2020-06-09 03:09:43 +02:00
/ * *
2024-12-02 15:07:09 +01:00
* TinyMCE version 7.5 . 1 ( TBD )
2020-06-09 03:09:43 +02:00
* /
2024-12-02 15:07:09 +01:00
! function ( ) { "use strict" ; var e = function ( e ) { if ( null === e ) return "null" ; if ( void 0 === e ) return "undefined" ; var t = typeof e ; return "object" === t && ( Array . prototype . isPrototypeOf ( e ) || e . constructor && "Array" === e . constructor . name ) ? "array" : "object" === t && ( String . prototype . isPrototypeOf ( e ) || e . constructor && "String" === e . constructor . name ) ? "string" : t } , t = function ( e ) { return { eq : e } } , n = t ( ( function ( e , t ) { return e === t } ) ) , o = function ( e ) { return t ( ( function ( t , n ) { if ( t . length !== n . length ) return ! 1 ; for ( var o = t . length , r = 0 ; r < o ; r ++ ) if ( ! e . eq ( t [ r ] , n [ r ] ) ) return ! 1 ; return ! 0 } ) ) } , r = function ( e ) { return t ( ( function ( r , s ) { var a = Object . keys ( r ) , i = Object . keys ( s ) ; if ( ! function ( e , n ) { return function ( e , n ) { return t ( ( function ( t , o ) { return e . eq ( n ( t ) , n ( o ) ) } ) ) } ( o ( e ) , ( function ( e ) { return function ( e , t ) { return Array . prototype . slice . call ( e ) . sort ( t ) } ( e , n ) } ) ) } ( n ) . eq ( a , i ) ) return ! 1 ; for ( var l = a . length , d = 0 ; d < l ; d ++ ) { var c = a [ d ] ; if ( ! e . eq ( r [ c ] , s [ c ] ) ) return ! 1 } return ! 0 } ) ) } , s = t ( ( function ( t , n ) { if ( t === n ) return ! 0 ; var a = e ( t ) ; return a === e ( n ) && ( function ( e ) { return - 1 !== [ "undefined" , "boolean" , "number" , "string" , "function" , "xml" , "null" ] . indexOf ( e ) } ( a ) ? t === n : "array" === a ? o ( s ) . eq ( t , n ) : "object" === a && r ( s ) . eq ( t , n ) ) } ) ) ; const a = Object . getPrototypeOf , i = ( e , t , n ) => { var o ; return ! ! n ( e , t . prototype ) || ( null === ( o = e . constructor ) || void 0 === o ? void 0 : o . name ) === t . name } , l = e => t => ( e => { const t = typeof e ; return null === e ? "null" : "object" === t && Array . isArray ( e ) ? "array" : "object" === t && i ( e , String , ( ( e , t ) => t . isPrototypeOf ( e ) ) ) ? "string" : t } ) ( t ) === e , d = e => t => typeof t === e , c = e => t => e === t , u = ( e , t ) => f ( e ) && i ( e , t , ( ( e , t ) => a ( e ) === t ) ) , m = l ( "string" ) , f = l ( "object" ) , g = e => u ( e , Object ) , p = l ( "array" ) , h = c ( null ) , b = d ( "boolean" ) , v = c ( void 0 ) , y = e => null == e , C = e => ! y ( e ) , w = d ( "function" ) , E = d ( "number" ) , x = ( e , t ) => { if ( p ( e ) ) { for ( let n = 0 , o = e . length ; n < o ; ++ n ) if ( ! t ( e [ n ] ) ) return ! 1 ; return ! 0 } return ! 1 } , _ = ( ) => { } , k = ( e , t ) => ( ... n ) => e ( t . apply ( null , n ) ) , S = ( e , t ) => n => e ( t ( n ) ) , N = e => ( ) => e , R = e => e , A = ( e , t ) => e === t ; function T ( e , ... t ) { return ( ... n ) => { const o = t . concat ( n ) ; return e . apply ( null , o ) } } const O = e => t => ! e ( t ) , B = e => ( ) => { throw new Error ( e ) } , P = e => e ( ) , D = e => { e ( ) } , L = N ( ! 1 ) , M = N ( ! 0 ) ; class I { constructor ( e , t ) { this . tag = e , this . value = t } static some ( e ) { return new I ( ! 0 , e ) } static none ( ) { return I . singletonNone } fold ( e , t ) { return this . tag ? t ( this . value ) : e ( ) } isSome ( ) { return this . tag } isNone ( ) { return ! this . tag } map ( e ) { return this . tag ? I . some ( e ( this . value ) ) : I . none ( ) } bind ( e ) { return this . tag ? e ( this . value ) : I . none ( ) } exists ( e ) { return this . tag && e ( this . value ) } forall ( e ) { return ! this . tag || e ( this . value ) } filter ( e ) { return ! this . tag || e ( this . value ) ? this : I . none ( ) } getOr ( e ) { return this . tag ? this . value : e } or ( e ) { return this . tag ? this : e } getOrThunk ( e ) { return this . tag ? this . value : e ( ) } orThunk ( e ) { return this . tag ? this : e ( ) } getOrDie ( e ) { if ( this . tag ) return this . value ; throw new Error ( null != e ? e : "Called getOrDie on None" ) } static from ( e ) { return C ( e ) ? I . some ( e ) : I . none ( ) } getOrNull ( ) { return this . tag ? this . value : null } getOrUndefined ( ) { return this . value } each ( e ) { this . tag && e ( this . value ) } toArray ( ) { return this . tag ? [ this . value ] : [ ] } toString ( ) { return this . tag ? ` some( ${ this . value } ) ` : "none()" } } I . singletonNone = new I ( ! 1 ) ; const F = Array . prototype . slice , U = Array . prototype . indexOf , z = Array . prototype . push , j = ( e , t ) => U . call ( e , t ) , H = ( e , t ) => j ( e , t ) > - 1 , $ = ( e , t ) => { for ( let n = 0 , o = e . length ; n < o ; n ++ ) if ( t ( e [ n ] , n ) ) return ! 0 ; return ! 1 } , V = ( e , t ) => { const n = e . length , o = new Array ( n ) ; for ( let r = 0 ; r < n ; r ++ ) { const n = e [ r ] ; o [ r ] = t ( n , r ) } return o } , q = ( e , t ) => { for ( let n = 0 , o = e . length ; n < o ; n ++ ) t ( e [ n ] , n ) } , W = ( e , t ) => { for ( let n = e . length - 1 ; n >= 0 ; n -- ) t ( e [ n ] , n ) } , K = ( e , t ) => { const n = [ ] , o = [ ] ; for ( let r = 0 , s = e . length ; r < s ; r ++ ) { const s = e [ r ] ; ( t ( s , r ) ? n : o ) . push ( s ) } return { pass : n , fail : o } } , Y = ( e , t ) => { const n = [ ] ; for ( let o = 0 , r = e . length ; o < r ; o ++ ) { const r = e [ o ] ; t ( r , o ) && n . push ( r ) } return n } , G = ( e , t , n ) => ( W ( e , ( ( e , o ) => { n = t ( n , e , o ) } ) ) , n ) , X = ( e , t , n ) => ( q ( e , ( ( e , o ) => { n = t ( n , e , o ) } ) ) , n ) , Z = ( e , t , n ) => { for ( let o = 0 , r = e . length ; o < r ; o ++ ) { const r = e [ o ] ; if ( t ( r , o ) ) return I . some ( r ) ; if ( n ( r , o ) ) break } return I . none ( ) } , Q = ( e , t ) => Z ( e , t , L ) , J = ( e , t ) => { for ( let n = 0 , o = e . length ; n < o ; n ++ ) if ( t ( e [ n ] , n ) ) return I . some ( n ) ; return I . none ( ) } , ee = e => { const t = [ ] ; for ( let n = 0 , o = e . length ; n < o ; ++ n ) { if ( ! p ( e [ n ] ) ) throw new Error ( "Arr.flatten item " + n + " was not an array, input: " + e ) ; z . apply ( t , e [ n ] ) } return t } , te = ( e , t ) => ee ( V ( e , t ) ) , ne = ( e , t ) => { for (
by || ( by = function ( e ) { return e } ) , vy || ( vy = function ( e ) { return e } ) , Cy || ( Cy = function ( e , t , n ) { return e . apply ( t , n ) } ) , wy || ( wy = function ( e , t ) { return new e ( ... t ) } ) ; const Ey = Ly ( Array . prototype . forEach ) , xy = Ly ( Array . prototype . pop ) , _y = Ly ( Array . prototype . push ) , ky = Ly ( String . prototype . toLowerCase ) , Sy = Ly ( String . prototype . toString ) , Ny = Ly ( String . prototype . match ) , Ry = Ly ( String . prototype . replace ) , Ay = Ly ( String . prototype . indexOf ) , Ty = Ly ( String . prototype . trim ) , Oy = Ly ( Object . prototype . hasOwnProperty ) , By = Ly ( RegExp . prototype . test ) , Py = ( Dy = TypeError , function ( ) { for ( var e = arguments . length , t = new Array ( e ) , n = 0 ; n < e ; n ++ ) t [ n ] = arguments [ n ] ; return wy ( Dy , t ) } ) ;
/ * *
* Creates a new function that constructs an instance of the given constructor function with the provided arguments .
