monaco-editor-core 0.53.0-dev-20250902 → 0.53.0-dev-20250903

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/esm/nls.messages.de.js +1 -1
  2. package/esm/nls.messages.es.js +1 -1
  3. package/esm/nls.messages.fr.js +1 -1
  4. package/esm/nls.messages.it.js +1 -1
  5. package/esm/nls.messages.ja.js +1 -1
  6. package/esm/nls.messages.ko.js +1 -1
  7. package/esm/nls.messages.ru.js +1 -1
  8. package/esm/nls.messages.zh-cn.js +1 -1
  9. package/esm/nls.messages.zh-tw.js +1 -1
  10. package/esm/vs/base/browser/domSanitize.js +10 -0
  11. package/esm/vs/base/browser/domSanitize.js.map +1 -1
  12. package/package.json +2 -2
package/esm/nls.messages.de.js CHANGED
@@ -1,6 +1,6 @@
1
1
  /*!-----------------------------------------------------------
2
2
  * Copyright (c) Microsoft Corporation. All rights reserved.
3
- * Version: 0.53.0-dev-20250902(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
3
+ * Version: 0.53.0-dev-20250903(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
4
4
  * Released under the MIT license
5
5
  * https://github.com/microsoft/vscode/blob/main/LICENSE.txt
6
6
  *-----------------------------------------------------------*/
package/esm/nls.messages.es.js CHANGED
@@ -1,6 +1,6 @@
1
1
  /*!-----------------------------------------------------------
2
2
  * Copyright (c) Microsoft Corporation. All rights reserved.
3
- * Version: 0.53.0-dev-20250902(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
3
+ * Version: 0.53.0-dev-20250903(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
4
4
  * Released under the MIT license
5
5
  * https://github.com/microsoft/vscode/blob/main/LICENSE.txt
6
6
  *-----------------------------------------------------------*/
package/esm/nls.messages.fr.js CHANGED
@@ -1,6 +1,6 @@
1
1
  /*!-----------------------------------------------------------
2
2
  * Copyright (c) Microsoft Corporation. All rights reserved.
3
- * Version: 0.53.0-dev-20250902(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
3
+ * Version: 0.53.0-dev-20250903(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
4
4
  * Released under the MIT license
5
5
  * https://github.com/microsoft/vscode/blob/main/LICENSE.txt
6
6
  *-----------------------------------------------------------*/
package/esm/nls.messages.it.js CHANGED
@@ -1,6 +1,6 @@
1
1
  /*!-----------------------------------------------------------
2
2
  * Copyright (c) Microsoft Corporation. All rights reserved.
3
- * Version: 0.53.0-dev-20250902(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
3
+ * Version: 0.53.0-dev-20250903(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
4
4
  * Released under the MIT license
5
5
  * https://github.com/microsoft/vscode/blob/main/LICENSE.txt
6
6
  *-----------------------------------------------------------*/
package/esm/nls.messages.ja.js CHANGED
@@ -1,6 +1,6 @@
1
1
  /*!-----------------------------------------------------------
2
2
  * Copyright (c) Microsoft Corporation. All rights reserved.
3
- * Version: 0.53.0-dev-20250902(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
3
+ * Version: 0.53.0-dev-20250903(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
4
4
  * Released under the MIT license
5
5
  * https://github.com/microsoft/vscode/blob/main/LICENSE.txt
6
6
  *-----------------------------------------------------------*/
package/esm/nls.messages.ko.js CHANGED
@@ -1,6 +1,6 @@
1
1
  /*!-----------------------------------------------------------
2
2
  * Copyright (c) Microsoft Corporation. All rights reserved.
3
- * Version: 0.53.0-dev-20250902(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
3
+ * Version: 0.53.0-dev-20250903(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
4
4
  * Released under the MIT license
5
5
  * https://github.com/microsoft/vscode/blob/main/LICENSE.txt
6
6
  *-----------------------------------------------------------*/
package/esm/nls.messages.ru.js CHANGED
@@ -1,6 +1,6 @@
1
1
  /*!-----------------------------------------------------------
2
2
  * Copyright (c) Microsoft Corporation. All rights reserved.
3
- * Version: 0.53.0-dev-20250902(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
3
+ * Version: 0.53.0-dev-20250903(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
4
4
  * Released under the MIT license
5
5
  * https://github.com/microsoft/vscode/blob/main/LICENSE.txt
6
6
  *-----------------------------------------------------------*/
package/esm/nls.messages.zh-cn.js CHANGED
@@ -1,6 +1,6 @@
1
1
  /*!-----------------------------------------------------------
2
2
  * Copyright (c) Microsoft Corporation. All rights reserved.
3
- * Version: 0.53.0-dev-20250902(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
3
+ * Version: 0.53.0-dev-20250903(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
4
4
  * Released under the MIT license
5
5
  * https://github.com/microsoft/vscode/blob/main/LICENSE.txt
6
6
  *-----------------------------------------------------------*/
package/esm/nls.messages.zh-tw.js CHANGED
@@ -1,6 +1,6 @@
1
1
  /*!-----------------------------------------------------------
2
2
  * Copyright (c) Microsoft Corporation. All rights reserved.
3
- * Version: 0.53.0-dev-20250902(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
3
+ * Version: 0.53.0-dev-20250903(a4d7907bd439b06b24e334bdf2ab597bcae658b5)
4
4
  * Released under the MIT license
5
5
  * https://github.com/microsoft/vscode/blob/main/LICENSE.txt
6
6
  *-----------------------------------------------------------*/
package/esm/vs/base/browser/domSanitize.js CHANGED
@@ -173,6 +173,16 @@ export function sanitizeHtml(untrusted, config) {
173
173
  resolvedAttributes = [...resolvedAttributes, ...config.allowedAttributes.augment];
174
174
  }
175
175
  }
176
+ // All attr names are lower-case in the sanitizer hooks
177
+ resolvedAttributes = resolvedAttributes.map((attr) => {
178
+ if (typeof attr === 'string') {
179
+ return attr.toLowerCase();
180
+ }
181
+ return {
182
+ attributeName: attr.attributeName.toLowerCase(),
183
+ shouldKeep: attr.shouldKeep,
184
+ };
185
+ });
176
186
  const allowedAttrNames = new Set(resolvedAttributes.map(attr => typeof attr === 'string' ? attr : attr.attributeName));
177
187
  const allowedAttrPredicates = new Map();
178
188
  for (const attr of resolvedAttributes) {
package/esm/vs/base/browser/domSanitize.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["file:///mnt/vss/_work/1/s/dependencies/vscode/out-editor-src/vs/base/browser/domSanitize.ts","vs/base/browser/domSanitize.ts"],"names":[],"mappings":"AAAA;;;gGAGgG;AAEhG,OAAO,EAAE,eAAe,EAAe,YAAY,EAAE,MAAM,wBAAwB,CAAC;AACpF,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC/C,OAAO,SAAS,MAAM,0BAA0B,CAAC;AAGjD;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;IAChD,GAAG;IACH,MAAM;IACN,GAAG;IACH,KAAK;IACL,YAAY;IACZ,IAAI;IACJ,SAAS;IACT,MAAM;IACN,MAAM;IACN,KAAK;IACL,UAAU;IACV,IAAI;IACJ,KAAK;IACL,SAAS;IACT,KAAK;IACL,KAAK;IACL,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,YAAY;IACZ,QAAQ;IACR,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,GAAG;IACH,KAAK;IACL,KAAK;IACL,KAAK;IACL,OAAO;IACP,IAAI;IACJ,MAAM;IACN,IAAI;IACJ,GAAG;IACH,KAAK;IACL,GAAG;IACH,IAAI;IACJ,IAAI;IACJ,MAAM;IACN,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,KAAK;IACL,SAAS;IACT,KAAK;IACL,OAAO;IACP,OAAO;IACP,IAAI;IACJ,OAAO;IACP,IAAI;IACJ,OAAO;IACP,MAAM;IACN,IAAI;IACJ,IAAI;IACJ,GAAG;IACH,IAAI;IACJ,KAAK;IACL,OAAO;IACP,KAAK;CACL,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;IAChD,MAAM;IACN,QAAQ;IACR,KAAK;IACL,KAAK;IACL,OAAO;IACP,KAAK;IACL,MAAM;IACN,MAAM;IACN,UAAU;IACV,YAAY;IACZ,UAAU;IACV,SAAS;IACT,aAAa;IACb,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,OAAO;CACP,CAAC,CAAC;AAQH,SAAS,gBAAgB,CAAC,IAAqD,EAAE,EAAO;IACvF,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC5B,OAAO,YAAY,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;AACvD,CAAC;AAED;;;GAGG;AACH,SAAS,gCAAgC,CAAC,oBAA6C,EAAE,qBAAwC;IAChI,kFAAkF;IAClF,iCAAiC;IACjC,MAAM,MAAM,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IAE3C,SAAS,YAAY,CAAC,KAAa,EAAE,gBAAyC;QAC7E,IAAI,gBAAgB,KAAK,GAAG,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,CAAC,sBAAsB;QACpC,CAAC;QAED,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC;QACpB,OAAO,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,SAAS,CAAC,OAAO,CAAC,yBAAyB,EAAE,CAAC,IAAI,EAAE,EAAE;QACrD,6CAA6C;QAC7C,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAW,CAAC;gBACpD,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;oBAErB,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,oBAAoB,CAAC,EAAE,CAAC;wBAClF,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;oBAC5B,CAAC;gBAEF,CAAC;qBAAM,CAAC,CAAA,QAAQ;oBACf,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,qBAAqB,CAAC,EAAE,CAAC;wBACrD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;oBAC5B,CAAC;gBACF,CAAC;YACF,CAAC;QACF,CAAC;IACF,CAAC,CAAC,CAAC;IAEH,OAAO,YAAY,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,yBAAyB,CAAC,CAAC,CAAC;AAC5E,CAAC;AAqDD,MAAM,sBAAsB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC5C,YAAY,EAAE,CAAC,GAAG,mBAAmB,CAAC;IACtC,YAAY,EAAE,CAAC,GAAG,mBAAmB,CAAC;IACtC,UAAU,EAAE,KAAK;IACjB,mBAAmB,EAAE,KAAK;IAC1B,mBAAmB,EAAE,IAAI;IACzB,sDAAsD;IACtD,uBAAuB,EAAE,IAAI;CACF,CAAC,CAAC;AAE9B;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,SAAiB,EAAE,MAA2B;IAC1E,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;IACpC,IAAI,CAAC;QACJ,MAAM,cAAc,GAAqB,EAAE,GAAG,sBAAsB,EAAE,CAAC;QAEvE,IAAI,MAAM,EAAE,WAAW,EAAE,CAAC;YACzB,IAAI,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;gBACjC,cAAc,CAAC,YAAY,GAAG,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;YAChE,CAAC;YAED,IAAI,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBAChC,cAAc,CAAC,YAAY,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACvG,CAAC;QACF,CAAC;QAED,IAAI,kBAAkB,GAA0C,CAAC,GAAG,mBAAmB,CAAC,CAAC;QACzF,IAAI,MAAM,EAAE,iBAAiB,EAAE,CAAC;YAC/B,IAAI,MAAM,CAAC,iBAAiB,CAAC,QAAQ,EAAE,CAAC;gBACvC,kBAAkB,GAAG,CAAC,GAAG,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YAC7D,CAAC;YAED,IAAI,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,CAAC;gBACtC,kBAAkB,GAAG,CAAC,GAAG,kBAAkB,EAAE,GAAG,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;YACnF,CAAC;QACF,CAAC;QAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QACvH,MAAM,qBAAqB,GAAG,IAAI,GAAG,EAAiC,CAAC;QACvE,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;YACvC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC9B,8DAA8D;gBAC9D,qBAAqB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACP,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;YACrD,CAAC;QACF,CAAC;QAED,cAAc,CAAC,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAE3D,KAAK,CAAC,GAAG,CAAC,gCAAgC,CACzC,MAAM,EAAE,oBAAoB,EAAE,QAAQ,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,EACvE,MAAM,EAAE,qBAAqB,EAAE,QAAQ,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAE5E,IAAI,MAAM,EAAE,oBAAoB,EAAE,CAAC;YAClC,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,qBAAqB,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,qBAAqB,CAAC,IAAI,EAAE,CAAC;YAChC,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,uBAAuB,EAAE,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;gBAC/D,MAAM,SAAS,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBACxD,IAAI,SAAS,EAAE,CAAC;oBACf,MAAM,MAAM,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;oBAC7C,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;wBAChC,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC;wBAClB,CAAC,CAAC,SAAS,GAAG,MAAM,CAAC;oBACtB,CAAC;yBAAM,CAAC;wBACP,CAAC,CAAC,QAAQ,GAAG,MAAM,CAAC;oBACrB,CAAC;gBACF,CAAC;qBAAM,CAAC;oBACP,CAAC,CAAC,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBAC/C,CAAC;YACF,CAAC,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE;YACpC,GAAG,cAAc;YACjB,mBAAmB,EAAE,IAAI;SACzB,CAAC,CAAC;IACJ,CAAC;YAAS,CAAC;QACV,KAAK,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;AACF,CAAC;AAED,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AAE7J,SAAS,wBAAwB,CAAC,OAAgB,EAAE,IAAwC,EAAE,OAAyB;IACtH,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QAChE,MAAM,WAAW,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACnD,IAAI,OAAO,CAAC,QAAQ,KAAK,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5C,iEAAiE;YACjE,mGAAmG;YACnG,oEAAoE;YACpE,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC3D,CAAC;aAAM,CAAC;YACP,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC3D,CAAC;IACF,CAAC;AACF,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,OAAgB;IACrD,IAAI,YAAoB,CAAC;IACzB,IAAI,UAA8B,CAAC;IACnC,IAAI,OAAO,CAAC,QAAQ,KAAK,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,YAAY,GAAG,OAAO,OAAO,CAAC,WAAW,KAAK,CAAC;IAChD,CAAC;SAAM,CAAC;QACP,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAC9C,MAAM,aAAa,GAAG,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC7C,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;iBAClC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,KAAK,GAAG,CAAC;iBAC3C,IAAI,CAAC,GAAG,CAAC;YACX,CAAC,CAAC,EAAE,CAAC;QACN,YAAY,GAAG,IAAI,OAAO,GAAG,UAAU,GAAG,CAAC;QAC3C,IAAI,CAAC,aAAa,EAAE,CAAC;YACpB,UAAU,GAAG,KAAK,OAAO,GAAG,CAAC;QAC9B,CAAC;IACF,CAAC;IAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,sBAAsB,EAAE,CAAC;IACnD,MAAM,QAAQ,GAAG,OAAO,CAAC,aAAa,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACpE,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC/B,OAAO,OAAO,CAAC,UAAU,EAAE,CAAC;QAC3B,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,cAAc,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACjG,IAAI,cAAc,EAAE,CAAC;QACpB,QAAQ,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAiB,EAAE,SAAiB,EAAE,MAA2B;IACjG,IAAI,CAAC,SAAS,GAAG,YAAY,CAAC,SAAS,EAAE,MAAM,CAAQ,CAAC;AACzD,CAAC","file":"domSanitize.js","sourceRoot":"file:///mnt/vss/_work/1/s/dependencies/vscode/out-editor-src","sourcesContent":["/*---------------------------------------------------------------------------------------------\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License. See License.txt in the project root for license information.\n *--------------------------------------------------------------------------------------------*/\n\nimport { DisposableStore, IDisposable, toDisposable } from '../common/lifecycle.js';\nimport { Schemas } from '../common/network.js';\nimport dompurify from './dompurify/dompurify.js';\n\n\n/**\n * List of safe, non-input html tags.\n */\nexport const basicMarkupHtmlTags = Object.freeze([\n\t'a',\n\t'abbr',\n\t'b',\n\t'bdo',\n\t'blockquote',\n\t'br',\n\t'caption',\n\t'cite',\n\t'code',\n\t'col',\n\t'colgroup',\n\t'dd',\n\t'del',\n\t'details',\n\t'dfn',\n\t'div',\n\t'dl',\n\t'dt',\n\t'em',\n\t'figcaption',\n\t'figure',\n\t'h1',\n\t'h2',\n\t'h3',\n\t'h4',\n\t'h5',\n\t'h6',\n\t'hr',\n\t'i',\n\t'img',\n\t'ins',\n\t'kbd',\n\t'label',\n\t'li',\n\t'mark',\n\t'ol',\n\t'p',\n\t'pre',\n\t'q',\n\t'rp',\n\t'rt',\n\t'ruby',\n\t'samp',\n\t'small',\n\t'small',\n\t'source',\n\t'span',\n\t'strike',\n\t'strong',\n\t'sub',\n\t'summary',\n\t'sup',\n\t'table',\n\t'tbody',\n\t'td',\n\t'tfoot',\n\t'th',\n\t'thead',\n\t'time',\n\t'tr',\n\t'tt',\n\t'u',\n\t'ul',\n\t'var',\n\t'video',\n\t'wbr',\n]);\n\nexport const defaultAllowedAttrs = Object.freeze([\n\t'href',\n\t'target',\n\t'src',\n\t'alt',\n\t'title',\n\t'for',\n\t'name',\n\t'role',\n\t'tabindex',\n\t'x-dispatch',\n\t'required',\n\t'checked',\n\t'placeholder',\n\t'type',\n\t'start',\n\t'width',\n\t'height',\n\t'align',\n]);\n\n\ntype UponSanitizeElementCb = (currentNode: Element, data: dompurify.SanitizeElementHookEvent, config: dompurify.Config) => void;\ntype UponSanitizeAttributeCb = (currentNode: Element, data: dompurify.SanitizeAttributeHookEvent, config: dompurify.Config) => void;\n\nfunction addDompurifyHook(hook: 'uponSanitizeElement', cb: UponSanitizeElementCb): IDisposable;\nfunction addDompurifyHook(hook: 'uponSanitizeAttribute', cb: UponSanitizeAttributeCb): IDisposable;\nfunction addDompurifyHook(hook: 'uponSanitizeElement' | 'uponSanitizeAttribute', cb: any): IDisposable {\n\tdompurify.addHook(hook, cb);\n\treturn toDisposable(() => dompurify.removeHook(hook));\n}\n\n/**\n * Hooks dompurify using `afterSanitizeAttributes` to check that all `href` and `src`\n * attributes are valid.