longdown 2023.4.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +10 -0
- package/README.md +77 -0
- package/bin/cli.js +3 -0
- package/lib/cli.js +120 -0
- package/lib/cljs-runtime/cljs.core.js +38285 -0
- package/lib/cljs-runtime/cljs.core.js.map +1 -0
- package/lib/cljs-runtime/cljs_env.js +1268 -0
- package/lib/cljs-runtime/clojure.string.js +477 -0
- package/lib/cljs-runtime/clojure.string.js.map +1 -0
- package/lib/cljs-runtime/clojure.tools.cli.js +1684 -0
- package/lib/cljs-runtime/clojure.tools.cli.js.map +1 -0
- package/lib/cljs-runtime/clojure.walk.js +131 -0
- package/lib/cljs-runtime/clojure.walk.js.map +1 -0
- package/lib/cljs-runtime/goog.array.array.js +658 -0
- package/lib/cljs-runtime/goog.array.array.js.map +9 -0
- package/lib/cljs-runtime/goog.asserts.asserts.js +131 -0
- package/lib/cljs-runtime/goog.asserts.asserts.js.map +9 -0
- package/lib/cljs-runtime/goog.asserts.dom.js +87 -0
- package/lib/cljs-runtime/goog.asserts.dom.js.map +9 -0
- package/lib/cljs-runtime/goog.base.js +1242 -0
- package/lib/cljs-runtime/goog.base.js.map +9 -0
- package/lib/cljs-runtime/goog.collections.maps.js +79 -0
- package/lib/cljs-runtime/goog.collections.maps.js.map +9 -0
- package/lib/cljs-runtime/goog.debug.error.js +29 -0
- package/lib/cljs-runtime/goog.debug.error.js.map +9 -0
- package/lib/cljs-runtime/goog.dom.asserts.js +39 -0
- package/lib/cljs-runtime/goog.dom.asserts.js.map +9 -0
- package/lib/cljs-runtime/goog.dom.element.js +67 -0
- package/lib/cljs-runtime/goog.dom.element.js.map +9 -0
- package/lib/cljs-runtime/goog.dom.htmlelement.js +6 -0
- package/lib/cljs-runtime/goog.dom.htmlelement.js.map +9 -0
- package/lib/cljs-runtime/goog.dom.nodetype.js +5 -0
- package/lib/cljs-runtime/goog.dom.nodetype.js.map +9 -0
- package/lib/cljs-runtime/goog.dom.safe.js +265 -0
- package/lib/cljs-runtime/goog.dom.safe.js.map +9 -0
- package/lib/cljs-runtime/goog.dom.tagname.js +146 -0
- package/lib/cljs-runtime/goog.dom.tagname.js.map +9 -0
- package/lib/cljs-runtime/goog.dom.tags.js +9 -0
- package/lib/cljs-runtime/goog.dom.tags.js.map +9 -0
- package/lib/cljs-runtime/goog.flags.flags.js +11 -0
- package/lib/cljs-runtime/goog.flags.flags.js.map +9 -0
- package/lib/cljs-runtime/goog.fs.blob.js +37 -0
- package/lib/cljs-runtime/goog.fs.blob.js.map +9 -0
- package/lib/cljs-runtime/goog.fs.url.js +36 -0
- package/lib/cljs-runtime/goog.fs.url.js.map +9 -0
- package/lib/cljs-runtime/goog.functions.functions.js +210 -0
- package/lib/cljs-runtime/goog.functions.functions.js.map +9 -0
- package/lib/cljs-runtime/goog.html.safehtml.js +306 -0
- package/lib/cljs-runtime/goog.html.safehtml.js.map +9 -0
- package/lib/cljs-runtime/goog.html.safescript.js +61 -0
- package/lib/cljs-runtime/goog.html.safescript.js.map +9 -0
- package/lib/cljs-runtime/goog.html.safestyle.js +170 -0
- package/lib/cljs-runtime/goog.html.safestyle.js.map +9 -0
- package/lib/cljs-runtime/goog.html.safestylesheet.js +93 -0
- package/lib/cljs-runtime/goog.html.safestylesheet.js.map +9 -0
- package/lib/cljs-runtime/goog.html.safeurl.js +225 -0
- package/lib/cljs-runtime/goog.html.safeurl.js.map +9 -0
- package/lib/cljs-runtime/goog.html.trustedresourceurl.js +113 -0
- package/lib/cljs-runtime/goog.html.trustedresourceurl.js.map +9 -0
- package/lib/cljs-runtime/goog.html.trustedtypes.js +15 -0
- package/lib/cljs-runtime/goog.html.trustedtypes.js.map +9 -0
- package/lib/cljs-runtime/goog.html.uncheckedconversions.js +43 -0
- package/lib/cljs-runtime/goog.html.uncheckedconversions.js.map +9 -0
- package/lib/cljs-runtime/goog.labs.useragent.browser.js +332 -0
- package/lib/cljs-runtime/goog.labs.useragent.browser.js.map +9 -0
- package/lib/cljs-runtime/goog.labs.useragent.highentropy.highentropydata.js +13 -0
- package/lib/cljs-runtime/goog.labs.useragent.highentropy.highentropydata.js.map +9 -0
- package/lib/cljs-runtime/goog.labs.useragent.highentropy.highentropyvalue.js +72 -0
- package/lib/cljs-runtime/goog.labs.useragent.highentropy.highentropyvalue.js.map +9 -0
- package/lib/cljs-runtime/goog.labs.useragent.useragent.js +20 -0
- package/lib/cljs-runtime/goog.labs.useragent.useragent.js.map +9 -0
- package/lib/cljs-runtime/goog.labs.useragent.util.js +77 -0
- package/lib/cljs-runtime/goog.labs.useragent.util.js.map +9 -0
- package/lib/cljs-runtime/goog.math.integer.js +425 -0
- package/lib/cljs-runtime/goog.math.integer.js.map +9 -0
- package/lib/cljs-runtime/goog.math.long.js +427 -0
- package/lib/cljs-runtime/goog.math.long.js.map +9 -0
- package/lib/cljs-runtime/goog.object.object.js +283 -0
- package/lib/cljs-runtime/goog.object.object.js.map +9 -0
- package/lib/cljs-runtime/goog.reflect.reflect.js +31 -0
- package/lib/cljs-runtime/goog.reflect.reflect.js.map +9 -0
- package/lib/cljs-runtime/goog.string.const.js +33 -0
- package/lib/cljs-runtime/goog.string.const.js.map +9 -0
- package/lib/cljs-runtime/goog.string.internal.js +118 -0
- package/lib/cljs-runtime/goog.string.internal.js.map +9 -0
- package/lib/cljs-runtime/goog.string.string.js +458 -0
- package/lib/cljs-runtime/goog.string.string.js.map +9 -0
- package/lib/cljs-runtime/goog.string.stringbuffer.js +31 -0
- package/lib/cljs-runtime/goog.string.stringbuffer.js.map +9 -0
- package/lib/cljs-runtime/goog.string.stringformat.js +74 -0
- package/lib/cljs-runtime/goog.string.stringformat.js.map +9 -0
- package/lib/cljs-runtime/goog.string.typedstring.js +8 -0
- package/lib/cljs-runtime/goog.string.typedstring.js.map +9 -0
- package/lib/cljs-runtime/goog.structs.structs.js +188 -0
- package/lib/cljs-runtime/goog.structs.structs.js.map +9 -0
- package/lib/cljs-runtime/goog.uri.uri.js +616 -0
- package/lib/cljs-runtime/goog.uri.uri.js.map +9 -0
- package/lib/cljs-runtime/goog.uri.utils.js +320 -0
- package/lib/cljs-runtime/goog.uri.utils.js.map +9 -0
- package/lib/cljs-runtime/longdown.cli.js +128 -0
- package/lib/cljs-runtime/longdown.cli.js.map +1 -0
- package/lib/cljs-runtime/longdown.lib.js +122 -0
- package/lib/cljs-runtime/longdown.lib.js.map +1 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$mdast_util_from_markdown.js +5 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$mdast_util_from_markdown.js.map +9 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$mdast_util_to_markdown$lib$unsafe.js +5 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$mdast_util_to_markdown$lib$unsafe.js.map +9 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$mdast_util_to_markdown.js +5 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$mdast_util_to_markdown.js.map +9 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$node_fs.js +5 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$node_fs.js.map +9 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$node_path.js +5 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$node_path.js.map +9 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$remark_parse.js +5 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$remark_parse.js.map +9 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$remark_stringify.js +5 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$remark_stringify.js.map +9 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$unified.js +5 -0
- package/lib/cljs-runtime/shadow.esm.esm_import$unified.js.map +9 -0
- package/lib/cljs-runtime/shadow.module.cli.append.js +1 -0
- package/lib/cljs-runtime/shadow.module.cli.prepend.js +17 -0
- package/lib/cljs-runtime/shadow.module.lib.append.js +1 -0
- package/lib/cljs-runtime/shadow.module.lib.prepend.js +2 -0
- package/lib/lib.js +8 -0
- package/package.json +33 -0
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version":3,
|
|
3
|
+
"file":"goog.functions.functions.js",
|
|
4
|
+
"lineCount":208,
|
|
5
|
+
"mappings":"AAoBAA,IAAKC,CAAAA,OAAL,CAAa,gBAAb,CAAA;AASAD,IAAKE,CAAAA,SAAUC,CAAAA,QAAf,GAA0BC,QAAQ,CAACC,QAAD,CAAW;AAE3C,SAAO,QAAQ,EAAG;AAEhB,WAAOA,QAAP;AAFgB,GAAlB;AAF2C,CAA7C;AAaAL,IAAKE,CAAAA,SAAUI,CAAAA,KAAf,GAAuBC,QAAQ,EAAG;AAEhC,SAAO,KAAP;AAFgC,CAAlC;AAUAP,IAAKE,CAAAA,SAAUM,CAAAA,IAAf,GAAsBC,QAAQ,EAAG;AAE/B,SAAO,IAAP;AAF+B,CAAjC;AAUAT,IAAKE,CAAAA,SAAUQ,CAAAA,IAAf,GAAsBC,QAAQ,EAAG;AAE/B,SAAO,IAAP;AAF+B,CAAjC;AAUAX,IAAKE,CAAAA,SAAUU,CAAAA,SAAf,GAA2BC,QAAQ,EAAG;AACpC,SAAOC,SAAP;AADoC,CAAtC;AAQAd,IAAKE,CAAAA,SAAUa,CAAAA,KAAf,GAAyCf,IAAKE,CAAAA,SAAUU,CAAAA,SAAxD;AAWAZ,IAAKE,CAAAA,SAAUc,CAAAA,QAAf,GAA0BC,QAAQ,CAACC,eAAD,EAAkBC,QAAlB,CAA4B;AAE5D,SAAOD,eAAP;AAF4D,CAA9D;AAWAlB,IAAKE,CAAAA,SAAUkB,CAAAA,KAAf,GAAuBC,QAAQ,CAACC,OAAD,CAAU;AAEvC,SAAO,QAAQ,EAAG;AAEhB,UAAM,IAAIC,KAAJ,CAAUD,OAAV,CAAN;AAFgB,GAAlB;AAFuC,CAAzC;AAcAtB,IAAKE,CAAAA,SAAUsB,CAAAA,IAAf,GAAsBC,QAAQ,CAACC,GAAD,CAAM;AAElC,SAAO,QAAQ,EAAG;AAEhB,UAAMA,GAAN;AAFgB,GAAlB;AAFkC,CAApC;AAiBA1B,IAAKE,CAAAA,SAAUyB,CAAAA,IAAf,GAAsBC,QAAQ,CAACC,CAAD,EAAIC,WAAJ,CAAiB;AAE7CA,aAAA,GAAcA,WAAd,IAA6B,CAA7B;AACA,SAAO,QAAQ,EAAG;AAEhB,UAAMC,OAAyB,IAA/B;AACA,WAAOF,CAAEG,CAAAA,KAAF,CAAQD,IAAR,EAAcE,KAAMC,CAAAA,SAAUC,CAAAA,KAAMC,CAAAA,IAAtB,CAA2BC,SAA3B,EAAsC,CAAtC,EAAyCP,WAAzC,CAAd,CAAP;AAHgB,GAAlB;AAH6C,CAA/C;AAgBA9B,IAAKE,CAAAA,SAAUoC,CAAAA,GAAf,GAAqBC,QAAQ,CAACC,CAAD,CAAI;AAE/B,SAAO,QAAQ,EAAG;AAEhB,WAAOH,SAAA,CAAUG,CAAV,CAAP;AAFgB,GAAlB;AAF+B,CAAjC;AAwBAxC,IAAKE,CAAAA,SAAUuC,CAAAA,YAAf,GAA8BC,QAAQ,CAACC,EAAD,EAAKxB,QAAL,CAAe;AAEnD,QAAMyB,YAAYX,KAAMC,CAAAA,SAAUC,CAAAA,KAAMC,CAAAA,IAAtB,CAA2BC,SAA3B,EAAsC,CAAtC,CAAlB;AACA,SAAO,QAAQ,EAAG;AAMhB,QAAIN,OAAyB,IAA7B;AACA,QAAIA,IAAJ,KAAa/B,IAAK6C,CAAAA,MAAlB;AACEd,UAAA,GAAOjB,SAAP;AADF;AAGA,UAAMgC,UAAUb,KAAMC,CAAAA,SAAUC,CAAAA,KAAMC,CAAAA,IAAtB,CAA2BC,SAA3B,CAAhB;AACAS,WAAQC,CAAAA,IAAKf,CAAAA,KAAb,CAAmBc,OAAnB,EAA4BF,SAA5B,CAAA;AACA,WAAOD,EAAGX,CAAAA,KAAH,CAASD,IAAT,EAAee,OAAf,CAAP;AAZgB,GAAlB;AAHmD,CAArD;AA4BA9C,IAAKE,CAAAA,SAAU8C,CAAAA,eAAf,GAAiCC,QAAQ,CAACpB,CAAD,EAAIxB,QAAJ,CAAc;AAErD,SAAOL,IAAKE,CAAAA,SAAUgD,CAAAA,QAAf,CAAwBrB,CAAxB,EAA2B7B,IAAKE,CAAAA,SAAUC,CAAAA,QAAf,CAAwBE,QAAxB,CAA3B,CAAP;AAFqD,CAAvD;AAiBAL,IAAKE,CAAAA,SAAUiD,CAAAA,OAAf,GAAyBC,QAAQ,CAACC,KAAD,EAAQC,sBAAR,CAAgC;AAE/D,SAAO,QAAQ,CAACC,KAAD,CAAQ;AAErB,WAAOD,sBAAA,GAA0BD,KAA1B,IAAmCE,KAAnC,GAA6CF,KAA7C,KAAuDE,KAA9D;AAFqB,GAAvB;AAF+D,CAAjE;AAiBAvD,IAAKE,CAAAA,SAAUsD,CAAAA,OAAf,GAAyBC,QAAQ,CAACd,EAAD,EAAKxB,QAAL,CAAe;AAE9C,QAAMjB,YAAYmC,SAAlB;AACA,QAAMqB,SAASxD,SAAUwD,CAAAA,MAAzB;AACA,SAAO,QAAQ,EAAG;AAEhB,UAAM3B,OAAyB,IAA/B;AACA,QAAI4B,MAAJ;AACA,QAAID,MAAJ;AACEC,YAAA,GAASzD,SAAA,CAAUwD,MAAV,GAAmB,CAAnB,CAAsB1B,CAAAA,KAAtB,CAA4BD,IAA5B,EAAkCM,SAAlC,CAAT;AADF;AAIA,SAAK,IAAIuB,IAAIF,MAAJE,GAAa,CAAtB,EAAyBA,CAAzB,IAA8B,CAA9B,EAAiCA,CAAA,EAAjC;AACED,YAAA,GAASzD,SAAA,CAAU0D,CAAV,CAAaxB,CAAAA,IAAb,CAAkBL,IAAlB,EAAwB4B,MAAxB,CAAT;AADF;AAGA,WAAOA,MAAP;AAXgB,GAAlB;AAJ8C,CAAhD;AA2BA3D,IAAKE,CAAAA,SAAUgD,CAAAA,QAAf,GAA0BW,QAAQ,CAAC1C,QAAD,CAAW;AAE3C,QAAMjB,YAAYmC,SAAlB;AACA,QAAMqB,SAASxD,SAAUwD,CAAAA,MAAzB;AACA,SAAO,QAAQ,EAAG;AAEhB,UAAM3B,OAAyB,IAA/B;AACA,QAAI4B,MAAJ;AACA,SAAK,IAAIC,IAAI,CAAb,EAAgBA,CAAhB,GAAoBF,MAApB,EAA4BE,CAAA,EAA5B;AACED,YAAA,GAASzD,SAAA,CAAU0D,CAAV,CAAa5B,CAAAA,KAAb,CAAmBD,IAAnB,EAAyBM,SAAzB,CAAT;AADF;AAGA,WAAOsB,MAAP;AAPgB,GAAlB;AAJ2C,CAA7C;AAyBA3D,IAAKE,CAAAA,SAAU4D,CAAAA,GAAf,GAAqBC,QAAQ,CAAC5C,QAAD,CAAW;AAEtC,QAAMjB,YAAYmC,SAAlB;AACA,QAAMqB,SAASxD,SAAUwD,CAAAA,MAAzB;AACA,SAAO,QAAQ,EAAG;AAEhB,UAAM3B,OAAyB,IAA/B;AACA,SAAK,IAAI6B,IAAI,CAAb,EAAgBA,CAAhB,GAAoBF,MAApB,EAA4BE,CAAA,EAA5B;AACE,UAAI,CAAC1D,SAAA,CAAU0D,CAAV,CAAa5B,CAAAA,KAAb,CAAmBD,IAAnB,EAAyBM,SAAzB,CAAL;AACE,eAAO,KAAP;AADF;AADF;AAKA,WAAO,IAAP;AARgB,GAAlB;AAJsC,CAAxC;AA0BArC,IAAKE,CAAAA,SAAU8D,CAAAA,EAAf,GAAoBC,QAAQ,CAAC9C,QAAD,CAAW;AAErC,QAAMjB,YAAYmC,SAAlB;AACA,QAAMqB,SAASxD,SAAUwD,CAAAA,MAAzB;AACA,SAAO,QAAQ,EAAG;AAEhB,UAAM3B,OAAyB,IAA/B;AACA,SAAK,IAAI6B,IAAI,CAAb,EAAgBA,CAAhB,GAAoBF,MAApB,EAA4BE,CAAA,EAA5B;AACE,UAAI1D,SAAA,CAAU0D,CAAV,CAAa5B,CAAAA,KAAb,CAAmBD,IAAnB,EAAyBM,SAAzB,CAAJ;AACE,eAAO,IAAP;AADF;AADF;AAKA,WAAO,KAAP;AARgB,GAAlB;AAJqC,CAAvC;AAwBArC,IAAKE,CAAAA,SAAUgE,CAAAA,GAAf,GAAqBC,QAAQ,CAACtC,CAAD,CAAI;AAE/B,SAAO,QAAQ,EAAG;AAEhB,UAAME,OAAyB,IAA/B;AACA,WAAO,CAACF,CAAEG,CAAAA,KAAF,CAAQD,IAAR,EAAcM,SAAd,CAAR;AAHgB,GAAlB;AAF+B,CAAjC;AAyBArC,IAAKE,CAAAA,SAAUkE,CAAAA,MAAf,GAAwBC,QAAQ,CAACC,WAAD,EAAcnD,QAAd,CAAwB;AAMtD,QAAMoD,OAAOA,QAAQ,EAAG;GAAxB;AACAA,MAAKrC,CAAAA,SAAL,GAAiBoC,WAAYpC,CAAAA,SAA7B;AAIA,QAAMsC,MAAM,IAAID,IAAJ,EAAZ;AAKAD,aAAYtC,CAAAA,KAAZ,CAAkBwC,GAAlB,EAAuBvC,KAAMC,CAAAA,SAAUC,CAAAA,KAAMC,CAAAA,IAAtB,CAA2BC,SAA3B,EAAsC,CAAtC,CAAvB,CAAA;AACA,SAAOmC,GAAP;AAjBsD,CAAxD;AAyBAxE,IAAKE,CAAAA,SAAUuE,CAAAA,kBAAf,GACIzE,IAAK0E,CAAAA,MAAL,CAAY,mCAAZ,EAAiD,IAAjD,CADJ;AAmBA1E,IAAKE,CAAAA,SAAUyE,CAAAA,gBAAf,GAAkCC,QAAQ,CAACjC,EAAD,CAAK;AAE7C,MAAIkC,SAAS,KAAb;AACA,MAAIxB,KAAJ;AAEA,SAAO,QAAQ,EAAG;AAEhB,QAAI,CAACrD,IAAKE,CAAAA,SAAUuE,CAAAA,kBAApB;AACE,aAAO9B,EAAA,EAAP;AADF;AAIA,QAAI,CAACkC,MAAL,CAAa;AACXxB,WAAA,GAAQV,EAAA,EAAR;AACAkC,YAAA,GAAS,IAAT;AAFW;AAKb,WAAOxB,KAAP;AAXgB,GAAlB;AAL6C,CAA/C;AA+BArD,IAAKE,CAAAA,SAAU4E,CAAAA,IAAf,GAAsBC,QAAQ,CAAClD,CAAD,CAAI;AAIhC,MAAImD,QAAQnD,CAAZ;AACA,SAAO,QAAQ,EAAG;AAEhB,QAAImD,KAAJ,CAAW;AACT,YAAMC,MAAMD,KAAZ;AACAA,WAAA,GAAQ,IAAR;AACAC,SAAA,EAAA;AAHS;AAFK,GAAlB;AALgC,CAAlC;AAoCAjF,IAAKE,CAAAA,SAAUgF,CAAAA,QAAf,GAA0BC,QAAQ,CAACtD,CAAD,EAAIuD,QAAJ,EAAcC,SAAd,CAAyB;AAEzD,MAAIC,UAAU,CAAd;AACA,SAAsC,QAAQ,CAACnE,QAAD,CAAW;AAEvDnB,QAAK6C,CAAAA,MAAO0C,CAAAA,YAAZ,CAAyBD,OAAzB,CAAA;AACA,UAAME,OAAOnD,SAAb;AACAiD,WAAA,GAAUtF,IAAK6C,CAAAA,MAAO4C,CAAAA,UAAZ,CAAuB,QAAQ,EAAG;AAE1C5D,OAAEG,CAAAA,KAAF,CAAQqD,SAAR,EAAmBG,IAAnB,CAAA;AAF0C,KAAlC,EAGPJ,QAHO,CAAV;AAJuD,GAAzD;AAHyD,CAA3D;AAgCApF,IAAKE,CAAAA,SAAUwF,CAAAA,QAAf,GAA0BC,QAAQ,CAAC9D,CAAD,EAAIuD,QAAJ,EAAcC,SAAd,CAAyB;AAEzD,MAAIC,UAAU,CAAd;AACA,MAAIM,aAAa,KAAjB;AACA,MAAIC,aAAa,EAAjB;AAEA,QAAMC,gBAAgBA,QAAQ,EAAG;AAE/BR,WAAA,GAAU,CAAV;AACA,QAAIM,UAAJ,CAAgB;AACdA,gBAAA,GAAa,KAAb;AACAG,UAAA,EAAA;AAFc;AAHe,GAAjC;AASA,QAAMA,OAAOA,QAAQ,EAAG;AAEtBT,WAAA,GAAUtF,IAAK6C,CAAAA,MAAO4C,CAAAA,UAAZ,CAAuBK,aAAvB,EAAsCV,QAAtC,CAAV;AACA,QAAII,OAAOK,UAAX;AACAA,cAAA,GAAa,EAAb;AACAhE,KAAEG,CAAAA,KAAF,CAAQqD,SAAR,EAAmBG,IAAnB,CAAA;AALsB,GAAxB;AAQA,SAAsC,QAAQ,CAACrE,QAAD,CAAW;AAEvD0E,cAAA,GAAaxD,SAAb;AACA,QAAI,CAACiD,OAAL;AACES,UAAA,EAAA;AADF;AAGEH,gBAAA,GAAa,IAAb;AAHF;AAHuD,GAAzD;AAvByD,CAA3D;AAqDA5F,IAAKE,CAAAA,SAAU8F,CAAAA,SAAf,GAA2BC,QAAQ,CAACpE,CAAD,EAAIuD,QAAJ,EAAcC,SAAd,CAAyB;AAE1D,MAAIC,UAAU,CAAd;AAEA,QAAMQ,gBAAgBA,QAAQ,EAAG;AAE/BR,WAAA,GAAU,CAAV;AAF+B,GAAjC;AAKA,SAAsC,QAAQ,CAACnE,QAAD,CAAW;AAEvD,QAAI,CAACmE,OAAL,CAAc;AACZA,aAAA,GAAUtF,IAAK6C,CAAAA,MAAO4C,CAAAA,UAAZ,CAAuBK,aAAvB,EAAsCV,QAAtC,CAAV;AACAvD,OAAEG,CAAAA,KAAF,CAAQqD,SAAR,EAAmBhD,SAAnB,CAAA;AAFY;AAFyC,GAAzD;AAT0D,CAA5D;AAuBArC,IAAKE,CAAAA,SAAUgG,CAAAA,UAAf,GAA6BC,GAADC,IAAS;AACnC,SAAO,MAAOD,IAAd,KAAsB,UAAtB;AADmC,CAArC;;",
