===Re&&(Se=w(Se)),S(Se,e.ADD_ATTR,ut)),e.ADD_URI_SAFE_ATTR&&S(Ve,e.ADD_URI_SAFE_ATTR,ut),e.FORBID_CONTENTS&&(Xe===qe&&(Xe=w(Xe)),S(Xe,e.FORBID_CONTENTS,ut)),Ge&&(Ne["#text"]=!0),Me&&S(Ne,["html","head","body"]),Ne.table&&(S(Ne,["tbody"]),delete Le.tbody),e.TRUSTED_TYPES_POLICY){if("function"!=typeof e.TRUSTED_TYPES_POLICY.createHTML)throw A('TRUSTED_TYPES_POLICY configuration option must provide a "createHTML" hook.');if("function"!=typeof e.TRUSTED_TYPES_POLICY.createScriptURL)throw A('TRUSTED_TYPES_POLICY configuration option must provide a "createScriptURL" hook.');ie=e.TRUSTED_TYPES_POLICY,ae=ie.createHTML("")}else void 0===ie&&(ie=function(e,t){if("object"!=typeof e||"function"!=typeof e.createPolicy)return null;let n=null;const o="data-tt-policy-suffix";t&&t.hasAttribute(o)&&(n=t.getAttribute(o));const r="dompurify"+(n?"#"+n:"");try{return e.createPolicy(r,{createHTML:e=>e,createScriptURL:e=>e})}catch(e){return console.warn("TrustedTypes policy "+r+" could not be created."),null}}(G,c)),null!==ie&&"string"==typeof ae&&(ae=ie.createHTML(""));i&&i(e),mt=e}},ht=S({},[...C,...O,...D]),gt=S({},[...x,...k]),Tt=function(e){p(o.removed,{element:e});try{re(e).removeChild(e)}catch(t){K(e)}},yt=function(e,t){try{p(o.removed,{attribute:t.getAttributeNode(e),from:t})}catch(e){p(o.removed,{attribute:null,from:t})}if(t.removeAttribute(e),"is"===e&&!Se[e])if(He||Fe)try{Tt(t)}catch(e){}else try{t.setAttribute(e,"")}catch(e){}},Et=function(e){let t=null,n=null;if(Pe)e="<remove></remove>"+e;else{const t=h(e,/^[\r\n\t ]+/);n=t&&t[0]}"application/xhtml+xml"===ct&&tt===et&&(e='<html xmlns="http://www.w3.org/1999/xhtml"><head></head><body>'+e+"</body></html>");const o=ie?ie.createHTML(e):e;if(tt===et)try{t=(new W).parseFromString(o,ct)}catch(e){}if(!t||!t.documentElement){t=le.createDocument(tt,"template",null);try{t.documentElement.innerHTML=nt?ae:o}catch(e){}}const i=t.body||t.documentElement;return e&&n&&i.insertBefore(r.createTextNode(n),i.childNodes[0]||null),tt===et?ue.call(t,Me?"html":"body")[0]:Me?t.documentElement:i},_t=function(e){return ce.call(e.ownerDocument||e,e,F.SHOW_ELEMENT|F.SHOW_COMMENT|F.SHOW_TEXT|F.SHOW_PROCESSING_INSTRUCTION|F.SHOW_CDATA_SECTION,null)},At=function(e){return e instanceof B&&("string"!=typeof e.nodeName||"string"!=typeof e.textContent||"function"!=typeof e.removeChild||!(e.attributes instanceof z)||"function"!=typeof e.removeAttribute||"function"!=typeof e.setAttribute||"string"!=typeof e.namespaceURI||"function"!=typeof e.insertBefore||"function"!=typeof e.hasChildNodes)},Nt=function(e){return"function"==typeof b&&e instanceof b};function bt(e,t,n){pe[e]&&u(pe[e],(e=>{e.call(o,t,n,mt)}))}const St=function(e){let t=null;if(bt("beforeSanitizeElements",e,null),At(e))return Tt(e),!0;const n=ut(e.nodeName);if(bt("uponSanitizeElement",e,{tagName:n,allowedTags:Ne}),e.hasChildNodes()&&!Nt(e.firstElementChild)&&_(/<[/\w]/g,e.innerHTML)&&_(/<[/\w]/g,e.textContent))return Tt(e),!0;if(e.nodeType===J)return Tt(e),!0;if(Ie&&e.nodeType===Q&&_(/<[/\w]/g,e.data))return Tt(e),!0;if(!Ne[n]||Le[n]){if(!Le[n]&&wt(n)){if(we.tagNameCheck instanceof RegExp&&_(we.tagNameCheck,n))return!1;if(we.tagNameCheck instanceof Function&&we.tagNameCheck(n))return!1}if(Ge&&!Xe[n]){const t=re(e)||e.parentNode,n=oe(e)||e.childNodes;if(n&&t){for(let o=n.length-1;o>=0;--o){const r=X(n[o],!0);r.__removalCount=(e.__removalCount||0)+1,t.insertBefore(r,ne(e))}}}return Tt(e),!0}return e instanceof R&&!function(e){let t=re(e);t&&t.tagName||(t={namespaceURI:tt,tagName:"template"});const n=f(e.tagName),o=f(t.tagName);return!!ot[e.namespaceURI]&&(e.namespaceURI===Qe?t.namespaceURI===et?"svg"===n:t.namespaceURI===Je?"svg"===n&&("annotation-xml"===o||it[o]):Boolean(ht[n]):e.namespaceURI===Je?t.namespaceURI===et?"math"===n:t.namespaceURI===Qe?"math"===n&&at[o]:Boolean(gt[n]):e.namespaceURI===et?!