\n */\nfunction hookDomPurifyHrefAndSrcSanitizer(allowedLinkProtocols: readonly string[] | '*', allowedMediaProtocols: readonly string[]): IDisposable {\n\t// https://github.com/cure53/DOMPurify/blob/main/demos/hooks-scheme-allowlist.html\n\t// build an anchor to map URLs to\n\tconst anchor = document.createElement('a');\n\n\tfunction validateLink(value: string, allowedProtocols: readonly string[] | '*'): boolean {\n\t\tif (allowedProtocols === '*') {\n\t\t\treturn true; // allow all protocols\n\t\t}\n\n\t\tanchor.href = value;\n\t\treturn allowedProtocols.includes(anchor.protocol.replace(/:$/, ''));\n\t}\n\n\tdompurify.addHook('afterSanitizeAttributes', (node) => {\n\t\t// check all href/src attributes for validity\n\t\tfor (const attr of ['href', 'src']) {\n\t\t\tif (node.hasAttribute(attr)) {\n\t\t\t\tconst attrValue = node.getAttribute(attr) as string;\n\t\t\t\tif (attr === 'href') {\n\n\t\t\t\t\tif (!attrValue.startsWith('#') && !validateLink(attrValue, allowedLinkProtocols)) {\n\t\t\t\t\t\tnode.removeAttribute(attr);\n\t\t\t\t\t}\n\n\t\t\t\t} else {// 'src'\n\t\t\t\t\tif (!validateLink(attrValue, allowedMediaProtocols)) {\n\t\t\t\t\t\tnode.removeAttribute(attr);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t});\n\n\treturn toDisposable(() => dompurify.removeHook('afterSanitizeAttributes'));\n}\n\n/**\n * Predicate that checks if an attribute should be kept or removed.\n *\n * @returns A boolean indicating whether the attribute should be kept or a string with the sanitized value (which implicitly keeps the attribute)\n */\nexport type SanitizeAttributePredicate = (node: Element, data: { readonly attrName: string; readonly attrValue: string }) => boolean | string;\n\nexport interface SanitizeAttributeRule {\n\treadonly attributeName: string;\n\tshouldKeep: SanitizeAttributePredicate;\n}\n\nexport interface DomSanitizerConfig {\n\t/**\n\t * Configured the allowed html tags.\n\t */\n\treadonly allowedTags?: {\n\t\treadonly override?: readonly string[];\n\t\treadonly augment?: readonly string[];\n\t};\n\n\t/**\n\t * Configured the allowed html attributes.\n\t */\n\treadonly allowedAttributes?: {\n\t\treadonly override?: ReadonlyArray<string | SanitizeAttributeRule>;\n\t\treadonly augment?: ReadonlyArray<string | SanitizeAttributeRule>;\n\t};\n\n\t/**\n\t * List of allowed protocols for `href` attributes.\n\t */\n\treadonly allowedLinkProtocols?: {\n\t\treadonly override?: readonly string[] | '*';\n\t};\n\n\t/**\n\t * List of allowed protocols for `src` attributes.\n\t */\n\treadonly allowedMediaProtocols?: {\n\t\treadonly override?: readonly string[];\n\t};\n\n\t/**\n\t * If set, replaces unsupported tags with their plaintext representation instead of removing them.\n\t *\n\t * For example, <p><bad>\"text\"</bad></p> becomes <p>\"<bad>text</bad>\"</p>.\n\t */\n\treadonly replaceWithPlaintext?: boolean;\n}\n\nconst defaultDomPurifyConfig = Object.freeze({\n\tALLOWED_TAGS: [...basicMarkupHtmlTags],\n\tALLOWED_ATTR: [...defaultAllowedAttrs],\n\tRETURN_DOM: false,\n\tRETURN_DOM_FRAGMENT: false,\n\tRETURN_TRUSTED_TYPE: true,\n\t// We sanitize the src/href attributes later if needed\n\tALLOW_UNKNOWN_PROTOCOLS: true,\n} satisfies dompurify.Config);\n\n/**\n * Sanitizes an html string.\n *\n * @param untrusted The HTML string to sanitize.\n * @param config Optional configuration for sanitization. If not provided, defaults to a safe configuration.\n *\n * @returns A sanitized string of html.\n */\nexport function sanitizeHtml(untrusted: string, config?: DomSanitizerConfig): TrustedHTML {\n\tconst store = new DisposableStore();\n\ttry {\n\t\tconst resolvedConfig: dompurify.Config = { ...defaultDomPurifyConfig };\n\n\t\tif (config?.allowedTags) {\n\t\t\tif (config.allowedTags.override) {\n\t\t\t\tresolvedConfig.ALLOWED_TAGS = [...config.allowedTags.override];\n\t\t\t}\n\n\t\t\tif (config.allowedTags.augment) {\n\t\t\t\tresolvedConfig.ALLOWED_TAGS = [...(resolvedConfig.ALLOWED_TAGS ?? []), ...config.allowedTags.augment];\n\t\t\t}\n\t\t}\n\n\t\tlet resolvedAttributes: Array<string | SanitizeAttributeRule> = [...defaultAllowedAttrs];\n\t\tif (config?.allowedAttributes) {\n\t\t\tif (config.allowedAttributes.override) {\n\t\t\t\tresolvedAttributes = [...config.allowedAttributes.override];\n\t\t\t}\n\n\t\t\tif (config.allowedAttributes.augment) {\n\t\t\t\tresolvedAttributes = [...resolvedAttributes, ...config.allowedAttributes.augment];\n\t\t\t}\n\t\t}\n\n\t\tconst allowedAttrNames = new Set(resolvedAttributes.map(attr => typeof attr === 'string' ? attr : attr.attributeName));\n\t\tconst allowedAttrPredicates = new Map<string, SanitizeAttributeRule>();\n\t\tfor (const attr of resolvedAttributes) {\n\t\t\tif (typeof attr === 'string') {\n\t\t\t\t// New string attribute value clears previously set predicates\n\t\t\t\tallowedAttrPredicates.delete(attr);\n\t\t\t} else {\n\t\t\t\tallowedAttrPredicates.set(attr.attributeName, attr);\n\t\t\t}\n\t\t}\n\n\t\tresolvedConfig.ALLOWED_ATTR = Array.from(allowedAttrNames);\n\n\t\tstore.add(hookDomPurifyHrefAndSrcSanitizer(\n\t\t\tconfig?.allowedLinkProtocols?.override ?? [Schemas.http, Schemas.https],\n\t\t\tconfig?.allowedMediaProtocols?.override ?? [Schemas.http, Schemas.https]));\n\n\t\tif (config?.replaceWithPlaintext) {\n\t\t\tstore.add(addDompurifyHook('uponSanitizeElement', replaceWithPlainTextHook));\n\t\t}\n\n\t\tif (allowedAttrPredicates.size) {\n\t\t\tstore.add(addDompurifyHook('uponSanitizeAttribute', (node, e) => {\n\t\t\t\tconst predicate = allowedAttrPredicates.get(e.attrName);\n\t\t\t\tif (predicate) {\n\t\t\t\t\tconst result = predicate.shouldKeep(node, e);\n\t\t\t\t\tif (typeof result === 'string') {\n\t\t\t\t\t\te.keepAttr = true;\n\t\t\t\t\t\te.attrValue = result;\n\t\t\t\t\t} else {\n\t\t\t\t\t\te.keepAttr = result;\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\te.keepAttr = allowedAttrNames.has(e.attrName);\n\t\t\t\t}\n\t\t\t}));\n\t\t}\n\n\t\treturn dompurify.sanitize(untrusted, {\n\t\t\t...resolvedConfig,\n\t\t\tRETURN_TRUSTED_TYPE: true\n\t\t});\n\t} finally {\n\t\tstore.dispose();\n\t}\n}\n\nconst selfClosingTags = ['area', 'base', 'br', 'col', 'command', 'embed', 'hr', 'img', 'input', 'keygen', 'link', 'meta', 'param', 'source', 'track', 'wbr'];\n\nfunction replaceWithPlainTextHook(element: Element, data: dompurify.SanitizeElementHookEvent, _config: dompurify.Config) {\n\tif (!data.allowedTags[data.tagName] && data.tagName !== 'body') {\n\t\tconst replacement = convertTagToPlaintext(element);\n\t\tif (element.nodeType === Node.COMMENT_NODE) {\n\t\t\t// Workaround for https://github.com/cure53/DOMPurify/issues/1005\n\t\t\t// The comment will be deleted in the next phase. However if we try to remove it now, it will cause\n\t\t\t// an exception. Instead we insert the text node before the comment.\n\t\t\telement.parentElement?.insertBefore(replacement, element);\n\t\t} else {\n\t\t\telement.parentElement?.replaceChild(replacement, element);\n\t\t}\n\t}\n}\n\nexport function convertTagToPlaintext(element: Element): DocumentFragment {\n\tlet startTagText: string;\n\tlet endTagText: string | undefined;\n\tif (element.nodeType === Node.COMMENT_NODE) {\n\t\tstartTagText = `<!--${element.textContent}-->`;\n\t} else {\n\t\tconst tagName = element.tagName.toLowerCase();\n\t\tconst isSelfClosing = selfClosingTags.includes(tagName);\n\t\tconst attrString = element.attributes.length ?\n\t\t\t' ' + Array.from(element.attributes)\n\t\t\t\t.map(attr => `${attr.name}=\"${attr.value}\"`)\n\t\t\t\t.join(' ')\n\t\t\t: '';\n\t\tstartTagText = `<${tagName}${attrString}>`;\n\t\tif (!isSelfClosing) {\n\t\t\tendTagText = `</${tagName}>`;\n\t\t}\n\t}\n\n\tconst fragment = document.createDocumentFragment();\n\tconst textNode = element.ownerDocument.createTextNode(startTagText);\n\tfragment.appendChild(textNode);\n\twhile (element.firstChild) {\n\t\tfragment.appendChild(element.firstChild);\n\t}\n\n\tconst endTagTextNode = endTagText ? element.ownerDocument.createTextNode(endTagText) : undefined;\n\tif (endTagTextNode) {\n\t\tfragment.appendChild(endTagTextNode);\n\t}\n\n\treturn fragment;\n}\n\n/**\n * Sanitizes the given `value` and reset the given `node` with it.\n */\nexport function safeSetInnerHtml(node: HTMLElement, untrusted: string, config?: DomSanitizerConfig): void {\n\tnode.innerHTML = sanitizeHtml(untrusted, config) as any;\n}\n","/*---------------------------------------------------------------------------------------------\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License. See License.txt in the project root for license information.