From 7b934bfa393c98000ca515205067e6dd3effda17 Mon Sep 17 00:00:00 2001 From: reduckted Date: Wed, 9 Oct 2024 20:54:04 +1000 Subject: [PATCH 01/10] Add TypeScript config. --- package-lock.json | 28 +++++++++++++++++++++------- package.json | 2 ++ tsconfig.json | 10 ++++++++++ 3 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 tsconfig.json diff --git a/package-lock.json b/package-lock.json index de9c58868..7d9aea250 100644 --- a/package-lock.json +++ b/package-lock.json @@ -38,6 +38,8 @@ "rollup": "^2.70.1", "rollup-plugin-includepaths": "^0.2.3", "rollup-plugin-terser": "^7.0.2", + "tslib": "^2.7.0", + "typescript": "^5.6.3", "xo": "^0.54.1" } }, @@ -9487,6 +9489,12 @@ "json5": "lib/cli.js" } }, + "node_modules/tslib": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.7.0.tgz", + "integrity": "sha512-gLXCKdN1/j47AiHiOkJN69hJmcbGTHI0ImLmbYLHykhgeN0jVGola9yVjFgzCUklsZQMW55o+dW7IXv3RCXDzA==", + "dev": true + }, "node_modules/type-check": { "version": "0.3.2", "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz", @@ -9543,16 +9551,16 @@ "license": "MIT" }, "node_modules/typescript": { - "version": "5.0.4", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.0.4.tgz", - "integrity": "sha512-cW9T5W9xY37cc+jfEnaUvX91foxtHkza3Nw3wkoF4sSlKn0MONdkdEndig/qPBWXNkmplh3NzayQzCiHM4/hqw==", + "version": "5.6.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.3.tgz", + "integrity": "sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==", "dev": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" }, "engines": { - "node": ">=12.20" + "node": ">=14.17" } }, "node_modules/ua-parser-js": { @@ -17498,6 +17506,12 @@ } } }, + "tslib": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.7.0.tgz", + "integrity": "sha512-gLXCKdN1/j47AiHiOkJN69hJmcbGTHI0ImLmbYLHykhgeN0jVGola9yVjFgzCUklsZQMW55o+dW7IXv3RCXDzA==", + "dev": true + }, "type-check": { "version": "0.3.2", "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz", @@ -17537,9 +17551,9 @@ "dev": true }, "typescript": { - "version": "5.0.4", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.0.4.tgz", - "integrity": "sha512-cW9T5W9xY37cc+jfEnaUvX91foxtHkza3Nw3wkoF4sSlKn0MONdkdEndig/qPBWXNkmplh3NzayQzCiHM4/hqw==", + "version": "5.6.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.3.tgz", + "integrity": "sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==", "dev": true }, "ua-parser-js": { diff --git a/package.json b/package.json index 5cd4e5ba0..d9ce9bb8a 100644 --- a/package.json +++ b/package.json @@ -92,6 +92,8 @@ "rollup": "^2.70.1", "rollup-plugin-includepaths": "^0.2.3", "rollup-plugin-terser": "^7.0.2", + "tslib": "^2.7.0", + "typescript": "^5.6.3", "xo": "^0.54.1" }, "resolutions": { diff --git a/tsconfig.json b/tsconfig.json new file mode 100644 index 000000000..c5e111f20 --- /dev/null +++ b/tsconfig.json @@ -0,0 +1,10 @@ +{ + "compilerOptions": { + "declaration": false, + "target": "ESNext", + "module": "ESNext", + "moduleResolution": "Bundler", + "skipLibCheck": true + }, + "include": ["src/**/*.ts"] +} From b10b1ebdc2d2d675c77b353fa605acdd77776be7 Mon Sep 17 00:00:00 2001 From: reduckted Date: Wed, 9 Oct 2024 21:08:18 +1000 Subject: [PATCH 02/10] Rename `.js` files to `.ts`. --- package.json | 4 ++-- src/{attrs.js => attrs.ts} | 0 src/{purify.js => purify.ts} | 0 src/{regexp.js => regexp.ts} | 0 src/{tags.js => tags.ts} | 0 src/{utils.js => utils.ts} | 0 test/karma.conf.js | 2 +- 7 files changed, 3 insertions(+), 3 deletions(-) rename src/{attrs.js => attrs.ts} (100%) rename src/{purify.js => purify.ts} (100%) rename src/{regexp.js => regexp.ts} (100%) rename src/{tags.js => tags.ts} (100%) rename src/{utils.js => utils.ts} (100%) diff --git a/package.json b/package.json index d9ce9bb8a..c57a46624 100644 --- a/package.json +++ b/package.json @@ -1,9 +1,9 @@ { "scripts": { - "lint": "xo src/*.js", + "lint": "xo src/*.ts", "format": "npm run format:js && npm run format:md", "format:md": "prettier --write --parser markdown '**/*.md'", - "format:js": "prettier --write '{src,demos,scripts,test,website}/*.js'", + "format:js": "prettier --write '{src,demos,scripts,test,website}/*.{js,ts}'", "commit-amend-build": "scripts/commit-amend-build.sh", "prebuild": "rimraf dist/**", "dev": "cross-env NODE_ENV=development BABEL_ENV=rollup rollup -w -c -o dist/purify.js", diff --git a/src/attrs.js b/src/attrs.ts similarity index 100% rename from src/attrs.js rename to src/attrs.ts diff --git a/src/purify.js b/src/purify.ts similarity index 100% rename from src/purify.js rename to src/purify.ts diff --git a/src/regexp.js b/src/regexp.ts similarity index 100% rename from src/regexp.js rename to src/regexp.ts diff --git a/src/tags.js b/src/tags.ts similarity index 100% rename from src/tags.js rename to src/tags.ts diff --git a/src/utils.js b/src/utils.ts similarity index 100% rename from src/utils.js rename to src/utils.ts diff --git a/test/karma.conf.js b/test/karma.conf.js index a6e91b77c..e28a8f0eb 100644 --- a/test/karma.conf.js +++ b/test/karma.conf.js @@ -27,7 +27,7 @@ module.exports = function (config) { ], preprocessors: { - 'src/*.js': ['rollup'], + 'src/*.ts': ['rollup'], 'test/**/*.spec.js': ['rollup'], }, From bab807e181414a99a83d9dfd4f0887e334980396 Mon Sep 17 00:00:00 2001 From: reduckted Date: Wed, 16 Oct 2024 20:49:40 +1000 Subject: [PATCH 03/10] Disabled some lint rules. --- package.json | 16 +++++++++++++++- src/purify.ts | 18 ++++++++++-------- 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/package.json b/package.json index c57a46624..e0e1df47e 100644 --- a/package.json +++ b/package.json @@ -55,7 +55,21 @@ { "properties": "never" } - ] + ], + "@typescript-eslint/ban-types": 0, + "@typescript-eslint/consistent-type-definitions": 0, + "@typescript-eslint/indent": 0, + "@typescript-eslint/naming-convention": 0, + "@typescript-eslint/no-throw-literal": 0, + "@typescript-eslint/no-unnecessary-boolean-literal-compare": 0, + "@typescript-eslint/no-unsafe-argument": 0, + "@typescript-eslint/no-unsafe-assignment": 0, + "@typescript-eslint/no-unsafe-call": 0, + "@typescript-eslint/no-unsafe-return": 0, + "@typescript-eslint/prefer-includes": 0, + "@typescript-eslint/prefer-optional-chain": 0, + "@typescript-eslint/prefer-nullish-coalescing": 0, + "@typescript-eslint/restrict-plus-operands": 0 }, "globals": [ "window", diff --git a/src/purify.ts b/src/purify.ts index 305d7591b..b4f777bc7 100644 --- a/src/purify.ts +++ b/src/purify.ts @@ -1,3 +1,5 @@ +/* eslint-disable @typescript-eslint/indent */ + import * as TAGS from './tags.js'; import * as ATTRS from './attrs.js'; import * as EXPRESSIONS from './regexp.js'; @@ -483,17 +485,17 @@ function createDOMPurify(window = getGlobal()) { : DEFAULT_ALLOWED_NAMESPACES; URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR') ? addToSet( - clone(DEFAULT_URI_SAFE_ATTRIBUTES), // eslint-disable-line indent - cfg.ADD_URI_SAFE_ATTR, // eslint-disable-line indent - transformCaseFunc // eslint-disable-line indent - ) // eslint-disable-line indent + clone(DEFAULT_URI_SAFE_ATTRIBUTES), + cfg.ADD_URI_SAFE_ATTR, + transformCaseFunc + ) : DEFAULT_URI_SAFE_ATTRIBUTES; DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS') ? addToSet( - clone(DEFAULT_DATA_URI_TAGS), // eslint-disable-line indent - cfg.ADD_DATA_URI_TAGS, // eslint-disable-line indent - transformCaseFunc // eslint-disable-line indent - ) // eslint-disable-line indent + clone(DEFAULT_DATA_URI_TAGS), + cfg.ADD_DATA_URI_TAGS, + transformCaseFunc + ) : DEFAULT_DATA_URI_TAGS; FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS') ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc) From 399ebee70c97f9150d5336400247c7c7838682e5 Mon Sep 17 00:00:00 2001 From: reduckted Date: Wed, 9 Oct 2024 21:08:36 +1000 Subject: [PATCH 04/10] Configure rollup to process TypeScript. --- package-lock.json | 292 ++++++++++++++++++++++++++++++++++++++++++++++ package.json | 1 + rollup.config.js | 8 +- 3 files changed, 300 insertions(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index 7d9aea250..96a415ba4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -38,6 +38,7 @@ "rollup": "^2.70.1", "rollup-plugin-includepaths": "^0.2.3", "rollup-plugin-terser": "^7.0.2", + "rollup-plugin-typescript2": "^0.36.0", "tslib": "^2.7.0", "typescript": "^5.6.3", "xo": "^0.54.1" @@ -3229,6 +3230,12 @@ "integrity": "sha512-QE33hToZseCH3jS0qN96O/bSh3kaw/h+Tq7ngyY9eWDUnTlTNUyqfqvCXioLe5Na5jFsL78ra/wuBU4iuEgd4w==", "dev": true }, + "node_modules/commondir": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz", + "integrity": "sha512-W9pAhw0ja1Edb5GVdIF1mjZw/ASI0AlShXM83UUGe2DVr5TdAPEA1OA8m/g8zWp9x6On7gqufY+FatDbC3MDQg==", + "dev": true + }, "node_modules/concat-map": { "version": "0.0.1", "dev": true, @@ -4934,6 +4941,12 @@ "node": ">=4.0" } }, + "node_modules/estree-walker": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-2.0.2.tgz", + "integrity": "sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w==", + "dev": true + }, "node_modules/esutils": { "version": "2.0.3", "dev": true, @@ -6826,6 +6839,30 @@ "sourcemap-codec": "^1.4.8" } }, + "node_modules/make-dir": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz", + "integrity": "sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==", + "dev": true, + "dependencies": { + "semver": "^6.0.0" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/make-dir/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "dev": true, + "bin": { + "semver": "bin/semver.js" + } + }, "node_modules/map-obj": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-4.3.0.tgz", @@ -8583,6 +8620,138 @@ "rollup": "^2.0.0" } }, + "node_modules/rollup-plugin-typescript2": { + "version": "0.36.0", + "resolved": "https://registry.npmjs.org/rollup-plugin-typescript2/-/rollup-plugin-typescript2-0.36.0.tgz", + "integrity": "sha512-NB2CSQDxSe9+Oe2ahZbf+B4bh7pHwjV5L+RSYpCu7Q5ROuN94F9b6ioWwKfz3ueL3KTtmX4o2MUH2cgHDIEUsw==", + "dev": true, + "dependencies": { + "@rollup/pluginutils": "^4.1.2", + "find-cache-dir": "^3.3.2", + "fs-extra": "^10.0.0", + "semver": "^7.5.4", + "tslib": "^2.6.2" + }, + "peerDependencies": { + "rollup": ">=1.26.3", + "typescript": ">=2.4.0" + } + }, + "node_modules/rollup-plugin-typescript2/node_modules/@rollup/pluginutils": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-4.2.1.tgz", + "integrity": "sha512-iKnFXr7NkdZAIHiIWE+BX5ULi/ucVFYWD6TbAV+rZctiRTY2PL6tsIKhoIOaoskiWAkgu+VsbXgUVDNLHf+InQ==", + "dev": true, + "dependencies": { + "estree-walker": "^2.0.1", + "picomatch": "^2.2.2" + }, + "engines": { + "node": ">= 8.0.0" + } + }, + "node_modules/rollup-plugin-typescript2/node_modules/find-cache-dir": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-3.3.2.tgz", + "integrity": "sha512-wXZV5emFEjrridIgED11OoUKLxiYjAcqot/NJdAkOhlJ+vGzwhOAfcG5OX1jP+S0PcjEn8bdMJv+g2jwQ3Onig==", + "dev": true, + "dependencies": { + "commondir": "^1.0.1", + "make-dir": "^3.0.2", + "pkg-dir": "^4.1.0" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/avajs/find-cache-dir?sponsor=1" + } + }, + "node_modules/rollup-plugin-typescript2/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/rollup-plugin-typescript2/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/rollup-plugin-typescript2/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/rollup-plugin-typescript2/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/rollup-plugin-typescript2/node_modules/path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/rollup-plugin-typescript2/node_modules/pkg-dir": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", + "dev": true, + "dependencies": { + "find-up": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/rollup-plugin-typescript2/node_modules/semver": { + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", + "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==", + "dev": true, + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/run-parallel": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", @@ -13177,6 +13346,12 @@ "integrity": "sha512-QE33hToZseCH3jS0qN96O/bSh3kaw/h+Tq7ngyY9eWDUnTlTNUyqfqvCXioLe5Na5jFsL78ra/wuBU4iuEgd4w==", "dev": true }, + "commondir": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz", + "integrity": "sha512-W9pAhw0ja1Edb5GVdIF1mjZw/ASI0AlShXM83UUGe2DVr5TdAPEA1OA8m/g8zWp9x6On7gqufY+FatDbC3MDQg==", + "dev": true + }, "concat-map": { "version": "0.0.1", "dev": true @@ -14392,6 +14567,12 @@ "dev": true, "peer": true }, + "estree-walker": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-2.0.2.tgz", + "integrity": "sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w==", + "dev": true + }, "esutils": { "version": "2.0.3", "dev": true @@ -15678,6 +15859,23 @@ "sourcemap-codec": "^1.4.8" } }, + "make-dir": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz", + "integrity": "sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==", + "dev": true, + "requires": { + "semver": "^6.0.0" + }, + "dependencies": { + "semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "dev": true + } + } + }, "map-obj": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-4.3.0.tgz", @@ -16856,6 +17054,100 @@ "terser": "^5.0.0" } }, + "rollup-plugin-typescript2": { + "version": "0.36.0", + "resolved": "https://registry.npmjs.org/rollup-plugin-typescript2/-/rollup-plugin-typescript2-0.36.0.tgz", + "integrity": "sha512-NB2CSQDxSe9+Oe2ahZbf+B4bh7pHwjV5L+RSYpCu7Q5ROuN94F9b6ioWwKfz3ueL3KTtmX4o2MUH2cgHDIEUsw==", + "dev": true, + "requires": { + "@rollup/pluginutils": "^4.1.2", + "find-cache-dir": "^3.3.2", + "fs-extra": "^10.0.0", + "semver": "^7.5.4", + "tslib": "^2.6.2" + }, + "dependencies": { + "@rollup/pluginutils": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-4.2.1.tgz", + "integrity": "sha512-iKnFXr7NkdZAIHiIWE+BX5ULi/ucVFYWD6TbAV+rZctiRTY2PL6tsIKhoIOaoskiWAkgu+VsbXgUVDNLHf+InQ==", + "dev": true, + "requires": { + "estree-walker": "^2.0.1", + "picomatch": "^2.2.2" + } + }, + "find-cache-dir": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-3.3.2.tgz", + "integrity": "sha512-wXZV5emFEjrridIgED11OoUKLxiYjAcqot/NJdAkOhlJ+vGzwhOAfcG5OX1jP+S0PcjEn8bdMJv+g2jwQ3Onig==", + "dev": true, + "requires": { + "commondir": "^1.0.1", + "make-dir": "^3.0.2", + "pkg-dir": "^4.1.0" + } + }, + "find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "requires": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + } + }, + "locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "requires": { + "p-locate": "^4.1.0" + } + }, + "p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "requires": { + "p-try": "^2.0.0" + } + }, + "p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "requires": { + "p-limit": "^2.2.0" + } + }, + "path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dev": true + }, + "pkg-dir": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", + "dev": true, + "requires": { + "find-up": "^4.0.0" + } + }, + "semver": { + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", + "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==", + "dev": true + } + } + }, "run-parallel": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", diff --git a/package.json b/package.json index e0e1df47e..b8602d614 100644 --- a/package.json +++ b/package.json @@ -106,6 +106,7 @@ "rollup": "^2.70.1", "rollup-plugin-includepaths": "^0.2.3", "rollup-plugin-terser": "^7.0.2", + "rollup-plugin-typescript2": "^0.36.0", "tslib": "^2.7.0", "typescript": "^5.6.3", "xo": "^0.54.1" diff --git a/rollup.config.js b/rollup.config.js index 6b6ac4853..39cc438a9 100644 --- a/rollup.config.js +++ b/rollup.config.js @@ -1,8 +1,10 @@ const fs = require('fs'); +const { DEFAULT_EXTENSIONS } = require('@babel/core'); const babel = require('@rollup/plugin-babel').babel; const nodeResolve = require('@rollup/plugin-node-resolve').nodeResolve; const replace = require('@rollup/plugin-replace'); const { terser } = require('rollup-plugin-terser'); +const typescript = require('rollup-plugin-typescript2'); const pkg = require('./package.json'); const env = process.env.NODE_ENV; @@ -20,7 +22,7 @@ const commonOutputConfig = { }; const config = { - input: 'src/purify.js', + input: 'src/purify.ts', external: [], output: [ { @@ -46,11 +48,15 @@ const config = { }, ], plugins: [ + typescript({ + clean: true, + }), babel({ // It is recommended to configure this option explicitly (even if with its default value) so an informed decision is taken on how those babel helpers are inserted into the code. // Ref: https://github.com/rollup/plugins/tree/master/packages/babel#babelhelpers babelHelpers: 'bundled', exclude: ['**/node_modules/**'], + extensions: [...DEFAULT_EXTENSIONS, '.ts'], }), nodeResolve(), replace({ From a4763775756becdb0d541a6e58a0a0d1b30d21d7 Mon Sep 17 00:00:00 2001 From: reduckted Date: Fri, 11 Oct 2024 21:25:19 +1000 Subject: [PATCH 05/10] Defines types for the config. --- package-lock.json | 32 ++---- package.json | 2 +- src/config.ts | 245 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 253 insertions(+), 26 deletions(-) create mode 100644 src/config.ts diff --git a/package-lock.json b/package-lock.json index 96a415ba4..0daed0fae 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,8 +14,8 @@ "@rollup/plugin-babel": "^5.3.1", "@rollup/plugin-node-resolve": "^13.1.3", "@rollup/plugin-replace": "^4.0.0", - "@types/dompurify": "^2.3.3", "@types/estree": "^1.0.0", + "@types/trusted-types": "^2.0.7", "cross-env": "^7.0.3", "eslint-config-prettier": "^8.5.0", "eslint-plugin-prettier": "^4.0.0", @@ -2216,15 +2216,6 @@ "@types/node": "*" } }, - "node_modules/@types/dompurify": { - "version": "2.3.3", - "resolved": "https://registry.npmjs.org/@types/dompurify/-/dompurify-2.3.3.tgz", - "integrity": "sha512-nnVQSgRVuZ/843oAfhA25eRSNzUFcBPk/LOiw5gm8mD9/X7CNcbRkQu/OsjCewO8+VIYfPxUnXvPEVGenw14+w==", - "dev": true, - "dependencies": { - "@types/trusted-types": "*" - } - }, "node_modules/@types/eslint": { "version": "8.4.1", "dev": true, @@ -2278,9 +2269,9 @@ } }, "node_modules/@types/trusted-types": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.2.tgz", - "integrity": "sha512-F5DIZ36YVLE+PN+Zwws4kJogq47hNgX3Nx6WyDJ3kcplxyke3XIzB8uK5n/Lpm1HBsbGzd6nmGehL8cPekP+Tg==", + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz", + "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==", "dev": true }, "node_modules/@webassemblyjs/ast": { @@ -12587,15 +12578,6 @@ "@types/node": "*" } }, - "@types/dompurify": { - "version": "2.3.3", - "resolved": "https://registry.npmjs.org/@types/dompurify/-/dompurify-2.3.3.tgz", - "integrity": "sha512-nnVQSgRVuZ/843oAfhA25eRSNzUFcBPk/LOiw5gm8mD9/X7CNcbRkQu/OsjCewO8+VIYfPxUnXvPEVGenw14+w==", - "dev": true, - "requires": { - "@types/trusted-types": "*" - } - }, "@types/eslint": { "version": "8.4.1", "dev": true, @@ -12646,9 +12628,9 @@ } }, "@types/trusted-types": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.2.tgz", - "integrity": "sha512-F5DIZ36YVLE+PN+Zwws4kJogq47hNgX3Nx6WyDJ3kcplxyke3XIzB8uK5n/Lpm1HBsbGzd6nmGehL8cPekP+Tg==", + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz", + "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==", "dev": true }, "@webassemblyjs/ast": { diff --git a/package.json b/package.json index b8602d614..e6a835906 100644 --- a/package.json +++ b/package.json @@ -82,8 +82,8 @@ "@rollup/plugin-babel": "^5.3.1", "@rollup/plugin-node-resolve": "^13.1.3", "@rollup/plugin-replace": "^4.0.0", - "@types/dompurify": "^2.3.3", "@types/estree": "^1.0.0", + "@types/trusted-types": "^2.0.7", "cross-env": "^7.0.3", "eslint-config-prettier": "^8.5.0", "eslint-plugin-prettier": "^4.0.0", diff --git a/src/config.ts b/src/config.ts new file mode 100644 index 000000000..86e1b99fa --- /dev/null +++ b/src/config.ts @@ -0,0 +1,245 @@ +/* eslint-disable @typescript-eslint/indent */ + +/** + * Configuration to control DOMPurify behavior. + */ +export interface Config { + /** + * Extend the existing array of allowed attributes. + */ + ADD_ATTR?: string[] | undefined; + + /** + * Extend the existing array of elements that can use Data URIs. + */ + ADD_DATA_URI_TAGS?: string[] | undefined; + + /** + * Extend the existing array of allowed tags. + */ + ADD_TAGS?: string[] | undefined; + + /** + * Extend the existing array of elements that are safe for URI-like values (be careful, XSS risk). + */ + ADD_URI_SAFE_ATTR?: string[] | undefined; + + /** + * Allow ARIA attributes, leave other safe HTML as is (default is true). + */ + ALLOW_ARIA_ATTR?: boolean | undefined; + + /** + * Allow HTML5 data attributes, leave other safe HTML as is (default is true). + */ + ALLOW_DATA_ATTR?: boolean | undefined; + + /** + * Allow external protocol handlers in URL attributes (default is false, be careful, XSS risk). + * By default only `http`, `https`, `ftp`, `ftps`, `tel`, `mailto`, `callto`, `sms`, `cid` and `xmpp` are allowed. + */ + ALLOW_UNKNOWN_PROTOCOLS?: boolean | undefined; + + /** + * Decide if self-closing tags in attributes are allowed. + * Usually removed due to a mXSS issue in jQuery 3.0. + */ + ALLOW_SELF_CLOSE_IN_ATTR?: boolean | undefined; + + /** + * Allow only specific attributes. + */ + ALLOWED_ATTR?: string[] | undefined; + + /** + * Allow only specific elements. + */ + ALLOWED_TAGS?: string[] | undefined; + + /** + * Allow only specific namespaces. Defaults to: + * - `http://www.w3.org/1999/xhtml` + * - `http://www.w3.org/2000/svg` + * - `http://www.w3.org/1998/Math/MathML` + */ + ALLOWED_NAMESPACES?: string[] | undefined; + + /** + * Allow specific protocols handlers in URL attributes via regex (be careful, XSS risk). + * Default RegExp: + * ``` + * /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i; + * ``` + */ + ALLOWED_URI_REGEXP?: RegExp | undefined; + + /** + * Define how custom elements are handled. + */ + CUSTOM_ELEMENT_HANDLING?: { + /** + * Regular expression or function to match to allowed elements. + * Default is null (disallow any custom elements). + */ + tagNameCheck?: RegExp | ((tagName: string) => boolean) | null | undefined; + + /** + * Regular expression or function to match to allowed attributes. + * Default is null (disallow any attributes not on the allow list). + */ + attributeNameCheck?: + | RegExp + | ((attributeName: string) => boolean) + | null + | undefined; + + /** + * Allow custom elements derived from built-ins if they pass `tagNameCheck`. Default is false. + */ + allowCustomizedBuiltInElements?: boolean | undefined; + }; + + /** + * Add attributes to block-list. + */ + FORBID_ATTR?: string[] | undefined; + + /** + * Add child elements to be removed when their parent is removed. + */ + FORBID_CONTENTS?: string[] | undefined; + + /** + * Add elements to block-list. + */ + FORBID_TAGS?: string[] | undefined; + + /** + * Glue elements like style, script or others to `document.body` and prevent unintuitive browser behavior in several edge-cases (default is false). + */ + FORCE_BODY?: boolean | undefined; + + /** + * Map of non-standard HTML element names to support. Map to true to enable support. For example: + * + * ``` + * HTML_INTEGRATION_POINTS: { foreignobject: true } + * ``` + */ + HTML_INTEGRATION_POINTS?: Record | undefined; + + /** + * Sanitize a node "in place", which is much faster depending on how you use DOMPurify. + */ + IN_PLACE?: boolean | undefined; + + /** + * Keep an element's content when the element is removed (default is true). + */ + KEEP_CONTENT?: boolean | undefined; + + /** + * Map of MathML element names to support. Map to true to enable support. For example: + * + * ``` + * MATHML_TEXT_INTEGRATION_POINTS: { mtext: true } + * ``` + */ + MATHML_TEXT_INTEGRATION_POINTS?: Record | undefined; + + /** + * Change the default namespace from HTML to something different. + */ + NAMESPACE?: string | undefined; + + /** + * Change the parser type so sanitized data is treated as XML and not as HTML, which is the default. + */ + PARSER_MEDIA_TYPE?: DOMParserSupportedType | undefined; + + /** + * Return a DOM `DocumentFragment` instead of an HTML string (default is false). + */ + RETURN_DOM_FRAGMENT?: boolean | undefined; + + /** + * Return a DOM `HTMLBodyElement` instead of an HTML string (default is false). + */ + RETURN_DOM?: boolean | undefined; + + /** + * Return a TrustedHTML object instead of a string if possible. + */ + RETURN_TRUSTED_TYPE?: boolean | undefined; + + /** + * Strip `{{ ... }}`, `${ ... }` and `<% ... %>` to make output safe for template systems. + * Be careful please, this mode is not recommended for production usage. + * Allowing template parsing in user-controlled HTML is not advised at all. + * Only use this mode if there is really no alternative. + */ + SAFE_FOR_TEMPLATES?: boolean | undefined; + + /** + * Change how e.g. comments containing risky HTML characters are treated. + * Be very careful, this setting should only be set to `false` if you really only handle + * HTML and nothing else, no SVG, MathML or the like. + * Otherwise, changing from `true` to `false` will lead to XSS in this or some other way. + */ + SAFE_FOR_XML?: boolean | undefined; + + /** + * Use DOM Clobbering protection on output (default is true, handle with care, minor XSS risks here). + */ + SANITIZE_DOM?: boolean | undefined; + + /** + * Enforce strict DOM Clobbering protection via namespace isolation (default is false). + * When enabled, isolates the namespace of named properties (i.e., `id` and `name` attributes) + * from JS variables by prefixing them with the string `user-content-` + */ + SANITIZE_NAMED_PROPS?: boolean | undefined; + + /** + * Supplied policy must define `createHTML` and `createScriptURL`. + */ + TRUSTED_TYPES_POLICY?: TrustedTypePolicy | undefined; + + /** + * Controls categories of allowed elements. + * + * Note that the `USE_PROFILES` setting will override the `ALLOWED_TAGS` setting + * so don't use them together. + */ + USE_PROFILES?: false | UseProfilesConfig | undefined; + + /** + * Return entire document including tags (default is false). + */ + WHOLE_DOCUMENT?: boolean | undefined; +} + +/** + * Defines categories of allowed elements. + */ +export interface UseProfilesConfig { + /** + * Allow all safe MathML elements. + */ + mathMl?: boolean | undefined; + + /** + * Allow all safe SVG elements. + */ + svg?: boolean | undefined; + + /** + * Allow all save SVG Filters. + */ + svgFilters?: boolean | undefined; + + /** + * Allow all safe HTML elements. + */ + html?: boolean | undefined; +} From 6c15002da446c06e71c462d0fb4ff1c302da2d67 Mon Sep 17 00:00:00 2001 From: reduckted Date: Wed, 9 Oct 2024 21:36:44 +1000 Subject: [PATCH 06/10] Added type annotations to utils. --- src/utils.ts | 48 ++++++++++++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/src/utils.ts b/src/utils.ts index f601d47b7..6fe60579f 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -55,32 +55,36 @@ const typeErrorCreate = unconstruct(TypeError); /** * Creates a new function that calls the given function with a specified thisArg and arguments. * - * @param {Function} func - The function to be wrapped and called. - * @returns {Function} A new function that calls the given function with a specified thisArg and arguments. + * @param func - The function to be wrapped and called. + * @returns A new function that calls the given function with a specified thisArg and arguments. */ -function unapply(func) { +function unapply(func: Function): Function { return (thisArg, ...args) => apply(func, thisArg, args); } /** * Creates a new function that constructs an instance of the given constructor function with the provided arguments. * - * @param {Function} func - The constructor function to be wrapped and called. - * @returns {Function} A new function that constructs an instance of the given constructor function with the provided arguments. + * @param func - The constructor function to be wrapped and called. + * @returns A new function that constructs an instance of the given constructor function with the provided arguments. */ -function unconstruct(func) { +function unconstruct(func: Function): Function { return (...args) => construct(func, args); } /** * Add properties to a lookup table * - * @param {Object} set - The set to which elements will be added. - * @param {Array} array - The array containing elements to be added to the set. - * @param {Function} transformCaseFunc - An optional function to transform the case of each element before adding to the set. - * @returns {Object} The modified set with added elements. + * @param set - The set to which elements will be added. + * @param array - The array containing elements to be added to the set. + * @param transformCaseFunc - An optional function to transform the case of each element before adding to the set. + * @returns The modified set with added elements. */ -function addToSet(set, array, transformCaseFunc = stringToLowerCase) { +function addToSet( + set: Record, + array: readonly any[], + transformCaseFunc: Function = stringToLowerCase +): Record { if (setPrototypeOf) { // Make 'in' and truthy checks like Boolean(set.constructor) // independent of any properties defined on Object.prototype. @@ -96,7 +100,7 @@ function addToSet(set, array, transformCaseFunc = stringToLowerCase) { if (lcElement !== element) { // Config presets (e.g. tags.js, attrs.js) are immutable. if (!isFrozen(array)) { - array[l] = lcElement; + (array as any[])[l] = lcElement; } element = lcElement; @@ -112,10 +116,10 @@ function addToSet(set, array, transformCaseFunc = stringToLowerCase) { /** * Clean up an array to harden against CSPP * - * @param {Array} array - The array to be cleaned. - * @returns {Array} The cleaned version of the array + * @param array - The array to be cleaned. + * @returns The cleaned version of the array */ -function cleanArray(array) { +function cleanArray(array: any[]): any[] { for (let index = 0; index < array.length; index++) { const isPropertyExist = objectHasOwnProperty(array, index); @@ -130,10 +134,10 @@ function cleanArray(array) { /** * Shallow clone an object * - * @param {Object} object - The object to be cloned. - * @returns {Object} A new object that copies the original. + * @param object - The object to be cloned. + * @returns A new object that copies the original. */ -function clone(object) { +function clone(object: T): T { const newObject = create(null); for (const [property, value] of entries(object)) { @@ -160,11 +164,11 @@ function clone(object) { /** * This method automatically checks if the prop is function or getter and behaves accordingly. * - * @param {Object} object - The object to look up the getter function in its prototype chain. - * @param {String} prop - The property name for which to find the getter function. - * @returns {Function} The getter function found in the prototype chain or a fallback function. + * @param object - The object to look up the getter function in its prototype chain. + * @param prop - The property name for which to find the getter function. + * @returns The getter function found in the prototype chain or a fallback function. */ -function lookupGetter(object, prop) { +function lookupGetter(object: object, prop: string): Function { while (object !== null) { const desc = getOwnPropertyDescriptor(object, prop); From 702b3b2048180a9c07e37c3b034fdcb937b51c69 Mon Sep 17 00:00:00 2001 From: reduckted Date: Sat, 12 Oct 2024 21:21:32 +1000 Subject: [PATCH 07/10] Added type annotations to the public interface so that type declarations can be generated. --- src/purify.ts | 397 ++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 321 insertions(+), 76 deletions(-) diff --git a/src/purify.ts b/src/purify.ts index b4f777bc7..50ead1671 100644 --- a/src/purify.ts +++ b/src/purify.ts @@ -1,5 +1,6 @@ /* eslint-disable @typescript-eslint/indent */ +import type { Config, UseProfilesConfig } from './config'; import * as TAGS from './tags.js'; import * as ATTRS from './attrs.js'; import * as EXPRESSIONS from './regexp.js'; @@ -24,6 +25,8 @@ import { objectHasOwnProperty, } from './utils.js'; +declare const VERSION: string; + // https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType const NODE_TYPE = { element: 1, @@ -40,7 +43,7 @@ const NODE_TYPE = { notation: 12, // Deprecated }; -const getGlobal = function () { +const getGlobal = function (): WindowLike { return typeof window === 'undefined' ? null : window; }; @@ -91,19 +94,11 @@ const _createTrustedTypesPolicy = function (trustedTypes, purifyHostElement) { } }; -function createDOMPurify(window = getGlobal()) { - const DOMPurify = (root) => createDOMPurify(root); +function createDOMPurify(window: WindowLike = getGlobal()) { + const DOMPurify: DOMPurify = (root: WindowLike) => createDOMPurify(root); - /** - * Version label, exposed for easier checks - * if DOMPurify is up to date or not - */ DOMPurify.version = VERSION; - /** - * Array of elements that DOMPurify removed during sanitation. - * Empty if nothing was removed. - */ DOMPurify.removed = []; if ( @@ -121,14 +116,15 @@ function createDOMPurify(window = getGlobal()) { let { document } = window; const originalDocument = document; - const currentScript = originalDocument.currentScript; + const currentScript: HTMLScriptElement = + originalDocument.currentScript as HTMLScriptElement; const { DocumentFragment, HTMLTemplateElement, Node, Element, NodeFilter, - NamedNodeMap = window.NamedNodeMap || window.MozNamedAttrMap, + NamedNodeMap = window.NamedNodeMap || (window as any).MozNamedAttrMap, HTMLFormElement, DOMParser, trustedTypes, @@ -215,7 +211,7 @@ function createDOMPurify(window = getGlobal()) { ]); /* - * Configure how DOMPUrify should handle custom elements and their attributes as well as customized built-in elements. + * Configure how DOMPurify should handle custom elements and their attributes as well as customized built-in elements. * @property {RegExp|Function|null} tagNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any custom elements) * @property {RegExp|Function|null} attributeNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any attributes not on the allow list) * @property {boolean} allowCustomizedBuiltInElements allow custom elements derived from built-ins if they pass CUSTOM_ELEMENT_HANDLING.tagNameCheck. Default: `false`. @@ -325,7 +321,7 @@ function createDOMPurify(window = getGlobal()) { let IN_PLACE = false; /* Allow usage of profiles like html, svg and mathMl */ - let USE_PROFILES = {}; + let USE_PROFILES: UseProfilesConfig | false = {}; /* Tags to ignore content of when KEEP_CONTENT is true */ let FORBID_CONTENTS = null; @@ -431,7 +427,7 @@ function createDOMPurify(window = getGlobal()) { let transformCaseFunc = null; /* Keep a reference to config to pass to hooks */ - let CONFIG = null; + let CONFIG: Config | null = null; /* Ideally, do not touch anything below this line */ /* ______________________________________________ */ @@ -448,7 +444,7 @@ function createDOMPurify(window = getGlobal()) { * @param {Object} cfg optional config literal */ // eslint-disable-next-line complexity - const _parseConfig = function (cfg = {}) { + const _parseConfig = function (cfg: Config = {}) { if (CONFIG && CONFIG === cfg) { return; } @@ -979,15 +975,40 @@ function createDOMPurify(window = getGlobal()) { return typeof Node === 'function' && object instanceof Node; }; + // The following overloads of `_executeHook` add type-safety to the callers, + // ensuring that the caller provides the correct `data` parameter. + + function _executeHook( + entryPoint: BasicHookName, + currentNode: Node, + data: null + ): void; + + function _executeHook( + entryPoint: UponSanitizeElementHookName, + currentNode: Node, + data: UponSanitizeElementHookEvent + ): void; + + function _executeHook( + entryPoint: UponSanitizeAttributeHookName, + currentNode: Node, + data: UponSanitizeAttributeHookEvent + ): void; + /** * _executeHook * Execute user configurable hooks * - * @param {String} entryPoint Name of the hook's entry point - * @param {Node} currentNode node to work on with the hook + * @param entryPoint Name of the hook's entry point + * @param currentNode node to work on with the hook * @param {Object} data additional hook parameters */ - const _executeHook = function (entryPoint, currentNode, data) { + function _executeHook( + entryPoint: HookName, + currentNode: Node, + data: UponSanitizeAttributeHookEvent | UponSanitizeElementHookEvent | null + ) { if (!hooks[entryPoint]) { return; } @@ -995,7 +1016,7 @@ function createDOMPurify(window = getGlobal()) { arrayForEach(hooks[entryPoint], (hook) => { hook.call(DOMPurify, currentNode, data, CONFIG); }); - }; + } /** * _sanitizeElements @@ -1267,6 +1288,7 @@ function createDOMPurify(window = getGlobal()) { attrValue: '', keepAttr: true, allowedAttributes: ALLOWED_ATTR, + forceKeepAttr: undefined, }; let l = attributes.length; @@ -1417,13 +1439,6 @@ function createDOMPurify(window = getGlobal()) { _executeHook('afterSanitizeShadowDOM', fragment, null); }; - /** - * Sanitize - * Public method providing core sanitation functionality - * - * @param {String|Node} dirty string or DOM node - * @param {Object} cfg object - */ // eslint-disable-next-line complexity DOMPurify.sanitize = function (dirty, cfg = {}) { let body = null; @@ -1470,8 +1485,8 @@ function createDOMPurify(window = getGlobal()) { if (IN_PLACE) { /* Do some early pre-sanitization to avoid unsafe root nodes */ - if (dirty.nodeName) { - const tagName = transformCaseFunc(dirty.nodeName); + if ((dirty as Node).nodeName) { + const tagName = transformCaseFunc((dirty as Node).nodeName); if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) { throw typeErrorCreate( 'root node is forbidden and cannot be sanitized in-place' @@ -1601,37 +1616,16 @@ function createDOMPurify(window = getGlobal()) { : serializedHTML; }; - /** - * Public method to set the configuration once - * setConfig - * - * @param {Object} cfg configuration object - */ DOMPurify.setConfig = function (cfg = {}) { _parseConfig(cfg); SET_CONFIG = true; }; - /** - * Public method to remove the configuration - * clearConfig - * - */ DOMPurify.clearConfig = function () { CONFIG = null; SET_CONFIG = false; }; - /** - * Public method to check if an attribute value is valid. - * Uses last set config, if any. Otherwise, uses config defaults. - * isValidAttribute - * - * @param {String} tag Tag name of containing element. - * @param {String} attr Attribute name. - * @param {String} value Attribute value. - * @return {Boolean} Returns true if `value` is valid. Otherwise, returns false. - */ DOMPurify.isValidAttribute = function (tag, attr, value) { /* Initialize shared config vars if necessary. */ if (!CONFIG) { @@ -1643,13 +1637,6 @@ function createDOMPurify(window = getGlobal()) { return _isValidAttribute(lcTag, lcName, value); }; - /** - * AddHook - * Public method to add DOMPurify hooks - * - * @param {String} entryPoint entry point for the hook to add - * @param {Function} hookFunction function to execute - */ DOMPurify.addHook = function (entryPoint, hookFunction) { if (typeof hookFunction !== 'function') { return; @@ -1659,36 +1646,18 @@ function createDOMPurify(window = getGlobal()) { arrayPush(hooks[entryPoint], hookFunction); }; - /** - * RemoveHook - * Public method to remove a DOMPurify hook at a given entryPoint - * (pops it from the stack of hooks if more are present) - * - * @param {String} entryPoint entry point for the hook to remove - * @return {Function} removed(popped) hook - */ DOMPurify.removeHook = function (entryPoint) { if (hooks[entryPoint]) { return arrayPop(hooks[entryPoint]); } }; - /** - * RemoveHooks - * Public method to remove all DOMPurify hooks at a given entryPoint - * - * @param {String} entryPoint entry point for the hooks to remove - */ DOMPurify.removeHooks = function (entryPoint) { if (hooks[entryPoint]) { hooks[entryPoint] = []; } }; - /** - * RemoveAllHooks - * Public method to remove all DOMPurify hooks - */ DOMPurify.removeAllHooks = function () { hooks = {}; }; @@ -1697,3 +1666,279 @@ function createDOMPurify(window = getGlobal()) { } export default createDOMPurify(); + +interface DOMPurify { + /** + * Creates a DOMPurify instance using the given window-like object. + */ + (root: WindowLike): DOMPurify; + + /** + * Version label, exposed for easier checks + * if DOMPurify is up to date or not + */ + version: string; + + /** + * Array of elements that DOMPurify removed during sanitation. + * Empty if nothing was removed. + */ + removed: Array; + + /** + * Expose whether this browser supports running the full DOMPurify. + */ + isSupported: boolean; + + /** + * Set the configuration once. + * + * @param cfg configuration object + */ + setConfig(cfg?: Config): void; + + /** + * Removes the configuration. + */ + clearConfig(): void; + + /** + * Provides core sanitation functionality. + * + * @param dirty string or DOM node + * @param cfg object + * @return Sanitized TrustedHTML. + */ + sanitize( + dirty: string | Node, + cfg: Config & { RETURN_TRUSTED_TYPE: true } + ): TrustedHTML; + + /** + * Provides core sanitation functionality. + * + * @param dirty DOM node + * @param cfg object + * @return Sanitized DOM node. + */ + sanitize(dirty: Node, cfg: Config & { IN_PLACE: true }): Node; + + /** + * Provides core sanitation functionality. + * + * @param dirty string or DOM node + * @param cfg object + * @return Sanitized DOM node. + */ + sanitize(dirty: string | Node, cfg: Config & { RETURN_DOM: true }): Node; + + /** + * Provides core sanitation functionality. + * + * @param dirty string or DOM node + * @param cfg object + * @return Sanitized document fragment. + */ + sanitize( + dirty: string | Node, + cfg: Config & { RETURN_DOM_FRAGMENT: true } + ): DocumentFragment; + + /** + * Provides core sanitation functionality. + * + * @param dirty string or DOM node + * @param cfg object + * @return Sanitized string. + */ + sanitize(dirty: string | Node, cfg?: Config): string; + + /** + * Checks if an attribute value is valid. + * Uses last set config, if any. Otherwise, uses config defaults. + * + * @param tag Tag name of containing element. + * @param attr Attribute name. + * @param value Attribute value. + * @return Returns true if `value` is valid. Otherwise, returns false. + */ + isValidAttribute(tag: string, attr: string, value: string): boolean; + + /** + * Adds a DOMPurify hook. + * + * @param entryPoint entry point for the hook to add + * @param hookFunction function to execute + */ + addHook( + entryPoint: + | 'beforeSanitizeElements' + | 'afterSanitizeElements' + | 'beforeSanitizeAttributes' + | 'afterSanitizeAttributes' + | 'beforeSanitizeShadowDOM' + | 'uponSanitizeShadowNode' + | 'afterSanitizeShadowDOM', + hookFunction: Hook + ): void; + + /** + * Adds a DOMPurify hook. + * + * @param entryPoint entry point for the hook to add + * @param hookFunction function to execute + */ + addHook( + entryPoint: 'uponSanitizeElement', + hookFunction: UponSanitizeElementHook + ): void; + + /** + * Adds a DOMPurify hook. + * + * @param entryPoint entry point for the hook to add + * @param hookFunction function to execute + */ + addHook( + entryPoint: 'uponSanitizeAttribute', + hookFunction: UponSanitizeAttributeHook + ): void; + + /** + * Remove a DOMPurify hook at a given entryPoint + * (pops it from the stack of hooks if more are present) + * + * @param entryPoint entry point for the hook to remove + * @return removed(popped) hook + */ + removeHook(entryPoint: BasicHookName): Hook | undefined; + + /** + * Remove a DOMPurify hook at a given entryPoint + * (pops it from the stack of hooks if more are present) + * + * @param entryPoint entry point for the hook to remove + * @return removed(popped) hook + */ + removeHook( + entryPoint: 'uponSanitizeElement' + ): UponSanitizeElementHook | undefined; + + /** + * Remove a DOMPurify hook at a given entryPoint + * (pops it from the stack of hooks if more are present) + * + * @param entryPoint entry point for the hook to remove + * @return removed(popped) hook + */ + removeHook( + entryPoint: 'uponSanitizeAttribute' + ): UponSanitizeAttributeHook | undefined; + + /** + * Removes all DOMPurify hooks at a given entryPoint + * + * @param entryPoint entry point for the hooks to remove + */ + removeHooks(entryPoint: HookName): void; + + /** + * Removes all DOMPurify hooks. + */ + removeAllHooks(): void; +} + +/** + * An element removed by DOMPurify. + */ +export interface RemovedElement { + /** + * The element that was removed. + */ + element: Node; +} + +/** + * An element removed by DOMPurify. + */ +export interface RemovedAttribute { + /** + * The attribute that was removed. + */ + attribute: Attr | null; + + /** + * The element that the attribute was removed. + */ + from: Node; +} + +type BasicHookName = + | 'beforeSanitizeElements' + | 'afterSanitizeElements' + | 'beforeSanitizeAttributes' + | 'afterSanitizeAttributes' + | 'beforeSanitizeShadowDOM' + | 'uponSanitizeShadowNode' + | 'afterSanitizeShadowDOM'; + +type UponSanitizeElementHookName = 'uponSanitizeElement'; +type UponSanitizeAttributeHookName = 'uponSanitizeAttribute'; + +export type HookName = + | BasicHookName + | UponSanitizeElementHookName + | UponSanitizeAttributeHookName; + +export type Hook = ( + this: DOMPurify, + currentNode: Node, + hookEvent: null, + config: Config +) => void; + +export type UponSanitizeElementHook = ( + this: DOMPurify, + currentNode: Node, + hookEvent: UponSanitizeElementHookEvent, + config: Config +) => void; + +export type UponSanitizeAttributeHook = ( + this: DOMPurify, + currentNode: Node, + hookEvent: UponSanitizeAttributeHookEvent, + config: Config +) => void; + +export interface UponSanitizeElementHookEvent { + tagName: string; + allowedTags: Record; +} + +export interface UponSanitizeAttributeHookEvent { + attrName: string; + attrValue: string; + keepAttr: boolean; + allowedAttributes: Record; + forceKeepAttr: boolean | undefined; +} + +/** + * A `Window`-like object containing the properties and types that DOMPurify requires. + */ +export type WindowLike = Pick< + typeof globalThis, + | 'DocumentFragment' + | 'HTMLTemplateElement' + | 'Node' + | 'Element' + | 'NodeFilter' + | 'NamedNodeMap' + | 'HTMLFormElement' + | 'DOMParser' +> & { + document?: Document; + MozNamedAttrMap?: typeof window.NamedNodeMap; + trustedTypes?: typeof window.trustedTypes; +}; From 6e6063219c3538220f3e61b43c40452f44c8e0df Mon Sep 17 00:00:00 2001 From: reduckted Date: Thu, 17 Oct 2024 21:07:07 +1000 Subject: [PATCH 08/10] Updated Rollup dependencies and installed `rollup-plugin-dts`. --- README.md | 2 +- package-lock.json | 736 ++++++++++++++++++++-------------------------- package.json | 13 +- rollup.config.js | 2 +- 4 files changed, 331 insertions(+), 422 deletions(-) diff --git a/README.md b/README.md index 0b1f0c98a..f9ddbcdff 100644 --- a/README.md +++ b/README.md @@ -433,7 +433,7 @@ Feature releases will not be announced to this list. Many people helped and help DOMPurify become what it is and need to be acknowledged here! -[hash_kitten ❤️](https://twitter.com/hash_kitten), [kevin_mizu ❤️](https://twitter.com/kevin_mizu), [icesfont ❤️](https://github.com/icesfont) [dcramer 💸](https://github.com/dcramer), [JGraph 💸](https://github.com/jgraph), [baekilda 💸](https://github.com/baekilda), [Healthchecks 💸](https://github.com/healthchecks), [Sentry 💸](https://github.com/getsentry), [jarrodldavis 💸](https://github.com/jarrodldavis), [CynegeticIO](https://github.com/CynegeticIO), [ssi02014 ❤️](https://github.com/ssi02014), [GrantGryczan](https://github.com/GrantGryczan), [Lowdefy](https://twitter.com/lowdefy), [granlem](https://twitter.com/MaximeVeit), [oreoshake](https://github.com/oreoshake), [tdeekens ❤️](https://github.com/tdeekens), [peernohell ❤️](https://github.com/peernohell), [is2ei](https://github.com/is2ei), [SoheilKhodayari](https://github.com/SoheilKhodayari), [franktopel](https://github.com/franktopel), [NateScarlet](https://github.com/NateScarlet), [neilj](https://github.com/neilj), [fhemberger](https://github.com/fhemberger), [Joris-van-der-Wel](https://github.com/Joris-van-der-Wel), [ydaniv](https://github.com/ydaniv), [terjanq](https://twitter.com/terjanq), [filedescriptor](https://github.com/filedescriptor), [ConradIrwin](https://github.com/ConradIrwin), [gibson042](https://github.com/gibson042), [choumx](https://github.com/choumx), [0xSobky](https://github.com/0xSobky), [styfle](https://github.com/styfle), [koto](https://github.com/koto), [tlau88](https://github.com/tlau88), [strugee](https://github.com/strugee), [oparoz](https://github.com/oparoz), [mathiasbynens](https://github.com/mathiasbynens), [edg2s](https://github.com/edg2s), [dnkolegov](https://github.com/dnkolegov), [dhardtke](https://github.com/dhardtke), [wirehead](https://github.com/wirehead), [thorn0](https://github.com/thorn0), [styu](https://github.com/styu), [mozfreddyb](https://github.com/mozfreddyb), [mikesamuel](https://github.com/mikesamuel), [jorangreef](https://github.com/jorangreef), [jimmyhchan](https://github.com/jimmyhchan), [jameydeorio](https://github.com/jameydeorio), [jameskraus](https://github.com/jameskraus), [hyderali](https://github.com/hyderali), [hansottowirtz](https://github.com/hansottowirtz), [hackvertor](https://github.com/hackvertor), [freddyb](https://github.com/freddyb), [flavorjones](https://github.com/flavorjones), [djfarrelly](https://github.com/djfarrelly), [devd](https://github.com/devd), [camerondunford](https://github.com/camerondunford), [buu700](https://github.com/buu700), [buildog](https://github.com/buildog), [alabiaga](https://github.com/alabiaga), [Vector919](https://github.com/Vector919), [Robbert](https://github.com/Robbert), [GreLI](https://github.com/GreLI), [FuzzySockets](https://github.com/FuzzySockets), [ArtemBernatskyy](https://github.com/ArtemBernatskyy), [@garethheyes](https://twitter.com/garethheyes), [@shafigullin](https://twitter.com/shafigullin), [@mmrupp](https://twitter.com/mmrupp), [@irsdl](https://twitter.com/irsdl),[ShikariSenpai](https://github.com/ShikariSenpai), [ansjdnakjdnajkd](https://github.com/ansjdnakjdnajkd), [@asutherland](https://twitter.com/asutherland), [@mathias](https://twitter.com/mathias), [@cgvwzq](https://twitter.com/cgvwzq), [@robbertatwork](https://twitter.com/robbertatwork), [@giutro](https://twitter.com/giutro), [@CmdEngineer\_](https://twitter.com/CmdEngineer_), [@avr4mit](https://twitter.com/avr4mit) and especially [@securitymb ❤️](https://twitter.com/securitymb) & [@masatokinugawa ❤️](https://twitter.com/masatokinugawa) +[hash_kitten ❤️](https://twitter.com/hash_kitten), [kevin_mizu ❤️](https://twitter.com/kevin_mizu), [icesfont ❤️](https://github.com/icesfont) [dcramer 💸](https://github.com/dcramer), [JGraph 💸](https://github.com/jgraph), [baekilda 💸](https://github.com/baekilda), [Healthchecks 💸](https://github.com/healthchecks), [Sentry 💸](https://github.com/getsentry), [jarrodldavis 💸](https://github.com/jarrodldavis), [CynegeticIO](https://github.com/CynegeticIO), [ssi02014 ❤️](https://github.com/ssi02014), [GrantGryczan](https://github.com/GrantGryczan), [Lowdefy](https://twitter.com/lowdefy), [granlem](https://twitter.com/MaximeVeit), [oreoshake](https://github.com/oreoshake), [tdeekens ❤️](https://github.com/tdeekens), [peernohell ❤️](https://github.com/peernohell), [is2ei](https://github.com/is2ei), [SoheilKhodayari](https://github.com/SoheilKhodayari), [franktopel](https://github.com/franktopel), [NateScarlet](https://github.com/NateScarlet), [neilj](https://github.com/neilj), [fhemberger](https://github.com/fhemberger), [Joris-van-der-Wel](https://github.com/Joris-van-der-Wel), [ydaniv](https://github.com/ydaniv), [terjanq](https://twitter.com/terjanq), [filedescriptor](https://github.com/filedescriptor), [ConradIrwin](https://github.com/ConradIrwin), [gibson042](https://github.com/gibson042), [choumx](https://github.com/choumx), [0xSobky](https://github.com/0xSobky), [styfle](https://github.com/styfle), [koto](https://github.com/koto), [tlau88](https://github.com/tlau88), [strugee](https://github.com/strugee), [oparoz](https://github.com/oparoz), [mathiasbynens](https://github.com/mathiasbynens), [edg2s](https://github.com/edg2s), [dnkolegov](https://github.com/dnkolegov), [dhardtke](https://github.com/dhardtke), [wirehead](https://github.com/wirehead), [thorn0](https://github.com/thorn0), [styu](https://github.com/styu), [mozfreddyb](https://github.com/mozfreddyb), [mikesamuel](https://github.com/mikesamuel), [jorangreef](https://github.com/jorangreef), [jimmyhchan](https://github.com/jimmyhchan), [jameydeorio](https://github.com/jameydeorio), [jameskraus](https://github.com/jameskraus), [hyderali](https://github.com/hyderali), [hansottowirtz](https://github.com/hansottowirtz), [hackvertor](https://github.com/hackvertor), [freddyb](https://github.com/freddyb), [flavorjones](https://github.com/flavorjones), [djfarrelly](https://github.com/djfarrelly), [devd](https://github.com/devd), [camerondunford](https://github.com/camerondunford), [buu700](https://github.com/buu700), [buildog](https://github.com/buildog), [alabiaga](https://github.com/alabiaga), [Vector919](https://github.com/Vector919), [Robbert](https://github.com/Robbert), [GreLI](https://github.com/GreLI), [FuzzySockets](https://github.com/FuzzySockets), [ArtemBernatskyy](https://github.com/ArtemBernatskyy), [@garethheyes](https://twitter.com/garethheyes), [@shafigullin](https://twitter.com/shafigullin), [@mmrupp](https://twitter.com/mmrupp), [@irsdl](https://twitter.com/irsdl),[ShikariSenpai](https://github.com/ShikariSenpai), [ansjdnakjdnajkd](https://github.com/ansjdnakjdnajkd), [@asutherland](https://twitter.com/asutherland), [@mathias](https://twitter.com/mathias), [@cgvwzq](https://twitter.com/cgvwzq), [@robbertatwork](https://twitter.com/robbertatwork), [@giutro](https://twitter.com/giutro), [@CmdEngineer\_](https://twitter.com/CmdEngineer_), [@avr4mit](https://twitter.com/avr4mit) and especially [@securitymb ❤️](https://twitter.com/securitymb) & [@masatokinugawa ❤️](https://twitter.com/masatokinugawa) ## Testing powered by diff --git a/package-lock.json b/package-lock.json index 0daed0fae..d5c8fff0b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,9 +11,10 @@ "devDependencies": { "@babel/core": "^7.17.8", "@babel/preset-env": "^7.16.11", - "@rollup/plugin-babel": "^5.3.1", - "@rollup/plugin-node-resolve": "^13.1.3", - "@rollup/plugin-replace": "^4.0.0", + "@rollup/plugin-babel": "^6.0.4", + "@rollup/plugin-node-resolve": "^15.3.0", + "@rollup/plugin-replace": "^6.0.1", + "@rollup/plugin-terser": "^0.4.4", "@types/estree": "^1.0.0", "@types/trusted-types": "^2.0.7", "cross-env": "^7.0.3", @@ -35,9 +36,9 @@ "qunit": "^2.4.1", "qunit-tap": "^1.5.0", "rimraf": "^3.0.2", - "rollup": "^2.70.1", - "rollup-plugin-includepaths": "^0.2.3", - "rollup-plugin-terser": "^7.0.2", + "rollup": "^3.29.5", + "rollup-plugin-dts": "^6.1.1", + "rollup-plugin-includepaths": "^0.2.4", "rollup-plugin-typescript2": "^0.36.0", "tslib": "^2.7.0", "typescript": "^5.6.3", @@ -66,71 +67,18 @@ } }, "node_modules/@babel/code-frame": { - "version": "7.22.13", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.22.13.tgz", - "integrity": "sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.25.7.tgz", + "integrity": "sha512-0xZJFNE5XMpENsgfHYTw8FbX4kv53mFLn2i3XPoq69LyhYSCBJtitaHx9QnsVTrsogI4Z3+HtEfZ2/GFPOtf5g==", "dev": true, "dependencies": { - "@babel/highlight": "^7.22.13", - "chalk": "^2.4.2" + "@babel/highlight": "^7.25.7", + "picocolors": "^1.0.0" }, "engines": { "node": ">=6.9.0" } }, - "node_modules/@babel/code-frame/node_modules/ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "dev": true, - "dependencies": { - "color-convert": "^1.9.