(t.namespaceURI===Qe&&!at[o])&&!(t.namespaceURI===Je&&!it[o])&&!gt[n]&&(lt[n]||!ht[n]):!("application/xhtml+xml"!==ct||!ot[e.namespaceURI]))}(e)?(Tt(e),!0):"noscript"!==n&&"noembed"!==n&&"noframes"!==n||!_(/<\/no(script|embed|frames)/i,e.innerHTML)?(ke&&e.nodeType===Z&&(t=e.textContent,u([fe,de,he],(e=>{t=g(t,e," ")})),e.textContent!==t&&(p(o.removed,{element:e.cloneNode()}),e.textContent=t)),bt("afterSanitizeElements",e,null),!1):(Tt(e),!0)},Rt=function(e,t,n){if(Be&&("id"===t||"name"===t)&&(n in r||n in pt))return!1;if(Oe&&!ve[t]&&_(ge,t));else if(Ce&&_(Te,t));else if(!Se[t]||ve[t]){if(!(wt(e)&&(we.tagNameCheck instanceof RegExp&&_(we.tagNameCheck,e)||we.tagNameCheck instanceof Function&&we.tagNameCheck(e))&&(we.attributeNameCheck instanceof RegExp&&_(we.attributeNameCheck,t)||we.attributeNameCheck instanceof Function&&we.attributeNameCheck(t))||"is"===t&&we.allowCustomizedBuiltInElements&&(we.tagNameCheck instanceof RegExp&&_(we.tagNameCheck,n)||we.tagNameCheck instanceof Function&&we.tagNameCheck(n))))return!1}else if(Ve[t]);else if(_(Ae,g(n,Ee,"")));else if("src"!==t&&"xlink:href"!==t&&"href"!==t||"script"===e||0!==T(n,"data:")||!Ke[e]){if(De&&!_(ye,g(n,Ee,"")));else if(n)return!1}else;return!0},wt=function(e){return"annotation-xml"!==e&&h(e,_e)},Lt=function(e){bt("beforeSanitizeAttributes",e,null);const{attributes:t}=e;if(!t)return;const n={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:Se,forceKeepAttr:void 0};let r=t.length;for(;r--;){const i=t[r],{name:a,namespaceURI:l,value:c}=i,s=ut(a);let p="value"===a?c:y(c);if(n.attrName=s,n.attrValue=p,n.keepAttr=!0,n.forceKeepAttr=void 0,bt("uponSanitizeAttribute",e,n),p=n.attrValue,!We||"id"!==s&&"name"!==s||(yt(a,e),p="user-content-"+p),Ie&&_(/((--!?|])>)|<\/(style|title)/i,p)){yt(a,e);continue}if(n.forceKeepAttr)continue;if(yt(a,e),!n.keepAttr)continue;if(!xe&&_(/\/>/i,p)){yt(a,e);continue}ke&&u([fe,de,he],(e=>{p=g(p,e," ")}));const f=ut(e.nodeName);if(Rt(f,s,p)){if(ie&&"object"==typeof G&&"function"==typeof G.getAttributeType)if(l);else switch(G.getAttributeType(f,s)){case"TrustedHTML":p=ie.createHTML(p);break;case"TrustedScriptURL":p=ie.createScriptURL(p)}try{l?e.setAttributeNS(l,a,p):e.setAttribute(a,p),At(e)?Tt(e):m(o.removed)}catch(e){}}}bt("afterSanitizeAttributes",e,null)},vt=function e(t){let n=null;const o=_t(t);for(bt("beforeSanitizeShadowDOM",t,null);n=o.nextNode();)bt("uponSanitizeShadowNode",n,null),St(n)||(n.content instanceof s&&e(n.content),Lt(n));bt("afterSanitizeShadowDOM",t,null)};return o.sanitize=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=null,r=null,i=null,l=null;if(nt=!e,nt&&(e="\x3c!--\x3e"),"string"!=typeof e&&!Nt(e)){if("function"!=typeof e.toString)throw A("toString is not a function");if("string"!=typeof(e=e.toString()))throw A("dirty is not a string, aborting")}if(!o.isSupported)return e;if(Ue||dt(t),o.removed=[],"string"==typeof e&&(Ye=!1),Ye){if(e.nodeName){const t=ut(e.nodeName);if(!Ne[t]||Le[t])throw A("root node is forbidden and cannot be sanitized in-place")}}else if(e instanceof b)n=Et("\x3c!