\n *--------------------------------------------------------------------------------------------*/\n\nimport { DisposableStore, IDisposable, toDisposable } from '../common/lifecycle.js';\nimport { Schemas } from '../common/network.js';\nimport dompurify from './dompurify/dompurify.js';\n\n\n/**\n * List of safe, non-input html tags.\n */\nexport const basicMarkupHtmlTags = Object.freeze([\n\t'a',\n\t'abbr',\n\t'b',\n\t'bdo',\n\t'blockquote',\n\t'br',\n\t'caption',\n\t'cite',\n\t'code',\n\t'col',\n\t'colgroup',\n\t'dd',\n\t'del',\n\t'details',\n\t'dfn',\n\t'div',\n\t'dl',\n\t'dt',\n\t'em',\n\t'figcaption',\n\t'figure',\n\t'h1',\n\t'h2',\n\t'h3',\n\t'h4',\n\t'h5',\n\t'h6',\n\t'hr',\n\t'i',\n\t'img',\n\t'ins',\n\t'kbd',\n\t'label',\n\t'li',\n\t'mark',\n\t'ol',\n\t'p',\n\t'pre',\n\t'q',\n\t'rp',\n\t'rt',\n\t'ruby',\n\t'samp',\n\t'small',\n\t'small',\n\t'source',\n\t'span',\n\t'strike',\n\t'strong',\n\t'sub',\n\t'summary',\n\t'sup',\n\t'table',\n\t'tbody',\n\t'td',\n\t'tfoot',\n\t'th',\n\t'thead',\n\t'time',\n\t'tr',\n\t'tt',\n\t'u',\n\t'ul',\n\t'var',\n\t'video',\n\t'wbr',\n]);\n\nexport const defaultAllowedAttrs = Object.freeze([\n\t'href',\n\t'target',\n\t'src',\n\t'alt',\n\t'title',\n\t'for',\n\t'name',\n\t'role',\n\t'tabindex',\n\t'x-dispatch',\n\t'required',\n\t'checked',\n\t'placeholder',\n\t'type',\n\t'start',\n\t'width',\n\t'height',\n\t'align',\n]);\n\n\ntype UponSanitizeElementCb = (currentNode: Element, data: dompurify.SanitizeElementHookEvent, config: dompurify.Config) => void;\ntype UponSanitizeAttributeCb = (currentNode: Element, data: dompurify.SanitizeAttributeHookEvent, config: dompurify.Config) => void;\n\nfunction addDompurifyHook(hook: 'uponSanitizeElement', cb: UponSanitizeElementCb): IDisposable;\nfunction addDompurifyHook(hook: 'uponSanitizeAttribute', cb: UponSanitizeAttributeCb): IDisposable;\nfunction addDompurifyHook(hook: 'uponSanitizeElement' | 'uponSanitizeAttribute', cb: any): IDisposable {\n\tdompurify.addHook(hook, cb);\n\treturn toDisposable(() => dompurify.removeHook(hook));\n}\n\n/**\n * Hooks dompurify using `afterSanitizeAttributes` to check that all `href` and `src`\n * attributes are valid.\n */\nfunction hookDomPurifyHrefAndSrcSanitizer(allowedLinkProtocols: readonly string[] | '*', allowedMediaProtocols: readonly string[]): IDisposable {\n\t// https://github.com/cure53/DOMPurify/blob/main/demos/hooks-scheme-allowlist.html\n\t// build an anchor to map URLs to\n\tconst anchor = document.createElement('a');\n\n\tfunction validateLink(value: string, allowedProtocols: readonly string[] | '*'): boolean {\n\t\tif (allowedProtocols === '*') {\n\t\t\treturn true; // allow all protocols\n\t\t}\n\n\t\tanchor.href = value;\n\t\treturn allowedProtocols.includes(anchor.protocol.replace(/:$/, ''));\n\t}\n\n\tdompurify.addHook('afterSanitizeAttributes', (node) => {\n\t\t// check all href/src attributes for validity\n\t\tfor (const attr of ['href', 'src']) {\n\t\t\tif (node.hasAttribute(attr)) {\n\t\t\t\tconst attrValue = node.getAttribute(attr) as string;\n\t\t\t\tif (attr === 'href') {\n\n\t\t\t\t\tif (!attrValue.startsWith('#') && !validateLink(attrValue, allowedLinkProtocols)) {\n\t\t\t\t\t\tnode.removeAttribute(attr);\n\t\t\t\t\t}\n\n\t\t\t\t} else {// 'src'\n\t\t\t\t\tif (!validateLink(attrValue, allowedMediaProtocols)) {\n\t\t\t\t\t\tnode.removeAttribute(attr);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t});\n\n\treturn toDisposable(() => dompurify.removeHook('afterSanitizeAttributes'));\n}\n\n/**\n * Predicate that checks if an attribute should be kept or removed.\n *\n * @returns A boolean indicating whether the attribute should be kept or a string with the sanitized value (which implicitly keeps the attribute)\n */\nexport type SanitizeAttributePredicate = (node: Element, data: { readonly attrName: string; readonly attrValue: string }) => boolean | string;\n\nexport interface SanitizeAttributeRule {\n\treadonly attributeName: string;\n\tshouldKeep: SanitizeAttributePredicate;\n}\n\nexport interface DomSanitizerConfig {\n\t/**\n\t * Configured the allowed html tags.\n\t */\n\treadonly allowedTags?: {\n\t\treadonly override?: readonly string[];\n\t\treadonly augment?: readonly string[];\n\t};\n\n\t/**\n\t * Configured the allowed html attributes.\n\t */\n\treadonly allowedAttributes?: {\n\t\treadonly override?: ReadonlyArray<string | SanitizeAttributeRule>;\n\t\treadonly augment?: ReadonlyArray<string | SanitizeAttributeRule>;\n\t};\n\n\t/**\n\t * List of allowed protocols for `href` attributes.\n\t */\n\treadonly allowedLinkProtocols?: {\n\t\treadonly override?: readonly string[] | '*';\n\t};\n\n\t/**\n\t * List of allowed protocols for `src` attributes.\n\t */\n\treadonly allowedMediaProtocols?: {\n\t\treadonly override?: readonly string[];\n\t};\n\n\t/**\n\t * If set, replaces unsupported tags with their plaintext representation instead of removing them.\n\t *\n\t * For example, <p><bad>\"text\"</bad></p> becomes <p>\"<bad>text</bad>\"</p>.\n\t */\n\treadonly replaceWithPlaintext?: boolean;\n}\n\nconst defaultDomPurifyConfig = Object.freeze({\n\tALLOWED_TAGS: [...basicMarkupHtmlTags],\n\tALLOWED_ATTR: [...defaultAllowedAttrs],\n\tRETURN_DOM: false,\n\tRETURN_DOM_FRAGMENT: false,\n\tRETURN_TRUSTED_TYPE: true,\n\t// We sanitize the src/href attributes later if needed\n\tALLOW_UNKNOWN_PROTOCOLS: true,\n} satisfies dompurify.Config);\n\n/**\n * Sanitizes an html string.\n *\n * @param untrusted The HTML string to sanitize.\n * @param config Optional configuration for sanitization. If not provided, defaults to a safe configuration.\n *\n * @returns A sanitized string of html.\n */\nexport function sanitizeHtml(untrusted: string, config?: DomSanitizerConfig): TrustedHTML {\n\tconst store = new DisposableStore();\n\ttry {\n\t\tconst resolvedConfig: dompurify.Config = { ...defaultDomPurifyConfig };\n\n\t\tif (config?.allowedTags) {\n\t\t\tif (config.allowedTags.override) {\n\t\t\t\tresolvedConfig.ALLOWED_TAGS = [...config.allowedTags.override];\n\t\t\t}\n\n\t\t\tif (config.allowedTags.augment) {\n\t\t\t\tresolvedConfig.ALLOWED_TAGS = [...(resolvedConfig.ALLOWED_TAGS ?? []), ...config.allowedTags.augment];\n\t\t\t}\n\t\t}\n\n\t\tlet resolvedAttributes: Array<string | SanitizeAttributeRule> = [...defaultAllowedAttrs];\n\t\tif (config?.allowedAttributes) {\n\t\t\tif (config.allowedAttributes.override) {\n\t\t\t\tresolvedAttributes = [...config.allowedAttributes.override];\n\t\t\t}\n\n\t\t\tif (config.allowedAttributes.augment) {\n\t\t\t\tresolvedAttributes = [...resolvedAttributes, ...config.allowedAttributes.augment];\n\t\t\t}\n\t\t}\n\n\t\tconst allowedAttrNames = new Set(resolvedAttributes.map(attr => typeof attr === 'string' ? attr : attr.attributeName));\n\t\tconst allowedAttrPredicates = new Map<string, SanitizeAttributeRule>();\n\t\tfor (const attr of resolvedAttributes) {\n\t\t\tif (typeof attr === 'string') {\n\t\t\t\t// New string attribute value clears previously set predicates\n\t\t\t\tallowedAttrPredicates.delete(attr);\n\t\t\t} else {\n\t\t\t\tallowedAttrPredicates.set(attr.attributeName, attr);\n\t\t\t}\n\t\t}\n\n\t\tresolvedConfig.ALLOWED_ATTR = Array.from(allowedAttrNames);\n\n\t\tstore.add(hookDomPurifyHrefAndSrcSanitizer(\n\t\t\tconfig?.allowedLinkProtocols?.override ?? [Schemas.http, Schemas.https],\n\t\t\tconfig?.allowedMediaProtocols?.override ?? [Schemas.http, Schemas.https]));\n\n\t\tif (config?.replaceWithPlaintext) {\n\t\t\tstore.add(addDompurifyHook('uponSanitizeElement', replaceWithPlainTextHook));\n\t\t}\n\n\t\tif (allowedAttrPredicates.size) {\n\t\t\tstore.add(addDompurifyHook('uponSanitizeAttribute', (node, e) => {\n\t\t\t\tconst predicate = allowedAttrPredicates.get(e.attrName);\n\t\t\t\tif (predicate) {\n\t\t\t\t\tconst result = predicate.shouldKeep(node, e);\n\t\t\t\t\tif (typeof result === 'string') {\n\t\t\t\t\t\te.keepAttr = true;\n\t\t\t\t\t\te.attrValue = result;\n\t\t\t\t\t} else {\n\t\t\t\t\t\te.keepAttr = result;\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\te.keepAttr = allowedAttrNames.has(e.attrName);\n\t\t\t\t}\n\t\t\t}));\n\t\t}\n\n\t\treturn dompurify.sanitize(untrusted, {\n\t\t\t...resolvedConfig,\n\t\t\tRETURN_TRUSTED_TYPE: true\n\t\t});\n\t} finally {\n\t\tstore.dispose();\n\t}\n}\n\nconst selfClosingTags = ['area', 'base', 'br', 'col', 'command', 'embed', 'hr', 'img', 'input', 'keygen', 'link', 'meta', 'param', 'source', 'track', 'wbr'];\n\nfunction replaceWithPlainTextHook(element: Element, data: dompurify.SanitizeElementHookEvent, _config: dompurify.Config) {\n\tif (!data.allowedTags[data.tagName] && data.tagName !