|
|
6
|
+
"sources":["goog/functions/functions.js"],
|
|
7
|
+
"sourcesContent":["/**\n * @license\n * Copyright The Closure Library Authors.\n * SPDX-License-Identifier: Apache-2.0\n */\n\n/**\n * @fileoverview Utilities for creating functions. Loosely inspired by these\n * java classes from the Guava library:\n * com.google.common.base.Functions\n * https://google.github.io/guava/releases/snapshot-jre/api/docs/index.html?com/google/common/base/Functions.html\n *\n * com.google.common.base.Predicates\n * https://google.github.io/guava/releases/snapshot-jre/api/docs/index.html?com/google/common/base/Predicates.html\n *\n * More about these can be found at\n * https://github.com/google/guava/wiki/FunctionalExplained\n */\n\n\ngoog.provide('goog.functions');\n\n\n/**\n * Creates a function that always returns the same value.\n * @param {T} retValue The value to return.\n * @return {function():T} The new function.\n * @template T\n */\ngoog.functions.constant = function(retValue) {\n 'use strict';\n return function() {\n 'use strict';\n return retValue;\n };\n};\n\n\n/**\n * Always returns false.\n * @type {function(...): boolean}\n */\ngoog.functions.FALSE = function() {\n 'use strict';\n return false;\n};\n\n\n/**\n * Always returns true.\n * @type {function(...): boolean}\n */\ngoog.functions.TRUE = function() {\n 'use strict';\n return true;\n};\n\n\n/**\n * Always returns `null`.\n * @type {function(...): null}\n */\ngoog.functions.NULL = function() {\n 'use strict';\n return null;\n};\n\n\n/**\n * Always returns `undefined`.\n * @type {function(...): undefined}\n */\ngoog.functions.UNDEFINED = function() {\n return undefined;\n};\n\n/**\n * Always returns `undefined` (loosely-typed version).\n * @type {!Function}\n */\ngoog.functions.EMPTY = /** @type {?} */ (goog.functions.UNDEFINED);\n\n\n/**\n * A simple function that returns the first argument of whatever is passed\n * into it.\n * @param {T=} opt_returnValue The single value that will be returned.\n * @param {...*} var_args Optional trailing arguments. These are ignored.\n * @return {T} The first argument passed in, or undefined if nothing was passed.\n * @template T\n */\ngoog.functions.identity = function(opt_returnValue, var_args) {\n 'use strict';\n return opt_returnValue;\n};\n\n\n/**\n * Creates a function that always throws an error with the given message.\n * @param {string} message The error message.\n * @return {!Function} The error-throwing function.\n */\ngoog.functions.error = function(message) {\n 'use strict';\n return function() {\n 'use strict';\n throw new Error(message);\n };\n};\n\n\n/**\n * Creates a function that throws the given object.\n * @param {*} err An object to be thrown.\n * @return {!Function} The error-throwing function.\n */\ngoog.functions.fail = function(err) {\n 'use strict';\n return function() {\n 'use strict';\n throw err;\n };\n};\n\n\n/**\n * Given a function, create a function that keeps opt_numArgs arguments and\n * silently discards all additional arguments.\n * @param {Function} f The original function.\n * @param {number=} opt_numArgs The number of arguments to keep. Defaults to 0.\n * @return {!Function} A version of f that only keeps the first opt_numArgs\n * arguments.\n */\ngoog.functions.lock = function(f, opt_numArgs) {\n 'use strict';\n opt_numArgs = opt_numArgs || 0;\n return function() {\n 'use strict';\n const self = /** @type {*} */ (this);\n return f.apply(self, Array.prototype.slice.call(arguments, 0, opt_numArgs));\n };\n};\n\n\n/**\n * Creates a function that returns its nth argument.\n * @param {number} n The position of the return argument.\n * @return {!Function} A new function.\n */\ngoog.functions.nth = function(n) {\n 'use strict';\n return function() {\n 'use strict';\n return arguments[n];\n };\n};\n\n\n/**\n * Like goog.partial(), except that arguments are added after arguments to the\n * returned function.\n *\n * Usage:\n * function f(arg1, arg2, arg3, arg4) { ... }\n * var g = goog.functions.partialRight(f, arg3, arg4);\n * g(arg1, arg2);\n *\n * @param {!Function} fn A function to partially apply.\n * @param {...*} var_args Additional arguments that are partially applied to fn\n * at the end.\n * @return {!Function} A partially-applied form of the function goog.partial()\n * was invoked as a method of.\n */\ngoog.functions.partialRight = function(fn, var_args) {\n 'use strict';\n const rightArgs = Array.prototype.slice.call(arguments, 1);\n return function() {\n 'use strict';\n // Even in strict mode, IE10/11 and Edge (non-Chromium) use global context\n // when free-calling functions. To catch cases where people were using this\n // erroneously, we explicitly change the context to undefined to match\n // strict mode specifications.\n let self = /** @type {*} */ (this);\n if (self === goog.global) {\n self = undefined;\n }\n const newArgs = Array.prototype.slice.call(arguments);\n newArgs.push.apply(newArgs, rightArgs);\n return fn.apply(self, newArgs);\n };\n};\n\n\n/**\n * Given a function, create a new function that swallows its return value\n * and replaces it with a new one.\n * @param {Function} f A function.\n * @param {T} retValue A new return value.\n * @return {function(...?):T} A new function.\n * @template T\n */\ngoog.functions.withReturnValue = function(f, retValue) {\n 'use strict';\n return goog.functions.sequence(f, goog.functions.constant(retValue));\n};\n\n\n/**\n * Creates a function that returns whether its argument equals the given value.\n *\n * Example:\n * var key = goog.object.findKey(obj, goog.functions.equalTo('needle'));\n *\n * @param {*} value The value to compare to.\n * @param {boolean=} opt_useLooseComparison Whether to use a loose (==)\n * comparison rather than a strict (===) one. Defaults to false.\n * @return {function(*):boolean} The new function.\n */\ngoog.functions.equalTo = function(value, opt_useLooseComparison) {\n 'use strict';\n return function(other) {\n 'use strict';\n return opt_useLooseComparison ? (value == other) : (value === other);\n };\n};\n\n\n/**\n * Creates the composition of the functions passed in.\n * For example, (goog.functions.compose(f, g))(a) is equivalent to f(g(a)).\n * @param {function(...?):T} fn The final function.\n * @param {...Function} var_args A list of functions.\n * @return {function(...?):T} The composition of all inputs.\n * @template T\n */\ngoog.functions.compose = function(fn, var_args) {\n 'use strict';\n const functions = arguments;\n const length = functions.length;\n return function() {\n 'use strict';\n const self = /** @type {*} */ (this);\n let result;\n if (length) {\n result = functions[length - 1].apply(self, arguments);\n }\n\n for (let i = length - 2; i >= 0; i--) {\n result = functions[i].call(self, result);\n }\n return result;\n };\n};\n\n\n/**\n * Creates a function that calls the functions passed in in sequence, and\n * returns the value of the last function. For example,\n * (goog.functions.sequence(f, g))(x) is equivalent to f(x),g(x).\n * @param {...Function} var_args A list of functions.\n * @return {!Function} A function that calls all inputs in sequence.\n */\ngoog.functions.sequence = function(var_args) {\n 'use strict';\n const functions = arguments;\n const length = functions.length;\n return function() {\n 'use strict';\n const self = /** @type {*} */ (this);\n let result;\n for (let i = 0; i < length; i++) {\n result = functions[i].apply(self, arguments);\n }\n return result;\n };\n};\n\n\n/**\n * Creates a function that returns true if each of its components evaluates\n * to true. The components are evaluated in order, and the evaluation will be\n * short-circuited as soon as a function returns false.\n * For example, (goog.functions.and(f, g))(x) is equivalent to f(x) && g(x).\n * @param {...Function} var_args A list of functions.\n * @return {function(...?):boolean} A function that ANDs its component\n * functions.\n */\ngoog.functions.and = function(var_args) {\n 'use strict';\n const functions = arguments;\n const length = functions.length;\n return function() {\n 'use strict';\n const self = /** @type {*} */ (this);\n for (let i = 0; i < length; i++) {\n if (!functions[i].apply(self, arguments)) {\n return false;\n }\n }\n return true;\n };\n};\n\n\n/**\n * Creates a function that returns true if any of its components evaluates\n * to true. The components are evaluated in order, and the evaluation will be\n * short-circuited as soon as a function returns true.\n * For example, (goog.functions.or(f, g))(x) is equivalent to f(x) || g(x).\n * @param {...Function} var_args A list of functions.\n * @return {function(...?):boolean} A function that ORs its component\n * functions.\n */\ngoog.functions.or = function(var_args) {\n 'use strict';\n const functions = arguments;\n const length = functions.length;\n return function() {\n 'use strict';\n const self = /** @type {*} */ (this);\n for (let i = 0; i < length; i++) {\n if (functions[i].apply(self, arguments)) {\n return true;\n }\n }\n return false;\n };\n};\n\n\n/**\n * Creates a function that returns the Boolean opposite of a provided function.\n * For example, (goog.functions.not(f))(x) is equivalent to !f(x).\n * @param {!Function} f The original function.\n * @return {function(...?):boolean} A function that delegates to f and returns\n * opposite.\n */\ngoog.functions.not = function(f) {\n 'use strict';\n return function() {\n 'use strict';\n const self = /** @type {*} */ (this);\n return !f.apply(self, arguments);\n };\n};\n\n\n/**\n * Generic factory function to construct an object given the constructor\n * and the arguments. Intended to be bound to create object factories.\n *\n * Example:\n *\n * var factory = goog.partial(goog.functions.create, Class);\n *\n * @param {function(new:T, ...)} constructor The constructor for the Object.\n * @param {...*} var_args The arguments to be passed to the constructor.\n * @return {T} A new instance of the class given in `constructor`.\n * @template T\n * @deprecated This function does not work with ES6 class constructors. Use\n * arrow functions + spread args instead.\n */\ngoog.functions.create = function(constructor, var_args) {\n 'use strict';\n /**\n * @constructor\n * @final\n */\n const temp = function() {};\n temp.prototype = constructor.prototype;\n\n // obj will have constructor's prototype in its chain and\n // 'obj instanceof constructor' will be true.\n const obj = new temp();\n\n // obj is initialized by constructor.\n // arguments is only array-like so lacks shift(), but can be used with\n // the Array prototype function.\n constructor.apply(obj, Array.prototype.slice.call(arguments, 1));\n return obj;\n};\n\n\n/**\n * @define {boolean} Whether the return value cache should be used.\n * This should only be used to disable caches when testing.\n */\ngoog.functions.CACHE_RETURN_VALUE =\n goog.define('goog.functions.CACHE_RETURN_VALUE', true);\n\n\n/**\n * Gives a wrapper function that caches the return value of a parameterless\n * function when first called.\n *\n * When called for the first time, the given function is called and its\n * return value is cached (thus this is only appropriate for idempotent\n * functions). Subsequent calls will return the cached return value. This\n * allows the evaluation of expensive functions to be delayed until first used.\n *\n * To cache the return values of functions with parameters, see goog.memoize.\n *\n * @param {function():T} fn A function to lazily evaluate.\n * @return {function():T} A wrapped version the function.\n * @template T\n */\ngoog.functions.cacheReturnValue = function(fn) {\n 'use strict';\n let called = false;\n let value;\n\n return function() {\n 'use strict';\n if (!goog.functions.CACHE_RETURN_VALUE) {\n return fn();\n }\n\n if (!called) {\n value = fn();\n called = true;\n }\n\n return value;\n };\n};\n\n\n/**\n * Wraps a function to allow it to be called, at most, once. All\n * additional calls are no-ops.\n *\n * This is particularly useful for initialization functions\n * that should be called, at most, once.\n *\n * @param {function():*} f Function to call.\n * @return {function():undefined} Wrapped function.\n */\ngoog.functions.once = function(f) {\n 'use strict';\n // Keep a reference to the function that we null out when we're done with\n // it -- that way, the function can be GC'd when we're done with it.\n let inner = f;\n return function() {\n 'use strict';\n if (inner) {\n const tmp = inner;\n inner = null;\n tmp();\n }\n };\n};\n\n\n/**\n * Wraps a function to allow it to be called, at most, once per interval\n * (specified in milliseconds). If the wrapper function is called N times within\n * that interval, only the Nth call will go through.\n *\n * This is particularly useful for batching up repeated actions where the\n * last action should win. This can be used, for example, for refreshing an\n * autocomplete pop-up every so often rather than updating with every keystroke,\n * since the final text typed by the user is the one that should produce the\n * final autocomplete results. For more stateful debouncing with support for\n * pausing, resuming, and canceling debounced actions, use\n * `goog.async.Debouncer`.\n *\n * @param {function(this:SCOPE, ...?)} f Function to call.\n * @param {number} interval Interval over which to debounce. The function will\n * only be called after the full interval has elapsed since the last call.\n * @param {SCOPE=} opt_scope Object in whose scope to call the function.\n * @return {function(...?): undefined} Wrapped function.\n * @template SCOPE\n */\ngoog.functions.debounce = function(f, interval, opt_scope) {\n 'use strict';\n let timeout = 0;\n return /** @type {function(...?)} */ (function(var_args) {\n 'use strict';\n goog.global.clearTimeout(timeout);\n const args = arguments;\n timeout = goog.global.setTimeout(function() {\n 'use strict';\n f.apply(opt_scope, args);\n }, interval);\n });\n};\n\n\n/**\n * Wraps a function to allow it to be called, at most, once per interval\n * (specified in milliseconds). If the wrapper function is called N times in\n * that interval, both the 1st and the Nth calls will go through.