----\x3e"),r=n.ownerDocument.importNode(e,!0),r.nodeType===V&&"BODY"===r.nodeName||"HTML"===r.nodeName?n=r:n.appendChild(r);else{if(!He&&!ke&&!Me&&-1===e.indexOf("<"))return ie&&ze?ie.createHTML(e):e;if(n=Et(e),!n)return He?null:ze?ae:""}n&&Pe&&Tt(n.firstChild);const c=_t(Ye?e:n);for(;i=c.nextNode();)St(i)||(i.content instanceof s&&vt(i.content),Lt(i));if(Ye)return e;if(He){if(Fe)for(l=se.call(n.ownerDocument);n.firstChild;)l.appendChild(n.firstChild);else l=n;return(Se.shadowroot||Se.shadowrootmode)&&(l=me.call(a,l,!0)),l}let m=Me?n.outerHTML:n.innerHTML;return Me&&Ne["!doctype"]&&n.ownerDocument&&n.ownerDocument.doctype&&n.ownerDocument.doctype.name&&_(q,n.ownerDocument.doctype.name)&&(m="<!DOCTYPE "+n.ownerDocument.doctype.name+">\n"+m),ke&&u([fe,de,he],(e=>{m=g(m,e," ")})),ie&&ze?ie.createHTML(m):m},o.setConfig=function(){dt(arguments.length>0&&void 0!==arguments[0]?arguments[0]:{}),Ue=!0},o.clearConfig=function(){mt=null,Ue=!1},o.isValidAttribute=function(e,t,n){mt||dt({});const o=ut(e),r=ut(t);return Rt(o,r,n)},o.addHook=function(e,t){"function"==typeof t&&(pe[e]=pe[e]||[],p(pe[e],t))},o.removeHook=function(e){if(pe[e])return m(pe[e])},o.removeHooks=function(e){pe[e]&&(pe[e]=[])},o.removeAllHooks=function(){pe={}},o}();return ne}));
|
|
1
|
+
/*! @license DOMPurify 3.2.2 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.2.2/LICENSE */
|
|
2
|
+
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).DOMPurify=t()}(this,(function(){"use strict";const{entries:e,setPrototypeOf:t,isFrozen:n,getPrototypeOf:o,getOwnPropertyDescriptor:r}=Object;let{freeze:i,seal:a,create:l}=Object,{apply:c,construct:s}="undefined"!=typeof Reflect&&Reflect;i||(i=function(e){return e}),a||(a=function(e){return e}),c||(c=function(e,t,n){return e.apply(t,n)}),s||(s=function(e,t){return new e(...t)});const u=b(Array.prototype.forEach),m=b(Array.prototype.pop),p=b(Array.prototype.push),f=b(String.prototype.toLowerCase),d=b(String.prototype.toString),h=b(String.prototype.match),g=b(String.prototype.replace),T=b(String.prototype.indexOf),y=b(String.prototype.trim),E=b(Object.prototype.hasOwnProperty),A=b(RegExp.prototype.test),_=(S=TypeError,function(){for(var e=arguments.length,t=new Array(e),n=0;n<e;n++)t[n]=arguments[n];return s(S,t)});var S;function b(e){return function(t){for(var n=arguments.length,o=new Array(n>1?n-1:0),r=1;r<n;r++)o[r-1]=arguments[r];return c(e,t,o)}}function N(e,o){let r=arguments.length>2&&void 0!==arguments[2]?arguments[2]:f;t&&t(e,null);let i=o.length;for(;i--;){let t=o[i];if("string"==typeof t){const e=r(t);e!==t&&(n(o)||(o[i]=e),t=e)}e[t]=!0}return e}function R(e){for(let t=0;t<e.length;t++){E(e,t)||(e[t]=null)}return e}function w(t){const n=l(null);for(const[o,r]of e(t)){E(t,o)&&(Array.isArray(r)?n[o]=R(r):r&&"object"==typeof r&&r.constructor===Object?n[o]=w(r):n[o]=r)}return n}function O(e,t){for(;null!==e;){const n=r(e,t);if(n){if(n.get)return b(n.get);if("function"==typeof n.value)return b(n.value)}e=o(e)}return function(){return null}}const D=i(["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dialog","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","picture","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr"]),L=i(["svg","a","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","style","switch","symbol","text","textpath","title","tref","tspan","view","vkern"]),v=i(["feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feDistantLight","feDropShadow","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feImage","feMerge","feMergeNode","feMorphology","feOffset","fePointLight","feSpecularLighting","feSpotLight","feTile","feTurbulence"]),C=i(["animate","color-profile","cursor","discard","font-face","font-face-format","font-face-name","font-face-src","font-face-uri","foreignobject","hatch","hatchpath","mesh","meshgradient","meshpatch","meshrow","missing-glyph","script","set","solidcolor","unknown","use"]),x=i