== 'body') {\n\t\tconst replacement = convertTagToPlaintext(element);\n\t\tif (element.nodeType === Node.COMMENT_NODE) {\n\t\t\t// Workaround for https://github.com/cure53/DOMPurify/issues/1005\n\t\t\t// The comment will be deleted in the next phase. However if we try to remove it now, it will cause\n\t\t\t// an exception. Instead we insert the text node before the comment.\n\t\t\telement.parentElement?.insertBefore(replacement, element);\n\t\t} else {\n\t\t\telement.parentElement?.replaceChild(replacement, element);\n\t\t}\n\t}\n}\n\nexport function convertTagToPlaintext(element: Element): DocumentFragment {\n\tlet startTagText: string;\n\tlet endTagText: string | undefined;\n\tif (element.nodeType === Node.COMMENT_NODE) {\n\t\tstartTagText = `<!--${element.textContent}-->`;\n\t} else {\n\t\tconst tagName = element.tagName.toLowerCase();\n\t\tconst isSelfClosing = selfClosingTags.includes(tagName);\n\t\tconst attrString = element.attributes.length ?\n\t\t\t' ' + Array.from(element.attributes)\n\t\t\t\t.map(attr => `${attr.name}=\"${attr.value}\"`)\n\t\t\t\t.join(' ')\n\t\t\t: '';\n\t\tstartTagText = `<${tagName}${attrString}>`;\n\t\tif (!isSelfClosing) {\n\t\t\tendTagText = `</${tagName}>`;\n\t\t}\n\t}\n\n\tconst fragment = document.createDocumentFragment();\n\tconst textNode = element.ownerDocument.createTextNode(startTagText);\n\tfragment.appendChild(textNode);\n\twhile (element.firstChild) {\n\t\tfragment.appendChild(element.firstChild);\n\t}\n\n\tconst endTagTextNode = endTagText ? element.ownerDocument.createTextNode(endTagText) : undefined;\n\tif (endTagTextNode) {\n\t\tfragment.appendChild(endTagTextNode);\n\t}\n\n\treturn fragment;\n}\n\n/**\n * Sanitizes the given `value` and reset the given `node` with it.\n */\nexport function safeSetInnerHtml(node: HTMLElement, untrusted: string, config?: DomSanitizerConfig): void {\n\tnode.innerHTML = sanitizeHtml(untrusted, config) as any;\n}\n"]}
1
+ {"version":3,"sources":["file:///mnt/vss/_work/1/s/dependencies/vscode/out-editor-src/vs/base/browser/domSanitize.ts","vs/base/browser/domSanitize.ts"],"names":[],"mappings":"AAAA;;;gGAGgG;AAEhG,OAAO,EAAE,eAAe,EAAe,YAAY,EAAE,MAAM,wBAAwB,CAAC;AACpF,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC/C,OAAO,SAAS,MAAM,0BAA0B,CAAC;AAGjD;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;IAChD,GAAG;IACH,MAAM;IACN,GAAG;IACH,KAAK;IACL,YAAY;IACZ,IAAI;IACJ,SAAS;IACT,MAAM;IACN,MAAM;IACN,KAAK;IACL,UAAU;IACV,IAAI;IACJ,KAAK;IACL,SAAS;IACT,KAAK;IACL,KAAK;IACL,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,YAAY;IACZ,QAAQ;IACR,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,GAAG;IACH,KAAK;IACL,KAAK;IACL,KAAK;IACL,OAAO;IACP,IAAI;IACJ,MAAM;IACN,IAAI;IACJ,GAAG;IACH,KAAK;IACL,GAAG;IACH,IAAI;IACJ,IAAI;IACJ,MAAM;IACN,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,KAAK;IACL,SAAS;IACT,KAAK;IACL,OAAO;IACP,OAAO;IACP,IAAI;IACJ,OAAO;IACP,IAAI;IACJ,OAAO;IACP,MAAM;IACN,IAAI;IACJ,IAAI;IACJ,GAAG;IACH,IAAI;IACJ,KAAK;IACL,OAAO;IACP,KAAK;CACL,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;IAChD,MAAM;IACN,QAAQ;IACR,KAAK;IACL,KAAK;IACL,OAAO;IACP,KAAK;IACL,MAAM;IACN,MAAM;IACN,UAAU;IACV,YAAY;IACZ,UAAU;IACV,SAAS;IACT,aAAa;IACb,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,OAAO;CACP,CAAC,CAAC;AAQH,SAAS,gBAAgB,CAAC,IAAqD,EAAE,EAAO;IACvF,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC5B,OAAO,YAAY,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;AACvD,CAAC;AAED;;;GAGG;AACH,SAAS,gCAAgC,CAAC,oBAA6C,EAAE,qBAAwC;IAChI,kFAAkF;IAClF,iCAAiC;IACjC,MAAM,MAAM,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IAE3C,SAAS,YAAY,CAAC,KAAa,EAAE,gBAAyC;QAC7E,IAAI,gBAAgB,KAAK,GAAG,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,CAAC,sBAAsB;QACpC,CAAC;QAED,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC;QACpB,OAAO,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,SAAS,CAAC,OAAO,CAAC,yBAAyB,EAAE,CAAC,IAAI,EAAE,EAAE;QACrD,6CAA6C;QAC7C,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAW,CAAC;gBACpD,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;oBAErB,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,oBAAoB,CAAC,EAAE,CAAC;wBAClF,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;oBAC5B,CAAC;gBAEF,CAAC;qBAAM,CAAC,CAAA,QAAQ;oBACf,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,qBAAqB,CAAC,EAAE,CAAC;wBACrD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;oBAC5B,CAAC;gBACF,CAAC;YACF,CAAC;QACF,CAAC;IACF,CAAC,CAAC,CAAC;IAEH,OAAO,YAAY,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,yBAAyB,CAAC,CAAC,CAAC;AAC5E,CAAC;AAqDD,MAAM,sBAAsB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC5C,YAAY,EAAE,CAAC,GAAG,mBAAmB,CAAC;IACtC,YAAY,EAAE,CAAC,GAAG,mBAAmB,CAAC;IACtC,UAAU,EAAE,KAAK;IACjB,mBAAmB,EAAE,KAAK;IAC1B,mBAAmB,EAAE,IAAI;IACzB,sDAAsD;IACtD,uBAAuB,EAAE,IAAI;CACF,CAAC,CAAC;AAE9B;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,SAAiB,EAAE,MAA2B;IAC1E,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;IACpC,IAAI,CAAC;QACJ,MAAM,cAAc,GAAqB,EAAE,GAAG,sBAAsB,EAAE,CAAC;QAEvE,IAAI,MAAM,EAAE,WAAW,EAAE,CAAC;YACzB,IAAI,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;gBACjC,cAAc,CAAC,YAAY,GAAG,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;YAChE,CAAC;YAED,IAAI,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBAChC,cAAc,CAAC,YAAY,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACvG,CAAC;QACF,CAAC;QAED,IAAI,kBAAkB,GAA0C,CAAC,GAAG,mBAAmB,CAAC,CAAC;QACzF,IAAI,MAAM,EAAE,iBAAiB,EAAE,CAAC;YAC/B,IAAI,MAAM,CAAC,iBAAiB,CAAC,QAAQ,EAAE,CAAC;gBACvC,kBAAkB,GAAG,CAAC,GAAG,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YAC7D,CAAC;YAED,IAAI,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,CAAC;gBACtC,kBAAkB,GAAG,CAAC,GAAG,kBAAkB,EAAE,GAAG,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;YACnF,CAAC;QACF,CAAC;QAED,uDAAuD;QACvD,kBAAkB,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAkC,EAAE;YACpF,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC9B,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC;YAC3B,CAAC;YACD,OAAO;gBACN,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE;gBAC/C,UAAU,EAAE,IAAI,CAAC,UAAU;aAC3B,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QACvH,MAAM,qBAAqB,GAAG,IAAI,GAAG,EAAiC,CAAC;QACvE,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;YACvC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC9B,8DAA8D;gBAC9D,qBAAqB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACP,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;YACrD,CAAC;QACF,CAAC;QAED,cAAc,CAAC,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAE3D,KAAK,CAAC,GAAG,CAAC,gCAAgC,CACzC,MAAM,EAAE,oBAAoB,EAAE,QAAQ,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,EACvE,MAAM,EAAE,qBAAqB,EAAE,QAAQ,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAE5E,IAAI,MAAM,EAAE,oBAAoB,EAAE,CAAC;YAClC,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,qBAAqB,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,qBAAqB,CAAC,IAAI,EAAE,CAAC;YAChC,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,uBAAuB,EAAE,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;gBAC/D,MAAM,SAAS,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBACxD,IAAI,SAAS,EAAE,CAAC;oBACf,MAAM,MAAM,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;oBAC7C,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;wBAChC,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC;wBAClB,CAAC,CAAC,SAAS,GAAG,MAAM,CAAC;oBACtB,CAAC;yBAAM,CAAC;wBACP,CAAC,CAAC,QAAQ,GAAG,MAAM,CAAC;oBACrB,CAAC;gBACF,CAAC;qBAAM,CAAC;oBACP,CAAC,CAAC,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBAC/C,CAAC;YACF,CAAC,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE;YACpC,GAAG,cAAc;YACjB,mBAAmB,EAAE,IAAI;SACzB,CAAC,CAAC;IACJ,CAAC;YAAS,CAAC;QACV,KAAK,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;AACF,CAAC;AAED,