\n *\n * This is particularly useful for limiting repeated user requests where the\n * the last action should win, but you also don't want to wait until the end of\n * the interval before sending a request out, as it leads to a perception of\n * slowness for the user.\n *\n * @param {function(this:SCOPE, ...?)} f Function to call.\n * @param {number} interval Interval over which to throttle. The function can\n * only be called once per interval.\n * @param {SCOPE=} opt_scope Object in whose scope to call the function.\n * @return {function(...?): undefined} Wrapped function.\n * @template SCOPE\n */\ngoog.functions.throttle = function(f, interval, opt_scope) {\n 'use strict';\n let timeout = 0;\n let shouldFire = false;\n let storedArgs = [];\n\n const handleTimeout = function() {\n 'use strict';\n timeout = 0;\n if (shouldFire) {\n shouldFire = false;\n fire();\n }\n };\n\n const fire = function() {\n 'use strict';\n timeout = goog.global.setTimeout(handleTimeout, interval);\n let args = storedArgs;\n storedArgs = []; // Avoid a space leak by clearing stored arguments.\n f.apply(opt_scope, args);\n };\n\n return /** @type {function(...?)} */ (function(var_args) {\n 'use strict';\n storedArgs = arguments;\n if (!timeout) {\n fire();\n } else {\n shouldFire = true;\n }\n });\n};\n\n\n/**\n * Wraps a function to allow it to be called, at most, once per interval\n * (specified in milliseconds). If the wrapper function is called N times within\n * that interval, only the 1st call will go through.\n *\n * This is particularly useful for limiting repeated user requests where the\n * first request is guaranteed to have all the data required to perform the\n * final action, so there's no need to wait until the end of the interval before\n * sending the request out.\n *\n * @param {function(this:SCOPE, ...?)} f Function to call.\n * @param {number} interval Interval over which to rate-limit. The function will\n * only be called once per interval, and ignored for the remainer of the\n * interval.\n * @param {SCOPE=} opt_scope Object in whose scope to call the function.\n * @return {function(...?): undefined} Wrapped function.\n * @template SCOPE\n */\ngoog.functions.rateLimit = function(f, interval, opt_scope) {\n 'use strict';\n let timeout = 0;\n\n const handleTimeout = function() {\n 'use strict';\n timeout = 0;\n };\n\n return /** @type {function(...?)} */ (function(var_args) {\n 'use strict';\n if (!timeout) {\n timeout = goog.global.setTimeout(handleTimeout, interval);\n f.apply(opt_scope, arguments);\n }\n });\n};\n\n/**\n * Returns true if the specified value is a function.\n * @param {*} val Variable to test.\n * @return {boolean} Whether variable is a function.\n */\ngoog.functions.isFunction = (val) => {\n return typeof val === 'function';\n};\n"],
|
|
8
|
+
"names":["goog","provide","functions","constant","goog.functions.constant","retValue","FALSE","goog.functions.FALSE","TRUE","goog.functions.TRUE","NULL","goog.functions.NULL","UNDEFINED","goog.functions.UNDEFINED","undefined","EMPTY","identity","goog.functions.identity","opt_returnValue","var_args","error","goog.functions.error","message","Error","fail","goog.functions.fail","err","lock","goog.functions.lock","f","opt_numArgs","self","apply","Array","prototype","slice","call","arguments","nth","goog.functions.nth","n","partialRight","goog.functions.partialRight","fn","rightArgs","global","newArgs","push","withReturnValue","goog.functions.withReturnValue","sequence","equalTo","goog.functions.equalTo","value","opt_useLooseComparison","other","compose","goog.functions.compose","length","result","i","goog.functions.sequence","and","goog.functions.and","or","goog.functions.or","not","goog.functions.not","create","goog.functions.create","constructor","temp","obj","CACHE_RETURN_VALUE","define","cacheReturnValue","goog.functions.cacheReturnValue","called","once","goog.functions.once","inner","tmp","debounce","goog.functions.debounce","interval","opt_scope","timeout","clearTimeout","args","setTimeout","throttle","goog.functions.throttle","shouldFire","storedArgs","handleTimeout","fire","rateLimit","goog.functions.rateLimit","isFunction","val","goog.functions.isFunction"]
|
|
9
|
+
}
|
|
@@ -0,0 +1,306 @@
|
|
|
1
|
+
import "./cljs_env.js";
|
|
2
|
+
goog.loadModule(function(exports) {
|
|
3
|
+
"use strict";
|
|
4
|
+
goog.module("goog.html.SafeHtml");
|
|
5
|
+
goog.module.declareLegacyNamespace();
|
|
6
|
+
const Const = goog.require("goog.string.Const");
|
|
7
|
+
const SafeScript = goog.require("goog.html.SafeScript");
|
|
8
|
+
const SafeStyle = goog.require("goog.html.SafeStyle");
|
|
9
|
+
const SafeStyleSheet = goog.require("goog.html.SafeStyleSheet");
|
|
10
|
+
const SafeUrl = goog.require("goog.html.SafeUrl");
|
|
11
|
+
const TagName = goog.require("goog.dom.TagName");
|
|
12
|
+
const TrustedResourceUrl = goog.require("goog.html.TrustedResourceUrl");
|
|
13
|
+
const TypedString = goog.require("goog.string.TypedString");
|
|
14
|
+
const asserts = goog.require("goog.asserts");
|
|
15
|
+
const browser = goog.require("goog.labs.userAgent.browser");
|
|
16
|
+
const googArray = goog.require("goog.array");
|
|
17
|
+
const googObject = goog.require("goog.object");
|
|
18
|
+
const internal = goog.require("goog.string.internal");
|
|
19
|
+
const tags = goog.require("goog.dom.tags");
|
|
20
|
+
const trustedtypes = goog.require("goog.html.trustedtypes");
|
|
21
|
+
const CONSTRUCTOR_TOKEN_PRIVATE = {};
|
|
22
|
+
class SafeHtml {
|
|
23
|
+
constructor(value, token) {
|
|
24
|
+
this.privateDoNotAccessOrElseSafeHtmlWrappedValue_ = token === CONSTRUCTOR_TOKEN_PRIVATE ? value : "";
|
|
25
|
+
this.implementsGoogStringTypedString = true;
|
|
26
|
+
}
|
|
27
|
+
getTypedStringValue() {
|
|
28
|
+
return this.privateDoNotAccessOrElseSafeHtmlWrappedValue_.toString();
|
|
29
|
+
}
|
|
30
|
+
toString() {
|
|
31
|
+
return this.privateDoNotAccessOrElseSafeHtmlWrappedValue_.toString();
|
|
32
|
+
}
|
|
33
|
+
static unwrap(safeHtml) {
|
|
34
|
+
return SafeHtml.unwrapTrustedHTML(safeHtml).toString();
|
|
35
|
+
}
|
|
36
|
+
static unwrapTrustedHTML(safeHtml) {
|
|
37
|
+
if (safeHtml instanceof SafeHtml && safeHtml.constructor === SafeHtml) {
|
|
38
|
+
return safeHtml.privateDoNotAccessOrElseSafeHtmlWrappedValue_;
|
|
39
|
+
} else {
|
|
40
|
+
asserts.fail(`expected object of type SafeHtml, got '${safeHtml}' of type ` + goog.typeOf(safeHtml));
|
|
41
|
+
return "type_error:SafeHtml";
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
static htmlEscape(textOrHtml) {
|
|
45
|
+
if (textOrHtml instanceof SafeHtml) {
|
|
46
|
+
return textOrHtml;
|
|
47
|
+
}
|
|
48
|
+
const textIsObject = typeof textOrHtml == "object";
|
|
49
|
+
let textAsString;
|
|
50
|
+
if (textIsObject && textOrHtml.implementsGoogStringTypedString) {
|
|
51
|
+
textAsString = textOrHtml.getTypedStringValue();
|
|
52
|
+
} else {
|
|
53
|
+
textAsString = String(textOrHtml);
|
|
54
|
+
}
|
|
55
|
+
return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(internal.htmlEscape(textAsString));
|
|
56
|
+
}
|
|
57
|
+
static htmlEscapePreservingNewlines(textOrHtml) {
|
|
58
|
+
if (textOrHtml instanceof SafeHtml) {
|
|
59
|
+
return textOrHtml;
|
|
60
|
+
}
|
|
61
|
+
const html = SafeHtml.htmlEscape(textOrHtml);
|
|
62
|
+
return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(internal.newLineToBr(SafeHtml.unwrap(html)));
|
|
63
|
+
}
|
|
64
|
+
static htmlEscapePreservingNewlinesAndSpaces(textOrHtml) {
|
|
65
|
+
if (textOrHtml instanceof SafeHtml) {
|
|
66
|
+
return textOrHtml;
|
|
67
|
+
}
|
|
68
|
+
const html = SafeHtml.htmlEscape(textOrHtml);
|
|
69
|
+
return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(internal.whitespaceEscape(SafeHtml.unwrap(html)));
|
|
70
|
+
}
|
|
71
|
+
static comment(text) {
|
|
72
|
+
return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse("\x3c!--" + internal.htmlEscape(text) + "--\x3e");
|
|
73
|
+
}
|
|
74
|
+
static create(tagName, attributes = undefined, content = undefined) {
|
|
75
|
+
SafeHtml.verifyTagName(String(tagName));
|
|
76
|
+
return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse(String(tagName), attributes, content);
|
|
77
|
+
}
|
|
78
|
+
static verifyTagName(tagName) {
|
|
79
|
+
if (!VALID_NAMES_IN_TAG.test(tagName)) {
|
|
80
|
+
throw new Error(SafeHtml.ENABLE_ERROR_MESSAGES ? `Invalid tag name <${tagName}>.` : "");
|
|
81
|
+
}
|
|
82
|
+
if (tagName.toUpperCase() in NOT_ALLOWED_TAG_NAMES) {
|
|
83
|
+
throw new Error(SafeHtml.ENABLE_ERROR_MESSAGES ? `Tag name <${tagName}> is not allowed for SafeHtml.` : "");
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
static createIframe(src = undefined, srcdoc = undefined, attributes = undefined, content = undefined) {
|
|
87
|
+
if (src) {
|
|
88
|
+
TrustedResourceUrl.unwrap(src);
|
|
89
|
+
}
|
|
90
|
+
const fixedAttributes = {};
|
|
91
|
+
fixedAttributes["src"] = src || null;
|
|
92
|
+
fixedAttributes["srcdoc"] = srcdoc && SafeHtml.unwrap(srcdoc);
|
|
93
|
+
const defaultAttributes = {"sandbox":""};
|
|
94
|
+
const combinedAttrs = SafeHtml.combineAttributes(fixedAttributes, defaultAttributes, attributes);
|
|
95
|
+
return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse("iframe", combinedAttrs, content);
|
|
96
|
+
}
|
|
97
|
+
static createSandboxIframe(src = undefined, srcdoc = undefined, attributes = undefined, content = undefined) {
|
|
98
|
+
if (!SafeHtml.canUseSandboxIframe()) {
|
|
99
|
+
throw new Error(SafeHtml.ENABLE_ERROR_MESSAGES ? "The browser does not support sandboxed iframes." : "");
|
|
100
|
+
}
|
|
101
|
+
const fixedAttributes = {};
|
|
102
|
+
if (src) {
|
|
103
|
+
fixedAttributes["src"] = SafeUrl.unwrap(SafeUrl.sanitize(src));
|
|
104
|
+
} else {
|
|
105
|
+
fixedAttributes["src"] = null;
|
|
106
|
+
}
|
|
107
|
+
fixedAttributes["srcdoc"] = srcdoc || null;
|
|
108
|
+
fixedAttributes["sandbox"] = "";
|
|
109
|
+
const combinedAttrs = SafeHtml.combineAttributes(fixedAttributes, {}, attributes);
|
|
110
|
+
return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse("iframe", combinedAttrs, content);
|
|
111
|
+
}
|
|
112
|
+
static canUseSandboxIframe() {
|
|
113
|
+
return goog.global["HTMLIFrameElement"] && "sandbox" in goog.global["HTMLIFrameElement"].prototype;
|
|
114
|
+
}
|
|
115
|
+
static createScriptSrc(src, attributes = undefined) {
|
|
116
|
+
TrustedResourceUrl.unwrap(src);
|
|
117
|
+
const fixedAttributes = {"src":src};
|
|
118
|
+
const defaultAttributes = {};
|
|
119
|
+
const combinedAttrs = SafeHtml.combineAttributes(fixedAttributes, defaultAttributes, attributes);
|
|
120
|
+
return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse("script", combinedAttrs);
|
|
121
|
+
}
|
|
122
|
+
static createScript(script, attributes = undefined) {
|
|
123
|
+
for (let attr in attributes) {
|
|
124
|
+
if (Object.prototype.hasOwnProperty.call(attributes, attr)) {
|
|
125
|
+
const attrLower = attr.toLowerCase();
|
|
126
|
+
if (attrLower == "language" || attrLower == "src" || attrLower == "text") {
|
|
127
|
+
throw new Error(SafeHtml.ENABLE_ERROR_MESSAGES ? `Cannot set "${attrLower}" attribute` : "");
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
let content = "";
|
|
132
|
+
script = googArray.concat(script);
|
|
133
|
+
for (let i = 0; i < script.length; i++) {
|
|
134
|
+
content += SafeScript.unwrap(script[i]);
|
|
135
|
+
}
|
|
136
|
+
const htmlContent = SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(content);
|
|
137
|
+
return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse("script", attributes, htmlContent);
|
|
138
|
+
}
|
|
139
|
+
static createStyle(styleSheet, attributes = undefined) {
|
|
140
|
+
const fixedAttributes = {"type":"text/css"};
|
|
141
|
+
const defaultAttributes = {};
|
|
142
|
+
const combinedAttrs = SafeHtml.combineAttributes(fixedAttributes, defaultAttributes, attributes);
|
|
143
|
+
let content = "";
|
|
144
|
+
styleSheet = googArray.concat(styleSheet);
|
|
145
|
+
for (let i = 0; i < styleSheet.length; i++) {
|
|
146
|
+
content += SafeStyleSheet.unwrap(styleSheet[i]);
|
|
147
|
+
}
|
|
148
|
+
const htmlContent = SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(content);
|
|
149
|
+
return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse("style", combinedAttrs, htmlContent);
|
|
150
|
+
}
|
|
151
|
+
static createMetaRefresh(url, secs = undefined) {
|
|
152
|
+
let unwrappedUrl = SafeUrl.unwrap(SafeUrl.sanitize(url));
|
|
153
|
+
if (browser.isIE() || browser.isEdge()) {
|
|
154
|
+
if (internal.contains(unwrappedUrl, ";")) {
|
|
155
|
+
unwrappedUrl = "'" + unwrappedUrl.replace(/'/g, "%27") + "'";
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
const attributes = {"http-equiv":"refresh", "content":(secs || 0) + "; url\x3d" + unwrappedUrl,};
|
|
159
|
+
return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse("meta", attributes);
|
|
160
|
+
}
|
|
161
|
+
static join(separator, parts) {
|
|
162
|
+
const separatorHtml = SafeHtml.htmlEscape(separator);
|
|
163
|
+
const content = [];
|
|
164
|
+
const addArgument = argument => {
|
|
165
|
+
if (Array.isArray(argument)) {
|
|
166
|
+
argument.forEach(addArgument);
|
|
167
|
+
} else {
|
|
168
|
+
const html = SafeHtml.htmlEscape(argument);
|
|
169
|
+
content.push(SafeHtml.unwrap(html));
|
|
170
|
+
}
|
|
171
|
+
};
|
|
172
|
+
parts.forEach(addArgument);
|
|
173
|
+
return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(content.join(SafeHtml.unwrap(separatorHtml)));
|
|
174
|
+
}
|
|
175
|
+
static concat(var_args) {
|
|
176
|
+
return SafeHtml.join(SafeHtml.EMPTY, Array.prototype.slice.call(arguments));
|
|
177
|
+
}
|
|
178
|
+
static createSafeHtmlSecurityPrivateDoNotAccessOrElse(html) {
|
|
179
|
+
const noinlineHtml = html;
|
|
180
|
+
const policy = trustedtypes.getPolicyPrivateDoNotAccessOrElse();
|
|
181
|
+
const trustedHtml = policy ? policy.createHTML(noinlineHtml) : noinlineHtml;
|
|
182
|
+
return new SafeHtml(trustedHtml, CONSTRUCTOR_TOKEN_PRIVATE);
|
|
183
|
+
}
|
|
184
|
+
static createSafeHtmlTagSecurityPrivateDoNotAccessOrElse(tagName, attributes = undefined, content = undefined) {
|
|
185
|
+
let result = `<${tagName}`;
|
|
186
|
+
result += SafeHtml.stringifyAttributes(tagName, attributes);
|
|