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/code-frame/node_modules/chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "dev": true, - "dependencies": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/code-frame/node_modules/color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "dev": true, - "dependencies": { - "color-name": "1.1.3" - } - }, - "node_modules/@babel/code-frame/node_modules/color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==", - "dev": true - }, - "node_modules/@babel/code-frame/node_modules/supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "dev": true, - "dependencies": { - "has-flag": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/@babel/compat-data": { "version": "7.17.7", "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.17.7.tgz", @@ -201,31 +149,20 @@ } }, "node_modules/@babel/generator": { - "version": "7.23.0", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.23.0.tgz", - "integrity": "sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.25.7.tgz", + "integrity": "sha512-5Dqpl5fyV9pIAD62yK9P7fcA768uVPUyrQmqpqstHWgMma4feF1x/oFysBCVZLY5wJ2GkMUCdsNDnGZrPoR6rA==", "dev": true, "dependencies": { - "@babel/types": "^7.23.0", - "@jridgewell/gen-mapping": "^0.3.2", - "@jridgewell/trace-mapping": "^0.3.17", - "jsesc": "^2.5.1" + "@babel/types": "^7.25.7", + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.25", + "jsesc": "^3.0.2" }, "engines": { "node": ">=6.9.0" } }, - "node_modules/@babel/generator/node_modules/jsesc": { - "version": "2.5.2", - "dev": true, - "license": "MIT", - "bin": { - "jsesc": "bin/jsesc" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/@babel/helper-annotate-as-pure": { "version": "7.16.7", "resolved": "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.16.7.tgz", @@ -425,12 +362,13 @@ } }, "node_modules/@babel/helper-module-imports": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.16.7.tgz", - "integrity": "sha512-LVtS6TqjJHFc+nYeITRo6VLXve70xmq7wPhWTqDJusJEgGmkAACWwMiTNrvfoQo6hEhFwAIixNkvB0jPXDL8Wg==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.25.7.tgz", + "integrity": "sha512-o0xCgpNmRohmnoWKQ0Ij8IdddjyBFE4T2kagL/x6M3+4zUgc+4qTOUBoNe4XxDskt1HPKO007ZPiMgLDq2s7Kw==", "dev": true, "dependencies": { - "@babel/types": "^7.16.7" + "@babel/traverse": "^7.25.7", + "@babel/types": "^7.25.7" }, "engines": { "node": ">=6.9.0" @@ -543,18 +481,18 @@ } }, "node_modules/@babel/helper-string-parser": { - "version": "7.22.5", - "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz", - "integrity": "sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.7.tgz", + "integrity": "sha512-CbkjYdsJNHFk8uqpEkpCvRs3YRp9tY6FmFY7wLMSYuGYkrdUi7r2lc4/wqsvlHoMznX3WJ9IP8giGPq68T/Y6g==", "dev": true, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-validator-identifier": { - "version": "7.22.20", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", - "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.7.tgz", + "integrity": "sha512-AM6TzwYqGChO45oiuPqwL2t20/HdMC1rTPAesnBCgPCSF1x3oN9MVUwQV2iyz4xqWrctwK5RNC8LV22kaQCNYg==", "dev": true, "engines": { "node": ">=6.9.0" @@ -599,14 +537,15 @@ } }, "node_modules/@babel/highlight": { - "version": "7.22.20", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.20.tgz", - "integrity": "sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.25.7.tgz", + "integrity": "sha512-iYyACpW3iW8Fw+ZybQK+drQre+ns/tKpXbNESfrhNnPLIklLbXr7MYJ6gPEd0iETGLOK+SxMjVvKb/ffmk+FEw==", "dev": true, "dependencies": { - "@babel/helper-validator-identifier": "^7.22.20", + "@babel/helper-validator-identifier": "^7.25.7", "chalk": "^2.4.2", - "js-tokens": "^4.0.0" + "js-tokens": "^4.0.0", + "picocolors": "^1.0.0" }, "engines": { "node": ">=6.9.0" @@ -666,10 +605,13 @@ } }, "node_modules/@babel/parser": { - "version": "7.23.0", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.0.tgz", - "integrity": "sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw==", + "version": "7.25.8", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.25.8.tgz", + "integrity": "sha512-HcttkxzdPucv3nNFmfOOMfFf64KgdJVqm1KaCm25dPGMLElo9nsLvXeJECQg8UzPuBGLyTSA0ZzqCtDSzKTEoQ==", "dev": true, + "dependencies": { + "@babel/types": "^7.25.8" + }, "bin": { "parser": "bin/babel-parser.js" }, @@ -1781,34 +1723,31 @@ "dev": true }, "node_modules/@babel/template": { - "version": "7.22.15", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz", - "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.25.7.tgz", + "integrity": "sha512-wRwtAgI3bAS+JGU2upWNL9lSlDcRCqD05BZ1n3X2ONLH1WilFP6O1otQjeMK/1g0pvYcXC7b/qVUB1keofjtZA==", "dev": true, "dependencies": { - "@babel/code-frame": "^7.22.13", - "@babel/parser": "^7.22.15", - "@babel/types": "^7.22.15" + "@babel/code-frame": "^7.25.7", + "@babel/parser": "^7.25.7", + "@babel/types": "^7.25.7" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/traverse": { - "version": "7.23.2", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.2.tgz", - "integrity": "sha512-azpe59SQ48qG6nu2CzcMLbxUudtN+dOM9kDbUqGq3HXUJRlo7i8fvPoxQUzYgLZ4cMVmuZgm8vvBpNeRhd6XSw==", - "dev": true, - "dependencies": { - "@babel/code-frame": "^7.22.13", - "@babel/generator": "^7.23.0", - "@babel/helper-environment-visitor": "^7.22.20", - "@babel/helper-function-name": "^7.23.0", - "@babel/helper-hoist-variables": "^7.22.5", - "@babel/helper-split-export-declaration": "^7.22.6", - "@babel/parser": "^7.23.0", - "@babel/types": "^7.23.0", - "debug": "^4.1.0", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.25.7.tgz", + "integrity": "sha512-jatJPT1Zjqvh/1FyJs6qAHL+Dzb7sTb+xr7Q+gM1b+1oBsMsQQ4FkVKb6dFlJvLlVssqkRzV05Jzervt9yhnzg==", + "dev": true, + "dependencies": { + "@babel/code-frame": "^7.25.7", + "@babel/generator": "^7.25.7", + "@babel/parser": "^7.25.7", + "@babel/template": "^7.25.7", + "@babel/types": "^7.25.7", + "debug": "^4.3.1", "globals": "^11.1.0" }, "engines": { @@ -1845,13 +1784,13 @@ "license": "MIT" }, "node_modules/@babel/types": { - "version": "7.23.0", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.0.tgz", - "integrity": "sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg==", + "version": "7.25.8", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.25.8.tgz", + "integrity": "sha512-JWtuCu8VQsMladxVz/P4HzHUGCAwpuqacmowgXFs5XjxIgKuNjnLokQzuVjlTvIzODaDmpjT3oxcC48vyk9EWg==", "dev": true, "dependencies": { - "@babel/helper-string-parser": "^7.22.5", - "@babel/helper-validator-identifier": "^7.22.20", + "@babel/helper-string-parser": "^7.25.7", + "@babel/helper-validator-identifier": "^7.25.7", "to-fast-properties": "^2.0.0" }, "engines": { @@ -2051,9 +1990,9 @@ } }, "node_modules/@jridgewell/sourcemap-codec": { - "version": "1.4.15", - "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", - "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==", + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.0.tgz", + "integrity": "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ==", "dev": true }, "node_modules/@jridgewell/trace-mapping": { @@ -2102,89 +2041,128 @@ } }, "node_modules/@rollup/plugin-babel": { - "version": "5.3.1", - "resolved": "https://registry.npmjs.org/@rollup/plugin-babel/-/plugin-babel-5.3.1.tgz", - "integrity": "sha512-WFfdLWU/xVWKeRQnKmIAQULUI7Il0gZnBIH/ZFO069wYIfPu+8zrfp/KMW0atmELoRDq8FbiP3VCss9MhCut7Q==", + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/@rollup/plugin-babel/-/plugin-babel-6.0.4.tgz", + "integrity": "sha512-YF7Y52kFdFT/xVSuVdjkV5ZdX/3YtmX0QulG+x0taQOtJdHYzVU61aSSkAgVJ7NOv6qPkIYiJSgSWWN/DM5sGw==", "dev": true, "dependencies": { - "@babel/helper-module-imports": "^7.10.4", - "@rollup/pluginutils": "^3.1.0" + "@babel/helper-module-imports": "^7.18.6", + "@rollup/pluginutils": "^5.0.1" }, "engines": { - "node": ">= 10.0.0" + "node": ">=14.0.0" }, "peerDependencies": { "@babel/core": "^7.0.0", "@types/babel__core": "^7.1.9", - "rollup": "^1.20.0||^2.0.0" + "rollup": "^1.20.0||^2.0.0||^3.0.0||^4.0.0" }, "peerDependenciesMeta": { "@types/babel__core": { "optional": true + }, + "rollup": { + "optional": true } } }, "node_modules/@rollup/plugin-node-resolve": { - "version": "13.3.0", - "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-13.3.0.tgz", - "integrity": "sha512-Lus8rbUo1eEcnS4yTFKLZrVumLPY+YayBdWXgFSHYhTT2iJbMhoaaBL3xl5NCdeRytErGr8tZ0L71BMRmnlwSw==", + "version": "15.3.0", + "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-15.3.0.tgz", + "integrity": "sha512-9eO5McEICxMzJpDW9OnMYSv4Sta3hmt7VtBFz5zR9273suNOydOyq/FrGeGy+KsTRFm8w0SLVhzig2ILFT63Ag==", "dev": true, "dependencies": { - "@rollup/pluginutils": "^3.1.0", - "@types/resolve": "1.17.1", + "@rollup/pluginutils": "^5.0.1", + "@types/resolve": "1.20.2", "deepmerge": "^4.2.2", - "is-builtin-module": "^3.1.0", "is-module": "^1.0.0", - "resolve": "^1.19.0" + "resolve": "^1.22.1" }, "engines": { - "node": ">= 10.0.0" + "node": ">=14.0.0" }, "peerDependencies": { - "rollup": "^2.42.0" + "rollup": "^2.78.0||^3.0.0||^4.0.0" + }, + "peerDependenciesMeta": { + "rollup": { + "optional": true + } } }, "node_modules/@rollup/plugin-replace": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@rollup/plugin-replace/-/plugin-replace-4.0.0.tgz", - "integrity": "sha512-+rumQFiaNac9y64OHtkHGmdjm7us9bo1PlbgQfdihQtuNxzjpaB064HbRnewUOggLQxVCCyINfStkgmBeQpv1g==", + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/@rollup/plugin-replace/-/plugin-replace-6.0.1.tgz", + "integrity": "sha512-2sPh9b73dj5IxuMmDAsQWVFT7mR+yoHweBaXG2W/R8vQ+IWZlnaI7BR7J6EguVQUp1hd8Z7XuozpDjEKQAAC2Q==", "dev": true, "dependencies": { - "@rollup/pluginutils": "^3.1.0", - "magic-string": "^0.25.7" + "@rollup/pluginutils": "^5.0.1", + "magic-string": "^0.30.3" + }, + "engines": { + "node": ">=14.0.0" }, "peerDependencies": { - "rollup": "^1.20.0 || ^2.0.0" + "rollup": "^1.20.0||^2.0.0||^3.0.0||^4.0.0" + }, + "peerDependenciesMeta": { + "rollup": { + "optional": true + } } }, - "node_modules/@rollup/pluginutils": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-3.1.0.tgz", - "integrity": "sha512-GksZ6pr6TpIjHm8h9lSQ8pi8BE9VeubNT0OMJ3B5uZJ8pz73NPiqOtCog/x2/QzM1ENChPKxMDhiQuRHsqc+lg==", + "node_modules/@rollup/plugin-terser": { + "version": "0.4.4", + "resolved": "https://registry.npmjs.org/@rollup/plugin-terser/-/plugin-terser-0.4.4.tgz", + "integrity": "sha512-XHeJC5Bgvs8LfukDwWZp7yeqin6ns8RTl2B9avbejt6tZqsqvVoWI7ZTQrcNsfKEDWBTnTxM8nMDkO2IFFbd0A==", "dev": true, "dependencies": { - "@types/estree": "0.0.39", - "estree-walker": "^1.0.1", - "picomatch": "^2.2.2" + "serialize-javascript": "^6.0.1", + "smob": "^1.0.0", + "terser": "^5.17.4" }, "engines": { - "node": ">= 8.0.0" + "node": ">=14.0.0" }, "peerDependencies": { - "rollup": "^1.20.0||^2.0.0" + "rollup": "^2.0.0||^3.0.0||^4.0.0" + }, + "peerDependenciesMeta": { + "rollup": { + "optional": true + } } }, - "node_modules/@rollup/pluginutils/node_modules/@types/estree": { - "version": "0.0.39", - "resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.39.tgz", - "integrity": "sha512-EYNwp3bU+98cpU4lAWYYL7Zz+2gryWH1qbdDTidVd6hkiR6weksdbMadyXKXNPEkQFhXM+hVO9ZygomHXp+AIw==", - "dev": true + "node_modules/@rollup/plugin-terser/node_modules/serialize-javascript": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz", + "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==", + "dev": true, + "dependencies": { + "randombytes": "^2.1.0" + } }, - "node_modules/@rollup/pluginutils/node_modules/estree-walker": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-1.0.1.tgz", - "integrity": "sha512-1fMXF3YP4pZZVozF8j/ZLfvnR8NSIljt56UhbZ5PeeDmmGHpgpdwQt7ITlGvYaQukCvuBRMLEiKiYC+oeIg4cg==", - "dev": true + "node_modules/@rollup/pluginutils": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-5.1.2.tgz", + "integrity": "sha512-/FIdS3PyZ39bjZlwqFnWqCOVnW7o963LtKMwQOD0NhQqw22gSr2YY1afu3FxRip4ZCZNsD5jq6Aaz6QV3D/Njw==", + "dev": true, + "dependencies": { + "@types/estree": "^1.0.0", + "estree-walker": "^2.0.2", + "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=14.0.0" + }, + "peerDependencies": { + "rollup": "^1.20.0||^2.0.0||^3.0.0||^4.0.0" + }, + "peerDependenciesMeta": { + "rollup": { + "optional": true + } + } }, "node_modules/@socket.io/component-emitter": { "version": "3.1.2", @@ -2260,13 +2238,10 @@ "dev": true }, "node_modules/@types/resolve": { - "version": "1.17.1", - "resolved": "https://registry.npmjs.org/@types/resolve/-/resolve-1.17.1.tgz", - "integrity": "sha512-yy7HuzQhj0dhGpD8RLXSZWEkLsV9ibvxvi6EiJ3bkqLAO1RGo0WbkWQiwpRlSFymTJRz0d3k5LM3kkx8ArDbLw==", - "dev": true, - "dependencies": { - "@types/node": "*" - } + "version": "1.20.2", + "resolved": "https://registry.npmjs.org/@types/resolve/-/resolve-1.20.2.tgz", + "integrity": "sha512-60BCwRFOZCQhDncwQdxxeOEEkbc5dIMccYLwbxsS4TUNeVECQ/pBJ0j09mrHOl/JJvpRPGwO9SvE4nR2Nb/a4Q==", + "dev": true }, "node_modules/@types/trusted-types": { "version": "2.0.7", @@ -6309,19 +6284,6 @@ "dev": true, "license": "ISC" }, - "node_modules/jest-worker": { - "version": "26.6.2", - "dev": true, - "license": "MIT", - "dependencies": { - "@types/node": "*", - "merge-stream": "^2.0.0", - "supports-color": "^7.0.0" - }, - "engines": { - "node": ">= 10.13.0" - } - }, "node_modules/jquery": { "version": "3.6.0", "dev": true, @@ -6822,12 +6784,12 @@ } }, "node_modules/magic-string": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.25.9.tgz", - "integrity": "sha512-RmF0AsMzgt25qzqqLc1+MbHmhdx0ojF2Fvs4XnOqz2ZOBXzzkEwc/dJQZCYHAn7v1jbVOjAZfK8msRn4BxO4VQ==", + "version": "0.30.12", + "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.12.tgz", + "integrity": "sha512-Ea8I3sQMVXr8JhN4z+H/d8zwo+tYDgHE9+5G4Wnrwhs0gaK9fXTKx0Tw5Xwsd/bCPTTZNRAdpyzvoeORe9LYpw==", "dev": true, "dependencies": { - "sourcemap-codec": "^1.4.8" + "@jridgewell/sourcemap-codec": "^1.5.0" } }, "node_modules/make-dir": { @@ -8565,8 +8527,10 @@ }, "node_modules/rimraf": { "version": "3.0.2", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", + "deprecated": "Rimraf versions prior to v4 are no longer supported", "dev": true, - "license": "ISC", "dependencies": { "glob": "^7.1.3" }, @@ -8578,39 +8542,48 @@ } }, "node_modules/rollup": { - "version": "2.79.1", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.79.1.tgz", - "integrity": "sha512-uKxbd0IhMZOhjAiD5oAFp7BqvkA4Dv47qpOCtaNvng4HBwdbWtdOh8f5nZNuk2rp51PMGk3bzfWu5oayNEuYnw==", + "version": "3.29.5", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-3.29.5.tgz", + "integrity": "sha512-GVsDdsbJzzy4S/v3dqWPJ7EfvZJfCHiDqe80IyrF59LYuP+e6U1LJoUqeuqRbwAWoMNoXivMNeNAOf5E22VA1w==", "dev": true, "bin": { "rollup": "dist/bin/rollup" }, "engines": { - "node": ">=10.0.0" + "node": ">=14.18.0", + "npm": ">=8.0.0" }, "optionalDependencies": { "fsevents": "~2.3.2" } }, - "node_modules/rollup-plugin-includepaths": { - "version": "0.2.4", - "dev": true, - "license": "MIT" - }, - "node_modules/rollup-plugin-terser": { - "version": "7.0.2", + "node_modules/rollup-plugin-dts": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/rollup-plugin-dts/-/rollup-plugin-dts-6.1.1.tgz", + "integrity": "sha512-aSHRcJ6KG2IHIioYlvAOcEq6U99sVtqDDKVhnwt70rW6tsz3tv5OSjEiWcgzfsHdLyGXZ/3b/7b/+Za3Y6r1XA==", "dev": true, - "license": "MIT", "dependencies": { - "@babel/code-frame": "^7.10.4", - "jest-worker": "^26.2.1", - "serialize-javascript": "^4.0.0", - "terser": "^5.0.0" + "magic-string": "^0.30.10" + }, + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/Swatinem" + }, + "optionalDependencies": { + "@babel/code-frame": "^7.24.2" }, "peerDependencies": { - "rollup": "^2.0.0" + "rollup": "^3.29.4 || ^4", + "typescript": "^4.5 || ^5.0" } }, + "node_modules/rollup-plugin-includepaths": { + "version": "0.2.4", + "dev": true, + "license": "MIT" + }, "node_modules/rollup-plugin-typescript2": { "version": "0.36.0", "resolved": "https://registry.npmjs.org/rollup-plugin-typescript2/-/rollup-plugin-typescript2-0.36.0.tgz", @@ -8839,14 +8812,6 @@ "semver": "bin/semver" } }, - "node_modules/serialize-javascript": { - "version": "4.0.0", - "dev": true, - "license": "BSD-3-Clause", - "dependencies": { - "randombytes": "^2.1.0" - } - }, "node_modules/set-function-length": { "version": "1.2.2", "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", @@ -8930,6 +8895,12 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/smob": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/smob/-/smob-1.5.0.tgz", + "integrity": "sha512-g6T+p7QO8npa+/hNx9ohv1E5pVCmWrVCUzUXJyLdMmftX6ER0oiWY/w9knEonLpnOp6b6FenKnMfR8gqwWdwig==", + "dev": true + }, "node_modules/socket.io": { "version": "4.8.0", "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-4.8.0.tgz", @@ -9057,11 +9028,6 @@ "node": ">=0.10.0" } }, - "node_modules/sourcemap-codec": { - "version": "1.4.8", - "dev": true, - "license": "MIT" - }, "node_modules/spawn-sync": { "version": "1.0.15", "dev": true, @@ -11049,59 +11015,13 @@ } }, "@babel/code-frame": { - "version": "7.22.13", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.22.13.tgz", - "integrity": "sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.25.7.tgz", + "integrity": "sha512-0xZJFNE5XMpENsgfHYTw8FbX4kv53mFLn2i3XPoq69LyhYSCBJtitaHx9QnsVTrsogI4Z3+HtEfZ2/GFPOtf5g==", "dev": true, "requires": { - "@babel/highlight": "^7.22.13", - "chalk": "^2.4.2" - }, - "dependencies": { - "ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "dev": true, - "requires": { - "color-convert": "^1.9.0" - } - }, - "chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "dev": true, - "requires": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - } - }, - "color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "dev": true, - "requires": { - "color-name": "1.1.3" - } - }, - "color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==", - "dev": true - }, - "supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "dev": true, - "requires": { - "has-flag": "^3.0.0" - } - } + "@babel/highlight": "^7.25.7", + "picocolors": "^1.0.0" } }, "@babel/compat-data": { @@ -11153,21 +11073,15 @@ } }, "@babel/generator": { - "version": "7.23.0", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.23.0.tgz", - "integrity": "sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.25.7.tgz", + "integrity": "sha512-5Dqpl5fyV9pIAD62yK9P7fcA768uVPUyrQmqpqstHWgMma4feF1x/oFysBCVZLY5wJ2GkMUCdsNDnGZrPoR6rA==", "dev": true, "requires": { - "@babel/types": "^7.23.0", - "@jridgewell/gen-mapping": "^0.3.2", - "@jridgewell/trace-mapping": "^0.3.17", - "jsesc": "^2.5.1" - }, - "dependencies": { - "jsesc": { - "version": "2.5.2", - "dev": true - } + "@babel/types": "^7.25.7", + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.25", + "jsesc": "^3.0.2" } }, "@babel/helper-annotate-as-pure": { @@ -11317,12 +11231,13 @@ } }, "@babel/helper-module-imports": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.16.7.tgz", - "integrity": "sha512-LVtS6TqjJHFc+nYeITRo6VLXve70xmq7wPhWTqDJusJEgGmkAACWwMiTNrvfoQo6hEhFwAIixNkvB0jPXDL8Wg==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.25.7.tgz", + "integrity": "sha512-o0xCgpNmRohmnoWKQ0Ij8IdddjyBFE4T2kagL/x6M3+4zUgc+4qTOUBoNe4XxDskt1HPKO007ZPiMgLDq2s7Kw==", "dev": true, "requires": { - "@babel/types": "^7.16.7" + "@babel/traverse": "^7.25.7", + "@babel/types": "^7.25.7" } }, "@babel/helper-module-transforms": { @@ -11408,15 +11323,15 @@ } }, "@babel/helper-string-parser": { - "version": "7.22.5", - "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz", - "integrity": "sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.7.tgz", + "integrity": "sha512-CbkjYdsJNHFk8uqpEkpCvRs3YRp9tY6FmFY7wLMSYuGYkrdUi7r2lc4/wqsvlHoMznX3WJ9IP8giGPq68T/Y6g==", "dev": true }, "@babel/helper-validator-identifier": { - "version": "7.22.20", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", - "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.7.tgz", + "integrity": "sha512-AM6TzwYqGChO45oiuPqwL2t20/HdMC1rTPAesnBCgPCSF1x3oN9MVUwQV2iyz4xqWrctwK5RNC8LV22kaQCNYg==", "dev": true }, "@babel/helper-validator-option": { @@ -11449,14 +11364,15 @@ } }, "@babel/highlight": { - "version": "7.22.20", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.20.tgz", - "integrity": "sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.25.7.tgz", + "integrity": "sha512-iYyACpW3iW8Fw+ZybQK+drQre+ns/tKpXbNESfrhNnPLIklLbXr7MYJ6gPEd0iETGLOK+SxMjVvKb/ffmk+FEw==", "dev": true, "requires": { - "@babel/helper-validator-identifier": "^7.22.20", + "@babel/helper-validator-identifier": "^7.25.7", "chalk": "^2.4.2", - "js-tokens": "^4.0.0" + "js-tokens": "^4.0.0", + "picocolors": "^1.0.0" }, "dependencies": { "ansi-styles": { @@ -11506,10 +11422,13 @@ } }, "@babel/parser": { - "version": "7.23.0", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.0.tgz", - "integrity": "sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw==", - "dev": true + "version": "7.25.8", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.25.8.tgz", + "integrity": "sha512-HcttkxzdPucv3nNFmfOOMfFf64KgdJVqm1KaCm25dPGMLElo9nsLvXeJECQg8UzPuBGLyTSA0ZzqCtDSzKTEoQ==", + "dev": true, + "requires": { + "@babel/types": "^7.25.8" + } }, "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": { "version": "7.16.7", @@ -12258,31 +12177,28 @@ } }, "@babel/template": { - "version": "7.22.15", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz", - "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.25.7.tgz", + "integrity": "sha512-wRwtAgI3bAS+JGU2upWNL9lSlDcRCqD05BZ1n3X2ONLH1WilFP6O1otQjeMK/1g0pvYcXC7b/qVUB1keofjtZA==", "dev": true, "requires": { - "@babel/code-frame": "^7.22.13", - "@babel/parser": "^7.22.15", - "@babel/types": "^7.22.15" + "@babel/code-frame": "^7.25.7", + "@babel/parser": "^7.25.7", + "@babel/types": "^7.25.7" } }, "@babel/traverse": { - "version": "7.23.2", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.2.tgz", - "integrity": "sha512-azpe59SQ48qG6nu2CzcMLbxUudtN+dOM9kDbUqGq3HXUJRlo7i8fvPoxQUzYgLZ4cMVmuZgm8vvBpNeRhd6XSw==", - "dev": true, - "requires": { - "@babel/code-frame": "^7.22.13", - "@babel/generator": "^7.23.0", - "@babel/helper-environment-visitor": "^7.22.20", - "@babel/helper-function-name": "^7.23.0", - "@babel/helper-hoist-variables": "^7.22.5", - "@babel/helper-split-export-declaration": "^7.22.6", - "@babel/parser": "^7.23.0", - "@babel/types": "^7.23.0", - "debug": "^4.1.0", + "version": "7.25.7", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.25.7.tgz", + "integrity": "sha512-jatJPT1Zjqvh/1FyJs6qAHL+Dzb7sTb+xr7Q+gM1b+1oBsMsQQ4FkVKb6dFlJvLlVssqkRzV05Jzervt9yhnzg==", + "dev": true, + "requires": { + "@babel/code-frame": "^7.25.7", + "@babel/generator": "^7.25.7", + "@babel/parser": "^7.25.7", + "@babel/template": "^7.25.7", + "@babel/types": "^7.25.7", + "debug": "^4.3.1", "globals": "^11.1.0" }, "dependencies": { @@ -12304,13 +12220,13 @@ } }, "@babel/types": { - "version": "7.23.0", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.0.tgz", - "integrity": "sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg==", + "version": "7.25.8", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.25.8.tgz", + "integrity": "sha512-JWtuCu8VQsMladxVz/P4HzHUGCAwpuqacmowgXFs5XjxIgKuNjnLokQzuVjlTvIzODaDmpjT3oxcC48vyk9EWg==", "dev": true, "requires": { - "@babel/helper-string-parser": "^7.22.5", - "@babel/helper-validator-identifier": "^7.22.20", + "@babel/helper-string-parser": "^7.25.7", + "@babel/helper-validator-identifier": "^7.25.7", "to-fast-properties": "^2.0.0" }, "dependencies": { @@ -12451,9 +12367,9 @@ } }, "@jridgewell/sourcemap-codec": { - "version": "1.4.15", - "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", - "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==", + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.0.tgz", + "integrity": "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ==", "dev": true }, "@jridgewell/trace-mapping": { @@ -12493,64 +12409,71 @@ } }, "@rollup/plugin-babel": { - "version": "5.3.1", - "resolved": "https://registry.npmjs.org/@rollup/plugin-babel/-/plugin-babel-5.3.1.tgz", - "integrity": "sha512-WFfdLWU/xVWKeRQnKmIAQULUI7Il0gZnBIH/ZFO069wYIfPu+8zrfp/KMW0atmELoRDq8FbiP3VCss9MhCut7Q==", + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/@rollup/plugin-babel/-/plugin-babel-6.0.4.tgz", + "integrity": "sha512-YF7Y52kFdFT/xVSuVdjkV5ZdX/3YtmX0QulG+x0taQOtJdHYzVU61aSSkAgVJ7NOv6qPkIYiJSgSWWN/DM5sGw==", "dev": true, "requires": { - "@babel/helper-module-imports": "^7.10.4", - "@rollup/pluginutils": "^3.1.0" + "@babel/helper-module-imports": "^7.18.6", + "@rollup/pluginutils": "^5.0.1" } }, "@rollup/plugin-node-resolve": { - "version": "13.3.0", - "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-13.3.0.tgz", - "integrity": "sha512-Lus8rbUo1eEcnS4yTFKLZrVumLPY+YayBdWXgFSHYhTT2iJbMhoaaBL3xl5NCdeRytErGr8tZ0L71BMRmnlwSw==", + "version": "15.3.0", + "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-15.3.0.tgz", + "integrity": "sha512-9eO5McEICxMzJpDW9OnMYSv4Sta3hmt7VtBFz5zR9273suNOydOyq/FrGeGy+KsTRFm8w0SLVhzig2ILFT63Ag==", "dev": true, "requires": { - "@rollup/pluginutils": "^3.1.0", - "@types/resolve": "1.17.1", + "@rollup/pluginutils": "^5.0.1", + "@types/resolve": "1.20.2", "deepmerge": "^4.2.2", - "is-builtin-module": "^3.1.0", "is-module": "^1.0.0", - "resolve": "^1.19.0" + "resolve": "^1.22.1" } }, "@rollup/plugin-replace": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@rollup/plugin-replace/-/plugin-replace-4.0.0.tgz", - "integrity": "sha512-+rumQFiaNac9y64OHtkHGmdjm7us9bo1PlbgQfdihQtuNxzjpaB064HbRnewUOggLQxVCCyINfStkgmBeQpv1g==", + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/@rollup/plugin-replace/-/plugin-replace-6.0.1.tgz", + "integrity": "sha512-2sPh9b73dj5IxuMmDAsQWVFT7mR+yoHweBaXG2W/R8vQ+IWZlnaI7BR7J6EguVQUp1hd8Z7XuozpDjEKQAAC2Q==", "dev": true, "requires": { - "@rollup/pluginutils": "^3.1.0", - "magic-string": "^0.25.7" + "@rollup/pluginutils": "^5.0.1", + "magic-string": "^0.30.3" } }, - "@rollup/pluginutils": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-3.1.0.tgz", - "integrity": "sha512-GksZ6pr6TpIjHm8h9lSQ8pi8BE9VeubNT0OMJ3B5uZJ8pz73NPiqOtCog/x2/QzM1ENChPKxMDhiQuRHsqc+lg==", + "@rollup/plugin-terser": { + "version": "0.4.4", + "resolved": "https://registry.npmjs.org/@rollup/plugin-terser/-/plugin-terser-0.4.4.tgz", + "integrity": "sha512-XHeJC5Bgvs8LfukDwWZp7yeqin6ns8RTl2B9avbejt6tZqsqvVoWI7ZTQrcNsfKEDWBTnTxM8nMDkO2IFFbd0A==", "dev": true, "requires": { - "@types/estree": "0.0.39", - "estree-walker": "^1.0.1", - "picomatch": "^2.2.2" + "serialize-javascript": "^6.0.1", + "smob": "^1.0.0", + "terser": "^5.17.4" }, "dependencies": { - "@types/estree": { - "version": "0.0.39", - "resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.39.tgz", - "integrity": "sha512-EYNwp3bU+98cpU4lAWYYL7Zz+2gryWH1qbdDTidVd6hkiR6weksdbMadyXKXNPEkQFhXM+hVO9ZygomHXp+AIw==", - "dev": true - }, - "estree-walker": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-1.0.1.tgz", - "integrity": "sha512-1fMXF3YP4pZZVozF8j/ZLfvnR8NSIljt56UhbZ5PeeDmmGHpgpdwQt7ITlGvYaQukCvuBRMLEiKiYC+oeIg4cg==", - "dev": true + "serialize-javascript": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz", + "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==", + "dev": true, + "requires": { + "randombytes": "^2.1.0" + } } } }, + "@rollup/pluginutils": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-5.1.2.tgz", + "integrity": "sha512-/FIdS3PyZ39bjZlwqFnWqCOVnW7o963LtKMwQOD0NhQqw22gSr2YY1afu3FxRip4ZCZNsD5jq6Aaz6QV3D/Njw==", + "dev": true, + "requires": { + "@types/estree": "^1.0.0", + "estree-walker": "^2.0.2", + "picomatch": "^2.3.1" + } + }, "@socket.io/component-emitter": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/@socket.io/component-emitter/-/component-emitter-3.1.2.tgz", @@ -12619,13 +12542,10 @@ "dev": true }, "@types/resolve": { - "version": "1.17.1", - "resolved": "https://registry.npmjs.org/@types/resolve/-/resolve-1.17.1.tgz", - "integrity": "sha512-yy7HuzQhj0dhGpD8RLXSZWEkLsV9ibvxvi6EiJ3bkqLAO1RGo0WbkWQiwpRlSFymTJRz0d3k5LM3kkx8ArDbLw==", - "dev": true, - "requires": { - "@types/node": "*" - } + "version": "1.20.2", + "resolved": "https://registry.npmjs.org/@types/resolve/-/resolve-1.20.2.tgz", + "integrity": "sha512-60BCwRFOZCQhDncwQdxxeOEEkbc5dIMccYLwbxsS4TUNeVECQ/pBJ0j09mrHOl/JJvpRPGwO9SvE4nR2Nb/a4Q==", + "dev": true }, "@types/trusted-types": { "version": "2.0.7", @@ -15470,15 +15390,6 @@ "version": "2.0.0", "dev": true }, - "jest-worker": { - "version": "26.6.2", - "dev": true, - "requires": { - "@types/node": "*", - "merge-stream": "^2.0.0", - "supports-color": "^7.0.0" - } - }, "jquery": { "version": "3.6.0", "dev": true @@ -15833,12 +15744,12 @@ } }, "magic-string": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.25.9.tgz", - "integrity": "sha512-RmF0AsMzgt25qzqqLc1+MbHmhdx0ojF2Fvs4XnOqz2ZOBXzzkEwc/dJQZCYHAn7v1jbVOjAZfK8msRn4BxO4VQ==", + "version": "0.30.12", + "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.12.tgz", + "integrity": "sha512-Ea8I3sQMVXr8JhN4z+H/d8zwo+tYDgHE9+5G4Wnrwhs0gaK9fXTKx0Tw5Xwsd/bCPTTZNRAdpyzvoeORe9LYpw==", "dev": true, "requires": { - "sourcemap-codec": "^1.4.8" + "@jridgewell/sourcemap-codec": "^1.5.0" } }, "make-dir": { @@ -17008,34 +16919,36 @@ }, "rimraf": { "version": "3.0.2", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", "dev": true, "requires": { "glob": "^7.1.3" } }, "rollup": { - "version": "2.79.1", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.79.1.tgz", - "integrity": "sha512-uKxbd0IhMZOhjAiD5oAFp7BqvkA4Dv47qpOCtaNvng4HBwdbWtdOh8f5nZNuk2rp51PMGk3bzfWu5oayNEuYnw==", + "version": "3.29.5", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-3.29.5.tgz", + "integrity": "sha512-GVsDdsbJzzy4S/v3dqWPJ7EfvZJfCHiDqe80IyrF59LYuP+e6U1LJoUqeuqRbwAWoMNoXivMNeNAOf5E22VA1w==", "dev": true, "requires": { "fsevents": "~2.3.2" } }, - "rollup-plugin-includepaths": { - "version": "0.2.4", - "dev": true - }, - "rollup-plugin-terser": { - "version": "7.0.2", + "rollup-plugin-dts": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/rollup-plugin-dts/-/rollup-plugin-dts-6.1.1.tgz", + "integrity": "sha512-aSHRcJ6KG2IHIioYlvAOcEq6U99sVtqDDKVhnwt70rW6tsz3tv5OSjEiWcgzfsHdLyGXZ/3b/7b/+Za3Y6r1XA==", "dev": true, "requires": { - "@babel/code-frame": "^7.10.4", - "jest-worker": "^26.2.1", - "serialize-javascript": "^4.0.0", - "terser": "^5.0.0" + "@babel/code-frame": "^7.24.2", + "magic-string": "^0.30.10" } }, + "rollup-plugin-includepaths": { + "version": "0.2.4", + "dev": true + }, "rollup-plugin-typescript2": { "version": "0.36.0", "resolved": "https://registry.npmjs.org/rollup-plugin-typescript2/-/rollup-plugin-typescript2-0.36.0.tgz", @@ -17194,13 +17107,6 @@ "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", "dev": true }, - "serialize-javascript": { - "version": "4.0.0", - "dev": true, - "requires": { - "randombytes": "^2.1.0" - } - }, "set-function-length": { "version": "1.2.2", "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", @@ -17260,6 +17166,12 @@ "integrity": "sha512-n6KkmvKS0623igEVj3FF0OZs1gYYJ0o0Hj939yc1fyxl2xt+xYpLnzJB6xBSqOfV9ZFLEWodBBN/heZJahuIJQ==", "dev": true }, + "smob": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/smob/-/smob-1.5.0.tgz", + "integrity": "sha512-g6T+p7QO8npa+/hNx9ohv1E5pVCmWrVCUzUXJyLdMmftX6ER0oiWY/w9knEonLpnOp6b6FenKnMfR8gqwWdwig==", + "dev": true + }, "socket.io": { "version": "4.8.0", "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-4.8.0.tgz", @@ -17360,10 +17272,6 @@ } } }, - "sourcemap-codec": { - "version": "1.4.8", - "dev": true - }, "spawn-sync": { "version": "1.0.15", "dev": true, diff --git a/package.json b/package.json index e6a835906..1286aede6 100644 --- a/package.json +++ b/package.json @@ -79,9 +79,10 @@ "devDependencies": { "@babel/core": "^7.17.8", "@babel/preset-env": "^7.16.11", - "@rollup/plugin-babel": "^5.3.1", - "@rollup/plugin-node-resolve": "^13.1.3", - "@rollup/plugin-replace": "^4.0.0", + "@rollup/plugin-babel": "^6.0.4", + "@rollup/plugin-node-resolve": "^15.3.0", + "@rollup/plugin-replace": "^6.0.1", + "@rollup/plugin-terser": "^0.4.4", "@types/estree": "^1.0.0", "@types/trusted-types": "^2.0.7", "cross-env": "^7.0.3", @@ -103,9 +104,9 @@ "qunit": "^2.4.1", "qunit-tap": "^1.5.0", "rimraf": "^3.0.2", - "rollup": "^2.70.1", - "rollup-plugin-includepaths": "^0.2.3", - "rollup-plugin-terser": "^7.0.2", + "rollup": "^3.29.5", + "rollup-plugin-dts": "^6.1.1", + "rollup-plugin-includepaths": "^0.2.4", "rollup-plugin-typescript2": "^0.36.0", "tslib": "^2.7.0", "typescript": "^5.6.3", diff --git a/rollup.config.js b/rollup.config.js index 39cc438a9..c19c38738 100644 --- a/rollup.config.js +++ b/rollup.config.js @@ -3,7 +3,7 @@ const { DEFAULT_EXTENSIONS } = require('@babel/core'); const babel = require('@rollup/plugin-babel').babel; const nodeResolve = require('@rollup/plugin-node-resolve').nodeResolve; const replace = require('@rollup/plugin-replace'); -const { terser } = require('rollup-plugin-terser'); +const terser = require('@rollup/plugin-terser'); const typescript = require('rollup-plugin-typescript2'); const pkg = require('./package.json'); From faf296da9b412d93023dde1c8f86599cb7b13beb Mon Sep 17 00:00:00 2001 From: reduckted Date: Thu, 17 Oct 2024 21:18:02 +1000 Subject: [PATCH 09/10] Generated type declaration files. --- README.md | 6 +- dist/purify.cjs.d.ts | 401 ++++++++++++++++++++++++++++++++++ dist/purify.es.d.mts | 399 +++++++++++++++++++++++++++++++++ package.json | 20 +- rollup.config.js | 117 ++++++---- scripts/commit-amend-build.sh | 2 +- scripts/fix-cjs-types.js | 31 +++ test/karma.conf.js | 2 +- 8 files changed, 923 insertions(+), 55 deletions(-) create mode 100644 dist/purify.cjs.d.ts create mode 100644 dist/purify.es.d.mts create mode 100644 scripts/fix-cjs-types.js diff --git a/README.md b/README.md index f9ddbcdff..48229efab 100644 --- a/README.md +++ b/README.md @@ -57,10 +57,6 @@ Note that by default, we permit HTML, SVG **and** MathML. If you only need HTML, const clean = DOMPurify.sanitize(dirty, { USE_PROFILES: { html: true } }); ``` -### Where are the TypeScript type definitions? - -They can be found here: [@types/dompurify](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/dompurify) - ### Is there any foot-gun potential? Well, please note, if you _first_ sanitize HTML and then modify it _afterwards_, you might easily **void the effects of sanitization**. If you feed the sanitized markup to another library _after_ sanitization, please be certain that the library doesn't mess around with the HTML on its own. @@ -433,7 +429,7 @@ Feature releases will not be announced to this list. Many people helped and help DOMPurify become what it is and need to be acknowledged here! -[hash_kitten ❤️](https://twitter.com/hash_kitten), [kevin_mizu ❤️](https://twitter.com/kevin_mizu), [icesfont ❤️](https://github.com/icesfont) [dcramer 💸](https://github.com/dcramer), [JGraph 💸](https://github.com/jgraph), [baekilda 💸](https://github.com/baekilda), [Healthchecks 💸](https://github.com/healthchecks), [Sentry 💸](https://github.com/getsentry), [jarrodldavis 💸](https://github.com/jarrodldavis), [CynegeticIO](https://github.com/CynegeticIO), [ssi02014 ❤️](https://github.com/ssi02014), [GrantGryczan](https://github.com/GrantGryczan), [Lowdefy](https://twitter.com/lowdefy), [granlem](https://twitter.com/MaximeVeit), [oreoshake](https://github.com/oreoshake), [tdeekens ❤️](https://github.com/tdeekens), [peernohell ❤️](https://github.com/peernohell), [is2ei](https://github.com/is2ei), [SoheilKhodayari](https://github.com/SoheilKhodayari), [franktopel](https://github.com/franktopel), [NateScarlet](https://github.com/NateScarlet), [neilj](https://github.com/neilj), [fhemberger](https://github.com/fhemberger), [Joris-van-der-Wel](https://github.com/Joris-van-der-Wel), [ydaniv](https://github.com/ydaniv), [terjanq](https://twitter.com/terjanq), [filedescriptor](https://github.com/filedescriptor), [ConradIrwin](https://github.com/ConradIrwin), [gibson042](https://github.com/gibson042), [choumx](https://github.com/choumx), [0xSobky](https://github.com/0xSobky), [styfle](https://github.com/styfle), [koto](https://github.com/koto), [tlau88](https://github.com/tlau88), [strugee](https://github.com/strugee), [oparoz](https://github.com/oparoz), [mathiasbynens](https://github.com/mathiasbynens), [edg2s](https://github.com/edg2s), [dnkolegov](https://github.com/dnkolegov), [dhardtke](https://github.com/dhardtke), [wirehead](https://github.com/wirehead), [thorn0](https://github.com/thorn0), [styu](https://github.com/styu), [mozfreddyb](https://github.com/mozfreddyb), [mikesamuel](https://github.com/mikesamuel), [jorangreef](https://github.com/jorangreef), [jimmyhchan](https://github.com/jimmyhchan), [jameydeorio](https://github.com/jameydeorio), [jameskraus](https://github.com/jameskraus), [hyderali](https://github.com/hyderali), [hansottowirtz](https://github.com/hansottowirtz), [hackvertor](https://github.com/hackvertor), [freddyb](https://github.com/freddyb), [flavorjones](https://github.com/flavorjones), [djfarrelly](https://github.com/djfarrelly), [devd](https://github.com/devd), [camerondunford](https://github.com/camerondunford), [buu700](https://github.com/buu700), [buildog](https://github.com/buildog), [alabiaga](https://github.com/alabiaga), [Vector919](https://github.com/Vector919), [Robbert](https://github.com/Robbert), [GreLI](https://github.com/GreLI), [FuzzySockets](https://github.com/FuzzySockets), [ArtemBernatskyy](https://github.com/ArtemBernatskyy), [@garethheyes](https://twitter.com/garethheyes), [@shafigullin](https://twitter.com/shafigullin), [@mmrupp](https://twitter.com/mmrupp), [@irsdl](https://twitter.com/irsdl),[ShikariSenpai](https://github.com/ShikariSenpai), [ansjdnakjdnajkd](https://github.com/ansjdnakjdnajkd), [@asutherland](https://twitter.com/asutherland), [@mathias](https://twitter.com/mathias), [@cgvwzq](https://twitter.com/cgvwzq), [@robbertatwork](https://twitter.com/robbertatwork), [@giutro](https://twitter.com/giutro), [@CmdEngineer\_](https://twitter.com/CmdEngineer_), [@avr4mit](https://twitter.com/avr4mit) and especially [@securitymb ❤️](https://twitter.com/securitymb) & [@masatokinugawa ❤️](https://twitter.com/masatokinugawa) +[hash_kitten ❤️](https://twitter.com/hash_kitten), [kevin_mizu ❤️](https://twitter.com/kevin_mizu), [icesfont ❤️](https://github.com/icesfont) [dcramer 💸](https://github.com/dcramer), [JGraph 💸](https://github.com/jgraph), [baekilda 💸](https://github.com/baekilda), [Healthchecks 💸](https://github.com/healthchecks), [Sentry 💸](https://github.com/getsentry), [jarrodldavis 💸](https://github.com/jarrodldavis), [CynegeticIO](https://github.com/CynegeticIO), [ssi02014 ❤️](https://github.com/ssi02014), [GrantGryczan](https://github.com/GrantGryczan), [Lowdefy](https://twitter.com/lowdefy), [granlem](https://twitter.com/MaximeVeit), [oreoshake](https://github.com/oreoshake), [tdeekens ❤️](https://github.com/tdeekens), [peernohell ❤️](https://github.com/peernohell), [is2ei](https://github.com/is2ei), [SoheilKhodayari](https://github.com/SoheilKhodayari), [franktopel](https://github.com/franktopel), [NateScarlet](https://github.com/NateScarlet), [neilj](https://github.com/neilj), [fhemberger](https://github.com/fhemberger), [Joris-van-der-Wel](https://github.com/Joris-van-der-Wel), [ydaniv](https://github.com/ydaniv), [terjanq](https://twitter.com/terjanq), [filedescriptor](https://github.com/filedescriptor), [ConradIrwin](https://github.com/ConradIrwin), [gibson042](https://github.com/gibson042), [choumx](https://github.com/choumx), [0xSobky](https://github.com/0xSobky), [styfle](https://github.com/styfle), [koto](https://github.com/koto), [tlau88](https://github.com/tlau88), [strugee](https://github.com/strugee), [oparoz](https://github.com/oparoz), [mathiasbynens](https://github.com/mathiasbynens), [edg2s](https://github.com/edg2s), [dnkolegov](https://github.com/dnkolegov), [dhardtke](https://github.com/dhardtke), [wirehead](https://github.com/wirehead), [thorn0](https://github.com/thorn0), [styu](https://github.com/styu), [mozfreddyb](https://github.com/mozfreddyb), [mikesamuel](https://github.com/mikesamuel), [jorangreef](https://github.com/jorangreef), [jimmyhchan](https://github.com/jimmyhchan), [jameydeorio](https://github.com/jameydeorio), [jameskraus](https://github.com/jameskraus), [hyderali](https://github.com/hyderali), [hansottowirtz](https://github.com/hansottowirtz), [hackvertor](https://github.com/hackvertor), [freddyb](https://github.com/freddyb), [flavorjones](https://github.com/flavorjones), [djfarrelly](https://github.com/djfarrelly), [devd](https://github.com/devd), [camerondunford](https://github.com/camerondunford), [buu700](https://github.com/buu700), [buildog](https://github.com/buildog), [alabiaga](https://github.com/alabiaga), [Vector919](https://github.com/Vector919), [Robbert](https://github.com/Robbert), [GreLI](https://github.com/GreLI), [FuzzySockets](https://github.com/FuzzySockets), [ArtemBernatskyy](https://github.com/ArtemBernatskyy), [@garethheyes](https://twitter.com/garethheyes), [@shafigullin](https://twitter.com/shafigullin), [@mmrupp](https://twitter.com/mmrupp), [@irsdl](https://twitter.com/irsdl),[ShikariSenpai](https://github.com/ShikariSenpai), [ansjdnakjdnajkd](https://github.com/ansjdnakjdnajkd), [@asutherland](https://twitter.com/asutherland), [@mathias](https://twitter.com/mathias), [@cgvwzq](https://twitter.com/cgvwzq), [@robbertatwork](https://twitter.com/robbertatwork), [@giutro](https://twitter.com/giutro), [@CmdEngineer\_](https://twitter.com/CmdEngineer_), [@avr4mit](https://twitter.com/avr4mit) and especially [@securitymb ❤️](https://twitter.com/securitymb) & [@masatokinugawa ❤️](https://twitter.com/masatokinugawa) ## Testing powered by diff --git a/dist/purify.cjs.d.ts b/dist/purify.cjs.d.ts new file mode 100644 index 000000000..c1c1d7d66 --- /dev/null +++ b/dist/purify.cjs.d.ts @@ -0,0 +1,401 @@ +/*! @license DOMPurify 3.1.7 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.1.7/LICENSE */ + +/** + * Configuration to control DOMPurify behavior. + */ +interface Config { + /** + * Extend the existing array of allowed attributes. + */ + ADD_ATTR?: string[] | undefined; + /** + * Extend the existing array of elements that can use Data URIs. + */ + ADD_DATA_URI_TAGS?: string[] | undefined; + /** + * Extend the existing array of allowed tags. + */ + ADD_TAGS?: string[] | undefined; + /** + * Extend the existing array of elements that are safe for URI-like values (be careful, XSS risk). + */ + ADD_URI_SAFE_ATTR?: string[] | undefined; + /** + * Allow ARIA attributes, leave other safe HTML as is (default is true). + */ + ALLOW_ARIA_ATTR?: boolean | undefined; + /** + * Allow HTML5 data attributes, leave other safe HTML as is (default is true). + */ + ALLOW_DATA_ATTR?: boolean | undefined; + /** + * Allow external protocol handlers in URL attributes (default is false, be careful, XSS risk). + * By default only `http`, `https`, `ftp`, `ftps`, `tel`, `mailto`, `callto`, `sms`, `cid` and `xmpp` are allowed. + */ + ALLOW_UNKNOWN_PROTOCOLS?: boolean | undefined; + /** + * Decide if self-closing tags in attributes are allowed. + * Usually removed due to a mXSS issue in jQuery 3.0. + */ + ALLOW_SELF_CLOSE_IN_ATTR?: boolean | undefined; + /** + * Allow only specific attributes. + */ + ALLOWED_ATTR?: string[] | undefined; + /** + * Allow only specific elements. + */ + ALLOWED_TAGS?: string[] | undefined; + /** + * Allow only specific namespaces. Defaults to: + * - `http://www.w3.org/1999/xhtml` + * - `http://www.w3.org/2000/svg` + * - `http://www.w3.org/1998/Math/MathML` + */ + ALLOWED_NAMESPACES?: string[] | undefined; + /** + * Allow specific protocols handlers in URL attributes via regex (be careful, XSS risk). + * Default RegExp: + * ``` + * /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i; + * ``` + */ + ALLOWED_URI_REGEXP?: RegExp | undefined; + /** + * Define how custom elements are handled. + */ + CUSTOM_ELEMENT_HANDLING?: { + /** + * Regular expression or function to match to allowed elements. + * Default is null (disallow any custom elements). + */ + tagNameCheck?: RegExp | ((tagName: string) => boolean) | null | undefined; + /** + * Regular expression or function to match to allowed attributes. + * Default is null (disallow any attributes not on the allow list). + */ + attributeNameCheck?: RegExp | ((attributeName: string) => boolean) | null | undefined; + /** + * Allow custom elements derived from built-ins if they pass `tagNameCheck`. Default is false. + */ + allowCustomizedBuiltInElements?: boolean | undefined; + }; + /** + * Add attributes to block-list. + */ + FORBID_ATTR?: string[] | undefined; + /** + * Add child elements to be removed when their parent is removed. + */ + FORBID_CONTENTS?: string[] | undefined; + /** + * Add elements to block-list. + */ + FORBID_TAGS?: string[] | undefined; + /** + * Glue elements like style, script or others to `document.body` and prevent unintuitive browser behavior in several edge-cases (default is false). + */ + FORCE_BODY?: boolean | undefined; + /** + * Map of non-standard HTML element names to support. Map to true to enable support. For example: + * + * ``` + * HTML_INTEGRATION_POINTS: { foreignobject: true } + * ``` + */ + HTML_INTEGRATION_POINTS?: Record | undefined; + /** + * Sanitize a node "in place", which is much faster depending on how you use DOMPurify. + */ + IN_PLACE?: boolean | undefined; + /** + * Keep an element's content when the element is removed (default is true). + */ + KEEP_CONTENT?: boolean | undefined; + /** + * Map of MathML element names to support. Map to true to enable support. For example: + * + * ``` + * MATHML_TEXT_INTEGRATION_POINTS: { mtext: true } + * ``` + */ + MATHML_TEXT_INTEGRATION_POINTS?: Record | undefined; + /** + * Change the default namespace from HTML to something different. + */ + NAMESPACE?: string | undefined; + /** + * Change the parser type so sanitized data is treated as XML and not as HTML, which is the default. + */ + PARSER_MEDIA_TYPE?: DOMParserSupportedType | undefined; + /** + * Return a DOM `DocumentFragment` instead of an HTML string (default is false). + */ + RETURN_DOM_FRAGMENT?: boolean | undefined; + /** + * Return a DOM `HTMLBodyElement` instead of an HTML string (default is false). + */ + RETURN_DOM?: boolean | undefined; + /** + * Return a TrustedHTML object instead of a string if possible. + */ + RETURN_TRUSTED_TYPE?: boolean | undefined; + /** + * Strip `{{ ... }}`, `${ ... }` and `<% ... %>` to make output safe for template systems. + * Be careful please, this mode is not recommended for production usage. + * Allowing template parsing in user-controlled HTML is not advised at all. + * Only use this mode if there is really no alternative. + */ + SAFE_FOR_TEMPLATES?: boolean | undefined; + /** + * Change how e.g. comments containing risky HTML characters are treated. + * Be very careful, this setting should only be set to `false` if you really only handle + * HTML and nothing else, no SVG, MathML or the like. + * Otherwise, changing from `true` to `false` will lead to XSS in this or some other way. + */ + SAFE_FOR_XML?: boolean | undefined; + /** + * Use DOM Clobbering protection on output (default is true, handle with care, minor XSS risks here). + */ + SANITIZE_DOM?: boolean | undefined; + /** + * Enforce strict DOM Clobbering protection via namespace isolation (default is false). + * When enabled, isolates the namespace of named properties (i.e., `id` and `name` attributes) + * from JS variables by prefixing them with the string `user-content-` + */ + SANITIZE_NAMED_PROPS?: boolean | undefined; + /** + * Supplied policy must define `createHTML` and `createScriptURL`. + */ + TRUSTED_TYPES_POLICY?: TrustedTypePolicy | undefined; + /** + * Controls categories of allowed elements. + * + * Note that the `USE_PROFILES` setting will override the `ALLOWED_TAGS` setting + * so don't use them together. + */ + USE_PROFILES?: false | UseProfilesConfig | undefined; + /** + * Return entire document including tags (default is false). + */ + WHOLE_DOCUMENT?: boolean | undefined; +} +/** + * Defines categories of allowed elements. + */ +interface UseProfilesConfig { + /** + * Allow all safe MathML elements. + */ + mathMl?: boolean | undefined; + /** + * Allow all safe SVG elements. + */ + svg?: boolean | undefined; + /** + * Allow all save SVG Filters. + */ + svgFilters?: boolean | undefined; + /** + * Allow all safe HTML elements. + */ + html?: boolean | undefined; +} + +declare const _default: DOMPurify; + +interface DOMPurify { + /** + * Creates a DOMPurify instance using the given window-like object. + */ + (root: WindowLike): DOMPurify; + /** + * Version label, exposed for easier checks + * if DOMPurify is up to date or not + */ + version: string; + /** + * Array of elements that DOMPurify removed during sanitation. + * Empty if nothing was removed. + */ + removed: Array; + /** + * Expose whether this browser supports running the full DOMPurify. + */ + isSupported: boolean; + /** + * Set the configuration once. + * + * @param cfg configuration object + */ + setConfig(cfg?: Config): void; + /** + * Removes the configuration. + */ + clearConfig(): void; + /** + * Provides core sanitation functionality. + * + * @param dirty string or DOM node + * @param cfg object + * @return Sanitized TrustedHTML. + */ + sanitize(dirty: string | Node, cfg: Config & { + RETURN_TRUSTED_TYPE: true; + }): TrustedHTML; + /** + * Provides core sanitation functionality. + * + * @param dirty DOM node + * @param cfg object + * @return Sanitized DOM node. + */ + sanitize(dirty: Node, cfg: Config & { + IN_PLACE: true; + }): Node; + /** + * Provides core sanitation functionality. + * + * @param dirty string or DOM node + * @param cfg object + * @return Sanitized DOM node. + */ + sanitize(dirty: string | Node, cfg: Config & { + RETURN_DOM: true; + }): Node; + /** + * Provides core sanitation functionality. + * + * @param dirty string or DOM node + * @param cfg object + * @return Sanitized document fragment. + */ + sanitize(dirty: string | Node, cfg: Config & { + RETURN_DOM_FRAGMENT: true; + }): DocumentFragment; + /** + * Provides core sanitation functionality. + * + * @param dirty string or DOM node + * @param cfg object + * @return Sanitized string. + */ + sanitize(dirty: string | Node, cfg?: Config): string; + /** + * Checks if an attribute value is valid. + * Uses last set config, if any. Otherwise, uses config defaults. + * + * @param tag Tag name of containing element. + * @param attr Attribute name. + * @param value Attribute value. + * @return Returns true if `value` is valid. Otherwise, returns false. + */ + isValidAttribute(tag: string, attr: string, value: string): boolean; + /** + * Adds a DOMPurify hook. + * + * @param entryPoint entry point for the hook to add + * @param hookFunction function to execute + */ + addHook(entryPoint: 'beforeSanitizeElements' | 'afterSanitizeElements' | 'beforeSanitizeAttributes' | 'afterSanitizeAttributes' | 'beforeSanitizeShadowDOM' | 'uponSanitizeShadowNode' | 'afterSanitizeShadowDOM', hookFunction: Hook): void; + /** + * Adds a DOMPurify hook. + * + * @param entryPoint entry point for the hook to add + * @param hookFunction function to execute + */ + addHook(entryPoint: 'uponSanitizeElement', hookFunction: UponSanitizeElementHook): void; + /** + * Adds a DOMPurify hook. + * + * @param entryPoint entry point for the hook to add + * @param hookFunction function to execute + */ + addHook(entryPoint: 'uponSanitizeAttribute', hookFunction: UponSanitizeAttributeHook): void; + /** + * Remove a DOMPurify hook at a given entryPoint + * (pops it from the stack of hooks if more are present) + * + * @param entryPoint entry point for the hook to remove + * @return removed(popped) hook + */ + removeHook(entryPoint: BasicHookName): Hook | undefined; + /** + * Remove a DOMPurify hook at a given entryPoint + * (pops it from the stack of hooks if more are present) + * + * @param entryPoint entry point for the hook to remove + * @return removed(popped) hook + */ + removeHook(entryPoint: 'uponSanitizeElement'): UponSanitizeElementHook | undefined; + /** + * Remove a DOMPurify hook at a given entryPoint + * (pops it from the stack of hooks if more are present) + * + * @param entryPoint entry point for the hook to remove + * @return removed(popped) hook + */ + removeHook(entryPoint: 'uponSanitizeAttribute'): UponSanitizeAttributeHook | undefined; + /** + * Removes all DOMPurify hooks at a given entryPoint + * + * @param entryPoint entry point for the hooks to remove + */ + removeHooks(entryPoint: HookName): void; + /** + * Removes all DOMPurify hooks. + */ + removeAllHooks(): void; +} +/** + * An element removed by DOMPurify. + */ +interface RemovedElement { + /** + * The element that was removed. + */ + element: Node; +} +/** + * An element removed by DOMPurify. + */ +interface RemovedAttribute { + /** + * The attribute that was removed. + */ + attribute: Attr | null; + /** + * The element that the attribute was removed. + */ + from: Node; +} +type BasicHookName = 'beforeSanitizeElements' | 'afterSanitizeElements' | 'beforeSanitizeAttributes' | 'afterSanitizeAttributes' | 'beforeSanitizeShadowDOM' | 'uponSanitizeShadowNode' | 'afterSanitizeShadowDOM'; +type UponSanitizeElementHookName = 'uponSanitizeElement'; +type UponSanitizeAttributeHookName = 'uponSanitizeAttribute'; +type HookName = BasicHookName | UponSanitizeElementHookName | UponSanitizeAttributeHookName; +type Hook = (this: DOMPurify, currentNode: Node, hookEvent: null, config: Config) => void; +type UponSanitizeElementHook = (this: DOMPurify, currentNode: Node, hookEvent: UponSanitizeElementHookEvent, config: Config) => void; +type UponSanitizeAttributeHook = (this: DOMPurify, currentNode: Node, hookEvent: UponSanitizeAttributeHookEvent, config: Config) => void; +interface UponSanitizeElementHookEvent { + tagName: string; + allowedTags: Record; +} +interface UponSanitizeAttributeHookEvent { + attrName: string; + attrValue: string; + keepAttr: boolean; + allowedAttributes: Record; + forceKeepAttr: boolean | undefined; +} +/** + * A `Window`-like object containing the properties and types that DOMPurify requires. + */ +type WindowLike = Pick & { + document?: Document; + MozNamedAttrMap?: typeof window.NamedNodeMap; + trustedTypes?: typeof window.trustedTypes; +}; + +export { type Hook, type HookName, type RemovedAttribute, type RemovedElement, type UponSanitizeAttributeHook, type UponSanitizeAttributeHookEvent, type UponSanitizeElementHook, type UponSanitizeElementHookEvent, type WindowLike }; + +export = _default; diff --git a/dist/purify.es.d.mts b/dist/purify.es.d.mts new file mode 100644 index 000000000..e15717170 --- /dev/null +++ b/dist/purify.es.d.mts @@ -0,0 +1,399 @@ +/*! @license DOMPurify 3.1.7 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.1.7/LICENSE */ + +/** + * Configuration to control DOMPurify behavior. + */ +interface Config { + /** + * Extend the existing array of allowed attributes. + */ + ADD_ATTR?: string[] | undefined; + /** + * Extend the existing array of elements that can use Data URIs. + */ + ADD_DATA_URI_TAGS?: string[] | undefined; + /** + * Extend the existing array of allowed tags. + */ + ADD_TAGS?: string[] | undefined; + /** + * Extend the existing array of elements that are safe for URI-like values (be careful, XSS risk). + */ + ADD_URI_SAFE_ATTR?: string[] | undefined; + /** + * Allow ARIA attributes, leave other safe HTML as is (default is true). + */ + ALLOW_ARIA_ATTR?: boolean | undefined; + /** + * Allow HTML5 data attributes, leave other safe HTML as is (default is true). + */ + ALLOW_DATA_ATTR?: boolean | undefined; + /** + * Allow external protocol handlers in URL attributes (default is false, be careful, XSS risk). + * By default only `http`, `https`, `ftp`, `ftps`, `tel`, `mailto`, `callto`, `sms`, `cid` and `xmpp` are allowed. + */ + ALLOW_UNKNOWN_PROTOCOLS?: boolean | undefined; + /** + * Decide if self-closing tags in attributes are allowed. + * Usually removed due to a mXSS issue in jQuery 3.0. + */ + ALLOW_SELF_CLOSE_IN_ATTR?: boolean | undefined; + /** + * Allow only specific attributes. + */ + ALLOWED_ATTR?: string[] | undefined; + /** + * Allow only specific elements. + */ + ALLOWED_TAGS?: string[] | undefined; + /** + * Allow only specific namespaces. Defaults to: + * - `http://www.w3.org/1999/xhtml` + * - `http://www.w3.org/2000/svg` + * - `http://www.w3.org/1998/Math/MathML` + */ + ALLOWED_NAMESPACES?: string[] | undefined; + /** + * Allow specific protocols handlers in URL attributes via regex (be careful, XSS risk). + * Default RegExp: + * ``` + * /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i; + * ``` + */ + ALLOWED_URI_REGEXP?: RegExp | undefined; + /** + * Define how custom elements are handled. + */ + CUSTOM_ELEMENT_HANDLING?: { + /** + * Regular expression or function to match to allowed elements. + * Default is null (disallow any custom elements). + */ + tagNameCheck?: RegExp | ((tagName: string) => boolean) | null | undefined; + /** + * Regular expression or function to match to allowed attributes. + * Default is null (disallow any attributes not on the allow list). + */ + attributeNameCheck?: RegExp | ((attributeName: string) => boolean) | null | undefined; + /** + * Allow custom elements derived from built-ins if they pass `tagNameCheck`. Default is false. + */ + allowCustomizedBuiltInElements?: boolean | undefined; + }; + /** + * Add attributes to block-list. + */ + FORBID_ATTR?: string[] | undefined; + /** + * Add child elements to be removed when their parent is removed. + */ + FORBID_CONTENTS?: string[] | undefined; + /** + * Add elements to block-list. + */ + FORBID_TAGS?: string[] | undefined; + /** + * Glue elements like style, script or others to `document.body` and prevent unintuitive browser behavior in several edge-cases (default is false). + */ + FORCE_BODY?: boolean | undefined; + /** + * Map of non-standard HTML element names to support. Map to true to enable support. For example: + * + * ``` + * HTML_INTEGRATION_POINTS: { foreignobject: true } + * ``` + */ + HTML_INTEGRATION_POINTS?: Record | undefined; + /** + * Sanitize a node "in place", which is much faster depending on how you use DOMPurify. + */ + IN_PLACE?: boolean | undefined; + /** + * Keep an element's content when the element is removed (default is true). + */ + KEEP_CONTENT?: boolean | undefined; + /** + * Map of MathML element names to support. Map to true to enable support. For example: + * + * ``` + * MATHML_TEXT_INTEGRATION_POINTS: { mtext: true } + * ``` + */ + MATHML_TEXT_INTEGRATION_POINTS?: Record | undefined; + /** + * Change the default namespace from HTML to something different. + */ + NAMESPACE?: string | undefined; + /** + * Change the parser type so sanitized data is treated as XML and not as HTML, which is the default. + */ + PARSER_MEDIA_TYPE?: DOMParserSupportedType | undefined; + /** + * Return a DOM `DocumentFragment` instead of an HTML string (default is false). + */ + RETURN_DOM_FRAGMENT?: boolean | undefined; + /** + * Return a DOM `HTMLBodyElement` instead of an HTML string (default is false). + */ + RETURN_DOM?: boolean | undefined; + /** + * Return a TrustedHTML object instead of a string if possible. + */ + RETURN_TRUSTED_TYPE?: boolean | undefined; + /** + * Strip `{{ ... }}`, `${ ... }` and `<% ... %>` to make output safe for template systems. + * Be careful please, this mode is not recommended for production usage. + * Allowing template parsing in user-controlled HTML is not advised at all. + * Only use this mode if there is really no alternative. + */ + SAFE_FOR_TEMPLATES?: boolean | undefined; + /** + * Change how e.g. comments containing risky HTML characters are treated. + * Be very careful, this setting should only be set to `false` if you really only handle + * HTML and nothing else, no SVG, MathML or the like. + * Otherwise, changing from `true` to `false` will lead to XSS in this or some other way. + */ + SAFE_FOR_XML?: boolean | undefined; + /** + * Use DOM Clobbering protection on output (default is true, handle with care, minor XSS risks here). + */ + SANITIZE_DOM?: boolean | undefined; + /** + * Enforce strict DOM Clobbering protection via namespace isolation (default is false). + * When enabled, isolates the namespace of named properties (i.e., `id` and `name` attributes) + * from JS variables by prefixing them with the string `user-content-` + */ + SANITIZE_NAMED_PROPS?: boolean | undefined; + /** + * Supplied policy must define `createHTML` and `createScriptURL`. + */ + TRUSTED_TYPES_POLICY?: TrustedTypePolicy | undefined; + /** + * Controls categories of allowed elements. + * + * Note that the `USE_PROFILES` setting will override the `ALLOWED_TAGS` setting + * so don't use them together. + */ + USE_PROFILES?: false | UseProfilesConfig | undefined; + /** + * Return entire document including tags (default is false). + */ + WHOLE_DOCUMENT?: boolean | undefined; +} +/** + * Defines categories of allowed elements. + */ +interface UseProfilesConfig { + /** + * Allow all safe MathML elements. + */ + mathMl?: boolean | undefined; + /** + * Allow all safe SVG elements. + */ + svg?: boolean | undefined; + /** + * Allow all save SVG Filters. + */ + svgFilters?: boolean | undefined; + /** + * Allow all safe HTML elements. + */ + html?: boolean | undefined; +} + +declare const _default: DOMPurify; + +interface DOMPurify { + /** + * Creates a DOMPurify instance using the given window-like object. + */ + (root: WindowLike): DOMPurify; + /** + * Version label, exposed for easier checks + * if DOMPurify is up to date or not + */ + version: string; + /** + * Array of elements that DOMPurify removed during sanitation. + * Empty if nothing was removed. + */ + removed: Array; + /** + * Expose whether this browser supports running the full DOMPurify. + */ + isSupported: boolean; + /** + * Set the configuration once. + * + * @param cfg configuration object + */ + setConfig(cfg?: Config): void; + /** + * Removes the configuration. + */ + clearConfig(): void; + /** + * Provides core sanitation functionality. + * + * @param dirty string or DOM node + * @param cfg object + * @return Sanitized TrustedHTML. + */ + sanitize(dirty: string | Node, cfg: Config & { + RETURN_TRUSTED_TYPE: true; + }): TrustedHTML; + /** + * Provides core sanitation functionality. + * + * @param dirty DOM node + * @param cfg object + * @return Sanitized DOM node. + */ + sanitize(dirty: Node, cfg: Config & { + IN_PLACE: true; + }): Node; + /** + * Provides core sanitation functionality. + * + * @param dirty string or DOM node + * @param cfg object + * @return Sanitized DOM node. + */ + sanitize(dirty: string | Node, cfg: Config & { + RETURN_DOM: true; + }): Node; + /** + * Provides core sanitation functionality. + * + * @param dirty string or DOM node + * @param cfg object + * @return Sanitized document fragment. + */ + sanitize(dirty: string | Node, cfg: Config & { + RETURN_DOM_FRAGMENT: true; + }): DocumentFragment; + /** + * Provides core sanitation functionality. + * + * @param dirty string or DOM node + * @param cfg object + * @return Sanitized string. + */ + sanitize(dirty: string | Node, cfg?: Config): string; + /** + * Checks if an attribute value is valid. + * Uses last set config, if any. Otherwise, uses config defaults. + * + * @param tag Tag name of containing element. + * @param attr Attribute name. + * @param value Attribute value. + * @return Returns true if `value` is valid. Otherwise, returns false. + */ + isValidAttribute(tag: string, attr: string, value: string): boolean; + /** + * Adds a DOMPurify hook. + * + * @param entryPoint entry point for the hook to add + * @param hookFunction function to execute + */ + addHook(entryPoint: 'beforeSanitizeElements' | 'afterSanitizeElements' | 'beforeSanitizeAttributes' | 'afterSanitizeAttributes' | 'beforeSanitizeShadowDOM' | 'uponSanitizeShadowNode' | 'afterSanitizeShadowDOM', hookFunction: Hook): void; + /** + * Adds a DOMPurify hook. + * + * @param entryPoint entry point for the hook to add + * @param hookFunction function to execute + */ + addHook(entryPoint: 'uponSanitizeElement', hookFunction: UponSanitizeElementHook): void; + /** + * Adds a DOMPurify hook. + * + * @param entryPoint entry point for the hook to add + * @param hookFunction function to execute + */ + addHook(entryPoint: 'uponSanitizeAttribute', hookFunction: UponSanitizeAttributeHook): void; + /** + * Remove a DOMPurify hook at a given entryPoint + * (pops it from the stack of hooks if more are present) + * + * @param entryPoint entry point for the hook to remove + * @return removed(popped) hook + */ + removeHook(entryPoint: BasicHookName): Hook | undefined; + /** + * Remove a DOMPurify hook at a given entryPoint + * (pops it from the stack of hooks if more are present) + * + * @param entryPoint entry point for the hook to remove + * @return removed(popped) hook + */ + removeHook(entryPoint: 'uponSanitizeElement'): UponSanitizeElementHook | undefined; + /** + * Remove a DOMPurify hook at a given entryPoint + * (pops it from the stack of hooks if more are present) + * + * @param entryPoint entry point for the hook to remove + * @return removed(popped) hook + */ + removeHook(entryPoint: 'uponSanitizeAttribute'): UponSanitizeAttributeHook | undefined; + /** + * Removes all DOMPurify hooks at a given entryPoint + * + * @param entryPoint entry point for the hooks to remove + */ + removeHooks(entryPoint: HookName): void; + /** + * Removes all DOMPurify hooks. + */ + removeAllHooks(): void; +} +/** + * An element removed by DOMPurify. + */ +interface RemovedElement { + /** + * The element that was removed. + */ + element: Node; +} +/** + * An element removed by DOMPurify. + */ +interface RemovedAttribute { + /** + * The attribute that was removed. + */ + attribute: Attr | null; + /** + * The element that the attribute was removed. + */ + from: Node; +} +type BasicHookName = 'beforeSanitizeElements' | 'afterSanitizeElements' | 'beforeSanitizeAttributes' | 'afterSanitizeAttributes' | 'beforeSanitizeShadowDOM' | 'uponSanitizeShadowNode' | 'afterSanitizeShadowDOM'; +type UponSanitizeElementHookName = 'uponSanitizeElement'; +type UponSanitizeAttributeHookName = 'uponSanitizeAttribute'; +type HookName = BasicHookName | UponSanitizeElementHookName | UponSanitizeAttributeHookName; +type Hook = (this: DOMPurify, currentNode: Node, hookEvent: null, config: Config) => void; +type UponSanitizeElementHook = (this: DOMPurify, currentNode: Node, hookEvent: UponSanitizeElementHookEvent, config: Config) => void; +type UponSanitizeAttributeHook = (this: DOMPurify, currentNode: Node, hookEvent: UponSanitizeAttributeHookEvent, config: Config) => void; +interface UponSanitizeElementHookEvent { + tagName: string; + allowedTags: Record; +} +interface UponSanitizeAttributeHookEvent { + attrName: string; + attrValue: string; + keepAttr: boolean; + allowedAttributes: Record; + forceKeepAttr: boolean | undefined; +} +/** + * A `Window`-like object containing the properties and types that DOMPurify requires. + */ +type WindowLike = Pick & { + document?: Document; + MozNamedAttrMap?: typeof window.NamedNodeMap; + trustedTypes?: typeof window.trustedTypes; +}; + +export { type Hook, type HookName, type RemovedAttribute, type RemovedElement, type UponSanitizeAttributeHook, type UponSanitizeAttributeHookEvent, type UponSanitizeElementHook, type UponSanitizeElementHookEvent, type WindowLike, _default as default }; diff --git a/package.json b/package.json index 1286aede6..69242c3cc 100644 --- a/package.json +++ b/package.json @@ -7,11 +7,15 @@ "commit-amend-build": "scripts/commit-amend-build.sh", "prebuild": "rimraf dist/**", "dev": "cross-env NODE_ENV=development BABEL_ENV=rollup rollup -w -c -o dist/purify.js", - "build": "rollup -c", + "build": "run-s build:types build:rollup build:fix-cjs-types build:cleanup", + "build:types": "tsc --outDir dist/types --declaration --emitDeclarationOnly", + "build:rollup": "rollup -c", + "build:fix-cjs-types": "node ./scripts/fix-cjs-types.js", "build:umd": "rollup -c -f umd -o dist/purify.js", "build:umd:min": "rollup -c -f umd -o dist/purify.min.js -p terser", "build:es": "rollup -c -f es -o dist/purify.es.mjs", "build:cjs": "rollup -c -f cjs -o dist/purify.cjs.js", + "build:cleanup": "rimraf dist/types", "test:jsdom": "cross-env NODE_ENV=test BABEL_ENV=rollup node test/jsdom-node-runner --dot", "test:karma": "cross-env NODE_ENV=test BABEL_ENV=rollup karma start test/karma.conf.js --log-level warn ", "test:ci": "cross-env NODE_ENV=test BABEL_ENV=rollup npm run test:jsdom && npm run test:karma -- --log-level error --reporters dots --single-run --shouldTestOnBrowserStack=\"${TEST_BROWSERSTACK}\" --shouldProbeOnly=\"${TEST_PROBE_ONLY}\"", @@ -19,9 +23,21 @@ }, "main": "./dist/purify.cjs.js", "module": "./dist/purify.es.mjs", - "es2020": "./dist/purify.es.mjs", "browser": "./dist/purify.js", "production": "./dist/purify.min.js", + "types": "./dist/purify.cjs.d.ts", + "exports": { + ".": { + "require": { + "types": "./dist/purify.cjs.d.ts", + "default": "./dist/purify.cjs.js" + }, + "import": { + "types": "./dist/purify.es.d.mts", + "default": "./dist/purify.es.mjs" + } + } + }, "files": [ "dist" ], diff --git a/rollup.config.js b/rollup.config.js index c19c38738..a63989229 100644 --- a/rollup.config.js +++ b/rollup.config.js @@ -5,6 +5,7 @@ const nodeResolve = require('@rollup/plugin-node-resolve').nodeResolve; const replace = require('@rollup/plugin-replace'); const terser = require('@rollup/plugin-terser'); const typescript = require('rollup-plugin-typescript2'); +const { dts } = require('rollup-plugin-dts'); const pkg = require('./package.json'); const env = process.env.NODE_ENV; @@ -21,52 +22,76 @@ const commonOutputConfig = { exports: 'default', }; -const config = { - input: 'src/purify.ts', - external: [], - output: [ - { - ...commonOutputConfig, - file: pkg.browser, - format: 'umd', - }, - { - ...commonOutputConfig, - file: pkg.production, - format: 'umd', - plugins: event === 'build' ? [terser()] : [], - }, - { - ...commonOutputConfig, - file: pkg.module, - format: 'es', - }, - { - ...commonOutputConfig, - file: pkg.main, - format: 'cjs', - }, - ], - plugins: [ - typescript({ - clean: true, - }), - babel({ - // It is recommended to configure this option explicitly (even if with its default value) so an informed decision is taken on how those babel helpers are inserted into the code. - // Ref: https://github.com/rollup/plugins/tree/master/packages/babel#babelhelpers - babelHelpers: 'bundled', - exclude: ['**/node_modules/**'], - extensions: [...DEFAULT_EXTENSIONS, '.ts'], - }), - nodeResolve(), - replace({ - preventAssignment: true, - values: { - 'process.env.NODE_ENV': JSON.stringify(env), - VERSION: `'${version}'`, +const config = [ + { + input: 'src/purify.ts', + external: [], + output: [ + { + ...commonOutputConfig, + file: pkg.browser, + format: 'umd', }, - }), - ], -}; + { + ...commonOutputConfig, + file: pkg.production, + format: 'umd', + plugins: event === 'build' ? [terser()] : [], + }, + { + ...commonOutputConfig, + file: pkg.module, + format: 'es', + }, + { + ...commonOutputConfig, + file: pkg.main, + format: 'cjs', + }, + ], + plugins: [ + typescript({ + clean: true, + }), + babel({ + // It is recommended to configure this option explicitly (even if with its default value) so an informed decision is taken on how those babel helpers are inserted into the code. + // Ref: https://github.com/rollup/plugins/tree/master/packages/babel#babelhelpers + babelHelpers: 'bundled', + exclude: ['**/node_modules/**'], + extensions: [...DEFAULT_EXTENSIONS, '.ts'], + }), + nodeResolve(), + replace({ + preventAssignment: true, + values: { + 'process.env.NODE_ENV': JSON.stringify(env), + VERSION: `'${version}'`, + }, + }), + ], + }, + { + input: './dist/types/purify.d.ts', + output: [ + { + file: pkg.module.replace(/\.mjs$/, '.d.mts'), + format: 'es', + banner: commonOutputConfig.banner, + }, + ], + plugins: [dts()], + }, + { + input: './dist/types/purify.d.ts', + output: [ + { + file: pkg.main.replace(/\.js$/, '.d.ts'), + format: 'cjs', + banner: commonOutputConfig.banner, + }, + ], + plugins: [dts()], + }, +]; module.exports = config; diff --git a/scripts/commit-amend-build.sh b/scripts/commit-amend-build.sh index e7c753f0c..b4f84c809 100755 --- a/scripts/commit-amend-build.sh +++ b/scripts/commit-amend-build.sh @@ -1,3 +1,3 @@ echo "# Amending minified assets to HEAD" -git add ./dist/purify.js ./dist/purify.js.map ./dist/purify.min.js ./dist/purify.min.js.map ./dist/purify.cjs.js ./dist/purify.cjs.js.map ./dist/purify.es.mjs ./dist/purify.es.mjs.map +git add ./dist/purify.js ./dist/purify.js.map ./dist/purify.min.js ./dist/purify.min.js.map ./dist/purify.cjs.js ./dist/purify.cjs.js.map ./dist/purify.cjs.d.ts ./dist/purify.es.mjs ./dist/purify.es.mjs.map ./dist/purify.es.d.mts diff --git a/scripts/fix-cjs-types.js b/scripts/fix-cjs-types.js new file mode 100644 index 000000000..3315f9270 --- /dev/null +++ b/scripts/fix-cjs-types.js @@ -0,0 +1,31 @@ +const fs = require('node:fs/promises'); +const path = require('node:path'); + +(async () => { + // Note that this script is intended to run on the type declaration file that is + // output by Rollup, and not the type declaration file generated from TypeScript. + let fileName = path.resolve(__dirname, '../dist/purify.cjs.d.ts'); + let types = await fs.readFile(fileName, { encoding: 'utf-8' }); + + // DOMPurify is exported as a default export, but rollup changes + // it to be assigned to `module.exports`. We need to change the + // type declarations to match what rollup changed it to. Remove + // the "default" export from the `export { ... }` statement. + let fixed = types.replace(', _default as default', ''); + + // Verify that we actually removed something in case the + // type declarations are different to what we expected. + if (fixed === types) { + throw new Error('Failed to fix CommonJS type declarations.'); + } + + // Append `export = _default;` to match the + // `module.exports = DOMPurify` statement + // that Rollup creates. + fixed += '\nexport = _default;\n'; + + await fs.writeFile(fileName, fixed); +})().catch((ex) => { + console.error(ex); + process.exitCode = 1; +}); diff --git a/test/karma.conf.js b/test/karma.conf.js index e28a8f0eb..e5b3123a8 100644 --- a/test/karma.conf.js +++ b/test/karma.conf.js @@ -1,5 +1,5 @@ const includePaths = require('rollup-plugin-includepaths'); -const rollupConfig = require('../rollup.config.js'); +const rollupConfig = require('../rollup.config.js')[0]; const customLaunchers = require('./karma.custom-launchers.config.js').customLaunchers; const browsers = require('./karma.custom-launchers.config.js').browsers; From f487c8e5b9434e5db3b02a302559cf16f594b8cc Mon Sep 17 00:00:00 2001 From: reduckted Date: Thu, 17 Oct 2024 21:24:21 +1000 Subject: [PATCH 10/10] Updated `dist` files. --- dist/purify.cjs.js | 279 +-------- dist/purify.cjs.js.map | 2 +- dist/purify.es.mjs | 279 +-------- dist/purify.es.mjs.map | 2 +- dist/purify.js | 279 +-------- dist/purify.js.map | 2 +- dist/purify.min.js | 1348 +++++++++++++++++++++++++++++++++++++++- dist/purify.min.js.map | 2 +- 8 files changed, 1447 insertions(+), 746 deletions(-) diff --git a/dist/purify.cjs.js b/dist/purify.cjs.js index 546aba7a4..28931c2b7 100644 --- a/dist/purify.cjs.js +++ b/dist/purify.cjs.js @@ -50,12 +50,11 @@ const stringTrim = unapply(String.prototype.trim); const objectHasOwnProperty = unapply(Object.prototype.hasOwnProperty); const regExpTest = unapply(RegExp.prototype.test); const typeErrorCreate = unconstruct(TypeError); - /** * Creates a new function that calls the given function with a specified thisArg and arguments. * - * @param {Function} func - The function to be wrapped and called. - * @returns {Function} A new function that calls the given function with a specified thisArg and arguments. + * @param func - The function to be wrapped and called. + * @returns A new function that calls the given function with a specified thisArg and arguments. */ function unapply(func) { return function (thisArg) { @@ -65,12 +64,11 @@ function unapply(func) { return apply(func, thisArg, args); }; } - /** * Creates a new function that constructs an instance of the given constructor function with the provided arguments. * - * @param {Function} func - The constructor function to be wrapped and called. - * @returns {Function} A new function that constructs an instance of the given constructor function with the provided arguments. + * @param func - The constructor function to be wrapped and called. + * @returns A new function that constructs an instance of the given constructor function with the provided arguments. */ function unconstruct(func) { return function () { @@ -80,14 +78,13 @@ function unconstruct(func) { return construct(func, args); }; } - /** * Add properties to a lookup table * - * @param {Object} set - The set to which elements will be added. - * @param {Array} array - The array containing elements to be added to the set. - * @param {Function} transformCaseFunc - An optional function to transform the case of each element before adding to the set. - * @returns {Object} The modified set with added elements. + * @param set - The set to which elements will be added. + * @param array - The array containing elements to be added to the set. + * @param transformCaseFunc - An optional function to transform the case of each element before adding to the set. + * @returns The modified set with added elements. */ function addToSet(set, array) { let transformCaseFunc = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : stringToLowerCase; @@ -114,12 +111,11 @@ function addToSet(set, array) { } return set; } - /** * Clean up an array to harden against CSPP * - * @param {Array} array - The array to be cleaned. - * @returns {Array} The cleaned version of the array + * @param array - The array to be cleaned. + * @returns The cleaned version of the array */ function cleanArray(array) { for (let index = 0; index < array.length; index++) { @@ -130,12 +126,11 @@ function cleanArray(array) { } return array; } - /** * Shallow clone an object * - * @param {Object} object - The object to be cloned. - * @returns {Object} A new object that copies the original. + * @param object - The object to be cloned. + * @returns A new object that copies the original. */ function clone(object) { const newObject = create(null); @@ -153,13 +148,12 @@ function clone(object) { } return newObject; } - /** * This method automatically checks if the prop is function or getter and behaves accordingly. * - * @param {Object} object - The object to look up the getter function in its prototype chain. - * @param {String} prop - The property name for which to find the getter function. - * @returns {Function} The getter function found in the prototype chain or a fallback function. + * @param object - The object to look up the getter function in its prototype chain. + * @param prop - The property name for which to find the getter function. + * @returns The getter function found in the prototype chain or a fallback function. */ function lookupGetter(object, prop) { while (object !== null) { @@ -181,18 +175,15 @@ function lookupGetter(object, prop) { } const html$1 = freeze(['a', 'abbr', 'acronym', 'address', 'area', 'article', 'aside', 'audio', 'b', 'bdi', 'bdo', 'big', 'blink', 'blockquote', 'body', 'br', 'button', 'canvas', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'content', 'data', 'datalist', 'dd', 'decorator', 'del', 'details', 'dfn', 'dialog', 'dir', 'div', 'dl', 'dt', 'element', 'em', 'fieldset', 'figcaption', 'figure', 'font', 'footer', 'form', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'header', 'hgroup', 'hr', 'html', 'i', 'img', 'input', 'ins', 'kbd', 'label', 'legend', 'li', 'main', 'map', 'mark', 'marquee', 'menu', 'menuitem', 'meter', 'nav', 'nobr', 'ol', 'optgroup', 'option', 'output', 'p', 'picture', 'pre', 'progress', 'q', 'rp', 'rt', 'ruby', 's', 'samp', 'section', 'select', 'shadow', 'small', 'source', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'template', 'textarea', 'tfoot', 'th', 'thead', 'time', 'tr', 'track', 'tt', 'u', 'ul', 'var', 'video', 'wbr']); - // SVG const svg$1 = freeze(['svg', 'a', 'altglyph', 'altglyphdef', 'altglyphitem', 'animatecolor', 'animatemotion', 'animatetransform', 'circle', 'clippath', 'defs', 'desc', 'ellipse', 'filter', 'font', 'g', 'glyph', 'glyphref', 'hkern', 'image', 'line', 'lineargradient', 'marker', 'mask', 'metadata', 'mpath', 'path', 'pattern', 'polygon', 'polyline', 'radialgradient', 'rect', 'stop', 'style', 'switch', 'symbol', 'text', 'textpath', 'title', 'tref', 'tspan', 'view', 'vkern']); const svgFilters = freeze(['feBlend', 'feColorMatrix', 'feComponentTransfer', 'feComposite', 'feConvolveMatrix', 'feDiffuseLighting', 'feDisplacementMap', 'feDistantLight', 'feDropShadow', 'feFlood', 'feFuncA', 'feFuncB', 'feFuncG', 'feFuncR', 'feGaussianBlur', 'feImage', 'feMerge', 'feMergeNode', 'feMorphology', 'feOffset', 'fePointLight', 'feSpecularLighting', 'feSpotLight', 'feTile', 'feTurbulence']); - // List of SVG elements that are disallowed by default. // We still need to know them so that we can do namespace // checks properly in case one wants to add them to // allow-list. const svgDisallowed = freeze(['animate', 'color-profile', 'cursor', 'discard', 'font-face', 'font-face-format', 'font-face-name', 'font-face-src', 'font-face-uri', 'foreignobject', 'hatch', 'hatchpath', 'mesh', 'meshgradient', 'meshpatch', 'meshrow', 'missing-glyph', 'script', 'set', 'solidcolor', 'unknown', 'use']); const mathMl$1 = freeze(['math', 'menclose', 'merror', 'mfenced', 'mfrac', 'mglyph', 'mi', 'mlabeledtr', 'mmultiscripts', 'mn', 'mo', 'mover', 'mpadded', 'mphantom', 'mroot', 'mrow', 'ms', 'mspace', 'msqrt', 'mstyle', 'msub', 'msup', 'msubsup', 'mtable', 'mtd', 'mtext', 'mtr', 'munder', 'munderover', 'mprescripts']); - // Similarly to SVG, we want to know all MathML elements, // even those that we disallow by default. const mathMlDisallowed = freeze(['maction', 'maligngroup', 'malignmark', 'mlongdiv', 'mscarries', 'mscarry', 'msgroup', 'mstack', 'msline', 'msrow', 'semantics', 'annotation', 'annotation-xml', 'mprescripts', 'none']); @@ -219,18 +210,19 @@ const CUSTOM_ELEMENT = seal(/^[a-z][.\w]*(-[.\w]+)+$/i); var EXPRESSIONS = /*#__PURE__*/Object.freeze({ __proto__: null, - MUSTACHE_EXPR: MUSTACHE_EXPR, - ERB_EXPR: ERB_EXPR, - TMPLIT_EXPR: TMPLIT_EXPR, - DATA_ATTR: DATA_ATTR, ARIA_ATTR: ARIA_ATTR, - IS_ALLOWED_URI: IS_ALLOWED_URI, - IS_SCRIPT_OR_DATA: IS_SCRIPT_OR_DATA, ATTR_WHITESPACE: ATTR_WHITESPACE, + CUSTOM_ELEMENT: CUSTOM_ELEMENT, + DATA_ATTR: DATA_ATTR, DOCTYPE_NAME: DOCTYPE_NAME, - CUSTOM_ELEMENT: CUSTOM_ELEMENT + ERB_EXPR: ERB_EXPR, + IS_ALLOWED_URI: IS_ALLOWED_URI, + IS_SCRIPT_OR_DATA: IS_SCRIPT_OR_DATA, + MUSTACHE_EXPR: MUSTACHE_EXPR, + TMPLIT_EXPR: TMPLIT_EXPR }); +/* eslint-disable @typescript-eslint/indent */ // https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType const NODE_TYPE = { element: 1, @@ -251,7 +243,6 @@ const NODE_TYPE = { const getGlobal = function getGlobal() { return typeof window === 'undefined' ? null : window; }; - /** * Creates a no-op policy for internal use only. * Don't export this function outside this module! @@ -264,7 +255,6 @@ const _createTrustedTypesPolicy = function _createTrustedTypesPolicy(trustedType if (typeof trustedTypes !== 'object' || typeof trustedTypes.createPolicy !== 'function') { return null; } - // Allow the callers to control the unique policy name // by adding a data-tt-policy-suffix to the script element with the DOMPurify. // Policy creation with duplicate names throws in Trusted Types. @@ -294,17 +284,7 @@ const _createTrustedTypesPolicy = function _createTrustedTypesPolicy(trustedType function createDOMPurify() { let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal(); const DOMPurify = root => createDOMPurify(root); - - /** - * Version label, exposed for easier checks - * if DOMPurify is up to date or not - */ DOMPurify.version = '3.1.7'; - - /** - * Array of elements that DOMPurify removed during sanitation. - * Empty if nothing was removed. - */ DOMPurify.removed = []; if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document) { // Not running in a browser, provide a factory function @@ -334,7 +314,6 @@ function createDOMPurify() { const getNextSibling = lookupGetter(ElementPrototype, 'nextSibling'); const getChildNodes = lookupGetter(ElementPrototype, 'childNodes'); const getParentNode = lookupGetter(ElementPrototype, 'parentNode'); - // As per issue #47, the web-components registry is inherited by a // new document created via createHTMLDocument. As per the spec // (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries) @@ -359,7 +338,6 @@ function createDOMPurify() { importNode } = originalDocument; let hooks = {}; - /** * Expose whether this browser supports running the full DOMPurify. */ @@ -377,22 +355,18 @@ function createDOMPurify() { let { IS_ALLOWED_URI: IS_ALLOWED_URI$1 } = EXPRESSIONS; - /** * We consider the elements and attributes below to be safe. Ideally * don't add any new ones but feel free to remove unwanted ones. */ - /* allowed element names */ let ALLOWED_TAGS = null; const DEFAULT_ALLOWED_TAGS = addToSet({}, [...html$1, ...svg$1, ...svgFilters, ...mathMl$1, ...text]); - /* Allowed attribute names */ let ALLOWED_ATTR = null; const DEFAULT_ALLOWED_ATTR = addToSet({}, [...html, ...svg, ...mathMl, ...xml]); - /* - * Configure how DOMPUrify should handle custom elements and their attributes as well as customized built-in elements. + * Configure how DOMPurify should handle custom elements and their attributes as well as customized built-in elements. * @property {RegExp|Function|null} tagNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any custom elements) * @property {RegExp|Function|null} attributeNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any attributes not on the allow list) * @property {boolean} allowCustomizedBuiltInElements allow custom elements derived from built-ins if they pass CUSTOM_ELEMENT_HANDLING.tagNameCheck. Default: `false`. @@ -417,65 +391,49 @@ function createDOMPurify() { value: false } })); - /* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */ let FORBID_TAGS = null; - /* Explicitly forbidden attributes (overrides ALLOWED_ATTR/ADD_ATTR) */ let FORBID_ATTR = null; - /* Decide if ARIA attributes are okay */ let ALLOW_ARIA_ATTR = true; - /* Decide if custom data attributes are okay */ let ALLOW_DATA_ATTR = true; - /* Decide if unknown protocols are okay */ let ALLOW_UNKNOWN_PROTOCOLS = false; - /* Decide if self-closing tags in attributes are allowed. * Usually removed due to a mXSS issue in jQuery 3.0 */ let ALLOW_SELF_CLOSE_IN_ATTR = true; - /* Output should be safe for common template engines. * This means, DOMPurify removes data attributes, mustaches and ERB */ let SAFE_FOR_TEMPLATES = false; - /* Output should be safe even for XML used within HTML and alike. * This means, DOMPurify removes comments when containing risky content. */ let SAFE_FOR_XML = true; - /* Decide if document with ... should be returned */ let WHOLE_DOCUMENT = false; - /* Track whether config is already set on this instance of DOMPurify. */ let SET_CONFIG = false; - /* Decide if all elements (e.g. style, script) must be children of * document.body. By default, browsers might move them to document.head */ let FORCE_BODY = false; - /* Decide if a DOM `HTMLBodyElement` should be returned, instead of a html * string (or a TrustedHTML object if Trusted Types are supported). * If `WHOLE_DOCUMENT` is enabled a `HTMLHtmlElement` will be returned instead */ let RETURN_DOM = false; - /* Decide if a DOM `DocumentFragment` should be returned, instead of a html * string (or a TrustedHTML object if Trusted Types are supported) */ let RETURN_DOM_FRAGMENT = false; - /* Try to return a Trusted Type object instead of a string, return a string in * case Trusted Types are not supported */ let RETURN_TRUSTED_TYPE = false; - /* Output should be free from DOM clobbering attacks? * This sanitizes markups named with colliding, clobberable built-in DOM APIs. */ let SANITIZE_DOM = true; - /* Achieve full DOM Clobbering protection by isolating the namespace of named * properties and JS variables, mitigating attacks that abuse the HTML/DOM spec rules. * @@ -491,25 +449,19 @@ function createDOMPurify() { */ let SANITIZE_NAMED_PROPS = false; const SANITIZE_NAMED_PROPS_PREFIX = 'user-content-'; - /* Keep element content when removing element? */ let KEEP_CONTENT = true; - /* If a `Node` is passed to sanitize(), then performs sanitization in-place instead * of importing it into a new Document and returning a sanitized copy */ let IN_PLACE = false; - /* Allow usage of profiles like html, svg and mathMl */ let USE_PROFILES = {}; - /* Tags to ignore content of when KEEP_CONTENT is true */ let FORBID_CONTENTS = null; const DEFAULT_FORBID_CONTENTS = addToSet({}, ['annotation-xml', 'audio', 'colgroup', 'desc', 'foreignobject', 'head', 'iframe', 'math', 'mi', 'mn', 'mo', 'ms', 'mtext', 'noembed', 'noframes', 'noscript', 'plaintext', 'script', 'style', 'svg', 'template', 'thead', 'title', 'video', 'xmp']); - /* Tags that are safe for data: URIs */ let DATA_URI_TAGS = null; const DEFAULT_DATA_URI_TAGS = addToSet({}, ['audio', 'video', 'img', 'source', 'image', 'track']); - /* Attributes safe for values like "javascript:" */ let URI_SAFE_ATTRIBUTES = null; const DEFAULT_URI_SAFE_ATTRIBUTES = addToSet({}, ['alt', 'class', 'for', 'id', 'label', 'name', 'pattern', 'placeholder', 'role', 'summary', 'title', 'value', 'style', 'xmlns']); @@ -519,36 +471,29 @@ function createDOMPurify() { /* Document namespace */ let NAMESPACE = HTML_NAMESPACE; let IS_EMPTY_INPUT = false; - /* Allowed XHTML+XML namespaces */ let ALLOWED_NAMESPACES = null; const DEFAULT_ALLOWED_NAMESPACES = addToSet({}, [MATHML_NAMESPACE, SVG_NAMESPACE, HTML_NAMESPACE], stringToString); let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, ['mi', 'mo', 'mn', 'ms', 'mtext']); let HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']); - // Certain elements are allowed in both SVG and HTML // namespace. We need to specify them explicitly // so that they don't get erroneously deleted from // HTML namespace. const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, ['title', 'style', 'font', 'a', 'script']); - /* Parsing of strict XHTML documents */ let PARSER_MEDIA_TYPE = null; const SUPPORTED_PARSER_MEDIA_TYPES = ['application/xhtml+xml', 'text/html']; const DEFAULT_PARSER_MEDIA_TYPE = 'text/html'; let transformCaseFunc = null; - /* Keep a reference to config to pass to hooks */ let CONFIG = null; - /* Ideally, do not touch anything below this line */ /* ______________________________________________ */ - const formElement = document.createElement('form'); const isRegexOrFunction = function isRegexOrFunction(testValue) { return testValue instanceof RegExp || testValue instanceof Function; }; - /** * _parseConfig * @@ -560,39 +505,23 @@ function createDOMPurify() { if (CONFIG && CONFIG === cfg) { return; } - /* Shield configuration object from tampering */ if (!cfg || typeof cfg !== 'object') { cfg = {}; } - /* Shield configuration object from prototype pollution */ cfg = clone(cfg); PARSER_MEDIA_TYPE = // eslint-disable-next-line unicorn/prefer-includes SUPPORTED_PARSER_MEDIA_TYPES.indexOf(cfg.PARSER_MEDIA_TYPE) === -1 ? DEFAULT_PARSER_MEDIA_TYPE : cfg.PARSER_MEDIA_TYPE; - // HTML tags and attributes are not case-sensitive, converting to lowercase. Keeping XHTML as is. transformCaseFunc = PARSER_MEDIA_TYPE === 'application/xhtml+xml' ? stringToString : stringToLowerCase; - /* Set configuration parameters */ ALLOWED_TAGS = objectHasOwnProperty(cfg, 'ALLOWED_TAGS') ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc) : DEFAULT_ALLOWED_TAGS; ALLOWED_ATTR = objectHasOwnProperty(cfg, 'ALLOWED_ATTR') ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc) : DEFAULT_ALLOWED_ATTR; ALLOWED_NAMESPACES = objectHasOwnProperty(cfg, 'ALLOWED_NAMESPACES') ? addToSet({}, cfg.ALLOWED_NAMESPACES, stringToString) : DEFAULT_ALLOWED_NAMESPACES; - URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR') ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), - // eslint-disable-line indent - cfg.ADD_URI_SAFE_ATTR, - // eslint-disable-line indent - transformCaseFunc // eslint-disable-line indent - ) // eslint-disable-line indent - : DEFAULT_URI_SAFE_ATTRIBUTES; - DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS') ? addToSet(clone(DEFAULT_DATA_URI_TAGS), - // eslint-disable-line indent - cfg.ADD_DATA_URI_TAGS, - // eslint-disable-line indent - transformCaseFunc // eslint-disable-line indent - ) // eslint-disable-line indent - : DEFAULT_DATA_URI_TAGS; + URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR') ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), cfg.ADD_URI_SAFE_ATTR, transformCaseFunc) : DEFAULT_URI_SAFE_ATTRIBUTES; + DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS') ? addToSet(clone(DEFAULT_DATA_URI_TAGS), cfg.ADD_DATA_URI_TAGS, transformCaseFunc) : DEFAULT_DATA_URI_TAGS; FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS') ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc) : DEFAULT_FORBID_CONTENTS; FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS') ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) : {}; FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR') ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) : {}; @@ -632,7 +561,6 @@ function createDOMPurify() { if (RETURN_DOM_FRAGMENT) { RETURN_DOM = true; } - /* Parse profile info */ if (USE_PROFILES) { ALLOWED_TAGS = addToSet({}, text); @@ -657,7 +585,6 @@ function createDOMPurify() { addToSet(ALLOWED_ATTR, xml); } } - /* Merge configuration parameters */ if (cfg.ADD_TAGS) { if (ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) { @@ -680,17 +607,14 @@ function createDOMPurify() { } addToSet(FORBID_CONTENTS, cfg.FORBID_CONTENTS, transformCaseFunc); } - /* Add #text in case KEEP_CONTENT is set to true */ if (KEEP_CONTENT) { ALLOWED_TAGS['#text'] = true; } - /* Add html, head and body to ALLOWED_TAGS in case WHOLE_DOCUMENT is true */ if (WHOLE_DOCUMENT) { addToSet(ALLOWED_TAGS, ['html', 'head', 'body']); } - /* Add tbody to ALLOWED_TAGS in case tables are permitted, see #286, #365 */ if (ALLOWED_TAGS.table) { addToSet(ALLOWED_TAGS, ['tbody']); @@ -703,10 +627,8 @@ function createDOMPurify() { if (typeof cfg.TRUSTED_TYPES_POLICY.createScriptURL !== 'function') { throw typeErrorCreate('TRUSTED_TYPES_POLICY configuration option must provide a "createScriptURL" hook.'); } - // Overwrite existing TrustedTypes policy. trustedTypesPolicy = cfg.TRUSTED_TYPES_POLICY; - // Sign local variables required by `sanitize`. emptyHTML = trustedTypesPolicy.createHTML(''); } else { @@ -714,13 +636,11 @@ function createDOMPurify() { if (trustedTypesPolicy === undefined) { trustedTypesPolicy = _createTrustedTypesPolicy(trustedTypes, currentScript); } - // If creating the internal policy succeeded sign internal variables. if (trustedTypesPolicy !== null && typeof emptyHTML === 'string') { emptyHTML = trustedTypesPolicy.createHTML(''); } } - // Prevent further manipulation of configuration. // Not available in IE8, Safari 5, etc. if (freeze) { @@ -728,13 +648,11 @@ function createDOMPurify() { } CONFIG = cfg; }; - /* Keep track of all possible SVG and MathML tags * so that we can perform the namespace checks * correctly. */ const ALL_SVG_TAGS = addToSet({}, [...svg$1, ...svgFilters, ...svgDisallowed]); const ALL_MATHML_TAGS = addToSet({}, [...mathMl$1, ...mathMlDisallowed]); - /** * @param {Element} element a DOM element whose namespace is being checked * @returns {boolean} Return false if the element has a @@ -743,7 +661,6 @@ function createDOMPurify() { */ const _checkValidNamespace = function _checkValidNamespace(element) { let parent = getParentNode(element); - // In JSDOM, if we're inside shadow DOM, then parentNode // can be null. We just simulate parent in this case. if (!parent || !parent.tagName) { @@ -764,14 +681,12 @@ function createDOMPurify() { if (parent.namespaceURI === HTML_NAMESPACE) { return tagName === 'svg'; } - // The only way to switch from MathML to SVG is via` // svg if parent is either or MathML // text integration points. if (parent.namespaceURI === MATHML_NAMESPACE) { return tagName === 'svg' && (parentTagName === 'annotation-xml' || MATHML_TEXT_INTEGRATION_POINTS[parentTagName]); } - // We only allow elements that are defined in SVG // spec. All others are disallowed in SVG namespace. return Boolean(ALL_SVG_TAGS[tagName]); @@ -783,13 +698,11 @@ function createDOMPurify() { if (parent.namespaceURI === HTML_NAMESPACE) { return tagName === 'math'; } - // The only way to switch from SVG to MathML is via // and HTML integration points if (parent.namespaceURI === SVG_NAMESPACE) { return tagName === 'math' && HTML_INTEGRATION_POINTS[parentTagName]; } - // We only allow elements that are defined in MathML // spec. All others are disallowed in MathML namespace. return Boolean(ALL_MATHML_TAGS[tagName]); @@ -804,24 +717,20 @@ function createDOMPurify() { if (parent.namespaceURI === MATHML_NAMESPACE && !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]) { return false; } - // We disallow tags that are specific for MathML // or SVG and should never appear in HTML namespace return !ALL_MATHML_TAGS[tagName] && (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName]); } - // For XHTML and XML documents that support custom namespaces if (PARSER_MEDIA_TYPE === 'application/xhtml+xml' && ALLOWED_NAMESPACES[element.namespaceURI]) { return true; } - // The code should never reach this place (this means // that the element somehow got namespace that is not // HTML, SVG, MathML or allowed via ALLOWED_NAMESPACES). // Return false just in case. return false; }; - /** * _forceRemove * @@ -838,7 +747,6 @@ function createDOMPurify() { remove(node); } }; - /** * _removeAttribute * @@ -858,7 +766,6 @@ function createDOMPurify() { }); } node.removeAttribute(name); - // We void attribute values for unremovable "is"" attributes if (name === 'is' && !ALLOWED_ATTR[name]) { if (RETURN_DOM || RETURN_DOM_FRAGMENT) { @@ -872,7 +779,6 @@ function createDOMPurify() { } } }; - /** * _initDocument * @@ -904,7 +810,6 @@ function createDOMPurify() { doc = new DOMParser().parseFromString(dirtyPayload, PARSER_MEDIA_TYPE); } catch (_) {} } - /* Use createHTMLDocument in case DOMParser is not available */ if (!doc || !doc.documentElement) { doc = implementation.createDocument(NAMESPACE, 'template', null); @@ -918,14 +823,12 @@ function createDOMPurify() { if (dirty && leadingWhitespace) { body.insertBefore(document.createTextNode(leadingWhitespace), body.childNodes[0] || null); } - /* Work on whole document or just its body */ if (NAMESPACE === HTML_NAMESPACE) { return getElementsByTagName.call(doc, WHOLE_DOCUMENT ? 'html' : 'body')[0]; } return WHOLE_DOCUMENT ? doc.documentElement : body; }; - /** * Creates a NodeIterator object that you can use to traverse filtered lists of nodes or elements in a document. * @@ -937,7 +840,6 @@ function createDOMPurify() { // eslint-disable-next-line no-bitwise NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT | NodeFilter.SHOW_PROCESSING_INSTRUCTION | NodeFilter.SHOW_CDATA_SECTION, null); }; - /** * _isClobbered * @@ -947,7 +849,6 @@ function createDOMPurify() { const _isClobbered = function _isClobbered(elm) { return elm instanceof HTMLFormElement && (typeof elm.nodeName !== 'string' || typeof elm.textContent !== 'string' || typeof elm.removeChild !== 'function' || !(elm.attributes instanceof NamedNodeMap) || typeof elm.removeAttribute !== 'function' || typeof elm.setAttribute !== 'function' || typeof elm.namespaceURI !== 'string' || typeof elm.insertBefore !== 'function' || typeof elm.hasChildNodes !== 'function'); }; - /** * Checks whether the given object is a DOM node. * @@ -957,24 +858,22 @@ function createDOMPurify() { const _isNode = function _isNode(object) { return typeof Node === 'function' && object instanceof Node; }; - /** * _executeHook * Execute user configurable hooks * - * @param {String} entryPoint Name of the hook's entry point - * @param {Node} currentNode node to work on with the hook + * @param entryPoint Name of the hook's entry point + * @param currentNode node to work on with the hook * @param {Object} data additional hook parameters */ - const _executeHook = function _executeHook(entryPoint, currentNode, data) { + function _executeHook(entryPoint, currentNode, data) { if (!hooks[entryPoint]) { return; } arrayForEach(hooks[entryPoint], hook => { hook.call(DOMPurify, currentNode, data, CONFIG); }); - }; - + } /** * _sanitizeElements * @@ -987,43 +886,35 @@ function createDOMPurify() { */ const _sanitizeElements = function _sanitizeElements(currentNode) { let content = null; - /* Execute a hook if present */ _executeHook('beforeSanitizeElements', currentNode, null); - /* Check if element is clobbered or can clobber */ if (_isClobbered(currentNode)) { _forceRemove(currentNode); return true; } - /* Now let's check the element's type and name */ const tagName = transformCaseFunc(currentNode.nodeName); - /* Execute a hook if present */ _executeHook('uponSanitizeElement', currentNode, { tagName, allowedTags: ALLOWED_TAGS }); - /* Detect mXSS attempts abusing namespace confusion */ if (currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w]/g, currentNode.innerHTML) && regExpTest(/<[/\w]/g, currentNode.textContent)) { _forceRemove(currentNode); return true; } - /* Remove any occurrence of processing instructions */ if (currentNode.nodeType === NODE_TYPE.progressingInstruction) { _forceRemove(currentNode); return true; } - /* Remove any kind of possibly harmful comments */ if (SAFE_FOR_XML && currentNode.nodeType === NODE_TYPE.comment && regExpTest(/<[/\w]/g, currentNode.data)) { _forceRemove(currentNode); return true; } - /* Remove element if anything forbids its presence */ if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) { /* Check if we have a custom element to handle */ @@ -1035,7 +926,6 @@ function createDOMPurify() { return false; } } - /* Keep content except for bad-listed elements */ if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) { const parentNode = getParentNode(currentNode) || currentNode.parentNode; @@ -1052,19 +942,16 @@ function createDOMPurify() { _forceRemove(currentNode); return true; } - /* Check whether element has a valid namespace */ if (currentNode instanceof Element && !_checkValidNamespace(currentNode)) { _forceRemove(currentNode); return true; } - /* Make sure that older browsers don't get fallback-tag mXSS */ if ((tagName === 'noscript' || tagName === 'noembed' || tagName === 'noframes') && regExpTest(/<\/no(script|embed|frames)/i, currentNode.innerHTML)) { _forceRemove(currentNode); return true; } - /* Sanitize element content to be template-safe */ if (SAFE_FOR_TEMPLATES && currentNode.nodeType === NODE_TYPE.text) { /* Get the element's text content */ @@ -1079,12 +966,10 @@ function createDOMPurify() { currentNode.textContent = content; } } - /* Execute a hook if present */ _executeHook('afterSanitizeElements', currentNode, null); return false; }; - /** * _isValidAttribute * @@ -1099,7 +984,6 @@ function createDOMPurify() { if (SANITIZE_DOM && (lcName === 'id' || lcName === 'name') && (value in document || value in formElement)) { return false; } - /* Allow valid data-* attributes: At least one character after "-" (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes) XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804) @@ -1121,7 +1005,6 @@ function createDOMPurify() { } else ; return true; }; - /** * _isBasicCustomElement * checks if at least one dash is included in tagName, and it's not the first char @@ -1133,7 +1016,6 @@ function createDOMPurify() { const _isBasicCustomElement = function _isBasicCustomElement(tagName) { return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT); }; - /** * _sanitizeAttributes * @@ -1150,7 +1032,6 @@ function createDOMPurify() { const { attributes } = currentNode; - /* Check if we have attributes; if not we might have a text node */ if (!attributes) { return; @@ -1159,10 +1040,10 @@ function createDOMPurify() { attrName: '', attrValue: '', keepAttr: true, - allowedAttributes: ALLOWED_ATTR + allowedAttributes: ALLOWED_ATTR, + forceKeepAttr: undefined }; let l = attributes.length; - /* Go backwards over all attributes; safely remove bad ones */ while (l--) { const attr = attributes[l]; @@ -1173,7 +1054,6 @@ function createDOMPurify() { } = attr; const lcName = transformCaseFunc(name); let value = name === 'value' ? attrValue : stringTrim(attrValue); - /* Execute a hook if present */ hookEvent.attrName = lcName; hookEvent.attrValue = value; @@ -1181,56 +1061,46 @@ function createDOMPurify() { hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set _executeHook('uponSanitizeAttribute', currentNode, hookEvent); value = hookEvent.attrValue; - /* Full DOM Clobbering protection via namespace isolation, * Prefix id and name attributes with `user-content-` */ if (SANITIZE_NAMED_PROPS && (lcName === 'id' || lcName === 'name')) { // Remove the attribute with this value _removeAttribute(name, currentNode); - // Prefix the value and later re-create the attribute with the sanitized value value = SANITIZE_NAMED_PROPS_PREFIX + value; } - /* Work around a security issue with comments inside attributes */ if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title)/i, value)) { _removeAttribute(name, currentNode); continue; } - /* Did the hooks approve of the attribute? */ if (hookEvent.forceKeepAttr) { continue; } - /* Remove attribute */ _removeAttribute(name, currentNode); - /* Did the hooks approve of the attribute? */ if (!hookEvent.keepAttr) { continue; } - /* Work around a security issue in jQuery 3.0 */ if (!ALLOW_SELF_CLOSE_IN_ATTR && regExpTest(/\/>/i, value)) { _removeAttribute(name, currentNode); continue; } - /* Sanitize attribute content to be template-safe */ if (SAFE_FOR_TEMPLATES) { arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], expr => { value = stringReplace(value, expr, ' '); }); } - /* Is `value` valid for this attribute? */ const lcTag = transformCaseFunc(currentNode.nodeName); if (!_isValidAttribute(lcTag, lcName, value)) { continue; } - /* Handle attributes that require Trusted Types */ if (trustedTypesPolicy && typeof trustedTypes === 'object' && typeof trustedTypes.getAttributeType === 'function') { if (namespaceURI) ; else { @@ -1248,7 +1118,6 @@ function createDOMPurify() { } } } - /* Handle invalid data-* attribute set by try-catching it */ try { if (namespaceURI) { @@ -1264,11 +1133,9 @@ function createDOMPurify() { } } catch (_) {} } - /* Execute a hook if present */ _executeHook('afterSanitizeAttributes', currentNode, null); }; - /** * _sanitizeShadowDOM * @@ -1277,38 +1144,25 @@ function createDOMPurify() { const _sanitizeShadowDOM = function _sanitizeShadowDOM(fragment) { let shadowNode = null; const shadowIterator = _createNodeIterator(fragment); - /* Execute a hook if present */ _executeHook('beforeSanitizeShadowDOM', fragment, null); while (shadowNode = shadowIterator.nextNode()) { /* Execute a hook if present */ _executeHook('uponSanitizeShadowNode', shadowNode, null); - /* Sanitize tags and elements */ if (_sanitizeElements(shadowNode)) { continue; } - /* Deep shadow DOM detected */ if (shadowNode.content instanceof DocumentFragment) { _sanitizeShadowDOM(shadowNode.content); } - /* Check attributes, sanitize if necessary */ _sanitizeAttributes(shadowNode); } - /* Execute a hook if present */ _executeHook('afterSanitizeShadowDOM', fragment, null); }; - - /** - * Sanitize - * Public method providing core sanitation functionality - * - * @param {String|Node} dirty string or DOM node - * @param {Object} cfg object - */ // eslint-disable-next-line complexity DOMPurify.sanitize = function (dirty) { let cfg = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {}; @@ -1323,7 +1177,6 @@ function createDOMPurify() { if (IS_EMPTY_INPUT) { dirty = ''; } - /* Stringify, in case dirty is an object */ if (typeof dirty !== 'string' && !