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AAE7J,SAAS,wBAAwB,CAAC,OAAgB,EAAE,IAAwC,EAAE,OAAyB;IACtH,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QAChE,MAAM,WAAW,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACnD,IAAI,OAAO,CAAC,QAAQ,KAAK,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5C,iEAAiE;YACjE,mGAAmG;YACnG,oEAAoE;YACpE,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC3D,CAAC;aAAM,CAAC;YACP,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC3D,CAAC;IACF,CAAC;AACF,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,OAAgB;IACrD,IAAI,YAAoB,CAAC;IACzB,IAAI,UAA8B,CAAC;IACnC,IAAI,OAAO,CAAC,QAAQ,KAAK,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,YAAY,GAAG,OAAO,OAAO,CAAC,WAAW,KAAK,CAAC;IAChD,CAAC;SAAM,CAAC;QACP,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAC9C,MAAM,aAAa,GAAG,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC7C,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;iBAClC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,KAAK,GAAG,CAAC;iBAC3C,IAAI,CAAC,GAAG,CAAC;YACX,CAAC,CAAC,EAAE,CAAC;QACN,YAAY,GAAG,IAAI,OAAO,GAAG,UAAU,GAAG,CAAC;QAC3C,IAAI,CAAC,aAAa,EAAE,CAAC;YACpB,UAAU,GAAG,KAAK,OAAO,GAAG,CAAC;QAC9B,CAAC;IACF,CAAC;IAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,sBAAsB,EAAE,CAAC;IACnD,MAAM,QAAQ,GAAG,OAAO,CAAC,aAAa,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACpE,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC/B,OAAO,OAAO,CAAC,UAAU,EAAE,CAAC;QAC3B,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,cAAc,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACjG,IAAI,cAAc,EAAE,CAAC;QACpB,QAAQ,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAiB,EAAE,SAAiB,EAAE,MAA2B;IACjG,IAAI,CAAC,SAAS,GAAG,YAAY,CAAC,SAAS,EAAE,MAAM,CAAQ,CAAC;AACzD,CAAC","file":"domSanitize.js","sourceRoot":"file:///mnt/vss/_work/1/s/dependencies/vscode/out-editor-src","sourcesContent":["/*---------------------------------------------------------------------------------------------\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License. See License.txt in the project root for license information.\n *--------------------------------------------------------------------------------------------*/\n\nimport { DisposableStore, IDisposable, toDisposable } from '../common/lifecycle.js';\nimport { Schemas } from '../common/network.js';\nimport dompurify from './dompurify/dompurify.js';\n\n\n/**\n * List of safe, non-input html tags.\n */\nexport const basicMarkupHtmlTags = Object.freeze([\n\t'a',\n\t'abbr',\n\t'b',\n\t'bdo',\n\t'blockquote',\n\t'br',\n\t'caption',\n\t'cite',\n\t'code',\n\t'col',\n\t'colgroup',\n\t'dd',\n\t'del',\n\t'details',\n\t'dfn',\n\t'div',\n\t'dl',\n\t'dt',\n\t'em',\n\t'figcaption',\n\t'figure',\n\t'h1',\n\t'h2',\n\t'h3',\n\t'h4',\n\t'h5',\n\t'h6',\n\t'hr',\n\t'i',\n\t'img',\n\t'ins',\n\t'kbd',\n\t'label',\n\t'li',\n\t'mark',\n\t'ol',\n\t'p',\n\t'pre',\n\t'q',\n\t'rp',\n\t'rt',\n\t'ruby',\n\t'samp',\n\t'small',\n\t'small',\n\t'source',\n\t'span',\n\t'strike',\n\t'strong',\n\t'sub',\n\t'summary',\n\t'sup',\n\t'table',\n\t'tbody',\n\t'td',\n\t'tfoot',\n\t'th',\n\t'thead',\n\t'time',\n\t'tr',\n\t'tt',\n\t'u',\n\t'ul',\n\t'var',\n\t'video',\n\t'wbr',\n]);\n\nexport const defaultAllowedAttrs = Object.freeze([\n\t'href',\n\t'target',\n\t'src',\n\t'alt',\n\t'title',\n\t'for',\n\t'name',\n\t'role',\n\t'tabindex',\n\t'x-dispatch',\n\t'required',\n\t'checked',\n\t'placeholder',\n\t'type',\n\t'start',\n\t'width',\n\t'height',\n\t'align',\n]);\n\n\ntype UponSanitizeElementCb = (currentNode: Element, data: dompurify.SanitizeElementHookEvent, config: dompurify.Config) => void;\ntype UponSanitizeAttributeCb = (currentNode: Element, data: dompurify.SanitizeAttributeHookEvent, config: dompurify.Config) => void;\n\nfunction addDompurifyHook(hook: 'uponSanitizeElement', cb: UponSanitizeElementCb): IDisposable;\nfunction addDompurifyHook(hook: 'uponSanitizeAttribute', cb: UponSanitizeAttributeCb): IDisposable;\nfunction addDompurifyHook(hook: 'uponSanitizeElement' | 'uponSanitizeAttribute', cb: any): IDisposable {\n\tdompurify.addHook(hook, cb);\n\treturn toDisposable(() => dompurify.removeHook(hook));\n}\n\n/**\n * Hooks dompurify using `afterSanitizeAttributes` to check that all `href` and `src`\n * attributes are valid.\n */\nfunction hookDomPurifyHrefAndSrcSanitizer(allowedLinkProtocols: readonly string[] | '*', allowedMediaProtocols: readonly string[]): IDisposable {\n\t// https://github.com/cure53/DOMPurify/blob/main/demos/hooks-scheme-allowlist.html\n\t// build an anchor to map URLs to\n\tconst anchor = document.createElement('a');\n\n\tfunction validateLink(value: string, allowedProtocols: readonly string[] | '*'): boolean {\n\t\tif (allowedProtocols === '*') {\n\t\t\treturn true; // allow all protocols\n\t\t}\n\n\t\tanchor.href = value;\n\t\treturn allowedProtocols.includes(anchor.protocol.replace(/:$/, ''));\n\t}\n\n\tdompurify.addHook('afterSanitizeAttributes', (node) => {\n\t\t// check all href/src attributes for validity\n\t\tfor (const attr of ['href', 'src']) {\n\t\t\tif (node.hasAttribute(attr)) {\n\t\t\t\tconst attrValue = node.getAttribute(attr) as string;\n\t\t\t\tif (attr === 'href') {\n\n\t\t\t\t\tif (!attrValue.startsWith('#') && !validateLink(attrValue, allowedLinkProtocols)) {\n\t\t\t\t\t\tnode.removeAttribute(attr);\n\t\t\t\t\t}\n\n\t\t\t\t} else {// 'src'\n\t\t\t\t\tif (!validateLink(attrValue, allowedMediaProtocols)) {\n\t\t\t\t\t\tnode.removeAttribute(attr);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t});\n\n\treturn toDisposable(() => dompurify.removeHook('afterSanitizeAttributes'));\n}\n\n/**\n * Predicate that checks if an attribute should be kept or removed.\n *\n * @returns A boolean indicating whether the attribute should be kept or a string with the sanitized value (which implicitly keeps the attribute)\n */\nexport type SanitizeAttributePredicate = (node: Element, data: { readonly attrName: string; readonly attrValue: string }) => boolean | string;\n\nexport interface SanitizeAttributeRule {\n\treadonly attributeName: string;\n\tshouldKeep: SanitizeAttributePredicate;\n}\n\nexport interface DomSanitizerConfig {\n\t/**\n\t * Configured the allowed html tags.\n\t */\n\treadonly allowedTags?: {\n\t\treadonly override?: readonly string[];\n\t\treadonly augment?: readonly string[];\n\t};\n\n\t/**\n\t * Configured the allowed html attributes.\n\t */\n\treadonly allowedAttributes?: {\n\t\treadonly override?: ReadonlyArray<string | SanitizeAttributeRule>;\n\t\treadonly augment?: ReadonlyArray<string | SanitizeAttributeRule>;\n\t};\n\n\t/**\n\t * List of allowed protocols for `href` attributes.\n\t */\n\treadonly allowedLinkProtocols?: {\n\t\treadonly override?: readonly string[] | '*';\n\t};\n\n\t/**\n\t * List of allowed protocols for `src` attributes.\n\t */\n\treadonly allowedMediaProtocols?: {\n\t\treadonly override?: readonly string[];\n\t};\n\n\t/**\n\t * If set, replaces unsupported tags with their plaintext representation instead of removing them.\n\t *\n\t * For example, <p><bad>\"text\"</bad></p> becomes <p>\"<bad>text</bad>\"</p>.\n\t */\n\treadonly replaceWithPlaintext?: boolean;\n}\n\nconst defaultDomPurifyConfig = Object.freeze({\n\tALLOWED_TAGS: [...basicMarkupHtmlTags],\n\tALLOWED_ATTR: [...defaultAllowedAttrs],\n\tRETURN_DOM: false,\n\tRETURN_DOM_FRAGMENT: false,\n\tRETURN_TRUSTED_TYPE: true,\n\t// We sanitize the src/href attributes later if needed\n\tALLOW_UNKNOWN_PROTOCOLS: true,\n} satisfies dompurify.Config);\n\n/**\n * Sanitizes an html string.\n *\n * @param untrusted The HTML string to sanitize.\n * @param config Optional configuration for sanitization. If not provided, defaults to a safe configuration.\n *\n * @returns A sanitized string of html.\n */\nexport function sanitizeHtml(untrusted: string, config?: DomSanitizerConfig): TrustedHTML {\n\tconst store = new DisposableStore();\n\ttry {\n\t\tconst resolvedConfig: dompurify.Config = { ...defaultDomPurifyConfig };\n\n\t\tif (config?.allowedTags) {\n\t\t\tif (config.allowedTags.override) {\n\t\t\t\tresolvedConfig.ALLOWED_TAGS = [...config.allowedTags.override];\n\t\t\t}\n\n\t\t\tif (config.allowedTags.augment) {\n\t\t\t\tresolvedConfig.ALLOWED_TAGS = [...