*
* @ param { Function } func - The constructor function to be wrapped and called .
* @ returns { Function } A new function that constructs an instance of the given constructor function with the provided arguments .
* /
var Dy ;
/ * *
* Add properties to a lookup table
*
* @ param { Object } set - The set to which elements will be added .
* @ param { Array } array - The array containing elements to be added to the set .
* @ param { Function } transformCaseFunc - An optional function to transform the case of each element before adding to the set .
* @ returns { Object } The modified set with added elements .
* /
/ * *
* Creates a new function that calls the given function with a specified thisArg and arguments .
*
* @ param { Function } func - The function to be wrapped and called .
* @ returns { Function } A new function that calls the given function with a specified thisArg and arguments .
* /
function Ly ( e ) { return function ( t ) { for ( var n = arguments . length , o = new Array ( n > 1 ? n - 1 : 0 ) , r = 1 ; r < n ; r ++ ) o [ r - 1 ] = arguments [ r ] ; return Cy ( e , t , o ) } } function My ( e , t ) { let n = arguments . length > 2 && void 0 !== arguments [ 2 ] ? arguments [ 2 ] : ky ; fy &&
// Make 'in' and truthy checks like Boolean(set.constructor)
// independent of any properties defined on Object.prototype.
// Prevent prototype setters from intercepting set as a this value.
fy ( e , null ) ; let o = t . length ; for ( ; o -- ; ) { let r = t [ o ] ; if ( "string" == typeof r ) { const e = n ( r ) ; e !== r && (
// Config presets (e.g. tags.js, attrs.js) are immutable.
gy ( t ) || ( t [ o ] = e ) , r = e ) } e [ r ] = ! 0 } return e }
/ * *
* Clean up an array to harden against CSPP
*
* @ param { Array } array - The array to be cleaned .
* @ returns { Array } The cleaned version of the array
* / f u n c t i o n I y ( e ) { f o r ( l e t t = 0 ; t < e . l e n g t h ; t + + ) O y ( e , t ) | | ( e [ t ] = n u l l ) ; r e t u r n e }
/ * *
* Shallow clone an object
*
* @ param { Object } object - The object to be cloned .
* @ returns { Object } A new object that copies the original .
* / f u n c t i o n F y ( e ) { c o n s t t = y y ( n u l l ) ; f o r ( c o n s t [ n , o ] o f m y ( e ) ) O y ( e , n ) & & ( A r r a y . i s A r r a y ( o ) ? t [ n ] = I y ( o ) : o & & " o b j e c t " = = t y p e o f o & & o . c o n s t r u c t o r = = = O b j e c t ? t [ n ] = F y ( o ) : t [ n ] = o ) ; r e t u r n t }
/ * *
* This method automatically checks if the prop is function or getter and behaves accordingly .
*
* @ param { Object } object - The object to look up the getter function in its prototype chain .
* @ param { String } prop - The property name for which to find the getter function .
* @ returns { Function } The getter function found in the prototype chain or a fallback function .
* / f u n c t i o n U y ( e , t ) { f o r ( ; n u l l ! = = e ; ) { c o n s t n = h y ( e , t ) ; i f ( n ) { i f ( n . g e t ) r e t u r n L y ( n . g e t ) ; i f ( " f u n c t i o n " = = t y p e o f n . v a l u e ) r e t u r n L y ( n . v a l u e ) } e = p y ( e ) } r e t u r n f u n c t i o n ( ) { r e t u r n n u l l } } c o n s t z y = b y ( [ " a " , " a b b r " , " a c r o n y m " , " a d d r e s s " , " a r e a " , " a r t i c l e " , " a s i d e " , " a u d i o " , " b " , " b d i " , " b d o " , " b i g " , " b l i n k " , " b l o c k q u o t e " , " b o d y " , " b r " , " b u t t o n " , " c a n v a s " , " c a p t i o n " , " c e n t e r " , " c i t e " , " c o d e " , " c o l " , " c o l g r o u p " , " c o n t e n t " , " d a t a " , " d a t a l i s t " , " d d " , " d e c o r a t o r " , " d e l " , " d e t a i l s " , " d f n " , " d i a l o g " , " d i r " , " d i v " , " d l " , " d t " , " e l e m e n t " , " e m " , " f i e l d s e t " , " f i g c a p t i o n " , " f i g u r e " , " f o n t " , " f o o t e r " , " f o r m " , " h 1 " , " h 2 " , " h 3 " , " h 4 " , " h 5 " , " h 6 " , " h e a d " , " h e a d e r " , " h g r o u p " , " h r " , " h t m l " , " i " , " i m g " , " i n p u t " , " i n s " , " k b d " , " l a b e l " , " l e g e n d " , " l i " , " m a i n " , " m a p " , " m a r k " , " m a r q u e e " , " m e n u " , " m e n u i t e m " , " m e t e r " , " n a v " , " n o b r " , " o l " , " o p t g r o u p " , " o p t i o n " , " o u t p u t " , " p " , " p i c t u r e " , " p r e " , " p r o g r e s s " , " q " , " r p " , " r t " , " r u b y " , " s " , " s a m p " , " s e c t i o n " , " s e l e c t " , " s h a d o w " , " s m a l l " , " s o u r c e " , " s p a c e r " , " s p a n " , " s t r i k e " , " s t r o n g " , " s t y l e " , " s u b " , " s u m m a r y " , " s u p " , " t a b l e " , " t b o d y " , " t d " , " t e m p l a t e " , " t e x t a r e a " , " t f o o t " , " t h " , " t h e a d " , " t i m e " , " t r " , " t r a c k " , " t t " , " u " , " u l " , " v a r " , " v i d e o " , " w b r " ] ) , j y = b y ( [ " s v g " , " a " , " a l t g l y p h " , " a l t g l y p h d e f " , " a l t g l y p h i t e m " , " a n i m a t e c o l o r " , " a n i m a t e m o t i o n " , " a n i m a t e t r a n s f o r m " , " c i r c l e " , " c l i p p a t h " , " d e f s " , " d e s c " , " e l l i p s e " , " f i l t e r " , " f o n t " , " g " , " g l y p h " , " g l y p h r e f " , " h k e r n " , " i m a g e " , " l i n e " , " l i n e a r g r a d i e n t " , " m a r k e r " , " m a s k " , " m e t a d a t a " , " m p a t h " , " p a t h " , " p a t t e r n " , " p o l y g o n " , " p o l y l i n e " , " r a d i a l g r a d i e n t " , " r e c t " , " s t o p " , " s t y l e " , " s w i t c h " , " s y m b o l " , " t e x t " , " t e x t p a t h " , " t i t l e " , " t r e f " , " t s p a n " , " v i e w " , " v k e r n " ] ) , H y = b y ( [ " f e B l e n d " , " f e C o l o r M a t r i x " , " f e C o m p o n e n t T r a n s f e r " , " f e C o m p o s i t e " , " f e C o n v o l v e M a t r i x " , " f e D i f f u s e L i g h t i n g " , " f e D i s p l a c e m e n t M a p " , " f e D i s t a n t L i g h t " , " f e D r o p S h a d o w " , " f e F l o o d " , " f e F u n c A " , " f e F u n c B " , " f e F u n c G " , " f e F u n c R " , " f e G a u s s i a n B l u r " , " f e I m a g e " , " f e M e r g e " , " f e M e r g e N o d e " , " f e M o r p h o l o g y " , " f e O f f s e t " , " f e P o i n t L i g h t " , " f e S p e c u l a r L i g h t i n g " , " f e S p o t L i g h t " , " f e T i l e " , " f e T u r b u l e n c e " ] ) , $ y = b y ( [ " a n i m a t e " , " c o l o r - p r o f i l e " , " c u r s o r " , " d i s c a r d " , " f o n