_isNode(dirty)) { if (typeof dirty.toString === 'function') { @@ -1335,20 +1188,16 @@ function createDOMPurify() { throw typeErrorCreate('toString is not a function'); } } - /* Return dirty HTML if DOMPurify cannot run */ if (!DOMPurify.isSupported) { return dirty; } - /* Assign config vars */ if (!SET_CONFIG) { _parseConfig(cfg); } - /* Clean up removed elements */ DOMPurify.removed = []; - /* Check if dirty is correctly typed for IN_PLACE */ if (typeof dirty === 'string') { IN_PLACE = false; @@ -1382,45 +1231,36 @@ function createDOMPurify() { dirty.indexOf('<') === -1) { return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(dirty) : dirty; } - /* Initialize the document to work on */ body = _initDocument(dirty); - /* Check we have a DOM node from the data */ if (!body) { return RETURN_DOM ? null : RETURN_TRUSTED_TYPE ? emptyHTML : ''; } } - /* Remove first element node (ours) if FORCE_BODY is set */ if (body && FORCE_BODY) { _forceRemove(body.firstChild); } - /* Get node iterator */ const nodeIterator = _createNodeIterator(IN_PLACE ? dirty : body); - /* Now start iterating over the created document */ while (currentNode = nodeIterator.nextNode()) { /* Sanitize tags and elements */ if (_sanitizeElements(currentNode)) { continue; } - /* Shadow DOM detected, sanitize it */ if (currentNode.content instanceof DocumentFragment) { _sanitizeShadowDOM(currentNode.content); } - /* Check attributes, sanitize if necessary */ _sanitizeAttributes(currentNode); } - /* If we sanitized `dirty` in-place, return it. */ if (IN_PLACE) { return dirty; } - /* Return sanitized string or DOM */ if (RETURN_DOM) { if (RETURN_DOM_FRAGMENT) { @@ -1445,12 +1285,10 @@ function createDOMPurify() { return returnNode; } let serializedHTML = WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML; - /* Serialize doctype if allowed */ if (WHOLE_DOCUMENT && ALLOWED_TAGS['!doctype'] && body.ownerDocument && body.ownerDocument.doctype && body.ownerDocument.doctype.name && regExpTest(DOCTYPE_NAME, body.ownerDocument.doctype.name)) { serializedHTML = '\n' + serializedHTML; } - /* Sanitize final string template-safe */ if (SAFE_FOR_TEMPLATES) { arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], expr => { @@ -1459,39 +1297,15 @@ function createDOMPurify() { } return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(serializedHTML) : serializedHTML; }; - - /** - * Public method to set the configuration once - * setConfig - * - * @param {Object} cfg configuration object - */ DOMPurify.setConfig = function () { let cfg = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {}; _parseConfig(cfg); SET_CONFIG = true; }; - - /** - * Public method to remove the configuration - * clearConfig - * - */ DOMPurify.clearConfig = function () { CONFIG = null; SET_CONFIG = false; }; - - /** - * Public method to check if an attribute value is valid. - * Uses last set config, if any. Otherwise, uses config defaults. - * isValidAttribute - * - * @param {String} tag Tag name of containing element. - * @param {String} attr Attribute name. - * @param {String} value Attribute value. - * @return {Boolean} Returns true if `value` is valid. Otherwise, returns false. - */ DOMPurify.isValidAttribute = function (tag, attr, value) { /* Initialize shared config vars if necessary. */ if (!CONFIG) { @@ -1501,14 +1315,6 @@ function createDOMPurify() { const lcName = transformCaseFunc(attr); return _isValidAttribute(lcTag, lcName, value); }; - - /** - * AddHook - * Public method to add DOMPurify hooks - * - * @param {String} entryPoint entry point for the hook to add - * @param {Function} hookFunction function to execute - */ DOMPurify.addHook = function (entryPoint, hookFunction) { if (typeof hookFunction !== 'function') { return; @@ -1516,37 +1322,16 @@ function createDOMPurify() { hooks[entryPoint] = hooks[entryPoint] || []; arrayPush(hooks[entryPoint], hookFunction); }; - - /** - * RemoveHook - * Public method to remove a DOMPurify hook at a given entryPoint - * (pops it from the stack of hooks if more are present) - * - * @param {String} entryPoint entry point for the hook to remove - * @return {Function} removed(popped) hook - */ DOMPurify.removeHook = function (entryPoint) { if (hooks[entryPoint]) { return arrayPop(hooks[entryPoint]); } }; - - /** - * RemoveHooks - * Public method to remove all DOMPurify hooks at a given entryPoint - * - * @param {String} entryPoint entry point for the hooks to remove - */ DOMPurify.removeHooks = function (entryPoint) { if (hooks[entryPoint]) { hooks[entryPoint] = []; } }; - - /** - * RemoveAllHooks - * Public method to remove all DOMPurify hooks - */ DOMPurify.removeAllHooks = function () { hooks = {}; }; diff --git a/dist/purify.cjs.js.map b/dist/purify.cjs.js.map index 6400a6b1c..cd325e0c2 100644 --- a/dist/purify.cjs.js.map +++ b/dist/purify.cjs.js.map @@ -1 +1 @@ -{"version":3,"file":"purify.cjs.js","sources":["../src/utils.js","../src/tags.js","../src/attrs.js","../src/regexp.js","../src/purify.js"],"sourcesContent":["const {\n entries,\n setPrototypeOf,\n isFrozen,\n getPrototypeOf,\n getOwnPropertyDescriptor,\n} = Object;\n\nlet { freeze, seal, create } = Object; // eslint-disable-line import/no-mutable-exports\nlet { apply, construct } = typeof Reflect !== 'undefined' && Reflect;\n\nif (!freeze) {\n freeze = function (x) {\n return x;\n };\n}\n\nif (!seal) {\n seal = function (x) {\n return x;\n };\n}\n\nif (!apply) {\n apply = function (fun, thisValue, args) {\n return fun.apply(thisValue, args);\n };\n}\n\nif (!construct) {\n construct = function (Func, args) {\n return new Func(...args);\n };\n}\n\nconst arrayForEach = unapply(Array.prototype.forEach);\nconst arrayIndexOf = unapply(Array.prototype.indexOf);\nconst arrayPop = unapply(Array.prototype.pop);\nconst arrayPush = unapply(Array.prototype.push);\nconst arraySlice = unapply(Array.prototype.slice);\n\nconst stringToLowerCase = unapply(String.prototype.toLowerCase);\nconst stringToString = unapply(String.prototype.toString);\nconst stringMatch = unapply(String.prototype.match);\nconst stringReplace = unapply(String.prototype.replace);\nconst stringIndexOf = unapply(String.prototype.indexOf);\nconst stringTrim = unapply(String.prototype.trim);\n\nconst objectHasOwnProperty = unapply(Object.prototype.hasOwnProperty);\n\nconst regExpTest = unapply(RegExp.prototype.test);\n\nconst typeErrorCreate = unconstruct(TypeError);\n\n/**\n * Creates a new function that calls the given function with a specified thisArg and arguments.\n *\n * @param {Function} func - The function to be wrapped and called.\n * @returns {Function} A new function that calls the given function with a specified thisArg and arguments.\n */\nfunction unapply(func) {\n return (thisArg, ...args) => apply(func, thisArg, args);\n}\n\n/**\n * Creates a new function that constructs an instance of the given constructor function with the provided arguments.\n *\n * @param {Function} func - The constructor function to be wrapped and called.\n * @returns {Function} A new function that constructs an instance of the given constructor function with the provided arguments.\n */\nfunction unconstruct(func) {\n return (...args) => construct(func, args);\n}\n\n/**\n * Add properties to a lookup table\n *\n * @param {Object} set - The set to which elements will be added.\n * @param {Array} array - The array containing elements to be added to the set.\n * @param {Function} transformCaseFunc - An optional function to transform the case of each element before adding to the set.\n * @returns {Object} The modified set with added elements.\n */\nfunction addToSet(set, array, transformCaseFunc = stringToLowerCase) {\n if (setPrototypeOf) {\n // Make 'in' and truthy checks like Boolean(set.constructor)\n // independent of any properties defined on Object.prototype.\n // Prevent prototype setters from intercepting set as a this value.\n setPrototypeOf(set, null);\n }\n\n let l = array.length;\n while (l--) {\n let element = array[l];\n if (typeof element === 'string') {\n const lcElement = transformCaseFunc(element);\n if (lcElement !== element) {\n // Config presets (e.g. tags.js, attrs.js) are immutable.\n if (!isFrozen(array)) {\n array[l] = lcElement;\n }\n\n element = lcElement;\n }\n }\n\n set[element] = true;\n }\n\n return set;\n}\n\n/**\n * Clean up an array to harden against CSPP\n *\n * @param {Array} array - The array to be cleaned.\n * @returns {Array} The cleaned version of the array\n */\nfunction cleanArray(array) {\n for (let index = 0; index < array.length; index++) {\n const isPropertyExist = objectHasOwnProperty(array, index);\n\n if (!isPropertyExist) {\n array[index] = null;\n }\n }\n\n return array;\n}\n\n/**\n * Shallow clone an object\n *\n * @param {Object} object - The object to be cloned.\n * @returns {Object} A new object that copies the original.\n */\nfunction clone(object) {\n const newObject = create(null);\n\n for (const [property, value] of entries(object)) {\n const isPropertyExist = objectHasOwnProperty(object, property);\n\n if (isPropertyExist) {\n if (Array.isArray(value)) {\n newObject[property] = cleanArray(value);\n } else if (\n value &&\n typeof value === 'object' &&\n value.constructor === Object\n ) {\n newObject[property] = clone(value);\n } else {\n newObject[property] = value;\n }\n }\n }\n\n return newObject;\n}\n\n/**\n * This method automatically checks if the prop is function or getter and behaves accordingly.\n *\n * @param {Object} object - The object to look up the getter function in its prototype chain.\n * @param {String} prop - The property name for which to find the getter function.\n * @returns {Function} The getter function found in the prototype chain or a fallback function.\n */\nfunction lookupGetter(object, prop) {\n while (object !== null) {\n const desc = getOwnPropertyDescriptor(object, prop);\n\n if (desc) {\n if (desc.get) {\n return unapply(desc.get);\n }\n\n if (typeof desc.value === 'function') {\n return unapply(desc.value);\n }\n }\n\n object = getPrototypeOf(object);\n }\n\n function fallbackValue() {\n return null;\n }\n\n return fallbackValue;\n}\n\nexport {\n // Array\n arrayForEach,\n arrayIndexOf,\n arrayPop,\n arrayPush,\n arraySlice,\n // Object\n entries,\n freeze,\n getPrototypeOf,\n getOwnPropertyDescriptor,\n isFrozen,\n setPrototypeOf,\n seal,\n clone,\n create,\n objectHasOwnProperty,\n // RegExp\n regExpTest,\n // String\n stringIndexOf,\n stringMatch,\n stringReplace,\n stringToLowerCase,\n stringToString,\n stringTrim,\n // Errors\n typeErrorCreate,\n // Other\n lookupGetter,\n addToSet,\n // Reflect\n unapply,\n unconstruct,\n};\n","import { freeze } from './utils.js';\n\nexport const html = freeze([\n 'a',\n 'abbr',\n 'acronym',\n 'address',\n 'area',\n 'article',\n 'aside',\n 'audio',\n 'b',\n 'bdi',\n 'bdo',\n 'big',\n 'blink',\n 'blockquote',\n 'body',\n 'br',\n 'button',\n 'canvas',\n 'caption',\n 'center',\n 'cite',\n 'code',\n 'col',\n 'colgroup',\n 'content',\n 'data',\n 'datalist',\n 'dd',\n 'decorator',\n 'del',\n 'details',\n 'dfn',\n 'dialog',\n 'dir',\n 'div',\n 'dl',\n 'dt',\n 'element',\n 'em',\n 'fieldset',\n 'figcaption',\n 'figure',\n 'font',\n 'footer',\n 'form',\n 'h1',\n 'h2',\n 'h3',\n 'h4',\n 'h5',\n 'h6',\n 'head',\n 'header',\n 'hgroup',\n 'hr',\n 'html',\n 'i',\n 'img',\n 'input',\n 'ins',\n 'kbd',\n 'label',\n 'legend',\n 'li',\n 'main',\n 'map',\n 'mark',\n 'marquee',\n 'menu',\n 'menuitem',\n 'meter',\n 'nav',\n 'nobr',\n 'ol',\n 'optgroup',\n 'option',\n 'output',\n 'p',\n 'picture',\n 'pre',\n 'progress',\n 'q',\n 'rp',\n 'rt',\n 'ruby',\n 's',\n 'samp',\n 'section',\n 'select',\n 'shadow',\n 'small',\n 'source',\n 'spacer',\n 'span',\n 'strike',\n 'strong',\n 'style',\n 'sub',\n 'summary',\n 'sup',\n 'table',\n 'tbody',\n 'td',\n 'template',\n 'textarea',\n 'tfoot',\n 'th',\n 'thead',\n 'time',\n 'tr',\n 'track',\n 'tt',\n 'u',\n 'ul',\n 'var',\n 'video',\n 'wbr',\n]);\n\n// SVG\nexport const svg = freeze([\n 'svg',\n 'a',\n 'altglyph',\n 'altglyphdef',\n 'altglyphitem',\n 'animatecolor',\n 'animatemotion',\n 'animatetransform',\n 'circle',\n 'clippath',\n 'defs',\n 'desc',\n 'ellipse',\n 'filter',\n 'font',\n 'g',\n 'glyph',\n 'glyphref',\n 'hkern',\n 'image',\n 'line',\n 'lineargradient',\n 'marker',\n 'mask',\n 'metadata',\n 'mpath',\n 'path',\n 'pattern',\n 'polygon',\n 'polyline',\n 'radialgradient',\n 'rect',\n 'stop',\n 'style',\n 'switch',\n 'symbol',\n 'text',\n 'textpath',\n 'title',\n 'tref',\n 'tspan',\n 'view',\n 'vkern',\n]);\n\nexport const svgFilters = freeze([\n 'feBlend',\n 'feColorMatrix',\n 'feComponentTransfer',\n 'feComposite',\n 'feConvolveMatrix',\n 'feDiffuseLighting',\n 'feDisplacementMap',\n 'feDistantLight',\n 'feDropShadow',\n 'feFlood',\n 'feFuncA',\n 'feFuncB',\n 'feFuncG',\n 'feFuncR',\n 'feGaussianBlur',\n 'feImage',\n 'feMerge',\n 'feMergeNode',\n 'feMorphology',\n 'feOffset',\n 'fePointLight',\n 'feSpecularLighting',\n 'feSpotLight',\n 'feTile',\n 'feTurbulence',\n]);\n\n// List of SVG elements that are disallowed by default.\n// We still need to know them so that we can do namespace\n// checks properly in case one wants to add them to\n// allow-list.\nexport const svgDisallowed = freeze([\n 'animate',\n 'color-profile',\n 'cursor',\n 'discard',\n 'font-face',\n 'font-face-format',\n 'font-face-name',\n 'font-face-src',\n 'font-face-uri',\n 'foreignobject',\n 'hatch',\n 'hatchpath',\n 'mesh',\n 'meshgradient',\n 'meshpatch',\n 'meshrow',\n 'missing-glyph',\n 'script',\n 'set',\n 'solidcolor',\n 'unknown',\n 'use',\n]);\n\nexport const mathMl = freeze([\n 'math',\n 'menclose',\n 'merror',\n 'mfenced',\n 'mfrac',\n 'mglyph',\n 'mi',\n 'mlabeledtr',\n 'mmultiscripts',\n 'mn',\n 'mo',\n 'mover',\n 'mpadded',\n 'mphantom',\n 'mroot',\n 'mrow',\n 'ms',\n 'mspace',\n 'msqrt',\n 'mstyle',\n 'msub',\n 'msup',\n 'msubsup',\n 'mtable',\n 'mtd',\n 'mtext',\n 'mtr',\n 'munder',\n 'munderover',\n 'mprescripts',\n]);\n\n// Similarly to SVG, we want to know all MathML elements,\n// even those that we disallow by default.\nexport const mathMlDisallowed = freeze([\n 'maction',\n 'maligngroup',\n 'malignmark',\n 'mlongdiv',\n 'mscarries',\n 'mscarry',\n 'msgroup',\n 'mstack',\n 'msline',\n 'msrow',\n 'semantics',\n 'annotation',\n 'annotation-xml',\n 'mprescripts',\n 'none',\n]);\n\nexport const text = freeze(['#text']);\n","import { freeze } from './utils.js';\n\nexport const html = freeze([\n 'accept',\n 'action',\n 'align',\n 'alt',\n 'autocapitalize',\n 'autocomplete',\n 'autopictureinpicture',\n 'autoplay',\n 'background',\n 'bgcolor',\n 'border',\n 'capture',\n 'cellpadding',\n 'cellspacing',\n 'checked',\n 'cite',\n 'class',\n 'clear',\n 'color',\n 'cols',\n 'colspan',\n 'controls',\n 'controlslist',\n 'coords',\n 'crossorigin',\n 'datetime',\n 'decoding',\n 'default',\n 'dir',\n 'disabled',\n 'disablepictureinpicture',\n 'disableremoteplayback',\n 'download',\n 'draggable',\n 'enctype',\n 'enterkeyhint',\n 'face',\n 'for',\n 'headers',\n 'height',\n 'hidden',\n 'high',\n 'href',\n 'hreflang',\n 'id',\n 'inputmode',\n 'integrity',\n 'ismap',\n 'kind',\n 'label',\n 'lang',\n 'list',\n 'loading',\n 'loop',\n 'low',\n 'max',\n 'maxlength',\n 'media',\n 'method',\n 'min',\n 'minlength',\n 'multiple',\n 'muted',\n 'name',\n 'nonce',\n 'noshade',\n 'novalidate',\n 'nowrap',\n 'open',\n 'optimum',\n 'pattern',\n 'placeholder',\n 'playsinline',\n 'popover',\n 'popovertarget',\n 'popovertargetaction',\n 'poster',\n 'preload',\n 'pubdate',\n 'radiogroup',\n 'readonly',\n 'rel',\n 'required',\n 'rev',\n 'reversed',\n 'role',\n 'rows',\n 'rowspan',\n 'spellcheck',\n 'scope',\n 'selected',\n 'shape',\n 'size',\n 'sizes',\n 'span',\n 'srclang',\n 'start',\n 'src',\n 'srcset',\n 'step',\n 'style',\n 'summary',\n 'tabindex',\n 'title',\n 'translate',\n 'type',\n 'usemap',\n 'valign',\n 'value',\n 'width',\n 'wrap',\n 'xmlns',\n 'slot',\n]);\n\nexport const svg = freeze([\n 'accent-height',\n 'accumulate',\n 'additive',\n 'alignment-baseline',\n 'amplitude',\n 'ascent',\n 'attributename',\n 'attributetype',\n 'azimuth',\n 'basefrequency',\n 'baseline-shift',\n 'begin',\n 'bias',\n 'by',\n 'class',\n 'clip',\n 'clippathunits',\n 'clip-path',\n 'clip-rule',\n 'color',\n 'color-interpolation',\n 'color-interpolation-filters',\n 'color-profile',\n 'color-rendering',\n 'cx',\n 'cy',\n 'd',\n 'dx',\n 'dy',\n 'diffuseconstant',\n 'direction',\n 'display',\n 'divisor',\n 'dur',\n 'edgemode',\n 'elevation',\n 'end',\n 'exponent',\n 'fill',\n 'fill-opacity',\n 'fill-rule',\n 'filter',\n 'filterunits',\n 'flood-color',\n 'flood-opacity',\n 'font-family',\n 'font-size',\n 'font-size-adjust',\n 'font-stretch',\n 'font-style',\n 'font-variant',\n 'font-weight',\n 'fx',\n 'fy',\n 'g1',\n 'g2',\n 'glyph-name',\n 'glyphref',\n 'gradientunits',\n 'gradienttransform',\n 'height',\n 'href',\n 'id',\n 'image-rendering',\n 'in',\n 'in2',\n 'intercept',\n 'k',\n 'k1',\n 'k2',\n 'k3',\n 'k4',\n 'kerning',\n 'keypoints',\n 'keysplines',\n 'keytimes',\n 'lang',\n 'lengthadjust',\n 'letter-spacing',\n 'kernelmatrix',\n 'kernelunitlength',\n 'lighting-color',\n 'local',\n 'marker-end',\n 'marker-mid',\n 'marker-start',\n 'markerheight',\n 'markerunits',\n 'markerwidth',\n 'maskcontentunits',\n 'maskunits',\n 'max',\n 'mask',\n 'media',\n 'method',\n 'mode',\n 'min',\n 'name',\n 'numoctaves',\n 'offset',\n 'operator',\n 'opacity',\n 'order',\n 'orient',\n 'orientation',\n 'origin',\n 'overflow',\n 'paint-order',\n 'path',\n 'pathlength',\n 'patterncontentunits',\n 'patterntransform',\n 'patternunits',\n 'points',\n 'preservealpha',\n 'preserveaspectratio',\n 'primitiveunits',\n 'r',\n 'rx',\n 'ry',\n 'radius',\n 'refx',\n 'refy',\n 'repeatcount',\n 'repeatdur',\n 'restart',\n 'result',\n 'rotate',\n 'scale',\n 'seed',\n 'shape-rendering',\n 'slope',\n 'specularconstant',\n 'specularexponent',\n 'spreadmethod',\n 'startoffset',\n 'stddeviation',\n 'stitchtiles',\n 'stop-color',\n 'stop-opacity',\n 'stroke-dasharray',\n 'stroke-dashoffset',\n 'stroke-linecap',\n 'stroke-linejoin',\n 'stroke-miterlimit',\n 'stroke-opacity',\n 'stroke',\n 'stroke-width',\n 'style',\n 'surfacescale',\n 'systemlanguage',\n 'tabindex',\n 'tablevalues',\n 'targetx',\n 'targety',\n 'transform',\n 'transform-origin',\n 'text-anchor',\n 'text-decoration',\n 'text-rendering',\n 'textlength',\n 'type',\n 'u1',\n 'u2',\n 'unicode',\n 'values',\n 'viewbox',\n 'visibility',\n 'version',\n 'vert-adv-y',\n 'vert-origin-x',\n 'vert-origin-y',\n 'width',\n 'word-spacing',\n 'wrap',\n 'writing-mode',\n 'xchannelselector',\n 'ychannelselector',\n 'x',\n 'x1',\n 'x2',\n 'xmlns',\n 'y',\n 'y1',\n 'y2',\n 'z',\n 'zoomandpan',\n]);\n\nexport const mathMl = freeze([\n 'accent',\n 'accentunder',\n 'align',\n 'bevelled',\n 'close',\n 'columnsalign',\n 'columnlines',\n 'columnspan',\n 'denomalign',\n 'depth',\n 'dir',\n 'display',\n 'displaystyle',\n 'encoding',\n 'fence',\n 'frame',\n 'height',\n 'href',\n 'id',\n 'largeop',\n 'length',\n 'linethickness',\n 'lspace',\n 'lquote',\n 'mathbackground',\n 'mathcolor',\n 'mathsize',\n 'mathvariant',\n 'maxsize',\n 'minsize',\n 'movablelimits',\n 'notation',\n 'numalign',\n 'open',\n 'rowalign',\n 'rowlines',\n 'rowspacing',\n 'rowspan',\n 'rspace',\n 'rquote',\n 'scriptlevel',\n 'scriptminsize',\n 'scriptsizemultiplier',\n 'selection',\n 'separator',\n 'separators',\n 'stretchy',\n 'subscriptshift',\n 'supscriptshift',\n 'symmetric',\n 'voffset',\n 'width',\n 'xmlns',\n]);\n\nexport const xml = freeze([\n 'xlink:href',\n 'xml:id',\n 'xlink:title',\n 'xml:space',\n 'xmlns:xlink',\n]);\n","import { seal } from './utils.js';\n\n// eslint-disable-next-line unicorn/better-regex\nexport const MUSTACHE_EXPR = seal(/\\{\\{[\\w\\W]*|[\\w\\W]*\\}\\}/gm); // Specify template detection regex for SAFE_FOR_TEMPLATES mode\nexport const ERB_EXPR = seal(/<%[\\w\\W]*|[\\w\\W]*%>/gm);\nexport const TMPLIT_EXPR = seal(/\\${[\\w\\W]*}/gm);\nexport const DATA_ATTR = seal(/^data-[\\-\\w.\\u00B7-\\uFFFF]/); // eslint-disable-line no-useless-escape\nexport const ARIA_ATTR = seal(/^aria-[\\-\\w]+$/); // eslint-disable-line no-useless-escape\nexport const IS_ALLOWED_URI = seal(\n /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\\-]+(?:[^a-z+.\\-:]|$))/i // eslint-disable-line no-useless-escape\n);\nexport const IS_SCRIPT_OR_DATA = seal(/^(?:\\w+script|data):/i);\nexport const ATTR_WHITESPACE = seal(\n /[\\u0000-\\u0020\\u00A0\\u1680\\u180E\\u2000-\\u2029\\u205F\\u3000]/g // eslint-disable-line no-control-regex\n);\nexport const DOCTYPE_NAME = seal(/^html$/i);\nexport const CUSTOM_ELEMENT = seal(/^[a-z][.\\w]*(-[.\\w]+)+$/i);\n","import * as TAGS from './tags.js';\nimport * as ATTRS from './attrs.js';\nimport * as EXPRESSIONS from './regexp.js';\nimport {\n addToSet,\n clone,\n entries,\n freeze,\n arrayForEach,\n arrayPop,\n arrayPush,\n stringMatch,\n stringReplace,\n stringToLowerCase,\n stringToString,\n stringIndexOf,\n stringTrim,\n regExpTest,\n typeErrorCreate,\n lookupGetter,\n create,\n objectHasOwnProperty,\n} from './utils.js';\n\n// https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType\nconst NODE_TYPE = {\n element: 1,\n attribute: 2,\n text: 3,\n cdataSection: 4,\n entityReference: 5, // Deprecated\n entityNode: 6, // Deprecated\n progressingInstruction: 7,\n comment: 8,\n document: 9,\n documentType: 10,\n documentFragment: 11,\n notation: 12, // Deprecated\n};\n\nconst getGlobal = function () {\n return typeof window === 'undefined' ? null : window;\n};\n\n/**\n * Creates a no-op policy for internal use only.\n * Don't export this function outside this module!\n * @param {TrustedTypePolicyFactory} trustedTypes The policy factory.\n * @param {HTMLScriptElement} purifyHostElement The Script element used to load DOMPurify (to determine policy name suffix).\n * @return {TrustedTypePolicy} The policy created (or null, if Trusted Types\n * are not supported or creating the policy failed).\n */\nconst _createTrustedTypesPolicy = function (trustedTypes, purifyHostElement) {\n if (\n typeof trustedTypes !== 'object' ||\n typeof trustedTypes.createPolicy !== 'function'\n ) {\n return null;\n }\n\n // Allow the callers to control the unique policy name\n // by adding a data-tt-policy-suffix to the script element with the DOMPurify.\n // Policy creation with duplicate names throws in Trusted Types.\n let suffix = null;\n const ATTR_NAME = 'data-tt-policy-suffix';\n if (purifyHostElement && purifyHostElement.hasAttribute(ATTR_NAME)) {\n suffix = purifyHostElement.getAttribute(ATTR_NAME);\n }\n\n const policyName = 'dompurify' + (suffix ? '#' + suffix : '');\n\n try {\n return trustedTypes.createPolicy(policyName, {\n createHTML(html) {\n return html;\n },\n createScriptURL(scriptUrl) {\n return scriptUrl;\n },\n });\n } catch (_) {\n // Policy creation failed (most likely another DOMPurify script has\n // already run). Skip creating the policy, as this will only cause errors\n // if TT are enforced.\n console.warn(\n 'TrustedTypes policy ' + policyName + ' could not be created.'\n );\n return null;\n }\n};\n\nfunction createDOMPurify(window = getGlobal()) {\n const DOMPurify = (root) => createDOMPurify(root);\n\n /**\n * Version label, exposed for easier checks\n * if DOMPurify is up to date or not\n */\n DOMPurify.version = VERSION;\n\n /**\n * Array of elements that DOMPurify removed during sanitation.\n * Empty if nothing was removed.\n */\n DOMPurify.removed = [];\n\n if (\n !window ||\n !window.document ||\n window.document.nodeType !== NODE_TYPE.document\n ) {\n // Not running in a browser, provide a factory function\n // so that you can pass your own Window\n DOMPurify.isSupported = false;\n\n return DOMPurify;\n }\n\n let { document } = window;\n\n const originalDocument = document;\n const currentScript = originalDocument.currentScript;\n const {\n DocumentFragment,\n HTMLTemplateElement,\n Node,\n Element,\n NodeFilter,\n NamedNodeMap = window.NamedNodeMap || window.MozNamedAttrMap,\n HTMLFormElement,\n DOMParser,\n trustedTypes,\n } = window;\n\n const ElementPrototype = Element.prototype;\n\n const cloneNode = lookupGetter(ElementPrototype, 'cloneNode');\n const remove = lookupGetter(ElementPrototype, 'remove');\n const getNextSibling = lookupGetter(ElementPrototype, 'nextSibling');\n const getChildNodes = lookupGetter(ElementPrototype, 'childNodes');\n const getParentNode = lookupGetter(ElementPrototype, 'parentNode');\n\n // As per issue #47, the web-components registry is inherited by a\n // new document created via createHTMLDocument. As per the spec\n // (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)\n // a new empty registry is used when creating a template contents owner\n // document, so we use that as our parent document to ensure nothing\n // is inherited.\n if (typeof HTMLTemplateElement === 'function') {\n const template = document.createElement('template');\n if (template.content && template.content.ownerDocument) {\n document = template.content.ownerDocument;\n }\n }\n\n let trustedTypesPolicy;\n let emptyHTML = '';\n\n const {\n implementation,\n createNodeIterator,\n createDocumentFragment,\n getElementsByTagName,\n } = document;\n const { importNode } = originalDocument;\n\n let hooks = {};\n\n /**\n * Expose whether this browser supports running the full DOMPurify.\n */\n DOMPurify.isSupported =\n typeof entries === 'function' &&\n typeof getParentNode === 'function' &&\n implementation &&\n implementation.createHTMLDocument !== undefined;\n\n const {\n MUSTACHE_EXPR,\n ERB_EXPR,\n TMPLIT_EXPR,\n DATA_ATTR,\n ARIA_ATTR,\n IS_SCRIPT_OR_DATA,\n ATTR_WHITESPACE,\n CUSTOM_ELEMENT,\n } = EXPRESSIONS;\n\n let { IS_ALLOWED_URI } = EXPRESSIONS;\n\n /**\n * We consider the elements and attributes below to be safe. Ideally\n * don't add any new ones but feel free to remove unwanted ones.\n */\n\n /* allowed element names */\n let ALLOWED_TAGS = null;\n const DEFAULT_ALLOWED_TAGS = addToSet({}, [\n ...TAGS.html,\n ...TAGS.svg,\n ...TAGS.svgFilters,\n ...TAGS.mathMl,\n ...TAGS.text,\n ]);\n\n /* Allowed attribute names */\n let ALLOWED_ATTR = null;\n const DEFAULT_ALLOWED_ATTR = addToSet({}, [\n ...ATTRS.html,\n ...ATTRS.svg,\n ...ATTRS.mathMl,\n ...ATTRS.xml,\n ]);\n\n /*\n * Configure how DOMPUrify should handle custom elements and their attributes as well as customized built-in elements.\n * @property {RegExp|Function|null} tagNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any custom elements)\n * @property {RegExp|Function|null} attributeNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any attributes not on the allow list)\n * @property {boolean} allowCustomizedBuiltInElements allow custom elements derived from built-ins if they pass CUSTOM_ELEMENT_HANDLING.tagNameCheck. Default: `false`.\n */\n let CUSTOM_ELEMENT_HANDLING = Object.seal(\n create(null, {\n tagNameCheck: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: null,\n },\n attributeNameCheck: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: null,\n },\n allowCustomizedBuiltInElements: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: false,\n },\n })\n );\n\n /* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */\n let FORBID_TAGS = null;\n\n /* Explicitly forbidden attributes (overrides ALLOWED_ATTR/ADD_ATTR) */\n let FORBID_ATTR = null;\n\n /* Decide if ARIA attributes are okay */\n let ALLOW_ARIA_ATTR = true;\n\n /* Decide if custom data attributes are okay */\n let ALLOW_DATA_ATTR = true;\n\n /* Decide if unknown protocols are okay */\n let ALLOW_UNKNOWN_PROTOCOLS = false;\n\n /* Decide if self-closing tags in attributes are allowed.\n * Usually removed due to a mXSS issue in jQuery 3.0 */\n let ALLOW_SELF_CLOSE_IN_ATTR = true;\n\n /* Output should be safe for common template engines.\n * This means, DOMPurify removes data attributes, mustaches and ERB\n */\n let SAFE_FOR_TEMPLATES = false;\n\n /* Output should be safe even for XML used within HTML and alike.\n * This means, DOMPurify removes comments when containing risky content.\n */\n let SAFE_FOR_XML = true;\n\n /* Decide if document with ... should be returned */\n let WHOLE_DOCUMENT = false;\n\n /* Track whether config is already set on this instance of DOMPurify. */\n let SET_CONFIG = false;\n\n /* Decide if all elements (e.g. style, script) must be children of\n * document.body. By default, browsers might move them to document.head */\n let FORCE_BODY = false;\n\n /* Decide if a DOM `HTMLBodyElement` should be returned, instead of a html\n * string (or a TrustedHTML object if Trusted Types are supported).\n * If `WHOLE_DOCUMENT` is enabled a `HTMLHtmlElement` will be returned instead\n */\n let RETURN_DOM = false;\n\n /* Decide if a DOM `DocumentFragment` should be returned, instead of a html\n * string (or a TrustedHTML object if Trusted Types are supported) */\n let RETURN_DOM_FRAGMENT = false;\n\n /* Try to return a Trusted Type object instead of a string, return a string in\n * case Trusted Types are not supported */\n let RETURN_TRUSTED_TYPE = false;\n\n /* Output should be free from DOM clobbering attacks?\n * This sanitizes markups named with colliding, clobberable built-in DOM APIs.\n */\n let SANITIZE_DOM = true;\n\n /* Achieve full DOM Clobbering protection by isolating the namespace of named\n * properties and JS variables, mitigating attacks that abuse the HTML/DOM spec rules.\n *\n * HTML/DOM spec rules that enable DOM Clobbering:\n * - Named Access on Window (§7.3.3)\n * - DOM Tree Accessors (§3.1.5)\n * - Form Element Parent-Child Relations (§4.10.3)\n * - Iframe srcdoc / Nested WindowProxies (§4.8.5)\n * - HTMLCollection (§4.2.10.2)\n *\n * Namespace isolation is implemented by prefixing `id` and `name` attributes\n * with a constant string, i.e., `user-content-`\n */\n let SANITIZE_NAMED_PROPS = false;\n const SANITIZE_NAMED_PROPS_PREFIX = 'user-content-';\n\n /* Keep element content when removing element? */\n let KEEP_CONTENT = true;\n\n /* If a `Node` is passed to sanitize(), then performs sanitization in-place instead\n * of importing it into a new Document and returning a sanitized copy */\n let IN_PLACE = false;\n\n /* Allow usage of profiles like html, svg and mathMl */\n let USE_PROFILES = {};\n\n /* Tags to ignore content of when KEEP_CONTENT is true */\n let FORBID_CONTENTS = null;\n const DEFAULT_FORBID_CONTENTS = addToSet({}, [\n 'annotation-xml',\n 'audio',\n 'colgroup',\n 'desc',\n 'foreignobject',\n 'head',\n 'iframe',\n 'math',\n 'mi',\n 'mn',\n 'mo',\n 'ms',\n 'mtext',\n 'noembed',\n 'noframes',\n 'noscript',\n 'plaintext',\n 'script',\n 'style',\n 'svg',\n 'template',\n 'thead',\n 'title',\n 'video',\n 'xmp',\n ]);\n\n /* Tags that are safe for data: URIs */\n let DATA_URI_TAGS = null;\n const DEFAULT_DATA_URI_TAGS = addToSet({}, [\n 'audio',\n 'video',\n 'img',\n 'source',\n 'image',\n 'track',\n ]);\n\n /* Attributes safe for values like \"javascript:\" */\n let URI_SAFE_ATTRIBUTES = null;\n const DEFAULT_URI_SAFE_ATTRIBUTES = addToSet({}, [\n 'alt',\n 'class',\n 'for',\n 'id',\n 'label',\n 'name',\n 'pattern',\n 'placeholder',\n 'role',\n 'summary',\n 'title',\n 'value',\n 'style',\n 'xmlns',\n ]);\n\n const MATHML_NAMESPACE = 'http://www.w3.org/1998/Math/MathML';\n const SVG_NAMESPACE = 'http://www.w3.org/2000/svg';\n const HTML_NAMESPACE = 'http://www.w3.org/1999/xhtml';\n /* Document namespace */\n let NAMESPACE = HTML_NAMESPACE;\n let IS_EMPTY_INPUT = false;\n\n /* Allowed XHTML+XML namespaces */\n let ALLOWED_NAMESPACES = null;\n const DEFAULT_ALLOWED_NAMESPACES = addToSet(\n {},\n [MATHML_NAMESPACE, SVG_NAMESPACE, HTML_NAMESPACE],\n stringToString\n );\n\n let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, [\n 'mi',\n 'mo',\n 'mn',\n 'ms',\n 'mtext',\n ]);\n\n let HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']);\n\n // Certain elements are allowed in both SVG and HTML\n // namespace. We need to specify them explicitly\n // so that they don't get erroneously deleted from\n // HTML namespace.\n const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, [\n 'title',\n 'style',\n 'font',\n 'a',\n 'script',\n ]);\n\n /* Parsing of strict XHTML documents */\n let PARSER_MEDIA_TYPE = null;\n const SUPPORTED_PARSER_MEDIA_TYPES = ['application/xhtml+xml', 'text/html'];\n const DEFAULT_PARSER_MEDIA_TYPE = 'text/html';\n let transformCaseFunc = null;\n\n /* Keep a reference to config to pass to hooks */\n let CONFIG = null;\n\n /* Ideally, do not touch anything below this line */\n /* ______________________________________________ */\n\n const formElement = document.createElement('form');\n\n const isRegexOrFunction = function (testValue) {\n return testValue instanceof RegExp || testValue instanceof Function;\n };\n\n /**\n * _parseConfig\n *\n * @param {Object} cfg optional config literal\n */\n // eslint-disable-next-line complexity\n const _parseConfig = function (cfg = {}) {\n if (CONFIG && CONFIG === cfg) {\n return;\n }\n\n /* Shield configuration object from tampering */\n if (!cfg || typeof cfg !== 'object') {\n cfg = {};\n }\n\n /* Shield configuration object from prototype pollution */\n cfg = clone(cfg);\n\n PARSER_MEDIA_TYPE =\n // eslint-disable-next-line unicorn/prefer-includes\n SUPPORTED_PARSER_MEDIA_TYPES.indexOf(cfg.PARSER_MEDIA_TYPE) === -1\n ? DEFAULT_PARSER_MEDIA_TYPE\n : cfg.PARSER_MEDIA_TYPE;\n\n // HTML tags and attributes are not case-sensitive, converting to lowercase. Keeping XHTML as is.\n transformCaseFunc =\n PARSER_MEDIA_TYPE === 'application/xhtml+xml'\n ? stringToString\n : stringToLowerCase;\n\n /* Set configuration parameters */\n ALLOWED_TAGS = objectHasOwnProperty(cfg, 'ALLOWED_TAGS')\n ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc)\n : DEFAULT_ALLOWED_TAGS;\n ALLOWED_ATTR = objectHasOwnProperty(cfg, 'ALLOWED_ATTR')\n ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc)\n : DEFAULT_ALLOWED_ATTR;\n ALLOWED_NAMESPACES = objectHasOwnProperty(cfg, 'ALLOWED_NAMESPACES')\n ? addToSet({}, cfg.ALLOWED_NAMESPACES, stringToString)\n : DEFAULT_ALLOWED_NAMESPACES;\n URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR')\n ? addToSet(\n clone(DEFAULT_URI_SAFE_ATTRIBUTES), // eslint-disable-line indent\n cfg.ADD_URI_SAFE_ATTR, // eslint-disable-line indent\n transformCaseFunc // eslint-disable-line indent\n ) // eslint-disable-line indent\n : DEFAULT_URI_SAFE_ATTRIBUTES;\n DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS')\n ? addToSet(\n clone(DEFAULT_DATA_URI_TAGS), // eslint-disable-line indent\n cfg.ADD_DATA_URI_TAGS, // eslint-disable-line indent\n transformCaseFunc // eslint-disable-line indent\n ) // eslint-disable-line indent\n : DEFAULT_DATA_URI_TAGS;\n FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS')\n ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc)\n : DEFAULT_FORBID_CONTENTS;\n FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS')\n ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc)\n : {};\n FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR')\n ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc)\n : {};\n USE_PROFILES = objectHasOwnProperty(cfg, 'USE_PROFILES')\n ? cfg.USE_PROFILES\n : false;\n ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true\n ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true\n ALLOW_UNKNOWN_PROTOCOLS = cfg.ALLOW_UNKNOWN_PROTOCOLS || false; // Default false\n ALLOW_SELF_CLOSE_IN_ATTR = cfg.ALLOW_SELF_CLOSE_IN_ATTR !== false; // Default true\n SAFE_FOR_TEMPLATES = cfg.SAFE_FOR_TEMPLATES || false; // Default false\n SAFE_FOR_XML = cfg.SAFE_FOR_XML !== false; // Default true\n WHOLE_DOCUMENT = cfg.WHOLE_DOCUMENT || false; // Default false\n RETURN_DOM = cfg.RETURN_DOM || false; // Default false\n RETURN_DOM_FRAGMENT = cfg.RETURN_DOM_FRAGMENT || false; // Default false\n RETURN_TRUSTED_TYPE = cfg.RETURN_TRUSTED_TYPE || false; // Default false\n FORCE_BODY = cfg.FORCE_BODY || false; // Default false\n SANITIZE_DOM = cfg.SANITIZE_DOM !== false; // Default true\n SANITIZE_NAMED_PROPS = cfg.SANITIZE_NAMED_PROPS || false; // Default false\n KEEP_CONTENT = cfg.KEEP_CONTENT !== false; // Default true\n IN_PLACE = cfg.IN_PLACE || false; // Default false\n IS_ALLOWED_URI = cfg.ALLOWED_URI_REGEXP || EXPRESSIONS.IS_ALLOWED_URI;\n NAMESPACE = cfg.NAMESPACE || HTML_NAMESPACE;\n MATHML_TEXT_INTEGRATION_POINTS =\n cfg.MATHML_TEXT_INTEGRATION_POINTS || MATHML_TEXT_INTEGRATION_POINTS;\n HTML_INTEGRATION_POINTS =\n cfg.HTML_INTEGRATION_POINTS || HTML_INTEGRATION_POINTS;\n\n CUSTOM_ELEMENT_HANDLING = cfg.CUSTOM_ELEMENT_HANDLING || {};\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck)\n ) {\n CUSTOM_ELEMENT_HANDLING.tagNameCheck =\n cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck;\n }\n\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)\n ) {\n CUSTOM_ELEMENT_HANDLING.attributeNameCheck =\n cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck;\n }\n\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n typeof cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements ===\n 'boolean'\n ) {\n CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements =\n cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements;\n }\n\n if (SAFE_FOR_TEMPLATES) {\n ALLOW_DATA_ATTR = false;\n }\n\n if (RETURN_DOM_FRAGMENT) {\n RETURN_DOM = true;\n }\n\n /* Parse profile info */\n if (USE_PROFILES) {\n ALLOWED_TAGS = addToSet({}, TAGS.text);\n ALLOWED_ATTR = [];\n if (USE_PROFILES.html === true) {\n addToSet(ALLOWED_TAGS, TAGS.html);\n addToSet(ALLOWED_ATTR, ATTRS.html);\n }\n\n if (USE_PROFILES.svg === true) {\n addToSet(ALLOWED_TAGS, TAGS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n\n if (USE_PROFILES.svgFilters === true) {\n addToSet(ALLOWED_TAGS, TAGS.svgFilters);\n addToSet(ALLOWED_ATTR, ATTRS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n\n if (USE_PROFILES.mathMl === true) {\n addToSet(ALLOWED_TAGS, TAGS.mathMl);\n addToSet(ALLOWED_ATTR, ATTRS.mathMl);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n }\n\n /* Merge configuration parameters */\n if (cfg.ADD_TAGS) {\n if (ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) {\n ALLOWED_TAGS = clone(ALLOWED_TAGS);\n }\n\n addToSet(ALLOWED_TAGS, cfg.ADD_TAGS, transformCaseFunc);\n }\n\n if (cfg.ADD_ATTR) {\n if (ALLOWED_ATTR === DEFAULT_ALLOWED_ATTR) {\n ALLOWED_ATTR = clone(ALLOWED_ATTR);\n }\n\n addToSet(ALLOWED_ATTR, cfg.ADD_ATTR, transformCaseFunc);\n }\n\n if (cfg.ADD_URI_SAFE_ATTR) {\n addToSet(URI_SAFE_ATTRIBUTES, cfg.ADD_URI_SAFE_ATTR, transformCaseFunc);\n }\n\n if (cfg.FORBID_CONTENTS) {\n if (FORBID_CONTENTS === DEFAULT_FORBID_CONTENTS) {\n FORBID_CONTENTS = clone(FORBID_CONTENTS);\n }\n\n addToSet(FORBID_CONTENTS, cfg.FORBID_CONTENTS, transformCaseFunc);\n }\n\n /* Add #text in case KEEP_CONTENT is set to true */\n if (KEEP_CONTENT) {\n ALLOWED_TAGS['#text'] = true;\n }\n\n /* Add html, head and body to ALLOWED_TAGS in case WHOLE_DOCUMENT is true */\n if (WHOLE_DOCUMENT) {\n addToSet(ALLOWED_TAGS, ['html', 'head', 'body']);\n }\n\n /* Add tbody to ALLOWED_TAGS in case tables are permitted, see #286, #365 */\n if (ALLOWED_TAGS.table) {\n addToSet(ALLOWED_TAGS, ['tbody']);\n delete FORBID_TAGS.tbody;\n }\n\n if (cfg.TRUSTED_TYPES_POLICY) {\n if (typeof cfg.TRUSTED_TYPES_POLICY.createHTML !== 'function') {\n throw typeErrorCreate(\n 'TRUSTED_TYPES_POLICY configuration option must provide a \"createHTML\" hook.'\n );\n }\n\n if (typeof cfg.TRUSTED_TYPES_POLICY.createScriptURL !== 'function') {\n throw typeErrorCreate(\n 'TRUSTED_TYPES_POLICY configuration option must provide a \"createScriptURL\" hook.'\n );\n }\n\n // Overwrite existing TrustedTypes policy.\n trustedTypesPolicy = cfg.TRUSTED_TYPES_POLICY;\n\n // Sign local variables required by `sanitize`.\n emptyHTML = trustedTypesPolicy.createHTML('');\n } else {\n // Uninitialized policy, attempt to initialize the internal dompurify policy.\n if (trustedTypesPolicy === undefined) {\n trustedTypesPolicy = _createTrustedTypesPolicy(\n trustedTypes,\n currentScript\n );\n }\n\n // If creating the internal policy succeeded sign internal variables.\n if (trustedTypesPolicy !== null && typeof emptyHTML === 'string') {\n emptyHTML = trustedTypesPolicy.createHTML('');\n }\n }\n\n // Prevent further manipulation of configuration.\n // Not available in IE8, Safari 5, etc.\n if (freeze) {\n freeze(cfg);\n }\n\n CONFIG = cfg;\n };\n\n /* Keep track of all possible SVG and MathML tags\n * so that we can perform the namespace checks\n * correctly. */\n const ALL_SVG_TAGS = addToSet({}, [\n ...TAGS.svg,\n ...TAGS.svgFilters,\n ...TAGS.svgDisallowed,\n ]);\n const ALL_MATHML_TAGS = addToSet({}, [\n ...TAGS.mathMl,\n ...TAGS.mathMlDisallowed,\n ]);\n\n /**\n * @param {Element} element a DOM element whose namespace is being checked\n * @returns {boolean} Return false if the element has a\n * namespace that a spec-compliant parser would never\n * return. Return true otherwise.\n */\n const _checkValidNamespace = function (element) {\n let parent = getParentNode(element);\n\n // In JSDOM, if we're inside shadow DOM, then parentNode\n // can be null. We just simulate parent in this case.\n if (!parent || !parent.tagName) {\n parent = {\n namespaceURI: NAMESPACE,\n tagName: 'template',\n };\n }\n\n const tagName = stringToLowerCase(element.tagName);\n const parentTagName = stringToLowerCase(parent.tagName);\n\n if (!ALLOWED_NAMESPACES[element.namespaceURI]) {\n return false;\n }\n\n if (element.namespaceURI === SVG_NAMESPACE) {\n // The only way to switch from HTML namespace to SVG\n // is via . If it happens via any other tag, then\n // it should be killed.\n if (parent.namespaceURI === HTML_NAMESPACE) {\n return tagName === 'svg';\n }\n\n // The only way to switch from MathML to SVG is via`\n // svg if parent is either or MathML\n // text integration points.\n if (parent.namespaceURI === MATHML_NAMESPACE) {\n return (\n tagName === 'svg' &&\n (parentTagName === 'annotation-xml' ||\n MATHML_TEXT_INTEGRATION_POINTS[parentTagName])\n );\n }\n\n // We only allow elements that are defined in SVG\n // spec. All others are disallowed in SVG namespace.\n return Boolean(ALL_SVG_TAGS[tagName]);\n }\n\n if (element.namespaceURI === MATHML_NAMESPACE) {\n // The only way to switch from HTML namespace to MathML\n // is via . If it happens via any other tag, then\n // it should be killed.\n if (parent.namespaceURI === HTML_NAMESPACE) {\n return tagName === 'math';\n }\n\n // The only way to switch from SVG to MathML is via\n // and HTML integration points\n if (parent.namespaceURI === SVG_NAMESPACE) {\n return tagName === 'math' && HTML_INTEGRATION_POINTS[parentTagName];\n }\n\n // We only allow elements that are defined in MathML\n // spec. All others are disallowed in MathML namespace.\n return Boolean(ALL_MATHML_TAGS[tagName]);\n }\n\n if (element.namespaceURI === HTML_NAMESPACE) {\n // The only way to switch from SVG to HTML is via\n // HTML integration points, and from MathML to HTML\n // is via MathML text integration points\n if (\n parent.namespaceURI === SVG_NAMESPACE &&\n !HTML_INTEGRATION_POINTS[parentTagName]\n ) {\n return false;\n }\n\n if (\n parent.namespaceURI === MATHML_NAMESPACE &&\n !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]\n ) {\n return false;\n }\n\n // We disallow tags that are specific for MathML\n // or SVG and should never appear in HTML namespace\n return (\n !ALL_MATHML_TAGS[tagName] &&\n (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName])\n );\n }\n\n // For XHTML and XML documents that support custom namespaces\n if (\n PARSER_MEDIA_TYPE === 'application/xhtml+xml' &&\n ALLOWED_NAMESPACES[element.namespaceURI]\n ) {\n return true;\n }\n\n // The code should never reach this place (this means\n // that the element somehow got namespace that is not\n // HTML, SVG, MathML or allowed via ALLOWED_NAMESPACES).\n // Return false just in case.\n return false;\n };\n\n /**\n * _forceRemove\n *\n * @param {Node} node a DOM node\n */\n const _forceRemove = function (node) {\n arrayPush(DOMPurify.removed, { element: node });\n\n try {\n // eslint-disable-next-line unicorn/prefer-dom-node-remove\n getParentNode(node).removeChild(node);\n } catch (_) {\n remove(node);\n }\n };\n\n /**\n * _removeAttribute\n *\n * @param {String} name an Attribute name\n * @param {Node} node a DOM node\n */\n const _removeAttribute = function (name, node) {\n try {\n arrayPush(DOMPurify.removed, {\n attribute: node.getAttributeNode(name),\n from: node,\n });\n } catch (_) {\n arrayPush(DOMPurify.removed, {\n attribute: null,\n from: node,\n });\n }\n\n node.removeAttribute(name);\n\n // We void attribute values for unremovable \"is\"\" attributes\n if (name === 'is' && !ALLOWED_ATTR[name]) {\n if (RETURN_DOM || RETURN_DOM_FRAGMENT) {\n try {\n _forceRemove(node);\n } catch (_) {}\n } else {\n try {\n node.setAttribute(name, '');\n } catch (_) {}\n }\n }\n };\n\n /**\n * _initDocument\n *\n * @param {String} dirty a string of dirty markup\n * @return {Document} a DOM, filled with the dirty markup\n */\n const _initDocument = function (dirty) {\n /* Create a HTML document */\n let doc = null;\n let leadingWhitespace = null;\n\n if (FORCE_BODY) {\n dirty = '' + dirty;\n } else {\n /* If FORCE_BODY isn't used, leading whitespace needs to be preserved manually */\n const matches = stringMatch(dirty, /^[\\r\\n\\t ]+/);\n leadingWhitespace = matches && matches[0];\n }\n\n if (\n PARSER_MEDIA_TYPE === 'application/xhtml+xml' &&\n NAMESPACE === HTML_NAMESPACE\n ) {\n // Root of XHTML doc must contain xmlns declaration (see https://www.w3.org/TR/xhtml1/normative.html#strict)\n dirty =\n '' +\n dirty +\n '';\n }\n\n const dirtyPayload = trustedTypesPolicy\n ? trustedTypesPolicy.createHTML(dirty)\n : dirty;\n /*\n * Use the DOMParser API by default, fallback later if needs be\n * DOMParser not work for svg when has multiple root element.\n */\n if (NAMESPACE === HTML_NAMESPACE) {\n try {\n doc = new DOMParser().parseFromString(dirtyPayload, PARSER_MEDIA_TYPE);\n } catch (_) {}\n }\n\n /* Use createHTMLDocument in case DOMParser is not available */\n if (!doc || !doc.documentElement) {\n doc = implementation.createDocument(NAMESPACE, 'template', null);\n try {\n doc.documentElement.innerHTML = IS_EMPTY_INPUT\n ? emptyHTML\n : dirtyPayload;\n } catch (_) {\n // Syntax error if dirtyPayload is invalid xml\n }\n }\n\n const body = doc.body || doc.documentElement;\n\n if (dirty && leadingWhitespace) {\n body.insertBefore(\n document.createTextNode(leadingWhitespace),\n body.childNodes[0] || null\n );\n }\n\n /* Work on whole document or just its body */\n if (NAMESPACE === HTML_NAMESPACE) {\n return getElementsByTagName.call(\n doc,\n WHOLE_DOCUMENT ? 'html' : 'body'\n )[0];\n }\n\n return WHOLE_DOCUMENT ? doc.documentElement : body;\n };\n\n /**\n * Creates a NodeIterator object that you can use to traverse filtered lists of nodes or elements in a document.\n *\n * @param {Node} root The root element or node to start traversing on.\n * @return {NodeIterator} The created NodeIterator\n */\n const _createNodeIterator = function (root) {\n return createNodeIterator.call(\n root.ownerDocument || root,\n root,\n // eslint-disable-next-line no-bitwise\n NodeFilter.SHOW_ELEMENT |\n NodeFilter.SHOW_COMMENT |\n NodeFilter.SHOW_TEXT |\n NodeFilter.SHOW_PROCESSING_INSTRUCTION |\n NodeFilter.SHOW_CDATA_SECTION,\n null\n );\n };\n\n /**\n * _isClobbered\n *\n * @param {Node} elm element to check for clobbering attacks\n * @return {Boolean} true if clobbered, false if safe\n */\n const _isClobbered = function (elm) {\n return (\n elm instanceof HTMLFormElement &&\n (typeof elm.nodeName !== 'string' ||\n typeof elm.textContent !== 'string' ||\n typeof elm.removeChild !== 'function' ||\n !(elm.attributes instanceof NamedNodeMap) ||\n typeof elm.removeAttribute !== 'function' ||\n typeof elm.setAttribute !== 'function' ||\n typeof elm.namespaceURI !== 'string' ||\n typeof elm.insertBefore !== 'function' ||\n typeof elm.hasChildNodes !== 'function')\n );\n };\n\n /**\n * Checks whether the given object is a DOM node.\n *\n * @param {Node} object object to check whether it's a DOM node\n * @return {Boolean} true is object is a DOM node\n */\n const _isNode = function (object) {\n return typeof Node === 'function' && object instanceof Node;\n };\n\n /**\n * _executeHook\n * Execute user configurable hooks\n *\n * @param {String} entryPoint Name of the hook's entry point\n * @param {Node} currentNode node to work on with the hook\n * @param {Object} data additional hook parameters\n */\n const _executeHook = function (entryPoint, currentNode, data) {\n if (!hooks[entryPoint]) {\n return;\n }\n\n arrayForEach(hooks[entryPoint], (hook) => {\n hook.call(DOMPurify, currentNode, data, CONFIG);\n });\n };\n\n /**\n * _sanitizeElements\n *\n * @protect nodeName\n * @protect textContent\n * @protect removeChild\n *\n * @param {Node} currentNode to check for permission to exist\n * @return {Boolean} true if node was killed, false if left alive\n */\n const _sanitizeElements = function (currentNode) {\n let content = null;\n\n /* Execute a hook if present */\n _executeHook('beforeSanitizeElements', currentNode, null);\n\n /* Check if element is clobbered or can clobber */\n if (_isClobbered(currentNode)) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Now let's check the element's type and name */\n const tagName = transformCaseFunc(currentNode.nodeName);\n\n /* Execute a hook if present */\n _executeHook('uponSanitizeElement', currentNode, {\n tagName,\n allowedTags: ALLOWED_TAGS,\n });\n\n /* Detect mXSS attempts abusing namespace confusion */\n if (\n currentNode.hasChildNodes() &&\n !_isNode(currentNode.firstElementChild) &&\n regExpTest(/<[/\\w]/g, currentNode.innerHTML) &&\n regExpTest(/<[/\\w]/g, currentNode.textContent)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Remove any occurrence of processing instructions */\n if (currentNode.nodeType === NODE_TYPE.progressingInstruction) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Remove any kind of possibly harmful comments */\n if (\n SAFE_FOR_XML &&\n currentNode.nodeType === NODE_TYPE.comment &&\n regExpTest(/<[/\\w]/g, currentNode.data)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Remove element if anything forbids its presence */\n if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {\n /* Check if we have a custom element to handle */\n if (!FORBID_TAGS[tagName] && _isBasicCustomElement(tagName)) {\n if (\n CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, tagName)\n ) {\n return false;\n }\n\n if (\n CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(tagName)\n ) {\n return false;\n }\n }\n\n /* Keep content except for bad-listed elements */\n if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) {\n const parentNode = getParentNode(currentNode) || currentNode.parentNode;\n const childNodes = getChildNodes(currentNode) || currentNode.childNodes;\n\n if (childNodes && parentNode) {\n const childCount = childNodes.length;\n\n for (let i = childCount - 1; i >= 0; --i) {\n const childClone = cloneNode(childNodes[i], true);\n childClone.__removalCount = (currentNode.__removalCount || 0) + 1;\n parentNode.insertBefore(childClone, getNextSibling(currentNode));\n }\n }\n }\n\n _forceRemove(currentNode);\n return true;\n }\n\n /* Check whether element has a valid namespace */\n if (currentNode instanceof Element && !_checkValidNamespace(currentNode)) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Make sure that older browsers don't get fallback-tag mXSS */\n if (\n (tagName === 'noscript' ||\n tagName === 'noembed' ||\n tagName === 'noframes') &&\n regExpTest(/<\\/no(script|embed|frames)/i, currentNode.innerHTML)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Sanitize element content to be template-safe */\n if (SAFE_FOR_TEMPLATES && currentNode.nodeType === NODE_TYPE.text) {\n /* Get the element's text content */\n content = currentNode.textContent;\n\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\n content = stringReplace(content, expr, ' ');\n });\n\n if (currentNode.textContent !== content) {\n arrayPush(DOMPurify.removed, { element: currentNode.cloneNode() });\n currentNode.textContent = content;\n }\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeElements', currentNode, null);\n\n return false;\n };\n\n /**\n * _isValidAttribute\n *\n * @param {string} lcTag Lowercase tag name of containing element.\n * @param {string} lcName Lowercase attribute name.\n * @param {string} value Attribute value.\n * @return {Boolean} Returns true if `value` is valid, otherwise false.\n */\n // eslint-disable-next-line complexity\n const _isValidAttribute = function (lcTag, lcName, value) {\n /* Make sure attribute cannot clobber */\n if (\n SANITIZE_DOM &&\n (lcName === 'id' || lcName === 'name') &&\n (value in document || value in formElement)\n ) {\n return false;\n }\n\n /* Allow valid data-* attributes: At least one character after \"-\"\n (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)\n XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804)\n We don't need to check the value; it's always URI safe. */\n if (\n ALLOW_DATA_ATTR &&\n !FORBID_ATTR[lcName] &&\n regExpTest(DATA_ATTR, lcName)\n ) {\n // This attribute is safe\n } else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR, lcName)) {\n // This attribute is safe\n /* Otherwise, check the name is permitted */\n } else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) {\n if (\n // First condition does a very basic check if a) it's basically a valid custom element tagname AND\n // b) if the tagName passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck\n // and c) if the attribute name passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.attributeNameCheck\n (_isBasicCustomElement(lcTag) &&\n ((CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, lcTag)) ||\n (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(lcTag))) &&\n ((CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.attributeNameCheck, lcName)) ||\n (CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.attributeNameCheck(lcName)))) ||\n // Alternative, second condition checks if it's an `is`-attribute, AND\n // the value passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck\n (lcName === 'is' &&\n CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements &&\n ((CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, value)) ||\n (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(value))))\n ) {\n // If user has supplied a regexp or function in CUSTOM_ELEMENT_HANDLING.tagNameCheck, we need to also allow derived custom elements using the same tagName test.\n // Additionally, we need to allow attributes passing the CUSTOM_ELEMENT_HANDLING.attributeNameCheck user has configured, as custom elements can define these at their own discretion.\n } else {\n return false;\n }\n /* Check value is safe. First, is attr inert? If so, is safe */\n } else if (URI_SAFE_ATTRIBUTES[lcName]) {\n // This attribute is safe\n /* Check no script, data or unknown possibly unsafe URI\n unless we know URI values are safe for that attribute */\n } else if (\n regExpTest(IS_ALLOWED_URI, stringReplace(value, ATTR_WHITESPACE, ''))\n ) {\n // This attribute is safe\n /* Keep image data URIs alive if src/xlink:href is allowed */\n /* Further prevent gadget XSS for dynamically built script tags */\n } else if (\n (lcName === 'src' || lcName === 'xlink:href' || lcName === 'href') &&\n lcTag !