(resolvedConfig.ALLOWED_TAGS ?? []), ...config.allowedTags.augment];\n\t\t\t}\n\t\t}\n\n\t\tlet resolvedAttributes: Array<string | SanitizeAttributeRule> = [...defaultAllowedAttrs];\n\t\tif (config?.allowedAttributes) {\n\t\t\tif (config.allowedAttributes.override) {\n\t\t\t\tresolvedAttributes = [...config.allowedAttributes.override];\n\t\t\t}\n\n\t\t\tif (config.allowedAttributes.augment) {\n\t\t\t\tresolvedAttributes = [...resolvedAttributes, ...config.allowedAttributes.augment];\n\t\t\t}\n\t\t}\n\n\t\t// All attr names are lower-case in the sanitizer hooks\n\t\tresolvedAttributes = resolvedAttributes.map((attr): string | SanitizeAttributeRule => {\n\t\t\tif (typeof attr === 'string') {\n\t\t\t\treturn attr.toLowerCase();\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tattributeName: attr.attributeName.toLowerCase(),\n\t\t\t\tshouldKeep: attr.shouldKeep,\n\t\t\t};\n\t\t});\n\n\t\tconst allowedAttrNames = new Set(resolvedAttributes.map(attr => typeof attr === 'string' ? attr : attr.attributeName));\n\t\tconst allowedAttrPredicates = new Map<string, SanitizeAttributeRule>();\n\t\tfor (const attr of resolvedAttributes) {\n\t\t\tif (typeof attr === 'string') {\n\t\t\t\t// New string attribute value clears previously set predicates\n\t\t\t\tallowedAttrPredicates.delete(attr);\n\t\t\t} else {\n\t\t\t\tallowedAttrPredicates.set(attr.attributeName, attr);\n\t\t\t}\n\t\t}\n\n\t\tresolvedConfig.ALLOWED_ATTR = Array.from(allowedAttrNames);\n\n\t\tstore.add(hookDomPurifyHrefAndSrcSanitizer(\n\t\t\tconfig?.allowedLinkProtocols?.override ?? [Schemas.http, Schemas.https],\n\t\t\tconfig?.allowedMediaProtocols?.override ?? [Schemas.http, Schemas.https]));\n\n\t\tif (config?.replaceWithPlaintext) {\n\t\t\tstore.add(addDompurifyHook('uponSanitizeElement', replaceWithPlainTextHook));\n\t\t}\n\n\t\tif (allowedAttrPredicates.size) {\n\t\t\tstore.add(addDompurifyHook('uponSanitizeAttribute', (node, e) => {\n\t\t\t\tconst predicate = allowedAttrPredicates.get(e.attrName);\n\t\t\t\tif (predicate) {\n\t\t\t\t\tconst result = predicate.shouldKeep(node, e);\n\t\t\t\t\tif (typeof result === 'string') {\n\t\t\t\t\t\te.keepAttr = true;\n\t\t\t\t\t\te.attrValue = result;\n\t\t\t\t\t} else {\n\t\t\t\t\t\te.keepAttr = result;\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\te.keepAttr = allowedAttrNames.has(e.attrName);\n\t\t\t\t}\n\t\t\t}));\n\t\t}\n\n\t\treturn dompurify.sanitize(untrusted, {\n\t\t\t...resolvedConfig,\n\t\t\tRETURN_TRUSTED_TYPE: true\n\t\t});\n\t} finally {\n\t\tstore.dispose();\n\t}\n}\n\nconst selfClosingTags = ['area', 'base', 'br', 'col', 'command', 'embed', 'hr', 'img', 'input', 'keygen', 'link', 'meta', 'param', 'source', 'track', 'wbr'];\n\nfunction replaceWithPlainTextHook(element: Element, data: dompurify.SanitizeElementHookEvent, _config: dompurify.Config) {\n\tif (!data.allowedTags[data.tagName] && data.tagName !== 'body') {\n\t\tconst replacement = convertTagToPlaintext(element);\n\t\tif (element.nodeType === Node.COMMENT_NODE) {\n\t\t\t// Workaround for https://github.com/cure53/DOMPurify/issues/1005\n\t\t\t// The comment will be deleted in the next phase. However if we try to remove it now, it will cause\n\t\t\t// an exception. Instead we insert the text node before the comment.\n\t\t\telement.parentElement?.insertBefore(replacement, element);\n\t\t} else {\n\t\t\telement.parentElement?.replaceChild(replacement, element);\n\t\t}\n\t}\n}\n\nexport function convertTagToPlaintext(element: Element): DocumentFragment {\n\tlet startTagText: string;\n\tlet endTagText: string | undefined;\n\tif (element.nodeType === Node.COMMENT_NODE) {\n\t\tstartTagText = `<!--${element.textContent}-->`;\n\t} else {\n\t\tconst tagName = element.tagName.toLowerCase();\n\t\tconst isSelfClosing = selfClosingTags.includes(tagName);\n\t\tconst attrString = element.attributes.length ?\n\t\t\t' ' + Array.from(element.attributes)\n\t\t\t\t.map(attr => `${attr.name}=\"${attr.value}\"`)\n\t\t\t\t.join(' ')\n\t\t\t: '';\n\t\tstartTagText = `<${tagName}${attrString}>`;\n\t\tif (!isSelfClosing) {\n\t\t\tendTagText = `</${tagName}>`;\n\t\t}\n\t}\n\n\tconst fragment = document.createDocumentFragment();\n\tconst textNode = element.ownerDocument.createTextNode(startTagText);\n\tfragment.appendChild(textNode);\n\twhile (element.firstChild) {\n\t\tfragment.appendChild(element.firstChild);\n\t}\n\n\tconst endTagTextNode = endTagText ? element.ownerDocument.createTextNode(endTagText) : undefined;\n\tif (endTagTextNode) {\n\t\tfragment.appendChild(endTagTextNode);\n\t}\n\n\treturn fragment;\n}\n\n/**\n * Sanitizes the given `value` and reset the given `node` with it.\n */\nexport function safeSetInnerHtml(node: HTMLElement, untrusted: string, config?: DomSanitizerConfig): void {\n\tnode.innerHTML = sanitizeHtml(untrusted, config) as any;\n}\n","/*---------------------------------------------------------------------------------------------\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License. See License.txt in the project root for license information.\n *--------------------------------------------------------------------------------------------*/\n\nimport { DisposableStore, IDisposable, toDisposable } from '../common/lifecycle.js';\nimport { Schemas } from '../common/network.js';\nimport dompurify from './dompurify/dompurify.js';\n\n\n/**\n * List of safe, non-input html tags.\n */\nexport const basicMarkupHtmlTags = Object.freeze([\n\t'a',\n\t'abbr',\n\t'b',\n\t'bdo',\n\t'blockquote',\n\t'br',\n\t'caption',\n\t'cite',\n\t'code',\n\t'col',\n\t'colgroup',\n\t'dd',\n\t'del',\n\t'details',\n\t'dfn',\n\t'div',\n\t'dl',\n\t'dt',\n\t'em',\n\t'figcaption',\n\t'figure',\n\t'h1',\n\t'h2',\n\t'h3',\n\t'h4',\n\t'h5',\n\t'h6',\n\t'hr',\n\t'i',\n\t'img',\n\t'ins',\n\t'kbd',\n\t'label',\n\t'li',\n\t'mark',\n\t'ol',\n\t'p',\n\t'pre',\n\t'q',\n\t'rp',\n\t'rt',\n\t'ruby',\n\t'samp',\n\t'small',\n\t'small',\n\t'source',\n\t'span',\n\t'strike',\n\t'strong',\n\t'sub',\n\t'summary',\n\t'sup',\n\t'table',\n\t'tbody',\n\t'td',\n\t'tfoot',\n\t'th',\n\t'thead',\n\t'time',\n\t'tr',\n\t'tt',\n\t'u',\n\t'ul',\n\t'var',\n\t'video',\n\t'wbr',\n]);\n\nexport const defaultAllowedAttrs = Object.freeze([\n\t'href',\n\t'target',\n\t'src',\n\t'alt',\n\t'title',\n\t'for',\n\t'name',\n\t'role',\n\t'tabindex',\n\t'x-dispatch',\n\t'required',\n\t'checked',\n\t'placeholder',\n\t'type',\n\t'start',\n\t'width',\n\t'height',\n\t'align',\n]);\n\n\ntype UponSanitizeElementCb = (currentNode: Element, data: dompurify.SanitizeElementHookEvent, config: dompurify.Config) => void;\ntype UponSanitizeAttributeCb = (currentNode: Element, data: dompurify.SanitizeAttributeHookEvent, config: dompurify.Config) => void;\n\nfunction addDompurifyHook(hook: 'uponSanitizeElement', cb: UponSanitizeElementCb): IDisposable;\nfunction addDompurifyHook(hook: 'uponSanitizeAttribute', cb: UponSanitizeAttributeCb): IDisposable;\nfunction addDompurifyHook(hook: 'uponSanitizeElement' | 'uponSanitizeAttribute', cb: any): IDisposable {\n\tdompurify.addHook(hook, cb);\n\treturn toDisposable(() => dompurify.removeHook(hook));\n}\n\n/**\n * Hooks dompurify using `afterSanitizeAttributes` to check that all `href` and `src`\n * attributes are valid.\n */\nfunction hookDomPurifyHrefAndSrcSanitizer(allowedLinkProtocols: readonly string[] | '*', allowedMediaProtocols: readonly string[]): IDisposable {\n\t// https://github.com/cure53/DOMPurify/blob/main/demos/hooks-scheme-allowlist.html\n\t// build an anchor to map URLs to\n\tconst anchor = document.createElement('a');\n\n\tfunction validateLink(value: string, allowedProtocols: readonly string[] | '*'): boolean {\n\t\tif (allowedProtocols === '*') {\n\t\t\treturn true; // allow all protocols\n\t\t}\n\n\t\tanchor.href = value;\n\t\treturn allowedProtocols.includes(anchor.protocol.replace(/:$/, ''));\n\t}\n\n\tdompurify.addHook('afterSanitizeAttributes', (node) => {\n\t\t// check all href/src attributes for validity\n\t\tfor (const attr of ['href', 'src']) {\n\t\t\tif (node.hasAttribute(attr)) {\n\t\t\t\tconst attrValue = node.getAttribute(attr) as string;\n\t\t\t\tif (attr === 'href') {\n\n\t\t\t\t\tif (!attrValue.startsWith('#') && !validateLink(attrValue, allowedLinkProtocols)) {\n\t\t\t\t\t\tnode.removeAttribute(attr);\n\t\t\t\t\t}\n\n\t\t\t\t} else {// 'src'\n\t\t\t\t\tif (!validateLink(attrValue, allowedMediaProtocols)) {\n\t\t\t\t\t\tnode.removeAttribute(attr);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t});\n\n\treturn toDisposable(() => dompurify.removeHook('afterSanitizeAttributes'));\n}\n\n/**\n * Predicate that checks if an attribute should be kept or removed.