187
|
+
if (content == null) {
|
|
188
|
+
content = [];
|
|
189
|
+
} else if (!Array.isArray(content)) {
|
|
190
|
+
content = [content];
|
|
191
|
+
}
|
|
192
|
+
if (tags.isVoidTag(tagName.toLowerCase())) {
|
|
193
|
+
asserts.assert(!content.length, `Void tag <${tagName}> does not allow content.`);
|
|
194
|
+
result += "\x3e";
|
|
195
|
+
} else {
|
|
196
|
+
const html = SafeHtml.concat(content);
|
|
197
|
+
result += "\x3e" + SafeHtml.unwrap(html) + "\x3c/" + tagName + "\x3e";
|
|
198
|
+
}
|
|
199
|
+
return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(result);
|
|
200
|
+
}
|
|
201
|
+
static stringifyAttributes(tagName, attributes = undefined) {
|
|
202
|
+
let result = "";
|
|
203
|
+
if (attributes) {
|
|
204
|
+
for (let name in attributes) {
|
|
205
|
+
if (Object.prototype.hasOwnProperty.call(attributes, name)) {
|
|
206
|
+
if (!VALID_NAMES_IN_TAG.test(name)) {
|
|
207
|
+
throw new Error(SafeHtml.ENABLE_ERROR_MESSAGES ? `Invalid attribute name "${name}".` : "");
|
|
208
|
+
}
|
|
209
|
+
const value = attributes[name];
|
|
210
|
+
if (value == null) {
|
|
211
|
+
continue;
|
|
212
|
+
}
|
|
213
|
+
result += " " + getAttrNameAndValue(tagName, name, value);
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
}
|
|
217
|
+
return result;
|
|
218
|
+
}
|
|
219
|
+
static combineAttributes(fixedAttributes, defaultAttributes, attributes = undefined) {
|
|
220
|
+
const combinedAttributes = {};
|
|
221
|
+
for (const name in fixedAttributes) {
|
|
222
|
+
if (Object.prototype.hasOwnProperty.call(fixedAttributes, name)) {
|
|
223
|
+
asserts.assert(name.toLowerCase() == name, "Must be lower case");
|
|
224
|
+
combinedAttributes[name] = fixedAttributes[name];
|
|
225
|
+
}
|
|
226
|
+
}
|
|
227
|
+
for (const name in defaultAttributes) {
|
|
228
|
+
if (Object.prototype.hasOwnProperty.call(defaultAttributes, name)) {
|
|
229
|
+
asserts.assert(name.toLowerCase() == name, "Must be lower case");
|
|
230
|
+
combinedAttributes[name] = defaultAttributes[name];
|
|
231
|
+
}
|
|
232
|
+
}
|
|
233
|
+
if (attributes) {
|
|
234
|
+
for (const name in attributes) {
|
|
235
|
+
if (Object.prototype.hasOwnProperty.call(attributes, name)) {
|
|
236
|
+
const nameLower = name.toLowerCase();
|
|
237
|
+
if (nameLower in fixedAttributes) {
|
|
238
|
+
throw new Error(SafeHtml.ENABLE_ERROR_MESSAGES ? `Cannot override "${nameLower}" attribute, got "` + name + '" with value "' + attributes[name] + '"' : "");
|
|
239
|
+
}
|
|
240
|
+
if (nameLower in defaultAttributes) {
|
|
241
|
+
delete combinedAttributes[nameLower];
|
|
242
|
+
}
|
|
243
|
+
combinedAttributes[name] = attributes[name];
|
|
244
|
+
}
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
return combinedAttributes;
|
|
248
|
+
}
|
|
249
|
+
}
|
|
250
|
+
SafeHtml.ENABLE_ERROR_MESSAGES = goog.define("goog.html.SafeHtml.ENABLE_ERROR_MESSAGES", goog.DEBUG);
|
|
251
|
+
SafeHtml.SUPPORT_STYLE_ATTRIBUTE = goog.define("goog.html.SafeHtml.SUPPORT_STYLE_ATTRIBUTE", true);
|
|
252
|
+
SafeHtml.TextOrHtml_;
|
|
253
|
+
SafeHtml.from = SafeHtml.htmlEscape;
|
|
254
|
+
const VALID_NAMES_IN_TAG = /^[a-zA-Z0-9-]+$/;
|
|
255
|
+
const URL_ATTRIBUTES = googObject.createSet("action", "cite", "data", "formaction", "href", "manifest", "poster", "src");
|
|
256
|
+
const NOT_ALLOWED_TAG_NAMES = googObject.createSet(TagName.APPLET, TagName.BASE, TagName.EMBED, TagName.IFRAME, TagName.LINK, TagName.MATH, TagName.META, TagName.OBJECT, TagName.SCRIPT, TagName.STYLE, TagName.SVG, TagName.TEMPLATE);
|
|
257
|
+
SafeHtml.AttributeValue;
|
|
258
|
+
function getAttrNameAndValue(tagName, name, value) {
|
|
259
|
+
if (value instanceof Const) {
|
|
260
|
+
value = Const.unwrap(value);
|
|
261
|
+
} else if (name.toLowerCase() == "style") {
|
|
262
|
+
if (SafeHtml.SUPPORT_STYLE_ATTRIBUTE) {
|
|
263
|
+
value = getStyleValue(value);
|
|
264
|
+
} else {
|
|
265
|
+
throw new Error(SafeHtml.ENABLE_ERROR_MESSAGES ? 'Attribute "style" not supported.' : "");
|
|
266
|
+
}
|
|
267
|
+
} else if (/^on/i.test(name)) {
|
|
268
|
+
throw new Error(SafeHtml.ENABLE_ERROR_MESSAGES ? `Attribute "${name}` + '" requires goog.string.Const value, "' + value + '" given.' : "");
|
|
269
|
+
} else if (name.toLowerCase() in URL_ATTRIBUTES) {
|
|
270
|
+
if (value instanceof TrustedResourceUrl) {
|
|
271
|
+
value = TrustedResourceUrl.unwrap(value);
|
|
272
|
+
} else if (value instanceof SafeUrl) {
|
|
273
|
+
value = SafeUrl.unwrap(value);
|
|
274
|
+
} else if (typeof value === "string") {
|
|
275
|
+
value = SafeUrl.sanitize(value).getTypedStringValue();
|
|
276
|
+
} else {
|
|
277
|
+
throw new Error(SafeHtml.ENABLE_ERROR_MESSAGES ? `Attribute "${name}" on tag "${tagName}` + '" requires goog.html.SafeUrl, goog.string.Const, or' + ' string, value "' + value + '" given.' : "");
|
|
278
|
+
}
|
|
279
|
+
}
|
|
280
|
+
if (value.implementsGoogStringTypedString) {
|
|
281
|
+
value = value.getTypedStringValue();
|
|
282
|
+
}
|
|
283
|
+
asserts.assert(typeof value === "string" || typeof value === "number", "String or number value expected, got " + typeof value + " with value: " + value);
|
|
284
|
+
return `${name}="` + internal.htmlEscape(String(value)) + '"';
|
|
285
|
+
}
|
|
286
|
+
function getStyleValue(value) {
|
|
287
|
+
if (!goog.isObject(value)) {
|
|
288
|
+
throw new Error(SafeHtml.ENABLE_ERROR_MESSAGES ? 'The "style" attribute requires goog.html.SafeStyle or map ' + "of style properties, " + typeof value + " given: " + value : "");
|
|
289
|
+
}
|
|
290
|
+
if (!(value instanceof SafeStyle)) {
|
|
291
|
+
value = SafeStyle.create(value);
|
|
292
|
+
}
|
|
293
|
+
return SafeStyle.unwrap(value);
|
|
294
|
+
}
|
|
295
|
+
SafeHtml.DOCTYPE_HTML = {valueOf:function() {
|
|
296
|
+
return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse("\x3c!DOCTYPE html\x3e");
|
|
297
|
+
},}.valueOf();
|
|
298
|
+
SafeHtml.EMPTY = new SafeHtml(goog.global.trustedTypes && goog.global.trustedTypes.emptyHTML || "", CONSTRUCTOR_TOKEN_PRIVATE);
|
|
299
|
+
SafeHtml.BR = {valueOf:function() {
|
|
300
|
+
return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse("\x3cbr\x3e");
|
|
301
|
+
},}.valueOf();
|
|
302
|
+
exports = SafeHtml;
|
|
303
|
+
return exports;
|
|
304
|
+
});
|
|
305
|
+
|
|
306
|
+
//# sourceMappingURL=goog.html.safehtml.js.map
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version":3,
|
|
3
|
+
"file":"goog.html.safehtml.js",
|
|
4
|
+
"lineCount":304,
|
|
5
|
+
"mappings":"AAAA,IAAA,CAAA,UAAA,CAAA,QAAA,CAAA,OAAA,CAAA;AAAA,cAAA;AAaAA,MAAKC,CAAAA,MAAL,CAAY,oBAAZ,CAAA;AACAD,MAAKC,CAAAA,MAAOC,CAAAA,sBAAZ,EAAA;AAEA,QAAMC,QAAQH,IAAKI,CAAAA,OAAL,CAAa,mBAAb,CAAd;AACA,QAAMC,aAAaL,IAAKI,CAAAA,OAAL,CAAa,sBAAb,CAAnB;AACA,QAAME,YAAYN,IAAKI,CAAAA,OAAL,CAAa,qBAAb,CAAlB;AACA,QAAMG,iBAAiBP,IAAKI,CAAAA,OAAL,CAAa,0BAAb,CAAvB;AACA,QAAMI,UAAUR,IAAKI,CAAAA,OAAL,CAAa,mBAAb,CAAhB;AACA,QAAMK,UAAUT,IAAKI,CAAAA,OAAL,CAAa,kBAAb,CAAhB;AACA,QAAMM,qBAAqBV,IAAKI,CAAAA,OAAL,CAAa,8BAAb,CAA3B;AACA,QAAMO,cAAcX,IAAKI,CAAAA,OAAL,CAAa,yBAAb,CAApB;AACA,QAAMQ,UAAUZ,IAAKI,CAAAA,OAAL,CAAa,cAAb,CAAhB;AACA,QAAMS,UAAUb,IAAKI,CAAAA,OAAL,CAAa,6BAAb,CAAhB;AACA,QAAMU,YAAYd,IAAKI,CAAAA,OAAL,CAAa,YAAb,CAAlB;AACA,QAAMW,aAAaf,IAAKI,CAAAA,OAAL,CAAa,aAAb,CAAnB;AACA,QAAMY,WAAWhB,IAAKI,CAAAA,OAAL,CAAa,sBAAb,CAAjB;AACA,QAAMa,OAAOjB,IAAKI,CAAAA,OAAL,CAAa,eAAb,CAAb;AACA,QAAMc,eAAelB,IAAKI,CAAAA,OAAL,CAAa,wBAAb,CAArB;AASA,QAAMe,4BAA4B,EAAlC;AA2CA,OAAMC,SAAN;AAKEC,eAAW,CAACC,KAAD,EAAQC,KAAR,CAAe;AAOxB,UAAKC,CAAAA,6CAAL,GACKD,KAAD,KAAWJ,yBAAX,GAAwCG,KAAxC,GAAgD,EADpD;AAOA,UAAKG,CAAAA,+BAAL,GAAuC,IAAvC;AAdwB;AAwC1BC,uBAAmB,EAAG;AACpB,aAAO,IAAKF,CAAAA,6CAA8CG,CAAAA,QAAnD,EAAP;AADoB;AAetBA,YAAQ,EAAG;AACT,aAAO,IAAKH,CAAAA,6CAA8CG,CAAAA,QAAnD,EAAP;AADS;AAaJC,iBAAM,CAACC,QAAD,CAAW;AACtB,aAAOT,QAASU,CAAAA,iBAAT,CAA2BD,QAA3B,CAAqCF,CAAAA,QAArC,EAAP;AADsB;AAWjBG,4BAAiB,CAACD,QAAD,CAAW;AAOjC,UAAIA,QAAJ,YAAwBT,QAAxB,IAAoCS,QAASR,CAAAA,WAA7C,KAA6DD,QAA7D;AACE,eAAOS,QAASL,CAAAA,6CAAhB;AADF,YAEO;AACLZ,eAAQmB,CAAAA,IAAR,CACK,0CAAyCF,QAAzC,YADL,GAEI7B,IAAKgC,CAAAA,MAAL,CAAYH,QAAZ,CAFJ,CAAA;AAGA,eAAO,qBAAP;AAJK;AAT0B;AAyB5BI,qBAAU,CAACC,UAAD,CAAa;AAC5B,UAAIA,UAAJ,YAA0Bd,QAA1B;AACE,eAAOc,UAAP;AADF;AAGA,YAAMC,eAAe,MAAOD,WAAtBC,IAAoC,QAA1C;AACA,UAAIC,YAAJ;AACA,UAAID,YAAJ,IACsBD,UAAYT,CAAAA,+BADlC;AAEEW,oBAAA,GACiCF,UAAYR,CAAAA,mBAAb,EADhC;AAFF;AAKEU,oBAAA,GAAeC,MAAA,CAAOH,UAAP,CAAf;AALF;AAOA,aAAOd,QAASkB,CAAAA,8CAAT,CACHtB,QAASiB,CAAAA,UAAT,CAAoBG,YAApB,CADG,CAAP;AAb4B;AA0BvBG,uCAA4B,CAACL,UAAD,CAAa;AAC9C,UAAIA,UAAJ,YAA0Bd,QAA1B;AACE,eAAOc,UAAP;AADF;AAGA,YAAMM,OAAOpB,QAASa,CAAAA,UAAT,CAAoBC,UAApB,CAAb;AACA,aAAOd,QAASkB,CAAAA,8CAAT,CACHtB,QAASyB,CAAAA,WAAT,CAAqBrB,QAASQ,CAAAA,MAAT,CAAgBY,IAAhB,CAArB,CADG,CAAP;AAL8C;AAmBzCE,gDAAqC,CAACR,UAAD,CAAa;AACvD,UAAIA,UAAJ,YAA0Bd,QAA1B;AACE,eAAOc,UAAP;AADF;AAGA,YAAMM,OAAOpB,QAASa,CAAAA,UAAT,CAAoBC,UAApB,CAAb;AACA,aAAOd,QAASkB,CAAAA,8CAAT,CACHtB,QAAS2B,CAAAA,gBAAT,CAA0BvB,QAASQ,CAAAA,MAAT,CAAgBY,IAAhB,CAA1B,CADG,CAAP;AALuD;AAmBlDI,kBAAO,CAACC,IAAD,CAAO;AACnB,aAAOzB,QAASkB,CAAAA,8CAAT,CACH,SADG,GACMtB,QAASiB,CAAAA,UAAT,CAAoBY,IAApB,CADN,GACkC,QADlC,CAAP;AADmB;AA2DdC,iBAAM,CAACC,OAAD,EAAUC,UAAA,GAAaC,SAAvB,EAAkCC,OAAA,GAAUD,SAA5C,CAAuD;AAClE7B,cAAS+B,CAAAA,aAAT,CAAuBd,MAAA,CAAOU,OAAP,CAAvB,CAAA;AACA,aAAO3B,QAASgC,CAAAA,iDAAT,CACHf,MAAA,CAAOU,OAAP,CADG,EACcC,UADd,EAC0BE,OAD1B,CAAP;AAFkE;AAgB7DC,wBAAa,CAACJ,OAAD,CAAU;AAC5B,UAAI,CAACM,kBAAmBC,CAAAA,IAAnB,CAAwBP,OAAxB,CAAL;AACE,cAAM,IAAIQ,KAAJ,CACFnC,QAASoC,CAAAA,qBAAT,GAAkC,qBAAoBT,OAApB,IAAlC,GACiC,EAF/B,CAAN;AADF;AAKA,UAAIA,OAAQU,CAAAA,WAAR,EAAJ,IAA6BC,qBAA7B;AACE,cAAM,IAAIH,KAAJ,CACFnC,QAASoC,CAAAA,qBAAT,GAEK,aAAYT,OAAZ,gCAFL,GAGI,EAJF,CAAN;AADF;AAN4B;AA4CvBY,uBAAY,CACfC,GAAA,GAAMX,SADS,EACEY,MAAA,GAASZ,SADX,EACsBD,UAAA,GAAaC,SADnC,EAEfC,OAAA,GAAUD,SAFK,CAEM;AACvB,UAAIW,GAAJ;AAEElD,0BAAmBkB,CAAAA,MAAnB,CAA0BgC,GAA1B,CAAA;AAFF;AAKA,YAAME,kBAAkB,EAAxB;AACAA,qBAAA,CAAgB,KAAhB,CAAA,GAAyBF,GAAzB,IAAgC,IAAhC;AACAE,qBAAA,CAAgB,QAAhB,CAAA,GAA4BD,MAA5B,IAAsCzC,QAASQ,CAAAA,MAAT,CAAgBiC,MAAhB,CAAtC;AACA,YAAME,oBAAoB,CAAC,UAAW,EAAZ,CAA1B;AACA,YAAMC,gBAAgB5C,QAAS6C,CAAAA,iBAAT,CAClBH,eADkB,EACDC,iBADC,EACkBf,UADlB,CAAtB;AAEA,aAAO5B,QAASgC,CAAAA,iDAAT,CACH,QADG,EACOY,aADP,EACsBd,OADtB,CAAP;AAZuB;AAkDlBgB,8BAAmB,CACtBN,GAAA,GAAMX,SADgB,EACLY,MAAA,GAASZ,SADJ,EACeD,UAAA,GAAaC,SAD5B,EAEtBC,OAAA,GAAUD,SAFY,CAED;AACvB,UAAI,CAAC7B,QAAS+C,CAAAA,mBAAT,EAAL;AACE,cAAM,IAAIZ,KAAJ,CACFnC,QAASoC,CAAAA,qBAAT,GACI,iDADJ,GAEI,EAHF,CAAN;AADF;AAOA,YAAMM,kBAAkB,EAAxB;AACA,UAAIF,GAAJ;AAEEE,uBAAA,CAAgB,KAAhB,CAAA,GAAyBtD,OAAQoB,CAAAA,MAAR,CAAepB,OAAQ4D,CAAAA,QAAR,CAAiBR,GAAjB,CAAf,CAAzB;AAFF;AAIEE,uBAAA,CAAgB,KAAhB,CAAA,GAAyB,IAAzB;AAJF;AAMAA,qBAAA,CAAgB,QAAhB,CAAA,GAA4BD,MAA5B,IAAsC,IAAtC;AACAC,qBAAA,CAAgB,SAAhB,CAAA,GAA6B,EAA7B;AACA,YAAME,gBACF5C,QAAS6C,CAAAA,iBAAT,CAA2BH,eAA3B,EAA4C,EAA5C,EAAgDd,UAAhD,CADJ;AAEA,aAAO5B,QAASgC,CAAAA,iDAAT,CACH,QADG,EACOY,aADP,EACsBd,OADtB,CAAP;AAnBuB;AA4BlBiB,8BAAmB,EAAG;AAC3B,aAAOnE,IAAKqE,CAAAA,MAAL,CAAY,mBAAZ,CAAP,IACK,SADL,IACkBrE,IAAKqE,CAAAA,MAAL,CAAY,mBAAZ,CAAiCC,CAAAA,SADnD;AAD2B;AAoBtBC,0BAAe,CAACX,GAAD,EAAMZ,UAAA,GAAaC,SAAnB,CAA8B;AAQlDvC,wBAAmBkB,CAAAA,MAAnB,CAA0BgC,GAA1B,CAAA;AAEA,YAAME,kBAAkB,CAAC,MAAOF,GAAR,CAAxB;AACA,YAAMG,oBAAoB,EAA1B;AACA,YAAMC,gBAAgB5C,QAAS6C,CAAAA,iBAAT,CAClBH,eADkB,EACDC,iBADC,EACkBf,UADlB,CAAtB;AAEA,aAAO5B,QAASgC,CAAAA,iDAAT,CACH,QADG,EACOY,aADP,CAAP;AAdkD;AAiC7CQ,uBAAY,CAACC,MAAD,EAASzB,UAAA,GAAaC,SAAtB,CAAiC;AAClD,WAAK,IAAIyB,IAAT,GAAiB1B,WAAjB;AAEE,YAAI2B,MAAOL,CAAAA,SAAUM,CAAAA,cAAeC,CAAAA,IAAhC,CAAqC7B,UAArC,EAAiD0B,IAAjD,CAAJ,CAA4D;AAC1D,gBAAMI,YAAYJ,IAAKK,CAAAA,WAAL,EAAlB;AACA,cAAID,SAAJ,IAAiB,UAAjB,IAA+BA,SAA/B,IAA4C,KAA5C,IACIA,SADJ,IACiB,MADjB;AAEE,kBAAM,IAAIvB,KAAJ,CACFnC,QAASoC,CAAAA,qBAAT,GACK,eAAcsB,SAAd,aADL,GAEI,EAHF,CAAN;AAFF;AAF0D;AAF9D;AAcA,UAAI5B,UAAU,EAAd;AACAuB,YAAA,GAAS3D,SAAUkE,CAAAA,MAAV,CAAiBP,MAAjB,CAAT;AACA,WAAK,IAAIQ,IAAI,CAAb,EAAgBA,CAAhB,GAAoBR,MAAOS,CAAAA,MAA3B,EAAmCD,CAAA,EAAnC;AACE/B,eAAA,IAAW7C,UAAWuB,CAAAA,MAAX,CAAkB6C,MAAA,CAAOQ,CAAP,CAAlB,CAAX;AADF;AAKA,YAAME,cACF/D,QAASkB,CAAAA,8CAAT,CAAwDY,OAAxD,CADJ;AAEA,aAAO9B,QAASgC,CAAAA,iDAAT,CACH,QADG,EACOJ,UADP,EACmBmC,WADnB,CAAP;AAxBkD;AA4C7CC,sBAAW,CAACC,UAAD,EAAarC,UAAA,GAAaC,SAA1B,CAAqC;AACrD,YAAMa,kBAAkB,CAAC,OAAQ,UAAT,CAAxB;AACA,YAAMC,oBAAoB,EAA1B;AACA,YAAMC,gBAAgB5C,QAAS6C,CAAAA,iBAAT,CAClBH,eADkB,EACDC,iBADC,EACkBf,UADlB,CAAtB;AAGA,UAAIE,UAAU,EAAd;AACAmC,gBAAA,GAAavE,SAAUkE,CAAAA,MAAV,CAAiBK,UAAjB,CAAb;AACA,WAAK,IAAIJ,IAAI,CAAb,EAAgBA,CAAhB,GAAoBI,UAAWH,CAAAA,MAA/B,EAAuCD,CAAA,EAAvC;AACE/B,eAAA,IAAW3C,cAAeqB,CAAAA,MAAf,CAAsByD,UAAA,CAAWJ,CAAX,CAAtB,CAAX;AADF;AAKA,YAAME,cACF/D,QAASkB,CAAAA,8CAAT,CAAwDY,OAAxD,CADJ;AAEA,aAAO9B,QAASgC,CAAAA,iDAAT,CACH,OADG,EACMY,aADN,EACqBmB,WADrB,CAAP;AAfqD;AA4BhDG,4BAAiB,CAACC,GAAD,EAAMC,IAAA,GAAOvC,SAAb,CAAwB;AAE9C,UAAIwC,eAAejF,OAAQoB,CAAAA,MAAR,CAAepB,OAAQ4D,CAAAA,QAAR,CAAiBmB,GAAjB,CAAf,CAAnB;AAEA,UAAI1E,OAAQ6E,CAAAA,IAAR,EAAJ,IAAsB7E,OAAQ8E,CAAAA,MAAR,EAAtB;AAgBE,YAAI3E,QAAS4E,CAAAA,QAAT,CAAkBH,YAAlB,EAAgC,GAAhC,CAAJ;AACEA,sBAAA,GAAe,GAAf,GAAsBA,YAAaI,CAAAA,OAAb,CAAqB,IAArB,EAA2B,KAA3B,CAAtB,GAA0D,GAA1D;AADF;AAhBF;AAoBA,YAAM7C,aAAa,CACjB,aAAc,SADG,EAEjB,WAAYwC,IAAZ,IAAoB,CAApB,IAAyB,WAAzB,GAAoCC,YAFnB,EAAnB;AAMA,aAAOrE,QAASgC,CAAAA,iDAAT,CACH,MADG,EACKJ,UADL,CAAP;AA9B8C;AA2CzC8C,eAAI,CAACC,SAAD,EAAYC,KAAZ,CAAmB;AAC5B,YAAMC,gBAAgB7E,QAASa,CAAAA,UAAT,CAAoB8D,SAApB,CAAtB;AACA,YAAM7C,UAAU,EAAhB;AAMA,YAAMgD,cAAeC,QAADD,IAAc;AAChC,YAAIE,KAAMC,CAAAA,OAAN,CAAcF,QAAd,CAAJ;AACEA,kBAASG,CAAAA,OAAT,CAAiBJ,WAAjB,CAAA;AADF,cAEO;AACL,gBAAM1D,OAAOpB,QAASa,CAAAA,UAAT,CAAoBkE,QAApB,CAAb;AACAjD,iBAAQqD,CAAAA,IAAR,CAAanF,QAASQ,CAAAA,MAAT,CAAgBY,IAAhB,CAAb,CAAA;AAFK;AAHyB,OAAlC;AASAwD,WAAMM,CAAAA,OAAN,CAAcJ,WAAd,CAAA;AACA,aAAO9E,QAASkB,CAAAA,8CAAT,CACHY,OAAQ4C,CAAAA,IAAR,CAAa1E,QAASQ,CAAAA,MAAT,CAAgBqE,aAAhB,CAAb,CADG,CAAP;AAlB4B;AA6BvBjB,iBAAM,CAACwB,QAAD,CAAW;AACtB,aAAOpF,QAAS0E,CAAAA,IAAT,CAAc1E,QAASqF,CAAAA,KAAvB,EAA8BL,KAAM9B,CAAAA,SAAUoC,CAAAA,KAAM7B,CAAAA,IAAtB,CAA2B8B,SAA3B,CAA9B,CAAP;AADsB;AAWjBrE,yDAA8C,CAACE,IAAD,CAAO;AAE1D,YAAMoE,eAAepE,IAArB;AACA,YAAMqE,SAAS3F,YAAa4F,CAAAA,iCAAb,EAAf;AACA,YAAMC,cAAcF,MAAA,GAASA,MAAOG,CAAAA,UAAP,CAAkBJ,YAAlB,CAAT,GAA2CA,YAA/D;AACA,aAAO,IAAIxF,QAAJ,CAAa2F,WAAb,EAA0B5F,yBAA1B,CAAP;AAL0D;AAqBrDiC,4DAAiD,CACpDL,OADoD,EAC3CC,UAAA,GAAaC,SAD8B,EACnBC,OAAA,GAAUD,SADS,CACE;AACxD,UAAIgE,SAAU,IAAGlE,OAAH,EAAd;AACAkE,YAAA,IAAU7F,QAAS8F,CAAAA,mBAAT,CAA6BnE,OAA7B,EAAsCC,UAAtC,CAAV;AAEA,UAAIE,OAAJ,IAAe,IAAf;AACEA,eAAA,GAAU,EAAV;AADF,YAEO,KAAI,CAACkD,KAAMC,CAAAA,OAAN,CAAcnD,OAAd,CAAL;AACLA,eAAA,GAAU,CAACA,OAAD,CAAV;AADK;AAIP,UAAIjC,IAAKkG,CAAAA,SAAL,CAAepE,OAAQgC,CAAAA,WAAR,EAAf,CAAJ,CAA2C;AACzCnE,eAAQwG,CAAAA,MAAR,CACI,CAAClE,OAAQgC,CAAAA,MADb,EACsB,aAAYnC,OAAZ,2BADtB,CAAA;AAEAkE,cAAA,IAAU,MAAV;AAHyC,OAA3C,KAIO;AACL,cAAMzE,OAAOpB,QAAS4D,CAAAA,MAAT,CAAgB9B,OAAhB,CAAb;AACA+D,cAAA,IAAU,MAAV,GAAgB7F,QAASQ,CAAAA,MAAT,CAAgBY,IAAhB,CAAhB,GAAwC,OAAxC,GAA+CO,OAA/C,GAAyD,MAAzD;AAFK;AAKP,aAAO3B,QAASkB,CAAAA,8CAAT,CAAwD2E,MAAxD,CAAP;AAnBwD;AAiCnDC,8BAAmB,CAACnE,OAAD,EAAUC,UAAA,GAAaC,SAAvB,CAAkC;AAC1D,UAAIgE,SAAS,EAAb;AACA,UAAIjE,UAAJ;AACE,aAAK,IAAIqE,IAAT,GAAiBrE,WAAjB;AAEE,cAAI2B,MAAOL,CAAAA,SAAUM,CAAAA,cAAeC,CAAAA,IAAhC,CAAqC7B,UAArC,EAAiDqE,IAAjD,CAAJ,CAA4D;AAC1D,gBAAI,CAAChE,kBAAmBC,CAAAA,IAAnB,CAAwB+D,IAAxB,CAAL;AACE,oBAAM,IAAI9D,KAAJ,CACFnC,QAASoC,CAAAA,qBAAT,GACK,2BAA0B6D,IAA1B,IADL,GAEI,EAHF,CAAN;AADF;AAMA,kBAAM/F,QAAQ0B,UAAA,CAAWqE,IAAX,CAAd;AACA,gBAAI/F,KAAJ,IAAa,IAAb;AACE;AADF;AAGA2F,kBAAA,IAAU,GAAV,GAAgBK,mBAAA,CAAoBvE,OAApB,EAA6BsE,IAA7B,EAAmC/F,KAAnC,CAAhB;AAX0D;AAF9D;AADF;AAkBA,aAAO2F,MAAP;AApB0D;AAkCrDhD,4BAAiB,CACpBH,eADoB,EACHC,iBADG,EACgBf,UAAA,GAAaC,SAD7B,CACwC;AAC9D,YAAMsE,qBAAqB,EAA3B;AAEA,WAAK,MAAMF,IAAX,GAAmBvD,gBAAnB;AAEE,YAAIa,MAAOL,CAAAA,SAAUM,CAAAA,cAAeC,CAAAA,IAAhC,CAAqCf,eAArC,EAAsDuD,IAAtD,CAAJ,CAAiE;AAC/DzG,iBAAQwG,CAAAA,MAAR,CAAeC,IAAKtC,CAAAA,WAAL,EAAf,IAAqCsC,IAArC,EAA2C,oBAA3C,CAAA;AACAE,4BAAA,CAAmBF,IAAnB,CAAA,GAA2BvD,eAAA,CAAgBuD,IAAhB,CAA3B;AAF+D;AAFnE;AAOA,WAAK,MAAMA,IAAX,GAAmBtD,kBAAnB;AACE,YAAIY,MAAOL,CAAAA,SAAUM,CAAAA,cAAeC,CAAAA,IAAhC,CAAqCd,iBAArC,EAAwDsD,IAAxD,CAAJ,CAAmE;AACjEzG,iBAAQwG,CAAAA,MAAR,CAAeC,IAAKtC,CAAAA,WAAL,EAAf,IAAqCsC,IAArC,EAA2C,oBAA3C,CAAA;AACAE,4BAAA,CAAmBF,IAAnB,CAAA,GAA2BtD,iBAAA,CAAkBsD,IAAlB,CAA3B;AAFiE;AADrE;AAOA,UAAIrE,UAAJ;AACE,aAAK,MAAMqE,IAAX,GAAmBrE,WAAnB;AACE,cAAI2B,MAAOL,CAAAA,SAAUM,CAAAA,cAAeC,CAAAA,IAAhC,CAAqC7B,UAArC,EAAiDqE,IAAjD,CAAJ,CAA4D;AAC1D,kBAAMG,YAAYH,IAAKtC,CAAAA,WAAL,EAAlB;AACA,gBAAIyC,SAAJ,IAAiB1D,eAAjB;AACE,oBAAM,IAAIP,KAAJ,CACFnC,QAASoC,CAAAA,qBAAT,GACK,oBAAmBgE,SAAnB,oBADL,GACwDH,IADxD,GAEQ,gBAFR,GAE2BrE,UAAA,CAAWqE,IAAX,CAF3B,GAE8C,GAF9C,GAGI,EAJF,CAAN;AADF;AAOA,gBAAIG,SAAJ,IAAiBzD,iBAAjB;AACE,qBAAOwD,kBAAA,CAAmBC,SAAnB,CAAP;AADF;AAGAD,8BAAA,CAAmBF,IAAnB,CAAA,GAA2BrE,UAAA,CAAWqE,IAAX,CAA3B;AAZ0D;AAD9D;AADF;AAmBA,aAAOE,kBAAP;AApC8D;AAhqBlE;AA4sBAnG,UAASoC,CAAAA,qBAAT,GACIxD,IAAKyH,CAAAA,MAAL,CAAY,0CAAZ,EAAwDzH,IAAK0H,CAAAA,KAA7D,CADJ;AAUAtG,UAASuG,CAAAA,uBAAT,GACI3H,IAAKyH,CAAAA,MAAL,CAAY,4CAAZ,EAA0D,IAA1D,CADJ;AAUArG,UAASwG,CAAAA,WAAT;AAeAxG,UAASyG,CAAAA,IAAT,GAAgBzG,QAASa,CAAAA,UAAzB;AAMA,QAAMoB,qBAAqB,iBAA3B;AAQA,QAAMyE,iBAAiB/G,UAAWgH,CAAAA,SAAX,CACnB,QADmB,EACT,MADS,EACD,MADC,EACO,YADP,EACqB,MADrB,EAC6B,UAD7B,EACyC,QADzC,EAEnB,KAFmB,CAAvB;AAYA,QAAMrE,wBAAwB3C,UAAWgH,CAAAA,SAAX,CAC1BtH,OAAQuH,CAAAA,MADkB,EACVvH,OAAQwH,CAAAA,IADE,EACIxH,OAAQyH,CAAAA,KADZ,EACmBzH,OAAQ0H,CAAAA,MAD3B,EACmC1H,OAAQ2H,CAAAA,IAD3C,EAE1B3H,OAAQ4H,CAAAA,IAFkB,EAEZ5H,OAAQ6H,CAAAA,IAFI,EAEE7H,OAAQ8H,CAAAA,MAFV,EAEkB9H,OAAQ+H,CAAAA,MAF1B,EAEkC/H,OAAQgI,CAAAA,KAF1C,EAG1BhI,OAAQiI,CAAAA,GAHkB,EAGbjI,OAAQkI,CAAAA,QAHK,CAA9B;AAUAvH,UAASwH,CAAAA,cAAT;AAYAtB,UAASA,oBAAmB,CAACvE,OAAD,EAAUsE,IAAV,EAAgB/F,KAAhB,CAAuB;AAEjD,QAAIA,KAAJ,YAAqBnB,KAArB;AACEmB,WAAA,GAAQnB,KAAMyB,CAAAA,MAAN,CAAaN,KAAb,CAAR;AADF,UAEO,KAAI+F,IAAKtC,CAAAA,WAAL,EAAJ,IAA0B,OAA1B;AACL,UAAI3D,QAASuG,CAAAA,uBAAb;AACErG,aAAA,GAAQuH,aAAA,CAAcvH,KAAd,CAAR;AADF;AAGE,cAAM,IAAIiC,KAAJ,CACFnC,QAASoC,CAAAA,qBAAT,GAAiC,kCAAjC,GACiC,EAF/B,CAAN;AAHF;AADK,UAQA,KAAI,MAAOF,CAAAA,IAAP,CAAY+D,IAAZ,CAAJ;AAEL,YAAM,IAAI9D,KAAJ,CACFnC,QAASoC,CAAAA,qBAAT,GAAkC,cAAa6D,IAAb,EAAlC,GACQ,uCADR,GACkD/F,KADlD,GAC0D,UAD1D,GAEiC,EAH/B,CAAN;AAFK,UAOA,KAAI+F,IAAKtC,CAAAA,WAAL,EAAJ,IAA0B+C,cAA1B;AACL,UAAIxG,KAAJ,YAAqBZ,kBAArB;AACEY,aAAA,GAAQZ,kBAAmBkB,CAAAA,MAAnB,CAA0BN,KAA1B,CAAR;AADF,YAEO,KAAIA,KAAJ,YAAqBd,OAArB;AACLc,aAAA,GAAQd,OAAQoB,CAAAA,MAAR,CAAeN,KAAf,CAAR;AADK,YAEA,KAAI,MAAOA,MAAX,KAAqB,QAArB;AACLA,aAAA,GAAQd,OAAQ4D,CAAAA,QAAR,CAAiB9C,KAAjB,CAAwBI,CAAAA,mBAAxB,EAAR;AADK;AAGL,cAAM,IAAI6B,KAAJ,CACFnC,QAASoC,CAAAA,qBAAT,GACK,cAAa6D,IAAb,aAA8BtE,OAA9B,EADL,GAEQ,qDAFR,GAGQ,kBAHR,GAG6BzB,KAH7B,GAGqC,UAHrC,GAII,EALF,CAAN;AAHK;AALF;AAmBP,QAAsBA,KAAOG,CAAAA,+BAA7B;AAGEH,WAAA,GACiCA,KAAOI,CAAAA,mBAAR,EADhC;AAHF;AAOAd,WAAQwG,CAAAA,MAAR,CACI,MAAO9F,MADX,KACqB,QADrB,IACiC,MAAOA,MADxC,KACkD,QADlD,EAEI,uCAFJ,GAE+C,MAAOA,MAFtD,GAGQ,eAHR,GAG0BA,KAH1B,CAAA;AAIA,WAAQ,GAAE+F,IAAF,IAAR,GAAqBrG,QAASiB,CAAAA,UAAT,CAAoBI,MAAA,CAAOf,KAAP,CAApB,CAArB,GAA0D,GAA1D;AAjDiD;AA6DnDuH,UAASA,cAAa,CAACvH,KAAD,CAAQ;AAC5B,QAAI,CAACtB,IAAK8I,CAAAA,QAAL,CAAcxH,KAAd,CAAL;AACE,YAAM,IAAIiC,KAAJ,CACFnC,QAASoC,CAAAA,qBAAT,GACI,4DADJ,GAEQ,uBAFR,GAEmC,MAAOlC,MAF1C,GAEmD,UAFnD,GAEgEA,KAFhE,GAGI,EAJF,CAAN;AADF;AAOA,QAAI,EAAEA,KAAF,YAAmBhB,SAAnB,CAAJ;AAEEgB,WAAA,GAAQhB,SAAUwC,CAAAA,MAAV,CAAiBxB,KAAjB,CAAR;AAFF;AAIA,WAAOhB,SAAUsB,CAAAA,MAAV,CAAiBN,KAAjB,CAAP;AAZ4B;AAoB9BF,UAAS2H,CAAAA,YAAT,GAAkD,CAIhDC,QAASA,QAAQ,EAAG;AAClB,WAAO5H,QAASkB,CAAAA,8CAAT,CACH,uBADG,CAAP;AADkB,GAJ4B,EAQhD0G,CAAAA,OARgD,EAAlD;AAcA5H,UAASqF,CAAAA,KAAT,GAAiB,IAAIrF,QAAJ,CACZpB,IAAKqE,CAAAA,MAAO4E,CAAAA,YADA,IACgBjJ,IAAKqE,CAAAA,MAAO4E,CAAAA,YAAaC,CAAAA,SADzC,IACuD,EADvD,EAEb/H,yBAFa,CAAjB;AAQAC,UAAS+H,CAAAA,EAAT,GAAwC,CAItCH,QAASA,QAAQ,EAAG;AAClB,WAAO5H,QAASkB,CAAAA,8CAAT,CAAwD,YAAxD,CAAP;AADkB,GAJkB,EAOtC0G,CAAAA,OAPsC,EAAxC;AAUAI,SAAA,GAAUhI,QAAV;AAl+BA,SAAA,OAAA;AAAA,CAAA,CAAA;;",
|
|
6
|
+
"sources":["goog/html/safehtml.js"],
|
|
7
|
+
"sourcesContent":["/**\n * @license\n * Copyright The Closure Library Authors.\n * SPDX-License-Identifier: Apache-2.0\n */\n\n\n/**\n * @fileoverview The SafeHtml type and its builders.\n *\n * TODO(xtof): Link to document stating type contract.\n */\n\ngoog.module('goog.html.SafeHtml');\ngoog.module.declareLegacyNamespace();\n\nconst Const = goog.require('goog.string.Const');\nconst SafeScript = goog.require('goog.html.SafeScript');\nconst SafeStyle = goog.require('goog.html.SafeStyle');\nconst SafeStyleSheet = goog.require('goog.html.SafeStyleSheet');\nconst SafeUrl = goog.require('goog.html.SafeUrl');\nconst TagName = goog.require('goog.dom.TagName');\nconst TrustedResourceUrl = goog.require('goog.html.TrustedResourceUrl');\nconst TypedString = goog.require('goog.string.TypedString');\nconst asserts = goog.require('goog.asserts');\nconst browser = goog.require('goog.labs.userAgent.browser');\nconst googArray = goog.require('goog.array');\nconst googObject = goog.require('goog.object');\nconst internal = goog.require('goog.string.internal');\nconst tags = goog.require('goog.dom.tags');\nconst trustedtypes = goog.require('goog.html.trustedtypes');\n\n\n/**\n * Token used to ensure that object is created only from this file. No code\n * outside of this file can access this token.\n * @type {!Object}\n * @const\n */\nconst CONSTRUCTOR_TOKEN_PRIVATE = {};\n\n/**\n * A string that is safe to use in HTML context in DOM APIs and HTML documents.\n *\n * A SafeHtml is a string-like object that carries the security type contract\n * that its value as a string will not cause untrusted script execution when\n * evaluated as HTML in a browser.\n *\n * Values of this type are guaranteed to be safe to use in HTML contexts,\n * such as, assignment to the innerHTML DOM property, or interpolation into\n * a HTML template in HTML PC_DATA context, in the sense that the use will not\n * result in a Cross-Site-Scripting vulnerability.\n *\n * Instances of this type must be created via the factory methods\n * (`SafeHtml.create`, `SafeHtml.htmlEscape`),\n * etc and not by invoking its constructor. The constructor intentionally takes\n * an extra parameter that cannot be constructed outside of this file and the\n * type is immutable; hence only a default instance corresponding to the empty\n * string can be obtained via constructor invocation.\n *\n * Creating SafeHtml objects HAS SIDE-EFFECTS due to calling Trusted Types Web\n * API.\n *\n * Note that there is no `SafeHtml.fromConstant`. The reason is that\n * the following code would create an unsafe HTML:\n *\n * ```\n * SafeHtml.concat(\n * SafeHtml.fromConstant(Const.from('<script>')),\n * SafeHtml.htmlEscape(userInput),\n * SafeHtml.fromConstant(Const.from('<\\/script>')));\n * ```\n *\n * There's `goog.dom.constHtmlToNode` to create a node from constant strings\n * only.\n *\n * @see SafeHtml.create\n * @see SafeHtml.htmlEscape\n * @final\n * @struct\n * @implements {TypedString}\n */\nclass SafeHtml {\n /**\n * @param {!TrustedHTML|string} value\n * @param {!Object} token package-internal implementation detail.\n */\n constructor(value, token) {\n /**\n * The contained value of this SafeHtml. The field has a purposely ugly\n * name to make (non-compiled) code that attempts to directly access this\n * field stand out.\n * @private {!TrustedHTML|string}\n */\n this.privateDoNotAccessOrElseSafeHtmlWrappedValue_ =\n (token === CONSTRUCTOR_TOKEN_PRIVATE) ? value : '';\n\n /**\n * @override\n * @const {boolean}\n */\n this.implementsGoogStringTypedString = true;\n }\n\n\n /**\n * Returns this SafeHtml's value as string.\n *\n * IMPORTANT: In code where it is security relevant that an object's type is\n * indeed `SafeHtml`, use `SafeHtml.unwrap` instead of\n * this method. If in doubt, assume that it's security relevant. In\n * particular, note that goog.html functions which return a goog.html type do\n * not guarantee that the returned instance is of the right type. For example:\n *\n * <pre>\n * var fakeSafeHtml = new String('fake');\n * fakeSafeHtml.__proto__ = SafeHtml.prototype;\n * var newSafeHtml = SafeHtml.htmlEscape(fakeSafeHtml);\n * // newSafeHtml is just an alias for fakeSafeHtml, it's passed through by\n * // SafeHtml.htmlEscape() as fakeSafeHtml\n * // instanceof SafeHtml.\n * </pre>\n *\n * @return {string}\n * @see SafeHtml.unwrap\n * @override\n */\n getTypedStringValue() {\n return this.privateDoNotAccessOrElseSafeHtmlWrappedValue_.toString();\n }\n\n\n /**\n * Returns a string-representation of this value.\n *\n * To obtain the actual string value wrapped in a SafeHtml, use\n * `SafeHtml.unwrap`.\n *\n * @return {string}\n * @see SafeHtml.unwrap\n * @override\n */\n toString() {\n return this.privateDoNotAccessOrElseSafeHtmlWrappedValue_.toString();\n }\n\n /**\n * Performs a runtime check that the provided object is indeed a SafeHtml\n * object, and returns its value.\n * @param {!SafeHtml} safeHtml The object to extract from.\n * @return {string} The SafeHtml object's contained string, unless the\n * run-time type check fails. In that case, `unwrap` returns an innocuous\n * string, or, if assertions are enabled, throws\n * `asserts.AssertionError`.\n */\n static unwrap(safeHtml) {\n return SafeHtml.unwrapTrustedHTML(safeHtml).toString();\n }\n\n\n /**\n * Unwraps value as TrustedHTML if supported or as a string if not.\n * @param {!SafeHtml} safeHtml\n * @return {!TrustedHTML|string}\n * @see SafeHtml.unwrap\n */\n static unwrapTrustedHTML(safeHtml) {\n // Perform additional run-time type-checking to ensure that safeHtml is\n // indeed an instance of the expected type. This provides some additional\n // protection against security bugs due to application code that disables\n // type checks. Specifically, the following checks are performed:\n // 1. The object is an instance of the expected type.\n // 2. The object is not an instance of a subclass.\n if (safeHtml instanceof SafeHtml && safeHtml.constructor === SafeHtml) {\n return safeHtml.privateDoNotAccessOrElseSafeHtmlWrappedValue_;\n } else {\n asserts.fail(\n `expected object of type SafeHtml, got '${safeHtml}' of type ` +\n goog.typeOf(safeHtml));\n return 'type_error:SafeHtml';\n }\n }\n\n /**\n * Returns HTML-escaped text as a SafeHtml object.\n *\n * @param {!SafeHtml.TextOrHtml_} textOrHtml The text to escape. If\n * the parameter is of type SafeHtml it is returned directly (no escaping\n * is done).\n * @return {!SafeHtml} The escaped text, wrapped as a SafeHtml.\n */\n static htmlEscape(textOrHtml) {\n if (textOrHtml instanceof SafeHtml) {\n return textOrHtml;\n }\n const textIsObject = typeof textOrHtml == 'object';\n let textAsString;\n if (textIsObject &&\n /** @type {?} */ (textOrHtml).implementsGoogStringTypedString) {\n textAsString =\n /** @type {!TypedString} */ (textOrHtml).getTypedStringValue();\n } else {\n textAsString = String(textOrHtml);\n }\n return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(\n internal.htmlEscape(textAsString));\n }\n\n\n /**\n * Returns HTML-escaped text as a SafeHtml object, with newlines changed to\n * <br>.\n * @param {!SafeHtml.TextOrHtml_} textOrHtml The text to escape. If\n * the parameter is of type SafeHtml it is returned directly (no escaping\n * is done).\n * @return {!SafeHtml} The escaped text, wrapped as a SafeHtml.\n */\n static htmlEscapePreservingNewlines(textOrHtml) {\n if (textOrHtml instanceof SafeHtml) {\n return textOrHtml;\n }\n const html = SafeHtml.htmlEscape(textOrHtml);\n return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(\n internal.newLineToBr(SafeHtml.unwrap(html)));\n }\n\n\n /**\n * Returns HTML-escaped text as a SafeHtml object, with newlines changed to\n * <br> and escaping whitespace to preserve spatial formatting.\n * Character entity #160 is used to make it safer for XML.\n * @param {!SafeHtml.TextOrHtml_} textOrHtml The text to escape. If\n * the parameter is of type SafeHtml it is returned directly (no escaping\n * is done).\n * @return {!SafeHtml} The escaped text, wrapped as a SafeHtml.\n */\n static htmlEscapePreservingNewlinesAndSpaces(textOrHtml) {\n if (textOrHtml instanceof SafeHtml) {\n return textOrHtml;\n }\n const html = SafeHtml.htmlEscape(textOrHtml);\n return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(\n internal.whitespaceEscape(SafeHtml.unwrap(html)));\n }\n\n /**\n * Converts an arbitrary string into an HTML comment by HTML-escaping the\n * contents and embedding the result between HTML comment markers.\n *\n * Escaping is needed because Internet Explorer supports conditional comments\n * and so may render HTML markup within comments.\n *\n * @param {string} text\n * @return {!SafeHtml}\n */\n static comment(text) {\n return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(\n '\u003c!