== 'script' &&\n stringIndexOf(value, 'data:') === 0 &&\n DATA_URI_TAGS[lcTag]\n ) {\n // This attribute is safe\n /* Allow unknown protocols: This provides support for links that\n are handled by protocol handlers which may be unknown ahead of\n time, e.g. fb:, spotify: */\n } else if (\n ALLOW_UNKNOWN_PROTOCOLS &&\n !regExpTest(IS_SCRIPT_OR_DATA, stringReplace(value, ATTR_WHITESPACE, ''))\n ) {\n // This attribute is safe\n /* Check for binary attributes */\n } else if (value) {\n return false;\n } else {\n // Binary attributes are safe at this point\n /* Anything else, presume unsafe, do not add it back */\n }\n\n return true;\n };\n\n /**\n * _isBasicCustomElement\n * checks if at least one dash is included in tagName, and it's not the first char\n * for more sophisticated checking see https://github.com/sindresorhus/validate-element-name\n *\n * @param {string} tagName name of the tag of the node to sanitize\n * @returns {boolean} Returns true if the tag name meets the basic criteria for a custom element, otherwise false.\n */\n const _isBasicCustomElement = function (tagName) {\n return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT);\n };\n\n /**\n * _sanitizeAttributes\n *\n * @protect attributes\n * @protect nodeName\n * @protect removeAttribute\n * @protect setAttribute\n *\n * @param {Node} currentNode to sanitize\n */\n const _sanitizeAttributes = function (currentNode) {\n /* Execute a hook if present */\n _executeHook('beforeSanitizeAttributes', currentNode, null);\n\n const { attributes } = currentNode;\n\n /* Check if we have attributes; if not we might have a text node */\n if (!attributes) {\n return;\n }\n\n const hookEvent = {\n attrName: '',\n attrValue: '',\n keepAttr: true,\n allowedAttributes: ALLOWED_ATTR,\n };\n let l = attributes.length;\n\n /* Go backwards over all attributes; safely remove bad ones */\n while (l--) {\n const attr = attributes[l];\n const { name, namespaceURI, value: attrValue } = attr;\n const lcName = transformCaseFunc(name);\n\n let value = name === 'value' ? attrValue : stringTrim(attrValue);\n\n /* Execute a hook if present */\n hookEvent.attrName = lcName;\n hookEvent.attrValue = value;\n hookEvent.keepAttr = true;\n hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set\n _executeHook('uponSanitizeAttribute', currentNode, hookEvent);\n value = hookEvent.attrValue;\n\n /* Full DOM Clobbering protection via namespace isolation,\n * Prefix id and name attributes with `user-content-`\n */\n if (SANITIZE_NAMED_PROPS && (lcName === 'id' || lcName === 'name')) {\n // Remove the attribute with this value\n _removeAttribute(name, currentNode);\n\n // Prefix the value and later re-create the attribute with the sanitized value\n value = SANITIZE_NAMED_PROPS_PREFIX + value;\n }\n\n /* Work around a security issue with comments inside attributes */\n if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\\/(style|title)/i, value)) {\n _removeAttribute(name, currentNode);\n continue;\n }\n\n /* Did the hooks approve of the attribute? */\n if (hookEvent.forceKeepAttr) {\n continue;\n }\n\n /* Remove attribute */\n _removeAttribute(name, currentNode);\n\n /* Did the hooks approve of the attribute? */\n if (!hookEvent.keepAttr) {\n continue;\n }\n\n /* Work around a security issue in jQuery 3.0 */\n if (!ALLOW_SELF_CLOSE_IN_ATTR && regExpTest(/\\/>/i, value)) {\n _removeAttribute(name, currentNode);\n continue;\n }\n\n /* Sanitize attribute content to be template-safe */\n if (SAFE_FOR_TEMPLATES) {\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\n value = stringReplace(value, expr, ' ');\n });\n }\n\n /* Is `value` valid for this attribute? */\n const lcTag = transformCaseFunc(currentNode.nodeName);\n if (!_isValidAttribute(lcTag, lcName, value)) {\n continue;\n }\n\n /* Handle attributes that require Trusted Types */\n if (\n trustedTypesPolicy &&\n typeof trustedTypes === 'object' &&\n typeof trustedTypes.getAttributeType === 'function'\n ) {\n if (namespaceURI) {\n /* Namespaces are not yet supported, see https://bugs.chromium.org/p/chromium/issues/detail?id=1305293 */\n } else {\n switch (trustedTypes.getAttributeType(lcTag, lcName)) {\n case 'TrustedHTML': {\n value = trustedTypesPolicy.createHTML(value);\n break;\n }\n\n case 'TrustedScriptURL': {\n value = trustedTypesPolicy.createScriptURL(value);\n break;\n }\n\n default: {\n break;\n }\n }\n }\n }\n\n /* Handle invalid data-* attribute set by try-catching it */\n try {\n if (namespaceURI) {\n currentNode.setAttributeNS(namespaceURI, name, value);\n } else {\n /* Fallback to setAttribute() for browser-unrecognized namespaces e.g. \"x-schema\". */\n currentNode.setAttribute(name, value);\n }\n\n if (_isClobbered(currentNode)) {\n _forceRemove(currentNode);\n } else {\n arrayPop(DOMPurify.removed);\n }\n } catch (_) {}\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeAttributes', currentNode, null);\n };\n\n /**\n * _sanitizeShadowDOM\n *\n * @param {DocumentFragment} fragment to iterate over recursively\n */\n const _sanitizeShadowDOM = function (fragment) {\n let shadowNode = null;\n const shadowIterator = _createNodeIterator(fragment);\n\n /* Execute a hook if present */\n _executeHook('beforeSanitizeShadowDOM', fragment, null);\n\n while ((shadowNode = shadowIterator.nextNode())) {\n /* Execute a hook if present */\n _executeHook('uponSanitizeShadowNode', shadowNode, null);\n\n /* Sanitize tags and elements */\n if (_sanitizeElements(shadowNode)) {\n continue;\n }\n\n /* Deep shadow DOM detected */\n if (shadowNode.content instanceof DocumentFragment) {\n _sanitizeShadowDOM(shadowNode.content);\n }\n\n /* Check attributes, sanitize if necessary */\n _sanitizeAttributes(shadowNode);\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeShadowDOM', fragment, null);\n };\n\n /**\n * Sanitize\n * Public method providing core sanitation functionality\n *\n * @param {String|Node} dirty string or DOM node\n * @param {Object} cfg object\n */\n // eslint-disable-next-line complexity\n DOMPurify.sanitize = function (dirty, cfg = {}) {\n let body = null;\n let importedNode = null;\n let currentNode = null;\n let returnNode = null;\n /* Make sure we have a string to sanitize.\n DO NOT return early, as this will return the wrong type if\n the user has requested a DOM object rather than a string */\n IS_EMPTY_INPUT = !dirty;\n if (IS_EMPTY_INPUT) {\n dirty = '';\n }\n\n /* Stringify, in case dirty is an object */\n if (typeof dirty !== 'string' && !_isNode(dirty)) {\n if (typeof dirty.toString === 'function') {\n dirty = dirty.toString();\n if (typeof dirty !== 'string') {\n throw typeErrorCreate('dirty is not a string, aborting');\n }\n } else {\n throw typeErrorCreate('toString is not a function');\n }\n }\n\n /* Return dirty HTML if DOMPurify cannot run */\n if (!DOMPurify.isSupported) {\n return dirty;\n }\n\n /* Assign config vars */\n if (!SET_CONFIG) {\n _parseConfig(cfg);\n }\n\n /* Clean up removed elements */\n DOMPurify.removed = [];\n\n /* Check if dirty is correctly typed for IN_PLACE */\n if (typeof dirty === 'string') {\n IN_PLACE = false;\n }\n\n if (IN_PLACE) {\n /* Do some early pre-sanitization to avoid unsafe root nodes */\n if (dirty.nodeName) {\n const tagName = transformCaseFunc(dirty.nodeName);\n if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {\n throw typeErrorCreate(\n 'root node is forbidden and cannot be sanitized in-place'\n );\n }\n }\n } else if (dirty instanceof Node) {\n /* If dirty is a DOM element, append to an empty document to avoid\n elements being stripped by the parser */\n body = _initDocument('');\n importedNode = body.ownerDocument.importNode(dirty, true);\n if (\n importedNode.nodeType === NODE_TYPE.element &&\n importedNode.nodeName === 'BODY'\n ) {\n /* Node is already a body, use as is */\n body = importedNode;\n } else if (importedNode.nodeName === 'HTML') {\n body = importedNode;\n } else {\n // eslint-disable-next-line unicorn/prefer-dom-node-append\n body.appendChild(importedNode);\n }\n } else {\n /* Exit directly if we have nothing to do */\n if (\n !RETURN_DOM &&\n !SAFE_FOR_TEMPLATES &&\n !WHOLE_DOCUMENT &&\n // eslint-disable-next-line unicorn/prefer-includes\n dirty.indexOf('<') === -1\n ) {\n return trustedTypesPolicy && RETURN_TRUSTED_TYPE\n ? trustedTypesPolicy.createHTML(dirty)\n : dirty;\n }\n\n /* Initialize the document to work on */\n body = _initDocument(dirty);\n\n /* Check we have a DOM node from the data */\n if (!body) {\n return RETURN_DOM ? null : RETURN_TRUSTED_TYPE ? emptyHTML : '';\n }\n }\n\n /* Remove first element node (ours) if FORCE_BODY is set */\n if (body && FORCE_BODY) {\n _forceRemove(body.firstChild);\n }\n\n /* Get node iterator */\n const nodeIterator = _createNodeIterator(IN_PLACE ? dirty : body);\n\n /* Now start iterating over the created document */\n while ((currentNode = nodeIterator.nextNode())) {\n /* Sanitize tags and elements */\n if (_sanitizeElements(currentNode)) {\n continue;\n }\n\n /* Shadow DOM detected, sanitize it */\n if (currentNode.content instanceof DocumentFragment) {\n _sanitizeShadowDOM(currentNode.content);\n }\n\n /* Check attributes, sanitize if necessary */\n _sanitizeAttributes(currentNode);\n }\n\n /* If we sanitized `dirty` in-place, return it. */\n if (IN_PLACE) {\n return dirty;\n }\n\n /* Return sanitized string or DOM */\n if (RETURN_DOM) {\n if (RETURN_DOM_FRAGMENT) {\n returnNode = createDocumentFragment.call(body.ownerDocument);\n\n while (body.firstChild) {\n // eslint-disable-next-line unicorn/prefer-dom-node-append\n returnNode.appendChild(body.firstChild);\n }\n } else {\n returnNode = body;\n }\n\n if (ALLOWED_ATTR.shadowroot || ALLOWED_ATTR.shadowrootmode) {\n /*\n AdoptNode() is not used because internal state is not reset\n (e.g. the past names map of a HTMLFormElement), this is safe\n in theory but we would rather not risk another attack vector.\n The state that is cloned by importNode() is explicitly defined\n by the specs.\n */\n returnNode = importNode.call(originalDocument, returnNode, true);\n }\n\n return returnNode;\n }\n\n let serializedHTML = WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML;\n\n /* Serialize doctype if allowed */\n if (\n WHOLE_DOCUMENT &&\n ALLOWED_TAGS['!doctype'] &&\n body.ownerDocument &&\n body.ownerDocument.doctype &&\n body.ownerDocument.doctype.name &&\n regExpTest(EXPRESSIONS.DOCTYPE_NAME, body.ownerDocument.doctype.name)\n ) {\n serializedHTML =\n '\\n' + serializedHTML;\n }\n\n /* Sanitize final string template-safe */\n if (SAFE_FOR_TEMPLATES) {\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\n serializedHTML = stringReplace(serializedHTML, expr, ' ');\n });\n }\n\n return trustedTypesPolicy && RETURN_TRUSTED_TYPE\n ? trustedTypesPolicy.createHTML(serializedHTML)\n : serializedHTML;\n };\n\n /**\n * Public method to set the configuration once\n * setConfig\n *\n * @param {Object} cfg configuration object\n */\n DOMPurify.setConfig = function (cfg = {}) {\n _parseConfig(cfg);\n SET_CONFIG = true;\n };\n\n /**\n * Public method to remove the configuration\n * clearConfig\n *\n */\n DOMPurify.clearConfig = function () {\n CONFIG = null;\n SET_CONFIG = false;\n };\n\n /**\n * Public method to check if an attribute value is valid.\n * Uses last set config, if any. Otherwise, uses config defaults.\n * isValidAttribute\n *\n * @param {String} tag Tag name of containing element.\n * @param {String} attr Attribute name.\n * @param {String} value Attribute value.\n * @return {Boolean} Returns true if `value` is valid. Otherwise, returns false.\n */\n DOMPurify.isValidAttribute = function (tag, attr, value) {\n /* Initialize shared config vars if necessary. */\n if (!CONFIG) {\n _parseConfig({});\n }\n\n const lcTag = transformCaseFunc(tag);\n const lcName = transformCaseFunc(attr);\n return _isValidAttribute(lcTag, lcName, value);\n };\n\n /**\n * AddHook\n * Public method to add DOMPurify hooks\n *\n * @param {String} entryPoint entry point for the hook to add\n * @param {Function} hookFunction function to execute\n */\n DOMPurify.addHook = function (entryPoint, hookFunction) {\n if (typeof hookFunction !== 'function') {\n return;\n }\n\n hooks[entryPoint] = hooks[entryPoint] || [];\n arrayPush(hooks[entryPoint], hookFunction);\n };\n\n /**\n * RemoveHook\n * Public method to remove a DOMPurify hook at a given entryPoint\n * (pops it from the stack of hooks if more are present)\n *\n * @param {String} entryPoint entry point for the hook to remove\n * @return {Function} removed(popped) hook\n */\n DOMPurify.removeHook = function (entryPoint) {\n if (hooks[entryPoint]) {\n return arrayPop(hooks[entryPoint]);\n }\n };\n\n /**\n * RemoveHooks\n * Public method to remove all DOMPurify hooks at a given entryPoint\n *\n * @param {String} entryPoint entry point for the hooks to remove\n */\n DOMPurify.removeHooks = function (entryPoint) {\n if (hooks[entryPoint]) {\n hooks[entryPoint] = [];\n }\n };\n\n /**\n * RemoveAllHooks\n * Public method to remove all DOMPurify hooks\n */\n DOMPurify.removeAllHooks = function () {\n hooks = {};\n };\n\n return DOMPurify;\n}\n\nexport default createDOMPurify();\n"],"names":["entries","setPrototypeOf","isFrozen","getPrototypeOf","getOwnPropertyDescriptor","Object","freeze","seal","create","apply","construct","Reflect","x","fun","thisValue","args","Func","arrayForEach","unapply","Array","prototype","forEach","arrayPop","pop","arrayPush","push","stringToLowerCase","String","toLowerCase","stringToString","toString","stringMatch","match","stringReplace","replace","stringIndexOf","indexOf","stringTrim","trim","objectHasOwnProperty","hasOwnProperty","regExpTest","RegExp","test","typeErrorCreate","unconstruct","TypeError","func","thisArg","_len","arguments","length","_key","_len2","_key2","addToSet","set","array","transformCaseFunc","undefined","l","element","lcElement","cleanArray","index","isPropertyExist","clone","object","newObject","property","value","isArray","constructor","lookupGetter","prop","desc","get","fallbackValue","html","svg","svgFilters","svgDisallowed","mathMl","mathMlDisallowed","text","xml","MUSTACHE_EXPR","ERB_EXPR","TMPLIT_EXPR","DATA_ATTR","ARIA_ATTR","IS_ALLOWED_URI","IS_SCRIPT_OR_DATA","ATTR_WHITESPACE","DOCTYPE_NAME","CUSTOM_ELEMENT","NODE_TYPE","attribute","cdataSection","entityReference","entityNode","progressingInstruction","comment","document","documentType","documentFragment","notation","getGlobal","window","_createTrustedTypesPolicy","trustedTypes","purifyHostElement","createPolicy","suffix","ATTR_NAME","hasAttribute","getAttribute","policyName","createHTML","createScriptURL","scriptUrl","_","console","warn","createDOMPurify","DOMPurify","root","version","VERSION","removed","nodeType","isSupported","originalDocument","currentScript","DocumentFragment","HTMLTemplateElement","Node","Element","NodeFilter","NamedNodeMap","MozNamedAttrMap","HTMLFormElement","DOMParser","ElementPrototype","cloneNode","remove","getNextSibling","getChildNodes","getParentNode","template","createElement","content","ownerDocument","trustedTypesPolicy","emptyHTML","implementation","createNodeIterator","createDocumentFragment","getElementsByTagName","importNode","hooks","createHTMLDocument","EXPRESSIONS","ALLOWED_TAGS","DEFAULT_ALLOWED_TAGS","TAGS","ALLOWED_ATTR","DEFAULT_ALLOWED_ATTR","ATTRS","CUSTOM_ELEMENT_HANDLING","tagNameCheck","writable","configurable","enumerable","attributeNameCheck","allowCustomizedBuiltInElements","FORBID_TAGS","FORBID_ATTR","ALLOW_ARIA_ATTR","ALLOW_DATA_ATTR","ALLOW_UNKNOWN_PROTOCOLS","ALLOW_SELF_CLOSE_IN_ATTR","SAFE_FOR_TEMPLATES","SAFE_FOR_XML","WHOLE_DOCUMENT","SET_CONFIG","FORCE_BODY","RETURN_DOM","RETURN_DOM_FRAGMENT","RETURN_TRUSTED_TYPE","SANITIZE_DOM","SANITIZE_NAMED_PROPS","SANITIZE_NAMED_PROPS_PREFIX","KEEP_CONTENT","IN_PLACE","USE_PROFILES","FORBID_CONTENTS","DEFAULT_FORBID_CONTENTS","DATA_URI_TAGS","DEFAULT_DATA_URI_TAGS","URI_SAFE_ATTRIBUTES","DEFAULT_URI_SAFE_ATTRIBUTES","MATHML_NAMESPACE","SVG_NAMESPACE","HTML_NAMESPACE","NAMESPACE","IS_EMPTY_INPUT","ALLOWED_NAMESPACES","DEFAULT_ALLOWED_NAMESPACES","MATHML_TEXT_INTEGRATION_POINTS","HTML_INTEGRATION_POINTS","COMMON_SVG_AND_HTML_ELEMENTS","PARSER_MEDIA_TYPE","SUPPORTED_PARSER_MEDIA_TYPES","DEFAULT_PARSER_MEDIA_TYPE","CONFIG","formElement","isRegexOrFunction","testValue","Function","_parseConfig","cfg","ADD_URI_SAFE_ATTR","ADD_DATA_URI_TAGS","ALLOWED_URI_REGEXP","ADD_TAGS","ADD_ATTR","table","tbody","TRUSTED_TYPES_POLICY","ALL_SVG_TAGS","ALL_MATHML_TAGS","_checkValidNamespace","parent","tagName","namespaceURI","parentTagName","Boolean","_forceRemove","node","removeChild","_removeAttribute","name","getAttributeNode","from","removeAttribute","setAttribute","_initDocument","dirty","doc","leadingWhitespace","matches","dirtyPayload","parseFromString","documentElement","createDocument","innerHTML","body","insertBefore","createTextNode","childNodes","call","_createNodeIterator","SHOW_ELEMENT","SHOW_COMMENT","SHOW_TEXT","SHOW_PROCESSING_INSTRUCTION","SHOW_CDATA_SECTION","_isClobbered","elm","nodeName","textContent","attributes","hasChildNodes","_isNode","_executeHook","entryPoint","currentNode","data","hook","_sanitizeElements","allowedTags","firstElementChild","_isBasicCustomElement","parentNode","childCount","i","childClone","__removalCount","expr","_isValidAttribute","lcTag","lcName","_sanitizeAttributes","hookEvent","attrName","attrValue","keepAttr","allowedAttributes","attr","forceKeepAttr","getAttributeType","setAttributeNS","_sanitizeShadowDOM","fragment","shadowNode","shadowIterator","nextNode","sanitize","importedNode","returnNode","appendChild","firstChild","nodeIterator","shadowroot","shadowrootmode","serializedHTML","outerHTML","doctype","setConfig","clearConfig","isValidAttribute","tag","addHook","hookFunction","removeHook","removeHooks","removeAllHooks"],"mappings":";;;;AAAA,MAAM;EACJA,OAAO;EACPC,cAAc;EACdC,QAAQ;EACRC,cAAc;AACdC,EAAAA,wBAAAA;AACF,CAAC,GAAGC,MAAM,CAAA;AAEV,IAAI;EAAEC,MAAM;EAAEC,IAAI;AAAEC,EAAAA,MAAAA;AAAO,CAAC,GAAGH,MAAM,CAAC;AACtC,IAAI;EAAEI,KAAK;AAAEC,EAAAA,SAAAA;AAAU,CAAC,GAAG,OAAOC,OAAO,KAAK,WAAW,IAAIA,OAAO,CAAA;AAEpE,IAAI,CAACL,MAAM,EAAE;AACXA,EAAAA,MAAM,GAAG,SAAAA,MAAUM,CAAAA,CAAC,EAAE;AACpB,IAAA,OAAOA,CAAC,CAAA;GACT,CAAA;AACH,CAAA;AAEA,IAAI,CAACL,IAAI,EAAE;AACTA,EAAAA,IAAI,GAAG,SAAAA,IAAUK,CAAAA,CAAC,EAAE;AAClB,IAAA,OAAOA,CAAC,CAAA;GACT,CAAA;AACH,CAAA;AAEA,IAAI,CAACH,KAAK,EAAE;EACVA,KAAK,GAAG,SAAAA,KAAUI,CAAAA,GAAG,EAAEC,SAAS,EAAEC,IAAI,EAAE;AACtC,IAAA,OAAOF,GAAG,CAACJ,KAAK,CAACK,SAAS,EAAEC,IAAI,CAAC,CAAA;GAClC,CAAA;AACH,CAAA;AAEA,IAAI,CAACL,SAAS,EAAE;AACdA,EAAAA,SAAS,GAAG,SAAAA,SAAAA,CAAUM,IAAI,EAAED,IAAI,EAAE;AAChC,IAAA,OAAO,IAAIC,IAAI,CAAC,GAAGD,IAAI,CAAC,CAAA;GACzB,CAAA;AACH,CAAA;AAEA,MAAME,YAAY,GAAGC,OAAO,CAACC,KAAK,CAACC,SAAS,CAACC,OAAO,CAAC,CAAA;AAErD,MAAMC,QAAQ,GAAGJ,OAAO,CAACC,KAAK,CAACC,SAAS,CAACG,GAAG,CAAC,CAAA;AAC7C,MAAMC,SAAS,GAAGN,OAAO,CAACC,KAAK,CAACC,SAAS,CAACK,IAAI,CAAC,CAAA;AAG/C,MAAMC,iBAAiB,GAAGR,OAAO,CAACS,MAAM,CAACP,SAAS,CAACQ,WAAW,CAAC,CAAA;AAC/D,MAAMC,cAAc,GAAGX,OAAO,CAACS,MAAM,CAACP,SAAS,CAACU,QAAQ,CAAC,CAAA;AACzD,MAAMC,WAAW,GAAGb,OAAO,CAACS,MAAM,CAACP,SAAS,CAACY,KAAK,CAAC,CAAA;AACnD,MAAMC,aAAa,GAAGf,OAAO,CAACS,MAAM,CAACP,SAAS,CAACc,OAAO,CAAC,CAAA;AACvD,MAAMC,aAAa,GAAGjB,OAAO,CAACS,MAAM,CAACP,SAAS,CAACgB,OAAO,CAAC,CAAA;AACvD,MAAMC,UAAU,GAAGnB,OAAO,CAACS,MAAM,CAACP,SAAS,CAACkB,IAAI,CAAC,CAAA;AAEjD,MAAMC,oBAAoB,GAAGrB,OAAO,CAACb,MAAM,CAACe,SAAS,CAACoB,cAAc,CAAC,CAAA;AAErE,MAAMC,UAAU,GAAGvB,OAAO,CAACwB,MAAM,CAACtB,SAAS,CAACuB,IAAI,CAAC,CAAA;AAEjD,MAAMC,eAAe,GAAGC,WAAW,CAACC,SAAS,CAAC,CAAA;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA,SAAS5B,OAAOA,CAAC6B,IAAI,EAAE;AACrB,EAAA,OAAO,UAACC,OAAO,EAAA;IAAA,KAAAC,IAAAA,IAAA,GAAAC,SAAA,CAAAC,MAAA,EAAKpC,IAAI,OAAAI,KAAA,CAAA8B,IAAA,GAAAA,CAAAA,GAAAA,IAAA,WAAAG,IAAA,GAAA,CAAA,EAAAA,IAAA,GAAAH,IAAA,EAAAG,IAAA,EAAA,EAAA;AAAJrC,MAAAA,IAAI,CAAAqC,IAAA,GAAAF,CAAAA,CAAAA,GAAAA,SAAA,CAAAE,IAAA,CAAA,CAAA;AAAA,KAAA;AAAA,IAAA,OAAK3C,KAAK,CAACsC,IAAI,EAAEC,OAAO,EAAEjC,IAAI,CAAC,CAAA;AAAA,GAAA,CAAA;AACzD,CAAA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS8B,WAAWA,CAACE,IAAI,EAAE;EACzB,OAAO,YAAA;AAAA,IAAA,KAAA,IAAAM,KAAA,GAAAH,SAAA,CAAAC,MAAA,EAAIpC,IAAI,GAAAI,IAAAA,KAAA,CAAAkC,KAAA,GAAAC,KAAA,GAAA,CAAA,EAAAA,KAAA,GAAAD,KAAA,EAAAC,KAAA,EAAA,EAAA;AAAJvC,MAAAA,IAAI,CAAAuC,KAAA,CAAAJ,GAAAA,SAAA,CAAAI,KAAA,CAAA,CAAA;AAAA,KAAA;AAAA,IAAA,OAAK5C,SAAS,CAACqC,IAAI,EAAEhC,IAAI,CAAC,CAAA;AAAA,GAAA,CAAA;AAC3C,CAAA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASwC,QAAQA,CAACC,GAAG,EAAEC,KAAK,EAAyC;AAAA,EAAA,IAAvCC,iBAAiB,GAAAR,SAAA,CAAAC,MAAA,GAAA,CAAA,IAAAD,SAAA,CAAA,CAAA,CAAA,KAAAS,SAAA,GAAAT,SAAA,CAAA,CAAA,CAAA,GAAGxB,iBAAiB,CAAA;AACjE,EAAA,IAAIzB,cAAc,EAAE;AAClB;AACA;AACA;AACAA,IAAAA,cAAc,CAACuD,GAAG,EAAE,IAAI,CAAC,CAAA;AAC3B,GAAA;AAEA,EAAA,IAAII,CAAC,GAAGH,KAAK,CAACN,MAAM,CAAA;EACpB,OAAOS,CAAC,EAAE,EAAE;AACV,IAAA,IAAIC,OAAO,GAAGJ,KAAK,CAACG,CAAC,CAAC,CAAA;AACtB,IAAA,IAAI,OAAOC,OAAO,KAAK,QAAQ,EAAE;AAC/B,MAAA,MAAMC,SAAS,GAAGJ,iBAAiB,CAACG,OAAO,CAAC,CAAA;MAC5C,IAAIC,SAAS,KAAKD,OAAO,EAAE;AACzB;AACA,QAAA,IAAI,CAAC3D,QAAQ,CAACuD,KAAK,CAAC,EAAE;AACpBA,UAAAA,KAAK,CAACG,CAAC,CAAC,GAAGE,SAAS,CAAA;AACtB,SAAA;AAEAD,QAAAA,OAAO,GAAGC,SAAS,CAAA;AACrB,OAAA;AACF,KAAA;AAEAN,IAAAA,GAAG,CAACK,OAAO,CAAC,GAAG,IAAI,CAAA;AACrB,GAAA;AAEA,EAAA,OAAOL,GAAG,CAAA;AACZ,CAAA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASO,UAAUA,CAACN,KAAK,EAAE;AACzB,EAAA,KAAK,IAAIO,KAAK,GAAG,CAAC,EAAEA,KAAK,GAAGP,KAAK,CAACN,MAAM,EAAEa,KAAK,EAAE,EAAE;AACjD,IAAA,MAAMC,eAAe,GAAG1B,oBAAoB,CAACkB,KAAK,EAAEO,KAAK,CAAC,CAAA;IAE1D,IAAI,CAACC,eAAe,EAAE;AACpBR,MAAAA,KAAK,CAACO,KAAK,CAAC,GAAG,IAAI,CAAA;AACrB,KAAA;AACF,GAAA;AAEA,EAAA,OAAOP,KAAK,CAAA;AACd,CAAA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASS,KAAKA,CAACC,MAAM,EAAE;AACrB,EAAA,MAAMC,SAAS,GAAG5D,MAAM,CAAC,IAAI,CAAC,CAAA;EAE9B,KAAK,MAAM,CAAC6D,QAAQ,EAAEC,KAAK,CAAC,IAAItE,OAAO,CAACmE,MAAM,CAAC,EAAE;AAC/C,IAAA,MAAMF,eAAe,GAAG1B,oBAAoB,CAAC4B,MAAM,EAAEE,QAAQ,CAAC,CAAA;AAE9D,IAAA,IAAIJ,eAAe,EAAE;AACnB,MAAA,IAAI9C,KAAK,CAACoD,OAAO,CAACD,KAAK,CAAC,EAAE;AACxBF,QAAAA,SAAS,CAACC,QAAQ,CAAC,GAAGN,UAAU,CAACO,KAAK,CAAC,CAAA;AACzC,OAAC,MAAM,IACLA,KAAK,IACL,OAAOA,KAAK,KAAK,QAAQ,IACzBA,KAAK,CAACE,WAAW,KAAKnE,MAAM,EAC5B;AACA+D,QAAAA,SAAS,CAACC,QAAQ,CAAC,GAAGH,KAAK,CAACI,KAAK,CAAC,CAAA;AACpC,OAAC,MAAM;AACLF,QAAAA,SAAS,CAACC,QAAQ,CAAC,GAAGC,KAAK,CAAA;AAC7B,OAAA;AACF,KAAA;AACF,GAAA;AAEA,EAAA,OAAOF,SAAS,CAAA;AAClB,CAAA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASK,YAAYA,CAACN,MAAM,EAAEO,IAAI,EAAE;EAClC,OAAOP,MAAM,KAAK,IAAI,EAAE;AACtB,IAAA,MAAMQ,IAAI,GAAGvE,wBAAwB,CAAC+D,MAAM,EAAEO,IAAI,CAAC,CAAA;AAEnD,IAAA,IAAIC,IAAI,EAAE;MACR,IAAIA,IAAI,CAACC,GAAG,EAAE;AACZ,QAAA,OAAO1D,OAAO,CAACyD,IAAI,CAACC,GAAG,CAAC,CAAA;AAC1B,OAAA;AAEA,MAAA,IAAI,OAAOD,IAAI,CAACL,KAAK,KAAK,UAAU,EAAE;AACpC,QAAA,OAAOpD,OAAO,CAACyD,IAAI,CAACL,KAAK,CAAC,CAAA;AAC5B,OAAA;AACF,KAAA;AAEAH,IAAAA,MAAM,GAAGhE,cAAc,CAACgE,MAAM,CAAC,CAAA;AACjC,GAAA;EAEA,SAASU,aAAaA,GAAG;AACvB,IAAA,OAAO,IAAI,CAAA;AACb,GAAA;AAEA,EAAA,OAAOA,aAAa,CAAA;AACtB;;AC1LO,MAAMC,MAAI,GAAGxE,MAAM,CAAC,CACzB,GAAG,EACH,MAAM,EACN,SAAS,EACT,SAAS,EACT,MAAM,EACN,SAAS,EACT,OAAO,EACP,OAAO,EACP,GAAG,EACH,KAAK,EACL,KAAK,EACL,KAAK,EACL,OAAO,EACP,YAAY,EACZ,MAAM,EACN,IAAI,EACJ,QAAQ,EACR,QAAQ,EACR,SAAS,EACT,QAAQ,EACR,MAAM,EACN,MAAM,EACN,KAAK,EACL,UAAU,EACV,SAAS,EACT,MAAM,EACN,UAAU,EACV,IAAI,EACJ,WAAW,EACX,KAAK,EACL,SAAS,EACT,KAAK,EACL,QAAQ,EACR,KAAK,EACL,KAAK,EACL,IAAI,EACJ,IAAI,EACJ,SAAS,EACT,IAAI,EACJ,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,MAAM,EACN,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,IAAI,EACJ,MAAM,EACN,GAAG,EACH,KAAK,EACL,OAAO,EACP,KAAK,EACL,KAAK,EACL,OAAO,EACP,QAAQ,EACR,IAAI,EACJ,MAAM,EACN,KAAK,EACL,MAAM,EACN,SAAS,EACT,MAAM,EACN,UAAU,EACV,OAAO,EACP,KAAK,EACL,MAAM,EACN,IAAI,EACJ,UAAU,EACV,QAAQ,EACR,QAAQ,EACR,GAAG,EACH,SAAS,EACT,KAAK,EACL,UAAU,EACV,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,GAAG,EACH,MAAM,EACN,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,KAAK,EACL,SAAS,EACT,KAAK,EACL,OAAO,EACP,OAAO,EACP,IAAI,EACJ,UAAU,EACV,UAAU,EACV,OAAO,EACP,IAAI,EACJ,OAAO,EACP,MAAM,EACN,IAAI,EACJ,OAAO,EACP,IAAI,EACJ,GAAG,EACH,IAAI,EACJ,KAAK,EACL,OAAO,EACP,KAAK,CACN,CAAC,CAAA;;AAEF;AACO,MAAMyE,KAAG,GAAGzE,MAAM,CAAC,CACxB,KAAK,EACL,GAAG,EACH,UAAU,EACV,aAAa,EACb,cAAc,EACd,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,QAAQ,EACR,UAAU,EACV,MAAM,EACN,MAAM,EACN,SAAS,EACT,QAAQ,EACR,MAAM,EACN,GAAG,EACH,OAAO,EACP,UAAU,EACV,OAAO,EACP,OAAO,EACP,MAAM,EACN,gBAAgB,EAChB,QAAQ,EACR,MAAM,EACN,UAAU,EACV,OAAO,EACP,MAAM,EACN,SAAS,EACT,SAAS,EACT,UAAU,EACV,gBAAgB,EAChB,MAAM,EACN,MAAM,EACN,OAAO,EACP,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,UAAU,EACV,OAAO,EACP,MAAM,EACN,OAAO,EACP,MAAM,EACN,OAAO,CACR,CAAC,CAAA;AAEK,MAAM0E,UAAU,GAAG1E,MAAM,CAAC,CAC/B,SAAS,EACT,eAAe,EACf,qBAAqB,EACrB,aAAa,EACb,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACT,gBAAgB,EAChB,SAAS,EACT,SAAS,EACT,aAAa,EACb,cAAc,EACd,UAAU,EACV,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,QAAQ,EACR,cAAc,CACf,CAAC,CAAA;;AAEF;AACA;AACA;AACA;AACO,MAAM2E,aAAa,GAAG3E,MAAM,CAAC,CAClC,SAAS,EACT,eAAe,EACf,QAAQ,EACR,SAAS,EACT,WAAW,EACX,kBAAkB,EAClB,gBAAgB,EAChB,eAAe,EACf,eAAe,EACf,eAAe,EACf,OAAO,EACP,WAAW,EACX,MAAM,EACN,cAAc,EACd,WAAW,EACX,SAAS,EACT,eAAe,EACf,QAAQ,EACR,KAAK,EACL,YAAY,EACZ,SAAS,EACT,KAAK,CACN,CAAC,CAAA;AAEK,MAAM4E,QAAM,GAAG5E,MAAM,CAAC,CAC3B,MAAM,EACN,UAAU,EACV,QAAQ,EACR,SAAS,EACT,OAAO,EACP,QAAQ,EACR,IAAI,EACJ,YAAY,EACZ,eAAe,EACf,IAAI,EACJ,IAAI,EACJ,OAAO,EACP,SAAS,EACT,UAAU,EACV,OAAO,EACP,MAAM,EACN,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,MAAM,EACN,MAAM,EACN,SAAS,EACT,QAAQ,EACR,KAAK,EACL,OAAO,EACP,KAAK,EACL,QAAQ,EACR,YAAY,EACZ,aAAa,CACd,CAAC,CAAA;;AAEF;AACA;AACO,MAAM6E,gBAAgB,GAAG7E,MAAM,CAAC,CACrC,SAAS,EACT,aAAa,EACb,YAAY,EACZ,UAAU,EACV,WAAW,EACX,SAAS,EACT,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,WAAW,EACX,YAAY,EACZ,gBAAgB,EAChB,aAAa,EACb,MAAM,CACP,CAAC,CAAA;AAEK,MAAM8E,IAAI,GAAG9E,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC;;ACrR9B,MAAMwE,IAAI,GAAGxE,MAAM,CAAC,CACzB,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,KAAK,EACL,gBAAgB,EAChB,cAAc,EACd,sBAAsB,EACtB,UAAU,EACV,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,SAAS,EACT,aAAa,EACb,aAAa,EACb,SAAS,EACT,MAAM,EACN,OAAO,EACP,OAAO,EACP,OAAO,EACP,MAAM,EACN,SAAS,EACT,UAAU,EACV,cAAc,EACd,QAAQ,EACR,aAAa,EACb,UAAU,EACV,UAAU,EACV,SAAS,EACT,KAAK,EACL,UAAU,EACV,yBAAyB,EACzB,uBAAuB,EACvB,UAAU,EACV,WAAW,EACX,SAAS,EACT,cAAc,EACd,MAAM,EACN,KAAK,EACL,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,MAAM,EACN,UAAU,EACV,IAAI,EACJ,WAAW,EACX,WAAW,EACX,OAAO,EACP,MAAM,EACN,OAAO,EACP,MAAM,EACN,MAAM,EACN,SAAS,EACT,MAAM,EACN,KAAK,EACL,KAAK,EACL,WAAW,EACX,OAAO,EACP,QAAQ,EACR,KAAK,EACL,WAAW,EACX,UAAU,EACV,OAAO,EACP,MAAM,EACN,OAAO,EACP,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,EACN,SAAS,EACT,SAAS,EACT,aAAa,EACb,aAAa,EACb,SAAS,EACT,eAAe,EACf,qBAAqB,EACrB,QAAQ,EACR,SAAS,EACT,SAAS,EACT,YAAY,EACZ,UAAU,EACV,KAAK,EACL,UAAU,EACV,KAAK,EACL,UAAU,EACV,MAAM,EACN,MAAM,EACN,SAAS,EACT,YAAY,EACZ,OAAO,EACP,UAAU,EACV,OAAO,EACP,MAAM,EACN,OAAO,EACP,MAAM,EACN,SAAS,EACT,OAAO,EACP,KAAK,EACL,QAAQ,EACR,MAAM,EACN,OAAO,EACP,SAAS,EACT,UAAU,EACV,OAAO,EACP,WAAW,EACX,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,OAAO,EACP,MAAM,EACN,OAAO,EACP,MAAM,CACP,CAAC,CAAA;AAEK,MAAMyE,GAAG,GAAGzE,MAAM,CAAC,CACxB,eAAe,EACf,YAAY,EACZ,UAAU,EACV,oBAAoB,EACpB,WAAW,EACX,QAAQ,EACR,eAAe,EACf,eAAe,EACf,SAAS,EACT,eAAe,EACf,gBAAgB,EAChB,OAAO,EACP,MAAM,EACN,IAAI,EACJ,OAAO,EACP,MAAM,EACN,eAAe,EACf,WAAW,EACX,WAAW,EACX,OAAO,EACP,qBAAqB,EACrB,6BAA6B,EAC7B,eAAe,EACf,iBAAiB,EACjB,IAAI,EACJ,IAAI,EACJ,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,iBAAiB,EACjB,WAAW,EACX,SAAS,EACT,SAAS,EACT,KAAK,EACL,UAAU,EACV,WAAW,EACX,KAAK,EACL,UAAU,EACV,MAAM,EACN,cAAc,EACd,WAAW,EACX,QAAQ,EACR,aAAa,EACb,aAAa,EACb,eAAe,EACf,aAAa,EACb,WAAW,EACX,kBAAkB,EAClB,cAAc,EACd,YAAY,EACZ,cAAc,EACd,aAAa,EACb,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,YAAY,EACZ,UAAU,EACV,eAAe,EACf,mBAAmB,EACnB,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,iBAAiB,EACjB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,SAAS,EACT,WAAW,EACX,YAAY,EACZ,UAAU,EACV,MAAM,EACN,cAAc,EACd,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,OAAO,EACP,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,cAAc,EACd,aAAa,EACb,aAAa,EACb,kBAAkB,EAClB,WAAW,EACX,KAAK,EACL,MAAM,EACN,OAAO,EACP,QAAQ,EACR,MAAM,EACN,KAAK,EACL,MAAM,EACN,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,SAAS,EACT,OAAO,EACP,QAAQ,EACR,aAAa,EACb,QAAQ,EACR,UAAU,EACV,aAAa,EACb,MAAM,EACN,YAAY,EACZ,qBAAqB,EACrB,kBAAkB,EAClB,cAAc,EACd,QAAQ,EACR,eAAe,EACf,qBAAqB,EACrB,gBAAgB,EAChB,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,QAAQ,EACR,MAAM,EACN,MAAM,EACN,aAAa,EACb,WAAW,EACX,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,MAAM,EACN,iBAAiB,EACjB,OAAO,EACP,kBAAkB,EAClB,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,cAAc,EACd,aAAa,EACb,YAAY,EACZ,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,gBAAgB,EAChB,QAAQ,EACR,cAAc,EACd,OAAO,EACP,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,aAAa,EACb,SAAS,EACT,SAAS,EACT,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,YAAY,EACZ,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,SAAS,EACT,QAAQ,EACR,SAAS,EACT,YAAY,EACZ,SAAS,EACT,YAAY,EACZ,eAAe,EACf,eAAe,EACf,OAAO,EACP,cAAc,EACd,MAAM,EACN,cAAc,EACd,kBAAkB,EAClB,kBAAkB,EAClB,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,OAAO,EACP,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,GAAG,EACH,YAAY,CACb,CAAC,CAAA;AAEK,MAAM4E,MAAM,GAAG5E,MAAM,CAAC,CAC3B,QAAQ,EACR,aAAa,EACb,OAAO,EACP,UAAU,EACV,OAAO,EACP,cAAc,EACd,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,OAAO,EACP,KAAK,EACL,SAAS,EACT,cAAc,EACd,UAAU,EACV,OAAO,EACP,OAAO,EACP,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,SAAS,EACT,QAAQ,EACR,eAAe,EACf,QAAQ,EACR,QAAQ,EACR,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,aAAa,EACb,SAAS,EACT,SAAS,EACT,eAAe,EACf,UAAU,EACV,UAAU,EACV,MAAM,EACN,UAAU,EACV,UAAU,EACV,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,aAAa,EACb,eAAe,EACf,sBAAsB,EACtB,WAAW,EACX,WAAW,EACX,YAAY,EACZ,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,EACX,SAAS,EACT,OAAO,EACP,OAAO,CACR,CAAC,CAAA;AAEK,MAAM+E,GAAG,GAAG/E,MAAM,CAAC,CACxB,YAAY,EACZ,QAAQ,EACR,aAAa,EACb,WAAW,EACX,aAAa,CACd,CAAC;;AChXF;AACO,MAAMgF,aAAa,GAAG/E,IAAI,CAAC,2BAA2B,CAAC,CAAC;AACxD,MAAMgF,QAAQ,GAAGhF,IAAI,CAAC,uBAAuB,CAAC,CAAA;AAC9C,MAAMiF,WAAW,GAAGjF,IAAI,CAAC,eAAe,CAAC,CAAA;AACzC,MAAMkF,SAAS,GAAGlF,IAAI,CAAC,4BAA4B,CAAC,CAAC;AACrD,MAAMmF,SAAS,GAAGnF,IAAI,CAAC,gBAAgB,CAAC,CAAC;AACzC,MAAMoF,cAAc,GAAGpF,IAAI,CAChC,2FAA2F;AAC7F,CAAC,CAAA;AACM,MAAMqF,iBAAiB,GAAGrF,IAAI,CAAC,uBAAuB,CAAC,CAAA;AACvD,MAAMsF,eAAe,GAAGtF,IAAI,CACjC,6DAA6D;AAC/D,CAAC,CAAA;AACM,MAAMuF,YAAY,GAAGvF,IAAI,CAAC,SAAS,CAAC,CAAA;AACpC,MAAMwF,cAAc,GAAGxF,IAAI,CAAC,0BAA0B,CAAC;;;;;;;;;;;;;;;;ACQ9D;AACA,MAAMyF,SAAS,GAAG;AAChBnC,EAAAA,OAAO,EAAE,CAAC;AACVoC,EAAAA,SAAS,EAAE,CAAC;AACZb,EAAAA,IAAI,EAAE,CAAC;AACPc,EAAAA,YAAY,EAAE,CAAC;AACfC,EAAAA,eAAe,EAAE,CAAC;AAAE;AACpBC,EAAAA,UAAU,EAAE,CAAC;AAAE;AACfC,EAAAA,sBAAsB,EAAE,CAAC;AACzBC,EAAAA,OAAO,EAAE,CAAC;AACVC,EAAAA,QAAQ,EAAE,CAAC;AACXC,EAAAA,YAAY,EAAE,EAAE;AAChBC,EAAAA,gBAAgB,EAAE,EAAE;EACpBC,QAAQ,EAAE,EAAE;AACd,CAAC,CAAA;AAED,MAAMC,SAAS,GAAG,SAAZA,SAASA,GAAe;AAC5B,EAAA,OAAO,OAAOC,MAAM,KAAK,WAAW,GAAG,IAAI,GAAGA,MAAM,CAAA;AACtD,CAAC,CAAA;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,yBAAyB,GAAG,SAA5BA,yBAAyBA,CAAaC,YAAY,EAAEC,iBAAiB,EAAE;EAC3E,IACE,OAAOD,YAAY,KAAK,QAAQ,IAChC,OAAOA,YAAY,CAACE,YAAY,KAAK,UAAU,EAC/C;AACA,IAAA,OAAO,IAAI,CAAA;AACb,GAAA;;AAEA;AACA;AACA;EACA,IAAIC,MAAM,GAAG,IAAI,CAAA;EACjB,MAAMC,SAAS,GAAG,uBAAuB,CAAA;EACzC,IAAIH,iBAAiB,IAAIA,iBAAiB,CAACI,YAAY,CAACD,SAAS,CAAC,EAAE;AAClED,IAAAA,MAAM,GAAGF,iBAAiB,CAACK,YAAY,CAACF,SAAS,CAAC,CAAA;AACpD,GAAA;EAEA,MAAMG,UAAU,GAAG,WAAW,IAAIJ,MAAM,GAAG,GAAG,GAAGA,MAAM,GAAG,EAAE,CAAC,CAAA;EAE7D,IAAI;AACF,IAAA,OAAOH,YAAY,CAACE,YAAY,CAACK,UAAU,EAAE;MAC3CC,UAAUA,CAACxC,IAAI,EAAE;AACf,QAAA,OAAOA,IAAI,CAAA;OACZ;MACDyC,eAAeA,CAACC,SAAS,EAAE;AACzB,QAAA,OAAOA,SAAS,CAAA;AAClB,OAAA;AACF,KAAC,CAAC,CAAA;GACH,CAAC,OAAOC,CAAC,EAAE;AACV;AACA;AACA;IACAC,OAAO,CAACC,IAAI,CACV,sBAAsB,GAAGN,UAAU,GAAG,wBACxC,CAAC,CAAA;AACD,IAAA,OAAO,IAAI,CAAA;AACb,GAAA;AACF,CAAC,CAAA;AAED,SAASO,eAAeA,GAAuB;AAAA,EAAA,IAAtBhB,MAAM,GAAA1D,SAAA,CAAAC,MAAA,GAAAD,CAAAA,IAAAA,SAAA,CAAAS,CAAAA,CAAAA,KAAAA,SAAA,GAAAT,SAAA,CAAGyD,CAAAA,CAAAA,GAAAA,SAAS,EAAE,CAAA;AAC3C,EAAA,MAAMkB,SAAS,GAAIC,IAAI,IAAKF,eAAe,CAACE,IAAI,CAAC,CAAA;;AAEjD;AACF;AACA;AACA;EACED,SAAS,CAACE,OAAO,GAAGC,OAAO,CAAA;;AAE3B;AACF;AACA;AACA;EACEH,SAAS,CAACI,OAAO,GAAG,EAAE,CAAA;AAEtB,EAAA,IACE,CAACrB,MAAM,IACP,CAACA,MAAM,CAACL,QAAQ,IAChBK,MAAM,CAACL,QAAQ,CAAC2B,QAAQ,KAAKlC,SAAS,CAACO,QAAQ,EAC/C;AACA;AACA;IACAsB,SAAS,CAACM,WAAW,GAAG,KAAK,CAAA;AAE7B,IAAA,OAAON,SAAS,CAAA;AAClB,GAAA;EAEA,IAAI;AAAEtB,IAAAA,QAAAA;AAAS,GAAC,GAAGK,MAAM,CAAA;EAEzB,MAAMwB,gBAAgB,GAAG7B,QAAQ,CAAA;AACjC,EAAA,MAAM8B,aAAa,GAAGD,gBAAgB,CAACC,aAAa,CAAA;EACpD,MAAM;IACJC,gBAAgB;IAChBC,mBAAmB;IACnBC,IAAI;IACJC,OAAO;IACPC,UAAU;AACVC,IAAAA,YAAY,GAAG/B,MAAM,CAAC+B,YAAY,IAAI/B,MAAM,CAACgC,eAAe;IAC5DC,eAAe;IACfC,SAAS;AACThC,IAAAA,YAAAA;AACF,GAAC,GAAGF,MAAM,CAAA;AAEV,EAAA,MAAMmC,gBAAgB,GAAGN,OAAO,CAACrH,SAAS,CAAA;AAE1C,EAAA,MAAM4H,SAAS,GAAGvE,YAAY,CAACsE,gBAAgB,EAAE,WAAW,CAAC,CAAA;AAC7D,EAAA,MAAME,MAAM,GAAGxE,YAAY,CAACsE,gBAAgB,EAAE,QAAQ,CAAC,CAAA;AACvD,EAAA,MAAMG,cAAc,GAAGzE,YAAY,CAACsE,gBAAgB,EAAE,aAAa,CAAC,CAAA;AACpE,EAAA,MAAMI,aAAa,GAAG1E,YAAY,CAACsE,gBAAgB,EAAE,YAAY,CAAC,CAAA;AAClE,EAAA,MAAMK,aAAa,GAAG3E,YAAY,CAACsE,gBAAgB,EAAE,YAAY,CAAC,CAAA;;AAElE;AACA;AACA;AACA;AACA;AACA;AACA,EAAA,IAAI,OAAOR,mBAAmB,KAAK,UAAU,EAAE;AAC7C,IAAA,MAAMc,QAAQ,GAAG9C,QAAQ,CAAC+C,aAAa,CAAC,UAAU,CAAC,CAAA;IACnD,IAAID,QAAQ,CAACE,OAAO,IAAIF,QAAQ,CAACE,OAAO,CAACC,aAAa,EAAE;AACtDjD,MAAAA,QAAQ,GAAG8C,QAAQ,CAACE,OAAO,CAACC,aAAa,CAAA;AAC3C,KAAA;AACF,GAAA;AAEA,EAAA,IAAIC,kBAAkB,CAAA;EACtB,IAAIC,SAAS,GAAG,EAAE,CAAA;EAElB,MAAM;IACJC,cAAc;IACdC,kBAAkB;IAClBC,sBAAsB;AACtBC,IAAAA,oBAAAA;AACF,GAAC,GAAGvD,QAAQ,CAAA;EACZ,MAAM;AAAEwD,IAAAA,UAAAA;AAAW,GAAC,GAAG3B,gBAAgB,CAAA;EAEvC,IAAI4B,KAAK,GAAG,EAAE,CAAA;;AAEd;AACF;AACA;AACEnC,EAAAA,SAAS,CAACM,WAAW,GACnB,OAAOnI,OAAO,KAAK,UAAU,IAC7B,OAAOoJ,aAAa,KAAK,UAAU,IACnCO,cAAc,IACdA,cAAc,CAACM,kBAAkB,KAAKtG,SAAS,CAAA;EAEjD,MAAM;IACJ2B,aAAa;IACbC,QAAQ;IACRC,WAAW;IACXC,SAAS;IACTC,SAAS;IACTE,iBAAiB;IACjBC,eAAe;AACfE,IAAAA,cAAAA;AACF,GAAC,GAAGmE,WAAW,CAAA;EAEf,IAAI;AAAEvE,oBAAAA,gBAAAA;AAAe,GAAC,GAAGuE,WAAW,CAAA;;AAEpC;AACF;AACA;AACA;;AAEE;EACA,IAAIC,YAAY,GAAG,IAAI,CAAA;AACvB,EAAA,MAAMC,oBAAoB,GAAG7G,QAAQ,CAAC,EAAE,EAAE,CACxC,GAAG8G,MAAS,EACZ,GAAGA,KAAQ,EACX,GAAGA,UAAe,EAClB,GAAGA,QAAW,EACd,GAAGA,IAAS,CACb,CAAC,CAAA;;AAEF;EACA,IAAIC,YAAY,GAAG,IAAI,CAAA;AACvB,EAAA,MAAMC,oBAAoB,GAAGhH,QAAQ,CAAC,EAAE,EAAE,CACxC,GAAGiH,IAAU,EACb,GAAGA,GAAS,EACZ,GAAGA,MAAY,EACf,GAAGA,GAAS,CACb,CAAC,CAAA;;AAEF;AACF;AACA;AACA;AACA;AACA;EACE,IAAIC,uBAAuB,GAAGpK,MAAM,CAACE,IAAI,CACvCC,MAAM,CAAC,IAAI,EAAE;AACXkK,IAAAA,YAAY,EAAE;AACZC,MAAAA,QAAQ,EAAE,IAAI;AACdC,MAAAA,YAAY,EAAE,KAAK;AACnBC,MAAAA,UAAU,EAAE,IAAI;AAChBvG,MAAAA,KAAK,EAAE,IAAA;KACR;AACDwG,IAAAA,kBAAkB,EAAE;AAClBH,MAAAA,QAAQ,EAAE,IAAI;AACdC,MAAAA,YAAY,EAAE,KAAK;AACnBC,MAAAA,UAAU,EAAE,IAAI;AAChBvG,MAAAA,KAAK,EAAE,IAAA;KACR;AACDyG,IAAAA,8BAA8B,EAAE;AAC9BJ,MAAAA,QAAQ,EAAE,IAAI;AACdC,MAAAA,YAAY,EAAE,KAAK;AACnBC,MAAAA,UAAU,EAAE,IAAI;AAChBvG,MAAAA,KAAK,EAAE,KAAA;AACT,KAAA;AACF,GAAC,CACH,CAAC,CAAA;;AAED;EACA,IAAI0G,WAAW,GAAG,IAAI,CAAA;;AAEtB;EACA,IAAIC,WAAW,GAAG,IAAI,CAAA;;AAEtB;EACA,IAAIC,eAAe,GAAG,IAAI,CAAA;;AAE1B;EACA,IAAIC,eAAe,GAAG,IAAI,CAAA;;AAE1B;EACA,IAAIC,uBAAuB,GAAG,KAAK,CAAA;;AAEnC;AACF;EACE,IAAIC,wBAAwB,GAAG,IAAI,CAAA;;AAEnC;AACF;AACA;EACE,IAAIC,kBAAkB,GAAG,KAAK,CAAA;;AAE9B;AACF;AACA;EACE,IAAIC,YAAY,GAAG,IAAI,CAAA;;AAEvB;EACA,IAAIC,cAAc,GAAG,KAAK,CAAA;;AAE1B;EACA,IAAIC,UAAU,GAAG,KAAK,CAAA;;AAEtB;AACF;EACE,IAAIC,UAAU,GAAG,KAAK,CAAA;;AAEtB;AACF;AACA;AACA;EACE,IAAIC,UAAU,GAAG,KAAK,CAAA;;AAEtB;AACF;EACE,IAAIC,mBAAmB,GAAG,KAAK,CAAA;;AAE/B;AACF;EACE,IAAIC,mBAAmB,GAAG,KAAK,CAAA;;AAE/B;AACF;AACA;EACE,IAAIC,YAAY,GAAG,IAAI,CAAA;;AAEvB;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,IAAIC,oBAAoB,GAAG,KAAK,CAAA;EAChC,MAAMC,2BAA2B,GAAG,eAAe,CAAA;;AAEnD;EACA,IAAIC,YAAY,GAAG,IAAI,CAAA;;AAEvB;AACF;EACE,IAAIC,QAAQ,GAAG,KAAK,CAAA;;AAEpB;EACA,IAAIC,YAAY,GAAG,EAAE,CAAA;;AAErB;EACA,IAAIC,eAAe,GAAG,IAAI,CAAA;EAC1B,MAAMC,uBAAuB,GAAG9I,QAAQ,CAAC,EAAE,EAAE,CAC3C,gBAAgB,EAChB,OAAO,EACP,UAAU,EACV,MAAM,EACN,eAAe,EACf,MAAM,EACN,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,OAAO,EACP,SAAS,EACT,UAAU,EACV,UAAU,EACV,WAAW,EACX,QAAQ,EACR,OAAO,EACP,KAAK,EACL,UAAU,EACV,OAAO,EACP,OAAO,EACP,OAAO,EACP,KAAK,CACN,CAAC,CAAA;;AAEF;EACA,IAAI+I,aAAa,GAAG,IAAI,CAAA;EACxB,MAAMC,qBAAqB,GAAGhJ,QAAQ,CAAC,EAAE,EAAE,CACzC,OAAO,EACP,OAAO,EACP,KAAK,EACL,QAAQ,EACR,OAAO,EACP,OAAO,CACR,CAAC,CAAA;;AAEF;EACA,IAAIiJ,mBAAmB,GAAG,IAAI,CAAA;AAC9B,EAAA,MAAMC,2BAA2B,GAAGlJ,QAAQ,CAAC,EAAE,EAAE,CAC/C,KAAK,EACL,OAAO,EACP,KAAK,EACL,IAAI,EACJ,OAAO,EACP,MAAM,EACN,SAAS,EACT,aAAa,EACb,MAAM,EACN,SAAS,EACT,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR,CAAC,CAAA;EAEF,MAAMmJ,gBAAgB,GAAG,oCAAoC,CAAA;EAC7D,MAAMC,aAAa,GAAG,4BAA4B,CAAA;EAClD,MAAMC,cAAc,GAAG,8BAA8B,CAAA;AACrD;EACA,IAAIC,SAAS,GAAGD,cAAc,CAAA;EAC9B,IAAIE,cAAc,GAAG,KAAK,CAAA;;AAE1B;EACA,IAAIC,kBAAkB,GAAG,IAAI,CAAA;AAC7B,EAAA,MAAMC,0BAA0B,GAAGzJ,QAAQ,CACzC,EAAE,EACF,CAACmJ,gBAAgB,EAAEC,aAAa,EAAEC,cAAc,CAAC,EACjD/K,cACF,CAAC,CAAA;AAED,EAAA,IAAIoL,8BAA8B,GAAG1J,QAAQ,CAAC,EAAE,EAAE,CAChD,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,OAAO,CACR,CAAC,CAAA;EAEF,IAAI2J,uBAAuB,GAAG3J,QAAQ,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAA;;AAE9D;AACA;AACA;AACA;AACA,EAAA,MAAM4J,4BAA4B,GAAG5J,QAAQ,CAAC,EAAE,EAAE,CAChD,OAAO,EACP,OAAO,EACP,MAAM,EACN,GAAG,EACH,QAAQ,CACT,CAAC,CAAA;;AAEF;EACA,IAAI6J,iBAAiB,GAAG,IAAI,CAAA;AAC5B,EAAA,MAAMC,4BAA4B,GAAG,CAAC,uBAAuB,EAAE,WAAW,CAAC,CAAA;EAC3E,MAAMC,yBAAyB,GAAG,WAAW,CAAA;EAC7C,IAAI5J,iBAAiB,GAAG,IAAI,CAAA;;AAE5B;EACA,IAAI6J,MAAM,GAAG,IAAI,CAAA;;AAEjB;AACA;;AAEA,EAAA,MAAMC,WAAW,GAAGjH,QAAQ,CAAC+C,aAAa,CAAC,MAAM,CAAC,CAAA;AAElD,EAAA,MAAMmE,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAaC,SAAS,EAAE;AAC7C,IAAA,OAAOA,SAAS,YAAYhL,MAAM,IAAIgL,SAAS,YAAYC,QAAQ,CAAA;GACpE,CAAA;;AAED;AACF;AACA;AACA;AACA;AACE;AACA,EAAA,MAAMC,YAAY,GAAG,SAAfA,YAAYA,GAAuB;AAAA,IAAA,IAAVC,GAAG,GAAA3K,SAAA,CAAAC,MAAA,GAAA,CAAA,IAAAD,SAAA,CAAA,CAAA,CAAA,KAAAS,SAAA,GAAAT,SAAA,CAAA,CAAA,CAAA,GAAG,EAAE,CAAA;AACrC,IAAA,IAAIqK,MAAM,IAAIA,MAAM,KAAKM,GAAG,EAAE;AAC5B,MAAA,OAAA;AACF,KAAA;;AAEA;AACA,IAAA,IAAI,CAACA,GAAG,IAAI,OAAOA,GAAG,KAAK,QAAQ,EAAE;MACnCA,GAAG,GAAG,EAAE,CAAA;AACV,KAAA;;AAEA;AACAA,IAAAA,GAAG,GAAG3J,KAAK,CAAC2J,GAAG,CAAC,CAAA;IAEhBT,iBAAiB;AACf;AACAC,IAAAA,4BAA4B,CAACjL,OAAO,CAACyL,GAAG,CAACT,iBAAiB,CAAC,KAAK,CAAC,CAAC,GAC9DE,yBAAyB,GACzBO,GAAG,CAACT,iBAAiB,CAAA;;AAE3B;AACA1J,IAAAA,iBAAiB,GACf0J,iBAAiB,KAAK,uBAAuB,GACzCvL,cAAc,GACdH,iBAAiB,CAAA;;AAEvB;IACAyI,YAAY,GAAG5H,oBAAoB,CAACsL,GAAG,EAAE,cAAc,CAAC,GACpDtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAAC1D,YAAY,EAAEzG,iBAAiB,CAAC,GACjD0G,oBAAoB,CAAA;IACxBE,YAAY,GAAG/H,oBAAoB,CAACsL,GAAG,EAAE,cAAc,CAAC,GACpDtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAACvD,YAAY,EAAE5G,iBAAiB,CAAC,GACjD6G,oBAAoB,CAAA;IACxBwC,kBAAkB,GAAGxK,oBAAoB,CAACsL,GAAG,EAAE,oBAAoB,CAAC,GAChEtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAACd,kBAAkB,EAAElL,cAAc,CAAC,GACpDmL,0BAA0B,CAAA;AAC9BR,IAAAA,mBAAmB,GAAGjK,oBAAoB,CAACsL,GAAG,EAAE,mBAAmB,CAAC,GAChEtK,QAAQ,CACNW,KAAK,CAACuI,2BAA2B,CAAC;AAAE;AACpCoB,IAAAA,GAAG,CAACC,iBAAiB;AAAE;AACvBpK,IAAAA,iBAAiB;AACnB,KAAC;AAAC,MACF+I,2BAA2B,CAAA;AAC/BH,IAAAA,aAAa,GAAG/J,oBAAoB,CAACsL,GAAG,EAAE,mBAAmB,CAAC,GAC1DtK,QAAQ,CACNW,KAAK,CAACqI,qBAAqB,CAAC;AAAE;AAC9BsB,IAAAA,GAAG,CAACE,iBAAiB;AAAE;AACvBrK,IAAAA,iBAAiB;AACnB,KAAC;AAAC,MACF6I,qBAAqB,CAAA;IACzBH,eAAe,GAAG7J,oBAAoB,CAACsL,GAAG,EAAE,iBAAiB,CAAC,GAC1DtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAACzB,eAAe,EAAE1I,iBAAiB,CAAC,GACpD2I,uBAAuB,CAAA;IAC3BrB,WAAW,GAAGzI,oBAAoB,CAACsL,GAAG,EAAE,aAAa,CAAC,GAClDtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAAC7C,WAAW,EAAEtH,iBAAiB,CAAC,GAChD,EAAE,CAAA;IACNuH,WAAW,GAAG1I,oBAAoB,CAACsL,GAAG,EAAE,aAAa,CAAC,GAClDtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAAC5C,WAAW,EAAEvH,iBAAiB,CAAC,GAChD,EAAE,CAAA;AACNyI,IAAAA,YAAY,GAAG5J,oBAAoB,CAACsL,GAAG,EAAE,cAAc,CAAC,GACpDA,GAAG,CAAC1B,YAAY,GAChB,KAAK,CAAA;AACTjB,IAAAA,eAAe,GAAG2C,GAAG,CAAC3C,eAAe,KAAK,KAAK,CAAC;AAChDC,IAAAA,eAAe,GAAG0C,GAAG,CAAC1C,eAAe,KAAK,KAAK,CAAC;AAChDC,IAAAA,uBAAuB,GAAGyC,GAAG,CAACzC,uBAAuB,IAAI,KAAK,CAAC;AAC/DC,IAAAA,wBAAwB,GAAGwC,GAAG,CAACxC,wBAAwB,KAAK,KAAK,CAAC;AAClEC,IAAAA,kBAAkB,GAAGuC,GAAG,CAACvC,kBAAkB,IAAI,KAAK,CAAC;AACrDC,IAAAA,YAAY,GAAGsC,GAAG,CAACtC,YAAY,KAAK,KAAK,CAAC;AAC1CC,IAAAA,cAAc,GAAGqC,GAAG,CAACrC,cAAc,IAAI,KAAK,CAAC;AAC7CG,IAAAA,UAAU,GAAGkC,GAAG,CAAClC,UAAU,IAAI,KAAK,CAAC;AACrCC,IAAAA,mBAAmB,GAAGiC,GAAG,CAACjC,mBAAmB,IAAI,KAAK,CAAC;AACvDC,IAAAA,mBAAmB,GAAGgC,GAAG,CAAChC,mBAAmB,IAAI,KAAK,CAAC;AACvDH,IAAAA,UAAU,GAAGmC,GAAG,CAACnC,UAAU,IAAI,KAAK,CAAC;AACrCI,IAAAA,YAAY,GAAG+B,GAAG,CAAC/B,YAAY,KAAK,KAAK,CAAC;AAC1CC,IAAAA,oBAAoB,GAAG8B,GAAG,CAAC9B,oBAAoB,IAAI,KAAK,CAAC;AACzDE,IAAAA,YAAY,GAAG4B,GAAG,CAAC5B,YAAY,KAAK,KAAK,CAAC;AAC1CC,IAAAA,QAAQ,GAAG2B,GAAG,CAAC3B,QAAQ,IAAI,KAAK,CAAC;AACjCvG,IAAAA,gBAAc,GAAGkI,GAAG,CAACG,kBAAkB,IAAI9D,cAA0B,CAAA;AACrE2C,IAAAA,SAAS,GAAGgB,GAAG,CAAChB,SAAS,IAAID,cAAc,CAAA;AAC3CK,IAAAA,8BAA8B,GAC5BY,GAAG,CAACZ,8BAA8B,IAAIA,8BAA8B,CAAA;AACtEC,IAAAA,uBAAuB,GACrBW,GAAG,CAACX,uBAAuB,IAAIA,uBAAuB,CAAA;AAExDzC,IAAAA,uBAAuB,GAAGoD,GAAG,CAACpD,uBAAuB,IAAI,EAAE,CAAA;AAC3D,IAAA,IACEoD,GAAG,CAACpD,uBAAuB,IAC3BgD,iBAAiB,CAACI,GAAG,CAACpD,uBAAuB,CAACC,YAAY,CAAC,EAC3D;AACAD,MAAAA,uBAAuB,CAACC,YAAY,GAClCmD,GAAG,CAACpD,uBAAuB,CAACC,YAAY,CAAA;AAC5C,KAAA;AAEA,IAAA,IACEmD,GAAG,CAACpD,uBAAuB,IAC3BgD,iBAAiB,CAACI,GAAG,CAACpD,uBAAuB,CAACK,kBAAkB,CAAC,EACjE;AACAL,MAAAA,uBAAuB,CAACK,kBAAkB,GACxC+C,GAAG,CAACpD,uBAAuB,CAACK,kBAAkB,CAAA;AAClD,KAAA;AAEA,IAAA,IACE+C,GAAG,CAACpD,uBAAuB,IAC3B,OAAOoD,GAAG,CAACpD,uBAAuB,CAACM,8BAA8B,KAC/D,SAAS,EACX;AACAN,MAAAA,uBAAuB,CAACM,8BAA8B,GACpD8C,GAAG,CAACpD,uBAAuB,CAACM,8BAA8B,CAAA;AAC9D,KAAA;AAEA,IAAA,IAAIO,kBAAkB,EAAE;AACtBH,MAAAA,eAAe,GAAG,KAAK,CAAA;AACzB,KAAA;AAEA,IAAA,IAAIS,mBAAmB,EAAE;AACvBD,MAAAA,UAAU,GAAG,IAAI,CAAA;AACnB,KAAA;;AAEA;AACA,IAAA,IAAIQ,YAAY,EAAE;MAChBhC,YAAY,GAAG5G,QAAQ,CAAC,EAAE,EAAE8G,IAAS,CAAC,CAAA;AACtCC,MAAAA,YAAY,GAAG,EAAE,CAAA;AACjB,MAAA,IAAI6B,YAAY,CAACrH,IAAI,KAAK,IAAI,EAAE;AAC9BvB,QAAAA,QAAQ,CAAC4G,YAAY,EAAEE,MAAS,CAAC,CAAA;AACjC9G,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,IAAU,CAAC,CAAA;AACpC,OAAA;AAEA,MAAA,IAAI2B,YAAY,CAACpH,GAAG,KAAK,IAAI,EAAE;AAC7BxB,QAAAA,QAAQ,CAAC4G,YAAY,EAAEE,KAAQ,CAAC,CAAA;AAChC9G,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;AACjCjH,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;AACnC,OAAA;AAEA,MAAA,IAAI2B,YAAY,CAACnH,UAAU,KAAK,IAAI,EAAE;AACpCzB,QAAAA,QAAQ,CAAC4G,YAAY,EAAEE,UAAe,CAAC,CAAA;AACvC9G,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;AACjCjH,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;AACnC,OAAA;AAEA,MAAA,IAAI2B,YAAY,CAACjH,MAAM,KAAK,IAAI,EAAE;AAChC3B,QAAAA,QAAQ,CAAC4G,YAAY,EAAEE,QAAW,CAAC,CAAA;AACnC9G,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,MAAY,CAAC,CAAA;AACpCjH,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;AACnC,OAAA;AACF,KAAA;;AAEA;IACA,IAAIqD,GAAG,CAACI,QAAQ,EAAE;MAChB,IAAI9D,YAAY,KAAKC,oBAAoB,EAAE;AACzCD,QAAAA,YAAY,GAAGjG,KAAK,CAACiG,YAAY,CAAC,CAAA;AACpC,OAAA;MAEA5G,QAAQ,CAAC4G,YAAY,EAAE0D,GAAG,CAACI,QAAQ,EAAEvK,iBAAiB,CAAC,CAAA;AACzD,KAAA;IAEA,IAAImK,GAAG,CAACK,QAAQ,EAAE;MAChB,IAAI5D,YAAY,KAAKC,oBAAoB,EAAE;AACzCD,QAAAA,YAAY,GAAGpG,KAAK,CAACoG,YAAY,CAAC,CAAA;AACpC,OAAA;MAEA/G,QAAQ,CAAC+G,YAAY,EAAEuD,GAAG,CAACK,QAAQ,EAAExK,iBAAiB,CAAC,CAAA;AACzD,KAAA;IAEA,IAAImK,GAAG,CAACC,iBAAiB,EAAE;MACzBvK,QAAQ,CAACiJ,mBAAmB,EAAEqB,GAAG,CAACC,iBAAiB,EAAEpK,iBAAiB,CAAC,CAAA;AACzE,KAAA;IAEA,IAAImK,GAAG,CAACzB,eAAe,EAAE;MACvB,IAAIA,eAAe,KAAKC,uBAAuB,EAAE;AAC/CD,QAAAA,eAAe,GAAGlI,KAAK,CAACkI,eAAe,CAAC,CAAA;AAC1C,OAAA;MAEA7I,QAAQ,CAAC6I,eAAe,EAAEyB,GAAG,CAACzB,eAAe,EAAE1I,iBAAiB,CAAC,CAAA;AACnE,KAAA;;AAEA;AACA,IAAA,IAAIuI,YAAY,EAAE;AAChB9B,MAAAA,YAAY,CAAC,OAAO,CAAC,GAAG,IAAI,CAAA;AAC9B,KAAA;;AAEA;AACA,IAAA,IAAIqB,cAAc,EAAE;MAClBjI,QAAQ,CAAC4G,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;AAClD,KAAA;;AAEA;IACA,IAAIA,YAAY,CAACgE,KAAK,EAAE;AACtB5K,MAAAA,QAAQ,CAAC4G,YAAY,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;MACjC,OAAOa,WAAW,CAACoD,KAAK,CAAA;AAC1B,KAAA;IAEA,IAAIP,GAAG,CAACQ,oBAAoB,EAAE;MAC5B,IAAI,OAAOR,GAAG,CAACQ,oBAAoB,CAAC/G,UAAU,KAAK,UAAU,EAAE;QAC7D,MAAM1E,eAAe,CACnB,6EACF,CAAC,CAAA;AACH,OAAA;MAEA,IAAI,OAAOiL,GAAG,CAACQ,oBAAoB,CAAC9G,eAAe,KAAK,UAAU,EAAE;QAClE,MAAM3E,eAAe,CACnB,kFACF,CAAC,CAAA;AACH,OAAA;;AAEA;MACA6G,kBAAkB,GAAGoE,GAAG,CAACQ,oBAAoB,CAAA;;AAE7C;AACA3E,MAAAA,SAAS,GAAGD,kBAAkB,CAACnC,UAAU,CAAC,EAAE,CAAC,CAAA;AAC/C,KAAC,MAAM;AACL;MACA,IAAImC,kBAAkB,KAAK9F,SAAS,EAAE;AACpC8F,QAAAA,kBAAkB,GAAG5C,yBAAyB,CAC5CC,YAAY,EACZuB,aACF,CAAC,CAAA;AACH,OAAA;;AAEA;MACA,IAAIoB,kBAAkB,KAAK,IAAI,IAAI,OAAOC,SAAS,KAAK,QAAQ,EAAE;AAChEA,QAAAA,SAAS,GAAGD,kBAAkB,CAACnC,UAAU,CAAC,EAAE,CAAC,CAAA;AAC/C,OAAA;AACF,KAAA;;AAEA;AACA;AACA,IAAA,IAAIhH,MAAM,EAAE;MACVA,MAAM,CAACuN,GAAG,CAAC,CAAA;AACb,KAAA;AAEAN,IAAAA,MAAM,GAAGM,GAAG,CAAA;GACb,CAAA;;AAED;AACF;AACA;EACE,MAAMS,YAAY,GAAG/K,QAAQ,CAAC,EAAE,EAAE,CAChC,GAAG8G,KAAQ,EACX,GAAGA,UAAe,EAClB,GAAGA,aAAkB,CACtB,CAAC,CAAA;AACF,EAAA,MAAMkE,eAAe,GAAGhL,QAAQ,CAAC,EAAE,EAAE,CACnC,GAAG8G,QAAW,EACd,GAAGA,gBAAqB,CACzB,CAAC,CAAA;;AAEF;AACF;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMmE,oBAAoB,GAAG,SAAvBA,oBAAoBA,CAAa3K,OAAO,EAAE;AAC9C,IAAA,IAAI4K,MAAM,GAAGrF,aAAa,CAACvF,OAAO,CAAC,CAAA;;AAEnC;AACA;AACA,IAAA,IAAI,CAAC4K,MAAM,IAAI,CAACA,MAAM,CAACC,OAAO,EAAE;AAC9BD,MAAAA,MAAM,GAAG;AACPE,QAAAA,YAAY,EAAE9B,SAAS;AACvB6B,QAAAA,OAAO,EAAE,UAAA;OACV,CAAA;AACH,KAAA;AAEA,IAAA,MAAMA,OAAO,GAAGhN,iBAAiB,CAACmC,OAAO,CAAC6K,OAAO,CAAC,CAAA;AAClD,IAAA,MAAME,aAAa,GAAGlN,iBAAiB,CAAC+M,MAAM,CAACC,OAAO,CAAC,CAAA;AAEvD,IAAA,IAAI,CAAC3B,kBAAkB,CAAClJ,OAAO,CAAC8K,YAAY,CAAC,EAAE;AAC7C,MAAA,OAAO,KAAK,CAAA;AACd,KAAA;AAEA,IAAA,IAAI9K,OAAO,CAAC8K,YAAY,KAAKhC,aAAa,EAAE;AAC1C;AACA;AACA;AACA,MAAA,IAAI8B,MAAM,CAACE,YAAY,KAAK/B,cAAc,EAAE;QAC1C,OAAO8B,OAAO,KAAK,KAAK,CAAA;AAC1B,OAAA;;AAEA;AACA;AACA;AACA,MAAA,IAAID,MAAM,CAACE,YAAY,KAAKjC,gBAAgB,EAAE;AAC5C,QAAA,OACEgC,OAAO,KAAK,KAAK,KAChBE,aAAa,KAAK,gBAAgB,IACjC3B,8BAA8B,CAAC2B,aAAa,CAAC,CAAC,CAAA;AAEpD,OAAA;;AAEA;AACA;AACA,MAAA,OAAOC,OAAO,CAACP,YAAY,CAACI,OAAO,CAAC,CAAC,CAAA;AACvC,KAAA;AAEA,IAAA,IAAI7K,OAAO,CAAC8K,YAAY,KAAKjC,gBAAgB,EAAE;AAC7C;AACA;AACA;AACA,MAAA,IAAI+B,MAAM,CAACE,YAAY,KAAK/B,cAAc,EAAE;QAC1C,OAAO8B,OAAO,KAAK,MAAM,CAAA;AAC3B,OAAA;;AAEA;AACA;AACA,MAAA,IAAID,MAAM,CAACE,YAAY,KAAKhC,aAAa,EAAE;AACzC,QAAA,OAAO+B,OAAO,KAAK,MAAM,IAAIxB,uBAAuB,CAAC0B,aAAa,CAAC,CAAA;AACrE,OAAA;;AAEA;AACA;AACA,MAAA,OAAOC,OAAO,CAACN,eAAe,CAACG,OAAO,CAAC,CAAC,CAAA;AAC1C,KAAA;AAEA,IAAA,IAAI7K,OAAO,CAAC8K,YAAY,KAAK/B,cAAc,EAAE;AAC3C;AACA;AACA;MACA,IACE6B,MAAM,CAACE,YAAY,KAAKhC,aAAa,IACrC,CAACO,uBAAuB,CAAC0B,aAAa,CAAC,EACvC;AACA,QAAA,OAAO,KAAK,CAAA;AACd,OAAA;MAEA,IACEH,MAAM,CAACE,YAAY,KAAKjC,gBAAgB,IACxC,CAACO,8BAA8B,CAAC2B,aAAa,CAAC,EAC9C;AACA,QAAA,OAAO,KAAK,CAAA;AACd,OAAA;;AAEA;AACA;AACA,MAAA,OACE,CAACL,eAAe,CAACG,OAAO,CAAC,KACxBvB,4BAA4B,CAACuB,OAAO,CAAC,IAAI,CAACJ,YAAY,CAACI,OAAO,CAAC,CAAC,CAAA;AAErE,KAAA;;AAEA;IACA,IACEtB,iBAAiB,KAAK,uBAAuB,IAC7CL,kBAAkB,CAAClJ,OAAO,CAAC8K,YAAY,CAAC,EACxC;AACA,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;AACA;AACA;AACA;AACA,IAAA,OAAO,KAAK,CAAA;GACb,CAAA;;AAED;AACF;AACA;AACA;AACA;AACE,EAAA,MAAMG,YAAY,GAAG,SAAfA,YAAYA,CAAaC,IAAI,EAAE;AACnCvN,IAAAA,SAAS,CAACqG,SAAS,CAACI,OAAO,EAAE;AAAEpE,MAAAA,OAAO,EAAEkL,IAAAA;AAAK,KAAC,CAAC,CAAA;IAE/C,IAAI;AACF;AACA3F,MAAAA,aAAa,CAAC2F,IAAI,CAAC,CAACC,WAAW,CAACD,IAAI,CAAC,CAAA;KACtC,CAAC,OAAOtH,CAAC,EAAE;MACVwB,MAAM,CAAC8F,IAAI,CAAC,CAAA;AACd,KAAA;GACD,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;EACE,MAAME,gBAAgB,GAAG,SAAnBA,gBAAgBA,CAAaC,IAAI,EAAEH,IAAI,EAAE;IAC7C,IAAI;AACFvN,MAAAA,SAAS,CAACqG,SAAS,CAACI,OAAO,EAAE;AAC3BhC,QAAAA,SAAS,EAAE8I,IAAI,CAACI,gBAAgB,CAACD,IAAI,CAAC;AACtCE,QAAAA,IAAI,EAAEL,IAAAA;AACR,OAAC,CAAC,CAAA;KACH,CAAC,OAAOtH,CAAC,EAAE;AACVjG,MAAAA,SAAS,CAACqG,SAAS,CAACI,OAAO,EAAE;AAC3BhC,QAAAA,SAAS,EAAE,IAAI;AACfmJ,QAAAA,IAAI,EAAEL,IAAAA;AACR,OAAC,CAAC,CAAA;AACJ,KAAA;AAEAA,IAAAA,IAAI,CAACM,eAAe,CAACH,IAAI,CAAC,CAAA;;AAE1B;IACA,IAAIA,IAAI,KAAK,IAAI,IAAI,CAAC5E,YAAY,CAAC4E,IAAI,CAAC,EAAE;MACxC,IAAIvD,UAAU,IAAIC,mBAAmB,EAAE;QACrC,IAAI;UACFkD,YAAY,CAACC,IAAI,CAAC,CAAA;AACpB,SAAC,CAAC,OAAOtH,CAAC,EAAE,EAAC;AACf,OAAC,MAAM;QACL,IAAI;AACFsH,UAAAA,IAAI,CAACO,YAAY,CAACJ,IAAI,EAAE,EAAE,CAAC,CAAA;AAC7B,SAAC,CAAC,OAAOzH,CAAC,EAAE,EAAC;AACf,OAAA;AACF,KAAA;GACD,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACE,EAAA,MAAM8H,aAAa,GAAG,SAAhBA,aAAaA,CAAaC,KAAK,EAAE;AACrC;IACA,IAAIC,GAAG,GAAG,IAAI,CAAA;IACd,IAAIC,iBAAiB,GAAG,IAAI,CAAA;AAE5B,IAAA,IAAIhE,UAAU,EAAE;MACd8D,KAAK,GAAG,mBAAmB,GAAGA,KAAK,CAAA;AACrC,KAAC,MAAM;AACL;AACA,MAAA,MAAMG,OAAO,GAAG5N,WAAW,CAACyN,KAAK,EAAE,aAAa,CAAC,CAAA;AACjDE,MAAAA,iBAAiB,GAAGC,OAAO,IAAIA,OAAO,CAAC,CAAC,CAAC,CAAA;AAC3C,KAAA;AAEA,IAAA,IACEvC,iBAAiB,KAAK,uBAAuB,IAC7CP,SAAS,KAAKD,cAAc,EAC5B;AACA;AACA4C,MAAAA,KAAK,GACH,gEAAgE,GAChEA,KAAK,GACL,gBAAgB,CAAA;AACpB,KAAA;IAEA,MAAMI,YAAY,GAAGnG,kBAAkB,GACnCA,kBAAkB,CAACnC,UAAU,CAACkI,KAAK,CAAC,GACpCA,KAAK,CAAA;AACT;AACJ;AACA;AACA;IACI,IAAI3C,SAAS,KAAKD,cAAc,EAAE;MAChC,IAAI;QACF6C,GAAG,GAAG,IAAI3G,SAAS,EAAE,CAAC+G,eAAe,CAACD,YAAY,EAAExC,iBAAiB,CAAC,CAAA;AACxE,OAAC,CAAC,OAAO3F,CAAC,EAAE,EAAC;AACf,KAAA;;AAEA;AACA,IAAA,IAAI,CAACgI,GAAG,IAAI,CAACA,GAAG,CAACK,eAAe,EAAE;MAChCL,GAAG,GAAG9F,cAAc,CAACoG,cAAc,CAAClD,SAAS,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;MAChE,IAAI;QACF4C,GAAG,CAACK,eAAe,CAACE,SAAS,GAAGlD,cAAc,GAC1CpD,SAAS,GACTkG,YAAY,CAAA;OACjB,CAAC,OAAOnI,CAAC,EAAE;AACV;AAAA,OAAA;AAEJ,KAAA;IAEA,MAAMwI,IAAI,GAAGR,GAAG,CAACQ,IAAI,IAAIR,GAAG,CAACK,eAAe,CAAA;IAE5C,IAAIN,KAAK,IAAIE,iBAAiB,EAAE;AAC9BO,MAAAA,IAAI,CAACC,YAAY,CACf3J,QAAQ,CAAC4J,cAAc,CAACT,iBAAiB,CAAC,EAC1CO,IAAI,CAACG,UAAU,CAAC,CAAC,CAAC,IAAI,IACxB,CAAC,CAAA;AACH,KAAA;;AAEA;IACA,IAAIvD,SAAS,KAAKD,cAAc,EAAE;AAChC,MAAA,OAAO9C,oBAAoB,CAACuG,IAAI,CAC9BZ,GAAG,EACHjE,cAAc,GAAG,MAAM,GAAG,MAC5B,CAAC,CAAC,CAAC,CAAC,CAAA;AACN,KAAA;AAEA,IAAA,OAAOA,cAAc,GAAGiE,GAAG,CAACK,eAAe,GAAGG,IAAI,CAAA;GACnD,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMK,mBAAmB,GAAG,SAAtBA,mBAAmBA,CAAaxI,IAAI,EAAE;IAC1C,OAAO8B,kBAAkB,CAACyG,IAAI,CAC5BvI,IAAI,CAAC0B,aAAa,IAAI1B,IAAI,EAC1BA,IAAI;AACJ;IACAY,UAAU,CAAC6H,YAAY,GACrB7H,UAAU,CAAC8H,YAAY,GACvB9H,UAAU,CAAC+H,SAAS,GACpB/H,UAAU,CAACgI,2BAA2B,GACtChI,UAAU,CAACiI,kBAAkB,EAC/B,IACF,CAAC,CAAA;GACF,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMC,YAAY,GAAG,SAAfA,YAAYA,CAAaC,GAAG,EAAE;AAClC,IAAA,OACEA,GAAG,YAAYhI,eAAe,KAC7B,OAAOgI,GAAG,CAACC,QAAQ,KAAK,QAAQ,IAC/B,OAAOD,GAAG,CAACE,WAAW,KAAK,QAAQ,IACnC,OAAOF,GAAG,CAAC7B,WAAW,KAAK,UAAU,IACrC,EAAE6B,GAAG,CAACG,UAAU,YAAYrI,YAAY,CAAC,IACzC,OAAOkI,GAAG,CAACxB,eAAe,KAAK,UAAU,IACzC,OAAOwB,GAAG,CAACvB,YAAY,KAAK,UAAU,IACtC,OAAOuB,GAAG,CAAClC,YAAY,KAAK,QAAQ,IACpC,OAAOkC,GAAG,CAACX,YAAY,KAAK,UAAU,IACtC,OAAOW,GAAG,CAACI,aAAa,KAAK,UAAU,CAAC,CAAA;GAE7C,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMC,OAAO,GAAG,SAAVA,OAAOA,CAAa/M,MAAM,EAAE;AAChC,IAAA,OAAO,OAAOqE,IAAI,KAAK,UAAU,IAAIrE,MAAM,YAAYqE,IAAI,CAAA;GAC5D,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAM2I,YAAY,GAAG,SAAfA,YAAYA,CAAaC,UAAU,EAAEC,WAAW,EAAEC,IAAI,EAAE;AAC5D,IAAA,IAAI,CAACtH,KAAK,CAACoH,UAAU,CAAC,EAAE;AACtB,MAAA,OAAA;AACF,KAAA;AAEAnQ,IAAAA,YAAY,CAAC+I,KAAK,CAACoH,UAAU,CAAC,EAAGG,IAAI,IAAK;MACxCA,IAAI,CAAClB,IAAI,CAACxI,SAAS,EAAEwJ,WAAW,EAAEC,IAAI,EAAE/D,MAAM,CAAC,CAAA;AACjD,KAAC,CAAC,CAAA;GACH,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMiE,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAaH,WAAW,EAAE;IAC/C,IAAI9H,OAAO,GAAG,IAAI,CAAA;;AAElB;AACA4H,IAAAA,YAAY,CAAC,wBAAwB,EAAEE,WAAW,EAAE,IAAI,CAAC,CAAA;;AAEzD;AACA,IAAA,IAAIT,YAAY,CAACS,WAAW,CAAC,EAAE;MAC7BvC,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;AACA,IAAA,MAAM3C,OAAO,GAAGhL,iBAAiB,CAAC2N,WAAW,CAACP,QAAQ,CAAC,CAAA;;AAEvD;AACAK,IAAAA,YAAY,CAAC,qBAAqB,EAAEE,WAAW,EAAE;MAC/C3C,OAAO;AACP+C,MAAAA,WAAW,EAAEtH,YAAAA;AACf,KAAC,CAAC,CAAA;;AAEF;AACA,IAAA,IACEkH,WAAW,CAACJ,aAAa,EAAE,IAC3B,CAACC,OAAO,CAACG,WAAW,CAACK,iBAAiB,CAAC,IACvCjP,UAAU,CAAC,SAAS,EAAE4O,WAAW,CAACrB,SAAS,CAAC,IAC5CvN,UAAU,CAAC,SAAS,EAAE4O,WAAW,CAACN,WAAW,CAAC,EAC9C;MACAjC,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;AACA,IAAA,IAAIA,WAAW,CAACnJ,QAAQ,KAAKlC,SAAS,CAACK,sBAAsB,EAAE;MAC7DyI,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;AACA,IAAA,IACE9F,YAAY,IACZ8F,WAAW,CAACnJ,QAAQ,KAAKlC,SAAS,CAACM,OAAO,IAC1C7D,UAAU,CAAC,SAAS,EAAE4O,WAAW,CAACC,IAAI,CAAC,EACvC;MACAxC,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;IACA,IAAI,CAAClH,YAAY,CAACuE,OAAO,CAAC,IAAI1D,WAAW,CAAC0D,OAAO,CAAC,EAAE;AAClD;MACA,IAAI,CAAC1D,WAAW,CAAC0D,OAAO,CAAC,IAAIiD,qBAAqB,CAACjD,OAAO,CAAC,EAAE;AAC3D,QAAA,IACEjE,uBAAuB,CAACC,YAAY,YAAYhI,MAAM,IACtDD,UAAU,CAACgI,uBAAuB,CAACC,YAAY,EAAEgE,OAAO,CAAC,EACzD;AACA,UAAA,OAAO,KAAK,CAAA;AACd,SAAA;AAEA,QAAA,IACEjE,uBAAuB,CAACC,YAAY,YAAYiD,QAAQ,IACxDlD,uBAAuB,CAACC,YAAY,CAACgE,OAAO,CAAC,EAC7C;AACA,UAAA,OAAO,KAAK,CAAA;AACd,SAAA;AACF,OAAA;;AAEA;AACA,MAAA,IAAIzC,YAAY,IAAI,CAACG,eAAe,CAACsC,OAAO,CAAC,EAAE;QAC7C,MAAMkD,UAAU,GAAGxI,aAAa,CAACiI,WAAW,CAAC,IAAIA,WAAW,CAACO,UAAU,CAAA;QACvE,MAAMxB,UAAU,GAAGjH,aAAa,CAACkI,WAAW,CAAC,IAAIA,WAAW,CAACjB,UAAU,CAAA;QAEvE,IAAIA,UAAU,IAAIwB,UAAU,EAAE;AAC5B,UAAA,MAAMC,UAAU,GAAGzB,UAAU,CAACjN,MAAM,CAAA;AAEpC,UAAA,KAAK,IAAI2O,CAAC,GAAGD,UAAU,GAAG,CAAC,EAAEC,CAAC,IAAI,CAAC,EAAE,EAAEA,CAAC,EAAE;YACxC,MAAMC,UAAU,GAAG/I,SAAS,CAACoH,UAAU,CAAC0B,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;YACjDC,UAAU,CAACC,cAAc,GAAG,CAACX,WAAW,CAACW,cAAc,IAAI,CAAC,IAAI,CAAC,CAAA;YACjEJ,UAAU,CAAC1B,YAAY,CAAC6B,UAAU,EAAE7I,cAAc,CAACmI,WAAW,CAAC,CAAC,CAAA;AAClE,WAAA;AACF,SAAA;AACF,OAAA;MAEAvC,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;IACA,IAAIA,WAAW,YAAY5I,OAAO,IAAI,CAAC+F,oBAAoB,CAAC6C,WAAW,CAAC,EAAE;MACxEvC,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;IACA,IACE,CAAC3C,OAAO,KAAK,UAAU,IACrBA,OAAO,KAAK,SAAS,IACrBA,OAAO,KAAK,UAAU,KACxBjM,UAAU,CAAC,6BAA6B,EAAE4O,WAAW,CAACrB,SAAS,CAAC,EAChE;MACAlB,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;IACA,IAAI/F,kBAAkB,IAAI+F,WAAW,CAACnJ,QAAQ,KAAKlC,SAAS,CAACZ,IAAI,EAAE;AACjE;MACAmE,OAAO,GAAG8H,WAAW,CAACN,WAAW,CAAA;MAEjC9P,YAAY,CAAC,CAACqE,aAAa,EAAEC,QAAQ,EAAEC,WAAW,CAAC,EAAGyM,IAAI,IAAK;QAC7D1I,OAAO,GAAGtH,aAAa,CAACsH,OAAO,EAAE0I,IAAI,EAAE,GAAG,CAAC,CAAA;AAC7C,OAAC,CAAC,CAAA;AAEF,MAAA,IAAIZ,WAAW,CAACN,WAAW,KAAKxH,OAAO,EAAE;AACvC/H,QAAAA,SAAS,CAACqG,SAAS,CAACI,OAAO,EAAE;AAAEpE,UAAAA,OAAO,EAAEwN,WAAW,CAACrI,SAAS,EAAC;AAAE,SAAC,CAAC,CAAA;QAClEqI,WAAW,CAACN,WAAW,GAAGxH,OAAO,CAAA;AACnC,OAAA;AACF,KAAA;;AAEA;AACA4H,IAAAA,YAAY,CAAC,uBAAuB,EAAEE,WAAW,EAAE,IAAI,CAAC,CAAA;AAExD,IAAA,OAAO,KAAK,CAAA;GACb,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACE;EACA,MAAMa,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAaC,KAAK,EAAEC,MAAM,EAAE9N,KAAK,EAAE;AACxD;AACA,IAAA,IACEwH,YAAY,KACXsG,MAAM,KAAK,IAAI,IAAIA,MAAM,KAAK,MAAM,CAAC,KACrC9N,KAAK,IAAIiC,QAAQ,IAAIjC,KAAK,IAAIkJ,WAAW,CAAC,EAC3C;AACA,MAAA,OAAO,KAAK,CAAA;AACd,KAAA;;AAEA;AACJ;AACA;AACA;AACI,IAAA,IACErC,eAAe,IACf,CAACF,WAAW,CAACmH,MAAM,CAAC,IACpB3P,UAAU,CAACgD,SAAS,EAAE2M,MAAM,CAAC,EAC7B,CAED,MAAM,IAAIlH,eAAe,IAAIzI,UAAU,CAACiD,SAAS,EAAE0M,MAAM,CAAC,EAAE,CAG5D,MAAM,IAAI,CAAC9H,YAAY,CAAC8H,MAAM,CAAC,IAAInH,WAAW,CAACmH,MAAM,CAAC,EAAE;AACvD,MAAA;AACE;AACA;AACA;AACCT,MAAAA,qBAAqB,CAACQ,KAAK,CAAC,KACzB1H,uBAAuB,CAACC,YAAY,YAAYhI,MAAM,IACtDD,UAAU,CAACgI,uBAAuB,CAACC,YAAY,EAAEyH,KAAK,CAAC,IACtD1H,uBAAuB,CAACC,YAAY,YAAYiD,QAAQ,IACvDlD,uBAAuB,CAACC,YAAY,CAACyH,KAAK,CAAE,CAAC,KAC/C1H,uBAAuB,CAACK,kBAAkB,YAAYpI,MAAM,IAC5DD,UAAU,CAACgI,uBAAuB,CAACK,kBAAkB,EAAEsH,MAAM,CAAC,IAC7D3H,uBAAuB,CAACK,kBAAkB,YAAY6C,QAAQ,IAC7DlD,uBAAuB,CAACK,kBAAkB,CAACsH,MAAM,CAAE,CAAC;AAC1D;AACA;AACCA,MAAAA,MAAM,KAAK,IAAI,IACd3H,uBAAuB,CAACM,8BAA8B,KACpDN,uBAAuB,CAACC,YAAY,YAAYhI,MAAM,IACtDD,UAAU,CAACgI,uBAAuB,CAACC,YAAY,EAAEpG,KAAK,CAAC,IACtDmG,uBAAuB,CAACC,YAAY,YAAYiD,QAAQ,IACvDlD,uBAAuB,CAACC,YAAY,CAACpG,KAAK,CAAE,CAAE,EACpD,CAGD,MAAM;AACL,QAAA,OAAO,KAAK,CAAA;AACd,OAAA;AACA;AACF,KAAC,MAAM,IAAIkI,mBAAmB,CAAC4F,MAAM,CAAC,EAAE,CAIvC,MAAM,IACL3P,UAAU,CAACkD,gBAAc,EAAE1D,aAAa,CAACqC,KAAK,EAAEuB,eAAe,EAAE,EAAE,CAAC,CAAC,EACrE,CAID,MAAM,IACL,CAACuM,MAAM,KAAK,KAAK,IAAIA,MAAM,KAAK,YAAY,IAAIA,MAAM,KAAK,MAAM,KACjED,KAAK,KAAK,QAAQ,IAClBhQ,aAAa,CAACmC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,IACnCgI,aAAa,CAAC6F,KAAK,CAAC,EACpB,CAKD,MAAM,IACL/G,uBAAuB,IACvB,CAAC3I,UAAU,CAACmD,iBAAiB,EAAE3D,aAAa,CAACqC,KAAK,EAAEuB,eAAe,EAAE,EAAE,CAAC,CAAC,EACzE,CAGD,MAAM,IAAIvB,KAAK,EAAE;AAChB,MAAA,OAAO,KAAK,CAAA;AACd,KAAC,MAAM,CAEL;AAGF,IAAA,OAAO,IAAI,CAAA;GACZ,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMqN,qBAAqB,GAAG,SAAxBA,qBAAqBA,CAAajD,OAAO,EAAE;IAC/C,OAAOA,OAAO,KAAK,gBAAgB,IAAI3M,WAAW,CAAC2M,OAAO,EAAE3I,cAAc,CAAC,CAAA;GAC5E,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMsM,mBAAmB,GAAG,SAAtBA,mBAAmBA,CAAahB,WAAW,EAAE;AACjD;AACAF,IAAAA,YAAY,CAAC,0BAA0B,EAAEE,WAAW,EAAE,IAAI,CAAC,CAAA;IAE3D,MAAM;AAAEL,MAAAA,UAAAA;AAAW,KAAC,GAAGK,WAAW,CAAA;;AAElC;IACA,IAAI,CAACL,UAAU,EAAE;AACf,MAAA,OAAA;AACF,KAAA;AAEA,IAAA,MAAMsB,SAAS,GAAG;AAChBC,MAAAA,QAAQ,EAAE,EAAE;AACZC,MAAAA,SAAS,EAAE,EAAE;AACbC,MAAAA,QAAQ,EAAE,IAAI;AACdC,MAAAA,iBAAiB,EAAEpI,YAAAA;KACpB,CAAA;AACD,IAAA,IAAI1G,CAAC,GAAGoN,UAAU,CAAC7N,MAAM,CAAA;;AAEzB;IACA,OAAOS,CAAC,EAAE,EAAE;AACV,MAAA,MAAM+O,IAAI,GAAG3B,UAAU,CAACpN,CAAC,CAAC,CAAA;MAC1B,MAAM;QAAEsL,IAAI;QAAEP,YAAY;AAAErK,QAAAA,KAAK,EAAEkO,SAAAA;AAAU,OAAC,GAAGG,IAAI,CAAA;AACrD,MAAA,MAAMP,MAAM,GAAG1O,iBAAiB,CAACwL,IAAI,CAAC,CAAA;MAEtC,IAAI5K,KAAK,GAAG4K,IAAI,KAAK,OAAO,GAAGsD,SAAS,GAAGnQ,UAAU,CAACmQ,SAAS,CAAC,CAAA;;AAEhE;MACAF,SAAS,CAACC,QAAQ,GAAGH,MAAM,CAAA;MAC3BE,SAAS,CAACE,SAAS,GAAGlO,KAAK,CAAA;MAC3BgO,SAAS,CAACG,QAAQ,GAAG,IAAI,CAAA;AACzBH,MAAAA,SAAS,CAACM,aAAa,GAAGjP,SAAS,CAAC;AACpCwN,MAAAA,YAAY,CAAC,uBAAuB,EAAEE,WAAW,EAAEiB,SAAS,CAAC,CAAA;MAC7DhO,KAAK,GAAGgO,SAAS,CAACE,SAAS,CAAA;;AAE3B;AACN;AACA;MACM,IAAIzG,oBAAoB,KAAKqG,MAAM,KAAK,IAAI,IAAIA,MAAM,KAAK,MAAM,CAAC,EAAE;AAClE;AACAnD,QAAAA,gBAAgB,CAACC,IAAI,EAAEmC,WAAW,CAAC,CAAA;;AAEnC;QACA/M,KAAK,GAAG0H,2BAA2B,GAAG1H,KAAK,CAAA;AAC7C,OAAA;;AAEA;MACA,IAAIiH,YAAY,IAAI9I,UAAU,CAAC,+BAA+B,EAAE6B,KAAK,CAAC,EAAE;AACtE2K,QAAAA,gBAAgB,CAACC,IAAI,EAAEmC,WAAW,CAAC,CAAA;AACnC,QAAA,SAAA;AACF,OAAA;;AAEA;MACA,IAAIiB,SAAS,CAACM,aAAa,EAAE;AAC3B,QAAA,SAAA;AACF,OAAA;;AAEA;AACA3D,MAAAA,gBAAgB,CAACC,IAAI,EAAEmC,WAAW,CAAC,CAAA;;AAEnC;AACA,MAAA,IAAI,CAACiB,SAAS,CAACG,QAAQ,EAAE;AACvB,QAAA,SAAA;AACF,OAAA;;AAEA;MACA,IAAI,CAACpH,wBAAwB,IAAI5I,UAAU,CAAC,MAAM,EAAE6B,KAAK,CAAC,EAAE;AAC1D2K,QAAAA,gBAAgB,CAACC,IAAI,EAAEmC,WAAW,CAAC,CAAA;AACnC,QAAA,SAAA;AACF,OAAA;;AAEA;AACA,MAAA,IAAI/F,kBAAkB,EAAE;QACtBrK,YAAY,CAAC,CAACqE,aAAa,EAAEC,QAAQ,EAAEC,WAAW,CAAC,EAAGyM,IAAI,IAAK;UAC7D3N,KAAK,GAAGrC,aAAa,CAACqC,KAAK,EAAE2N,IAAI,EAAE,GAAG,CAAC,CAAA;AACzC,SAAC,CAAC,CAAA;AACJ,OAAA;;AAEA;AACA,MAAA,MAAME,KAAK,GAAGzO,iBAAiB,CAAC2N,WAAW,CAACP,QAAQ,CAAC,CAAA;MACrD,IAAI,CAACoB,iBAAiB,CAACC,KAAK,EAAEC,MAAM,EAAE9N,KAAK,CAAC,EAAE;AAC5C,QAAA,SAAA;AACF,OAAA;;AAEA;AACA,MAAA,IACEmF,kBAAkB,IAClB,OAAO3C,YAAY,KAAK,QAAQ,IAChC,OAAOA,YAAY,CAAC+L,gBAAgB,KAAK,UAAU,EACnD;AACA,QAAA,IAAIlE,YAAY,EAAE,CAEjB,MAAM;AACL,UAAA,QAAQ7H,YAAY,CAAC+L,gBAAgB,CAACV,KAAK,EAAEC,MAAM,CAAC;AAClD,YAAA,KAAK,aAAa;AAAE,cAAA;AAClB9N,gBAAAA,KAAK,GAAGmF,kBAAkB,CAACnC,UAAU,CAAChD,KAAK,CAAC,CAAA;AAC5C,gBAAA,MAAA;AACF,eAAA;AAEA,YAAA,KAAK,kBAAkB;AAAE,cAAA;AACvBA,gBAAAA,KAAK,GAAGmF,kBAAkB,CAAClC,eAAe,CAACjD,KAAK,CAAC,CAAA;AACjD,gBAAA,MAAA;AACF,eAAA;AAKF,WAAA;AACF,SAAA;AACF,OAAA;;AAEA;MACA,IAAI;AACF,QAAA,IAAIqK,YAAY,EAAE;UAChB0C,WAAW,CAACyB,cAAc,CAACnE,YAAY,EAAEO,IAAI,EAAE5K,KAAK,CAAC,CAAA;AACvD,SAAC,MAAM;AACL;AACA+M,UAAAA,WAAW,CAAC/B,YAAY,CAACJ,IAAI,EAAE5K,KAAK,CAAC,CAAA;AACvC,SAAA;AAEA,QAAA,IAAIsM,YAAY,CAACS,WAAW,CAAC,EAAE;UAC7BvC,YAAY,CAACuC,WAAW,CAAC,CAAA;AAC3B,SAAC,MAAM;AACL/P,UAAAA,QAAQ,CAACuG,SAAS,CAACI,OAAO,CAAC,CAAA;AAC7B,SAAA;AACF,OAAC,CAAC,OAAOR,CAAC,EAAE,EAAC;AACf,KAAA;;AAEA;AACA0J,IAAAA,YAAY,CAAC,yBAAyB,EAAEE,WAAW,EAAE,IAAI,CAAC,CAAA;GAC3D,CAAA;;AAED;AACF;AACA;AACA;AACA;AACE,EAAA,MAAM0B,kBAAkB,GAAG,SAArBA,kBAAkBA,CAAaC,QAAQ,EAAE;IAC7C,IAAIC,UAAU,GAAG,IAAI,CAAA;AACrB,IAAA,MAAMC,cAAc,GAAG5C,mBAAmB,CAAC0C,QAAQ,CAAC,CAAA;;AAEpD;AACA7B,IAAAA,YAAY,CAAC,yBAAyB,EAAE6B,QAAQ,EAAE,IAAI,CAAC,CAAA;AAEvD,IAAA,OAAQC,UAAU,GAAGC,cAAc,CAACC,QAAQ,EAAE,EAAG;AAC/C;AACAhC,MAAAA,YAAY,CAAC,wBAAwB,EAAE8B,UAAU,EAAE,IAAI,CAAC,CAAA;;AAExD;AACA,MAAA,IAAIzB,iBAAiB,CAACyB,UAAU,CAAC,EAAE;AACjC,QAAA,SAAA;AACF,OAAA;;AAEA;AACA,MAAA,IAAIA,UAAU,CAAC1J,OAAO,YAAYjB,gBAAgB,EAAE;AAClDyK,QAAAA,kBAAkB,CAACE,UAAU,CAAC1J,OAAO,CAAC,CAAA;AACxC,OAAA;;AAEA;MACA8I,mBAAmB,CAACY,UAAU,CAAC,CAAA;AACjC,KAAA;;AAEA;AACA9B,IAAAA,YAAY,CAAC,wBAAwB,EAAE6B,QAAQ,EAAE,IAAI,CAAC,CAAA;GACvD,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACE;AACAnL,EAAAA,SAAS,CAACuL,QAAQ,GAAG,UAAU5D,KAAK,EAAY;AAAA,IAAA,IAAV3B,GAAG,GAAA3K,SAAA,CAAAC,MAAA,GAAA,CAAA,IAAAD,SAAA,CAAA,CAAA,CAAA,KAAAS,SAAA,GAAAT,SAAA,CAAA,CAAA,CAAA,GAAG,EAAE,CAAA;IAC5C,IAAI+M,IAAI,GAAG,IAAI,CAAA;IACf,IAAIoD,YAAY,GAAG,IAAI,CAAA;IACvB,IAAIhC,WAAW,GAAG,IAAI,CAAA;IACtB,IAAIiC,UAAU,GAAG,IAAI,CAAA;AACrB;AACJ;AACA;IACIxG,cAAc,GAAG,CAAC0C,KAAK,CAAA;AACvB,IAAA,IAAI1C,cAAc,EAAE;AAClB0C,MAAAA,KAAK,GAAG,OAAO,CAAA;AACjB,KAAA;;AAEA;IACA,IAAI,OAAOA,KAAK,KAAK,QAAQ,IAAI,CAAC0B,OAAO,CAAC1B,KAAK,CAAC,EAAE;AAChD,MAAA,IAAI,OAAOA,KAAK,CAAC1N,QAAQ,KAAK,UAAU,EAAE;AACxC0N,QAAAA,KAAK,GAAGA,KAAK,CAAC1N,QAAQ,EAAE,CAAA;AACxB,QAAA,IAAI,OAAO0N,KAAK,KAAK,QAAQ,EAAE;UAC7B,MAAM5M,eAAe,CAAC,iCAAiC,CAAC,CAAA;AAC1D,SAAA;AACF,OAAC,MAAM;QACL,MAAMA,eAAe,CAAC,4BAA4B,CAAC,CAAA;AACrD,OAAA;AACF,KAAA;;AAEA;AACA,IAAA,IAAI,CAACiF,SAAS,CAACM,WAAW,EAAE;AAC1B,MAAA,OAAOqH,KAAK,CAAA;AACd,KAAA;;AAEA;IACA,IAAI,CAAC/D,UAAU,EAAE;MACfmC,YAAY,CAACC,GAAG,CAAC,CAAA;AACnB,KAAA;;AAEA;IACAhG,SAAS,CAACI,OAAO,GAAG,EAAE,CAAA;;AAEtB;AACA,IAAA,IAAI,OAAOuH,KAAK,KAAK,QAAQ,EAAE;AAC7BtD,MAAAA,QAAQ,GAAG,KAAK,CAAA;AAClB,KAAA;AAEA,IAAA,IAAIA,QAAQ,EAAE;AACZ;MACA,IAAIsD,KAAK,CAACsB,QAAQ,EAAE;AAClB,QAAA,MAAMpC,OAAO,GAAGhL,iBAAiB,CAAC8L,KAAK,CAACsB,QAAQ,CAAC,CAAA;QACjD,IAAI,CAAC3G,YAAY,CAACuE,OAAO,CAAC,IAAI1D,WAAW,CAAC0D,OAAO,CAAC,EAAE;UAClD,MAAM9L,eAAe,CACnB,yDACF,CAAC,CAAA;AACH,SAAA;AACF,OAAA;AACF,KAAC,MAAM,IAAI4M,KAAK,YAAYhH,IAAI,EAAE;AAChC;AACN;AACMyH,MAAAA,IAAI,GAAGV,aAAa,CAAC,SAAS,CAAC,CAAA;MAC/B8D,YAAY,GAAGpD,IAAI,CAACzG,aAAa,CAACO,UAAU,CAACyF,KAAK,EAAE,IAAI,CAAC,CAAA;AACzD,MAAA,IACE6D,YAAY,CAACnL,QAAQ,KAAKlC,SAAS,CAACnC,OAAO,IAC3CwP,YAAY,CAACvC,QAAQ,KAAK,MAAM,EAChC;AACA;AACAb,QAAAA,IAAI,GAAGoD,YAAY,CAAA;AACrB,OAAC,MAAM,IAAIA,YAAY,CAACvC,QAAQ,KAAK,MAAM,EAAE;AAC3Cb,QAAAA,IAAI,GAAGoD,YAAY,CAAA;AACrB,OAAC,MAAM;AACL;AACApD,QAAAA,IAAI,CAACsD,WAAW,CAACF,YAAY,CAAC,CAAA;AAChC,OAAA;AACF,KAAC,MAAM;AACL;AACA,MAAA,IACE,CAAC1H,UAAU,IACX,CAACL,kBAAkB,IACnB,CAACE,cAAc;AACf;MACAgE,KAAK,CAACpN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EACzB;QACA,OAAOqH,kBAAkB,IAAIoC,mBAAmB,GAC5CpC,kBAAkB,CAACnC,UAAU,CAACkI,KAAK,CAAC,GACpCA,KAAK,CAAA;AACX,OAAA;;AAEA;AACAS,MAAAA,IAAI,GAAGV,aAAa,CAACC,KAAK,CAAC,CAAA;;AAE3B;MACA,IAAI,CAACS,IAAI,EAAE;QACT,OAAOtE,UAAU,GAAG,IAAI,GAAGE,mBAAmB,GAAGnC,SAAS,GAAG,EAAE,CAAA;AACjE,OAAA;AACF,KAAA;;AAEA;IACA,IAAIuG,IAAI,IAAIvE,UAAU,EAAE;AACtBoD,MAAAA,YAAY,CAACmB,IAAI,CAACuD,UAAU,CAAC,CAAA;AAC/B,KAAA;;AAEA;IACA,MAAMC,YAAY,GAAGnD,mBAAmB,CAACpE,QAAQ,GAAGsD,KAAK,GAAGS,IAAI,CAAC,CAAA;;AAEjE;AACA,IAAA,OAAQoB,WAAW,GAAGoC,YAAY,CAACN,QAAQ,EAAE,EAAG;AAC9C;AACA,MAAA,IAAI3B,iBAAiB,CAACH,WAAW,CAAC,EAAE;AAClC,QAAA,SAAA;AACF,OAAA;;AAEA;AACA,MAAA,IAAIA,WAAW,CAAC9H,OAAO,YAAYjB,gBAAgB,EAAE;AACnDyK,QAAAA,kBAAkB,CAAC1B,WAAW,CAAC9H,OAAO,CAAC,CAAA;AACzC,OAAA;;AAEA;MACA8I,mBAAmB,CAAChB,WAAW,CAAC,CAAA;AAClC,KAAA;;AAEA;AACA,IAAA,IAAInF,QAAQ,EAAE;AACZ,MAAA,OAAOsD,KAAK,CAAA;AACd,KAAA;;AAEA;AACA,IAAA,IAAI7D,UAAU,EAAE;AACd,MAAA,IAAIC,mBAAmB,EAAE;QACvB0H,UAAU,GAAGzJ,sBAAsB,CAACwG,IAAI,CAACJ,IAAI,CAACzG,aAAa,CAAC,CAAA;QAE5D,OAAOyG,IAAI,CAACuD,UAAU,EAAE;AACtB;AACAF,UAAAA,UAAU,CAACC,WAAW,CAACtD,IAAI,CAACuD,UAAU,CAAC,CAAA;AACzC,SAAA;AACF,OAAC,MAAM;AACLF,QAAAA,UAAU,GAAGrD,IAAI,CAAA;AACnB,OAAA;AAEA,MAAA,IAAI3F,YAAY,CAACoJ,UAAU,IAAIpJ,YAAY,CAACqJ,cAAc,EAAE;AAC1D;AACR;AACA;AACA;AACA;AACA;AACA;QACQL,UAAU,GAAGvJ,UAAU,CAACsG,IAAI,CAACjI,gBAAgB,EAAEkL,UAAU,EAAE,IAAI,CAAC,CAAA;AAClE,OAAA;AAEA,MAAA,OAAOA,UAAU,CAAA;AACnB,KAAA;IAEA,IAAIM,cAAc,GAAGpI,cAAc,GAAGyE,IAAI,CAAC4D,SAAS,GAAG5D,IAAI,CAACD,SAAS,CAAA;;AAErE;AACA,IAAA,IACExE,cAAc,IACdrB,YAAY,CAAC,UAAU,CAAC,IACxB8F,IAAI,CAACzG,aAAa,IAClByG,IAAI,CAACzG,aAAa,CAACsK,OAAO,IAC1B7D,IAAI,CAACzG,aAAa,CAACsK,OAAO,CAAC5E,IAAI,IAC/BzM,UAAU,CAACyH,YAAwB,EAAE+F,IAAI,CAACzG,aAAa,CAACsK,OAAO,CAAC5E,IAAI,CAAC,EACrE;AACA0E,MAAAA,cAAc,GACZ,YAAY,GAAG3D,IAAI,CAACzG,aAAa,CAACsK,OAAO,CAAC5E,IAAI,GAAG,KAAK,GAAG0E,cAAc,CAAA;AAC3E,KAAA;;AAEA;AACA,IAAA,IAAItI,kBAAkB,EAAE;MACtBrK,YAAY,CAAC,CAACqE,aAAa,EAAEC,QAAQ,EAAEC,WAAW,CAAC,EAAGyM,IAAI,IAAK;QAC7D2B,cAAc,GAAG3R,aAAa,CAAC2R,cAAc,EAAE3B,IAAI,EAAE,GAAG,CAAC,CAAA;AAC3D,OAAC,CAAC,CAAA;AACJ,KAAA;IAEA,OAAOxI,kBAAkB,IAAIoC,mBAAmB,GAC5CpC,kBAAkB,CAACnC,UAAU,CAACsM,cAAc,CAAC,GAC7CA,cAAc,CAAA;GACnB,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;EACE/L,SAAS,CAACkM,SAAS,GAAG,YAAoB;AAAA,IAAA,IAAVlG,GAAG,GAAA3K,SAAA,CAAAC,MAAA,GAAA,CAAA,IAAAD,SAAA,CAAA,CAAA,CAAA,KAAAS,SAAA,GAAAT,SAAA,CAAA,CAAA,CAAA,GAAG,EAAE,CAAA;IACtC0K,YAAY,CAACC,GAAG,CAAC,CAAA;AACjBpC,IAAAA,UAAU,GAAG,IAAI,CAAA;GAClB,CAAA;;AAED;AACF;AACA;AACA;AACA;EACE5D,SAAS,CAACmM,WAAW,GAAG,YAAY;AAClCzG,IAAAA,MAAM,GAAG,IAAI,CAAA;AACb9B,IAAAA,UAAU,GAAG,KAAK,CAAA;GACnB,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE5D,SAAS,CAACoM,gBAAgB,GAAG,UAAUC,GAAG,EAAEvB,IAAI,EAAErO,KAAK,EAAE;AACvD;IACA,IAAI,CAACiJ,MAAM,EAAE;MACXK,YAAY,CAAC,EAAE,CAAC,CAAA;AAClB,KAAA;AAEA,IAAA,MAAMuE,KAAK,GAAGzO,iBAAiB,CAACwQ,GAAG,CAAC,CAAA;AACpC,IAAA,MAAM9B,MAAM,GAAG1O,iBAAiB,CAACiP,IAAI,CAAC,CAAA;AACtC,IAAA,OAAOT,iBAAiB,CAACC,KAAK,EAAEC,MAAM,EAAE9N,KAAK,CAAC,CAAA;GAC/C,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACEuD,EAAAA,SAAS,CAACsM,OAAO,GAAG,UAAU/C,UAAU,EAAEgD,YAAY,EAAE;AACtD,IAAA,IAAI,OAAOA,YAAY,KAAK,UAAU,EAAE;AACtC,MAAA,OAAA;AACF,KAAA;IAEApK,KAAK,CAACoH,UAAU,CAAC,GAAGpH,KAAK,CAACoH,UAAU,CAAC,IAAI,EAAE,CAAA;AAC3C5P,IAAAA,SAAS,CAACwI,KAAK,CAACoH,UAAU,CAAC,EAAEgD,YAAY,CAAC,CAAA;GAC3C,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACEvM,EAAAA,SAAS,CAACwM,UAAU,GAAG,UAAUjD,UAAU,EAAE;AAC3C,IAAA,IAAIpH,KAAK,CAACoH,UAAU,CAAC,EAAE;AACrB,MAAA,OAAO9P,QAAQ,CAAC0I,KAAK,CAACoH,UAAU,CAAC,CAAC,CAAA;AACpC,KAAA;GACD,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACEvJ,EAAAA,SAAS,CAACyM,WAAW,GAAG,UAAUlD,UAAU,EAAE;AAC5C,IAAA,IAAIpH,KAAK,CAACoH,UAAU,CAAC,EAAE;AACrBpH,MAAAA,KAAK,CAACoH,UAAU,CAAC,GAAG,EAAE,CAAA;AACxB,KAAA;GACD,CAAA;;AAED;AACF;AACA;AACA;EACEvJ,SAAS,CAAC0M,cAAc,GAAG,YAAY;IACrCvK,KAAK,GAAG,EAAE,CAAA;GACX,CAAA;AAED,EAAA,OAAOnC,SAAS,CAAA;AAClB,CAAA;AAEA,aAAeD,eAAe,EAAE;;;;"} \ No newline at end of file +{"version":3,"file":"purify.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"} \ No newline at end of file diff --git a/dist/purify.es.mjs b/dist/purify.es.mjs index 842528a9b..e18d606f9 100644 --- a/dist/purify.es.mjs +++ b/dist/purify.es.mjs @@ -48,12 +48,11 @@ const stringTrim = unapply(String.prototype.trim); const objectHasOwnProperty = unapply(Object.prototype.hasOwnProperty); const regExpTest = unapply(RegExp.prototype.test); const typeErrorCreate = unconstruct(TypeError); - /** * Creates a new function that calls the given function with a specified thisArg and arguments. * - * @param {Function} func - The function to be wrapped and called. - * @returns {Function} A new function that calls the given function with a specified thisArg and arguments. + * @param func - The function to be wrapped and called. + * @returns A new function that calls the given function with a specified thisArg and arguments. */ function unapply(func) { return function (thisArg) { @@ -63,12 +62,11 @@ function unapply(func) { return apply(func, thisArg, args); }; } - /** * Creates a new function that constructs an instance of the given constructor function with the provided arguments. * - * @param {Function} func - The constructor function to be wrapped and called. - * @returns {Function} A new function that constructs an instance of the given constructor function with the provided arguments. + * @param func - The constructor function to be wrapped and called. + * @returns A new function that constructs an instance of the given constructor function with the provided arguments. */ function unconstruct(func) { return function () { @@ -78,14 +76,13 @@ function unconstruct(func) { return construct(func, args); }; } - /** * Add properties to a lookup table * - * @param {Object} set - The set to which elements will be added. - * @param {Array} array - The array containing elements to be added to the set. - * @param {Function} transformCaseFunc - An optional function to transform the case of each element before adding to the set. - * @returns {Object} The modified set with added elements. + * @param set - The set to which elements will be added. + * @param array - The array containing elements to be added to the set. + * @param transformCaseFunc - An optional function to transform the case of each element before adding to the set. + * @returns The modified set with added elements. */ function addToSet(set, array) { let transformCaseFunc = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : stringToLowerCase; @@ -112,12 +109,11 @@ function addToSet(set, array) { } return set; } - /** * Clean up an array to harden against CSPP * - * @param {Array} array - The array to be cleaned. - * @returns {Array} The cleaned version of the array + * @param array - The array to be cleaned. + * @returns The cleaned version of the array */ function cleanArray(array) { for (let index = 0; index < array.length; index++) { @@ -128,12 +124,11 @@ function cleanArray(array) { } return array; } - /** * Shallow clone an object * - * @param {Object} object - The object to be cloned. - * @returns {Object} A new object that copies the original. + * @param object - The object to be cloned. + * @returns A new object that copies the original. */ function clone(object) { const newObject = create(null); @@ -151,13 +146,12 @@ function clone(object) { } return newObject; } - /** * This method automatically checks if the prop is function or getter and behaves accordingly. * - * @param {Object} object - The object to look up the getter function in its prototype chain. - * @param {String} prop - The property name for which to find the getter function. - * @returns {Function} The getter function found in the prototype chain or a fallback function. + * @param object - The object to look up the getter function in its prototype chain. + * @param prop - The property name for which to find the getter function. + * @returns The getter function found in the prototype chain or a fallback function. */ function lookupGetter(object, prop) { while (object !== null) { @@ -179,18 +173,15 @@ function lookupGetter(object, prop) { } const html$1 = freeze(['a', 'abbr', 'acronym', 'address', 'area', 'article', 'aside', 'audio', 'b', 'bdi', 'bdo', 'big', 'blink', 'blockquote', 'body', 'br', 'button', 'canvas', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'content', 'data', 'datalist', 'dd', 'decorator', 'del', 'details', 'dfn', 'dialog', 'dir', 'div', 'dl', 'dt', 'element', 'em', 'fieldset', 'figcaption', 'figure', 'font', 'footer', 'form', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'header', 'hgroup', 'hr', 'html', 'i', 'img', 'input', 'ins', 'kbd', 'label', 'legend', 'li', 'main', 'map', 'mark', 'marquee', 'menu', 'menuitem', 'meter', 'nav', 'nobr', 'ol', 'optgroup', 'option', 'output', 'p', 'picture', 'pre', 'progress', 'q', 'rp', 'rt', 'ruby', 's', 'samp', 'section', 'select', 'shadow', 'small', 'source', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'template', 'textarea', 'tfoot', 'th', 'thead', 'time', 'tr', 'track', 'tt', 'u', 'ul', 'var', 'video', 'wbr']); - // SVG const svg$1 = freeze(['svg', 'a', 'altglyph', 'altglyphdef', 'altglyphitem', 'animatecolor', 'animatemotion', 'animatetransform', 'circle', 'clippath', 'defs', 'desc', 'ellipse', 'filter', 'font', 'g', 'glyph', 'glyphref', 'hkern', 'image', 'line', 'lineargradient', 'marker', 'mask', 'metadata', 'mpath', 'path', 'pattern', 'polygon', 'polyline', 'radialgradient', 'rect', 'stop', 'style', 'switch', 'symbol', 'text', 'textpath', 'title', 'tref', 'tspan', 'view', 'vkern']); const svgFilters = freeze(['feBlend', 'feColorMatrix', 'feComponentTransfer', 'feComposite', 'feConvolveMatrix', 'feDiffuseLighting', 'feDisplacementMap', 'feDistantLight', 'feDropShadow', 'feFlood', 'feFuncA', 'feFuncB', 'feFuncG', 'feFuncR', 'feGaussianBlur', 'feImage', 'feMerge', 'feMergeNode', 'feMorphology', 'feOffset', 'fePointLight', 'feSpecularLighting', 'feSpotLight', 'feTile', 'feTurbulence']); - // List of SVG elements that are disallowed by default. // We still need to know them so that we can do namespace // checks properly in case one wants to add them to // allow-list. const svgDisallowed = freeze(['animate', 'color-profile', 'cursor', 'discard', 'font-face', 'font-face-format', 'font-face-name', 'font-face-src', 'font-face-uri', 'foreignobject', 'hatch', 'hatchpath', 'mesh', 'meshgradient', 'meshpatch', 'meshrow', 'missing-glyph', 'script', 'set', 'solidcolor', 'unknown', 'use']); const mathMl$1 = freeze(['math', 'menclose', 'merror', 'mfenced', 'mfrac', 'mglyph', 'mi', 'mlabeledtr', 'mmultiscripts', 'mn', 'mo', 'mover', 'mpadded', 'mphantom', 'mroot', 'mrow', 'ms', 'mspace', 'msqrt', 'mstyle', 'msub', 'msup', 'msubsup', 'mtable', 'mtd', 'mtext', 'mtr', 'munder', 'munderover', 'mprescripts']); - // Similarly to SVG, we want to know all MathML elements, // even those that we disallow by default. const mathMlDisallowed = freeze(['maction', 'maligngroup', 'malignmark', 'mlongdiv', 'mscarries', 'mscarry', 'msgroup', 'mstack', 'msline', 'msrow', 'semantics', 'annotation', 'annotation-xml', 'mprescripts', 'none']); @@ -217,18 +208,19 @@ const CUSTOM_ELEMENT = seal(/^[a-z][.\w]*(-[.\w]+)+$/i); var EXPRESSIONS = /*#__PURE__*/Object.freeze({ __proto__: null, - MUSTACHE_EXPR: MUSTACHE_EXPR, - ERB_EXPR: ERB_EXPR, - TMPLIT_EXPR: TMPLIT_EXPR, - DATA_ATTR: DATA_ATTR, ARIA_ATTR: ARIA_ATTR, - IS_ALLOWED_URI: IS_ALLOWED_URI, - IS_SCRIPT_OR_DATA: IS_SCRIPT_OR_DATA, ATTR_WHITESPACE: ATTR_WHITESPACE, + CUSTOM_ELEMENT: CUSTOM_ELEMENT, + DATA_ATTR: DATA_ATTR, DOCTYPE_NAME: DOCTYPE_NAME, - CUSTOM_ELEMENT: CUSTOM_ELEMENT + ERB_EXPR: ERB_EXPR, + IS_ALLOWED_URI: IS_ALLOWED_URI, + IS_SCRIPT_OR_DATA: IS_SCRIPT_OR_DATA, + MUSTACHE_EXPR: MUSTACHE_EXPR, + TMPLIT_EXPR: TMPLIT_EXPR }); +/* eslint-disable @typescript-eslint/indent */ // https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType const NODE_TYPE = { element: 1, @@ -249,7 +241,6 @@ const NODE_TYPE = { const getGlobal = function getGlobal() { return typeof window === 'undefined' ? null : window; }; - /** * Creates a no-op policy for internal use only. * Don't export this function outside this module! @@ -262,7 +253,6 @@ const _createTrustedTypesPolicy = function _createTrustedTypesPolicy(trustedType if (typeof trustedTypes !== 'object' || typeof trustedTypes.createPolicy !== 'function') { return null; } - // Allow the callers to control the unique policy name // by adding a data-tt-policy-suffix to the script element with the DOMPurify. // Policy creation with duplicate names throws in Trusted Types. @@ -292,17 +282,7 @@ const _createTrustedTypesPolicy = function _createTrustedTypesPolicy(trustedType function createDOMPurify() { let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal(); const DOMPurify = root => createDOMPurify(root); - - /** - * Version label, exposed for easier checks - * if DOMPurify is up to date or not - */ DOMPurify.version = '3.1.7'; - - /** - * Array of elements that DOMPurify removed during sanitation. - * Empty if nothing was removed. - */ DOMPurify.removed = []; if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document) { // Not running in a browser, provide a factory function @@ -332,7 +312,6 @@ function createDOMPurify() { const getNextSibling = lookupGetter(ElementPrototype, 'nextSibling'); const getChildNodes = lookupGetter(ElementPrototype, 'childNodes'); const getParentNode = lookupGetter(ElementPrototype, 'parentNode'); - // As per issue #47, the web-components registry is inherited by a // new document created via createHTMLDocument. As per the spec // (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries) @@ -357,7 +336,6 @@ function createDOMPurify() { importNode } = originalDocument; let hooks = {}; - /** * Expose whether this browser supports running the full DOMPurify. */ @@ -375,22 +353,18 @@ function createDOMPurify() { let { IS_ALLOWED_URI: IS_ALLOWED_URI$1 } = EXPRESSIONS; - /** * We consider the elements and attributes below to be safe. Ideally * don't add any new ones but feel free to remove unwanted ones. */ - /* allowed element names */ let ALLOWED_TAGS = null; const DEFAULT_ALLOWED_TAGS = addToSet({}, [...html$1, ...svg$1, ...svgFilters, ...mathMl$1, ...text]); - /* Allowed attribute names */ let ALLOWED_ATTR = null; const DEFAULT_ALLOWED_ATTR = addToSet({}, [...html, ...svg, ...mathMl, ...xml]); - /* - * Configure how DOMPUrify should handle custom elements and their attributes as well as customized built-in elements. + * Configure how DOMPurify should handle custom elements and their attributes as well as customized built-in elements. * @property {RegExp|Function|null} tagNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any custom elements) * @property {RegExp|Function|null} attributeNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any attributes not on the allow list) * @property {boolean} allowCustomizedBuiltInElements allow custom elements derived from built-ins if they pass CUSTOM_ELEMENT_HANDLING.tagNameCheck. Default: `false`. @@ -415,65 +389,49 @@ function createDOMPurify() { value: false } })); - /* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */ let FORBID_TAGS = null; - /* Explicitly forbidden attributes (overrides ALLOWED_ATTR/ADD_ATTR) */ let FORBID_ATTR = null; - /* Decide if ARIA attributes are okay */ let ALLOW_ARIA_ATTR = true; - /* Decide if custom data attributes are okay */ let ALLOW_DATA_ATTR = true; - /* Decide if unknown protocols are okay */ let ALLOW_UNKNOWN_PROTOCOLS = false; - /* Decide if self-closing tags in attributes are allowed. * Usually removed due to a mXSS issue in jQuery 3.0 */ let ALLOW_SELF_CLOSE_IN_ATTR = true; - /* Output should be safe for common template engines. * This means, DOMPurify removes data attributes, mustaches and ERB */ let SAFE_FOR_TEMPLATES = false; - /* Output should be safe even for XML used within HTML and alike. * This means, DOMPurify removes comments when containing risky content. */ let SAFE_FOR_XML = true; - /* Decide if document with ... should be returned */ let WHOLE_DOCUMENT = false; - /* Track whether config is already set on this instance of DOMPurify. */ let SET_CONFIG = false; - /* Decide if all elements (e.g. style, script) must be children of * document.body. By default, browsers might move them to document.head */ let FORCE_BODY = false; - /* Decide if a DOM `HTMLBodyElement` should be returned, instead of a html * string (or a TrustedHTML object if Trusted Types are supported). * If `WHOLE_DOCUMENT` is enabled a `HTMLHtmlElement` will be returned instead */ let RETURN_DOM = false; - /* Decide if a DOM `DocumentFragment` should be returned, instead of a html * string (or a TrustedHTML object if Trusted Types are supported) */ let RETURN_DOM_FRAGMENT = false; - /* Try to return a Trusted Type object instead of a string, return a string in * case Trusted Types are not supported */ let RETURN_TRUSTED_TYPE = false; - /* Output should be free from DOM clobbering attacks? * This sanitizes markups named with colliding, clobberable built-in DOM APIs. */ let SANITIZE_DOM = true; - /* Achieve full DOM Clobbering protection by isolating the namespace of named * properties and JS variables, mitigating attacks that abuse the HTML/DOM spec rules. * @@ -489,25 +447,19 @@ function createDOMPurify() { */ let SANITIZE_NAMED_PROPS = false; const SANITIZE_NAMED_PROPS_PREFIX = 'user-content-'; - /* Keep element content when removing element? */ let KEEP_CONTENT = true; - /* If a `Node` is passed to sanitize(), then performs sanitization in-place instead * of importing it into a new Document and returning a sanitized copy */ let IN_PLACE = false; - /* Allow usage of profiles like html, svg and mathMl */ let USE_PROFILES = {}; - /* Tags to ignore content of when KEEP_CONTENT is true */ let FORBID_CONTENTS = null; const DEFAULT_FORBID_CONTENTS = addToSet({}, ['annotation-xml', 'audio', 'colgroup', 'desc', 'foreignobject', 'head', 'iframe', 'math', 'mi', 'mn', 'mo', 'ms', 'mtext', 'noembed', 'noframes', 'noscript', 'plaintext', 'script', 'style', 'svg', 'template', 'thead', 'title', 'video', 'xmp']); - /* Tags that are safe for data: URIs */ let DATA_URI_TAGS = null; const DEFAULT_DATA_URI_TAGS = addToSet({}, ['audio', 'video', 'img', 'source', 'image', 'track']); - /* Attributes safe for values like "javascript:" */ let URI_SAFE_ATTRIBUTES = null; const DEFAULT_URI_SAFE_ATTRIBUTES = addToSet({}, ['alt', 'class', 'for', 'id', 'label', 'name', 'pattern', 'placeholder', 'role', 'summary', 'title', 'value', 'style', 'xmlns']); @@ -517,36 +469,29 @@ function createDOMPurify() { /* Document namespace */ let NAMESPACE = HTML_NAMESPACE; let IS_EMPTY_INPUT = false; - /* Allowed XHTML+XML namespaces */ let ALLOWED_NAMESPACES = null; const DEFAULT_ALLOWED_NAMESPACES = addToSet({}, [MATHML_NAMESPACE, SVG_NAMESPACE, HTML_NAMESPACE], stringToString); let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, ['mi', 'mo', 'mn', 'ms', 'mtext']); let HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']); - // Certain elements are allowed in both SVG and HTML // namespace. We need to specify them explicitly // so that they don't get erroneously deleted from // HTML namespace. const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, ['title', 'style', 'font', 'a', 'script']); - /* Parsing of strict XHTML documents */ let PARSER_MEDIA_TYPE = null; const SUPPORTED_PARSER_MEDIA_TYPES = ['application/xhtml+xml', 'text/html']; const DEFAULT_PARSER_MEDIA_TYPE = 'text/html'; let transformCaseFunc = null; - /* Keep a reference to config to pass to hooks */ let CONFIG = null; - /* Ideally, do not touch anything below this line */ /* ______________________________________________ */ - const formElement = document.createElement('form'); const isRegexOrFunction = function isRegexOrFunction(testValue) { return testValue instanceof RegExp || testValue instanceof Function; }; - /** * _parseConfig * @@ -558,39 +503,23 @@ function createDOMPurify() { if (CONFIG && CONFIG === cfg) { return; } - /* Shield configuration object from tampering */ if (!cfg || typeof cfg !== 'object') { cfg = {}; } - /* Shield configuration object from prototype pollution */ cfg = clone(cfg); PARSER_MEDIA_TYPE = // eslint-disable-next-line unicorn/prefer-includes SUPPORTED_PARSER_MEDIA_TYPES.indexOf(cfg.PARSER_MEDIA_TYPE) === -1 ? DEFAULT_PARSER_MEDIA_TYPE : cfg.PARSER_MEDIA_TYPE; - // HTML tags and attributes are not case-sensitive, converting to lowercase. Keeping XHTML as is. transformCaseFunc = PARSER_MEDIA_TYPE === 'application/xhtml+xml' ? stringToString : stringToLowerCase; - /* Set configuration parameters */ ALLOWED_TAGS = objectHasOwnProperty(cfg, 'ALLOWED_TAGS') ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc) : DEFAULT_ALLOWED_TAGS; ALLOWED_ATTR = objectHasOwnProperty(cfg, 'ALLOWED_ATTR') ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc) : DEFAULT_ALLOWED_ATTR; ALLOWED_NAMESPACES = objectHasOwnProperty(cfg, 'ALLOWED_NAMESPACES') ? addToSet({}, cfg.ALLOWED_NAMESPACES, stringToString) : DEFAULT_ALLOWED_NAMESPACES; - URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR') ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), - // eslint-disable-line indent - cfg.ADD_URI_SAFE_ATTR, - // eslint-disable-line indent - transformCaseFunc // eslint-disable-line indent - ) // eslint-disable-line indent - : DEFAULT_URI_SAFE_ATTRIBUTES; - DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS') ? addToSet(clone(DEFAULT_DATA_URI_TAGS), - // eslint-disable-line indent - cfg.ADD_DATA_URI_TAGS, - // eslint-disable-line indent - transformCaseFunc // eslint-disable-line indent - ) // eslint-disable-line indent - : DEFAULT_DATA_URI_TAGS; + URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR') ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), cfg.ADD_URI_SAFE_ATTR, transformCaseFunc) : DEFAULT_URI_SAFE_ATTRIBUTES; + DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS') ? addToSet(clone(DEFAULT_DATA_URI_TAGS), cfg.ADD_DATA_URI_TAGS, transformCaseFunc) : DEFAULT_DATA_URI_TAGS; FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS') ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc) : DEFAULT_FORBID_CONTENTS; FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS') ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) : {}; FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR') ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) : {}; @@ -630,7 +559,6 @@ function createDOMPurify() { if (RETURN_DOM_FRAGMENT) { RETURN_DOM = true; } - /* Parse profile info */ if (USE_PROFILES) { ALLOWED_TAGS = addToSet({}, text); @@ -655,7 +583,6 @@ function createDOMPurify() { addToSet(ALLOWED_ATTR, xml); } } - /* Merge configuration parameters */ if (cfg.ADD_TAGS) { if (ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) { @@ -678,17 +605,14 @@ function createDOMPurify() { } addToSet(FORBID_CONTENTS, cfg.FORBID_CONTENTS, transformCaseFunc); } - /* Add #text in case KEEP_CONTENT is set to true */ if (KEEP_CONTENT) { ALLOWED_TAGS['#text'] = true; } - /* Add html, head and body to ALLOWED_TAGS in case WHOLE_DOCUMENT is true */ if (WHOLE_DOCUMENT) { addToSet(ALLOWED_TAGS, ['html', 'head', 'body']); } - /* Add tbody to ALLOWED_TAGS in case tables are permitted, see #286, #365 */ if (ALLOWED_TAGS.table) { addToSet(ALLOWED_TAGS, ['tbody']); @@ -701,10 +625,8 @@ function createDOMPurify() { if (typeof cfg.TRUSTED_TYPES_POLICY.createScriptURL !== 'function') { throw typeErrorCreate('TRUSTED_TYPES_POLICY configuration option must provide a "createScriptURL" hook.'); } - // Overwrite existing TrustedTypes policy. trustedTypesPolicy = cfg.TRUSTED_TYPES_POLICY; - // Sign local variables required by `sanitize`. emptyHTML = trustedTypesPolicy.createHTML(''); } else { @@ -712,13 +634,11 @@ function createDOMPurify() { if (trustedTypesPolicy === undefined) { trustedTypesPolicy = _createTrustedTypesPolicy(trustedTypes, currentScript); } - // If creating the internal policy succeeded sign internal variables. if (trustedTypesPolicy !== null && typeof emptyHTML === 'string') { emptyHTML = trustedTypesPolicy.createHTML(''); } } - // Prevent further manipulation of configuration. // Not available in IE8, Safari 5, etc. if (freeze) { @@ -726,13 +646,11 @@ function createDOMPurify() { } CONFIG = cfg; }; - /* Keep track of all possible SVG and MathML tags * so that we can perform the namespace checks * correctly. */ const ALL_SVG_TAGS = addToSet({}, [...svg$1, ...svgFilters, ...svgDisallowed]); const ALL_MATHML_TAGS = addToSet({}, [...mathMl$1, ...mathMlDisallowed]); - /** * @param {Element} element a DOM element whose namespace is being checked * @returns {boolean} Return false if the element has a @@ -741,7 +659,6 @@ function createDOMPurify() { */ const _checkValidNamespace = function _checkValidNamespace(element) { let parent = getParentNode(element); - // In JSDOM, if we're inside shadow DOM, then parentNode // can be null. We just simulate parent in this case. if (!parent || !parent.tagName) { @@ -762,14 +679,12 @@ function createDOMPurify() { if (parent.namespaceURI === HTML_NAMESPACE) { return tagName === 'svg'; } - // The only way to switch from MathML to SVG is via` // svg if parent is either or MathML // text integration points. if (parent.namespaceURI === MATHML_NAMESPACE) { return tagName === 'svg' && (parentTagName === 'annotation-xml' || MATHML_TEXT_INTEGRATION_POINTS[parentTagName]); } - // We only allow elements that are defined in SVG // spec. All others are disallowed in SVG namespace. return Boolean(ALL_SVG_TAGS[tagName]); @@ -781,13 +696,11 @@ function createDOMPurify() { if (parent.namespaceURI === HTML_NAMESPACE) { return tagName === 'math'; } - // The only way to switch from SVG to MathML is via // and HTML integration points if (parent.namespaceURI === SVG_NAMESPACE) { return tagName === 'math' && HTML_INTEGRATION_POINTS[parentTagName]; } - // We only allow elements that are defined in MathML // spec. All others are disallowed in MathML namespace. return Boolean(ALL_MATHML_TAGS[tagName]); @@ -802,24 +715,20 @@ function createDOMPurify() { if (parent.namespaceURI === MATHML_NAMESPACE && !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]) { return false; } - // We disallow tags that are specific for MathML // or SVG and should never appear in HTML namespace return !ALL_MATHML_TAGS[tagName] && (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName]); } - // For XHTML and XML documents that support custom namespaces if (PARSER_MEDIA_TYPE === 'application/xhtml+xml' && ALLOWED_NAMESPACES[element.namespaceURI]) { return true; } - // The code should never reach this place (this means // that the element somehow got namespace that is not // HTML, SVG, MathML or allowed via ALLOWED_NAMESPACES). // Return false just in case. return false; }; - /** * _forceRemove * @@ -836,7 +745,6 @@ function createDOMPurify() { remove(node); } }; - /** * _removeAttribute * @@ -856,7 +764,6 @@ function createDOMPurify() { }); } node.removeAttribute(name); - // We void attribute values for unremovable "is"" attributes if (name === 'is' && !ALLOWED_ATTR[name]) { if (RETURN_DOM || RETURN_DOM_FRAGMENT) { @@ -870,7 +777,6 @@ function createDOMPurify() { } } }; - /** * _initDocument * @@ -902,7 +808,6 @@ function createDOMPurify() { doc = new DOMParser().parseFromString(dirtyPayload, PARSER_MEDIA_TYPE); } catch (_) {} } - /* Use createHTMLDocument in case DOMParser is not available */ if (!doc || !doc.documentElement) { doc = implementation.createDocument(NAMESPACE, 'template', null); @@ -916,14 +821,12 @@ function createDOMPurify() { if (dirty && leadingWhitespace) { body.insertBefore(document.createTextNode(leadingWhitespace), body.childNodes[0] || null); } - /* Work on whole document or just its body */ if (NAMESPACE === HTML_NAMESPACE) { return getElementsByTagName.call(doc, WHOLE_DOCUMENT ? 'html' : 'body')[0]; } return WHOLE_DOCUMENT ? doc.documentElement : body; }; - /** * Creates a NodeIterator object that you can use to traverse filtered lists of nodes or elements in a document. * @@ -935,7 +838,6 @@ function createDOMPurify() { // eslint-disable-next-line no-bitwise NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT | NodeFilter.SHOW_PROCESSING_INSTRUCTION | NodeFilter.SHOW_CDATA_SECTION, null); }; - /** * _isClobbered * @@ -945,7 +847,6 @@ function createDOMPurify() { const _isClobbered = function _isClobbered(elm) { return elm instanceof HTMLFormElement && (typeof elm.nodeName !== 'string' || typeof elm.textContent !== 'string' || typeof elm.removeChild !== 'function' || !(elm.attributes instanceof NamedNodeMap) || typeof elm.removeAttribute !== 'function' || typeof elm.setAttribute !== 'function' || typeof elm.namespaceURI !== 'string' || typeof elm.insertBefore !== 'function' || typeof elm.hasChildNodes !== 'function'); }; - /** * Checks whether the given object is a DOM node. * @@ -955,24 +856,22 @@ function createDOMPurify() { const _isNode = function _isNode(object) { return typeof Node === 'function' && object instanceof Node; }; - /** * _executeHook * Execute user configurable hooks * - * @param {String} entryPoint Name of the hook's entry point - * @param {Node} currentNode node to work on with the hook + * @param entryPoint Name of the hook's entry point + * @param currentNode node to work on with the hook * @param {Object} data additional hook parameters */ - const _executeHook = function _executeHook(entryPoint, currentNode, data) { + function _executeHook(entryPoint, currentNode, data) { if (!hooks[entryPoint]) { return; } arrayForEach(hooks[entryPoint], hook => { hook.call(DOMPurify, currentNode, data, CONFIG); }); - }; - + } /** * _sanitizeElements * @@ -985,43 +884,35 @@ function createDOMPurify() { */ const _sanitizeElements = function _sanitizeElements(currentNode) { let content = null; - /* Execute a hook if present */ _executeHook('beforeSanitizeElements', currentNode, null); - /* Check if element is clobbered or can clobber */ if (_isClobbered(currentNode)) { _forceRemove(currentNode); return true; } - /* Now let's check the element's type and name */ const tagName = transformCaseFunc(currentNode.nodeName); - /* Execute a hook if present */ _executeHook('uponSanitizeElement', currentNode, { tagName, allowedTags: ALLOWED_TAGS }); - /* Detect mXSS attempts abusing namespace confusion */ if (currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w]/g, currentNode.innerHTML) && regExpTest(/<[/\w]/g, currentNode.textContent)) { _forceRemove(currentNode); return true; } - /* Remove any occurrence of processing instructions */ if (currentNode.nodeType === NODE_TYPE.progressingInstruction) { _forceRemove(currentNode); return true; } - /* Remove any kind of possibly harmful comments */ if (SAFE_FOR_XML && currentNode.nodeType === NODE_TYPE.comment && regExpTest(/<[/\w]/g, currentNode.data)) { _forceRemove(currentNode); return true; } - /* Remove element if anything forbids its presence */ if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) { /* Check if we have a custom element to handle */ @@ -1033,7 +924,6 @@ function createDOMPurify() { return false; } } - /* Keep content except for bad-listed elements */ if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) { const parentNode = getParentNode(currentNode) || currentNode.parentNode; @@ -1050,19 +940,16 @@ function createDOMPurify() { _forceRemove(currentNode); return true; } - /* Check whether element has a valid namespace */ if (currentNode instanceof Element && !_checkValidNamespace(currentNode)) { _forceRemove(currentNode); return true; } - /* Make sure that older browsers don't get fallback-tag mXSS */ if ((tagName === 'noscript' || tagName === 'noembed' || tagName === 'noframes') && regExpTest(/<\/no(script|embed|frames)/i, currentNode.innerHTML)) { _forceRemove(currentNode); return true; } - /* Sanitize element content to be template-safe */ if (SAFE_FOR_TEMPLATES && currentNode.nodeType === NODE_TYPE.text) { /* Get the element's text content */ @@ -1077,12 +964,10 @@ function createDOMPurify() { currentNode.textContent = content; } } - /* Execute a hook if present */ _executeHook('afterSanitizeElements', currentNode, null); return false; }; - /** * _isValidAttribute * @@ -1097,7 +982,6 @@ function createDOMPurify() { if (SANITIZE_DOM && (lcName === 'id' || lcName === 'name') && (value in document || value in formElement)) { return false; } - /* Allow valid data-* attributes: At least one character after "-" (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes) XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804) @@ -1119,7 +1003,6 @@ function createDOMPurify() { } else ; return true; }; - /** * _isBasicCustomElement * checks if at least one dash is included in tagName, and it's not the first char @@ -1131,7 +1014,6 @@ function createDOMPurify() { const _isBasicCustomElement = function _isBasicCustomElement(tagName) { return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT); }; - /** * _sanitizeAttributes * @@ -1148,7 +1030,6 @@ function createDOMPurify() { const { attributes } = currentNode; - /* Check if we have attributes; if not we might have a text node */ if (!attributes) { return; @@ -1157,10 +1038,10 @@ function createDOMPurify() { attrName: '', attrValue: '', keepAttr: true, - allowedAttributes: ALLOWED_ATTR + allowedAttributes: ALLOWED_ATTR, + forceKeepAttr: undefined }; let l = attributes.length; - /* Go backwards over all attributes; safely remove bad ones */ while (l--) { const attr = attributes[l]; @@ -1171,7 +1052,6 @@ function createDOMPurify() { } = attr; const lcName = transformCaseFunc(name); let value = name === 'value' ? attrValue : stringTrim(attrValue); - /* Execute a hook if present */ hookEvent.attrName = lcName; hookEvent.attrValue = value; @@ -1179,56 +1059,46 @@ function createDOMPurify() { hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set _executeHook('uponSanitizeAttribute', currentNode, hookEvent); value = hookEvent.attrValue; - /* Full DOM Clobbering protection via namespace isolation, * Prefix id and name attributes with `user-content-` */ if (SANITIZE_NAMED_PROPS && (lcName === 'id' || lcName === 'name')) { // Remove the attribute with this value _removeAttribute(name, currentNode); - // Prefix the value and later re-create the attribute with the sanitized value value = SANITIZE_NAMED_PROPS_PREFIX + value; } - /* Work around a security issue with comments inside attributes */ if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title)/i, value)) { _removeAttribute(name, currentNode); continue; } - /* Did the hooks approve of the attribute? */ if (hookEvent.forceKeepAttr) { continue; } - /* Remove attribute */ _removeAttribute(name, currentNode); - /* Did the hooks approve of the attribute? */ if (!hookEvent.keepAttr) { continue; } - /* Work around a security issue in jQuery 3.0 */ if (!ALLOW_SELF_CLOSE_IN_ATTR && regExpTest(/\/>/i, value)) { _removeAttribute(name, currentNode); continue; } - /* Sanitize attribute content to be template-safe */ if (SAFE_FOR_TEMPLATES) { arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], expr => { value = stringReplace(value, expr, ' '); }); } - /* Is `value` valid for this attribute? */ const lcTag = transformCaseFunc(currentNode.nodeName); if (!_isValidAttribute(lcTag, lcName, value)) { continue; } - /* Handle attributes that require Trusted Types */ if (trustedTypesPolicy && typeof trustedTypes === 'object' && typeof trustedTypes.getAttributeType === 'function') { if (namespaceURI) ; else { @@ -1246,7 +1116,6 @@ function createDOMPurify() { } } } - /* Handle invalid data-* attribute set by try-catching it */ try { if (namespaceURI) { @@ -1262,11 +1131,9 @@ function createDOMPurify() { } } catch (_) {} } - /* Execute a hook if present */ _executeHook('afterSanitizeAttributes', currentNode, null); }; - /** * _sanitizeShadowDOM * @@ -1275,38 +1142,25 @@ function createDOMPurify() { const _sanitizeShadowDOM = function _sanitizeShadowDOM(fragment) { let shadowNode = null; const shadowIterator = _createNodeIterator(fragment); - /* Execute a hook if present */ _executeHook('beforeSanitizeShadowDOM', fragment, null); while (shadowNode = shadowIterator.nextNode()) { /* Execute a hook if present */ _executeHook('uponSanitizeShadowNode', shadowNode, null); - /* Sanitize tags and elements */ if (_sanitizeElements(shadowNode)) { continue; } - /* Deep shadow DOM detected */ if (shadowNode.content instanceof DocumentFragment) { _sanitizeShadowDOM(shadowNode.content); } - /* Check attributes, sanitize if necessary */ _sanitizeAttributes(shadowNode); } - /* Execute a hook if present */ _executeHook('afterSanitizeShadowDOM', fragment, null); }; - - /** - * Sanitize - * Public method providing core sanitation functionality - * - * @param {String|Node} dirty string or DOM node - * @param {Object} cfg object - */ // eslint-disable-next-line complexity DOMPurify.sanitize = function (dirty) { let cfg = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {}; @@ -1321,7 +1175,6 @@ function createDOMPurify() { if (IS_EMPTY_INPUT) { dirty = ''; } - /* Stringify, in case dirty is an object */ if (typeof dirty !== 'string' && !_isNode(dirty)) { if (typeof dirty.toString === 'function') { @@ -1333,20 +1186,16 @@ function createDOMPurify() { throw typeErrorCreate('toString is not a function'); } } - /* Return dirty HTML if DOMPurify cannot run */ if (!DOMPurify.isSupported) { return dirty; } - /* Assign config vars */ if (!SET_CONFIG) { _parseConfig(cfg); } - /* Clean up removed elements */ DOMPurify.removed = []; - /* Check if dirty is correctly typed for IN_PLACE */ if (typeof dirty === 'string') { IN_PLACE = false; @@ -1380,45 +1229,36 @@ function createDOMPurify() { dirty.indexOf('<') === -1) { return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(dirty) : dirty; } - /* Initialize the document to work on */ body = _initDocument(dirty); - /* Check we have a DOM node from the data */ if (!body) { return RETURN_DOM ? null : RETURN_TRUSTED_TYPE ? emptyHTML : ''; } } - /* Remove first element node (ours) if FORCE_BODY is set */ if (body && FORCE_BODY) { _forceRemove(body.firstChild); } - /* Get node iterator */ const nodeIterator = _createNodeIterator(IN_PLACE ? dirty : body); - /* Now start iterating over the created document */ while (currentNode = nodeIterator.nextNode()) { /* Sanitize tags and elements */ if (_sanitizeElements(currentNode)) { continue; } - /* Shadow DOM detected, sanitize it */ if (currentNode.content instanceof DocumentFragment) { _sanitizeShadowDOM(currentNode.content); } - /* Check attributes, sanitize if necessary */ _sanitizeAttributes(currentNode); } - /* If we sanitized `dirty` in-place, return it. */ if (IN_PLACE) { return dirty; } - /* Return sanitized string or DOM */ if (RETURN_DOM) { if (RETURN_DOM_FRAGMENT) { @@ -1443,12 +1283,10 @@ function createDOMPurify() { return returnNode; } let serializedHTML = WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML; - /* Serialize doctype if allowed */ if (WHOLE_DOCUMENT && ALLOWED_TAGS['!doctype'] && body.ownerDocument && body.ownerDocument.doctype && body.ownerDocument.doctype.name && regExpTest(DOCTYPE_NAME, body.ownerDocument.doctype.name)) { serializedHTML = '\n' + serializedHTML; } - /* Sanitize final string template-safe */ if (SAFE_FOR_TEMPLATES) { arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], expr => { @@ -1457,39 +1295,15 @@ function createDOMPurify() { } return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(serializedHTML) : serializedHTML; }; - - /** - * Public method to set the configuration once - * setConfig - * - * @param {Object} cfg configuration object - */ DOMPurify.setConfig = function () { let cfg = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {}; _parseConfig(cfg); SET_CONFIG = true; }; - - /** - * Public method to remove the configuration - * clearConfig - * - */ DOMPurify.clearConfig = function () { CONFIG = null; SET_CONFIG = false; }; - - /** - * Public method to check if an attribute value is valid. - * Uses last set config, if any. Otherwise, uses config defaults. - * isValidAttribute - * - * @param {String} tag Tag name of containing element. - * @param {String} attr Attribute name. - * @param {String} value Attribute value. - * @return {Boolean} Returns true if `value` is valid. Otherwise, returns false. - */ DOMPurify.isValidAttribute = function (tag, attr, value) { /* Initialize shared config vars if necessary. */ if (!CONFIG) { @@ -1499,14 +1313,6 @@ function createDOMPurify() { const lcName = transformCaseFunc(attr); return _isValidAttribute(lcTag, lcName, value); }; - - /** - * AddHook - * Public method to add DOMPurify hooks - * - * @param {String} entryPoint entry point for the hook to add - * @param {Function} hookFunction function to execute - */ DOMPurify.addHook = function (entryPoint, hookFunction) { if (typeof hookFunction !== 'function') { return; @@ -1514,37 +1320,16 @@ function createDOMPurify() { hooks[entryPoint] = hooks[entryPoint] || []; arrayPush(hooks[entryPoint], hookFunction); }; - - /** - * RemoveHook - * Public method to remove a DOMPurify hook at a given entryPoint - * (pops it from the stack of hooks if more are present) - * - * @param {String} entryPoint entry point for the hook to remove - * @return {Function} removed(popped) hook - */ DOMPurify.removeHook = function (entryPoint) { if (hooks[entryPoint]) { return arrayPop(hooks[entryPoint]); } }; - - /** - * RemoveHooks - * Public method to remove all DOMPurify hooks at a given entryPoint - * - * @param {String} entryPoint entry point for the hooks to remove - */ DOMPurify.removeHooks = function (entryPoint) { if (hooks[entryPoint]) { hooks[entryPoint] = []; } }; - - /** - * RemoveAllHooks - * Public method to remove all DOMPurify hooks - */ DOMPurify.removeAllHooks = function () { hooks = {}; }; diff --git a/dist/purify.es.mjs.map b/dist/purify.es.mjs.map index 751113228..475a9f4b6 100644 --- a/dist/purify.es.mjs.map +++ b/dist/purify.es.mjs.map @@ -1 +1 @@ -{"version":3,"file":"purify.es.mjs","sources":["../src/utils.js","../src/tags.js","../src/attrs.js","../src/regexp.js","../src/purify.js"],"sourcesContent":["const {\n entries,\n setPrototypeOf,\n isFrozen,\n getPrototypeOf,\n getOwnPropertyDescriptor,\n} = Object;\n\nlet { freeze, seal, create } = Object; // eslint-disable-line import/no-mutable-exports\nlet { apply, construct } = typeof Reflect !== 'undefined' && Reflect;\n\nif (!freeze) {\n freeze = function (x) {\n return x;\n };\n}\n\nif (!seal) {\n seal = function (x) {\n return x;\n };\n}\n\nif (!apply) {\n apply = function (fun, thisValue, args) {\n return fun.apply(thisValue, args);\n };\n}\n\nif (!construct) {\n construct = function (Func, args) {\n return new Func(...args);\n };\n}\n\nconst arrayForEach = unapply(Array.prototype.forEach);\nconst arrayIndexOf = unapply(Array.prototype.indexOf);\nconst arrayPop = unapply(Array.prototype.pop);\nconst arrayPush = unapply(Array.prototype.push);\nconst arraySlice = unapply(Array.prototype.slice);\n\nconst stringToLowerCase = unapply(String.prototype.toLowerCase);\nconst stringToString = unapply(String.prototype.toString);\nconst stringMatch = unapply(String.prototype.match);\nconst stringReplace = unapply(String.prototype.replace);\nconst stringIndexOf = unapply(String.prototype.indexOf);\nconst stringTrim = unapply(String.prototype.trim);\n\nconst objectHasOwnProperty = unapply(Object.prototype.hasOwnProperty);\n\nconst regExpTest = unapply(RegExp.prototype.test);\n\nconst typeErrorCreate = unconstruct(TypeError);\n\n/**\n * Creates a new function that calls the given function with a specified thisArg and arguments.\n *\n * @param {Function} func - The function to be wrapped and called.\n * @returns {Function} A new function that calls the given function with a specified thisArg and arguments.\n */\nfunction unapply(func) {\n return (thisArg, ...args) => apply(func, thisArg, args);\n}\n\n/**\n * Creates a new function that constructs an instance of the given constructor function with the provided arguments.\n *\n * @param {Function} func - The constructor function to be wrapped and called.\n * @returns {Function} A new function that constructs an instance of the given constructor function with the provided arguments.\n */\nfunction unconstruct(func) {\n return (...args) => construct(func, args);\n}\n\n/**\n * Add properties to a lookup table\n *\n * @param {Object} set - The set to which elements will be added.\n * @param {Array} array - The array containing elements to be added to the set.\n * @param {Function} transformCaseFunc - An optional function to transform the case of each element before adding to the set.\n * @returns {Object} The modified set with added elements.\n */\nfunction addToSet(set, array, transformCaseFunc = stringToLowerCase) {\n if (setPrototypeOf) {\n // Make 'in' and truthy checks like Boolean(set.constructor)\n // independent of any properties defined on Object.prototype.\n // Prevent prototype setters from intercepting set as a this value.\n setPrototypeOf(set, null);\n }\n\n let l = array.length;\n while (l--) {\n let element = array[l];\n if (typeof element === 'string') {\n const lcElement = transformCaseFunc(element);\n if (lcElement !== element) {\n // Config presets (e.g. tags.js, attrs.js) are immutable.\n if (!isFrozen(array)) {\n array[l] = lcElement;\n }\n\n element = lcElement;\n }\n }\n\n set[element] = true;\n }\n\n return set;\n}\n\n/**\n * Clean up an array to harden against CSPP\n *\n * @param {Array} array - The array to be cleaned.\n * @returns {Array} The cleaned version of the array\n */\nfunction cleanArray(array) {\n for (let index = 0; index < array.length; index++) {\n const isPropertyExist = objectHasOwnProperty(array, index);\n\n if (!isPropertyExist) {\n array[index] = null;\n }\n }\n\n return array;\n}\n\n/**\n * Shallow clone an object\n *\n * @param {Object} object - The object to be cloned.\n * @returns {Object} A new object that copies the original.\n */\nfunction clone(object) {\n const newObject = create(null);\n\n for (const [property, value] of entries(object)) {\n const isPropertyExist = objectHasOwnProperty(object, property);\n\n if (isPropertyExist) {\n if (Array.isArray(value)) {\n newObject[property] = cleanArray(value);\n } else if (\n value &&\n typeof value === 'object' &&\n value.constructor === Object\n ) {\n newObject[property] = clone(value);\n } else {\n newObject[property] = value;\n }\n }\n }\n\n return newObject;\n}\n\n/**\n * This method automatically checks if the prop is function or getter and behaves accordingly.\n *\n * @param {Object} object - The object to look up the getter function in its prototype chain.\n * @param {String} prop - The property name for which to find the getter function.\n * @returns {Function} The getter function found in the prototype chain or a fallback function.\n */\nfunction lookupGetter(object, prop) {\n while (object !