\n *\n * @returns A boolean indicating whether the attribute should be kept or a string with the sanitized value (which implicitly keeps the attribute)\n */\nexport type SanitizeAttributePredicate = (node: Element, data: { readonly attrName: string; readonly attrValue: string }) => boolean | string;\n\nexport interface SanitizeAttributeRule {\n\treadonly attributeName: string;\n\tshouldKeep: SanitizeAttributePredicate;\n}\n\nexport interface DomSanitizerConfig {\n\t/**\n\t * Configured the allowed html tags.\n\t */\n\treadonly allowedTags?: {\n\t\treadonly override?: readonly string[];\n\t\treadonly augment?: readonly string[];\n\t};\n\n\t/**\n\t * Configured the allowed html attributes.\n\t */\n\treadonly allowedAttributes?: {\n\t\treadonly override?: ReadonlyArray<string | SanitizeAttributeRule>;\n\t\treadonly augment?: ReadonlyArray<string | SanitizeAttributeRule>;\n\t};\n\n\t/**\n\t * List of allowed protocols for `href` attributes.\n\t */\n\treadonly allowedLinkProtocols?: {\n\t\treadonly override?: readonly string[] | '*';\n\t};\n\n\t/**\n\t * List of allowed protocols for `src` attributes.\n\t */\n\treadonly allowedMediaProtocols?: {\n\t\treadonly override?: readonly string[];\n\t};\n\n\t/**\n\t * If set, replaces unsupported tags with their plaintext representation instead of removing them.\n\t *\n\t * For example, <p><bad>\"text\"</bad></p> becomes <p>\"<bad>text</bad>\"</p>.\n\t */\n\treadonly replaceWithPlaintext?: boolean;\n}\n\nconst defaultDomPurifyConfig = Object.freeze({\n\tALLOWED_TAGS: [...basicMarkupHtmlTags],\n\tALLOWED_ATTR: [...defaultAllowedAttrs],\n\tRETURN_DOM: false,\n\tRETURN_DOM_FRAGMENT: false,\n\tRETURN_TRUSTED_TYPE: true,\n\t// We sanitize the src/href attributes later if needed\n\tALLOW_UNKNOWN_PROTOCOLS: true,\n} satisfies dompurify.Config);\n\n/**\n * Sanitizes an html string.\n *\n * @param untrusted The HTML string to sanitize.\n * @param config Optional configuration for sanitization. If not provided, defaults to a safe configuration.\n *\n * @returns A sanitized string of html.\n */\nexport function sanitizeHtml(untrusted: string, config?: DomSanitizerConfig): TrustedHTML {\n\tconst store = new DisposableStore();\n\ttry {\n\t\tconst resolvedConfig: dompurify.Config = { ...defaultDomPurifyConfig };\n\n\t\tif (config?.allowedTags) {\n\t\t\tif (config.allowedTags.override) {\n\t\t\t\tresolvedConfig.ALLOWED_TAGS = [...config.allowedTags.override];\n\t\t\t}\n\n\t\t\tif (config.allowedTags.augment) {\n\t\t\t\tresolvedConfig.ALLOWED_TAGS = [...(resolvedConfig.ALLOWED_TAGS ?? []), ...config.allowedTags.augment];\n\t\t\t}\n\t\t}\n\n\t\tlet resolvedAttributes: Array<string | SanitizeAttributeRule> = [...defaultAllowedAttrs];\n\t\tif (config?.allowedAttributes) {\n\t\t\tif (config.allowedAttributes.override) {\n\t\t\t\tresolvedAttributes = [...config.allowedAttributes.override];\n\t\t\t}\n\n\t\t\tif (config.allowedAttributes.augment) {\n\t\t\t\tresolvedAttributes = [...resolvedAttributes, ...config.allowedAttributes.augment];\n\t\t\t}\n\t\t}\n\n\t\t// All attr names are lower-case in the sanitizer hooks\n\t\tresolvedAttributes = resolvedAttributes.map((attr): string | SanitizeAttributeRule => {\n\t\t\tif (typeof attr === 'string') {\n\t\t\t\treturn attr.toLowerCase();\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tattributeName: attr.attributeName.toLowerCase(),\n\t\t\t\tshouldKeep: attr.shouldKeep,\n\t\t\t};\n\t\t});\n\n\t\tconst allowedAttrNames = new Set(resolvedAttributes.map(attr => typeof attr === 'string' ? attr : attr.attributeName));\n\t\tconst allowedAttrPredicates = new Map<string, SanitizeAttributeRule>();\n\t\tfor (const attr of resolvedAttributes) {\n\t\t\tif (typeof attr === 'string') {\n\t\t\t\t// New string attribute value clears previously set predicates\n\t\t\t\tallowedAttrPredicates.delete(attr);\n\t\t\t} else {\n\t\t\t\tallowedAttrPredicates.set(attr.attributeName, attr);\n\t\t\t}\n\t\t}\n\n\t\tresolvedConfig.ALLOWED_ATTR = Array.from(allowedAttrNames);\n\n\t\tstore.add(hookDomPurifyHrefAndSrcSanitizer(\n\t\t\tconfig?.allowedLinkProtocols?.override ?? [Schemas.http, Schemas.https],\n\t\t\tconfig?.allowedMediaProtocols?.override ?? [Schemas.http, Schemas.https]));\n\n\t\tif (config?.replaceWithPlaintext) {\n\t\t\tstore.add(addDompurifyHook('uponSanitizeElement', replaceWithPlainTextHook));\n\t\t}\n\n\t\tif (allowedAttrPredicates.size) {\n\t\t\tstore.add(addDompurifyHook('uponSanitizeAttribute', (node, e) => {\n\t\t\t\tconst predicate = allowedAttrPredicates.get(e.attrName);\n\t\t\t\tif (predicate) {\n\t\t\t\t\tconst result = predicate.shouldKeep(node, e);\n\t\t\t\t\tif (typeof result === 'string') {\n\t\t\t\t\t\te.keepAttr = true;\n\t\t\t\t\t\te.attrValue = result;\n\t\t\t\t\t} else {\n\t\t\t\t\t\te.keepAttr = result;\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\te.keepAttr = allowedAttrNames.has(e.attrName);\n\t\t\t\t}\n\t\t\t}));\n\t\t}\n\n\t\treturn dompurify.sanitize(untrusted, {\n\t\t\t...resolvedConfig,\n\t\t\tRETURN_TRUSTED_TYPE: true\n\t\t});\n\t} finally {\n\t\tstore.dispose();\n\t}\n}\n\nconst selfClosingTags = ['area', 'base', 'br', 'col', 'command', 'embed', 'hr', 'img', 'input', 'keygen', 'link', 'meta', 'param', 'source', 'track', 'wbr'];\n\nfunction replaceWithPlainTextHook(element: Element, data: dompurify.SanitizeElementHookEvent, _config: dompurify.Config) {\n\tif (!data.allowedTags[data.tagName] && data.tagName !== 'body') {\n\t\tconst replacement = convertTagToPlaintext(element);\n\t\tif (element.nodeType === Node.COMMENT_NODE) {\n\t\t\t// Workaround for https://github.com/cure53/DOMPurify/issues/1005\n\t\t\t// The comment will be deleted in the next phase. However if we try to remove it now, it will cause\n\t\t\t// an exception. Instead we insert the text node before the comment.\n\t\t\telement.parentElement?.insertBefore(replacement, element);\n\t\t} else {\n\t\t\telement.parentElement?.replaceChild(replacement, element);\n\t\t}\n\t}\n}\n\nexport function convertTagToPlaintext(element: Element): DocumentFragment {\n\tlet startTagText: string;\n\tlet endTagText: string | undefined;\n\tif (element.nodeType === Node.COMMENT_NODE) {\n\t\tstartTagText = `<!--${element.textContent}-->`;\n\t} else {\n\t\tconst tagName = element.tagName.toLowerCase();\n\t\tconst isSelfClosing = selfClosingTags.includes(tagName);\n\t\tconst attrString = element.attributes.length ?\n\t\t\t' ' + Array.from(element.attributes)\n\t\t\t\t.map(attr => `${attr.name}=\"${attr.value}\"`)\n\t\t\t\t.join(' ')\n\t\t\t: '';\n\t\tstartTagText = `<${tagName}${attrString}>`;\n\t\tif (!isSelfClosing) {\n\t\t\tendTagText = `</${tagName}>`;\n\t\t}\n\t}\n\n\tconst fragment = document.createDocumentFragment();\n\tconst textNode = element.ownerDocument.createTextNode(startTagText);\n\tfragment.appendChild(textNode);\n\twhile (element.firstChild) {\n\t\tfragment.appendChild(element.firstChild);\n\t}\n\n\tconst endTagTextNode = endTagText ? element.ownerDocument.createTextNode(endTagText) : undefined;\n\tif (endTagTextNode) {\n\t\tfragment.appendChild(endTagTextNode);\n\t}\n\n\treturn fragment;\n}\n\n/**\n * Sanitizes the given `value` and reset the given `node` with it.\n */\nexport function safeSetInnerHtml(node: HTMLElement, untrusted: string, config?: DomSanitizerConfig): void {\n\tnode.innerHTML = sanitizeHtml(untrusted, config) as any;\n}\n"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "monaco-editor-core",
3
3
  "private": false,
4
- "version": "0.53.0-dev-20250902",
4
+ "version": "0.53.0-dev-20250903",
5
5
  "description": "A browser based code editor",
6
6
  "author": "Microsoft Corporation",
7
7
  "license": "MIT",
@@ -14,5 +14,5 @@
14
14
  "bugs": {
15
15
  "url": "https://github.com/microsoft/vscode/issues"
16
16
  },
17
- "vscodeCommitId": "2865a58bbaed30663433c13f7b76f4a61a5c9293"
17
+ "vscodeCommitId": "b7563981ef7d11b4722fbd429e4af10fb78ac721"
18
18
  }