(["math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmultiscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mspace","msqrt","mstyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover","mprescripts"]),M=i(["maction","maligngroup","malignmark","mlongdiv","mscarries","mscarry","msgroup","mstack","msline","msrow","semantics","annotation","annotation-xml","mprescripts","none"]),k=i(["#text"]),I=i(["accept","action","align","alt","autocapitalize","autocomplete","autopictureinpicture","autoplay","background","bgcolor","border","capture","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","controls","controlslist","coords","crossorigin","datetime","decoding","default","dir","disabled","disablepictureinpicture","disableremoteplayback","download","draggable","enctype","enterkeyhint","face","for","headers","height","hidden","high","href","hreflang","id","inputmode","integrity","ismap","kind","label","lang","list","loading","loop","low","max","maxlength","media","method","min","minlength","multiple","muted","name","nonce","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","playsinline","popover","popovertarget","popovertargetaction","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","sizes","span","srclang","start","src","srcset","step","style","summary","tabindex","title","translate","type","usemap","valign","value","width","wrap","xmlns","slot"]),U=i(["accent-height","accumulate","additive","alignment-baseline","amplitude","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","class","clip","clippathunits","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","exponent","fill","fill-opacity","fill-rule","filter","filterunits","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","height","href","id","image-rendering","in","in2","intercept","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lang","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","media","method","mode","min","name","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","preserveaspectratio","primitiveunits","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","slope","specularconstant","specularexponent","spreadmethod","startoffset","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","style","surfacescale","systemlanguage","tabindex","tablevalues","targetx","targety","transform","transform-origin","text-anchor","text-decoration","text-rendering","textlength","type","u1","u2","unicode","values","viewbox","visibility","version","vert-adv-y","vert-origin-x","vert-origin-y","width","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","xmlns","y","y1","y2","z","zoomandpan"]),z=i(["accent","accentunder","align","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","dir","display","displaystyle","encoding","fence","frame","height","href","id","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","width","xmlns"]),P=i(["xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]),H=a(/\{\{[\w\W]*|[\w\W]*\}\}/gm),F=a(/<%[\w\W]*|[\w\W]*%>/gm),B=a(/\${[\w\W]*}/gm),W=a(/^data-[\-\w.\u00B7-\uFFFF]/),G=a(/^aria-[\-\w]+$/),Y=a(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),j=a(/^(?:\w+script|data):/i),X=a(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),q=a(/^html$/i),K=a(/^[a-z][.\w]*(-[.\w]+)+$/i);var $=Object.freeze({__proto__:null,ARIA_ATTR:G,ATTR_WHITESPACE:X,CUSTOM_ELEMENT:K,DATA_ATTR:W,DOCTYPE_NAME:q,ERB_EXPR:F,IS_ALLOWED_URI:Y,IS_SCRIPT_OR_DATA:j,MUSTACHE_EXPR:H,TMPLIT_EXPR:B});const V=1,Z=3,J=7,Q=8,ee=9,te=function(){return"undefined"==typeof window?null:window};var ne=function t(){let n=arguments.length>0&&void 0!