--' + internal.htmlEscape(text) + '--\u003e');\n }\n\n /**\n * Creates a SafeHtml content consisting of a tag with optional attributes and\n * optional content.\n *\n * For convenience tag names and attribute names are accepted as regular\n * strings, instead of Const. Nevertheless, you should not pass\n * user-controlled values to these parameters. Note that these parameters are\n * syntactically validated at runtime, and invalid values will result in\n * an exception.\n *\n * Example usage:\n *\n * SafeHtml.create('br');\n * SafeHtml.create('div', {'class': 'a'});\n * SafeHtml.create('p', {}, 'a');\n * SafeHtml.create('p', {}, SafeHtml.create('br'));\n *\n * SafeHtml.create('span', {\n * 'style': {'margin': '0'}\n * });\n *\n * To guarantee SafeHtml's type contract is upheld there are restrictions on\n * attribute values and tag names.\n *\n * - For attributes which contain script code (on*), a Const is\n * required.\n * - For attributes which contain style (style), a SafeStyle or a\n * SafeStyle.PropertyMap is required.\n * - For attributes which are interpreted as URLs (e.g. src, href) a\n * SafeUrl, Const or string is required. If a string\n * is passed, it will be sanitized with SafeUrl.sanitize().\n * - For tags which can load code or set security relevant page metadata,\n * more specific SafeHtml.create*() functions must be used. Tags\n * which are not supported by this function are applet, base, embed, iframe,\n * link, math, meta, object, script, style, svg, and template.\n *\n * @param {!TagName|string} tagName The name of the tag. Only tag names\n * consisting of [a-zA-Z0-9-] are allowed. Tag names documented above are\n * disallowed.\n * @param {?Object<string, ?SafeHtml.AttributeValue>=} attributes Mapping\n * from attribute names to their values. Only attribute names consisting\n * of [a-zA-Z0-9-] are allowed. Value of null or undefined causes the\n * attribute to be omitted.\n * @param {!SafeHtml.TextOrHtml_|\n * !Array<!SafeHtml.TextOrHtml_>=} content Content to HTML-escape and put\n * inside the tag. This must be empty for void tags like <br>. Array elements\n * are concatenated.\n * @return {!SafeHtml} The SafeHtml content with the tag.\n * @throws {!Error} If invalid tag name, attribute name, or attribute value is\n * provided.\n * @throws {!asserts.AssertionError} If content for void tag is provided.\n * @deprecated Use a recommended templating system like Lit instead.\n * More information: go/goog.html-readme // LINE-INTERNAL\n */\n static create(tagName, attributes = undefined, content = undefined) {\n SafeHtml.verifyTagName(String(tagName));\n return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse(\n String(tagName), attributes, content);\n }\n\n\n /**\n * Verifies if the tag name is valid and if it doesn't change the context.\n * E.g. STRONG is fine but SCRIPT throws because it changes context. See\n * SafeHtml.create for an explanation of allowed tags.\n * @param {string} tagName\n * @return {void}\n * @throws {!Error} If invalid tag name is provided.\n * @package\n */\n static verifyTagName(tagName) {\n if (!VALID_NAMES_IN_TAG.test(tagName)) {\n throw new Error(\n SafeHtml.ENABLE_ERROR_MESSAGES ? `Invalid tag name <${tagName}>.` :\n '');\n }\n if (tagName.toUpperCase() in NOT_ALLOWED_TAG_NAMES) {\n throw new Error(\n SafeHtml.ENABLE_ERROR_MESSAGES ?\n\n `Tag name <${tagName}> is not allowed for SafeHtml.` :\n '');\n }\n }\n\n\n /**\n * Creates a SafeHtml representing an iframe tag.\n *\n * This by default restricts the iframe as much as possible by setting the\n * sandbox attribute to the empty string. If the iframe requires less\n * restrictions, set the sandbox attribute as tight as possible, but do not\n * rely on the sandbox as a security feature because it is not supported by\n * older browsers. If a sandbox is essential to security (e.g. for third-party\n * frames), use createSandboxIframe which checks for browser support.\n *\n * @see https://developer.mozilla.org/en/docs/Web/HTML/Element/iframe#attr-sandbox\n *\n * @param {?TrustedResourceUrl=} src The value of the src\n * attribute. If null or undefined src will not be set.\n * @param {?SafeHtml=} srcdoc The value of the srcdoc attribute.\n * If null or undefined srcdoc will not be set.\n * @param {?Object<string, ?SafeHtml.AttributeValue>=} attributes Mapping\n * from attribute names to their values. Only attribute names consisting\n * of [a-zA-Z0-9-] are allowed. Value of null or undefined causes the\n * attribute to be omitted.\n * @param {!SafeHtml.TextOrHtml_|\n * !Array<!SafeHtml.TextOrHtml_>=} content Content to HTML-escape and put\n * inside the tag. Array elements are concatenated.\n * @return {!SafeHtml} The SafeHtml content with the tag.\n * @throws {!Error} If invalid tag name, attribute name, or attribute value is\n * provided. If attributes\n * contains the src or srcdoc attributes.\n */\n static createIframe(\n src = undefined, srcdoc = undefined, attributes = undefined,\n content = undefined) {\n if (src) {\n // Check whether this is really TrustedResourceUrl.\n TrustedResourceUrl.unwrap(src);\n }\n\n const fixedAttributes = {};\n fixedAttributes['src'] = src || null;\n fixedAttributes['srcdoc'] = srcdoc && SafeHtml.unwrap(srcdoc);\n const defaultAttributes = {'sandbox': ''};\n const combinedAttrs = SafeHtml.combineAttributes(\n fixedAttributes, defaultAttributes, attributes);\n return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse(\n 'iframe', combinedAttrs, content);\n }\n\n\n /**\n * Creates a SafeHtml representing a sandboxed iframe tag.\n *\n * The sandbox attribute is enforced in its most restrictive mode, an empty\n * string. Consequently, the security requirements for the src and srcdoc\n * attributes are relaxed compared to SafeHtml.createIframe. This function\n * will throw on browsers that do not support the sandbox attribute, as\n * determined by SafeHtml.canUseSandboxIframe.\n *\n * The SafeHtml returned by this function can trigger downloads with no\n * user interaction on Chrome (though only a few, further attempts are\n * blocked). Firefox and IE will block all downloads from the sandbox.\n *\n * @see https://developer.mozilla.org/en/docs/Web/HTML/Element/iframe#attr-sandbox\n * @see https://lists.w3.org/Archives/Public/public-whatwg-archive/2013Feb/0112.html\n *\n * @param {string|!SafeUrl=} src The value of the src\n * attribute. If null or undefined src will not be set.\n * @param {string=} srcdoc The value of the srcdoc attribute.\n * If null or undefined srcdoc will not be set. Will not be sanitized.\n * @param {!Object<string, ?SafeHtml.AttributeValue>=} attributes Mapping\n * from attribute names to their values. Only attribute names consisting\n * of [a-zA-Z0-9-] are allowed. Value of null or undefined causes the\n * attribute to be omitted.\n * @param {!SafeHtml.TextOrHtml_|\n * !Array<!SafeHtml.TextOrHtml_>=} content Content to HTML-escape and put\n * inside the tag. Array elements are concatenated.\n * @return {!SafeHtml} The SafeHtml content with the tag.\n * @throws {!Error} If invalid tag name, attribute name, or attribute value is\n * provided. If attributes\n * contains the src, srcdoc or sandbox attributes. If browser does not support\n * the sandbox attribute on iframe.\n */\n static createSandboxIframe(\n src = undefined, srcdoc = undefined, attributes = undefined,\n content = undefined) {\n if (!SafeHtml.canUseSandboxIframe()) {\n throw new Error(\n SafeHtml.ENABLE_ERROR_MESSAGES ?\n 'The browser does not support sandboxed iframes.' :\n '');\n }\n\n const fixedAttributes = {};\n if (src) {\n // Note that sanitize is a no-op on SafeUrl.\n fixedAttributes['src'] = SafeUrl.unwrap(SafeUrl.sanitize(src));\n } else {\n fixedAttributes['src'] = null;\n }\n fixedAttributes['srcdoc'] = srcdoc || null;\n fixedAttributes['sandbox'] = '';\n const combinedAttrs =\n SafeHtml.combineAttributes(fixedAttributes, {}, attributes);\n return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse(\n 'iframe', combinedAttrs, content);\n }\n\n\n /**\n * Checks if the user agent supports sandboxed iframes.\n * @return {boolean}\n */\n static canUseSandboxIframe() {\n return goog.global['HTMLIFrameElement'] &&\n ('sandbox' in goog.global['HTMLIFrameElement'].prototype);\n }\n\n\n /**\n * Creates a SafeHtml representing a script tag with the src attribute.\n * @param {!TrustedResourceUrl} src The value of the src\n * attribute.\n * @param {?Object<string, ?SafeHtml.AttributeValue>=}\n * attributes\n * Mapping from attribute names to their values. Only attribute names\n * consisting of [a-zA-Z0-9-] are allowed. Value of null or undefined\n * causes the attribute to be omitted.\n * @return {!SafeHtml} The SafeHtml content with the tag.\n * @throws {!Error} If invalid attribute name or value is provided. If\n * attributes contains the\n * src attribute.\n */\n static createScriptSrc(src, attributes = undefined) {\n // TODO(mlourenco): The charset attribute should probably be blocked. If\n // its value is attacker controlled, the script contains attacker controlled\n // sub-strings (even if properly escaped) and the server does not set\n // charset then XSS is likely possible.\n // https://html.spec.whatwg.org/multipage/scripting.html#dom-script-charset\n\n // Check whether this is really TrustedResourceUrl.\n TrustedResourceUrl.unwrap(src);\n\n const fixedAttributes = {'src': src};\n const defaultAttributes = {};\n const combinedAttrs = SafeHtml.combineAttributes(\n fixedAttributes, defaultAttributes, attributes);\n return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse(\n 'script', combinedAttrs);\n }\n\n /**\n * Creates a SafeHtml representing a script tag. Does not allow the language,\n * src, text or type attributes to be set.\n * @param {!SafeScript|!Array<!SafeScript>}\n * script Content to put inside the tag. Array elements are\n * concatenated.\n * @param {?Object<string, ?SafeHtml.AttributeValue>=} attributes Mapping\n * from attribute names to their values. Only attribute names consisting\n * of [a-zA-Z0-9-] are allowed. Value of null or undefined causes the\n * attribute to be omitted.\n * @return {!SafeHtml} The SafeHtml content with the tag.\n * @throws {!Error} If invalid attribute name or attribute value is provided.\n * If attributes contains the\n * language, src or text attribute.\n */\n static createScript(script, attributes = undefined) {\n for (let attr in attributes) {\n // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwnProperty#Using_hasOwnProperty_as_a_property_name\n if (Object.prototype.hasOwnProperty.call(attributes, attr)) {\n const attrLower = attr.toLowerCase();\n if (attrLower == 'language' || attrLower == 'src' ||\n attrLower == 'text') {\n throw new Error(\n SafeHtml.ENABLE_ERROR_MESSAGES ?\n `Cannot set \"${attrLower}\" attribute` :\n '');\n }\n }\n }\n\n let content = '';\n script = googArray.concat(script);\n for (let i = 0; i < script.length; i++) {\n content += SafeScript.unwrap(script[i]);\n }\n // Convert to SafeHtml so that it's not HTML-escaped. This is safe because\n // as part of its contract, SafeScript should have no dangerous '<'.\n const htmlContent =\n SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(content);\n return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse(\n 'script', attributes, htmlContent);\n }\n\n\n /**\n * Creates a SafeHtml representing a style tag. The type attribute is set\n * to \"text/css\".\n * @param {!SafeStyleSheet|!Array<!SafeStyleSheet>}\n * styleSheet Content to put inside the tag. Array elements are\n * concatenated.\n * @param {?Object<string, ?SafeHtml.AttributeValue>=} attributes Mapping\n * from attribute names to their values. Only attribute names consisting\n * of [a-zA-Z0-9-] are allowed. Value of null or undefined causes the\n * attribute to be omitted.\n * @return {!SafeHtml} The SafeHtml content with the tag.\n * @throws {!Error} If invalid attribute name or attribute value is provided.\n * If attributes contains the\n * type attribute.\n */\n static createStyle(styleSheet, attributes = undefined) {\n const fixedAttributes = {'type': 'text/css'};\n const defaultAttributes = {};\n const combinedAttrs = SafeHtml.combineAttributes(\n fixedAttributes, defaultAttributes, attributes);\n\n let content = '';\n styleSheet = googArray.concat(styleSheet);\n for (let i = 0; i < styleSheet.length; i++) {\n content += SafeStyleSheet.unwrap(styleSheet[i]);\n }\n // Convert to SafeHtml so that it's not HTML-escaped. This is safe because\n // as part of its contract, SafeStyleSheet should have no dangerous '<'.\n const htmlContent =\n SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(content);\n return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse(\n 'style', combinedAttrs, htmlContent);\n }\n\n\n /**\n * Creates a SafeHtml representing a meta refresh tag.\n * @param {!SafeUrl|string} url Where to redirect. If a string is\n * passed, it will be sanitized with SafeUrl.sanitize().\n * @param {number=} secs Number of seconds until the page should be\n * reloaded. Will be set to 0 if unspecified.\n * @return {!SafeHtml} The SafeHtml content with the tag.\n */\n static createMetaRefresh(url, secs = undefined) {\n // Note that sanitize is a no-op on SafeUrl.\n let unwrappedUrl = SafeUrl.unwrap(SafeUrl.sanitize(url));\n\n if (browser.isIE() || browser.isEdge()) {\n // IE/EDGE can't parse the content attribute if the url contains a\n // semicolon. We can fix this by adding quotes around the url, but then we\n // can't parse quotes in the URL correctly. Also, it seems that IE/EDGE\n // did not unescape semicolons in these URLs at some point in the past. We\n // take a best-effort approach.\n //\n // If the URL has semicolons (which may happen in some cases, see\n // http://www.w3.org/TR/1999/REC-html401-19991224/appendix/notes.html#h-B.2\n // for instance), wrap it in single quotes to protect the semicolons.\n // If the URL has semicolons and single quotes, url-encode the single\n // quotes as well.\n //\n // This is imperfect. Notice that both ' and ; are reserved characters in\n // URIs, so this could do the wrong thing, but at least it will do the\n // wrong thing in only rare cases.\n if (internal.contains(unwrappedUrl, ';')) {\n unwrappedUrl = '\\'' + unwrappedUrl.replace(/'/g, '%27') + '\\'';\n }\n }\n const attributes = {\n 'http-equiv': 'refresh',\n 'content': (secs || 0) + '; url=' + unwrappedUrl,\n };\n\n // This function will handle the HTML escaping for attributes.