== null) {\n const desc = getOwnPropertyDescriptor(object, prop);\n\n if (desc) {\n if (desc.get) {\n return unapply(desc.get);\n }\n\n if (typeof desc.value === 'function') {\n return unapply(desc.value);\n }\n }\n\n object = getPrototypeOf(object);\n }\n\n function fallbackValue() {\n return null;\n }\n\n return fallbackValue;\n}\n\nexport {\n // Array\n arrayForEach,\n arrayIndexOf,\n arrayPop,\n arrayPush,\n arraySlice,\n // Object\n entries,\n freeze,\n getPrototypeOf,\n getOwnPropertyDescriptor,\n isFrozen,\n setPrototypeOf,\n seal,\n clone,\n create,\n objectHasOwnProperty,\n // RegExp\n regExpTest,\n // String\n stringIndexOf,\n stringMatch,\n stringReplace,\n stringToLowerCase,\n stringToString,\n stringTrim,\n // Errors\n typeErrorCreate,\n // Other\n lookupGetter,\n addToSet,\n // Reflect\n unapply,\n unconstruct,\n};\n","import { freeze } from './utils.js';\n\nexport const html = freeze([\n 'a',\n 'abbr',\n 'acronym',\n 'address',\n 'area',\n 'article',\n 'aside',\n 'audio',\n 'b',\n 'bdi',\n 'bdo',\n 'big',\n 'blink',\n 'blockquote',\n 'body',\n 'br',\n 'button',\n 'canvas',\n 'caption',\n 'center',\n 'cite',\n 'code',\n 'col',\n 'colgroup',\n 'content',\n 'data',\n 'datalist',\n 'dd',\n 'decorator',\n 'del',\n 'details',\n 'dfn',\n 'dialog',\n 'dir',\n 'div',\n 'dl',\n 'dt',\n 'element',\n 'em',\n 'fieldset',\n 'figcaption',\n 'figure',\n 'font',\n 'footer',\n 'form',\n 'h1',\n 'h2',\n 'h3',\n 'h4',\n 'h5',\n 'h6',\n 'head',\n 'header',\n 'hgroup',\n 'hr',\n 'html',\n 'i',\n 'img',\n 'input',\n 'ins',\n 'kbd',\n 'label',\n 'legend',\n 'li',\n 'main',\n 'map',\n 'mark',\n 'marquee',\n 'menu',\n 'menuitem',\n 'meter',\n 'nav',\n 'nobr',\n 'ol',\n 'optgroup',\n 'option',\n 'output',\n 'p',\n 'picture',\n 'pre',\n 'progress',\n 'q',\n 'rp',\n 'rt',\n 'ruby',\n 's',\n 'samp',\n 'section',\n 'select',\n 'shadow',\n 'small',\n 'source',\n 'spacer',\n 'span',\n 'strike',\n 'strong',\n 'style',\n 'sub',\n 'summary',\n 'sup',\n 'table',\n 'tbody',\n 'td',\n 'template',\n 'textarea',\n 'tfoot',\n 'th',\n 'thead',\n 'time',\n 'tr',\n 'track',\n 'tt',\n 'u',\n 'ul',\n 'var',\n 'video',\n 'wbr',\n]);\n\n// SVG\nexport const svg = freeze([\n 'svg',\n 'a',\n 'altglyph',\n 'altglyphdef',\n 'altglyphitem',\n 'animatecolor',\n 'animatemotion',\n 'animatetransform',\n 'circle',\n 'clippath',\n 'defs',\n 'desc',\n 'ellipse',\n 'filter',\n 'font',\n 'g',\n 'glyph',\n 'glyphref',\n 'hkern',\n 'image',\n 'line',\n 'lineargradient',\n 'marker',\n 'mask',\n 'metadata',\n 'mpath',\n 'path',\n 'pattern',\n 'polygon',\n 'polyline',\n 'radialgradient',\n 'rect',\n 'stop',\n 'style',\n 'switch',\n 'symbol',\n 'text',\n 'textpath',\n 'title',\n 'tref',\n 'tspan',\n 'view',\n 'vkern',\n]);\n\nexport const svgFilters = freeze([\n 'feBlend',\n 'feColorMatrix',\n 'feComponentTransfer',\n 'feComposite',\n 'feConvolveMatrix',\n 'feDiffuseLighting',\n 'feDisplacementMap',\n 'feDistantLight',\n 'feDropShadow',\n 'feFlood',\n 'feFuncA',\n 'feFuncB',\n 'feFuncG',\n 'feFuncR',\n 'feGaussianBlur',\n 'feImage',\n 'feMerge',\n 'feMergeNode',\n 'feMorphology',\n 'feOffset',\n 'fePointLight',\n 'feSpecularLighting',\n 'feSpotLight',\n 'feTile',\n 'feTurbulence',\n]);\n\n// List of SVG elements that are disallowed by default.\n// We still need to know them so that we can do namespace\n// checks properly in case one wants to add them to\n// allow-list.\nexport const svgDisallowed = freeze([\n 'animate',\n 'color-profile',\n 'cursor',\n 'discard',\n 'font-face',\n 'font-face-format',\n 'font-face-name',\n 'font-face-src',\n 'font-face-uri',\n 'foreignobject',\n 'hatch',\n 'hatchpath',\n 'mesh',\n 'meshgradient',\n 'meshpatch',\n 'meshrow',\n 'missing-glyph',\n 'script',\n 'set',\n 'solidcolor',\n 'unknown',\n 'use',\n]);\n\nexport const mathMl = freeze([\n 'math',\n 'menclose',\n 'merror',\n 'mfenced',\n 'mfrac',\n 'mglyph',\n 'mi',\n 'mlabeledtr',\n 'mmultiscripts',\n 'mn',\n 'mo',\n 'mover',\n 'mpadded',\n 'mphantom',\n 'mroot',\n 'mrow',\n 'ms',\n 'mspace',\n 'msqrt',\n 'mstyle',\n 'msub',\n 'msup',\n 'msubsup',\n 'mtable',\n 'mtd',\n 'mtext',\n 'mtr',\n 'munder',\n 'munderover',\n 'mprescripts',\n]);\n\n// Similarly to SVG, we want to know all MathML elements,\n// even those that we disallow by default.\nexport const mathMlDisallowed = freeze([\n 'maction',\n 'maligngroup',\n 'malignmark',\n 'mlongdiv',\n 'mscarries',\n 'mscarry',\n 'msgroup',\n 'mstack',\n 'msline',\n 'msrow',\n 'semantics',\n 'annotation',\n 'annotation-xml',\n 'mprescripts',\n 'none',\n]);\n\nexport const text = freeze(['#text']);\n","import { freeze } from './utils.js';\n\nexport const html = freeze([\n 'accept',\n 'action',\n 'align',\n 'alt',\n 'autocapitalize',\n 'autocomplete',\n 'autopictureinpicture',\n 'autoplay',\n 'background',\n 'bgcolor',\n 'border',\n 'capture',\n 'cellpadding',\n 'cellspacing',\n 'checked',\n 'cite',\n 'class',\n 'clear',\n 'color',\n 'cols',\n 'colspan',\n 'controls',\n 'controlslist',\n 'coords',\n 'crossorigin',\n 'datetime',\n 'decoding',\n 'default',\n 'dir',\n 'disabled',\n 'disablepictureinpicture',\n 'disableremoteplayback',\n 'download',\n 'draggable',\n 'enctype',\n 'enterkeyhint',\n 'face',\n 'for',\n 'headers',\n 'height',\n 'hidden',\n 'high',\n 'href',\n 'hreflang',\n 'id',\n 'inputmode',\n 'integrity',\n 'ismap',\n 'kind',\n 'label',\n 'lang',\n 'list',\n 'loading',\n 'loop',\n 'low',\n 'max',\n 'maxlength',\n 'media',\n 'method',\n 'min',\n 'minlength',\n 'multiple',\n 'muted',\n 'name',\n 'nonce',\n 'noshade',\n 'novalidate',\n 'nowrap',\n 'open',\n 'optimum',\n 'pattern',\n 'placeholder',\n 'playsinline',\n 'popover',\n 'popovertarget',\n 'popovertargetaction',\n 'poster',\n 'preload',\n 'pubdate',\n 'radiogroup',\n 'readonly',\n 'rel',\n 'required',\n 'rev',\n 'reversed',\n 'role',\n 'rows',\n 'rowspan',\n 'spellcheck',\n 'scope',\n 'selected',\n 'shape',\n 'size',\n 'sizes',\n 'span',\n 'srclang',\n 'start',\n 'src',\n 'srcset',\n 'step',\n 'style',\n 'summary',\n 'tabindex',\n 'title',\n 'translate',\n 'type',\n 'usemap',\n 'valign',\n 'value',\n 'width',\n 'wrap',\n 'xmlns',\n 'slot',\n]);\n\nexport const svg = freeze([\n 'accent-height',\n 'accumulate',\n 'additive',\n 'alignment-baseline',\n 'amplitude',\n 'ascent',\n 'attributename',\n 'attributetype',\n 'azimuth',\n 'basefrequency',\n 'baseline-shift',\n 'begin',\n 'bias',\n 'by',\n 'class',\n 'clip',\n 'clippathunits',\n 'clip-path',\n 'clip-rule',\n 'color',\n 'color-interpolation',\n 'color-interpolation-filters',\n 'color-profile',\n 'color-rendering',\n 'cx',\n 'cy',\n 'd',\n 'dx',\n 'dy',\n 'diffuseconstant',\n 'direction',\n 'display',\n 'divisor',\n 'dur',\n 'edgemode',\n 'elevation',\n 'end',\n 'exponent',\n 'fill',\n 'fill-opacity',\n 'fill-rule',\n 'filter',\n 'filterunits',\n 'flood-color',\n 'flood-opacity',\n 'font-family',\n 'font-size',\n 'font-size-adjust',\n 'font-stretch',\n 'font-style',\n 'font-variant',\n 'font-weight',\n 'fx',\n 'fy',\n 'g1',\n 'g2',\n 'glyph-name',\n 'glyphref',\n 'gradientunits',\n 'gradienttransform',\n 'height',\n 'href',\n 'id',\n 'image-rendering',\n 'in',\n 'in2',\n 'intercept',\n 'k',\n 'k1',\n 'k2',\n 'k3',\n 'k4',\n 'kerning',\n 'keypoints',\n 'keysplines',\n 'keytimes',\n 'lang',\n 'lengthadjust',\n 'letter-spacing',\n 'kernelmatrix',\n 'kernelunitlength',\n 'lighting-color',\n 'local',\n 'marker-end',\n 'marker-mid',\n 'marker-start',\n 'markerheight',\n 'markerunits',\n 'markerwidth',\n 'maskcontentunits',\n 'maskunits',\n 'max',\n 'mask',\n 'media',\n 'method',\n 'mode',\n 'min',\n 'name',\n 'numoctaves',\n 'offset',\n 'operator',\n 'opacity',\n 'order',\n 'orient',\n 'orientation',\n 'origin',\n 'overflow',\n 'paint-order',\n 'path',\n 'pathlength',\n 'patterncontentunits',\n 'patterntransform',\n 'patternunits',\n 'points',\n 'preservealpha',\n 'preserveaspectratio',\n 'primitiveunits',\n 'r',\n 'rx',\n 'ry',\n 'radius',\n 'refx',\n 'refy',\n 'repeatcount',\n 'repeatdur',\n 'restart',\n 'result',\n 'rotate',\n 'scale',\n 'seed',\n 'shape-rendering',\n 'slope',\n 'specularconstant',\n 'specularexponent',\n 'spreadmethod',\n 'startoffset',\n 'stddeviation',\n 'stitchtiles',\n 'stop-color',\n 'stop-opacity',\n 'stroke-dasharray',\n 'stroke-dashoffset',\n 'stroke-linecap',\n 'stroke-linejoin',\n 'stroke-miterlimit',\n 'stroke-opacity',\n 'stroke',\n 'stroke-width',\n 'style',\n 'surfacescale',\n 'systemlanguage',\n 'tabindex',\n 'tablevalues',\n 'targetx',\n 'targety',\n 'transform',\n 'transform-origin',\n 'text-anchor',\n 'text-decoration',\n 'text-rendering',\n 'textlength',\n 'type',\n 'u1',\n 'u2',\n 'unicode',\n 'values',\n 'viewbox',\n 'visibility',\n 'version',\n 'vert-adv-y',\n 'vert-origin-x',\n 'vert-origin-y',\n 'width',\n 'word-spacing',\n 'wrap',\n 'writing-mode',\n 'xchannelselector',\n 'ychannelselector',\n 'x',\n 'x1',\n 'x2',\n 'xmlns',\n 'y',\n 'y1',\n 'y2',\n 'z',\n 'zoomandpan',\n]);\n\nexport const mathMl = freeze([\n 'accent',\n 'accentunder',\n 'align',\n 'bevelled',\n 'close',\n 'columnsalign',\n 'columnlines',\n 'columnspan',\n 'denomalign',\n 'depth',\n 'dir',\n 'display',\n 'displaystyle',\n 'encoding',\n 'fence',\n 'frame',\n 'height',\n 'href',\n 'id',\n 'largeop',\n 'length',\n 'linethickness',\n 'lspace',\n 'lquote',\n 'mathbackground',\n 'mathcolor',\n 'mathsize',\n 'mathvariant',\n 'maxsize',\n 'minsize',\n 'movablelimits',\n 'notation',\n 'numalign',\n 'open',\n 'rowalign',\n 'rowlines',\n 'rowspacing',\n 'rowspan',\n 'rspace',\n 'rquote',\n 'scriptlevel',\n 'scriptminsize',\n 'scriptsizemultiplier',\n 'selection',\n 'separator',\n 'separators',\n 'stretchy',\n 'subscriptshift',\n 'supscriptshift',\n 'symmetric',\n 'voffset',\n 'width',\n 'xmlns',\n]);\n\nexport const xml = freeze([\n 'xlink:href',\n 'xml:id',\n 'xlink:title',\n 'xml:space',\n 'xmlns:xlink',\n]);\n","import { seal } from './utils.js';\n\n// eslint-disable-next-line unicorn/better-regex\nexport const MUSTACHE_EXPR = seal(/\\{\\{[\\w\\W]*|[\\w\\W]*\\}\\}/gm); // Specify template detection regex for SAFE_FOR_TEMPLATES mode\nexport const ERB_EXPR = seal(/<%[\\w\\W]*|[\\w\\W]*%>/gm);\nexport const TMPLIT_EXPR = seal(/\\${[\\w\\W]*}/gm);\nexport const DATA_ATTR = seal(/^data-[\\-\\w.\\u00B7-\\uFFFF]/); // eslint-disable-line no-useless-escape\nexport const ARIA_ATTR = seal(/^aria-[\\-\\w]+$/); // eslint-disable-line no-useless-escape\nexport const IS_ALLOWED_URI = seal(\n /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\\-]+(?:[^a-z+.\\-:]|$))/i // eslint-disable-line no-useless-escape\n);\nexport const IS_SCRIPT_OR_DATA = seal(/^(?:\\w+script|data):/i);\nexport const ATTR_WHITESPACE = seal(\n /[\\u0000-\\u0020\\u00A0\\u1680\\u180E\\u2000-\\u2029\\u205F\\u3000]/g // eslint-disable-line no-control-regex\n);\nexport const DOCTYPE_NAME = seal(/^html$/i);\nexport const CUSTOM_ELEMENT = seal(/^[a-z][.\\w]*(-[.\\w]+)+$/i);\n","import * as TAGS from './tags.js';\nimport * as ATTRS from './attrs.js';\nimport * as EXPRESSIONS from './regexp.js';\nimport {\n addToSet,\n clone,\n entries,\n freeze,\n arrayForEach,\n arrayPop,\n arrayPush,\n stringMatch,\n stringReplace,\n stringToLowerCase,\n stringToString,\n stringIndexOf,\n stringTrim,\n regExpTest,\n typeErrorCreate,\n lookupGetter,\n create,\n objectHasOwnProperty,\n} from './utils.js';\n\n// https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType\nconst NODE_TYPE = {\n element: 1,\n attribute: 2,\n text: 3,\n cdataSection: 4,\n entityReference: 5, // Deprecated\n entityNode: 6, // Deprecated\n progressingInstruction: 7,\n comment: 8,\n document: 9,\n documentType: 10,\n documentFragment: 11,\n notation: 12, // Deprecated\n};\n\nconst getGlobal = function () {\n return typeof window === 'undefined' ? null : window;\n};\n\n/**\n * Creates a no-op policy for internal use only.\n * Don't export this function outside this module!\n * @param {TrustedTypePolicyFactory} trustedTypes The policy factory.\n * @param {HTMLScriptElement} purifyHostElement The Script element used to load DOMPurify (to determine policy name suffix).\n * @return {TrustedTypePolicy} The policy created (or null, if Trusted Types\n * are not supported or creating the policy failed).\n */\nconst _createTrustedTypesPolicy = function (trustedTypes, purifyHostElement) {\n if (\n typeof trustedTypes !== 'object' ||\n typeof trustedTypes.createPolicy !== 'function'\n ) {\n return null;\n }\n\n // Allow the callers to control the unique policy name\n // by adding a data-tt-policy-suffix to the script element with the DOMPurify.\n // Policy creation with duplicate names throws in Trusted Types.\n let suffix = null;\n const ATTR_NAME = 'data-tt-policy-suffix';\n if (purifyHostElement && purifyHostElement.hasAttribute(ATTR_NAME)) {\n suffix = purifyHostElement.getAttribute(ATTR_NAME);\n }\n\n const policyName = 'dompurify' + (suffix ? '#' + suffix : '');\n\n try {\n return trustedTypes.createPolicy(policyName, {\n createHTML(html) {\n return html;\n },\n createScriptURL(scriptUrl) {\n return scriptUrl;\n },\n });\n } catch (_) {\n // Policy creation failed (most likely another DOMPurify script has\n // already run). Skip creating the policy, as this will only cause errors\n // if TT are enforced.\n console.warn(\n 'TrustedTypes policy ' + policyName + ' could not be created.'\n );\n return null;\n }\n};\n\nfunction createDOMPurify(window = getGlobal()) {\n const DOMPurify = (root) => createDOMPurify(root);\n\n /**\n * Version label, exposed for easier checks\n * if DOMPurify is up to date or not\n */\n DOMPurify.version = VERSION;\n\n /**\n * Array of elements that DOMPurify removed during sanitation.\n * Empty if nothing was removed.\n */\n DOMPurify.removed = [];\n\n if (\n !window ||\n !window.document ||\n window.document.nodeType !== NODE_TYPE.document\n ) {\n // Not running in a browser, provide a factory function\n // so that you can pass your own Window\n DOMPurify.isSupported = false;\n\n return DOMPurify;\n }\n\n let { document } = window;\n\n const originalDocument = document;\n const currentScript = originalDocument.currentScript;\n const {\n DocumentFragment,\n HTMLTemplateElement,\n Node,\n Element,\n NodeFilter,\n NamedNodeMap = window.NamedNodeMap || window.MozNamedAttrMap,\n HTMLFormElement,\n DOMParser,\n trustedTypes,\n } = window;\n\n const ElementPrototype = Element.prototype;\n\n const cloneNode = lookupGetter(ElementPrototype, 'cloneNode');\n const remove = lookupGetter(ElementPrototype, 'remove');\n const getNextSibling = lookupGetter(ElementPrototype, 'nextSibling');\n const getChildNodes = lookupGetter(ElementPrototype, 'childNodes');\n const getParentNode = lookupGetter(ElementPrototype, 'parentNode');\n\n // As per issue #47, the web-components registry is inherited by a\n // new document created via createHTMLDocument. As per the spec\n // (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)\n // a new empty registry is used when creating a template contents owner\n // document, so we use that as our parent document to ensure nothing\n // is inherited.\n if (typeof HTMLTemplateElement === 'function') {\n const template = document.createElement('template');\n if (template.content && template.content.ownerDocument) {\n document = template.content.ownerDocument;\n }\n }\n\n let trustedTypesPolicy;\n let emptyHTML = '';\n\n const {\n implementation,\n createNodeIterator,\n createDocumentFragment,\n getElementsByTagName,\n } = document;\n const { importNode } = originalDocument;\n\n let hooks = {};\n\n /**\n * Expose whether this browser supports running the full DOMPurify.\n */\n DOMPurify.isSupported =\n typeof entries === 'function' &&\n typeof getParentNode === 'function' &&\n implementation &&\n implementation.createHTMLDocument !== undefined;\n\n const {\n MUSTACHE_EXPR,\n ERB_EXPR,\n TMPLIT_EXPR,\n DATA_ATTR,\n ARIA_ATTR,\n IS_SCRIPT_OR_DATA,\n ATTR_WHITESPACE,\n CUSTOM_ELEMENT,\n } = EXPRESSIONS;\n\n let { IS_ALLOWED_URI } = EXPRESSIONS;\n\n /**\n * We consider the elements and attributes below to be safe. Ideally\n * don't add any new ones but feel free to remove unwanted ones.\n */\n\n /* allowed element names */\n let ALLOWED_TAGS = null;\n const DEFAULT_ALLOWED_TAGS = addToSet({}, [\n ...TAGS.html,\n ...TAGS.svg,\n ...TAGS.svgFilters,\n ...TAGS.mathMl,\n ...TAGS.text,\n ]);\n\n /* Allowed attribute names */\n let ALLOWED_ATTR = null;\n const DEFAULT_ALLOWED_ATTR = addToSet({}, [\n ...ATTRS.html,\n ...ATTRS.svg,\n ...ATTRS.mathMl,\n ...ATTRS.xml,\n ]);\n\n /*\n * Configure how DOMPUrify should handle custom elements and their attributes as well as customized built-in elements.\n * @property {RegExp|Function|null} tagNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any custom elements)\n * @property {RegExp|Function|null} attributeNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any attributes not on the allow list)\n * @property {boolean} allowCustomizedBuiltInElements allow custom elements derived from built-ins if they pass CUSTOM_ELEMENT_HANDLING.tagNameCheck. Default: `false`.\n */\n let CUSTOM_ELEMENT_HANDLING = Object.seal(\n create(null, {\n tagNameCheck: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: null,\n },\n attributeNameCheck: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: null,\n },\n allowCustomizedBuiltInElements: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: false,\n },\n })\n );\n\n /* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */\n let FORBID_TAGS = null;\n\n /* Explicitly forbidden attributes (overrides ALLOWED_ATTR/ADD_ATTR) */\n let FORBID_ATTR = null;\n\n /* Decide if ARIA attributes are okay */\n let ALLOW_ARIA_ATTR = true;\n\n /* Decide if custom data attributes are okay */\n let ALLOW_DATA_ATTR = true;\n\n /* Decide if unknown protocols are okay */\n let ALLOW_UNKNOWN_PROTOCOLS = false;\n\n /* Decide if self-closing tags in attributes are allowed.\n * Usually removed due to a mXSS issue in jQuery 3.0 */\n let ALLOW_SELF_CLOSE_IN_ATTR = true;\n\n /* Output should be safe for common template engines.\n * This means, DOMPurify removes data attributes, mustaches and ERB\n */\n let SAFE_FOR_TEMPLATES = false;\n\n /* Output should be safe even for XML used within HTML and alike.\n * This means, DOMPurify removes comments when containing risky content.\n */\n let SAFE_FOR_XML = true;\n\n /* Decide if document with ... should be returned */\n let WHOLE_DOCUMENT = false;\n\n /* Track whether config is already set on this instance of DOMPurify. */\n let SET_CONFIG = false;\n\n /* Decide if all elements (e.g. style, script) must be children of\n * document.body. By default, browsers might move them to document.head */\n let FORCE_BODY = false;\n\n /* Decide if a DOM `HTMLBodyElement` should be returned, instead of a html\n * string (or a TrustedHTML object if Trusted Types are supported).\n * If `WHOLE_DOCUMENT` is enabled a `HTMLHtmlElement` will be returned instead\n */\n let RETURN_DOM = false;\n\n /* Decide if a DOM `DocumentFragment` should be returned, instead of a html\n * string (or a TrustedHTML object if Trusted Types are supported) */\n let RETURN_DOM_FRAGMENT = false;\n\n /* Try to return a Trusted Type object instead of a string, return a string in\n * case Trusted Types are not supported */\n let RETURN_TRUSTED_TYPE = false;\n\n /* Output should be free from DOM clobbering attacks?\n * This sanitizes markups named with colliding, clobberable built-in DOM APIs.\n */\n let SANITIZE_DOM = true;\n\n /* Achieve full DOM Clobbering protection by isolating the namespace of named\n * properties and JS variables, mitigating attacks that abuse the HTML/DOM spec rules.\n *\n * HTML/DOM spec rules that enable DOM Clobbering:\n * - Named Access on Window (§7.3.3)\n * - DOM Tree Accessors (§3.1.5)\n * - Form Element Parent-Child Relations (§4.10.3)\n * - Iframe srcdoc / Nested WindowProxies (§4.8.5)\n * - HTMLCollection (§4.2.10.2)\n *\n * Namespace isolation is implemented by prefixing `id` and `name` attributes\n * with a constant string, i.e., `user-content-`\n */\n let SANITIZE_NAMED_PROPS = false;\n const SANITIZE_NAMED_PROPS_PREFIX = 'user-content-';\n\n /* Keep element content when removing element? */\n let KEEP_CONTENT = true;\n\n /* If a `Node` is passed to sanitize(), then performs sanitization in-place instead\n * of importing it into a new Document and returning a sanitized copy */\n let IN_PLACE = false;\n\n /* Allow usage of profiles like html, svg and mathMl */\n let USE_PROFILES = {};\n\n /* Tags to ignore content of when KEEP_CONTENT is true */\n let FORBID_CONTENTS = null;\n const DEFAULT_FORBID_CONTENTS = addToSet({}, [\n 'annotation-xml',\n 'audio',\n 'colgroup',\n 'desc',\n 'foreignobject',\n 'head',\n 'iframe',\n 'math',\n 'mi',\n 'mn',\n 'mo',\n 'ms',\n 'mtext',\n 'noembed',\n 'noframes',\n 'noscript',\n 'plaintext',\n 'script',\n 'style',\n 'svg',\n 'template',\n 'thead',\n 'title',\n 'video',\n 'xmp',\n ]);\n\n /* Tags that are safe for data: URIs */\n let DATA_URI_TAGS = null;\n const DEFAULT_DATA_URI_TAGS = addToSet({}, [\n 'audio',\n 'video',\n 'img',\n 'source',\n 'image',\n 'track',\n ]);\n\n /* Attributes safe for values like \"javascript:\" */\n let URI_SAFE_ATTRIBUTES = null;\n const DEFAULT_URI_SAFE_ATTRIBUTES = addToSet({}, [\n 'alt',\n 'class',\n 'for',\n 'id',\n 'label',\n 'name',\n 'pattern',\n 'placeholder',\n 'role',\n 'summary',\n 'title',\n 'value',\n 'style',\n 'xmlns',\n ]);\n\n const MATHML_NAMESPACE = 'http://www.w3.org/1998/Math/MathML';\n const SVG_NAMESPACE = 'http://www.w3.org/2000/svg';\n const HTML_NAMESPACE = 'http://www.w3.org/1999/xhtml';\n /* Document namespace */\n let NAMESPACE = HTML_NAMESPACE;\n let IS_EMPTY_INPUT = false;\n\n /* Allowed XHTML+XML namespaces */\n let ALLOWED_NAMESPACES = null;\n const DEFAULT_ALLOWED_NAMESPACES = addToSet(\n {},\n [MATHML_NAMESPACE, SVG_NAMESPACE, HTML_NAMESPACE],\n stringToString\n );\n\n let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, [\n 'mi',\n 'mo',\n 'mn',\n 'ms',\n 'mtext',\n ]);\n\n let HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']);\n\n // Certain elements are allowed in both SVG and HTML\n // namespace. We need to specify them explicitly\n // so that they don't get erroneously deleted from\n // HTML namespace.\n const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, [\n 'title',\n 'style',\n 'font',\n 'a',\n 'script',\n ]);\n\n /* Parsing of strict XHTML documents */\n let PARSER_MEDIA_TYPE = null;\n const SUPPORTED_PARSER_MEDIA_TYPES = ['application/xhtml+xml', 'text/html'];\n const DEFAULT_PARSER_MEDIA_TYPE = 'text/html';\n let transformCaseFunc = null;\n\n /* Keep a reference to config to pass to hooks */\n let CONFIG = null;\n\n /* Ideally, do not touch anything below this line */\n /* ______________________________________________ */\n\n const formElement = document.createElement('form');\n\n const isRegexOrFunction = function (testValue) {\n return testValue instanceof RegExp || testValue instanceof Function;\n };\n\n /**\n * _parseConfig\n *\n * @param {Object} cfg optional config literal\n */\n // eslint-disable-next-line complexity\n const _parseConfig = function (cfg = {}) {\n if (CONFIG && CONFIG === cfg) {\n return;\n }\n\n /* Shield configuration object from tampering */\n if (!cfg || typeof cfg !== 'object') {\n cfg = {};\n }\n\n /* Shield configuration object from prototype pollution */\n cfg = clone(cfg);\n\n PARSER_MEDIA_TYPE =\n // eslint-disable-next-line unicorn/prefer-includes\n SUPPORTED_PARSER_MEDIA_TYPES.indexOf(cfg.PARSER_MEDIA_TYPE) === -1\n ? DEFAULT_PARSER_MEDIA_TYPE\n : cfg.PARSER_MEDIA_TYPE;\n\n // HTML tags and attributes are not case-sensitive, converting to lowercase. Keeping XHTML as is.\n transformCaseFunc =\n PARSER_MEDIA_TYPE === 'application/xhtml+xml'\n ? stringToString\n : stringToLowerCase;\n\n /* Set configuration parameters */\n ALLOWED_TAGS = objectHasOwnProperty(cfg, 'ALLOWED_TAGS')\n ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc)\n : DEFAULT_ALLOWED_TAGS;\n ALLOWED_ATTR = objectHasOwnProperty(cfg, 'ALLOWED_ATTR')\n ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc)\n : DEFAULT_ALLOWED_ATTR;\n ALLOWED_NAMESPACES = objectHasOwnProperty(cfg, 'ALLOWED_NAMESPACES')\n ? addToSet({}, cfg.ALLOWED_NAMESPACES, stringToString)\n : DEFAULT_ALLOWED_NAMESPACES;\n URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR')\n ? addToSet(\n clone(DEFAULT_URI_SAFE_ATTRIBUTES), // eslint-disable-line indent\n cfg.ADD_URI_SAFE_ATTR, // eslint-disable-line indent\n transformCaseFunc // eslint-disable-line indent\n ) // eslint-disable-line indent\n : DEFAULT_URI_SAFE_ATTRIBUTES;\n DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS')\n ? addToSet(\n clone(DEFAULT_DATA_URI_TAGS), // eslint-disable-line indent\n cfg.ADD_DATA_URI_TAGS, // eslint-disable-line indent\n transformCaseFunc // eslint-disable-line indent\n ) // eslint-disable-line indent\n : DEFAULT_DATA_URI_TAGS;\n FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS')\n ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc)\n : DEFAULT_FORBID_CONTENTS;\n FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS')\n ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc)\n : {};\n FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR')\n ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc)\n : {};\n USE_PROFILES = objectHasOwnProperty(cfg, 'USE_PROFILES')\n ? cfg.USE_PROFILES\n : false;\n ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true\n ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true\n ALLOW_UNKNOWN_PROTOCOLS = cfg.ALLOW_UNKNOWN_PROTOCOLS || false; // Default false\n ALLOW_SELF_CLOSE_IN_ATTR = cfg.ALLOW_SELF_CLOSE_IN_ATTR !== false; // Default true\n SAFE_FOR_TEMPLATES = cfg.SAFE_FOR_TEMPLATES || false; // Default false\n SAFE_FOR_XML = cfg.SAFE_FOR_XML !== false; // Default true\n WHOLE_DOCUMENT = cfg.WHOLE_DOCUMENT || false; // Default false\n RETURN_DOM = cfg.RETURN_DOM || false; // Default false\n RETURN_DOM_FRAGMENT = cfg.RETURN_DOM_FRAGMENT || false; // Default false\n RETURN_TRUSTED_TYPE = cfg.RETURN_TRUSTED_TYPE || false; // Default false\n FORCE_BODY = cfg.FORCE_BODY || false; // Default false\n SANITIZE_DOM = cfg.SANITIZE_DOM !== false; // Default true\n SANITIZE_NAMED_PROPS = cfg.SANITIZE_NAMED_PROPS || false; // Default false\n KEEP_CONTENT = cfg.KEEP_CONTENT !== false; // Default true\n IN_PLACE = cfg.IN_PLACE || false; // Default false\n IS_ALLOWED_URI = cfg.ALLOWED_URI_REGEXP || EXPRESSIONS.IS_ALLOWED_URI;\n NAMESPACE = cfg.NAMESPACE || HTML_NAMESPACE;\n MATHML_TEXT_INTEGRATION_POINTS =\n cfg.MATHML_TEXT_INTEGRATION_POINTS || MATHML_TEXT_INTEGRATION_POINTS;\n HTML_INTEGRATION_POINTS =\n cfg.HTML_INTEGRATION_POINTS || HTML_INTEGRATION_POINTS;\n\n CUSTOM_ELEMENT_HANDLING = cfg.CUSTOM_ELEMENT_HANDLING || {};\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck)\n ) {\n CUSTOM_ELEMENT_HANDLING.tagNameCheck =\n cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck;\n }\n\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)\n ) {\n CUSTOM_ELEMENT_HANDLING.attributeNameCheck =\n cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck;\n }\n\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n typeof cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements ===\n 'boolean'\n ) {\n CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements =\n cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements;\n }\n\n if (SAFE_FOR_TEMPLATES) {\n ALLOW_DATA_ATTR = false;\n }\n\n if (RETURN_DOM_FRAGMENT) {\n RETURN_DOM = true;\n }\n\n /* Parse profile info */\n if (USE_PROFILES) {\n ALLOWED_TAGS = addToSet({}, TAGS.text);\n ALLOWED_ATTR = [];\n if (USE_PROFILES.html === true) {\n addToSet(ALLOWED_TAGS, TAGS.html);\n addToSet(ALLOWED_ATTR, ATTRS.html);\n }\n\n if (USE_PROFILES.svg === true) {\n addToSet(ALLOWED_TAGS, TAGS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n\n if (USE_PROFILES.svgFilters === true) {\n addToSet(ALLOWED_TAGS, TAGS.svgFilters);\n addToSet(ALLOWED_ATTR, ATTRS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n\n if (USE_PROFILES.mathMl === true) {\n addToSet(ALLOWED_TAGS, TAGS.mathMl);\n addToSet(ALLOWED_ATTR, ATTRS.mathMl);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n }\n\n /* Merge configuration parameters */\n if (cfg.ADD_TAGS) {\n if (ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) {\n ALLOWED_TAGS = clone(ALLOWED_TAGS);\n }\n\n addToSet(ALLOWED_TAGS, cfg.ADD_TAGS, transformCaseFunc);\n }\n\n if (cfg.ADD_ATTR) {\n if (ALLOWED_ATTR === DEFAULT_ALLOWED_ATTR) {\n ALLOWED_ATTR = clone(ALLOWED_ATTR);\n }\n\n addToSet(ALLOWED_ATTR, cfg.ADD_ATTR, transformCaseFunc);\n }\n\n if (cfg.ADD_URI_SAFE_ATTR) {\n addToSet(URI_SAFE_ATTRIBUTES, cfg.ADD_URI_SAFE_ATTR, transformCaseFunc);\n }\n\n if (cfg.FORBID_CONTENTS) {\n if (FORBID_CONTENTS === DEFAULT_FORBID_CONTENTS) {\n FORBID_CONTENTS = clone(FORBID_CONTENTS);\n }\n\n addToSet(FORBID_CONTENTS, cfg.FORBID_CONTENTS, transformCaseFunc);\n }\n\n /* Add #text in case KEEP_CONTENT is set to true */\n if (KEEP_CONTENT) {\n ALLOWED_TAGS['#text'] = true;\n }\n\n /* Add html, head and body to ALLOWED_TAGS in case WHOLE_DOCUMENT is true */\n if (WHOLE_DOCUMENT) {\n addToSet(ALLOWED_TAGS, ['html', 'head', 'body']);\n }\n\n /* Add tbody to ALLOWED_TAGS in case tables are permitted, see #286, #365 */\n if (ALLOWED_TAGS.table) {\n addToSet(ALLOWED_TAGS, ['tbody']);\n delete FORBID_TAGS.tbody;\n }\n\n if (cfg.TRUSTED_TYPES_POLICY) {\n if (typeof cfg.TRUSTED_TYPES_POLICY.createHTML !== 'function') {\n throw typeErrorCreate(\n 'TRUSTED_TYPES_POLICY configuration option must provide a \"createHTML\" hook.'\n );\n }\n\n if (typeof cfg.TRUSTED_TYPES_POLICY.createScriptURL !== 'function') {\n throw typeErrorCreate(\n 'TRUSTED_TYPES_POLICY configuration option must provide a \"createScriptURL\" hook.'\n );\n }\n\n // Overwrite existing TrustedTypes policy.\n trustedTypesPolicy = cfg.TRUSTED_TYPES_POLICY;\n\n // Sign local variables required by `sanitize`.\n emptyHTML = trustedTypesPolicy.createHTML('');\n } else {\n // Uninitialized policy, attempt to initialize the internal dompurify policy.\n if (trustedTypesPolicy === undefined) {\n trustedTypesPolicy = _createTrustedTypesPolicy(\n trustedTypes,\n currentScript\n );\n }\n\n // If creating the internal policy succeeded sign internal variables.\n if (trustedTypesPolicy !== null && typeof emptyHTML === 'string') {\n emptyHTML = trustedTypesPolicy.createHTML('');\n }\n }\n\n // Prevent further manipulation of configuration.\n // Not available in IE8, Safari 5, etc.\n if (freeze) {\n freeze(cfg);\n }\n\n CONFIG = cfg;\n };\n\n /* Keep track of all possible SVG and MathML tags\n * so that we can perform the namespace checks\n * correctly. */\n const ALL_SVG_TAGS = addToSet({}, [\n ...TAGS.svg,\n ...TAGS.svgFilters,\n ...TAGS.svgDisallowed,\n ]);\n const ALL_MATHML_TAGS = addToSet({}, [\n ...TAGS.mathMl,\n ...TAGS.mathMlDisallowed,\n ]);\n\n /**\n * @param {Element} element a DOM element whose namespace is being checked\n * @returns {boolean} Return false if the element has a\n * namespace that a spec-compliant parser would never\n * return. Return true otherwise.\n */\n const _checkValidNamespace = function (element) {\n let parent = getParentNode(element);\n\n // In JSDOM, if we're inside shadow DOM, then parentNode\n // can be null. We just simulate parent in this case.\n if (!parent || !parent.tagName) {\n parent = {\n namespaceURI: NAMESPACE,\n tagName: 'template',\n };\n }\n\n const tagName = stringToLowerCase(element.tagName);\n const parentTagName = stringToLowerCase(parent.tagName);\n\n if (!ALLOWED_NAMESPACES[element.namespaceURI]) {\n return false;\n }\n\n if (element.namespaceURI === SVG_NAMESPACE) {\n // The only way to switch from HTML namespace to SVG\n // is via . If it happens via any other tag, then\n // it should be killed.\n if (parent.namespaceURI === HTML_NAMESPACE) {\n return tagName === 'svg';\n }\n\n // The only way to switch from MathML to SVG is via`\n // svg if parent is either or MathML\n // text integration points.\n if (parent.namespaceURI === MATHML_NAMESPACE) {\n return (\n tagName === 'svg' &&\n (parentTagName === 'annotation-xml' ||\n MATHML_TEXT_INTEGRATION_POINTS[parentTagName])\n );\n }\n\n // We only allow elements that are defined in SVG\n // spec. All others are disallowed in SVG namespace.\n return Boolean(ALL_SVG_TAGS[tagName]);\n }\n\n if (element.namespaceURI === MATHML_NAMESPACE) {\n // The only way to switch from HTML namespace to MathML\n // is via . If it happens via any other tag, then\n // it should be killed.\n if (parent.namespaceURI === HTML_NAMESPACE) {\n return tagName === 'math';\n }\n\n // The only way to switch from SVG to MathML is via\n // and HTML integration points\n if (parent.namespaceURI === SVG_NAMESPACE) {\n return tagName === 'math' && HTML_INTEGRATION_POINTS[parentTagName];\n }\n\n // We only allow elements that are defined in MathML\n // spec. All others are disallowed in MathML namespace.\n return Boolean(ALL_MATHML_TAGS[tagName]);\n }\n\n if (element.namespaceURI === HTML_NAMESPACE) {\n // The only way to switch from SVG to HTML is via\n // HTML integration points, and from MathML to HTML\n // is via MathML text integration points\n if (\n parent.namespaceURI === SVG_NAMESPACE &&\n !HTML_INTEGRATION_POINTS[parentTagName]\n ) {\n return false;\n }\n\n if (\n parent.namespaceURI === MATHML_NAMESPACE &&\n !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]\n ) {\n return false;\n }\n\n // We disallow tags that are specific for MathML\n // or SVG and should never appear in HTML namespace\n return (\n !ALL_MATHML_TAGS[tagName] &&\n (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName])\n );\n }\n\n // For XHTML and XML documents that support custom namespaces\n if (\n PARSER_MEDIA_TYPE === 'application/xhtml+xml' &&\n ALLOWED_NAMESPACES[element.namespaceURI]\n ) {\n return true;\n }\n\n // The code should never reach this place (this means\n // that the element somehow got namespace that is not\n // HTML, SVG, MathML or allowed via ALLOWED_NAMESPACES).\n // Return false just in case.\n return false;\n };\n\n /**\n * _forceRemove\n *\n * @param {Node} node a DOM node\n */\n const _forceRemove = function (node) {\n arrayPush(DOMPurify.removed, { element: node });\n\n try {\n // eslint-disable-next-line unicorn/prefer-dom-node-remove\n getParentNode(node).removeChild(node);\n } catch (_) {\n remove(node);\n }\n };\n\n /**\n * _removeAttribute\n *\n * @param {String} name an Attribute name\n * @param {Node} node a DOM node\n */\n const _removeAttribute = function (name, node) {\n try {\n arrayPush(DOMPurify.removed, {\n attribute: node.getAttributeNode(name),\n from: node,\n });\n } catch (_) {\n arrayPush(DOMPurify.removed, {\n attribute: null,\n from: node,\n });\n }\n\n node.removeAttribute(name);\n\n // We void attribute values for unremovable \"is\"\" attributes\n if (name === 'is' && !ALLOWED_ATTR[name]) {\n if (RETURN_DOM || RETURN_DOM_FRAGMENT) {\n try {\n _forceRemove(node);\n } catch (_) {}\n } else {\n try {\n node.setAttribute(name, '');\n } catch (_) {}\n }\n }\n };\n\n /**\n * _initDocument\n *\n * @param {String} dirty a string of dirty markup\n * @return {Document} a DOM, filled with the dirty markup\n */\n const _initDocument = function (dirty) {\n /* Create a HTML document */\n let doc = null;\n let leadingWhitespace = null;\n\n if (FORCE_BODY) {\n dirty = '' + dirty;\n } else {\n /* If FORCE_BODY isn't used, leading whitespace needs to be preserved manually */\n const matches = stringMatch(dirty, /^[\\r\\n\\t ]+/);\n leadingWhitespace = matches && matches[0];\n }\n\n if (\n PARSER_MEDIA_TYPE === 'application/xhtml+xml' &&\n NAMESPACE === HTML_NAMESPACE\n ) {\n // Root of XHTML doc must contain xmlns declaration (see https://www.w3.org/TR/xhtml1/normative.html#strict)\n dirty =\n '' +\n dirty +\n '';\n }\n\n const dirtyPayload = trustedTypesPolicy\n ? trustedTypesPolicy.createHTML(dirty)\n : dirty;\n /*\n * Use the DOMParser API by default, fallback later if needs be\n * DOMParser not work for svg when has multiple root element.\n */\n if (NAMESPACE === HTML_NAMESPACE) {\n try {\n doc = new DOMParser().parseFromString(dirtyPayload, PARSER_MEDIA_TYPE);\n } catch (_) {}\n }\n\n /* Use createHTMLDocument in case DOMParser is not available */\n if (!doc || !doc.documentElement) {\n doc = implementation.createDocument(NAMESPACE, 'template', null);\n try {\n doc.documentElement.innerHTML = IS_EMPTY_INPUT\n ? emptyHTML\n : dirtyPayload;\n } catch (_) {\n // Syntax error if dirtyPayload is invalid xml\n }\n }\n\n const body = doc.body || doc.documentElement;\n\n if (dirty && leadingWhitespace) {\n body.insertBefore(\n document.createTextNode(leadingWhitespace),\n body.childNodes[0] || null\n );\n }\n\n /* Work on whole document or just its body */\n if (NAMESPACE === HTML_NAMESPACE) {\n return getElementsByTagName.call(\n doc,\n WHOLE_DOCUMENT ? 'html' : 'body'\n )[0];\n }\n\n return WHOLE_DOCUMENT ? doc.documentElement : body;\n };\n\n /**\n * Creates a NodeIterator object that you can use to traverse filtered lists of nodes or elements in a document.\n *\n * @param {Node} root The root element or node to start traversing on.\n * @return {NodeIterator} The created NodeIterator\n */\n const _createNodeIterator = function (root) {\n return createNodeIterator.call(\n root.ownerDocument || root,\n root,\n // eslint-disable-next-line no-bitwise\n NodeFilter.SHOW_ELEMENT |\n NodeFilter.SHOW_COMMENT |\n NodeFilter.SHOW_TEXT |\n NodeFilter.SHOW_PROCESSING_INSTRUCTION |\n NodeFilter.SHOW_CDATA_SECTION,\n null\n );\n };\n\n /**\n * _isClobbered\n *\n * @param {Node} elm element to check for clobbering attacks\n * @return {Boolean} true if clobbered, false if safe\n */\n const _isClobbered = function (elm) {\n return (\n elm instanceof HTMLFormElement &&\n (typeof elm.nodeName !== 'string' ||\n typeof elm.textContent !== 'string' ||\n typeof elm.removeChild !== 'function' ||\n !(elm.attributes instanceof NamedNodeMap) ||\n typeof elm.removeAttribute !== 'function' ||\n typeof elm.setAttribute !== 'function' ||\n typeof elm.namespaceURI !== 'string' ||\n typeof elm.insertBefore !== 'function' ||\n typeof elm.hasChildNodes !== 'function')\n );\n };\n\n /**\n * Checks whether the given object is a DOM node.\n *\n * @param {Node} object object to check whether it's a DOM node\n * @return {Boolean} true is object is a DOM node\n */\n const _isNode = function (object) {\n return typeof Node === 'function' && object instanceof Node;\n };\n\n /**\n * _executeHook\n * Execute user configurable hooks\n *\n * @param {String} entryPoint Name of the hook's entry point\n * @param {Node} currentNode node to work on with the hook\n * @param {Object} data additional hook parameters\n */\n const _executeHook = function (entryPoint, currentNode, data) {\n if (!hooks[entryPoint]) {\n return;\n }\n\n arrayForEach(hooks[entryPoint], (hook) => {\n hook.call(DOMPurify, currentNode, data, CONFIG);\n });\n };\n\n /**\n * _sanitizeElements\n *\n * @protect nodeName\n * @protect textContent\n * @protect removeChild\n *\n * @param {Node} currentNode to check for permission to exist\n * @return {Boolean} true if node was killed, false if left alive\n */\n const _sanitizeElements = function (currentNode) {\n let content = null;\n\n /* Execute a hook if present */\n _executeHook('beforeSanitizeElements', currentNode, null);\n\n /* Check if element is clobbered or can clobber */\n if (_isClobbered(currentNode)) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Now let's check the element's type and name */\n const tagName = transformCaseFunc(currentNode.nodeName);\n\n /* Execute a hook if present */\n _executeHook('uponSanitizeElement', currentNode, {\n tagName,\n allowedTags: ALLOWED_TAGS,\n });\n\n /* Detect mXSS attempts abusing namespace confusion */\n if (\n currentNode.hasChildNodes() &&\n !_isNode(currentNode.firstElementChild) &&\n regExpTest(/<[/\\w]/g, currentNode.innerHTML) &&\n regExpTest(/<[/\\w]/g, currentNode.textContent)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Remove any occurrence of processing instructions */\n if (currentNode.nodeType === NODE_TYPE.progressingInstruction) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Remove any kind of possibly harmful comments */\n if (\n SAFE_FOR_XML &&\n currentNode.nodeType === NODE_TYPE.comment &&\n regExpTest(/<[/\\w]/g, currentNode.data)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Remove element if anything forbids its presence */\n if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {\n /* Check if we have a custom element to handle */\n if (!FORBID_TAGS[tagName] && _isBasicCustomElement(tagName)) {\n if (\n CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, tagName)\n ) {\n return false;\n }\n\n if (\n CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(tagName)\n ) {\n return false;\n }\n }\n\n /* Keep content except for bad-listed elements */\n if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) {\n const parentNode = getParentNode(currentNode) || currentNode.parentNode;\n const childNodes = getChildNodes(currentNode) || currentNode.childNodes;\n\n if (childNodes && parentNode) {\n const childCount = childNodes.length;\n\n for (let i = childCount - 1; i >= 0; --i) {\n const childClone = cloneNode(childNodes[i], true);\n childClone.__removalCount = (currentNode.__removalCount || 0) + 1;\n parentNode.insertBefore(childClone, getNextSibling(currentNode));\n }\n }\n }\n\n _forceRemove(currentNode);\n return true;\n }\n\n /* Check whether element has a valid namespace */\n if (currentNode instanceof Element && !_checkValidNamespace(currentNode)) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Make sure that older browsers don't get fallback-tag mXSS */\n if (\n (tagName === 'noscript' ||\n tagName === 'noembed' ||\n tagName === 'noframes') &&\n regExpTest(/<\\/no(script|embed|frames)/i, currentNode.innerHTML)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Sanitize element content to be template-safe */\n if (SAFE_FOR_TEMPLATES && currentNode.nodeType === NODE_TYPE.text) {\n /* Get the element's text content */\n content = currentNode.textContent;\n\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\n content = stringReplace(content, expr, ' ');\n });\n\n if (currentNode.textContent !== content) {\n arrayPush(DOMPurify.removed, { element: currentNode.cloneNode() });\n currentNode.textContent = content;\n }\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeElements', currentNode, null);\n\n return false;\n };\n\n /**\n * _isValidAttribute\n *\n * @param {string} lcTag Lowercase tag name of containing element.\n * @param {string} lcName Lowercase attribute name.\n * @param {string} value Attribute value.\n * @return {Boolean} Returns true if `value` is valid, otherwise false.\n */\n // eslint-disable-next-line complexity\n const _isValidAttribute = function (lcTag, lcName, value) {\n /* Make sure attribute cannot clobber */\n if (\n SANITIZE_DOM &&\n (lcName === 'id' || lcName === 'name') &&\n (value in document || value in formElement)\n ) {\n return false;\n }\n\n /* Allow valid data-* attributes: At least one character after \"-\"\n (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)\n XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804)\n We don't need to check the value; it's always URI safe. */\n if (\n ALLOW_DATA_ATTR &&\n !FORBID_ATTR[lcName] &&\n regExpTest(DATA_ATTR, lcName)\n ) {\n // This attribute is safe\n } else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR, lcName)) {\n // This attribute is safe\n /* Otherwise, check the name is permitted */\n } else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) {\n if (\n // First condition does a very basic check if a) it's basically a valid custom element tagname AND\n // b) if the tagName passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck\n // and c) if the attribute name passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.attributeNameCheck\n (_isBasicCustomElement(lcTag) &&\n ((CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, lcTag)) ||\n (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(lcTag))) &&\n ((CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.attributeNameCheck, lcName)) ||\n (CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.attributeNameCheck(lcName)))) ||\n // Alternative, second condition checks if it's an `is`-attribute, AND\n // the value passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck\n (lcName === 'is' &&\n CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements &&\n ((CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, value)) ||\n (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(value))))\n ) {\n // If user has supplied a regexp or function in CUSTOM_ELEMENT_HANDLING.tagNameCheck, we need to also allow derived custom elements using the same tagName test.\n // Additionally, we need to allow attributes passing the CUSTOM_ELEMENT_HANDLING.attributeNameCheck user has configured, as custom elements can define these at their own discretion.\n } else {\n return false;\n }\n /* Check value is safe. First, is attr inert? If so, is safe */\n } else if (URI_SAFE_ATTRIBUTES[lcName]) {\n // This attribute is safe\n /* Check no script, data or unknown possibly unsafe URI\n unless we know URI values are safe for that attribute */\n } else if (\n regExpTest(IS_ALLOWED_URI, stringReplace(value, ATTR_WHITESPACE, ''))\n ) {\n // This attribute is safe\n /* Keep image data URIs alive if src/xlink:href is allowed */\n /* Further prevent gadget XSS for dynamically built script tags */\n } else if (\n (lcName === 'src' || lcName === 'xlink:href' || lcName === 'href') &&\n lcTag !== 'script' &&\n stringIndexOf(value, 'data:') === 0 &&\n DATA_URI_TAGS[lcTag]\n ) {\n // This attribute is safe\n /* Allow unknown protocols: This provides support for links that\n are handled by protocol handlers which may be unknown ahead of\n time, e.g. fb:, spotify: */\n } else if (\n ALLOW_UNKNOWN_PROTOCOLS &&\n !regExpTest(IS_SCRIPT_OR_DATA, stringReplace(value, ATTR_WHITESPACE, ''))\n ) {\n // This attribute is safe\n /* Check for binary attributes */\n } else if (value) {\n return false;\n } else {\n // Binary attributes are safe at this point\n /* Anything else, presume unsafe, do not add it back */\n }\n\n return true;\n };\n\n /**\n * _isBasicCustomElement\n * checks if at least one dash is included in tagName, and it's not the first char\n * for more sophisticated checking see https://github.com/sindresorhus/validate-element-name\n *\n * @param {string} tagName name of the tag of the node to sanitize\n * @returns {boolean} Returns true if the tag name meets the basic criteria for a custom element, otherwise false.\n */\n const _isBasicCustomElement = function (tagName) {\n return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT);\n };\n\n /**\n * _sanitizeAttributes\n *\n * @protect attributes\n * @protect nodeName\n * @protect removeAttribute\n * @protect setAttribute\n *\n * @param {Node} currentNode to sanitize\n */\n const _sanitizeAttributes = function (currentNode) {\n /* Execute a hook if present */\n _executeHook('beforeSanitizeAttributes', currentNode, null);\n\n const { attributes } = currentNode;\n\n /* Check if we have attributes; if not we might have a text node */\n if (!attributes) {\n return;\n }\n\n const hookEvent = {\n attrName: '',\n attrValue: '',\n keepAttr: true,\n allowedAttributes: ALLOWED_ATTR,\n };\n let l = attributes.length;\n\n /* Go backwards over all attributes; safely remove bad ones */\n while (l--) {\n const attr = attributes[l];\n const { name, namespaceURI, value: attrValue } = attr;\n const lcName = transformCaseFunc(name);\n\n let value = name === 'value' ? attrValue : stringTrim(attrValue);\n\n /* Execute a hook if present */\n hookEvent.attrName = lcName;\n hookEvent.attrValue = value;\n hookEvent.keepAttr = true;\n hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set\n _executeHook('uponSanitizeAttribute', currentNode, hookEvent);\n value = hookEvent.attrValue;\n\n /* Full DOM Clobbering protection via namespace isolation,\n * Prefix id and name attributes with `user-content-`\n */\n if (SANITIZE_NAMED_PROPS && (lcName === 'id' || lcName === 'name')) {\n // Remove the attribute with this value\n _removeAttribute(name, currentNode);\n\n // Prefix the value and later re-create the attribute with the sanitized value\n value = SANITIZE_NAMED_PROPS_PREFIX + value;\n }\n\n /* Work around a security issue with comments inside attributes */\n if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\\/(style|title)/i, value)) {\n _removeAttribute(name, currentNode);\n continue;\n }\n\n /* Did the hooks approve of the attribute? */\n if (hookEvent.forceKeepAttr) {\n continue;\n }\n\n /* Remove attribute */\n _removeAttribute(name, currentNode);\n\n /* Did the hooks approve of the attribute? */\n if (!hookEvent.keepAttr) {\n continue;\n }\n\n /* Work around a security issue in jQuery 3.0 */\n if (!ALLOW_SELF_CLOSE_IN_ATTR && regExpTest(/\\/>/i, value)) {\n _removeAttribute(name, currentNode);\n continue;\n }\n\n /* Sanitize attribute content to be template-safe */\n if (SAFE_FOR_TEMPLATES) {\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\n value = stringReplace(value, expr, ' ');\n });\n }\n\n /* Is `value` valid for this attribute? */\n const lcTag = transformCaseFunc(currentNode.nodeName);\n if (!_isValidAttribute(lcTag, lcName, value)) {\n continue;\n }\n\n /* Handle attributes that require Trusted Types */\n if (\n trustedTypesPolicy &&\n typeof trustedTypes === 'object' &&\n typeof trustedTypes.getAttributeType === 'function'\n ) {\n if (namespaceURI) {\n /* Namespaces are not yet supported, see https://bugs.chromium.org/p/chromium/issues/detail?id=1305293 */\n } else {\n switch (trustedTypes.getAttributeType(lcTag, lcName)) {\n case 'TrustedHTML': {\n value = trustedTypesPolicy.createHTML(value);\n break;\n }\n\n case 'TrustedScriptURL': {\n value = trustedTypesPolicy.createScriptURL(value);\n break;\n }\n\n default: {\n break;\n }\n }\n }\n }\n\n /* Handle invalid data-* attribute set by try-catching it */\n try {\n if (namespaceURI) {\n currentNode.setAttributeNS(namespaceURI, name, value);\n } else {\n /* Fallback to setAttribute() for browser-unrecognized namespaces e.g. \"x-schema\". */\n currentNode.setAttribute(name, value);\n }\n\n if (_isClobbered(currentNode)) {\n _forceRemove(currentNode);\n } else {\n arrayPop(DOMPurify.removed);\n }\n } catch (_) {}\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeAttributes', currentNode, null);\n };\n\n /**\n * _sanitizeShadowDOM\n *\n * @param {DocumentFragment} fragment to iterate over recursively\n */\n const _sanitizeShadowDOM = function (fragment) {\n let shadowNode = null;\n const shadowIterator = _createNodeIterator(fragment);\n\n /* Execute a hook if present */\n _executeHook('beforeSanitizeShadowDOM', fragment, null);\n\n while ((shadowNode = shadowIterator.nextNode())) {\n /* Execute a hook if present */\n _executeHook('uponSanitizeShadowNode', shadowNode, null);\n\n /* Sanitize tags and elements */\n if (_sanitizeElements(shadowNode)) {\n continue;\n }\n\n /* Deep shadow DOM detected */\n if (shadowNode.content instanceof DocumentFragment) {\n _sanitizeShadowDOM(shadowNode.content);\n }\n\n /* Check attributes, sanitize if necessary */\n _sanitizeAttributes(shadowNode);\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeShadowDOM', fragment, null);\n };\n\n /**\n * Sanitize\n * Public method providing core sanitation functionality\n *\n * @param {String|Node} dirty string or DOM node\n * @param {Object} cfg object\n */\n // eslint-disable-next-line complexity\n DOMPurify.sanitize = function (dirty, cfg = {}) {\n let body = null;\n let importedNode = null;\n let currentNode = null;\n let returnNode = null;\n /* Make sure we have a string to sanitize.\n DO NOT return early, as this will return the wrong type if\n the user has requested a DOM object rather than a string */\n IS_EMPTY_INPUT = !dirty;\n if (IS_EMPTY_INPUT) {\n dirty = '';\n }\n\n /* Stringify, in case dirty is an object */\n if (typeof dirty !== 'string' && !_isNode(dirty)) {\n if (typeof dirty.toString === 'function') {\n dirty = dirty.toString();\n if (typeof dirty !== 'string') {\n throw typeErrorCreate('dirty is not a string, aborting');\n }\n } else {\n throw typeErrorCreate('toString is not a function');\n }\n }\n\n /* Return dirty HTML if DOMPurify cannot run */\n if (!DOMPurify.isSupported) {\n return dirty;\n }\n\n /* Assign config vars */\n if (!SET_CONFIG) {\n _parseConfig(cfg);\n }\n\n /* Clean up removed elements */\n DOMPurify.removed = [];\n\n /* Check if dirty is correctly typed for IN_PLACE */\n if (typeof dirty === 'string') {\n IN_PLACE = false;\n }\n\n if (IN_PLACE) {\n /* Do some early pre-sanitization to avoid unsafe root nodes */\n if (dirty.nodeName) {\n const tagName = transformCaseFunc(dirty.nodeName);\n if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {\n throw typeErrorCreate(\n 'root node is forbidden and cannot be sanitized in-place'\n );\n }\n }\n } else if (dirty instanceof Node) {\n /* If dirty is a DOM element, append to an empty document to avoid\n elements being stripped by the parser */\n body = _initDocument('');\n importedNode = body.ownerDocument.importNode(dirty, true);\n if (\n importedNode.nodeType === NODE_TYPE.element &&\n importedNode.nodeName === 'BODY'\n ) {\n /* Node is already a body, use as is */\n body = importedNode;\n } else if (importedNode.nodeName === 'HTML') {\n body = importedNode;\n } else {\n // eslint-disable-next-line unicorn/prefer-dom-node-append\n body.appendChild(importedNode);\n }\n } else {\n /* Exit directly if we have nothing to do */\n if (\n !RETURN_DOM &&\n !SAFE_FOR_TEMPLATES &&\n !WHOLE_DOCUMENT &&\n // eslint-disable-next-line unicorn/prefer-includes\n dirty.indexOf('<') === -1\n ) {\n return trustedTypesPolicy && RETURN_TRUSTED_TYPE\n ? trustedTypesPolicy.createHTML(dirty)\n : dirty;\n }\n\n /* Initialize the document to work on */\n body = _initDocument(dirty);\n\n /* Check we have a DOM node from the data */\n if (!body) {\n return RETURN_DOM ? null : RETURN_TRUSTED_TYPE ? emptyHTML : '';\n }\n }\n\n /* Remove first element node (ours) if FORCE_BODY is set */\n if (body && FORCE_BODY) {\n _forceRemove(body.firstChild);\n }\n\n /* Get node iterator */\n const nodeIterator = _createNodeIterator(IN_PLACE ? dirty : body);\n\n /* Now start iterating over the created document */\n while ((currentNode = nodeIterator.nextNode())) {\n /* Sanitize tags and elements */\n if (_sanitizeElements(currentNode)) {\n continue;\n }\n\n /* Shadow DOM detected, sanitize it */\n if (currentNode.content instanceof DocumentFragment) {\n _sanitizeShadowDOM(currentNode.content);\n }\n\n /* Check attributes, sanitize if necessary */\n _sanitizeAttributes(currentNode);\n }\n\n /* If we sanitized `dirty` in-place, return it. */\n if (IN_PLACE) {\n return dirty;\n }\n\n /* Return sanitized string or DOM */\n if (RETURN_DOM) {\n if (RETURN_DOM_FRAGMENT) {\n returnNode = createDocumentFragment.call(body.ownerDocument);\n\n while (body.firstChild) {\n // eslint-disable-next-line unicorn/prefer-dom-node-append\n returnNode.appendChild(body.firstChild);\n }\n } else {\n returnNode = body;\n }\n\n if (ALLOWED_ATTR.shadowroot || ALLOWED_ATTR.shadowrootmode) {\n /*\n AdoptNode() is not used because internal state is not reset\n (e.g. the past names map of a HTMLFormElement), this is safe\n in theory but we would rather not risk another attack vector.