==arguments[0]?arguments[0]:te();const o=e=>t(e);if(o.version="3.2.2",o.removed=[],!n||!n.document||n.document.nodeType!==ee)return o.isSupported=!1,o;let{document:r}=n;const a=r,c=a.currentScript,{DocumentFragment:s,HTMLTemplateElement:S,Node:b,Element:R,NodeFilter:H,NamedNodeMap:F=n.NamedNodeMap||n.MozNamedAttrMap,HTMLFormElement:B,DOMParser:W,trustedTypes:G}=n,j=R.prototype,X=O(j,"cloneNode"),K=O(j,"remove"),ne=O(j,"nextSibling"),oe=O(j,"childNodes"),re=O(j,"parentNode");if("function"==typeof S){const e=r.createElement("template");e.content&&e.content.ownerDocument&&(r=e.content.ownerDocument)}let ie,ae="";const{implementation:le,createNodeIterator:ce,createDocumentFragment:se,getElementsByTagName:ue}=r,{importNode:me}=a;let pe={afterSanitizeAttributes:[],afterSanitizeElements:[],afterSanitizeShadowDOM:[],beforeSanitizeAttributes:[],beforeSanitizeElements:[],beforeSanitizeShadowDOM:[],uponSanitizeAttribute:[],uponSanitizeElement:[],uponSanitizeShadowNode:[]};o.isSupported="function"==typeof e&&"function"==typeof re&&le&&void 0!==le.createHTMLDocument;const{MUSTACHE_EXPR:fe,ERB_EXPR:de,TMPLIT_EXPR:he,DATA_ATTR:ge,ARIA_ATTR:Te,IS_SCRIPT_OR_DATA:ye,ATTR_WHITESPACE:Ee,CUSTOM_ELEMENT:Ae}=$;let{IS_ALLOWED_URI:_e}=$,Se=null;const be=N({},[...D,...L,...v,...x,...k]);let Ne=null;const Re=N({},[...I,...U,...z,...P]);let we=Object.seal(l(null,{tagNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},attributeNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},allowCustomizedBuiltInElements:{writable:!0,configurable:!1,enumerable:!0,value:!1}})),Oe=null,De=null,Le=!0,ve=!0,Ce=!1,xe=!0,Me=!1,ke=!0,Ie=!1,Ue=!1,ze=!1,Pe=!1,He=!1,Fe=!1,Be=!0,We=!1,Ge=!0,Ye=!1,je={},Xe=null;const qe=N({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","noscript","plaintext","script","style","svg","template","thead","title","video","xmp"]);let Ke=null;const $e=N({},["audio","video","img","source","image","track"]);let Ve=null;const Ze=N({},["alt","class","for","id","label","name","pattern","placeholder","role","summary","title","value","style","xmlns"]),Je="http://www.w3.org/1998/Math/MathML",Qe="http://www.w3.org/2000/svg",et="http://www.w3.org/1999/xhtml";let tt=et,nt=!1,ot=null;const rt=N({},[Je,Qe,et],d);let it=N({},["mi","mo","mn","ms","mtext"]),at=N({},["annotation-xml"]);const lt=N({},["title","style","font","a","script"]);let ct=null;const st=["application/xhtml+xml","text/html"];let ut=null,mt=null;const pt=r.createElement("form"),ft=function(e){return e instanceof RegExp||e instanceof Function},dt=function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};if(!mt||mt!==e){if(e&&"object"==typeof e||(e={}),e=w(e),ct=-1===st.indexOf(e.PARSER_MEDIA_TYPE)?"text/html":e.PARSER_MEDIA_TYPE,ut="application/xhtml+xml"===ct?d:f,Se=E(e,"ALLOWED_TAGS")?N({},e.ALLOWED_TAGS,ut):be,Ne=E(e,"ALLOWED_ATTR")?N({},e.ALLOWED_ATTR,ut):Re,ot=E(e,"ALLOWED_NAMESPACES")?N({},e.ALLOWED_NAMESPACES,d):rt,Ve=E(e,"ADD_URI_SAFE_ATTR")?N(w(Ze),e.ADD_URI_SAFE_ATTR,ut):Ze,Ke=E(e,"ADD_DATA_URI_TAGS")?N(w($e),e.ADD_DATA_URI_TAGS,ut):$e,Xe=E(e,"FORBID_CONTENTS")?N({},e.FORBID_CONTENTS,ut):qe,Oe=E(e,"FORBID_TAGS")?N({},e.FORBID_TAGS,ut):{},De=E(e,"FORBID_ATTR")?N({},e.FORBID_ATTR,ut):{},je=!!E(e,"USE_PROFILES")&&e.USE_PROFILES,Le=!1!==e.ALLOW_ARIA_ATTR,ve=!1!==e.ALLOW_DATA_ATTR,Ce=e.ALLOW_UNKNOWN_PROTOCOLS||!1,xe=!1!==e.ALLOW_SELF_CLOSE_IN_ATTR,Me=e.SAFE_FOR_TEMPLATES||!1,ke=!1!==e.SAFE_FOR_XML,Ie=e.WHOLE_DOCUMENT||!1,Pe=e.RETURN_DOM||!1,He=e.RETURN_DOM_FRAGMENT||!1,Fe=e.RETURN_TRUSTED_TYPE||!1,ze=e.FORCE_BODY||!1,Be=!1!==e.SANITIZE_DOM,We=e.SANITIZE_NAMED_PROPS||!1,Ge=!1!