\n return SafeHtml.createSafeHtmlTagSecurityPrivateDoNotAccessOrElse(\n 'meta', attributes);\n }\n\n /**\n * Creates a new SafeHtml object by joining the parts with separator.\n * @param {!SafeHtml.TextOrHtml_} separator\n * @param {!Array<!SafeHtml.TextOrHtml_|\n * !Array<!SafeHtml.TextOrHtml_>>} parts Parts to join. If a part\n * contains an array then each member of this array is also joined with\n * the separator.\n * @return {!SafeHtml}\n */\n static join(separator, parts) {\n const separatorHtml = SafeHtml.htmlEscape(separator);\n const content = [];\n\n /**\n * @param {!SafeHtml.TextOrHtml_|\n * !Array<!SafeHtml.TextOrHtml_>} argument\n */\n const addArgument = (argument) => {\n if (Array.isArray(argument)) {\n argument.forEach(addArgument);\n } else {\n const html = SafeHtml.htmlEscape(argument);\n content.push(SafeHtml.unwrap(html));\n }\n };\n\n parts.forEach(addArgument);\n return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(\n content.join(SafeHtml.unwrap(separatorHtml)));\n }\n\n\n /**\n * Creates a new SafeHtml object by concatenating values.\n * @param {...(!SafeHtml.TextOrHtml_|\n * !Array<!SafeHtml.TextOrHtml_>)} var_args Values to concatenate.\n * @return {!SafeHtml}\n */\n static concat(var_args) {\n return SafeHtml.join(SafeHtml.EMPTY, Array.prototype.slice.call(arguments));\n }\n\n /**\n * Package-internal utility method to create SafeHtml instances.\n *\n * @param {string} html The string to initialize the SafeHtml object with.\n * @return {!SafeHtml} The initialized SafeHtml object.\n * @package\n */\n static createSafeHtmlSecurityPrivateDoNotAccessOrElse(html) {\n /** @noinline */\n const noinlineHtml = html;\n const policy = trustedtypes.getPolicyPrivateDoNotAccessOrElse();\n const trustedHtml = policy ? policy.createHTML(noinlineHtml) : noinlineHtml;\n return new SafeHtml(trustedHtml, CONSTRUCTOR_TOKEN_PRIVATE);\n }\n\n\n /**\n * Like create() but does not restrict which tags can be constructed.\n *\n * @param {string} tagName Tag name. Set or validated by caller.\n * @param {?Object<string, ?SafeHtml.AttributeValue>=} attributes\n * @param {(!SafeHtml.TextOrHtml_|\n * !Array<!SafeHtml.TextOrHtml_>)=} content\n * @return {!SafeHtml}\n * @throws {!Error} If invalid or unsafe attribute name or value is provided.\n * @throws {!asserts.AssertionError} If content for void tag is provided.\n * @package\n */\n static createSafeHtmlTagSecurityPrivateDoNotAccessOrElse(\n tagName, attributes = undefined, content = undefined) {\n let result = `<${tagName}`;\n result += SafeHtml.stringifyAttributes(tagName, attributes);\n\n if (content == null) {\n content = [];\n } else if (!Array.isArray(content)) {\n content = [content];\n }\n\n if (tags.isVoidTag(tagName.toLowerCase())) {\n asserts.assert(\n !content.length, `Void tag <${tagName}> does not allow content.`);\n result += '>';\n } else {\n const html = SafeHtml.concat(content);\n result += '>' + SafeHtml.unwrap(html) + '</' + tagName + '>';\n }\n\n return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(result);\n }\n\n\n /**\n * Creates a string with attributes to insert after tagName.\n * @param {string} tagName\n * @param {?Object<string, ?SafeHtml.AttributeValue>=} attributes\n * @return {string} Returns an empty string if there are no attributes,\n * returns a string starting with a space otherwise.\n * @throws {!Error} If attribute value is unsafe for the given tag and\n * attribute.\n * @package\n */\n static stringifyAttributes(tagName, attributes = undefined) {\n let result = '';\n if (attributes) {\n for (let name in attributes) {\n // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwnProperty#Using_hasOwnProperty_as_a_property_name\n if (Object.prototype.hasOwnProperty.call(attributes, name)) {\n if (!VALID_NAMES_IN_TAG.test(name)) {\n throw new Error(\n SafeHtml.ENABLE_ERROR_MESSAGES ?\n `Invalid attribute name \"${name}\".` :\n '');\n }\n const value = attributes[name];\n if (value == null) {\n continue;\n }\n result += ' ' + getAttrNameAndValue(tagName, name, value);\n }\n }\n }\n return result;\n }\n\n\n /**\n * @param {!Object<string, ?SafeHtml.AttributeValue>} fixedAttributes\n * @param {!Object<string, string>} defaultAttributes\n * @param {?Object<string, ?SafeHtml.AttributeValue>=} attributes Optional\n * attributes passed to create*().\n * @return {!Object<string, ?SafeHtml.AttributeValue>}\n * @throws {!Error} If attributes contains an attribute with the same name as\n * an attribute in fixedAttributes.\n * @package\n */\n static combineAttributes(\n fixedAttributes, defaultAttributes, attributes = undefined) {\n const combinedAttributes = {};\n\n for (const name in fixedAttributes) {\n // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwnProperty#Using_hasOwnProperty_as_a_property_name\n if (Object.prototype.hasOwnProperty.call(fixedAttributes, name)) {\n asserts.assert(name.toLowerCase() == name, 'Must be lower case');\n combinedAttributes[name] = fixedAttributes[name];\n }\n }\n for (const name in defaultAttributes) {\n if (Object.prototype.hasOwnProperty.call(defaultAttributes, name)) {\n asserts.assert(name.toLowerCase() == name, 'Must be lower case');\n combinedAttributes[name] = defaultAttributes[name];\n }\n }\n\n if (attributes) {\n for (const name in attributes) {\n if (Object.prototype.hasOwnProperty.call(attributes, name)) {\n const nameLower = name.toLowerCase();\n if (nameLower in fixedAttributes) {\n throw new Error(\n SafeHtml.ENABLE_ERROR_MESSAGES ?\n `Cannot override \"${nameLower}\" attribute, got \"` + name +\n '\" with value \"' + attributes[name] + '\"' :\n '');\n }\n if (nameLower in defaultAttributes) {\n delete combinedAttributes[nameLower];\n }\n combinedAttributes[name] = attributes[name];\n }\n }\n }\n\n return combinedAttributes;\n }\n}\n\n\n/**\n * @define {boolean} Whether to strip out error messages or to leave them in.\n */\nSafeHtml.ENABLE_ERROR_MESSAGES =\n goog.define('goog.html.SafeHtml.ENABLE_ERROR_MESSAGES', goog.DEBUG);\n\n\n/**\n * Whether the `style` attribute is supported. Set to false to avoid the byte\n * weight of `SafeStyle` where unneeded. An error will be thrown if\n * the `style` attribute is used.\n * @define {boolean}\n */\nSafeHtml.SUPPORT_STYLE_ATTRIBUTE =\n goog.define('goog.html.SafeHtml.SUPPORT_STYLE_ATTRIBUTE', true);\n\n\n/**\n * Shorthand for union of types that can sensibly be converted to strings\n * or might already be SafeHtml (as SafeHtml is a TypedString).\n * @private\n * @typedef {string|number|boolean|!TypedString}\n */\nSafeHtml.TextOrHtml_;\n\n\n/**\n * Coerces an arbitrary object into a SafeHtml object.\n *\n * If `textOrHtml` is already of type `SafeHtml`, the same\n * object is returned. Otherwise, `textOrHtml` is coerced to string, and\n * HTML-escaped.\n *\n * @param {!SafeHtml.TextOrHtml_} textOrHtml The text or SafeHtml to\n * coerce.\n * @return {!SafeHtml} The resulting SafeHtml object.\n * @deprecated Use SafeHtml.htmlEscape.\n */\nSafeHtml.from = SafeHtml.htmlEscape;\n\n\n/**\n * @const\n */\nconst VALID_NAMES_IN_TAG = /^[a-zA-Z0-9-]+$/;\n\n\n/**\n * Set of attributes containing URL as defined at\n * http://www.w3.org/TR/html5/index.html#attributes-1.\n * @const {!Object<string,boolean>}\n */\nconst URL_ATTRIBUTES = googObject.createSet(\n 'action', 'cite', 'data', 'formaction', 'href', 'manifest', 'poster',\n 'src');\n\n\n/**\n * Tags which are unsupported via create(). They might be supported via a\n * tag-specific create method. These are tags which might require a\n * TrustedResourceUrl in one of their attributes or a restricted type for\n * their content.\n * @const {!Object<string,boolean>}\n */\nconst NOT_ALLOWED_TAG_NAMES = googObject.createSet(\n TagName.APPLET, TagName.BASE, TagName.EMBED, TagName.IFRAME, TagName.LINK,\n TagName.MATH, TagName.META, TagName.OBJECT, TagName.SCRIPT, TagName.STYLE,\n TagName.SVG, TagName.TEMPLATE);\n\n\n/**\n * @typedef {string|number|!TypedString|\n * !SafeStyle.PropertyMap|undefined|null}\n */\nSafeHtml.AttributeValue;\n\n\n/**\n * @param {string} tagName The tag name.\n * @param {string} name The attribute name.\n * @param {!SafeHtml.AttributeValue} value The attribute value.\n * @return {string} A \"name=value\" string.\n * @throws {!Error} If attribute value is unsafe for the given tag and\n * attribute.\n * @private\n */\nfunction getAttrNameAndValue(tagName, name, value) {\n // If it's goog.string.Const, allow any valid attribute name.\n if (value instanceof Const) {\n value = Const.unwrap(value);\n } else if (name.toLowerCase() == 'style') {\n if (SafeHtml.SUPPORT_STYLE_ATTRIBUTE) {\n value = getStyleValue(value);\n } else {\n throw new Error(\n SafeHtml.ENABLE_ERROR_MESSAGES ? 'Attribute \"style\" not supported.' :\n '');\n }\n } else if (/^on/i.test(name)) {\n // TODO(jakubvrana): Disallow more attributes with a special meaning.\n throw new Error(\n SafeHtml.ENABLE_ERROR_MESSAGES ? `Attribute \"${name}` +\n '\" requires goog.string.Const value, \"' + value + '\" given.' :\n '');\n // URL attributes handled differently according to tag.\n } else if (name.toLowerCase() in URL_ATTRIBUTES) {\n if (value instanceof TrustedResourceUrl) {\n value = TrustedResourceUrl.unwrap(value);\n } else if (value instanceof SafeUrl) {\n value = SafeUrl.unwrap(value);\n } else if (typeof value === 'string') {\n value = SafeUrl.sanitize(value).getTypedStringValue();\n } else {\n throw new Error(\n SafeHtml.ENABLE_ERROR_MESSAGES ?\n `Attribute \"${name}\" on tag \"${tagName}` +\n '\" requires goog.html.SafeUrl, goog.string.Const, or' +\n ' string, value \"' + value + '\" given.' :\n '');\n }\n }\n\n // Accept SafeUrl, TrustedResourceUrl, etc. for attributes which only require\n // HTML-escaping.\n if (/** @type {?} */ (value).implementsGoogStringTypedString) {\n // Ok to call getTypedStringValue() since there's no reliance on the type\n // contract for security here.\n value =\n /** @type {!TypedString} */ (value).getTypedStringValue();\n }\n\n asserts.assert(\n typeof value === 'string' || typeof value === 'number',\n 'String or number value expected, got ' + (typeof value) +\n ' with value: ' + value);\n return `${name}=\"` + internal.htmlEscape(String(value)) + '\"';\n}\n\n\n/**\n * Gets value allowed in \"style\" attribute.\n * @param {!SafeHtml.AttributeValue} value It could be SafeStyle or a\n * map which will be passed to SafeStyle.create.\n * @return {string} Unwrapped value.\n * @throws {!Error} If string value is given.\n * @private\n */\nfunction getStyleValue(value) {\n if (!goog.isObject(value)) {\n throw new Error(\n SafeHtml.ENABLE_ERROR_MESSAGES ?\n 'The \"style\" attribute requires goog.html.SafeStyle or map ' +\n 'of style properties, ' + (typeof value) + ' given: ' + value :\n '');\n }\n if (!(value instanceof SafeStyle)) {\n // Process the property bag into a style object.\n value = SafeStyle.create(value);\n }\n return SafeStyle.unwrap(value);\n}\n\n\n/**\n * A SafeHtml instance corresponding to the HTML doctype: \"<!DOCTYPE html>\".\n * @const {!SafeHtml}\n */\nSafeHtml.DOCTYPE_HTML = /** @type {!SafeHtml} */ ({\n // NOTE: this compiles to nothing, but hides the possible side effect of\n // SafeHtml creation (due to calling trustedTypes.createPolicy) from the\n // compiler so that the entire call can be removed if the result is not used.\n valueOf: function() {\n return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse(\n '<!DOCTYPE html>');\n },\n}.valueOf());\n\n/**\n * A SafeHtml instance corresponding to the empty string.\n * @const {!SafeHtml}\n */\nSafeHtml.EMPTY = new SafeHtml(\n (goog.global.trustedTypes && goog.global.trustedTypes.emptyHTML) || '',\n CONSTRUCTOR_TOKEN_PRIVATE);\n\n/**\n * A SafeHtml instance corresponding to the <br> tag.\n * @const {!SafeHtml}\n */\nSafeHtml.BR = /** @type {!SafeHtml} */ ({\n // NOTE: this compiles to nothing, but hides the possible side effect of\n // SafeHtml creation (due to calling trustedTypes.createPolicy) from the\n // compiler so that the entire call can be removed if the result is not used.\n valueOf: function() {\n return SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse('<br>');\n },\n}.valueOf());\n\n\nexports = SafeHtml;\n"],
|
|
8
|
+
"names":["goog","module","declareLegacyNamespace","Const","require","SafeScript","SafeStyle","SafeStyleSheet","SafeUrl","TagName","TrustedResourceUrl","TypedString","asserts","browser","googArray","googObject","internal","tags","trustedtypes","CONSTRUCTOR_TOKEN_PRIVATE","SafeHtml","constructor","value","token","privateDoNotAccessOrElseSafeHtmlWrappedValue_","implementsGoogStringTypedString","getTypedStringValue","toString","unwrap","safeHtml","unwrapTrustedHTML","fail","typeOf","htmlEscape","textOrHtml","textIsObject","textAsString","String","createSafeHtmlSecurityPrivateDoNotAccessOrElse","htmlEscapePreservingNewlines","html","newLineToBr","htmlEscapePreservingNewlinesAndSpaces","whitespaceEscape","comment","text","create","tagName","attributes","undefined","content","verifyTagName","createSafeHtmlTagSecurityPrivateDoNotAccessOrElse","VALID_NAMES_IN_TAG","test","Error","ENABLE_ERROR_MESSAGES","toUpperCase","NOT_ALLOWED_TAG_NAMES","createIframe","src","srcdoc","fixedAttributes","defaultAttributes","combinedAttrs","combineAttributes","createSandboxIframe","canUseSandboxIframe","sanitize","global","prototype","createScriptSrc","createScript","script","attr","Object","hasOwnProperty","call","attrLower","toLowerCase","concat","i","length","htmlContent","createStyle","styleSheet","createMetaRefresh","url","secs","unwrappedUrl","isIE","isEdge","contains","replace","join","separator","parts","separatorHtml","addArgument","argument","Array","isArray","forEach","push","var_args","EMPTY","slice","arguments","noinlineHtml","policy","getPolicyPrivateDoNotAccessOrElse","trustedHtml","createHTML","result","stringifyAttributes","isVoidTag","assert","name","getAttrNameAndValue","combinedAttributes","nameLower","define","DEBUG","SUPPORT_STYLE_ATTRIBUTE","TextOrHtml_","from","URL_ATTRIBUTES","createSet","APPLET","BASE","EMBED","IFRAME","LINK","MATH","META","OBJECT","SCRIPT","STYLE","SVG","TEMPLATE","AttributeValue","getStyleValue","isObject","DOCTYPE_HTML","valueOf","trustedTypes","emptyHTML","BR","exports"]