t - f a c e " , " f o n t - f a c e - f o r m a t " , " f o n t - f a c e - n a m e " , " f o n t - f a c e - s r c " , " f o n t - f a c e - u r i " , " f o r e i g n o b j e c t " , " h a t c h " , " h a t c h p a t h " , " m e s h " , " m e s h g r a d i e n t " , " m e s h p a t c h " , " m e s h r o w " , " m i s s i n g - g l y p h " , " s c r i p t " , " s e t " , " s o l i d c o l o r " , " u n k n o w n " , " u s e " ] ) , V y = b y ( [ " m a t h " , " m e n c l o s e " , " m e r r o r " , " m f e n c e d " , " m f r a c " , " m g l y p h " , " m i " , " m l a b e l e d t r " , " m m u l t i s c r i p t s " , " m n " , " m o " , " m o v e r " , " m p a d d e d " , " m p h a n t o m " , " m r o o t " , " m r o w " , " m s " , " m s p a c e " , " m s q r t " , " m s t y l e " , " m s u b " , " m s u p " , " m s u b s u p " , " m t a b l e " , " m t d " , " m t e x t " , " m t r " , " m u n d e r " , " m u n d e r o v e r " , " m p r e s c r i p t s " ] ) , q y = b y ( [ " m a c t i o n " , " m a l i g n g r o u p " , " m a l i g n m a r k " , " m l o n g d i v " , " m s c a r r i e s " , " m s c a r r y " , " m s g r o u p " , " m s t a c k " , " m s l i n e " , " m s r o w " , " s e m a n t i c s " , " a n n o t a t i o n " , " a n n o t a t i o n - x m l " , " m p r e s c r i p t s " , " n o n e " ] ) , W y = b y ( [ " # t e x t " ] ) , K y = b y ( [ " a c c e p t " , " a c t i o n " , " a l i g n " , " a l t " , " a u t o c a p i t a l i z e " , " a u t o c o m p l e t e " , " a u t o p i c t u r e i n p i c t u r e " , " a u t o p l a y " , " b a c k g r o u n d " , " b g c o l o r " , " b o r d e r " , " c a p t u r e " , " c e l l p a d d i n g " , " c e l l s p a c i n g " , " c h e c k e d " , " c i t e " , " c l a s s " , " c l e a r " , " c o l o r " , " c o l s " , " c o l s p a n " , " c o n t r o l s " , " c o n t r o l s l i s t " , " c o o r d s " , " c r o s s o r i g i n " , " d a t e t i m e " , " d e c o d i n g " , " d e f a u l t " , " d i r " , " d i s a b l e d " , " d i s a b l e p i c t u r e i n p i c t u r e " , " d i s a b l e r e m o t e p l a y b a c k " , " d o w n l o a d " , " d r a g g a b l e " , " e n c t y p e " , " e n t e r k e y h i n t " , " f a c e " , " f o r " , " h e a d e r s " , " h e i g h t " , " h i d d e n " , " h i g h " , " h r e f " , " h r e f l a n g " , " i d " , " i n p u t m o d e " , " i n t e g r i t y " , " i s m a p " , " k i n d " , " l a b e l " , " l a n g " , " l i s t " , " l o a d i n g " , " l o o p " , " l o w " , " m a x " , " m a x l e n g t h " , " m e d i a " , " m e t h o d " , " m i n " , " m i n l e n g t h " , " m u l t i p l e " , " m u t e d " , " n a m e " , " n o n c e " , " n o s h a d e " , " n o v a l i d a t e " , " n o w r a p " , " o p e n " , " o p t i m u m " , " p a t t e r n " , " p l a c e h o l d e r " , " p l a y s i n l i n e " , " p o p o v e r " , " p o p o v e r t a r g e t " , " p o p o v e r t a r g e t a c t i o n " , " p o s t e r " , " p r e l o a d " , " p u b d a t e " , " r a d i o g r o u p " , " r e a d o n l y " , " r e l " , " r e q u i r e d " , " r e v " , " r e v e r s e d " , " r o l e " , " r o w s " , " r o w s p a n " , " s p e l l c h e c k " , " s c o p e " , " s e l e c t e d " , " s h a p e " , " s i z e " , " s i z e s " , " s p a n " , " s r c l a n g " , " s t a r t " , " s r c " , " s r c s e t " , " s t e p " , " s t y l e " , " s u m m a r y " , " t a b i n d e x " , " t i t l e " , " t r a n s l a t e " , " t y p e " , " u s e m a p " , " v a l i g n " , " v a l u e " , " w i d t h " , " w r a p " , " x m l n s " , " s l o t " ] ) , Y y = b y ( [ " a c c e n t - h e i g h t " , " a c c u m u l a t e " , " a d d i t i v e " , " a l i g n m e n t - b a s e l i n e " , " a m p l i t u d e " , " a s c e n t " , " a t t r i b u t e n a m e " , " a t t r i b u t e t y p e " , " a z i m u t h " , " b a s e f r e q u e n c y " , " b a s e l i n e - s h i f t " , " b e g i n " , " b i a s " , " b y " , " c l a s s " , " c l i p " , " c l i p p a t h u n i t s " , " c l i p - p a t h " , " c l i p - r u l e " , " c o l o r " , " c o l o r - i n t e r p o l a t i o n " , " c o l o r - i n t e r p o l a t i o n - f i l t e r s " , " c o l o r - p r o f i l e " , " c o l o r - r e n d e r i n g " , " c x " , " c y " , " d " , " d x " , " d y " , " d i f f u s e c o n s t a n t " , " d i r e c t
// SVG
var iC = Object . freeze ( { _ _proto _ _ : null , MUSTACHE _EXPR : Zy , ERB _EXPR : Qy , TMPLIT _EXPR : Jy , DATA _ATTR : eC , ARIA _ATTR : tC , IS _ALLOWED _URI : nC , IS _SCRIPT _OR _DATA : oC , ATTR _WHITESPACE : rC , DOCTYPE _NAME : sC , CUSTOM _ELEMENT : aC } ) ;
// https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType
const lC = function ( ) { return "undefined" == typeof window ? null : window } ; var dC = function e ( ) { let t = arguments . length > 0 && void 0 !== arguments [ 0 ] ? arguments [ 0 ] : lC ( ) ; const n = t => e ( t )
/ * *
* Version label , exposed for easier checks
* if DOMPurify is up to date or not
* / ; i f ( n . v e r s i o n = " 3 . 1 . 7 " ,
/ * *
* Array of elements that DOMPurify removed during sanitation .
* Empty if nothing was removed .
* /
n . removed = [ ] , ! t || ! t . document || 9 !== t . document . nodeType )
// Not running in a browser, provide a factory function
// so that you can pass your own Window
return n . isSupported = ! 1 , n ; let { document : o } = t ; const r = o , s = r . currentScript , { DocumentFragment : a , HTMLTemplateElement : i , Node : l , Element : d , NodeFilter : c , NamedNodeMap : u = t . NamedNodeMap || t . MozNamedAttrMap , HTMLFormElement : m , DOMParser : f , trustedTypes : g } = t , p = d . prototype , h = Uy ( p , "cloneNode" ) , b = Uy ( p , "remove" ) , v = Uy ( p , "nextSibling" ) , y = Uy ( p , "childNodes" ) , C = Uy ( p , "parentNode" ) ;
// As per issue #47, the web-components registry is inherited by a
// new document created via createHTMLDocument. As per the spec
// (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)
// a new empty registry is used when creating a template contents owner
// document, so we use that as our parent document to ensure nothing
// is inherited.
if ( "function" == typeof i ) { const e = o . createElement ( "template" ) ; e . content && e . content . ownerDocument && ( o = e . content . ownerDocument ) } let w , E = "" ; const { implementation : x , createNodeIterator : _ , createDocumentFragment : k , getElementsByTagName : S } = o , { importNode : N } = r ; let R = { } ;
/ * *
* Expose whether this browser supports running the full DOMPurify .