==e.KEEP_CONTENT,Ye=e.IN_PLACE||!1,_e=e.ALLOWED_URI_REGEXP||Y,tt=e.NAMESPACE||et,it=e.MATHML_TEXT_INTEGRATION_POINTS||it,at=e.HTML_INTEGRATION_POINTS||at,we=e.CUSTOM_ELEMENT_HANDLING||{},e.CUSTOM_ELEMENT_HANDLING&&ft(e.CUSTOM_ELEMENT_HANDLING.tagNameCheck)&&(we.tagNameCheck=e.CUSTOM_ELEMENT_HANDLING.tagNameCheck),e.CUSTOM_ELEMENT_HANDLING&&ft(e.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)&&(we.attributeNameCheck=e.CUSTOM_ELEMENT_HANDLING.attributeNameCheck),e.CUSTOM_ELEMENT_HANDLING&&"boolean"==typeof e.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements&&(we.allowCustomizedBuiltInElements=e.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements),Me&&(ve=!1),He&&(Pe=!0),je&&(Se=N({},k),Ne=[],!0===je.html&&(N(Se,D),N(Ne,I)),!0===je.svg&&(N(Se,L),N(Ne,U),N(Ne,P)),!0===je.svgFilters&&(N(Se,v),N(Ne,U),N(Ne,P)),!0===je.mathMl&&(N(Se,x),N(Ne,z),N(Ne,P))),e.ADD_TAGS&&(Se===be&&(Se=w(Se)),N(Se,e.ADD_TAGS,ut)),e.ADD_ATTR&&(Ne===Re&&(Ne=w(Ne)),N(Ne,e.ADD_ATTR,ut)),e.ADD_URI_SAFE_ATTR&&N(Ve,e.ADD_URI_SAFE_ATTR,ut),e.FORBID_CONTENTS&&(Xe===qe&&(Xe=w(Xe)),N(Xe,e.FORBID_CONTENTS,ut)),Ge&&(Se["#text"]=!0),Ie&&N(Se,["html","head","body"]),Se.table&&(N(Se,["tbody"]),delete Oe.tbody),e.TRUSTED_TYPES_POLICY){if("function"!=typeof e.TRUSTED_TYPES_POLICY.createHTML)throw _('TRUSTED_TYPES_POLICY configuration option must provide a "createHTML" hook.');if("function"!=typeof e.TRUSTED_TYPES_POLICY.createScriptURL)throw _('TRUSTED_TYPES_POLICY configuration option must provide a "createScriptURL" hook.');ie=e.TRUSTED_TYPES_POLICY,ae=ie.createHTML("")}else void 0===ie&&(ie=function(e,t){if("object"!=typeof e||"function"!=typeof e.createPolicy)return null;let n=null;const o="data-tt-policy-suffix";t&&t.hasAttribute(o)&&(n=t.getAttribute(o));const r="dompurify"+(n?"#"+n:"");try{return e.createPolicy(r,{createHTML:e=>e,createScriptURL:e=>e})}catch(e){return console.warn("TrustedTypes policy "+r+" could not be created."),null}}(G,c)),null!==ie&&"string"==typeof ae&&(ae=ie.createHTML(""));i&&i(e),mt=e}},ht=N({},[...L,...v,...C]),gt=N({},[...x,...M]),Tt=function(e){p(o.removed,{element:e});try{re(e).removeChild(e)}catch(t){K(e)}},yt=function(e,t){try{p(o.removed,{attribute:t.getAttributeNode(e),from:t})}catch(e){p(o.removed,{attribute:null,from:t})}if(t.removeAttribute(e),"is"===e)if(Pe||He)try{Tt(t)}catch(e){}else try{t.setAttribute(e,"")}catch(e){}},Et=function(e){let t=null,n=null;if(ze)e="<remove></remove>"+e;else{const t=h(e,/^[\r\n\t ]+/);n=t&&t[0]}"application/xhtml+xml"===ct&&tt===et&&(e='<html xmlns="http://www.w3.org/1999/xhtml"><head></head><body>'+e+"</body></html>");const o=ie?ie.createHTML(e):e;if(tt===et)try{t=(new W).parseFromString(o,ct)}catch(e){}if(!t||!t.documentElement){t=le.createDocument(tt,"template",null);try{t.documentElement.innerHTML=nt?ae:o}catch(e){}}const i=t.body||t.documentElement;return e&&n&&i.insertBefore(r.createTextNode(n),i.childNodes[0]||null),tt===et?ue.call(t,Ie?"html":"body")[0]:Ie?t.documentElement:i},At=function(e){return ce.call(e.ownerDocument||e,e,H.SHOW_ELEMENT|H.SHOW_COMMENT|H.SHOW_TEXT|H.SHOW_PROCESSING_INSTRUCTION|H.SHOW_CDATA_SECTION,null)},_t=function(e){return e instanceof B&&("string"!=typeof e.nodeName||"string"!=typeof e.textContent||"function"!=typeof e.removeChild||!(e.attributes instanceof F)||"function"!=typeof e.removeAttribute||"function"!=typeof e.setAttribute||"string"!=typeof e.namespaceURI||"function"!=typeof e.insertBefore||"function"!