|
|
9
|
+
}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
import "./cljs_env.js";
|
|
2
|
+
goog.loadModule(function(exports) {
|
|
3
|
+
"use strict";
|
|
4
|
+
goog.module("goog.html.SafeScript");
|
|
5
|
+
goog.module.declareLegacyNamespace();
|
|
6
|
+
const Const = goog.require("goog.string.Const");
|
|
7
|
+
const TypedString = goog.require("goog.string.TypedString");
|
|
8
|
+
const trustedtypes = goog.require("goog.html.trustedtypes");
|
|
9
|
+
const {fail} = goog.require("goog.asserts");
|
|
10
|
+
const CONSTRUCTOR_TOKEN_PRIVATE = {};
|
|
11
|
+
class SafeScript {
|
|
12
|
+
constructor(value, token) {
|
|
13
|
+
this.privateDoNotAccessOrElseSafeScriptWrappedValue_ = token === CONSTRUCTOR_TOKEN_PRIVATE ? value : "";
|
|
14
|
+
this.implementsGoogStringTypedString = true;
|
|
15
|
+
}
|
|
16
|
+
toString() {
|
|
17
|
+
return this.privateDoNotAccessOrElseSafeScriptWrappedValue_.toString();
|
|
18
|
+
}
|
|
19
|
+
static fromConstant(script) {
|
|
20
|
+
const scriptString = Const.unwrap(script);
|
|
21
|
+
if (scriptString.length === 0) {
|
|
22
|
+
return SafeScript.EMPTY;
|
|
23
|
+
}
|
|
24
|
+
return SafeScript.createSafeScriptSecurityPrivateDoNotAccessOrElse(scriptString);
|
|
25
|
+
}
|
|
26
|
+
static fromJson(val) {
|
|
27
|
+
return SafeScript.createSafeScriptSecurityPrivateDoNotAccessOrElse(SafeScript.stringify_(val));
|
|
28
|
+
}
|
|
29
|
+
getTypedStringValue() {
|
|
30
|
+
return this.privateDoNotAccessOrElseSafeScriptWrappedValue_.toString();
|
|
31
|
+
}
|
|
32
|
+
static unwrap(safeScript) {
|
|
33
|
+
return SafeScript.unwrapTrustedScript(safeScript).toString();
|
|
34
|
+
}
|
|
35
|
+
static unwrapTrustedScript(safeScript) {
|
|
36
|
+
if (safeScript instanceof SafeScript && safeScript.constructor === SafeScript) {
|
|
37
|
+
return safeScript.privateDoNotAccessOrElseSafeScriptWrappedValue_;
|
|
38
|
+
} else {
|
|
39
|
+
fail("expected object of type SafeScript, got '" + safeScript + "' of type " + goog.typeOf(safeScript));
|
|
40
|
+
return "type_error:SafeScript";
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
static stringify_(val) {
|
|
44
|
+
const json = JSON.stringify(val);
|
|
45
|
+
return json.replace(/</g, "\\x3c");
|
|
46
|
+
}
|
|
47
|
+
static createSafeScriptSecurityPrivateDoNotAccessOrElse(script) {
|
|
48
|
+
const noinlineScript = script;
|
|
49
|
+
const policy = trustedtypes.getPolicyPrivateDoNotAccessOrElse();
|
|
50
|
+
const trustedScript = policy ? policy.createScript(noinlineScript) : noinlineScript;
|
|
51
|
+
return new SafeScript(trustedScript, CONSTRUCTOR_TOKEN_PRIVATE);
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
SafeScript.EMPTY = {valueOf:function() {
|
|
55
|
+
return SafeScript.createSafeScriptSecurityPrivateDoNotAccessOrElse("");
|
|
56
|
+
},}.valueOf();
|
|
57
|
+
exports = SafeScript;
|
|
58
|
+
return exports;
|
|
59
|
+
});
|
|
60
|
+
|
|
61
|
+
//# sourceMappingURL=goog.html.safescript.js.map
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version":3,
|
|
3
|
+
"file":"goog.html.safescript.js",
|
|
4
|
+
"lineCount":59,
|
|
5
|
+
"mappings":"AAAA,IAAA,CAAA,UAAA,CAAA,QAAA,CAAA,OAAA,CAAA;AAAA,cAAA;AAYAA,MAAKC,CAAAA,MAAL,CAAY,sBAAZ,CAAA;AACAD,MAAKC,CAAAA,MAAOC,CAAAA,sBAAZ,EAAA;AAEA,QAAMC,QAAQH,IAAKI,CAAAA,OAAL,CAAa,mBAAb,CAAd;AACA,QAAMC,cAAcL,IAAKI,CAAAA,OAAL,CAAa,yBAAb,CAApB;AACA,QAAME,eAAeN,IAAKI,CAAAA,OAAL,CAAa,wBAAb,CAArB;AACA,QAAM,CAACG,IAAD,CAAA,GAASP,IAAKI,CAAAA,OAAL,CAAa,cAAb,CAAf;AAOA,QAAMI,4BAA4B,EAAlC;AA0CA,OAAMC,WAAN;AAKEC,eAAW,CAACC,KAAD,EAAQC,KAAR,CAAe;AAOxB,UAAKC,CAAAA,+CAAL,GACKD,KAAD,KAAWJ,yBAAX,GAAwCG,KAAxC,GAAgD,EADpD;AAOA,UAAKG,CAAAA,+BAAL,GAAuC,IAAvC;AAdwB;AA2B1BC,YAAQ,EAAG;AACT,aAAO,IAAKF,CAAAA,+CAAgDE,CAAAA,QAArD,EAAP;AADS;AAWJC,uBAAY,CAACC,MAAD,CAAS;AAC1B,YAAMC,eAAef,KAAMgB,CAAAA,MAAN,CAAaF,MAAb,CAArB;AACA,UAAIC,YAAaE,CAAAA,MAAjB,KAA4B,CAA5B;AACE,eAAOX,UAAWY,CAAAA,KAAlB;AADF;AAGA,aAAOZ,UAAWa,CAAAA,gDAAX,CACHJ,YADG,CAAP;AAL0B;AAerBK,mBAAQ,CAACC,GAAD,CAAM;AACnB,aAAOf,UAAWa,CAAAA,gDAAX,CACHb,UAAWgB,CAAAA,UAAX,CAAsBD,GAAtB,CADG,CAAP;AADmB;AA0BrBE,uBAAmB,EAAG;AACpB,aAAO,IAAKb,CAAAA,+CAAgDE,CAAAA,QAArD,EAAP;AADoB;AAcfI,iBAAM,CAACQ,UAAD,CAAa;AACxB,aAAOlB,UAAWmB,CAAAA,mBAAX,CAA+BD,UAA/B,CAA2CZ,CAAAA,QAA3C,EAAP;AADwB;AAUnBa,8BAAmB,CAACD,UAAD,CAAa;AAQrC,UAAIA,UAAJ,YAA0BlB,UAA1B,IACIkB,UAAWjB,CAAAA,WADf,KAC+BD,UAD/B;AAEE,eAAOkB,UAAWd,CAAAA,+CAAlB;AAFF,YAGO;AACLN,YAAA,CACI,2CADJ,GACmDoB,UADnD,GAEI,YAFJ,GAEoB3B,IAAK6B,CAAAA,MAAL,CAAYF,UAAZ,CAFpB,CAAA;AAGA,eAAO,uBAAP;AAJK;AAX8B;AA4BhCF,qBAAU,CAACD,GAAD,CAAM;AACrB,YAAMM,OAAOC,IAAKC,CAAAA,SAAL,CAAeR,GAAf,CAAb;AACA,aAAOM,IAAKG,CAAAA,OAAL,CAAa,IAAb,EAAmB,OAAnB,CAAP;AAFqB;AAYhBX,2DAAgD,CAACL,MAAD,CAAS;AAE9D,YAAMiB,iBAAiBjB,MAAvB;AACA,YAAMkB,SAAS7B,YAAa8B,CAAAA,iCAAb,EAAf;AACA,YAAMC,gBACFF,MAAA,GAASA,MAAOG,CAAAA,YAAP,CAAoBJ,cAApB,CAAT,GAA+CA,cADnD;AAEA,aAAO,IAAIzB,UAAJ,CAAe4B,aAAf,EAA8B7B,yBAA9B,CAAP;AAN8D;AApJlE;AAkKAC,YAAWY,CAAAA,KAAX,GAA+C,CAI7CkB,QAASA,QAAQ,EAAG;AAClB,WAAO9B,UAAWa,CAAAA,gDAAX,CAA4D,EAA5D,CAAP;AADkB,GAJyB,EAO7CiB,CAAAA,OAP6C,EAA/C;AAUAC,SAAA,GAAU/B,UAAV;AA/OA,SAAA,OAAA;AAAA,CAAA,CAAA;;",
|
|
6
|
+
"sources":["goog/html/safescript.js"],
|
|
7
|
+
"sourcesContent":["/**\n * @license\n * Copyright The Closure Library Authors.\n * SPDX-License-Identifier: Apache-2.0\n */\n\n/**\n * @fileoverview The SafeScript type and its builders.\n *\n * TODO(xtof): Link to document stating type contract.\n */\n\ngoog.module('goog.html.SafeScript');\ngoog.module.declareLegacyNamespace();\n\nconst Const = goog.require('goog.string.Const');\nconst TypedString = goog.require('goog.string.TypedString');\nconst trustedtypes = goog.require('goog.html.trustedtypes');\nconst {fail} = goog.require('goog.asserts');\n\n/**\n * Token used to ensure that object is created only from this file. No code\n * outside of this file can access this token.\n * @const {!Object}\n */\nconst CONSTRUCTOR_TOKEN_PRIVATE = {};\n\n/**\n * A string-like object which represents JavaScript code and that carries the\n * security type contract that its value, as a string, will not cause execution\n * of unconstrained attacker controlled code (XSS) when evaluated as JavaScript\n * in a browser.\n *\n * Instances of this type must be created via the factory method\n * `SafeScript.fromConstant` and not by invoking its constructor. The\n * constructor intentionally takes an extra parameter that cannot be constructed\n * outside of this file and the type is immutable; hence only a default instance\n * corresponding to the empty string can be obtained via constructor invocation.\n *\n * A SafeScript's string representation can safely be interpolated as the\n * content of a script element within HTML. The SafeScript string should not be\n * escaped before interpolation.\n *\n * Note that the SafeScript might contain text that is attacker-controlled but\n * that text should have been interpolated with appropriate escaping,\n * sanitization and/or validation into the right location in the script, such\n * that it is highly constrained in its effect (for example, it had to match a\n * set of whitelisted words).\n *\n * A SafeScript can be constructed via security-reviewed unchecked\n * conversions. In this case producers of SafeScript must ensure themselves that\n * the SafeScript does not contain unsafe script. Note in particular that\n * `<` is dangerous, even when inside JavaScript strings, and so should\n * always be forbidden or JavaScript escaped in user controlled input. For\n * example, if `</script><script>evil</script>\"` were\n * interpolated inside a JavaScript string, it would break out of the context\n * of the original script element and `evil` would execute. Also note\n * that within an HTML script (raw text) element, HTML character references,\n * such as \"<\" are not allowed. See\n * http://www.w3.org/TR/html5/scripting-1.html#restrictions-for-contents-of-script-elements.\n * Creating SafeScript objects HAS SIDE-EFFECTS due to calling Trusted Types Web\n * API.\n *\n * @see SafeScript#fromConstant\n * @final\n * @implements {TypedString}\n */\nclass SafeScript {\n /**\n * @param {!TrustedScript|string} value\n * @param {!Object} token package-internal implementation detail.\n */\n constructor(value, token) {\n /**\n * The contained value of this SafeScript. The field has a purposely ugly\n * name to make (non-compiled) code that attempts to directly access this\n * field stand out.\n * @private {!TrustedScript|string}\n */\n this.privateDoNotAccessOrElseSafeScriptWrappedValue_ =\n (token === CONSTRUCTOR_TOKEN_PRIVATE) ? value : '';\n\n /**\n * @override\n * @const\n */\n this.implementsGoogStringTypedString = true;\n }\n\n /**\n * Returns a string-representation of this value.\n *\n * To obtain the actual string value wrapped in a SafeScript, use\n * `SafeScript.unwrap`.\n *\n * @return {string}\n * @see SafeScript#unwrap\n * @override\n */\n toString() {\n return this.privateDoNotAccessOrElseSafeScriptWrappedValue_.toString();\n }\n\n /**\n * Creates a SafeScript object from a compile-time constant string.\n *\n * @param {!Const} script A compile-time-constant string from which to create\n * a SafeScript.\n * @return {!SafeScript} A SafeScript object initialized to `script`.\n */\n static fromConstant(script) {\n const scriptString = Const.unwrap(script);\n if (scriptString.length === 0) {\n return SafeScript.EMPTY;\n }\n return SafeScript.createSafeScriptSecurityPrivateDoNotAccessOrElse(\n scriptString);\n }\n\n /**\n * Creates a SafeScript JSON representation from anything that could be passed\n * to JSON.stringify.\n * @param {*} val\n * @return {!SafeScript}\n */\n static fromJson(val) {\n return SafeScript.createSafeScriptSecurityPrivateDoNotAccessOrElse(\n SafeScript.stringify_(val));\n }\n\n /**\n * Returns this SafeScript's value as a string.\n *\n * IMPORTANT: In code where it is security relevant that an object's type is\n * indeed `SafeScript`, use `SafeScript.unwrap` instead of\n * this method. If in doubt, assume that it's security relevant. In\n * particular, note that goog.html functions which return a goog.html type do\n * not guarantee the returned instance is of the right type. For example:\n *\n * <pre>\n * var fakeSafeHtml = new String('fake');\n * fakeSafeHtml.__proto__ = goog.html.SafeHtml.prototype;\n * var newSafeHtml = goog.html.SafeHtml.htmlEscape(fakeSafeHtml);\n * // newSafeHtml is just an alias for fakeSafeHtml, it's passed through by\n * // goog.html.SafeHtml.htmlEscape() as fakeSafeHtml\n * // instanceof goog.html.SafeHtml.\n * </pre>\n *\n * @see SafeScript#unwrap\n * @override\n */\n getTypedStringValue() {\n return this.privateDoNotAccessOrElseSafeScriptWrappedValue_.toString();\n }\n\n /**\n * Performs a runtime check that the provided object is indeed a\n * SafeScript object, and returns its value.\n *\n * @param {!SafeScript} safeScript The object to extract from.\n * @return {string} The safeScript object's contained string, unless\n * the run-time type check fails. In that case, `unwrap` returns an\n * innocuous string, or, if assertions are enabled, throws\n * `asserts.AssertionError`.\n */\n static unwrap(safeScript) {\n return SafeScript.unwrapTrustedScript(safeScript).toString();\n }\n\n /**\n * Unwraps value as TrustedScript if supported or as a string if not.\n * @param {!SafeScript} safeScript\n * @return {!TrustedScript|string}\n * @see SafeScript.unwrap\n */\n static unwrapTrustedScript(safeScript) {\n // Perform additional Run-time type-checking to ensure that\n // safeScript is indeed an instance of the expected type. This\n // provides some additional protection against security bugs due to\n // application code that disables type checks.\n // Specifically, the following checks are performed:\n // 1. The object is an instance of the expected type.\n // 2. The object is not an instance of a subclass.\n if (safeScript instanceof SafeScript &&\n safeScript.constructor === SafeScript) {\n return safeScript.privateDoNotAccessOrElseSafeScriptWrappedValue_;\n } else {\n fail(\n 'expected object of type SafeScript, got \\'' + safeScript +\n '\\' of type ' + goog.typeOf(safeScript));\n return 'type_error:SafeScript';\n }\n }\n\n /**\n * Converts the given value to an embeddable JSON string and returns it. The\n * resulting string can be embedded in HTML because the '<' character is\n * encoded.\n *\n * @param {*} val\n * @return {string}\n * @private\n */\n static stringify_(val) {\n const json = JSON.stringify(val);\n return json.replace(/</g, '\\\\x3c');\n }\n\n /**\n * Package-internal utility method to create SafeScript instances.\n *\n * @param {string} script The string to initialize the SafeScript object with.\n * @return {!SafeScript} The initialized SafeScript object.\n * @package\n */\n static createSafeScriptSecurityPrivateDoNotAccessOrElse(script) {\n /** @noinline */\n const noinlineScript = script;\n const policy = trustedtypes.getPolicyPrivateDoNotAccessOrElse();\n const trustedScript =\n policy ? policy.createScript(noinlineScript) : noinlineScript;\n return new SafeScript(trustedScript, CONSTRUCTOR_TOKEN_PRIVATE);\n }\n}\n\n/**\n * A SafeScript instance corresponding to the empty string.\n * @const {!SafeScript}\n */\nSafeScript.EMPTY = /** @type {!SafeScript} */ ({\n // NOTE: this compiles to nothing, but hides the possible side effect of\n // SafeScript creation (due to calling trustedTypes.createPolicy) from the\n // compiler so that the entire call can be removed if the result is not used.\n valueOf: function() {\n return SafeScript.createSafeScriptSecurityPrivateDoNotAccessOrElse('');\n },\n}.valueOf());\n\n\nexports = SafeScript;\n"],
|
|
8
|
+
"names":["goog","module","declareLegacyNamespace","Const","require","TypedString","trustedtypes","fail","CONSTRUCTOR_TOKEN_PRIVATE","SafeScript","constructor","value","token","privateDoNotAccessOrElseSafeScriptWrappedValue_","implementsGoogStringTypedString","toString","fromConstant","script","scriptString","unwrap","length","EMPTY","createSafeScriptSecurityPrivateDoNotAccessOrElse","fromJson","val","stringify_","getTypedStringValue","safeScript","unwrapTrustedScript","typeOf","json","JSON","stringify","replace","noinlineScript","policy","getPolicyPrivateDoNotAccessOrElse","trustedScript","createScript","valueOf","exports"]
|
|
9
|
+
}
|