* / n . i s S u p p o r t e d = " f u n c t i o n " = = t y p e o f m y & & " f u n c t i o n " = = t y p e o f C & & x & & v o i d 0 ! = = x . c r e a t e H T M L D o c u m e n t ; c o n s t { M U S T A C H E _ E X P R : A , E R B _ E X P R : T , T M P L I T _ E X P R : O , D A T A _ A T T R : B , A R I A _ A T T R : P , I S _ S C R I P T _ O R _ D A T A : D , A T T R _ W H I T E S P A C E : L , C U S T O M _ E L E M E N T : M } = i C ; l e t { I S _ A L L O W E D _ U R I : I } = i C , F = n u l l ;
/ * *
* We consider the elements and attributes below to be safe . Ideally
* don ' t add any new ones but feel free to remove unwanted ones .
* /
/* allowed element names */ const U = My ( { } , [ ... zy , ... jy , ... Hy , ... Vy , ... Wy ] ) ;
/* Allowed attribute names */ let z = null ; const j = My ( { } , [ ... Ky , ... Yy , ... Gy , ... Xy ] ) ;
/ *
* Configure how DOMPUrify should handle custom elements and their attributes as well as customized built - in elements .
* @ property { RegExp | Function | null } tagNameCheck one of [ null , regexPattern , predicate ] . Default : ` null ` ( disallow any custom elements )
* @ property { RegExp | Function | null } attributeNameCheck one of [ null , regexPattern , predicate ] . Default : ` null ` ( disallow any attributes not on the allow list )
* @ property { boolean } allowCustomizedBuiltInElements allow custom elements derived from built - ins if they pass CUSTOM _ELEMENT _HANDLING . tagNameCheck . Default : ` false ` .
* / l e t H = O b j e c t . s e a l ( y y ( n u l l , { t a g N a m e C h e c k : { w r i t a b l e : ! 0 , c o n f i g u r a b l e : ! 1 , e n u m e r a b l e : ! 0 , v a l u e : n u l l } , a t t r i b u t e N a m e C h e c k : { w r i t a b l e : ! 0 , c o n f i g u r a b l e : ! 1 , e n u m e r a b l e : ! 0 , v a l u e : n u l l } , a l l o w C u s t o m i z e d B u i l t I n E l e m e n t s : { w r i t a b l e : ! 0 , c o n f i g u r a b l e : ! 1 , e n u m e r a b l e : ! 0 , v a l u e : ! 1 } } ) ) , $ = n u l l , V = n u l l , q = ! 0 , W = ! 0 , K = ! 1 , Y = ! 0 , G = ! 1 , X = ! 0 , Z = ! 1 , Q = ! 1 , J = ! 1 , e e = ! 1 , t e = ! 1 , n e = ! 1 , o e = ! 0 , r e = ! 1 , s e = ! 0 , a e = ! 1 , i e = { } , l e = n u l l ;
/* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */ const de = My ( { } , [ "annotation-xml" , "audio" , "colgroup" , "desc" , "foreignobject" , "head" , "iframe" , "math" , "mi" , "mn" , "mo" , "ms" , "mtext" , "noembed" , "noframes" , "noscript" , "plaintext" , "script" , "style" , "svg" , "template" , "thead" , "title" , "video" , "xmp" ] ) ;
/* Tags that are safe for data: URIs */ let ce = null ; const ue = My ( { } , [ "audio" , "video" , "img" , "source" , "image" , "track" ] ) ;
/* Attributes safe for values like "javascript:" */ let me = null ; const fe = My ( { } , [ "alt" , "class" , "for" , "id" , "label" , "name" , "pattern" , "placeholder" , "role" , "summary" , "title" , "value" , "style" , "xmlns" ] ) , ge = "http://www.w3.org/1998/Math/MathML" , pe = "http://www.w3.org/2000/svg" , he = "http://www.w3.org/1999/xhtml" ;
/* Document namespace */
let be = he , ve = ! 1 , ye = null ; const Ce = My ( { } , [ ge , pe , he ] , Sy ) ;
/* Parsing of strict XHTML documents */ let we = null ; const Ee = [ "application/xhtml+xml" , "text/html" ] ; let xe = null , _e = null ;
/* Keep a reference to config to pass to hooks */
/* Ideally, do not touch anything below this line */
/* ______________________________________________ */
const ke = o . createElement ( "form" ) , Se = function ( e ) { return e instanceof RegExp || e instanceof Function } , Ne = function ( ) { let e = arguments . length > 0 && void 0 !== arguments [ 0 ] ? arguments [ 0 ] : { } ; if ( ! _e || _e !== e ) { if (
/* Shield configuration object from tampering */
e && "object" == typeof e || ( e = { } )
/* Shield configuration object from prototype pollution */ , e = Fy ( e ) , we =
// eslint-disable-next-line unicorn/prefer-includes
- 1 === Ee . indexOf ( e . PARSER _MEDIA _TYPE ) ? "text/html" : e . PARSER _MEDIA _TYPE ,
// HTML tags and attributes are not case-sensitive, converting to lowercase. Keeping XHTML as is.
xe = "application/xhtml+xml" === we ? Sy : ky ,
/* Set configuration parameters */
F = Oy ( e , "ALLOWED_TAGS" ) ? My ( { } , e . ALLOWED _TAGS , xe ) : U , z = Oy ( e , "ALLOWED_ATTR" ) ? My ( { } , e . ALLOWED _ATTR , xe ) : j , ye = Oy ( e , "ALLOWED_NAMESPACES" ) ? My ( { } , e . ALLOWED _NAMESPACES , Sy ) : Ce , me = Oy ( e , "ADD_URI_SAFE_ATTR" ) ? My ( Fy ( fe ) ,
// eslint-disable-line indent
e . ADD _URI _SAFE _ATTR ,
// eslint-disable-line indent
xe ) : fe , ce = Oy ( e , "ADD_DATA_URI_TAGS" ) ? My ( Fy ( ue ) ,
// eslint-disable-line indent
e . ADD _DATA _URI _TAGS ,
// eslint-disable-line indent
xe ) : ue , le = Oy ( e , "FORBID_CONTENTS" ) ? My ( { } , e . FORBID _CONTENTS , xe ) : de , $ = Oy ( e , "FORBID_TAGS" ) ? My ( { } , e . FORBID _TAGS , xe ) : { } , V = Oy ( e , "FORBID_ATTR" ) ? My ( { } , e . FORBID _ATTR , xe ) : { } , ie = ! ! Oy ( e , "USE_PROFILES" ) && e . USE _PROFILES , q = ! 1 !== e . ALLOW _ARIA _ATTR , // Default true
W = ! 1 !== e . ALLOW _DATA _ATTR , // Default true
K = e . ALLOW _UNKNOWN _PROTOCOLS || ! 1 , // Default false
Y = ! 1 !== e . ALLOW _SELF _CLOSE _IN _ATTR , // Default true
G = e . SAFE _FOR _TEMPLATES || ! 1 , // Default false
X = ! 1 !== e . SAFE _FOR _XML , // Default true
Z = e . WHOLE _DOCUMENT || ! 1 , // Default false