=typeof e.hasChildNodes)},St=function(e){return"function"==typeof b&&e instanceof b};function bt(e,t,n){u(e,(e=>{e.call(o,t,n,mt)}))}const Nt=function(e){let t=null;if(bt(pe.beforeSanitizeElements,e,null),_t(e))return Tt(e),!0;const n=ut(e.nodeName);if(bt(pe.uponSanitizeElement,e,{tagName:n,allowedTags:Se}),e.hasChildNodes()&&!St(e.firstElementChild)&&A(/<[/\w]/g,e.innerHTML)&&A(/<[/\w]/g,e.textContent))return Tt(e),!0;if(e.nodeType===J)return Tt(e),!0;if(ke&&e.nodeType===Q&&A(/<[/\w]/g,e.data))return Tt(e),!0;if(!Se[n]||Oe[n]){if(!Oe[n]&&wt(n)){if(we.tagNameCheck instanceof RegExp&&A(we.tagNameCheck,n))return!1;if(we.tagNameCheck instanceof Function&&we.tagNameCheck(n))return!1}if(Ge&&!Xe[n]){const t=re(e)||e.parentNode,n=oe(e)||e.childNodes;if(n&&t){for(let o=n.length-1;o>=0;--o){const r=X(n[o],!0);r.__removalCount=(e.__removalCount||0)+1,t.insertBefore(r,ne(e))}}}return Tt(e),!0}return e instanceof R&&!function(e){let t=re(e);t&&t.tagName||(t={namespaceURI:tt,tagName:"template"});const n=f(e.tagName),o=f(t.tagName);return!!ot[e.namespaceURI]&&(e.namespaceURI===Qe?t.namespaceURI===et?"svg"===n:t.namespaceURI===Je?"svg"===n&&("annotation-xml"===o||it[o]):Boolean(ht[n]):e.namespaceURI===Je?t.namespaceURI===et?"math"===n:t.namespaceURI===Qe?"math"===n&&at[o]:Boolean(gt[n]):e.namespaceURI===et?!(t.namespaceURI===Qe&&!at[o])&&!(t.namespaceURI===Je&&!it[o])&&!gt[n]&&(lt[n]||!ht[n]):!("application/xhtml+xml"!==ct||!ot[e.namespaceURI]))}(e)?(Tt(e),!0):"noscript"!==n&&"noembed"!==n&&"noframes"!==n||!A(/<\/no(script|embed|frames)/i,e.innerHTML)?(Me&&e.nodeType===Z&&(t=e.textContent,u([fe,de,he],(e=>{t=g(t,e," ")})),e.textContent!==t&&(p(o.removed,{element:e.cloneNode()}),e.textContent=t)),bt(pe.afterSanitizeElements,e,null),!1):(Tt(e),!0)},Rt=function(e,t,n){if(Be&&("id"===t||"name"===t)&&(n in r||n in pt))return!1;if(ve&&!De[t]&&A(ge,t));else if(Le&&A(Te,t));else if(!Ne[t]||De[t]){if(!(wt(e)&&(we.tagNameCheck instanceof RegExp&&A(we.tagNameCheck,e)||we.tagNameCheck instanceof Function&&we.tagNameCheck(e))&&(we.attributeNameCheck instanceof RegExp&&A(we.attributeNameCheck,t)||we.attributeNameCheck instanceof Function&&we.attributeNameCheck(t))||"is"===t&&we.allowCustomizedBuiltInElements&&(we.tagNameCheck instanceof RegExp&&A(we.tagNameCheck,n)||we.tagNameCheck instanceof Function&&we.tagNameCheck(n))))return!1}else if(Ve[t]);else if(A(_e,g(n,Ee,"")));else if("src"!==t&&"xlink:href"!==t&&"href"!==t||"script"===e||0!==T(n,"data:")||!Ke[e]){if(Ce&&!A(ye,g(n,Ee,"")));else if(n)return!1}else;return!0},wt=function(e){return"annotation-xml"!==e&&h(e,Ae)},Ot=function(e){bt(pe.beforeSanitizeAttributes,e,null);const{attributes:t}=e;if(!t)return;const n={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:Ne,forceKeepAttr:void 0};let r=t.length;for(;r--;){const i=t[r],{name:a,namespaceURI:l,value:c}=i,s=ut(a);let p="value"===a?c:y(c);if(n.attrName=s,n.attrValue=p,n.keepAttr=!0,n.forceKeepAttr=void 0,bt(pe.uponSanitizeAttribute,e,n),p=n.attrValue,!We||"id"!==s&&"name"!==s||(yt(a,e),p="user-content-"+p),ke&&A(/((--!?|])>)|<\/(style|title)/i,p)){yt(a,e);continue}if(n.forceKeepAttr)continue;if(yt(a,e),!n.keepAttr)continue;if(!xe&&A(/\/>/i,p)){yt(a,e);continue}Me&&u([fe,de,he],(e=>{p=g(p,e," ")}));const f=ut(e.nodeName);if(Rt(f,s,p)){if(ie&&"object"==typeof G&&"function"==typeof G.getAttributeType)if(l);else switch(G.getAttributeType(f,s)){case"TrustedHTML":p=ie.createHTML(p);break;case"TrustedScriptURL":p=ie.createScriptURL(p)}try{l?e.setAttributeNS(l,a,p):e.setAttribute(a,p),_t(e)?Tt(e):m(o.removed)}catch(e){}}}bt(pe.afterSanitizeAttributes,e,null)},Dt=function e(t){let n=null;const o=At(t);for(bt(pe.beforeSanitizeShadowDOM,t,null);n=o.nextNode();)bt(pe.uponSanitizeShadowNode,n,null),Nt(n)||(n.content instanceof s&&e(n.content),Ot(n));bt(pe.afterSanitizeShadowDOM,t,null)};return o.sanitize=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=null,r=null,i=null,l=null;if(nt=!e,nt&&(e="\x3c!