ee = e . RETURN _DOM || ! 1 , // Default false
te = e . RETURN _DOM _FRAGMENT || ! 1 , // Default false
ne = e . RETURN _TRUSTED _TYPE || ! 1 , // Default false
J = e . FORCE _BODY || ! 1 , // Default false
oe = ! 1 !== e . SANITIZE _DOM , // Default true
re = e . SANITIZE _NAMED _PROPS || ! 1 , // Default false
se = ! 1 !== e . KEEP _CONTENT , // Default true
ae = e . IN _PLACE || ! 1 , // Default false
I = e . ALLOWED _URI _REGEXP || nC , be = e . NAMESPACE || he , H = e . CUSTOM _ELEMENT _HANDLING || { } , e . CUSTOM _ELEMENT _HANDLING && Se ( e . CUSTOM _ELEMENT _HANDLING . tagNameCheck ) && ( H . tagNameCheck = e . CUSTOM _ELEMENT _HANDLING . tagNameCheck ) , e . CUSTOM _ELEMENT _HANDLING && Se ( e . CUSTOM _ELEMENT _HANDLING . attributeNameCheck ) && ( H . attributeNameCheck = e . CUSTOM _ELEMENT _HANDLING . attributeNameCheck ) , e . CUSTOM _ELEMENT _HANDLING && "boolean" == typeof e . CUSTOM _ELEMENT _HANDLING . allowCustomizedBuiltInElements && ( H . allowCustomizedBuiltInElements = e . CUSTOM _ELEMENT _HANDLING . allowCustomizedBuiltInElements ) , G && ( W = ! 1 ) , te && ( ee = ! 0 )
/* Parse profile info */ , ie && ( F = My ( { } , Wy ) , z = [ ] , ! 0 === ie . html && ( My ( F , zy ) , My ( z , Ky ) ) , ! 0 === ie . svg && ( My ( F , jy ) , My ( z , Yy ) , My ( z , Xy ) ) , ! 0 === ie . svgFilters && ( My ( F , Hy ) , My ( z , Yy ) , My ( z , Xy ) ) , ! 0 === ie . mathMl && ( My ( F , Vy ) , My ( z , Gy ) , My ( z , Xy ) ) )
/* Merge configuration parameters */ , e . ADD _TAGS && ( F === U && ( F = Fy ( F ) ) , My ( F , e . ADD _TAGS , xe ) ) , e . ADD _ATTR && ( z === j && ( z = Fy ( z ) ) , My ( z , e . ADD _ATTR , xe ) ) , e . ADD _URI _SAFE _ATTR && My ( me , e . ADD _URI _SAFE _ATTR , xe ) , e . FORBID _CONTENTS && ( le === de && ( le = Fy ( le ) ) , My ( le , e . FORBID _CONTENTS , xe ) )
/* Add #text in case KEEP_CONTENT is set to true */ , se && ( F [ "#text" ] = ! 0 )
/* Add html, head and body to ALLOWED_TAGS in case WHOLE_DOCUMENT is true */ , Z && My ( F , [ "html" , "head" , "body" ] )
/* Add tbody to ALLOWED_TAGS in case tables are permitted, see #286, #365 */ , F . table && ( My ( F , [ "tbody" ] ) , delete $ . tbody ) , e . TRUSTED _TYPES _POLICY ) { if ( "function" != typeof e . TRUSTED _TYPES _POLICY . createHTML ) throw Py ( 'TRUSTED_TYPES_POLICY configuration option must provide a "createHTML" hook.' ) ; if ( "function" != typeof e . TRUSTED _TYPES _POLICY . createScriptURL ) throw Py ( 'TRUSTED_TYPES_POLICY configuration option must provide a "createScriptURL" hook.' ) ;
// Overwrite existing TrustedTypes policy.
w = e . TRUSTED _TYPES _POLICY ,
// Sign local variables required by `sanitize`.
E = w . createHTML ( "" ) } else
// Uninitialized policy, attempt to initialize the internal dompurify policy.
void 0 === w && ( w = function ( e , t ) { if ( "object" != typeof e || "function" != typeof e . createPolicy ) return null ;
// Allow the callers to control the unique policy name
// by adding a data-tt-policy-suffix to the script element with the DOMPurify.
// Policy creation with duplicate names throws in Trusted Types.
let n = null ; const o = "data-tt-policy-suffix" ; t && t . hasAttribute ( o ) && ( n = t . getAttribute ( o ) ) ; const r = "dompurify" + ( n ? "#" + n : "" ) ; try { return e . createPolicy ( r , { createHTML : e => e , createScriptURL : e => e } ) } catch ( e ) {
// Policy creation failed (most likely another DOMPurify script has
// already run). Skip creating the policy, as this will only cause errors
// if TT are enforced.
return console . warn ( "TrustedTypes policy " + r + " could not be created." ) , null } } ( g , s ) ) ,
// If creating the internal policy succeeded sign internal variables.
null !== w && "string" == typeof E && ( E = w . createHTML ( "" ) ) ;
// Prevent further manipulation of configuration.
// Not available in IE8, Safari 5, etc.
by && by ( e ) , _e = e } } , Re = My ( { } , [ "mi" , "mo" , "mn" , "ms" , "mtext" ] ) , Ae = My ( { } , [ "annotation-xml" ] ) , Te = My ( { } , [ "title" , "style" , "font" , "a" , "script" ] ) , Oe = My ( { } , [ ... jy , ... Hy , ... $y ] ) , Be = My ( { } , [ ... Vy , ... qy ] ) , Pe = function ( e ) { _y ( n . removed , { element : e } ) ; try {
// eslint-disable-next-line unicorn/prefer-dom-node-remove
C ( e ) . removeChild ( e ) } catch ( t ) { b ( e ) } } , De = function ( e , t ) { try { _y ( n . removed , { attribute : t . getAttributeNode ( e ) , from : t } ) } catch ( e ) { _y ( n . removed , { attribute : null , from : t } ) }
// We void attribute values for unremovable "is"" attributes
if ( t . removeAttribute ( e ) , "is" === e && ! z [ e ] ) if ( ee || te ) try { Pe ( t ) } catch ( e ) { } else try { t . setAttribute ( e , "" ) } catch ( e ) { } } , Le = function ( e ) {
/* Create a HTML document */
let t = null , n = null ; if ( J ) e = "<remove></remove>" + e ; else {
/* If FORCE_BODY isn't used, leading whitespace needs to be preserved manually */
const t = Ny ( e , /^[\r\n\t ]+/ ) ; n = t && t [ 0 ] } "application/xhtml+xml" === we && be === he && (
// Root of XHTML doc must contain xmlns declaration (see https://www.w3.org/TR/xhtml1/normative.html#strict)
e = '<html xmlns="http://www.w3.org/1999/xhtml"><head></head><body>' + e + "</body></html>" ) ; const r = w ? w . createHTML ( e ) : e ;
/ *
* Use the DOMParser API by default , fallback later if needs be
* DOMParser not work for svg when has multiple root element .
* / i f ( b e = = = h e ) t r y { t = ( n e w f ) . p a r s e F r o m S t r i n g ( r , w e ) } c a t c h ( e ) { }
/* Use createHTMLDocument in case DOMParser is not available */ if ( ! t || ! t . documentElement ) { t = x . createDocument ( be , "template" , null ) ; try { t . documentElement . innerHTML = ve ? E : r } catch ( e ) {
// Syntax error if dirtyPayload is invalid xml
} } const s = t . body || t . documentElement ;
/* Work on whole document or just its body */
return e && n && s . insertBefore ( o . createTextNode ( n ) , s . childNodes [ 0 ] || null ) , be === he ? S . call ( t , Z ? "html" : "body" ) [ 0 ] : Z ? t . documentElement : s } , Me = function ( e ) { return _ . call ( e . ownerDocument || e , e ,
// eslint-disable-next-line no-bitwise
c . SHOW _ELEMENT | c . SHOW _COMMENT | c . SHOW _TEXT | c . SHOW _PROCESSING _INSTRUCTION | c . SHOW _CDATA _SECTION , null ) } , Ie = function ( e ) { return e instanceof m && ( "string" != typeof e . nodeName || "string" != typeof e . textContent || "function" != typeof e . removeChild || ! ( e . attributes instanceof u ) || "function" != typeof e . removeAttribute || "function" != typeof e . setAttribute || "string" != typeof e . namespaceURI || "function" != typeof e . insertBefore || "function" != typeof e . hasChildNodes ) } , Fe = function ( e ) { return "function" == typeof l && e instanceof l } , Ue = function ( e , t , o ) { R [ e ] && Ey ( R [ e ] , ( e => { e . call ( n , t , o , _e ) } ) ) } , ze = function ( e ) { let t = null ;
/* Execute a hook if present */
/* Check if element is clobbered or can clobber */
if ( Ue ( "beforeSanitizeElements" , e , null ) , Ie ( e ) ) return Pe ( e ) , ! 0 ;
/* Now let's check the element's type and name */ const o = xe ( e . nodeName ) ;
/* Execute a hook if present */
/* Detect mXSS attempts abusing namespace confusion */
if ( Ue ( "uponSanitizeElement" , e , { tagName : o , allowedTags : F } ) , e . hasChildNodes ( ) && ! Fe ( e . firstElementChild ) && By ( /<[/\w]/g , e . innerHTML ) && By ( /<[/\w]/g , e . textContent ) ) return Pe ( e ) , ! 0 ;
/* Remove any occurrence of processing instructions */ if ( 7 === e . nodeType ) return Pe ( e ) , ! 0 ;
/* Remove any kind of possibly harmful comments */ if ( X && 8 === e . nodeType && By ( /<[/\w]/g , e . data ) ) return Pe ( e ) , ! 0 ;
/* Remove element if anything forbids its presence */ if ( ! F [ o ] || $ [ o ] ) {
/* Check if we have a custom element to handle */
if ( ! $ [ o ] && He ( o ) ) { if ( H . tagNameCheck instanceof RegExp && By ( H . tagNameCheck , o ) ) return ! 1 ; if ( H . tagNameCheck instanceof Function && H . tagNameCheck ( o ) ) return ! 1 }
/* Keep content except for bad-listed elements */ if ( se && ! le [ o ] ) { const t = C ( e ) || e . parentNode , n = y ( e ) || e . childNodes ; if ( n && t ) for ( let o = n . length - 1 ; o >= 0 ; -- o ) { const r = h ( n [ o ] , ! 0 ) ; r . _ _removalCount = ( e . _ _removalCount || 0 ) + 1 , t . insertBefore ( r , v ( e ) ) } } return Pe ( e ) , ! 0 }
/* Check whether element has a valid namespace */ return e instanceof d && ! function ( e ) { let t = C ( e ) ;
// In JSDOM, if we're inside shadow DOM, then parentNode
// can be null. We just simulate parent in this case.
t && t . tagName || ( t = { namespaceURI : be , tagName : "template" } ) ; const n = ky ( e . tagName ) , o = ky ( t . tagName ) ; return ! ! ye [ e . namespaceURI ] && ( e . namespaceURI === pe ?
// The only way to switch from HTML namespace to SVG
// is via <svg>. If it happens via any other tag, then
// it should be killed.
t . namespaceURI === he ? "svg" === n :
// The only way to switch from MathML to SVG is via`
// svg if parent is either <annotation-xml> or MathML
// text integration points.
t . namespaceURI === ge ? "svg" === n && ( "annotation-xml" === o || Re [ o ] ) : Boolean ( Oe [ n ] ) : e . namespaceURI === ge ?
// The only way to switch from HTML namespace to MathML
// is via <math>. If it happens via any other tag, then
// it should be killed.
t . namespaceURI === he ? "math" === n :
// The only way to switch from SVG to MathML is via
// <math> and HTML integration points
t . namespaceURI === pe ? "math" === n && Ae [ o ] : Boolean ( Be [ n ] ) : e . namespaceURI === he ?
// The only way to switch from SVG to HTML is via
// HTML integration points, and from MathML to HTML
// is via MathML text integration points
! ( t . namespaceURI === pe && ! Ae [ o ] ) && ! ( t . namespaceURI === ge && ! Re [ o ] ) && ! Be [ n ] && ( Te [ n ] || ! Oe [ n ] ) : ! ( "application/xhtml+xml" !== we || ! ye [ e . namespaceURI ] ) ) } ( e ) ? ( Pe ( e ) , ! 0 ) :
/* Make sure that older browsers don't get fallback-tag mXSS */
"noscript" !== o && "noembed" !== o && "noframes" !== o || ! By ( /<\/no(script|embed|frames)/i , e . innerHTML ) ? (
/* Sanitize element content to be template-safe */
G && 3 === e . nodeType && (
/* Get the element's text content */
t = e . textContent , Ey ( [ A , T , O ] , ( e => { t = Ry ( t , e , " " ) } ) ) , e . textContent !== t && ( _y ( n . removed , { element : e . cloneNode ( ) } ) , e . textContent = t ) )
/* Execute a hook if present */ , Ue ( "afterSanitizeElements" , e , null ) , ! 1 ) : ( Pe ( e ) , ! 0 ) } , je = function ( e , t , n ) {
/* Make sure attribute cannot clobber */
if ( oe && ( "id" === t || "name" === t ) && ( n in o || n in ke ) ) return ! 1 ;
/ * A l l o w v a l i d d a t a - * a t t r i b u t e s : A t l e a s t o n e c h a r a c t e r a f t e r " - "
( https : //html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)
XML - compatible ( https : //html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804)
We don 't need to check the value; it' s always URI safe . * / i f ( W & & ! V [ t ] & & B y ( B , t ) ) ; e l s e i f ( q & & B y ( P , t ) ) ; e l s e i f ( ! z [ t ] | | V [ t ] ) { i f (
// First condition does a very basic check if a) it's basically a valid custom element tagname AND
// b) if the tagName passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck
// and c) if the attribute name passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.attributeNameCheck
! ( He ( e ) && ( H . tagNameCheck instanceof RegExp && By ( H . tagNameCheck , e ) || H . tagNameCheck instanceof Function && H . tagNameCheck ( e ) ) && ( H . attributeNameCheck instanceof RegExp && By ( H . attributeNameCheck , t ) || H . attributeNameCheck instanceof Function && H . attributeNameCheck ( t ) ) ||
// Alternative, second condition checks if it's an `is`-attribute, AND
// the value passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck
"is" === t && H . allowCustomizedBuiltInElements && ( H . tagNameCheck instanceof RegExp && By ( H . tagNameCheck , n ) || H . tagNameCheck instanceof Function && H . tagNameCheck ( n ) ) ) ) return ! 1 ;
/* Check value is safe. First, is attr inert? If so, is safe */ } else if ( me [ t ] ) ; else if ( By ( I , Ry ( n , L , "" ) ) ) ; else if ( "src" !== t && "xlink:href" !== t && "href" !== t || "script" === e || 0 !== Ay ( n , "data:" ) || ! ce [ e ] ) if ( K && ! By ( D , Ry ( n , L , "" ) ) ) ; else if ( n ) return ! 1 ; return ! 0 } , He = function ( e ) { return "annotation-xml" !== e && Ny ( e , M ) } , $e = function ( e ) {
/* Execute a hook if present */
Ue ( "beforeSanitizeAttributes" , e , null ) ; const { attributes : t } = e ;