--\x3e"),"string"!=typeof e&&!St(e)){if("function"!=typeof e.toString)throw _("toString is not a function");if("string"!=typeof(e=e.toString()))throw _("dirty is not a string, aborting")}if(!o.isSupported)return e;if(Ue||dt(t),o.removed=[],"string"==typeof e&&(Ye=!1),Ye){if(e.nodeName){const t=ut(e.nodeName);if(!Se[t]||Oe[t])throw _("root node is forbidden and cannot be sanitized in-place")}}else if(e instanceof b)n=Et("\x3c!----\x3e"),r=n.ownerDocument.importNode(e,!0),r.nodeType===V&&"BODY"===r.nodeName||"HTML"===r.nodeName?n=r:n.appendChild(r);else{if(!Pe&&!Me&&!Ie&&-1===e.indexOf("<"))return ie&&Fe?ie.createHTML(e):e;if(n=Et(e),!n)return Pe?null:Fe?ae:""}n&&ze&&Tt(n.firstChild);const c=At(Ye?e:n);for(;i=c.nextNode();)Nt(i)||(i.content instanceof s&&Dt(i.content),Ot(i));if(Ye)return e;if(Pe){if(He)for(l=se.call(n.ownerDocument);n.firstChild;)l.appendChild(n.firstChild);else l=n;return(Ne.shadowroot||Ne.shadowrootmode)&&(l=me.call(a,l,!0)),l}let m=Ie?n.outerHTML:n.innerHTML;return Ie&&Se["!doctype"]&&n.ownerDocument&&n.ownerDocument.doctype&&n.ownerDocument.doctype.name&&A(q,n.ownerDocument.doctype.name)&&(m="<!DOCTYPE "+n.ownerDocument.doctype.name+">\n"+m),Me&&u([fe,de,he],(e=>{m=g(m,e," ")})),ie&&Fe?ie.createHTML(m):m},o.setConfig=function(){dt(arguments.length>0&&void 0!==arguments[0]?arguments[0]:{}),Ue=!0},o.clearConfig=function(){mt=null,Ue=!1},o.isValidAttribute=function(e,t,n){mt||dt({});const o=ut(e),r=ut(t);return Rt(o,r,n)},o.addHook=function(e,t){"function"==typeof t&&p(pe[e],t)},o.removeHook=function(e){return m(pe[e])},o.removeHooks=function(e){pe[e]=[]},o.removeAllHooks=function(){pe={afterSanitizeAttributes:[],afterSanitizeElements:[],afterSanitizeShadowDOM:[],beforeSanitizeAttributes:[],beforeSanitizeElements:[],beforeSanitizeShadowDOM:[],uponSanitizeAttribute:[],uponSanitizeElement:[],uponSanitizeShadowNode:[]}},o}();return ne}));
|
|
3
3
|
//# sourceMappingURL=purify.min.js.map
|
package/package.json
CHANGED
|
@@ -7,10 +7,10 @@
|
|
|
7
7
|
"commit-amend-build": "scripts/commit-amend-build.sh",
|
|
8
8
|
"prebuild": "rimraf dist/**",
|
|
9
9
|
"dev": "cross-env NODE_ENV=development BABEL_ENV=rollup rollup -w -c -o dist/purify.js",
|
|
10
|
-
"build": "run-s build:types build:rollup build:fix-
|
|
10
|
+
"build": "run-s build:types build:rollup build:fix-types build:cleanup",
|
|
11
11
|
"build:types": "tsc --outDir dist/types --declaration --emitDeclarationOnly",
|
|
12
12
|
"build:rollup": "rollup -c",
|
|
13
|
-
"build:fix-
|
|
13
|
+
"build:fix-types": "node ./scripts/fix-types.js",
|
|
14
14
|
"build:umd": "rollup -c -f umd -o dist/purify.js",
|
|
15
15
|
"build:umd:min": "rollup -c -f umd -o dist/purify.min.js -p terser",
|
|
16
16
|
"build:es": "rollup -c -f es -o dist/purify.es.mjs",
|
|
@@ -103,6 +103,7 @@
|
|
|
103
103
|
"@rollup/plugin-replace": "^6.0.1",
|
|
104
104
|
"@rollup/plugin-terser": "^0.4.4",
|
|
105
105
|
"@types/estree": "^1.0.0",
|
|
106
|
+
"@types/node": "^16.18.120",
|
|
106
107
|
"cross-env": "^7.0.3",
|
|
107
108
|
"eslint-config-prettier": "^8.5.0",
|
|
108
109
|
"eslint-plugin-prettier": "^4.0.0",
|
|
@@ -135,7 +136,7 @@
|
|
|
135
136
|
},
|
|
136
137
|
"name": "dompurify",
|
|
137
138
|
"description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.",
|
|
138
|
-
"version": "3.2.
|
|
139
|
+
"version": "3.2.2",
|
|
139
140
|
"directories": {
|
|
140
141
|
"test": "test"
|
|
141
142
|
},
|