/* Check if we have attributes; if not we might have a text node */ if ( ! t ) return ; const o = { attrName : "" , attrValue : "" , keepAttr : ! 0 , allowedAttributes : z } ; let r = t . length ;
/* Go backwards over all attributes; safely remove bad ones */ for ( ; r -- ; ) { const s = t [ r ] , { name : a , namespaceURI : i , value : l } = s , d = xe ( a ) ; let c = "value" === a ? l : Ty ( l ) ; const u = c ;
/* Execute a hook if present */
/* Did the hooks approve of the attribute? */
if ( o . attrName = d , o . attrValue = c , o . keepAttr = ! 0 , o . forceKeepAttr = void 0 , // Allows developers to see this is a property they can set
Ue ( "uponSanitizeAttribute" , e , o ) , c = o . attrValue , o . forceKeepAttr ) continue ;
/* Remove attribute */
/* Did the hooks approve of the attribute? */ if ( ! o . keepAttr ) { De ( a , e ) ; continue }
/* Work around a security issue in jQuery 3.0 */ if ( ! Y && By ( /\/>/i , c ) ) { De ( a , e ) ; continue }
/* Sanitize attribute content to be template-safe */ G && Ey ( [ A , T , O ] , ( e => { c = Ry ( c , e , " " ) } ) )
/* Is `value` valid for this attribute? */ ; const m = xe ( e . nodeName ) ; if ( je ( m , d , c ) )
/* Work around a security issue with comments inside attributes */
if (
/ * F u l l D O M C l o b b e r i n g p r o t e c t i o n v i a n a m e s p a c e i s o l a t i o n ,
* Prefix id and name attributes with ` user-content- `
* /
! re || "id" !== d && "name" !== d || (
// Remove the attribute with this value
De ( a , e ) ,
// Prefix the value and later re-create the attribute with the sanitized value
c = "user-content-" + c ) , X && By ( /((--!?|])>)|<\/(style|title)/i , c ) ) De ( a , e ) ; else {
/* Handle attributes that require Trusted Types */
if ( w && "object" == typeof g && "function" == typeof g . getAttributeType ) if ( i ) ; else switch ( g . getAttributeType ( m , d ) ) { case "TrustedHTML" : c = w . createHTML ( c ) ; break ; case "TrustedScriptURL" : c = w . createScriptURL ( c ) }
/* Handle invalid data-* attribute set by try-catching it */ if ( c !== u ) try { i ? e . setAttributeNS ( i , a , c ) :
/* Fallback to setAttribute() for browser-unrecognized namespaces e.g. "x-schema". */
e . setAttribute ( a , c ) , Ie ( e ) ? Pe ( e ) : xy ( n . removed ) } catch ( e ) { } } else De ( a , e ) }
/* Execute a hook if present */ Ue ( "afterSanitizeAttributes" , e , null ) } , Ve = function e ( t ) { let n = null ; const o = Me ( t ) ;
/* Execute a hook if present */ for ( Ue ( "beforeSanitizeShadowDOM" , t , null ) ; n = o . nextNode ( ) ; )
/* Execute a hook if present */
Ue ( "uponSanitizeShadowNode" , n , null ) ,
/* Sanitize tags and elements */
ze ( n ) || (
/* Deep shadow DOM detected */
n . content instanceof a && e ( n . content )
/* Check attributes, sanitize if necessary */ , $e ( n ) ) ;
/* Execute a hook if present */ Ue ( "afterSanitizeShadowDOM" , t , null ) } ;
/ * *
* Sanitize
* Public method providing core sanitation functionality
*
* @ param { String | Node } dirty string or DOM node
* @ param { Object } cfg object
* /
// eslint-disable-next-line complexity
return n . sanitize = function ( e ) { let t = arguments . length > 1 && void 0 !== arguments [ 1 ] ? arguments [ 1 ] : { } , o = null , s = null , i = null , d = null ;
/* Stringify, in case dirty is an object */
if (
/ * M a k e s u r e w e h a v e a s t r i n g t o s a n i t i z e .
DO NOT return early , as this will return the wrong type if
the user has requested a DOM object rather than a string * /
ve = ! e , ve && ( e = "\x3c!--\x3e" ) , "string" != typeof e && ! Fe ( e ) ) { if ( "function" != typeof e . toString ) throw Py ( "toString is not a function" ) ; if ( "string" != typeof ( e = e . toString ( ) ) ) throw Py ( "dirty is not a string, aborting" ) }
/* Return dirty HTML if DOMPurify cannot run */ if ( ! n . isSupported ) return e ;
/* Assign config vars */ if ( Q || Ne ( t )
/* Clean up removed elements */ , n . removed = [ ] ,
/* Check if dirty is correctly typed for IN_PLACE */
"string" == typeof e && ( ae = ! 1 ) , ae ) {
/* Do some early pre-sanitization to avoid unsafe root nodes */
if ( e . nodeName ) { const t = xe ( e . nodeName ) ; if ( ! F [ t ] || $ [ t ] ) throw Py ( "root node is forbidden and cannot be sanitized in-place" ) } } else if ( e instanceof l )
/ * I f d i r t y i s a D O M e l e m e n t , a p p e n d t o a n e m p t y d o c u m e n t t o a v o i d
elements being stripped by the parser * /
o = Le ( "\x3c!----\x3e" ) , s = o . ownerDocument . importNode ( e , ! 0 ) , 1 === s . nodeType && "BODY" === s . nodeName || "HTML" === s . nodeName ?
/* Node is already a body, use as is */
o = s :
// eslint-disable-next-line unicorn/prefer-dom-node-append
o . appendChild ( s ) ; else {
/* Exit directly if we have nothing to do */
if ( ! ee && ! G && ! Z &&
// eslint-disable-next-line unicorn/prefer-includes
- 1 === e . indexOf ( "<" ) ) return w && ne ? w . createHTML ( e ) : e ;
/* Initialize the document to work on */
/* Check we have a DOM node from the data */
if ( o = Le ( e ) , ! o ) return ee ? null : ne ? E : "" }
/* Remove first element node (ours) if FORCE_BODY is set */ o && J && Pe ( o . firstChild )
/* Get node iterator */ ; const c = Me ( ae ? e : o ) ;
/* Now start iterating over the created document */ for ( ; i = c . nextNode ( ) ; )
/* Sanitize tags and elements */
ze ( i ) || (
/* Shadow DOM detected, sanitize it */
i . content instanceof a && Ve ( i . content )
/* Check attributes, sanitize if necessary */ , $e ( i ) ) ;
/* If we sanitized `dirty` in-place, return it. */ if ( ae ) return e ;
/* Return sanitized string or DOM */ if ( ee ) { if ( te ) for ( d = k . call ( o . ownerDocument ) ; o . firstChild ; )
// eslint-disable-next-line unicorn/prefer-dom-node-append
d . appendChild ( o . firstChild ) ; else d = o ; return ( z . shadowroot || z . shadowrootmode ) && (
/ *
AdoptNode ( ) is not used because internal state is not reset
( e . g . the past names map of a HTMLFormElement ) , this is safe
in theory but we would rather not risk another attack vector .
The state that is cloned by importNode ( ) is explicitly defined
by the specs .
* /
d = N . call ( r , d , ! 0 ) ) , d } let u = Z ? o . outerHTML : o . innerHTML ;
/* Serialize doctype if allowed */ return Z && F [ "!doctype" ] && o . ownerDocument && o . ownerDocument . doctype && o . ownerDocument . doctype . name && By ( sC , o . ownerDocument . doctype . name ) && ( u = "<!DOCTYPE " + o . ownerDocument . doctype . name + ">\n" + u )
/* Sanitize final string template-safe */ , G && Ey ( [ A , T , O ] , ( e => { u = Ry ( u , e , " " ) } ) ) , w && ne ? w . createHTML ( u ) : u } ,
/ * *
* Public method to set the configuration once
* setConfig
*
* @ param { Object } cfg configuration object
* /
n . setConfig = function ( ) { Ne ( arguments . length > 0 && void 0 !== arguments [ 0 ] ? arguments [ 0 ] : { } ) , Q = ! 0 } ,
/ * *
* Public method to remove the configuration
* clearConfig
*
* /
n . clearConfig = function ( ) { _e = null , Q = ! 1 } ,
/ * *
* Public method to check if an attribute value is valid .
* Uses last set config , if any . Otherwise , uses config defaults .
* isValidAttribute
*
* @ param { String } tag Tag name of containing element .
* @ param { String } attr Attribute name .
* @ param { String } value Attribute value .
* @ return { Boolean } Returns true if ` value ` is valid . Otherwise , returns false .
* /
n . isValidAttribute = function ( e , t , n ) {
/* Initialize shared config vars if necessary. */
_e || Ne ( { } ) ; const o = xe ( e ) , r = xe ( t ) ; return je ( o , r , n ) } ,
/ * *
* AddHook
* Public method to add DOMPurify hooks
*
* @ param { String } entryPoint entry point for the hook to add
* @ param { Function } hookFunction function to execute
* /
n . addHook = function ( e , t ) { "function" == typeof t && ( R [ e ] = R [ e ] || [ ] , _y ( R [ e ] , t ) ) } ,
/ * *
* RemoveHook
* Public method to remove a DOMPurify hook at a given entryPoint
* ( pops it from the stack of hooks if more are present )
*
* @ param { String } entryPoint entry point for the hook to remove
* @ return { Function } removed ( popped ) hook
* /
n . removeHook = function ( e ) { if ( R [ e ] ) return xy ( R [ e ] ) } ,
/ * *
* RemoveHooks
* Public method to remove all DOMPurify hooks at a given entryPoint
*
* @ param { String } entryPoint entry point for the hooks to remove
* /
n . removeHooks = function ( e ) { R [ e ] && ( R [ e ] = [ ] ) } ,
/ * *
* RemoveAllHooks
* Public method to remove all DOMPurify hooks
* /
n . removeAllHooks = function ( ) { R = { } } , n } ( ) ; const cC = Dt . each , uC = Dt . trim , mC = [ "source" , "protocol" , "authority" , "userInfo" , "user" , "password" , "host" , "port" , "relative" , "path" , "directory" , "file" , "query" , "anchor" ] , fC = { ftp : 21 , http : 80 , https : 443 , mailto : 25 } , gC = [ "img" , "video" ] , pC = ( e , t , n ) => { const o = ( e => { try { return decodeURIComponent ( e ) } catch ( t ) { return unescape ( e ) } } ) ( t ) . replace ( /\s/g , "" ) ; return ! e . allow _script _urls && ( ! ! /((java|vb)script|mhtml):/i . test ( o ) || ! e . allow _html _data _urls && ( /^data:image\//i . test ( o ) ? ( ( e , t ) => C ( e ) ? ! e : ! C ( t ) || ! H ( gC , t ) ) ( e . allow _svg _data _urls , n ) && /^data:image\/svg\+xml/i . test ( o ) : /^data:/i . test ( o ) ) ) } ; class hC { static parseDataUri ( e ) { let t ; const n = decodeURIComponent ( e ) . split ( "," ) , o = /data:([^;]+)/ . exec ( n [ 0 ] ) ; return o && ( t = o [ 1 ] ) , { type : t , data : n [ 1 ] } } static isDomSafe ( e , t , n = { } ) { if ( n . allow _script _urls ) return ! 0 ; { const o = ys . decode ( e ) . replace ( /[\s\u0000-\u001F]+/g , "" ) ; return ! pC ( n , o , t ) } } static getDocumentBaseUrl ( e ) { var t ; let n ; return n = 0 !== e . protocol . indexOf ( "http" ) && "file:" !== e . protocol ? null !== ( t = e . href ) && void 0 !== t ? t : "" : e . protocol + "//" + e . host + e . pathname , /^[^:]+:\/\/\/?[^\/]+\// . test ( n ) && ( n = n . replace ( /[\?#].*$/ , "" ) . replace ( /[\/\\][^\/]+$/ , "" ) , /[\/\\]$/ . test ( n ) || ( n += "/" ) ) , n } constructor ( e , t = { } ) { this . path = "" , this . directory = "" , e = uC ( e ) , this . settings = t ; const n = t . base _uri , o = this ; if ( /^([\w\-]+):([^\/]{2})/i . test ( e ) || /^\s*#/ . test ( e ) ) return void ( o . source = e ) ; const r = 0 === e . indexOf ( "//" ) ; if ( 0 !== e . indexOf ( "/" ) || r || ( e = ( n && n . protocol || "http" ) + "://mce_host" + e ) , ! /^[\w\-]*:?\/\// . test ( e ) ) { const t = n ? n . path : new hC ( document . location . href ) . directory ; if ( "" === ( null == n ? void 0 : n . protocol ) ) e = "//mce_host" + o . toAbsPath ( t , e ) ; else { const r = /([^#?]*)([#?]?.*)/ . exec ( e ) ; r && ( e = ( n && n . protocol || "http" ) + "://mce_host" + o . toAbsPath ( t , r [ 1 ] ) + r [ 2 ] ) } } e = e . replace ( /@@/g , "(mce_at)" ) ; const s = /^(?:(?![^:@]+:[^:@\/]*@)([^:\/?#.]+):)?(?:\/\/)?((?:(([^:@\/]*):?([^:@\/]*))?@)?(\[[a-zA-Z0-9:.%]+\]|[^:\/?#]*)(?::(\d*))?)(((\/(?:[^?#](?![^?#\/]*\.[^?#\/.]+(?:[?#]|$)))*\/?)?([^?#\/]*))(?:\?([^#]*))?(?:#(.*))?)/ . exec ( e ) ; s && cC ( mC , ( ( e , t ) => { let n = s [ t ] ; n && ( n = n . replace ( /\(mce_at\)/g , "@@" ) ) , o [ e ] = n } ) ) , n && ( o . protocol || ( o . protocol = n . protocol ) , o . userInfo || ( o . userInfo = n . userInfo ) , o . port || "mce_host" !== o . host || ( o . port = n . port ) , o . host && "mce_host" !== o . host || ( o . host = n . host ) , o . source = "" ) , r && ( o . protocol = "" ) } setPath ( e ) { const t = /^(.*?)\/?(\w+)?$/ . exec ( e ) ; t && ( this . path = t [ 0 ] , this . directory = t [ 1 ] , this . file = t [ 2 ] ) , this . source = "" , this . getURI ( ) } toRelative ( e ) { if ( "./" === e ) return e ; const t = new hC ( e , { base _uri : this } ) ; if ( "mce_host" !== t . host && this . host !== t . host && t . host || this . port !== t . port || this . protocol !== t . protocol && "" !== t . protocol ) return t . getURI ( ) ; const n = this . getURI ( ) , o = t . getURI ( ) ; if ( n === o || "/" === n . charAt ( n . length - 1 ) && n . substr ( 0 , n . length - 1 ) === o ) return n ; let r = this . toRelPath ( this . path , t . path ) ; return t . query && ( r += "?" + t . query ) , t . anchor && ( r += "#" + t . anchor ) , r } toAbsolute ( e , t ) { const n = new hC ( e , { base _uri : this } ) ; return n . getURI ( t && this . isSameOrigin ( n ) ) } isSameOrigin ( e ) { if ( this . host == e . host && this . protocol == e . protocol ) { if ( this . port == e . port ) return ! 0 ; const t = this . protocol ? fC [ this . protocol ] : null ; if ( t && ( this . port || t ) == ( e . port || t ) ) return ! 0 } return ! 1 } toRelPath ( e , t ) { let n , o , r = 0 , s = "" ; const a = e . substring ( 0 , e . lastIndexOf ( "/" ) ) . split ( "/" ) , i = t . split ( "/" ) ; if ( a . length >= i . length ) for ( n = 0 , o = a . length ; n < o ; n ++ ) if ( n >= i . length || a [ n ] !== i [ n ] ) { r = n + 1 ; break } if ( a . length < i . length ) for ( n = 0 , o = i . length ; n < o ; n ++ ) if ( n >= a . length || a [ n ] !== i [ n ] ) { r = n + 1 ; break } if ( 1 === r ) return t ; for ( n = 0 , o = a . length - ( r - 1 ) ; n < o ; n ++ ) s += "../" ; for ( n = r - 1 , o = i . length ; n < o ; n ++ ) s += n !== r - 1 ? "/" + i [ n ] : i [ n ] ; return s } toAbsPath ( e , t ) { let n = 0 ; const o = /\/$/ . test ( t ) ? "/" : "" , r = e . split ( "/" ) , s = t . split ( "/" ) , a = [ ] ; cC ( r , ( e => { e && a . push ( e ) } ) ) ; const i = [ ] ; for ( let e = s . length - 1 ; e >= 0 ; e -- ) 0 !== s [ e ] . length && "." !== s [ e ] && ( ".." !== s [ e ] ? n > 0 ? n -- : i . push ( s [ e ] ) : n ++ ) ; const l = a . length - n ; let d ; return d = l <= 0 ? oe ( i ) . join ( "/" ) : a . slice ( 0 , l ) . join ( "/" ) + "/" + oe ( i ) . join ( "/" ) , 0 !== d . indexOf ( "/" ) && ( d = "/" + d ) , o && d . lastIndexOf ( "/" ) !== d . length - 1 && ( d += o ) , d } getURI ( e = ! 1 ) { let t ; return this . source && ! e || ( t = "" , e || ( this . protocol ? t += this . protocol + "://" : t += "//" , this . userInfo && ( t += this . userInfo + "@" ) , this . host && ( t += this . host ) , this . port && ( t += ":" + this . port ) ) , this . path && ( t += this . path ) , th