\n The state that is cloned by importNode() is explicitly defined\n by the specs.\n */\n returnNode = importNode.call(originalDocument, returnNode, true);\n }\n\n return returnNode;\n }\n\n let serializedHTML = WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML;\n\n /* Serialize doctype if allowed */\n if (\n WHOLE_DOCUMENT &&\n ALLOWED_TAGS['!doctype'] &&\n body.ownerDocument &&\n body.ownerDocument.doctype &&\n body.ownerDocument.doctype.name &&\n regExpTest(EXPRESSIONS.DOCTYPE_NAME, body.ownerDocument.doctype.name)\n ) {\n serializedHTML =\n '\\n' + serializedHTML;\n }\n\n /* Sanitize final string template-safe */\n if (SAFE_FOR_TEMPLATES) {\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\n serializedHTML = stringReplace(serializedHTML, expr, ' ');\n });\n }\n\n return trustedTypesPolicy && RETURN_TRUSTED_TYPE\n ? trustedTypesPolicy.createHTML(serializedHTML)\n : serializedHTML;\n };\n\n /**\n * Public method to set the configuration once\n * setConfig\n *\n * @param {Object} cfg configuration object\n */\n DOMPurify.setConfig = function (cfg = {}) {\n _parseConfig(cfg);\n SET_CONFIG = true;\n };\n\n /**\n * Public method to remove the configuration\n * clearConfig\n *\n */\n DOMPurify.clearConfig = function () {\n CONFIG = null;\n SET_CONFIG = false;\n };\n\n /**\n * Public method to check if an attribute value is valid.\n * Uses last set config, if any. Otherwise, uses config defaults.\n * isValidAttribute\n *\n * @param {String} tag Tag name of containing element.\n * @param {String} attr Attribute name.\n * @param {String} value Attribute value.\n * @return {Boolean} Returns true if `value` is valid. Otherwise, returns false.\n */\n DOMPurify.isValidAttribute = function (tag, attr, value) {\n /* Initialize shared config vars if necessary. */\n if (!CONFIG) {\n _parseConfig({});\n }\n\n const lcTag = transformCaseFunc(tag);\n const lcName = transformCaseFunc(attr);\n return _isValidAttribute(lcTag, lcName, value);\n };\n\n /**\n * AddHook\n * Public method to add DOMPurify hooks\n *\n * @param {String} entryPoint entry point for the hook to add\n * @param {Function} hookFunction function to execute\n */\n DOMPurify.addHook = function (entryPoint, hookFunction) {\n if (typeof hookFunction !== 'function') {\n return;\n }\n\n hooks[entryPoint] = hooks[entryPoint] || [];\n arrayPush(hooks[entryPoint], hookFunction);\n };\n\n /**\n * RemoveHook\n * Public method to remove a DOMPurify hook at a given entryPoint\n * (pops it from the stack of hooks if more are present)\n *\n * @param {String} entryPoint entry point for the hook to remove\n * @return {Function} removed(popped) hook\n */\n DOMPurify.removeHook = function (entryPoint) {\n if (hooks[entryPoint]) {\n return arrayPop(hooks[entryPoint]);\n }\n };\n\n /**\n * RemoveHooks\n * Public method to remove all DOMPurify hooks at a given entryPoint\n *\n * @param {String} entryPoint entry point for the hooks to remove\n */\n DOMPurify.removeHooks = function (entryPoint) {\n if (hooks[entryPoint]) {\n hooks[entryPoint] = [];\n }\n };\n\n /**\n * RemoveAllHooks\n * Public method to remove all DOMPurify hooks\n */\n DOMPurify.removeAllHooks = function () {\n hooks = {};\n };\n\n return DOMPurify;\n}\n\nexport default createDOMPurify();\n"],"names":["entries","setPrototypeOf","isFrozen","getPrototypeOf","getOwnPropertyDescriptor","Object","freeze","seal","create","apply","construct","Reflect","x","fun","thisValue","args","Func","arrayForEach","unapply","Array","prototype","forEach","arrayPop","pop","arrayPush","push","stringToLowerCase","String","toLowerCase","stringToString","toString","stringMatch","match","stringReplace","replace","stringIndexOf","indexOf","stringTrim","trim","objectHasOwnProperty","hasOwnProperty","regExpTest","RegExp","test","typeErrorCreate","unconstruct","TypeError","func","thisArg","_len","arguments","length","_key","_len2","_key2","addToSet","set","array","transformCaseFunc","undefined","l","element","lcElement","cleanArray","index","isPropertyExist","clone","object","newObject","property","value","isArray","constructor","lookupGetter","prop","desc","get","fallbackValue","html","svg","svgFilters","svgDisallowed","mathMl","mathMlDisallowed","text","xml","MUSTACHE_EXPR","ERB_EXPR","TMPLIT_EXPR","DATA_ATTR","ARIA_ATTR","IS_ALLOWED_URI","IS_SCRIPT_OR_DATA","ATTR_WHITESPACE","DOCTYPE_NAME","CUSTOM_ELEMENT","NODE_TYPE","attribute","cdataSection","entityReference","entityNode","progressingInstruction","comment","document","documentType","documentFragment","notation","getGlobal","window","_createTrustedTypesPolicy","trustedTypes","purifyHostElement","createPolicy","suffix","ATTR_NAME","hasAttribute","getAttribute","policyName","createHTML","createScriptURL","scriptUrl","_","console","warn","createDOMPurify","DOMPurify","root","version","VERSION","removed","nodeType","isSupported","originalDocument","currentScript","DocumentFragment","HTMLTemplateElement","Node","Element","NodeFilter","NamedNodeMap","MozNamedAttrMap","HTMLFormElement","DOMParser","ElementPrototype","cloneNode","remove","getNextSibling","getChildNodes","getParentNode","template","createElement","content","ownerDocument","trustedTypesPolicy","emptyHTML","implementation","createNodeIterator","createDocumentFragment","getElementsByTagName","importNode","hooks","createHTMLDocument","EXPRESSIONS","ALLOWED_TAGS","DEFAULT_ALLOWED_TAGS","TAGS","ALLOWED_ATTR","DEFAULT_ALLOWED_ATTR","ATTRS","CUSTOM_ELEMENT_HANDLING","tagNameCheck","writable","configurable","enumerable","attributeNameCheck","allowCustomizedBuiltInElements","FORBID_TAGS","FORBID_ATTR","ALLOW_ARIA_ATTR","ALLOW_DATA_ATTR","ALLOW_UNKNOWN_PROTOCOLS","ALLOW_SELF_CLOSE_IN_ATTR","SAFE_FOR_TEMPLATES","SAFE_FOR_XML","WHOLE_DOCUMENT","SET_CONFIG","FORCE_BODY","RETURN_DOM","RETURN_DOM_FRAGMENT","RETURN_TRUSTED_TYPE","SANITIZE_DOM","SANITIZE_NAMED_PROPS","SANITIZE_NAMED_PROPS_PREFIX","KEEP_CONTENT","IN_PLACE","USE_PROFILES","FORBID_CONTENTS","DEFAULT_FORBID_CONTENTS","DATA_URI_TAGS","DEFAULT_DATA_URI_TAGS","URI_SAFE_ATTRIBUTES","DEFAULT_URI_SAFE_ATTRIBUTES","MATHML_NAMESPACE","SVG_NAMESPACE","HTML_NAMESPACE","NAMESPACE","IS_EMPTY_INPUT","ALLOWED_NAMESPACES","DEFAULT_ALLOWED_NAMESPACES","MATHML_TEXT_INTEGRATION_POINTS","HTML_INTEGRATION_POINTS","COMMON_SVG_AND_HTML_ELEMENTS","PARSER_MEDIA_TYPE","SUPPORTED_PARSER_MEDIA_TYPES","DEFAULT_PARSER_MEDIA_TYPE","CONFIG","formElement","isRegexOrFunction","testValue","Function","_parseConfig","cfg","ADD_URI_SAFE_ATTR","ADD_DATA_URI_TAGS","ALLOWED_URI_REGEXP","ADD_TAGS","ADD_ATTR","table","tbody","TRUSTED_TYPES_POLICY","ALL_SVG_TAGS","ALL_MATHML_TAGS","_checkValidNamespace","parent","tagName","namespaceURI","parentTagName","Boolean","_forceRemove","node","removeChild","_removeAttribute","name","getAttributeNode","from","removeAttribute","setAttribute","_initDocument","dirty","doc","leadingWhitespace","matches","dirtyPayload","parseFromString","documentElement","createDocument","innerHTML","body","insertBefore","createTextNode","childNodes","call","_createNodeIterator","SHOW_ELEMENT","SHOW_COMMENT","SHOW_TEXT","SHOW_PROCESSING_INSTRUCTION","SHOW_CDATA_SECTION","_isClobbered","elm","nodeName","textContent","attributes","hasChildNodes","_isNode","_executeHook","entryPoint","currentNode","data","hook","_sanitizeElements","allowedTags","firstElementChild","_isBasicCustomElement","parentNode","childCount","i","childClone","__removalCount","expr","_isValidAttribute","lcTag","lcName","_sanitizeAttributes","hookEvent","attrName","attrValue","keepAttr","allowedAttributes","attr","forceKeepAttr","getAttributeType","setAttributeNS","_sanitizeShadowDOM","fragment","shadowNode","shadowIterator","nextNode","sanitize","importedNode","returnNode","appendChild","firstChild","nodeIterator","shadowroot","shadowrootmode","serializedHTML","outerHTML","doctype","setConfig","clearConfig","isValidAttribute","tag","addHook","hookFunction","removeHook","removeHooks","removeAllHooks"],"mappings":";;AAAA,MAAM;EACJA,OAAO;EACPC,cAAc;EACdC,QAAQ;EACRC,cAAc;AACdC,EAAAA,wBAAAA;AACF,CAAC,GAAGC,MAAM,CAAA;AAEV,IAAI;EAAEC,MAAM;EAAEC,IAAI;AAAEC,EAAAA,MAAAA;AAAO,CAAC,GAAGH,MAAM,CAAC;AACtC,IAAI;EAAEI,KAAK;AAAEC,EAAAA,SAAAA;AAAU,CAAC,GAAG,OAAOC,OAAO,KAAK,WAAW,IAAIA,OAAO,CAAA;AAEpE,IAAI,CAACL,MAAM,EAAE;AACXA,EAAAA,MAAM,GAAG,SAAAA,MAAUM,CAAAA,CAAC,EAAE;AACpB,IAAA,OAAOA,CAAC,CAAA;GACT,CAAA;AACH,CAAA;AAEA,IAAI,CAACL,IAAI,EAAE;AACTA,EAAAA,IAAI,GAAG,SAAAA,IAAUK,CAAAA,CAAC,EAAE;AAClB,IAAA,OAAOA,CAAC,CAAA;GACT,CAAA;AACH,CAAA;AAEA,IAAI,CAACH,KAAK,EAAE;EACVA,KAAK,GAAG,SAAAA,KAAUI,CAAAA,GAAG,EAAEC,SAAS,EAAEC,IAAI,EAAE;AACtC,IAAA,OAAOF,GAAG,CAACJ,KAAK,CAACK,SAAS,EAAEC,IAAI,CAAC,CAAA;GAClC,CAAA;AACH,CAAA;AAEA,IAAI,CAACL,SAAS,EAAE;AACdA,EAAAA,SAAS,GAAG,SAAAA,SAAAA,CAAUM,IAAI,EAAED,IAAI,EAAE;AAChC,IAAA,OAAO,IAAIC,IAAI,CAAC,GAAGD,IAAI,CAAC,CAAA;GACzB,CAAA;AACH,CAAA;AAEA,MAAME,YAAY,GAAGC,OAAO,CAACC,KAAK,CAACC,SAAS,CAACC,OAAO,CAAC,CAAA;AAErD,MAAMC,QAAQ,GAAGJ,OAAO,CAACC,KAAK,CAACC,SAAS,CAACG,GAAG,CAAC,CAAA;AAC7C,MAAMC,SAAS,GAAGN,OAAO,CAACC,KAAK,CAACC,SAAS,CAACK,IAAI,CAAC,CAAA;AAG/C,MAAMC,iBAAiB,GAAGR,OAAO,CAACS,MAAM,CAACP,SAAS,CAACQ,WAAW,CAAC,CAAA;AAC/D,MAAMC,cAAc,GAAGX,OAAO,CAACS,MAAM,CAACP,SAAS,CAACU,QAAQ,CAAC,CAAA;AACzD,MAAMC,WAAW,GAAGb,OAAO,CAACS,MAAM,CAACP,SAAS,CAACY,KAAK,CAAC,CAAA;AACnD,MAAMC,aAAa,GAAGf,OAAO,CAACS,MAAM,CAACP,SAAS,CAACc,OAAO,CAAC,CAAA;AACvD,MAAMC,aAAa,GAAGjB,OAAO,CAACS,MAAM,CAACP,SAAS,CAACgB,OAAO,CAAC,CAAA;AACvD,MAAMC,UAAU,GAAGnB,OAAO,CAACS,MAAM,CAACP,SAAS,CAACkB,IAAI,CAAC,CAAA;AAEjD,MAAMC,oBAAoB,GAAGrB,OAAO,CAACb,MAAM,CAACe,SAAS,CAACoB,cAAc,CAAC,CAAA;AAErE,MAAMC,UAAU,GAAGvB,OAAO,CAACwB,MAAM,CAACtB,SAAS,CAACuB,IAAI,CAAC,CAAA;AAEjD,MAAMC,eAAe,GAAGC,WAAW,CAACC,SAAS,CAAC,CAAA;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA,SAAS5B,OAAOA,CAAC6B,IAAI,EAAE;AACrB,EAAA,OAAO,UAACC,OAAO,EAAA;IAAA,KAAAC,IAAAA,IAAA,GAAAC,SAAA,CAAAC,MAAA,EAAKpC,IAAI,OAAAI,KAAA,CAAA8B,IAAA,GAAAA,CAAAA,GAAAA,IAAA,WAAAG,IAAA,GAAA,CAAA,EAAAA,IAAA,GAAAH,IAAA,EAAAG,IAAA,EAAA,EAAA;AAAJrC,MAAAA,IAAI,CAAAqC,IAAA,GAAAF,CAAAA,CAAAA,GAAAA,SAAA,CAAAE,IAAA,CAAA,CAAA;AAAA,KAAA;AAAA,IAAA,OAAK3C,KAAK,CAACsC,IAAI,EAAEC,OAAO,EAAEjC,IAAI,CAAC,CAAA;AAAA,GAAA,CAAA;AACzD,CAAA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS8B,WAAWA,CAACE,IAAI,EAAE;EACzB,OAAO,YAAA;AAAA,IAAA,KAAA,IAAAM,KAAA,GAAAH,SAAA,CAAAC,MAAA,EAAIpC,IAAI,GAAAI,IAAAA,KAAA,CAAAkC,KAAA,GAAAC,KAAA,GAAA,CAAA,EAAAA,KAAA,GAAAD,KAAA,EAAAC,KAAA,EAAA,EAAA;AAAJvC,MAAAA,IAAI,CAAAuC,KAAA,CAAAJ,GAAAA,SAAA,CAAAI,KAAA,CAAA,CAAA;AAAA,KAAA;AAAA,IAAA,OAAK5C,SAAS,CAACqC,IAAI,EAAEhC,IAAI,CAAC,CAAA;AAAA,GAAA,CAAA;AAC3C,CAAA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASwC,QAAQA,CAACC,GAAG,EAAEC,KAAK,EAAyC;AAAA,EAAA,IAAvCC,iBAAiB,GAAAR,SAAA,CAAAC,MAAA,GAAA,CAAA,IAAAD,SAAA,CAAA,CAAA,CAAA,KAAAS,SAAA,GAAAT,SAAA,CAAA,CAAA,CAAA,GAAGxB,iBAAiB,CAAA;AACjE,EAAA,IAAIzB,cAAc,EAAE;AAClB;AACA;AACA;AACAA,IAAAA,cAAc,CAACuD,GAAG,EAAE,IAAI,CAAC,CAAA;AAC3B,GAAA;AAEA,EAAA,IAAII,CAAC,GAAGH,KAAK,CAACN,MAAM,CAAA;EACpB,OAAOS,CAAC,EAAE,EAAE;AACV,IAAA,IAAIC,OAAO,GAAGJ,KAAK,CAACG,CAAC,CAAC,CAAA;AACtB,IAAA,IAAI,OAAOC,OAAO,KAAK,QAAQ,EAAE;AAC/B,MAAA,MAAMC,SAAS,GAAGJ,iBAAiB,CAACG,OAAO,CAAC,CAAA;MAC5C,IAAIC,SAAS,KAAKD,OAAO,EAAE;AACzB;AACA,QAAA,IAAI,CAAC3D,QAAQ,CAACuD,KAAK,CAAC,EAAE;AACpBA,UAAAA,KAAK,CAACG,CAAC,CAAC,GAAGE,SAAS,CAAA;AACtB,SAAA;AAEAD,QAAAA,OAAO,GAAGC,SAAS,CAAA;AACrB,OAAA;AACF,KAAA;AAEAN,IAAAA,GAAG,CAACK,OAAO,CAAC,GAAG,IAAI,CAAA;AACrB,GAAA;AAEA,EAAA,OAAOL,GAAG,CAAA;AACZ,CAAA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASO,UAAUA,CAACN,KAAK,EAAE;AACzB,EAAA,KAAK,IAAIO,KAAK,GAAG,CAAC,EAAEA,KAAK,GAAGP,KAAK,CAACN,MAAM,EAAEa,KAAK,EAAE,EAAE;AACjD,IAAA,MAAMC,eAAe,GAAG1B,oBAAoB,CAACkB,KAAK,EAAEO,KAAK,CAAC,CAAA;IAE1D,IAAI,CAACC,eAAe,EAAE;AACpBR,MAAAA,KAAK,CAACO,KAAK,CAAC,GAAG,IAAI,CAAA;AACrB,KAAA;AACF,GAAA;AAEA,EAAA,OAAOP,KAAK,CAAA;AACd,CAAA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASS,KAAKA,CAACC,MAAM,EAAE;AACrB,EAAA,MAAMC,SAAS,GAAG5D,MAAM,CAAC,IAAI,CAAC,CAAA;EAE9B,KAAK,MAAM,CAAC6D,QAAQ,EAAEC,KAAK,CAAC,IAAItE,OAAO,CAACmE,MAAM,CAAC,EAAE;AAC/C,IAAA,MAAMF,eAAe,GAAG1B,oBAAoB,CAAC4B,MAAM,EAAEE,QAAQ,CAAC,CAAA;AAE9D,IAAA,IAAIJ,eAAe,EAAE;AACnB,MAAA,IAAI9C,KAAK,CAACoD,OAAO,CAACD,KAAK,CAAC,EAAE;AACxBF,QAAAA,SAAS,CAACC,QAAQ,CAAC,GAAGN,UAAU,CAACO,KAAK,CAAC,CAAA;AACzC,OAAC,MAAM,IACLA,KAAK,IACL,OAAOA,KAAK,KAAK,QAAQ,IACzBA,KAAK,CAACE,WAAW,KAAKnE,MAAM,EAC5B;AACA+D,QAAAA,SAAS,CAACC,QAAQ,CAAC,GAAGH,KAAK,CAACI,KAAK,CAAC,CAAA;AACpC,OAAC,MAAM;AACLF,QAAAA,SAAS,CAACC,QAAQ,CAAC,GAAGC,KAAK,CAAA;AAC7B,OAAA;AACF,KAAA;AACF,GAAA;AAEA,EAAA,OAAOF,SAAS,CAAA;AAClB,CAAA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASK,YAAYA,CAACN,MAAM,EAAEO,IAAI,EAAE;EAClC,OAAOP,MAAM,KAAK,IAAI,EAAE;AACtB,IAAA,MAAMQ,IAAI,GAAGvE,wBAAwB,CAAC+D,MAAM,EAAEO,IAAI,CAAC,CAAA;AAEnD,IAAA,IAAIC,IAAI,EAAE;MACR,IAAIA,IAAI,CAACC,GAAG,EAAE;AACZ,QAAA,OAAO1D,OAAO,CAACyD,IAAI,CAACC,GAAG,CAAC,CAAA;AAC1B,OAAA;AAEA,MAAA,IAAI,OAAOD,IAAI,CAACL,KAAK,KAAK,UAAU,EAAE;AACpC,QAAA,OAAOpD,OAAO,CAACyD,IAAI,CAACL,KAAK,CAAC,CAAA;AAC5B,OAAA;AACF,KAAA;AAEAH,IAAAA,MAAM,GAAGhE,cAAc,CAACgE,MAAM,CAAC,CAAA;AACjC,GAAA;EAEA,SAASU,aAAaA,GAAG;AACvB,IAAA,OAAO,IAAI,CAAA;AACb,GAAA;AAEA,EAAA,OAAOA,aAAa,CAAA;AACtB;;AC1LO,MAAMC,MAAI,GAAGxE,MAAM,CAAC,CACzB,GAAG,EACH,MAAM,EACN,SAAS,EACT,SAAS,EACT,MAAM,EACN,SAAS,EACT,OAAO,EACP,OAAO,EACP,GAAG,EACH,KAAK,EACL,KAAK,EACL,KAAK,EACL,OAAO,EACP,YAAY,EACZ,MAAM,EACN,IAAI,EACJ,QAAQ,EACR,QAAQ,EACR,SAAS,EACT,QAAQ,EACR,MAAM,EACN,MAAM,EACN,KAAK,EACL,UAAU,EACV,SAAS,EACT,MAAM,EACN,UAAU,EACV,IAAI,EACJ,WAAW,EACX,KAAK,EACL,SAAS,EACT,KAAK,EACL,QAAQ,EACR,KAAK,EACL,KAAK,EACL,IAAI,EACJ,IAAI,EACJ,SAAS,EACT,IAAI,EACJ,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,MAAM,EACN,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,IAAI,EACJ,MAAM,EACN,GAAG,EACH,KAAK,EACL,OAAO,EACP,KAAK,EACL,KAAK,EACL,OAAO,EACP,QAAQ,EACR,IAAI,EACJ,MAAM,EACN,KAAK,EACL,MAAM,EACN,SAAS,EACT,MAAM,EACN,UAAU,EACV,OAAO,EACP,KAAK,EACL,MAAM,EACN,IAAI,EACJ,UAAU,EACV,QAAQ,EACR,QAAQ,EACR,GAAG,EACH,SAAS,EACT,KAAK,EACL,UAAU,EACV,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,GAAG,EACH,MAAM,EACN,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,KAAK,EACL,SAAS,EACT,KAAK,EACL,OAAO,EACP,OAAO,EACP,IAAI,EACJ,UAAU,EACV,UAAU,EACV,OAAO,EACP,IAAI,EACJ,OAAO,EACP,MAAM,EACN,IAAI,EACJ,OAAO,EACP,IAAI,EACJ,GAAG,EACH,IAAI,EACJ,KAAK,EACL,OAAO,EACP,KAAK,CACN,CAAC,CAAA;;AAEF;AACO,MAAMyE,KAAG,GAAGzE,MAAM,CAAC,CACxB,KAAK,EACL,GAAG,EACH,UAAU,EACV,aAAa,EACb,cAAc,EACd,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,QAAQ,EACR,UAAU,EACV,MAAM,EACN,MAAM,EACN,SAAS,EACT,QAAQ,EACR,MAAM,EACN,GAAG,EACH,OAAO,EACP,UAAU,EACV,OAAO,EACP,OAAO,EACP,MAAM,EACN,gBAAgB,EAChB,QAAQ,EACR,MAAM,EACN,UAAU,EACV,OAAO,EACP,MAAM,EACN,SAAS,EACT,SAAS,EACT,UAAU,EACV,gBAAgB,EAChB,MAAM,EACN,MAAM,EACN,OAAO,EACP,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,UAAU,EACV,OAAO,EACP,MAAM,EACN,OAAO,EACP,MAAM,EACN,OAAO,CACR,CAAC,CAAA;AAEK,MAAM0E,UAAU,GAAG1E,MAAM,CAAC,CAC/B,SAAS,EACT,eAAe,EACf,qBAAqB,EACrB,aAAa,EACb,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACT,gBAAgB,EAChB,SAAS,EACT,SAAS,EACT,aAAa,EACb,cAAc,EACd,UAAU,EACV,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,QAAQ,EACR,cAAc,CACf,CAAC,CAAA;;AAEF;AACA;AACA;AACA;AACO,MAAM2E,aAAa,GAAG3E,MAAM,CAAC,CAClC,SAAS,EACT,eAAe,EACf,QAAQ,EACR,SAAS,EACT,WAAW,EACX,kBAAkB,EAClB,gBAAgB,EAChB,eAAe,EACf,eAAe,EACf,eAAe,EACf,OAAO,EACP,WAAW,EACX,MAAM,EACN,cAAc,EACd,WAAW,EACX,SAAS,EACT,eAAe,EACf,QAAQ,EACR,KAAK,EACL,YAAY,EACZ,SAAS,EACT,KAAK,CACN,CAAC,CAAA;AAEK,MAAM4E,QAAM,GAAG5E,MAAM,CAAC,CAC3B,MAAM,EACN,UAAU,EACV,QAAQ,EACR,SAAS,EACT,OAAO,EACP,QAAQ,EACR,IAAI,EACJ,YAAY,EACZ,eAAe,EACf,IAAI,EACJ,IAAI,EACJ,OAAO,EACP,SAAS,EACT,UAAU,EACV,OAAO,EACP,MAAM,EACN,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,MAAM,EACN,MAAM,EACN,SAAS,EACT,QAAQ,EACR,KAAK,EACL,OAAO,EACP,KAAK,EACL,QAAQ,EACR,YAAY,EACZ,aAAa,CACd,CAAC,CAAA;;AAEF;AACA;AACO,MAAM6E,gBAAgB,GAAG7E,MAAM,CAAC,CACrC,SAAS,EACT,aAAa,EACb,YAAY,EACZ,UAAU,EACV,WAAW,EACX,SAAS,EACT,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,WAAW,EACX,YAAY,EACZ,gBAAgB,EAChB,aAAa,EACb,MAAM,CACP,CAAC,CAAA;AAEK,MAAM8E,IAAI,GAAG9E,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC;;ACrR9B,MAAMwE,IAAI,GAAGxE,MAAM,CAAC,CACzB,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,KAAK,EACL,gBAAgB,EAChB,cAAc,EACd,sBAAsB,EACtB,UAAU,EACV,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,SAAS,EACT,aAAa,EACb,aAAa,EACb,SAAS,EACT,MAAM,EACN,OAAO,EACP,OAAO,EACP,OAAO,EACP,MAAM,EACN,SAAS,EACT,UAAU,EACV,cAAc,EACd,QAAQ,EACR,aAAa,EACb,UAAU,EACV,UAAU,EACV,SAAS,EACT,KAAK,EACL,UAAU,EACV,yBAAyB,EACzB,uBAAuB,EACvB,UAAU,EACV,WAAW,EACX,SAAS,EACT,cAAc,EACd,MAAM,EACN,KAAK,EACL,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,MAAM,EACN,UAAU,EACV,IAAI,EACJ,WAAW,EACX,WAAW,EACX,OAAO,EACP,MAAM,EACN,OAAO,EACP,MAAM,EACN,MAAM,EACN,SAAS,EACT,MAAM,EACN,KAAK,EACL,KAAK,EACL,WAAW,EACX,OAAO,EACP,QAAQ,EACR,KAAK,EACL,WAAW,EACX,UAAU,EACV,OAAO,EACP,MAAM,EACN,OAAO,EACP,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,EACN,SAAS,EACT,SAAS,EACT,aAAa,EACb,aAAa,EACb,SAAS,EACT,eAAe,EACf,qBAAqB,EACrB,QAAQ,EACR,SAAS,EACT,SAAS,EACT,YAAY,EACZ,UAAU,EACV,KAAK,EACL,UAAU,EACV,KAAK,EACL,UAAU,EACV,MAAM,EACN,MAAM,EACN,SAAS,EACT,YAAY,EACZ,OAAO,EACP,UAAU,EACV,OAAO,EACP,MAAM,EACN,OAAO,EACP,MAAM,EACN,SAAS,EACT,OAAO,EACP,KAAK,EACL,QAAQ,EACR,MAAM,EACN,OAAO,EACP,SAAS,EACT,UAAU,EACV,OAAO,EACP,WAAW,EACX,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,OAAO,EACP,MAAM,EACN,OAAO,EACP,MAAM,CACP,CAAC,CAAA;AAEK,MAAMyE,GAAG,GAAGzE,MAAM,CAAC,CACxB,eAAe,EACf,YAAY,EACZ,UAAU,EACV,oBAAoB,EACpB,WAAW,EACX,QAAQ,EACR,eAAe,EACf,eAAe,EACf,SAAS,EACT,eAAe,EACf,gBAAgB,EAChB,OAAO,EACP,MAAM,EACN,IAAI,EACJ,OAAO,EACP,MAAM,EACN,eAAe,EACf,WAAW,EACX,WAAW,EACX,OAAO,EACP,qBAAqB,EACrB,6BAA6B,EAC7B,eAAe,EACf,iBAAiB,EACjB,IAAI,EACJ,IAAI,EACJ,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,iBAAiB,EACjB,WAAW,EACX,SAAS,EACT,SAAS,EACT,KAAK,EACL,UAAU,EACV,WAAW,EACX,KAAK,EACL,UAAU,EACV,MAAM,EACN,cAAc,EACd,WAAW,EACX,QAAQ,EACR,aAAa,EACb,aAAa,EACb,eAAe,EACf,aAAa,EACb,WAAW,EACX,kBAAkB,EAClB,cAAc,EACd,YAAY,EACZ,cAAc,EACd,aAAa,EACb,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,YAAY,EACZ,UAAU,EACV,eAAe,EACf,mBAAmB,EACnB,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,iBAAiB,EACjB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,SAAS,EACT,WAAW,EACX,YAAY,EACZ,UAAU,EACV,MAAM,EACN,cAAc,EACd,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,OAAO,EACP,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,cAAc,EACd,aAAa,EACb,aAAa,EACb,kBAAkB,EAClB,WAAW,EACX,KAAK,EACL,MAAM,EACN,OAAO,EACP,QAAQ,EACR,MAAM,EACN,KAAK,EACL,MAAM,EACN,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,SAAS,EACT,OAAO,EACP,QAAQ,EACR,aAAa,EACb,QAAQ,EACR,UAAU,EACV,aAAa,EACb,MAAM,EACN,YAAY,EACZ,qBAAqB,EACrB,kBAAkB,EAClB,cAAc,EACd,QAAQ,EACR,eAAe,EACf,qBAAqB,EACrB,gBAAgB,EAChB,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,QAAQ,EACR,MAAM,EACN,MAAM,EACN,aAAa,EACb,WAAW,EACX,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,MAAM,EACN,iBAAiB,EACjB,OAAO,EACP,kBAAkB,EAClB,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,cAAc,EACd,aAAa,EACb,YAAY,EACZ,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,gBAAgB,EAChB,QAAQ,EACR,cAAc,EACd,OAAO,EACP,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,aAAa,EACb,SAAS,EACT,SAAS,EACT,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,YAAY,EACZ,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,SAAS,EACT,QAAQ,EACR,SAAS,EACT,YAAY,EACZ,SAAS,EACT,YAAY,EACZ,eAAe,EACf,eAAe,EACf,OAAO,EACP,cAAc,EACd,MAAM,EACN,cAAc,EACd,kBAAkB,EAClB,kBAAkB,EAClB,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,OAAO,EACP,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,GAAG,EACH,YAAY,CACb,CAAC,CAAA;AAEK,MAAM4E,MAAM,GAAG5E,MAAM,CAAC,CAC3B,QAAQ,EACR,aAAa,EACb,OAAO,EACP,UAAU,EACV,OAAO,EACP,cAAc,EACd,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,OAAO,EACP,KAAK,EACL,SAAS,EACT,cAAc,EACd,UAAU,EACV,OAAO,EACP,OAAO,EACP,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,SAAS,EACT,QAAQ,EACR,eAAe,EACf,QAAQ,EACR,QAAQ,EACR,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,aAAa,EACb,SAAS,EACT,SAAS,EACT,eAAe,EACf,UAAU,EACV,UAAU,EACV,MAAM,EACN,UAAU,EACV,UAAU,EACV,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,aAAa,EACb,eAAe,EACf,sBAAsB,EACtB,WAAW,EACX,WAAW,EACX,YAAY,EACZ,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,EACX,SAAS,EACT,OAAO,EACP,OAAO,CACR,CAAC,CAAA;AAEK,MAAM+E,GAAG,GAAG/E,MAAM,CAAC,CACxB,YAAY,EACZ,QAAQ,EACR,aAAa,EACb,WAAW,EACX,aAAa,CACd,CAAC;;AChXF;AACO,MAAMgF,aAAa,GAAG/E,IAAI,CAAC,2BAA2B,CAAC,CAAC;AACxD,MAAMgF,QAAQ,GAAGhF,IAAI,CAAC,uBAAuB,CAAC,CAAA;AAC9C,MAAMiF,WAAW,GAAGjF,IAAI,CAAC,eAAe,CAAC,CAAA;AACzC,MAAMkF,SAAS,GAAGlF,IAAI,CAAC,4BAA4B,CAAC,CAAC;AACrD,MAAMmF,SAAS,GAAGnF,IAAI,CAAC,gBAAgB,CAAC,CAAC;AACzC,MAAMoF,cAAc,GAAGpF,IAAI,CAChC,2FAA2F;AAC7F,CAAC,CAAA;AACM,MAAMqF,iBAAiB,GAAGrF,IAAI,CAAC,uBAAuB,CAAC,CAAA;AACvD,MAAMsF,eAAe,GAAGtF,IAAI,CACjC,6DAA6D;AAC/D,CAAC,CAAA;AACM,MAAMuF,YAAY,GAAGvF,IAAI,CAAC,SAAS,CAAC,CAAA;AACpC,MAAMwF,cAAc,GAAGxF,IAAI,CAAC,0BAA0B,CAAC;;;;;;;;;;;;;;;;ACQ9D;AACA,MAAMyF,SAAS,GAAG;AAChBnC,EAAAA,OAAO,EAAE,CAAC;AACVoC,EAAAA,SAAS,EAAE,CAAC;AACZb,EAAAA,IAAI,EAAE,CAAC;AACPc,EAAAA,YAAY,EAAE,CAAC;AACfC,EAAAA,eAAe,EAAE,CAAC;AAAE;AACpBC,EAAAA,UAAU,EAAE,CAAC;AAAE;AACfC,EAAAA,sBAAsB,EAAE,CAAC;AACzBC,EAAAA,OAAO,EAAE,CAAC;AACVC,EAAAA,QAAQ,EAAE,CAAC;AACXC,EAAAA,YAAY,EAAE,EAAE;AAChBC,EAAAA,gBAAgB,EAAE,EAAE;EACpBC,QAAQ,EAAE,EAAE;AACd,CAAC,CAAA;AAED,MAAMC,SAAS,GAAG,SAAZA,SAASA,GAAe;AAC5B,EAAA,OAAO,OAAOC,MAAM,KAAK,WAAW,GAAG,IAAI,GAAGA,MAAM,CAAA;AACtD,CAAC,CAAA;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,yBAAyB,GAAG,SAA5BA,yBAAyBA,CAAaC,YAAY,EAAEC,iBAAiB,EAAE;EAC3E,IACE,OAAOD,YAAY,KAAK,QAAQ,IAChC,OAAOA,YAAY,CAACE,YAAY,KAAK,UAAU,EAC/C;AACA,IAAA,OAAO,IAAI,CAAA;AACb,GAAA;;AAEA;AACA;AACA;EACA,IAAIC,MAAM,GAAG,IAAI,CAAA;EACjB,MAAMC,SAAS,GAAG,uBAAuB,CAAA;EACzC,IAAIH,iBAAiB,IAAIA,iBAAiB,CAACI,YAAY,CAACD,SAAS,CAAC,EAAE;AAClED,IAAAA,MAAM,GAAGF,iBAAiB,CAACK,YAAY,CAACF,SAAS,CAAC,CAAA;AACpD,GAAA;EAEA,MAAMG,UAAU,GAAG,WAAW,IAAIJ,MAAM,GAAG,GAAG,GAAGA,MAAM,GAAG,EAAE,CAAC,CAAA;EAE7D,IAAI;AACF,IAAA,OAAOH,YAAY,CAACE,YAAY,CAACK,UAAU,EAAE;MAC3CC,UAAUA,CAACxC,IAAI,EAAE;AACf,QAAA,OAAOA,IAAI,CAAA;OACZ;MACDyC,eAAeA,CAACC,SAAS,EAAE;AACzB,QAAA,OAAOA,SAAS,CAAA;AAClB,OAAA;AACF,KAAC,CAAC,CAAA;GACH,CAAC,OAAOC,CAAC,EAAE;AACV;AACA;AACA;IACAC,OAAO,CAACC,IAAI,CACV,sBAAsB,GAAGN,UAAU,GAAG,wBACxC,CAAC,CAAA;AACD,IAAA,OAAO,IAAI,CAAA;AACb,GAAA;AACF,CAAC,CAAA;AAED,SAASO,eAAeA,GAAuB;AAAA,EAAA,IAAtBhB,MAAM,GAAA1D,SAAA,CAAAC,MAAA,GAAAD,CAAAA,IAAAA,SAAA,CAAAS,CAAAA,CAAAA,KAAAA,SAAA,GAAAT,SAAA,CAAGyD,CAAAA,CAAAA,GAAAA,SAAS,EAAE,CAAA;AAC3C,EAAA,MAAMkB,SAAS,GAAIC,IAAI,IAAKF,eAAe,CAACE,IAAI,CAAC,CAAA;;AAEjD;AACF;AACA;AACA;EACED,SAAS,CAACE,OAAO,GAAGC,OAAO,CAAA;;AAE3B;AACF;AACA;AACA;EACEH,SAAS,CAACI,OAAO,GAAG,EAAE,CAAA;AAEtB,EAAA,IACE,CAACrB,MAAM,IACP,CAACA,MAAM,CAACL,QAAQ,IAChBK,MAAM,CAACL,QAAQ,CAAC2B,QAAQ,KAAKlC,SAAS,CAACO,QAAQ,EAC/C;AACA;AACA;IACAsB,SAAS,CAACM,WAAW,GAAG,KAAK,CAAA;AAE7B,IAAA,OAAON,SAAS,CAAA;AAClB,GAAA;EAEA,IAAI;AAAEtB,IAAAA,QAAAA;AAAS,GAAC,GAAGK,MAAM,CAAA;EAEzB,MAAMwB,gBAAgB,GAAG7B,QAAQ,CAAA;AACjC,EAAA,MAAM8B,aAAa,GAAGD,gBAAgB,CAACC,aAAa,CAAA;EACpD,MAAM;IACJC,gBAAgB;IAChBC,mBAAmB;IACnBC,IAAI;IACJC,OAAO;IACPC,UAAU;AACVC,IAAAA,YAAY,GAAG/B,MAAM,CAAC+B,YAAY,IAAI/B,MAAM,CAACgC,eAAe;IAC5DC,eAAe;IACfC,SAAS;AACThC,IAAAA,YAAAA;AACF,GAAC,GAAGF,MAAM,CAAA;AAEV,EAAA,MAAMmC,gBAAgB,GAAGN,OAAO,CAACrH,SAAS,CAAA;AAE1C,EAAA,MAAM4H,SAAS,GAAGvE,YAAY,CAACsE,gBAAgB,EAAE,WAAW,CAAC,CAAA;AAC7D,EAAA,MAAME,MAAM,GAAGxE,YAAY,CAACsE,gBAAgB,EAAE,QAAQ,CAAC,CAAA;AACvD,EAAA,MAAMG,cAAc,GAAGzE,YAAY,CAACsE,gBAAgB,EAAE,aAAa,CAAC,CAAA;AACpE,EAAA,MAAMI,aAAa,GAAG1E,YAAY,CAACsE,gBAAgB,EAAE,YAAY,CAAC,CAAA;AAClE,EAAA,MAAMK,aAAa,GAAG3E,YAAY,CAACsE,gBAAgB,EAAE,YAAY,CAAC,CAAA;;AAElE;AACA;AACA;AACA;AACA;AACA;AACA,EAAA,IAAI,OAAOR,mBAAmB,KAAK,UAAU,EAAE;AAC7C,IAAA,MAAMc,QAAQ,GAAG9C,QAAQ,CAAC+C,aAAa,CAAC,UAAU,CAAC,CAAA;IACnD,IAAID,QAAQ,CAACE,OAAO,IAAIF,QAAQ,CAACE,OAAO,CAACC,aAAa,EAAE;AACtDjD,MAAAA,QAAQ,GAAG8C,QAAQ,CAACE,OAAO,CAACC,aAAa,CAAA;AAC3C,KAAA;AACF,GAAA;AAEA,EAAA,IAAIC,kBAAkB,CAAA;EACtB,IAAIC,SAAS,GAAG,EAAE,CAAA;EAElB,MAAM;IACJC,cAAc;IACdC,kBAAkB;IAClBC,sBAAsB;AACtBC,IAAAA,oBAAAA;AACF,GAAC,GAAGvD,QAAQ,CAAA;EACZ,MAAM;AAAEwD,IAAAA,UAAAA;AAAW,GAAC,GAAG3B,gBAAgB,CAAA;EAEvC,IAAI4B,KAAK,GAAG,EAAE,CAAA;;AAEd;AACF;AACA;AACEnC,EAAAA,SAAS,CAACM,WAAW,GACnB,OAAOnI,OAAO,KAAK,UAAU,IAC7B,OAAOoJ,aAAa,KAAK,UAAU,IACnCO,cAAc,IACdA,cAAc,CAACM,kBAAkB,KAAKtG,SAAS,CAAA;EAEjD,MAAM;IACJ2B,aAAa;IACbC,QAAQ;IACRC,WAAW;IACXC,SAAS;IACTC,SAAS;IACTE,iBAAiB;IACjBC,eAAe;AACfE,IAAAA,cAAAA;AACF,GAAC,GAAGmE,WAAW,CAAA;EAEf,IAAI;AAAEvE,oBAAAA,gBAAAA;AAAe,GAAC,GAAGuE,WAAW,CAAA;;AAEpC;AACF;AACA;AACA;;AAEE;EACA,IAAIC,YAAY,GAAG,IAAI,CAAA;AACvB,EAAA,MAAMC,oBAAoB,GAAG7G,QAAQ,CAAC,EAAE,EAAE,CACxC,GAAG8G,MAAS,EACZ,GAAGA,KAAQ,EACX,GAAGA,UAAe,EAClB,GAAGA,QAAW,EACd,GAAGA,IAAS,CACb,CAAC,CAAA;;AAEF;EACA,IAAIC,YAAY,GAAG,IAAI,CAAA;AACvB,EAAA,MAAMC,oBAAoB,GAAGhH,QAAQ,CAAC,EAAE,EAAE,CACxC,GAAGiH,IAAU,EACb,GAAGA,GAAS,EACZ,GAAGA,MAAY,EACf,GAAGA,GAAS,CACb,CAAC,CAAA;;AAEF;AACF;AACA;AACA;AACA;AACA;EACE,IAAIC,uBAAuB,GAAGpK,MAAM,CAACE,IAAI,CACvCC,MAAM,CAAC,IAAI,EAAE;AACXkK,IAAAA,YAAY,EAAE;AACZC,MAAAA,QAAQ,EAAE,IAAI;AACdC,MAAAA,YAAY,EAAE,KAAK;AACnBC,MAAAA,UAAU,EAAE,IAAI;AAChBvG,MAAAA,KAAK,EAAE,IAAA;KACR;AACDwG,IAAAA,kBAAkB,EAAE;AAClBH,MAAAA,QAAQ,EAAE,IAAI;AACdC,MAAAA,YAAY,EAAE,KAAK;AACnBC,MAAAA,UAAU,EAAE,IAAI;AAChBvG,MAAAA,KAAK,EAAE,IAAA;KACR;AACDyG,IAAAA,8BAA8B,EAAE;AAC9BJ,MAAAA,QAAQ,EAAE,IAAI;AACdC,MAAAA,YAAY,EAAE,KAAK;AACnBC,MAAAA,UAAU,EAAE,IAAI;AAChBvG,MAAAA,KAAK,EAAE,KAAA;AACT,KAAA;AACF,GAAC,CACH,CAAC,CAAA;;AAED;EACA,IAAI0G,WAAW,GAAG,IAAI,CAAA;;AAEtB;EACA,IAAIC,WAAW,GAAG,IAAI,CAAA;;AAEtB;EACA,IAAIC,eAAe,GAAG,IAAI,CAAA;;AAE1B;EACA,IAAIC,eAAe,GAAG,IAAI,CAAA;;AAE1B;EACA,IAAIC,uBAAuB,GAAG,KAAK,CAAA;;AAEnC;AACF;EACE,IAAIC,wBAAwB,GAAG,IAAI,CAAA;;AAEnC;AACF;AACA;EACE,IAAIC,kBAAkB,GAAG,KAAK,CAAA;;AAE9B;AACF;AACA;EACE,IAAIC,YAAY,GAAG,IAAI,CAAA;;AAEvB;EACA,IAAIC,cAAc,GAAG,KAAK,CAAA;;AAE1B;EACA,IAAIC,UAAU,GAAG,KAAK,CAAA;;AAEtB;AACF;EACE,IAAIC,UAAU,GAAG,KAAK,CAAA;;AAEtB;AACF;AACA;AACA;EACE,IAAIC,UAAU,GAAG,KAAK,CAAA;;AAEtB;AACF;EACE,IAAIC,mBAAmB,GAAG,KAAK,CAAA;;AAE/B;AACF;EACE,IAAIC,mBAAmB,GAAG,KAAK,CAAA;;AAE/B;AACF;AACA;EACE,IAAIC,YAAY,GAAG,IAAI,CAAA;;AAEvB;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,IAAIC,oBAAoB,GAAG,KAAK,CAAA;EAChC,MAAMC,2BAA2B,GAAG,eAAe,CAAA;;AAEnD;EACA,IAAIC,YAAY,GAAG,IAAI,CAAA;;AAEvB;AACF;EACE,IAAIC,QAAQ,GAAG,KAAK,CAAA;;AAEpB;EACA,IAAIC,YAAY,GAAG,EAAE,CAAA;;AAErB;EACA,IAAIC,eAAe,GAAG,IAAI,CAAA;EAC1B,MAAMC,uBAAuB,GAAG9I,QAAQ,CAAC,EAAE,EAAE,CAC3C,gBAAgB,EAChB,OAAO,EACP,UAAU,EACV,MAAM,EACN,eAAe,EACf,MAAM,EACN,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,OAAO,EACP,SAAS,EACT,UAAU,EACV,UAAU,EACV,WAAW,EACX,QAAQ,EACR,OAAO,EACP,KAAK,EACL,UAAU,EACV,OAAO,EACP,OAAO,EACP,OAAO,EACP,KAAK,CACN,CAAC,CAAA;;AAEF;EACA,IAAI+I,aAAa,GAAG,IAAI,CAAA;EACxB,MAAMC,qBAAqB,GAAGhJ,QAAQ,CAAC,EAAE,EAAE,CACzC,OAAO,EACP,OAAO,EACP,KAAK,EACL,QAAQ,EACR,OAAO,EACP,OAAO,CACR,CAAC,CAAA;;AAEF;EACA,IAAIiJ,mBAAmB,GAAG,IAAI,CAAA;AAC9B,EAAA,MAAMC,2BAA2B,GAAGlJ,QAAQ,CAAC,EAAE,EAAE,CAC/C,KAAK,EACL,OAAO,EACP,KAAK,EACL,IAAI,EACJ,OAAO,EACP,MAAM,EACN,SAAS,EACT,aAAa,EACb,MAAM,EACN,SAAS,EACT,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR,CAAC,CAAA;EAEF,MAAMmJ,gBAAgB,GAAG,oCAAoC,CAAA;EAC7D,MAAMC,aAAa,GAAG,4BAA4B,CAAA;EAClD,MAAMC,cAAc,GAAG,8BAA8B,CAAA;AACrD;EACA,IAAIC,SAAS,GAAGD,cAAc,CAAA;EAC9B,IAAIE,cAAc,GAAG,KAAK,CAAA;;AAE1B;EACA,IAAIC,kBAAkB,GAAG,IAAI,CAAA;AAC7B,EAAA,MAAMC,0BAA0B,GAAGzJ,QAAQ,CACzC,EAAE,EACF,CAACmJ,gBAAgB,EAAEC,aAAa,EAAEC,cAAc,CAAC,EACjD/K,cACF,CAAC,CAAA;AAED,EAAA,IAAIoL,8BAA8B,GAAG1J,QAAQ,CAAC,EAAE,EAAE,CAChD,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,OAAO,CACR,CAAC,CAAA;EAEF,IAAI2J,uBAAuB,GAAG3J,QAAQ,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAA;;AAE9D;AACA;AACA;AACA;AACA,EAAA,MAAM4J,4BAA4B,GAAG5J,QAAQ,CAAC,EAAE,EAAE,CAChD,OAAO,EACP,OAAO,EACP,MAAM,EACN,GAAG,EACH,QAAQ,CACT,CAAC,CAAA;;AAEF;EACA,IAAI6J,iBAAiB,GAAG,IAAI,CAAA;AAC5B,EAAA,MAAMC,4BAA4B,GAAG,CAAC,uBAAuB,EAAE,WAAW,CAAC,CAAA;EAC3E,MAAMC,yBAAyB,GAAG,WAAW,CAAA;EAC7C,IAAI5J,iBAAiB,GAAG,IAAI,CAAA;;AAE5B;EACA,IAAI6J,MAAM,GAAG,IAAI,CAAA;;AAEjB;AACA;;AAEA,EAAA,MAAMC,WAAW,GAAGjH,QAAQ,CAAC+C,aAAa,CAAC,MAAM,CAAC,CAAA;AAElD,EAAA,MAAMmE,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAaC,SAAS,EAAE;AAC7C,IAAA,OAAOA,SAAS,YAAYhL,MAAM,IAAIgL,SAAS,YAAYC,QAAQ,CAAA;GACpE,CAAA;;AAED;AACF;AACA;AACA;AACA;AACE;AACA,EAAA,MAAMC,YAAY,GAAG,SAAfA,YAAYA,GAAuB;AAAA,IAAA,IAAVC,GAAG,GAAA3K,SAAA,CAAAC,MAAA,GAAA,CAAA,IAAAD,SAAA,CAAA,CAAA,CAAA,KAAAS,SAAA,GAAAT,SAAA,CAAA,CAAA,CAAA,GAAG,EAAE,CAAA;AACrC,IAAA,IAAIqK,MAAM,IAAIA,MAAM,KAAKM,GAAG,EAAE;AAC5B,MAAA,OAAA;AACF,KAAA;;AAEA;AACA,IAAA,IAAI,CAACA,GAAG,IAAI,OAAOA,GAAG,KAAK,QAAQ,EAAE;MACnCA,GAAG,GAAG,EAAE,CAAA;AACV,KAAA;;AAEA;AACAA,IAAAA,GAAG,GAAG3J,KAAK,CAAC2J,GAAG,CAAC,CAAA;IAEhBT,iBAAiB;AACf;AACAC,IAAAA,4BAA4B,CAACjL,OAAO,CAACyL,GAAG,CAACT,iBAAiB,CAAC,KAAK,CAAC,CAAC,GAC9DE,yBAAyB,GACzBO,GAAG,CAACT,iBAAiB,CAAA;;AAE3B;AACA1J,IAAAA,iBAAiB,GACf0J,iBAAiB,KAAK,uBAAuB,GACzCvL,cAAc,GACdH,iBAAiB,CAAA;;AAEvB;IACAyI,YAAY,GAAG5H,oBAAoB,CAACsL,GAAG,EAAE,cAAc,CAAC,GACpDtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAAC1D,YAAY,EAAEzG,iBAAiB,CAAC,GACjD0G,oBAAoB,CAAA;IACxBE,YAAY,GAAG/H,oBAAoB,CAACsL,GAAG,EAAE,cAAc,CAAC,GACpDtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAACvD,YAAY,EAAE5G,iBAAiB,CAAC,GACjD6G,oBAAoB,CAAA;IACxBwC,kBAAkB,GAAGxK,oBAAoB,CAACsL,GAAG,EAAE,oBAAoB,CAAC,GAChEtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAACd,kBAAkB,EAAElL,cAAc,CAAC,GACpDmL,0BAA0B,CAAA;AAC9BR,IAAAA,mBAAmB,GAAGjK,oBAAoB,CAACsL,GAAG,EAAE,mBAAmB,CAAC,GAChEtK,QAAQ,CACNW,KAAK,CAACuI,2BAA2B,CAAC;AAAE;AACpCoB,IAAAA,GAAG,CAACC,iBAAiB;AAAE;AACvBpK,IAAAA,iBAAiB;AACnB,KAAC;AAAC,MACF+I,2BAA2B,CAAA;AAC/BH,IAAAA,aAAa,GAAG/J,oBAAoB,CAACsL,GAAG,EAAE,mBAAmB,CAAC,GAC1DtK,QAAQ,CACNW,KAAK,CAACqI,qBAAqB,CAAC;AAAE;AAC9BsB,IAAAA,GAAG,CAACE,iBAAiB;AAAE;AACvBrK,IAAAA,iBAAiB;AACnB,KAAC;AAAC,MACF6I,qBAAqB,CAAA;IACzBH,eAAe,GAAG7J,oBAAoB,CAACsL,GAAG,EAAE,iBAAiB,CAAC,GAC1DtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAACzB,eAAe,EAAE1I,iBAAiB,CAAC,GACpD2I,uBAAuB,CAAA;IAC3BrB,WAAW,GAAGzI,oBAAoB,CAACsL,GAAG,EAAE,aAAa,CAAC,GAClDtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAAC7C,WAAW,EAAEtH,iBAAiB,CAAC,GAChD,EAAE,CAAA;IACNuH,WAAW,GAAG1I,oBAAoB,CAACsL,GAAG,EAAE,aAAa,CAAC,GAClDtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAAC5C,WAAW,EAAEvH,iBAAiB,CAAC,GAChD,EAAE,CAAA;AACNyI,IAAAA,YAAY,GAAG5J,oBAAoB,CAACsL,GAAG,EAAE,cAAc,CAAC,GACpDA,GAAG,CAAC1B,YAAY,GAChB,KAAK,CAAA;AACTjB,IAAAA,eAAe,GAAG2C,GAAG,CAAC3C,eAAe,KAAK,KAAK,CAAC;AAChDC,IAAAA,eAAe,GAAG0C,GAAG,CAAC1C,eAAe,KAAK,KAAK,CAAC;AAChDC,IAAAA,uBAAuB,GAAGyC,GAAG,CAACzC,uBAAuB,IAAI,KAAK,CAAC;AAC/DC,IAAAA,wBAAwB,GAAGwC,GAAG,CAACxC,wBAAwB,KAAK,KAAK,CAAC;AAClEC,IAAAA,kBAAkB,GAAGuC,GAAG,CAACvC,kBAAkB,IAAI,KAAK,CAAC;AACrDC,IAAAA,YAAY,GAAGsC,GAAG,CAACtC,YAAY,KAAK,KAAK,CAAC;AAC1CC,IAAAA,cAAc,GAAGqC,GAAG,CAACrC,cAAc,IAAI,KAAK,CAAC;AAC7CG,IAAAA,UAAU,GAAGkC,GAAG,CAAClC,UAAU,IAAI,KAAK,CAAC;AACrCC,IAAAA,mBAAmB,GAAGiC,GAAG,CAACjC,mBAAmB,IAAI,KAAK,CAAC;AACvDC,IAAAA,mBAAmB,GAAGgC,GAAG,CAAChC,mBAAmB,IAAI,KAAK,CAAC;AACvDH,IAAAA,UAAU,GAAGmC,GAAG,CAACnC,UAAU,IAAI,KAAK,CAAC;AACrCI,IAAAA,YAAY,GAAG+B,GAAG,CAAC/B,YAAY,KAAK,KAAK,CAAC;AAC1CC,IAAAA,oBAAoB,GAAG8B,GAAG,CAAC9B,oBAAoB,IAAI,KAAK,CAAC;AACzDE,IAAAA,YAAY,GAAG4B,GAAG,CAAC5B,YAAY,KAAK,KAAK,CAAC;AAC1CC,IAAAA,QAAQ,GAAG2B,GAAG,CAAC3B,QAAQ,IAAI,KAAK,CAAC;AACjCvG,IAAAA,gBAAc,GAAGkI,GAAG,CAACG,kBAAkB,IAAI9D,cAA0B,CAAA;AACrE2C,IAAAA,SAAS,GAAGgB,GAAG,CAAChB,SAAS,IAAID,cAAc,CAAA;AAC3CK,IAAAA,8BAA8B,GAC5BY,GAAG,CAACZ,8BAA8B,IAAIA,8BAA8B,CAAA;AACtEC,IAAAA,uBAAuB,GACrBW,GAAG,CAACX,uBAAuB,IAAIA,uBAAuB,CAAA;AAExDzC,IAAAA,uBAAuB,GAAGoD,GAAG,CAACpD,uBAAuB,IAAI,EAAE,CAAA;AAC3D,IAAA,IACEoD,GAAG,CAACpD,uBAAuB,IAC3BgD,iBAAiB,CAACI,GAAG,CAACpD,uBAAuB,CAACC,YAAY,CAAC,EAC3D;AACAD,MAAAA,uBAAuB,CAACC,YAAY,GAClCmD,GAAG,CAACpD,uBAAuB,CAACC,YAAY,CAAA;AAC5C,KAAA;AAEA,IAAA,IACEmD,GAAG,CAACpD,uBAAuB,IAC3BgD,iBAAiB,CAACI,GAAG,CAACpD,uBAAuB,CAACK,kBAAkB,CAAC,EACjE;AACAL,MAAAA,uBAAuB,CAACK,kBAAkB,GACxC+C,GAAG,CAACpD,uBAAuB,CAACK,kBAAkB,CAAA;AAClD,KAAA;AAEA,IAAA,IACE+C,GAAG,CAACpD,uBAAuB,IAC3B,OAAOoD,GAAG,CAACpD,uBAAuB,CAACM,8BAA8B,KAC/D,SAAS,EACX;AACAN,MAAAA,uBAAuB,CAACM,8BAA8B,GACpD8C,GAAG,CAACpD,uBAAuB,CAACM,8BAA8B,CAAA;AAC9D,KAAA;AAEA,IAAA,IAAIO,kBAAkB,EAAE;AACtBH,MAAAA,eAAe,GAAG,KAAK,CAAA;AACzB,KAAA;AAEA,IAAA,IAAIS,mBAAmB,EAAE;AACvBD,MAAAA,UAAU,GAAG,IAAI,CAAA;AACnB,KAAA;;AAEA;AACA,IAAA,IAAIQ,YAAY,EAAE;MAChBhC,YAAY,GAAG5G,QAAQ,CAAC,EAAE,EAAE8G,IAAS,CAAC,CAAA;AACtCC,MAAAA,YAAY,GAAG,EAAE,CAAA;AACjB,MAAA,IAAI6B,YAAY,CAACrH,IAAI,KAAK,IAAI,EAAE;AAC9BvB,QAAAA,QAAQ,CAAC4G,YAAY,EAAEE,MAAS,CAAC,CAAA;AACjC9G,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,IAAU,CAAC,CAAA;AACpC,OAAA;AAEA,MAAA,IAAI2B,YAAY,CAACpH,GAAG,KAAK,IAAI,EAAE;AAC7BxB,QAAAA,QAAQ,CAAC4G,YAAY,EAAEE,KAAQ,CAAC,CAAA;AAChC9G,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;AACjCjH,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;AACnC,OAAA;AAEA,MAAA,IAAI2B,YAAY,CAACnH,UAAU,KAAK,IAAI,EAAE;AACpCzB,QAAAA,QAAQ,CAAC4G,YAAY,EAAEE,UAAe,CAAC,CAAA;AACvC9G,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;AACjCjH,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;AACnC,OAAA;AAEA,MAAA,IAAI2B,YAAY,CAACjH,MAAM,KAAK,IAAI,EAAE;AAChC3B,QAAAA,QAAQ,CAAC4G,YAAY,EAAEE,QAAW,CAAC,CAAA;AACnC9G,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,MAAY,CAAC,CAAA;AACpCjH,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;AACnC,OAAA;AACF,KAAA;;AAEA;IACA,IAAIqD,GAAG,CAACI,QAAQ,EAAE;MAChB,IAAI9D,YAAY,KAAKC,oBAAoB,EAAE;AACzCD,QAAAA,YAAY,GAAGjG,KAAK,CAACiG,YAAY,CAAC,CAAA;AACpC,OAAA;MAEA5G,QAAQ,CAAC4G,YAAY,EAAE0D,GAAG,CAACI,QAAQ,EAAEvK,iBAAiB,CAAC,CAAA;AACzD,KAAA;IAEA,IAAImK,GAAG,CAACK,QAAQ,EAAE;MAChB,IAAI5D,YAAY,KAAKC,oBAAoB,EAAE;AACzCD,QAAAA,YAAY,GAAGpG,KAAK,CAACoG,YAAY,CAAC,CAAA;AACpC,OAAA;MAEA/G,QAAQ,CAAC+G,YAAY,EAAEuD,GAAG,CAACK,QAAQ,EAAExK,iBAAiB,CAAC,CAAA;AACzD,KAAA;IAEA,IAAImK,GAAG,CAACC,iBAAiB,EAAE;MACzBvK,QAAQ,CAACiJ,mBAAmB,EAAEqB,GAAG,CAACC,iBAAiB,EAAEpK,iBAAiB,CAAC,CAAA;AACzE,KAAA;IAEA,IAAImK,GAAG,CAACzB,eAAe,EAAE;MACvB,IAAIA,eAAe,KAAKC,uBAAuB,EAAE;AAC/CD,QAAAA,eAAe,GAAGlI,KAAK,CAACkI,eAAe,CAAC,CAAA;AAC1C,OAAA;MAEA7I,QAAQ,CAAC6I,eAAe,EAAEyB,GAAG,CAACzB,eAAe,EAAE1I,iBAAiB,CAAC,CAAA;AACnE,KAAA;;AAEA;AACA,IAAA,IAAIuI,YAAY,EAAE;AAChB9B,MAAAA,YAAY,CAAC,OAAO,CAAC,GAAG,IAAI,CAAA;AAC9B,KAAA;;AAEA;AACA,IAAA,IAAIqB,cAAc,EAAE;MAClBjI,QAAQ,CAAC4G,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;AAClD,KAAA;;AAEA;IACA,IAAIA,YAAY,CAACgE,KAAK,EAAE;AACtB5K,MAAAA,QAAQ,CAAC4G,YAAY,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;MACjC,OAAOa,WAAW,CAACoD,KAAK,CAAA;AAC1B,KAAA;IAEA,IAAIP,GAAG,CAACQ,oBAAoB,EAAE;MAC5B,IAAI,OAAOR,GAAG,CAACQ,oBAAoB,CAAC/G,UAAU,KAAK,UAAU,EAAE;QAC7D,MAAM1E,eAAe,CACnB,6EACF,CAAC,CAAA;AACH,OAAA;MAEA,IAAI,OAAOiL,GAAG,CAACQ,oBAAoB,CAAC9G,eAAe,KAAK,UAAU,EAAE;QAClE,MAAM3E,eAAe,CACnB,kFACF,CAAC,CAAA;AACH,OAAA;;AAEA;MACA6G,kBAAkB,GAAGoE,GAAG,CAACQ,oBAAoB,CAAA;;AAE7C;AACA3E,MAAAA,SAAS,GAAGD,kBAAkB,CAACnC,UAAU,CAAC,EAAE,CAAC,CAAA;AAC/C,KAAC,MAAM;AACL;MACA,IAAImC,kBAAkB,KAAK9F,SAAS,EAAE;AACpC8F,QAAAA,kBAAkB,GAAG5C,yBAAyB,CAC5CC,YAAY,EACZuB,aACF,CAAC,CAAA;AACH,OAAA;;AAEA;MACA,IAAIoB,kBAAkB,KAAK,IAAI,IAAI,OAAOC,SAAS,KAAK,QAAQ,EAAE;AAChEA,QAAAA,SAAS,GAAGD,kBAAkB,CAACnC,UAAU,CAAC,EAAE,CAAC,CAAA;AAC/C,OAAA;AACF,KAAA;;AAEA;AACA;AACA,IAAA,IAAIhH,MAAM,EAAE;MACVA,MAAM,CAACuN,GAAG,CAAC,CAAA;AACb,KAAA;AAEAN,IAAAA,MAAM,GAAGM,GAAG,CAAA;GACb,CAAA;;AAED;AACF;AACA;EACE,MAAMS,YAAY,GAAG/K,QAAQ,CAAC,EAAE,EAAE,CAChC,GAAG8G,KAAQ,EACX,GAAGA,UAAe,EAClB,GAAGA,aAAkB,CACtB,CAAC,CAAA;AACF,EAAA,MAAMkE,eAAe,GAAGhL,QAAQ,CAAC,EAAE,EAAE,CACnC,GAAG8G,QAAW,EACd,GAAGA,gBAAqB,CACzB,CAAC,CAAA;;AAEF;AACF;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMmE,oBAAoB,GAAG,SAAvBA,oBAAoBA,CAAa3K,OAAO,EAAE;AAC9C,IAAA,IAAI4K,MAAM,GAAGrF,aAAa,CAACvF,OAAO,CAAC,CAAA;;AAEnC;AACA;AACA,IAAA,IAAI,CAAC4K,MAAM,IAAI,CAACA,MAAM,CAACC,OAAO,EAAE;AAC9BD,MAAAA,MAAM,GAAG;AACPE,QAAAA,YAAY,EAAE9B,SAAS;AACvB6B,QAAAA,OAAO,EAAE,UAAA;OACV,CAAA;AACH,KAAA;AAEA,IAAA,MAAMA,OAAO,GAAGhN,iBAAiB,CAACmC,OAAO,CAAC6K,OAAO,CAAC,CAAA;AAClD,IAAA,MAAME,aAAa,GAAGlN,iBAAiB,CAAC+M,MAAM,CAACC,OAAO,CAAC,CAAA;AAEvD,IAAA,IAAI,CAAC3B,kBAAkB,CAAClJ,OAAO,CAAC8K,YAAY,CAAC,EAAE;AAC7C,MAAA,OAAO,KAAK,CAAA;AACd,KAAA;AAEA,IAAA,IAAI9K,OAAO,CAAC8K,YAAY,KAAKhC,aAAa,EAAE;AAC1C;AACA;AACA;AACA,MAAA,IAAI8B,MAAM,CAACE,YAAY,KAAK/B,cAAc,EAAE;QAC1C,OAAO8B,OAAO,KAAK,KAAK,CAAA;AAC1B,OAAA;;AAEA;AACA;AACA;AACA,MAAA,IAAID,MAAM,CAACE,YAAY,KAAKjC,gBAAgB,EAAE;AAC5C,QAAA,OACEgC,OAAO,KAAK,KAAK,KAChBE,aAAa,KAAK,gBAAgB,IACjC3B,8BAA8B,CAAC2B,aAAa,CAAC,CAAC,CAAA;AAEpD,OAAA;;AAEA;AACA;AACA,MAAA,OAAOC,OAAO,CAACP,YAAY,CAACI,OAAO,CAAC,CAAC,CAAA;AACvC,KAAA;AAEA,IAAA,IAAI7K,OAAO,CAAC8K,YAAY,KAAKjC,gBAAgB,EAAE;AAC7C;AACA;AACA;AACA,MAAA,IAAI+B,MAAM,CAACE,YAAY,KAAK/B,cAAc,EAAE;QAC1C,OAAO8B,OAAO,KAAK,MAAM,CAAA;AAC3B,OAAA;;AAEA;AACA;AACA,MAAA,IAAID,MAAM,CAACE,YAAY,KAAKhC,aAAa,EAAE;AACzC,QAAA,OAAO+B,OAAO,KAAK,MAAM,IAAIxB,uBAAuB,CAAC0B,aAAa,CAAC,CAAA;AACrE,OAAA;;AAEA;AACA;AACA,MAAA,OAAOC,OAAO,CAACN,eAAe,CAACG,OAAO,CAAC,CAAC,CAAA;AAC1C,KAAA;AAEA,IAAA,IAAI7K,OAAO,CAAC8K,YAAY,KAAK/B,cAAc,EAAE;AAC3C;AACA;AACA;MACA,IACE6B,MAAM,CAACE,YAAY,KAAKhC,aAAa,IACrC,CAACO,uBAAuB,CAAC0B,aAAa,CAAC,EACvC;AACA,QAAA,OAAO,KAAK,CAAA;AACd,OAAA;MAEA,IACEH,MAAM,CAACE,YAAY,KAAKjC,gBAAgB,IACxC,CAACO,8BAA8B,CAAC2B,aAAa,CAAC,EAC9C;AACA,QAAA,OAAO,KAAK,CAAA;AACd,OAAA;;AAEA;AACA;AACA,MAAA,OACE,CAACL,eAAe,CAACG,OAAO,CAAC,KACxBvB,4BAA4B,CAACuB,OAAO,CAAC,IAAI,CAACJ,YAAY,CAACI,OAAO,CAAC,CAAC,CAAA;AAErE,KAAA;;AAEA;IACA,IACEtB,iBAAiB,KAAK,uBAAuB,IAC7CL,kBAAkB,CAAClJ,OAAO,CAAC8K,YAAY,CAAC,EACxC;AACA,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;AACA;AACA;AACA;AACA,IAAA,OAAO,KAAK,CAAA;GACb,CAAA;;AAED;AACF;AACA;AACA;AACA;AACE,EAAA,MAAMG,YAAY,GAAG,SAAfA,YAAYA,CAAaC,IAAI,EAAE;AACnCvN,IAAAA,SAAS,CAACqG,SAAS,CAACI,OAAO,EAAE;AAAEpE,MAAAA,OAAO,EAAEkL,IAAAA;AAAK,KAAC,CAAC,CAAA;IAE/C,IAAI;AACF;AACA3F,MAAAA,aAAa,CAAC2F,IAAI,CAAC,CAACC,WAAW,CAACD,IAAI,CAAC,CAAA;KACtC,CAAC,OAAOtH,CAAC,EAAE;MACVwB,MAAM,CAAC8F,IAAI,CAAC,CAAA;AACd,KAAA;GACD,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;EACE,MAAME,gBAAgB,GAAG,SAAnBA,gBAAgBA,CAAaC,IAAI,EAAEH,IAAI,EAAE;IAC7C,IAAI;AACFvN,MAAAA,SAAS,CAACqG,SAAS,CAACI,OAAO,EAAE;AAC3BhC,QAAAA,SAAS,EAAE8I,IAAI,CAACI,gBAAgB,CAACD,IAAI,CAAC;AACtCE,QAAAA,IAAI,EAAEL,IAAAA;AACR,OAAC,CAAC,CAAA;KACH,CAAC,OAAOtH,CAAC,EAAE;AACVjG,MAAAA,SAAS,CAACqG,SAAS,CAACI,OAAO,EAAE;AAC3BhC,QAAAA,SAAS,EAAE,IAAI;AACfmJ,QAAAA,IAAI,EAAEL,IAAAA;AACR,OAAC,CAAC,CAAA;AACJ,KAAA;AAEAA,IAAAA,IAAI,CAACM,eAAe,CAACH,IAAI,CAAC,CAAA;;AAE1B;IACA,IAAIA,IAAI,KAAK,IAAI,IAAI,CAAC5E,YAAY,CAAC4E,IAAI,CAAC,EAAE;MACxC,IAAIvD,UAAU,IAAIC,mBAAmB,EAAE;QACrC,IAAI;UACFkD,YAAY,CAACC,IAAI,CAAC,CAAA;AACpB,SAAC,CAAC,OAAOtH,CAAC,EAAE,EAAC;AACf,OAAC,MAAM;QACL,IAAI;AACFsH,UAAAA,IAAI,CAACO,YAAY,CAACJ,IAAI,EAAE,EAAE,CAAC,CAAA;AAC7B,SAAC,CAAC,OAAOzH,CAAC,EAAE,EAAC;AACf,OAAA;AACF,KAAA;GACD,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACE,EAAA,MAAM8H,aAAa,GAAG,SAAhBA,aAAaA,CAAaC,KAAK,EAAE;AACrC;IACA,IAAIC,GAAG,GAAG,IAAI,CAAA;IACd,IAAIC,iBAAiB,GAAG,IAAI,CAAA;AAE5B,IAAA,IAAIhE,UAAU,EAAE;MACd8D,KAAK,GAAG,mBAAmB,GAAGA,KAAK,CAAA;AACrC,KAAC,MAAM;AACL;AACA,MAAA,MAAMG,OAAO,GAAG5N,WAAW,CAACyN,KAAK,EAAE,aAAa,CAAC,CAAA;AACjDE,MAAAA,iBAAiB,GAAGC,OAAO,IAAIA,OAAO,CAAC,CAAC,CAAC,CAAA;AAC3C,KAAA;AAEA,IAAA,IACEvC,iBAAiB,KAAK,uBAAuB,IAC7CP,SAAS,KAAKD,cAAc,EAC5B;AACA;AACA4C,MAAAA,KAAK,GACH,gEAAgE,GAChEA,KAAK,GACL,gBAAgB,CAAA;AACpB,KAAA;IAEA,MAAMI,YAAY,GAAGnG,kBAAkB,GACnCA,kBAAkB,CAACnC,UAAU,CAACkI,KAAK,CAAC,GACpCA,KAAK,CAAA;AACT;AACJ;AACA;AACA;IACI,IAAI3C,SAAS,KAAKD,cAAc,EAAE;MAChC,IAAI;QACF6C,GAAG,GAAG,IAAI3G,SAAS,EAAE,CAAC+G,eAAe,CAACD,YAAY,EAAExC,iBAAiB,CAAC,CAAA;AACxE,OAAC,CAAC,OAAO3F,CAAC,EAAE,EAAC;AACf,KAAA;;AAEA;AACA,IAAA,IAAI,CAACgI,GAAG,IAAI,CAACA,GAAG,CAACK,eAAe,EAAE;MAChCL,GAAG,GAAG9F,cAAc,CAACoG,cAAc,CAAClD,SAAS,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;MAChE,IAAI;QACF4C,GAAG,CAACK,eAAe,CAACE,SAAS,GAAGlD,cAAc,GAC1CpD,SAAS,GACTkG,YAAY,CAAA;OACjB,CAAC,OAAOnI,CAAC,EAAE;AACV;AAAA,OAAA;AAEJ,KAAA;IAEA,MAAMwI,IAAI,GAAGR,GAAG,CAACQ,IAAI,IAAIR,GAAG,CAACK,eAAe,CAAA;IAE5C,IAAIN,KAAK,IAAIE,iBAAiB,EAAE;AAC9BO,MAAAA,IAAI,CAACC,YAAY,CACf3J,QAAQ,CAAC4J,cAAc,CAACT,iBAAiB,CAAC,EAC1CO,IAAI,CAACG,UAAU,CAAC,CAAC,CAAC,IAAI,IACxB,CAAC,CAAA;AACH,KAAA;;AAEA;IACA,IAAIvD,SAAS,KAAKD,cAAc,EAAE;AAChC,MAAA,OAAO9C,oBAAoB,CAACuG,IAAI,CAC9BZ,GAAG,EACHjE,cAAc,GAAG,MAAM,GAAG,MAC5B,CAAC,CAAC,CAAC,CAAC,CAAA;AACN,KAAA;AAEA,IAAA,OAAOA,cAAc,GAAGiE,GAAG,CAACK,eAAe,GAAGG,IAAI,CAAA;GACnD,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMK,mBAAmB,GAAG,SAAtBA,mBAAmBA,CAAaxI,IAAI,EAAE;IAC1C,OAAO8B,kBAAkB,CAACyG,IAAI,CAC5BvI,IAAI,CAAC0B,aAAa,IAAI1B,IAAI,EAC1BA,IAAI;AACJ;IACAY,UAAU,CAAC6H,YAAY,GACrB7H,UAAU,CAAC8H,YAAY,GACvB9H,UAAU,CAAC+H,SAAS,GACpB/H,UAAU,CAACgI,2BAA2B,GACtChI,UAAU,CAACiI,kBAAkB,EAC/B,IACF,CAAC,CAAA;GACF,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMC,YAAY,GAAG,SAAfA,YAAYA,CAAaC,GAAG,EAAE;AAClC,IAAA,OACEA,GAAG,YAAYhI,eAAe,KAC7B,OAAOgI,GAAG,CAACC,QAAQ,KAAK,QAAQ,IAC/B,OAAOD,GAAG,CAACE,WAAW,KAAK,QAAQ,IACnC,OAAOF,GAAG,CAAC7B,WAAW,KAAK,UAAU,IACrC,EAAE6B,GAAG,CAACG,UAAU,YAAYrI,YAAY,CAAC,IACzC,OAAOkI,GAAG,CAACxB,eAAe,KAAK,UAAU,IACzC,OAAOwB,GAAG,CAACvB,YAAY,KAAK,UAAU,IACtC,OAAOuB,GAAG,CAAClC,YAAY,KAAK,QAAQ,IACpC,OAAOkC,GAAG,CAACX,YAAY,KAAK,UAAU,IACtC,OAAOW,GAAG,CAACI,aAAa,KAAK,UAAU,CAAC,CAAA;GAE7C,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMC,OAAO,GAAG,SAAVA,OAAOA,CAAa/M,MAAM,EAAE;AAChC,IAAA,OAAO,OAAOqE,IAAI,KAAK,UAAU,IAAIrE,MAAM,YAAYqE,IAAI,CAAA;GAC5D,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAM2I,YAAY,GAAG,SAAfA,YAAYA,CAAaC,UAAU,EAAEC,WAAW,EAAEC,IAAI,EAAE;AAC5D,IAAA,IAAI,CAACtH,KAAK,CAACoH,UAAU,CAAC,EAAE;AACtB,MAAA,OAAA;AACF,KAAA;AAEAnQ,IAAAA,YAAY,CAAC+I,KAAK,CAACoH,UAAU,CAAC,EAAGG,IAAI,IAAK;MACxCA,IAAI,CAAClB,IAAI,CAACxI,SAAS,EAAEwJ,WAAW,EAAEC,IAAI,EAAE/D,MAAM,CAAC,CAAA;AACjD,KAAC,CAAC,CAAA;GACH,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMiE,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAaH,WAAW,EAAE;IAC/C,IAAI9H,OAAO,GAAG,IAAI,CAAA;;AAElB;AACA4H,IAAAA,YAAY,CAAC,wBAAwB,EAAEE,WAAW,EAAE,IAAI,CAAC,CAAA;;AAEzD;AACA,IAAA,IAAIT,YAAY,CAACS,WAAW,CAAC,EAAE;MAC7BvC,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;AACA,IAAA,MAAM3C,OAAO,GAAGhL,iBAAiB,CAAC2N,WAAW,CAACP,QAAQ,CAAC,CAAA;;AAEvD;AACAK,IAAAA,YAAY,CAAC,qBAAqB,EAAEE,WAAW,EAAE;MAC/C3C,OAAO;AACP+C,MAAAA,WAAW,EAAEtH,YAAAA;AACf,KAAC,CAAC,CAAA;;AAEF;AACA,IAAA,IACEkH,WAAW,CAACJ,aAAa,EAAE,IAC3B,CAACC,OAAO,CAACG,WAAW,CAACK,iBAAiB,CAAC,IACvCjP,UAAU,CAAC,SAAS,EAAE4O,WAAW,CAACrB,SAAS,CAAC,IAC5CvN,UAAU,CAAC,SAAS,EAAE4O,WAAW,CAACN,WAAW,CAAC,EAC9C;MACAjC,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;AACA,IAAA,IAAIA,WAAW,CAACnJ,QAAQ,KAAKlC,SAAS,CAACK,sBAAsB,EAAE;MAC7DyI,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;AACA,IAAA,IACE9F,YAAY,IACZ8F,WAAW,CAACnJ,QAAQ,KAAKlC,SAAS,CAACM,OAAO,IAC1C7D,UAAU,CAAC,SAAS,EAAE4O,WAAW,CAACC,IAAI,CAAC,EACvC;MACAxC,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;IACA,IAAI,CAAClH,YAAY,CAACuE,OAAO,CAAC,IAAI1D,WAAW,CAAC0D,OAAO,CAAC,EAAE;AAClD;MACA,IAAI,CAAC1D,WAAW,CAAC0D,OAAO,CAAC,IAAIiD,qBAAqB,CAACjD,OAAO,CAAC,EAAE;AAC3D,QAAA,IACEjE,uBAAuB,CAACC,YAAY,YAAYhI,MAAM,IACtDD,UAAU,CAACgI,uBAAuB,CAACC,YAAY,EAAEgE,OAAO,CAAC,EACzD;AACA,UAAA,OAAO,KAAK,CAAA;AACd,SAAA;AAEA,QAAA,IACEjE,uBAAuB,CAACC,YAAY,YAAYiD,QAAQ,IACxDlD,uBAAuB,CAACC,YAAY,CAACgE,OAAO,CAAC,EAC7C;AACA,UAAA,OAAO,KAAK,CAAA;AACd,SAAA;AACF,OAAA;;AAEA;AACA,MAAA,IAAIzC,YAAY,IAAI,CAACG,eAAe,CAACsC,OAAO,CAAC,EAAE;QAC7C,MAAMkD,UAAU,GAAGxI,aAAa,CAACiI,WAAW,CAAC,IAAIA,WAAW,CAACO,UAAU,CAAA;QACvE,MAAMxB,UAAU,GAAGjH,aAAa,CAACkI,WAAW,CAAC,IAAIA,WAAW,CAACjB,UAAU,CAAA;QAEvE,IAAIA,UAAU,IAAIwB,UAAU,EAAE;AAC5B,UAAA,MAAMC,UAAU,GAAGzB,UAAU,CAACjN,MAAM,CAAA;AAEpC,UAAA,KAAK,IAAI2O,CAAC,GAAGD,UAAU,GAAG,CAAC,EAAEC,CAAC,IAAI,CAAC,EAAE,EAAEA,CAAC,EAAE;YACxC,MAAMC,UAAU,GAAG/I,SAAS,CAACoH,UAAU,CAAC0B,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;YACjDC,UAAU,CAACC,cAAc,GAAG,CAACX,WAAW,CAACW,cAAc,IAAI,CAAC,IAAI,CAAC,CAAA;YACjEJ,UAAU,CAAC1B,YAAY,CAAC6B,UAAU,EAAE7I,cAAc,CAACmI,WAAW,CAAC,CAAC,CAAA;AAClE,WAAA;AACF,SAAA;AACF,OAAA;MAEAvC,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;IACA,IAAIA,WAAW,YAAY5I,OAAO,IAAI,CAAC+F,oBAAoB,CAAC6C,WAAW,CAAC,EAAE;MACxEvC,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;IACA,IACE,CAAC3C,OAAO,KAAK,UAAU,IACrBA,OAAO,KAAK,SAAS,IACrBA,OAAO,KAAK,UAAU,KACxBjM,UAAU,CAAC,6BAA6B,EAAE4O,WAAW,CAACrB,SAAS,CAAC,EAChE;MACAlB,YAAY,CAACuC,WAAW,CAAC,CAAA;AACzB,MAAA,OAAO,IAAI,CAAA;AACb,KAAA;;AAEA;IACA,IAAI/F,kBAAkB,IAAI+F,WAAW,CAACnJ,QAAQ,KAAKlC,SAAS,CAACZ,IAAI,EAAE;AACjE;MACAmE,OAAO,GAAG8H,WAAW,CAACN,WAAW,CAAA;MAEjC9P,YAAY,CAAC,CAACqE,aAAa,EAAEC,QAAQ,EAAEC,WAAW,CAAC,EAAGyM,IAAI,IAAK;QAC7D1I,OAAO,GAAGtH,aAAa,CAACsH,OAAO,EAAE0I,IAAI,EAAE,GAAG,CAAC,CAAA;AAC7C,OAAC,CAAC,CAAA;AAEF,MAAA,IAAIZ,WAAW,CAACN,WAAW,KAAKxH,OAAO,EAAE;AACvC/H,QAAAA,SAAS,CAACqG,SAAS,CAACI,OAAO,EAAE;AAAEpE,UAAAA,OAAO,EAAEwN,WAAW,CAACrI,SAAS,EAAC;AAAE,SAAC,CAAC,CAAA;QAClEqI,WAAW,CAACN,WAAW,GAAGxH,OAAO,CAAA;AACnC,OAAA;AACF,KAAA;;AAEA;AACA4H,IAAAA,YAAY,CAAC,uBAAuB,EAAEE,WAAW,EAAE,IAAI,CAAC,CAAA;AAExD,IAAA,OAAO,KAAK,CAAA;GACb,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACE;EACA,MAAMa,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAaC,KAAK,EAAEC,MAAM,EAAE9N,KAAK,EAAE;AACxD;AACA,IAAA,IACEwH,YAAY,KACXsG,MAAM,KAAK,IAAI,IAAIA,MAAM,KAAK,MAAM,CAAC,KACrC9N,KAAK,IAAIiC,QAAQ,IAAIjC,KAAK,IAAIkJ,WAAW,CAAC,EAC3C;AACA,MAAA,OAAO,KAAK,CAAA;AACd,KAAA;;AAEA;AACJ;AACA;AACA;AACI,IAAA,IACErC,eAAe,IACf,CAACF,WAAW,CAACmH,MAAM,CAAC,IACpB3P,UAAU,CAACgD,SAAS,EAAE2M,MAAM,CAAC,EAC7B,CAED,MAAM,IAAIlH,eAAe,IAAIzI,UAAU,CAACiD,SAAS,EAAE0M,MAAM,CAAC,EAAE,CAG5D,MAAM,IAAI,CAAC9H,YAAY,CAAC8H,MAAM,CAAC,IAAInH,WAAW,CAACmH,MAAM,CAAC,EAAE;AACvD,MAAA;AACE;AACA;AACA;AACCT,MAAAA,qBAAqB,CAACQ,KAAK,CAAC,KACzB1H,uBAAuB,CAACC,YAAY,YAAYhI,MAAM,IACtDD,UAAU,CAACgI,uBAAuB,CAACC,YAAY,EAAEyH,KAAK,CAAC,IACtD1H,uBAAuB,CAACC,YAAY,YAAYiD,QAAQ,IACvDlD,uBAAuB,CAACC,YAAY,CAACyH,KAAK,CAAE,CAAC,KAC/C1H,uBAAuB,CAACK,kBAAkB,YAAYpI,MAAM,IAC5DD,UAAU,CAACgI,uBAAuB,CAACK,kBAAkB,EAAEsH,MAAM,CAAC,IAC7D3H,uBAAuB,CAACK,kBAAkB,YAAY6C,QAAQ,IAC7DlD,uBAAuB,CAACK,kBAAkB,CAACsH,MAAM,CAAE,CAAC;AAC1D;AACA;AACCA,MAAAA,MAAM,KAAK,IAAI,IACd3H,uBAAuB,CAACM,8BAA8B,KACpDN,uBAAuB,CAACC,YAAY,YAAYhI,MAAM,IACtDD,UAAU,CAACgI,uBAAuB,CAACC,YAAY,EAAEpG,KAAK,CAAC,IACtDmG,uBAAuB,CAACC,YAAY,YAAYiD,QAAQ,IACvDlD,uBAAuB,CAACC,YAAY,CAACpG,KAAK,CAAE,CAAE,EACpD,CAGD,MAAM;AACL,QAAA,OAAO,KAAK,CAAA;AACd,OAAA;AACA;AACF,KAAC,MAAM,IAAIkI,mBAAmB,CAAC4F,MAAM,CAAC,EAAE,CAIvC,MAAM,IACL3P,UAAU,CAACkD,gBAAc,EAAE1D,aAAa,CAACqC,KAAK,EAAEuB,eAAe,EAAE,EAAE,CAAC,CAAC,EACrE,CAID,MAAM,IACL,CAACuM,MAAM,KAAK,KAAK,IAAIA,MAAM,KAAK,YAAY,IAAIA,MAAM,KAAK,MAAM,KACjED,KAAK,KAAK,QAAQ,IAClBhQ,aAAa,CAACmC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,IACnCgI,aAAa,CAAC6F,KAAK,CAAC,EACpB,CAKD,MAAM,IACL/G,uBAAuB,IACvB,CAAC3I,UAAU,CAACmD,iBAAiB,EAAE3D,aAAa,CAACqC,KAAK,EAAEuB,eAAe,EAAE,EAAE,CAAC,CAAC,EACzE,CAGD,MAAM,IAAIvB,KAAK,EAAE;AAChB,MAAA,OAAO,KAAK,CAAA;AACd,KAAC,MAAM,CAEL;AAGF,IAAA,OAAO,IAAI,CAAA;GACZ,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMqN,qBAAqB,GAAG,SAAxBA,qBAAqBA,CAAajD,OAAO,EAAE;IAC/C,OAAOA,OAAO,KAAK,gBAAgB,IAAI3M,WAAW,CAAC2M,OAAO,EAAE3I,cAAc,CAAC,CAAA;GAC5E,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACE,EAAA,MAAMsM,mBAAmB,GAAG,SAAtBA,mBAAmBA,CAAahB,WAAW,EAAE;AACjD;AACAF,IAAAA,YAAY,CAAC,0BAA0B,EAAEE,WAAW,EAAE,IAAI,CAAC,CAAA;IAE3D,MAAM;AAAEL,MAAAA,UAAAA;AAAW,KAAC,GAAGK,WAAW,CAAA;;AAElC;IACA,IAAI,CAACL,UAAU,EAAE;AACf,MAAA,OAAA;AACF,KAAA;AAEA,IAAA,MAAMsB,SAAS,GAAG;AAChBC,MAAAA,QAAQ,EAAE,EAAE;AACZC,MAAAA,SAAS,EAAE,EAAE;AACbC,MAAAA,QAAQ,EAAE,IAAI;AACdC,MAAAA,iBAAiB,EAAEpI,YAAAA;KACpB,CAAA;AACD,IAAA,IAAI1G,CAAC,GAAGoN,UAAU,CAAC7N,MAAM,CAAA;;AAEzB;IACA,OAAOS,CAAC,EAAE,EAAE;AACV,MAAA,MAAM+O,IAAI,GAAG3B,UAAU,CAACpN,CAAC,CAAC,CAAA;MAC1B,MAAM;QAAEsL,IAAI;QAAEP,YAAY;AAAErK,QAAAA,KAAK,EAAEkO,SAAAA;AAAU,OAAC,GAAGG,IAAI,CAAA;AACrD,MAAA,MAAMP,MAAM,GAAG1O,iBAAiB,CAACwL,IAAI,CAAC,CAAA;MAEtC,IAAI5K,KAAK,GAAG4K,IAAI,KAAK,OAAO,GAAGsD,SAAS,GAAGnQ,UAAU,CAACmQ,SAAS,CAAC,CAAA;;AAEhE;MACAF,SAAS,CAACC,QAAQ,GAAGH,MAAM,CAAA;MAC3BE,SAAS,CAACE,SAAS,GAAGlO,KAAK,CAAA;MAC3BgO,SAAS,CAACG,QAAQ,GAAG,IAAI,CAAA;AACzBH,MAAAA,SAAS,CAACM,aAAa,GAAGjP,SAAS,CAAC;AACpCwN,MAAAA,YAAY,CAAC,uBAAuB,EAAEE,WAAW,EAAEiB,SAAS,CAAC,CAAA;MAC7DhO,KAAK,GAAGgO,SAAS,CAACE,SAAS,CAAA;;AAE3B;AACN;AACA;MACM,IAAIzG,oBAAoB,KAAKqG,MAAM,KAAK,IAAI,IAAIA,MAAM,KAAK,MAAM,CAAC,EAAE;AAClE;AACAnD,QAAAA,gBAAgB,CAACC,IAAI,EAAEmC,WAAW,CAAC,CAAA;;AAEnC;QACA/M,KAAK,GAAG0H,2BAA2B,GAAG1H,KAAK,CAAA;AAC7C,OAAA;;AAEA;MACA,IAAIiH,YAAY,IAAI9I,UAAU,CAAC,+BAA+B,EAAE6B,KAAK,CAAC,EAAE;AACtE2K,QAAAA,gBAAgB,CAACC,IAAI,EAAEmC,WAAW,CAAC,CAAA;AACnC,QAAA,SAAA;AACF,OAAA;;AAEA;MACA,IAAIiB,SAAS,CAACM,aAAa,EAAE;AAC3B,QAAA,SAAA;AACF,OAAA;;AAEA;AACA3D,MAAAA,gBAAgB,CAACC,IAAI,EAAEmC,WAAW,CAAC,CAAA;;AAEnC;AACA,MAAA,IAAI,CAACiB,SAAS,CAACG,QAAQ,EAAE;AACvB,QAAA,SAAA;AACF,OAAA;;AAEA;MACA,IAAI,CAACpH,wBAAwB,IAAI5I,UAAU,CAAC,MAAM,EAAE6B,KAAK,CAAC,EAAE;AAC1D2K,QAAAA,gBAAgB,CAACC,IAAI,EAAEmC,WAAW,CAAC,CAAA;AACnC,QAAA,SAAA;AACF,OAAA;;AAEA;AACA,MAAA,IAAI/F,kBAAkB,EAAE;QACtBrK,YAAY,CAAC,CAACqE,aAAa,EAAEC,QAAQ,EAAEC,WAAW,CAAC,EAAGyM,IAAI,IAAK;UAC7D3N,KAAK,GAAGrC,aAAa,CAACqC,KAAK,EAAE2N,IAAI,EAAE,GAAG,CAAC,CAAA;AACzC,SAAC,CAAC,CAAA;AACJ,OAAA;;AAEA;AACA,MAAA,MAAME,KAAK,GAAGzO,iBAAiB,CAAC2N,WAAW,CAACP,QAAQ,CAAC,CAAA;MACrD,IAAI,CAACoB,iBAAiB,CAACC,KAAK,EAAEC,MAAM,EAAE9N,KAAK,CAAC,EAAE;AAC5C,QAAA,SAAA;AACF,OAAA;;AAEA;AACA,MAAA,IACEmF,kBAAkB,IAClB,OAAO3C,YAAY,KAAK,QAAQ,IAChC,OAAOA,YAAY,CAAC+L,gBAAgB,KAAK,UAAU,EACnD;AACA,QAAA,IAAIlE,YAAY,EAAE,CAEjB,MAAM;AACL,UAAA,QAAQ7H,YAAY,CAAC+L,gBAAgB,CAACV,KAAK,EAAEC,MAAM,CAAC;AAClD,YAAA,KAAK,aAAa;AAAE,cAAA;AAClB9N,gBAAAA,KAAK,GAAGmF,kBAAkB,CAACnC,UAAU,CAAChD,KAAK,CAAC,CAAA;AAC5C,gBAAA,MAAA;AACF,eAAA;AAEA,YAAA,KAAK,kBAAkB;AAAE,cAAA;AACvBA,gBAAAA,KAAK,GAAGmF,kBAAkB,CAAClC,eAAe,CAACjD,KAAK,CAAC,CAAA;AACjD,gBAAA,MAAA;AACF,eAAA;AAKF,WAAA;AACF,SAAA;AACF,OAAA;;AAEA;MACA,IAAI;AACF,QAAA,IAAIqK,YAAY,EAAE;UAChB0C,WAAW,CAACyB,cAAc,CAACnE,YAAY,EAAEO,IAAI,EAAE5K,KAAK,CAAC,CAAA;AACvD,SAAC,MAAM;AACL;AACA+M,UAAAA,WAAW,CAAC/B,YAAY,CAACJ,IAAI,EAAE5K,KAAK,CAAC,CAAA;AACvC,SAAA;AAEA,QAAA,IAAIsM,YAAY,CAACS,WAAW,CAAC,EAAE;UAC7BvC,YAAY,CAACuC,WAAW,CAAC,CAAA;AAC3B,SAAC,MAAM;AACL/P,UAAAA,QAAQ,CAACuG,SAAS,CAACI,OAAO,CAAC,CAAA;AAC7B,SAAA;AACF,OAAC,CAAC,OAAOR,CAAC,EAAE,EAAC;AACf,KAAA;;AAEA;AACA0J,IAAAA,YAAY,CAAC,yBAAyB,EAAEE,WAAW,EAAE,IAAI,CAAC,CAAA;GAC3D,CAAA;;AAED;AACF;AACA;AACA;AACA;AACE,EAAA,MAAM0B,kBAAkB,GAAG,SAArBA,kBAAkBA,CAAaC,QAAQ,EAAE;IAC7C,IAAIC,UAAU,GAAG,IAAI,CAAA;AACrB,IAAA,MAAMC,cAAc,GAAG5C,mBAAmB,CAAC0C,QAAQ,CAAC,CAAA;;AAEpD;AACA7B,IAAAA,YAAY,CAAC,yBAAyB,EAAE6B,QAAQ,EAAE,IAAI,CAAC,CAAA;AAEvD,IAAA,OAAQC,UAAU,GAAGC,cAAc,CAACC,QAAQ,EAAE,EAAG;AAC/C;AACAhC,MAAAA,YAAY,CAAC,wBAAwB,EAAE8B,UAAU,EAAE,IAAI,CAAC,CAAA;;AAExD;AACA,MAAA,IAAIzB,iBAAiB,CAACyB,UAAU,CAAC,EAAE;AACjC,QAAA,SAAA;AACF,OAAA;;AAEA;AACA,MAAA,IAAIA,UAAU,CAAC1J,OAAO,YAAYjB,gBAAgB,EAAE;AAClDyK,QAAAA,kBAAkB,CAACE,UAAU,CAAC1J,OAAO,CAAC,CAAA;AACxC,OAAA;;AAEA;MACA8I,mBAAmB,CAACY,UAAU,CAAC,CAAA;AACjC,KAAA;;AAEA;AACA9B,IAAAA,YAAY,CAAC,wBAAwB,EAAE6B,QAAQ,EAAE,IAAI,CAAC,CAAA;GACvD,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACE;AACAnL,EAAAA,SAAS,CAACuL,QAAQ,GAAG,UAAU5D,KAAK,EAAY;AAAA,IAAA,IAAV3B,GAAG,GAAA3K,SAAA,CAAAC,MAAA,GAAA,CAAA,IAAAD,SAAA,CAAA,CAAA,CAAA,KAAAS,SAAA,GAAAT,SAAA,CAAA,CAAA,CAAA,GAAG,EAAE,CAAA;IAC5C,IAAI+M,IAAI,GAAG,IAAI,CAAA;IACf,IAAIoD,YAAY,GAAG,IAAI,CAAA;IACvB,IAAIhC,WAAW,GAAG,IAAI,CAAA;IACtB,IAAIiC,UAAU,GAAG,IAAI,CAAA;AACrB;AACJ;AACA;IACIxG,cAAc,GAAG,CAAC0C,KAAK,CAAA;AACvB,IAAA,IAAI1C,cAAc,EAAE;AAClB0C,MAAAA,KAAK,GAAG,OAAO,CAAA;AACjB,KAAA;;AAEA;IACA,IAAI,OAAOA,KAAK,KAAK,QAAQ,IAAI,CAAC0B,OAAO,CAAC1B,KAAK,CAAC,EAAE;AAChD,MAAA,IAAI,OAAOA,KAAK,CAAC1N,QAAQ,KAAK,UAAU,EAAE;AACxC0N,QAAAA,KAAK,GAAGA,KAAK,CAAC1N,QAAQ,EAAE,CAAA;AACxB,QAAA,IAAI,OAAO0N,KAAK,KAAK,QAAQ,EAAE;UAC7B,MAAM5M,eAAe,CAAC,iCAAiC,CAAC,CAAA;AAC1D,SAAA;AACF,OAAC,MAAM;QACL,MAAMA,eAAe,CAAC,4BAA4B,CAAC,CAAA;AACrD,OAAA;AACF,KAAA;;AAEA;AACA,IAAA,IAAI,CAACiF,SAAS,CAACM,WAAW,EAAE;AAC1B,MAAA,OAAOqH,KAAK,CAAA;AACd,KAAA;;AAEA;IACA,IAAI,CAAC/D,UAAU,EAAE;MACfmC,YAAY,CAACC,GAAG,CAAC,CAAA;AACnB,KAAA;;AAEA;IACAhG,SAAS,CAACI,OAAO,GAAG,EAAE,CAAA;;AAEtB;AACA,IAAA,IAAI,OAAOuH,KAAK,KAAK,QAAQ,EAAE;AAC7BtD,MAAAA,QAAQ,GAAG,KAAK,CAAA;AAClB,KAAA;AAEA,IAAA,IAAIA,QAAQ,EAAE;AACZ;MACA,IAAIsD,KAAK,CAACsB,QAAQ,EAAE;AAClB,QAAA,MAAMpC,OAAO,GAAGhL,iBAAiB,CAAC8L,KAAK,CAACsB,QAAQ,CAAC,CAAA;QACjD,IAAI,CAAC3G,YAAY,CAACuE,OAAO,CAAC,IAAI1D,WAAW,CAAC0D,OAAO,CAAC,EAAE;UAClD,MAAM9L,eAAe,CACnB,yDACF,CAAC,CAAA;AACH,SAAA;AACF,OAAA;AACF,KAAC,MAAM,IAAI4M,KAAK,YAAYhH,IAAI,EAAE;AAChC;AACN;AACMyH,MAAAA,IAAI,GAAGV,aAAa,CAAC,SAAS,CAAC,CAAA;MAC/B8D,YAAY,GAAGpD,IAAI,CAACzG,aAAa,CAACO,UAAU,CAACyF,KAAK,EAAE,IAAI,CAAC,CAAA;AACzD,MAAA,IACE6D,YAAY,CAACnL,QAAQ,KAAKlC,SAAS,CAACnC,OAAO,IAC3CwP,YAAY,CAACvC,QAAQ,KAAK,MAAM,EAChC;AACA;AACAb,QAAAA,IAAI,GAAGoD,YAAY,CAAA;AACrB,OAAC,MAAM,IAAIA,YAAY,CAACvC,QAAQ,KAAK,MAAM,EAAE;AAC3Cb,QAAAA,IAAI,GAAGoD,YAAY,CAAA;AACrB,OAAC,MAAM;AACL;AACApD,QAAAA,IAAI,CAACsD,WAAW,CAACF,YAAY,CAAC,CAAA;AAChC,OAAA;AACF,KAAC,MAAM;AACL;AACA,MAAA,IACE,CAAC1H,UAAU,IACX,CAACL,kBAAkB,IACnB,CAACE,cAAc;AACf;MACAgE,KAAK,CAACpN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EACzB;QACA,OAAOqH,kBAAkB,IAAIoC,mBAAmB,GAC5CpC,kBAAkB,CAACnC,UAAU,CAACkI,KAAK,CAAC,GACpCA,KAAK,CAAA;AACX,OAAA;;AAEA;AACAS,MAAAA,IAAI,GAAGV,aAAa,CAACC,KAAK,CAAC,CAAA;;AAE3B;MACA,IAAI,CAACS,IAAI,EAAE;QACT,OAAOtE,UAAU,GAAG,IAAI,GAAGE,mBAAmB,GAAGnC,SAAS,GAAG,EAAE,CAAA;AACjE,OAAA;AACF,KAAA;;AAEA;IACA,IAAIuG,IAAI,IAAIvE,UAAU,EAAE;AACtBoD,MAAAA,YAAY,CAACmB,IAAI,CAACuD,UAAU,CAAC,CAAA;AAC/B,KAAA;;AAEA;IACA,MAAMC,YAAY,GAAGnD,mBAAmB,CAACpE,QAAQ,GAAGsD,KAAK,GAAGS,IAAI,CAAC,CAAA;;AAEjE;AACA,IAAA,OAAQoB,WAAW,GAAGoC,YAAY,CAACN,QAAQ,EAAE,EAAG;AAC9C;AACA,MAAA,IAAI3B,iBAAiB,CAACH,WAAW,CAAC,EAAE;AAClC,QAAA,SAAA;AACF,OAAA;;AAEA;AACA,MAAA,IAAIA,WAAW,CAAC9H,OAAO,YAAYjB,gBAAgB,EAAE;AACnDyK,QAAAA,kBAAkB,CAAC1B,WAAW,CAAC9H,OAAO,CAAC,CAAA;AACzC,OAAA;;AAEA;MACA8I,mBAAmB,CAAChB,WAAW,CAAC,CAAA;AAClC,KAAA;;AAEA;AACA,IAAA,IAAInF,QAAQ,EAAE;AACZ,MAAA,OAAOsD,KAAK,CAAA;AACd,KAAA;;AAEA;AACA,IAAA,IAAI7D,UAAU,EAAE;AACd,MAAA,IAAIC,mBAAmB,EAAE;QACvB0H,UAAU,GAAGzJ,sBAAsB,CAACwG,IAAI,CAACJ,IAAI,CAACzG,aAAa,CAAC,CAAA;QAE5D,OAAOyG,IAAI,CAACuD,UAAU,EAAE;AACtB;AACAF,UAAAA,UAAU,CAACC,WAAW,CAACtD,IAAI,CAACuD,UAAU,CAAC,CAAA;AACzC,SAAA;AACF,OAAC,MAAM;AACLF,QAAAA,UAAU,GAAGrD,IAAI,CAAA;AACnB,OAAA;AAEA,MAAA,IAAI3F,YAAY,CAACoJ,UAAU,IAAIpJ,YAAY,CAACqJ,cAAc,EAAE;AAC1D;AACR;AACA;AACA;AACA;AACA;AACA;QACQL,UAAU,GAAGvJ,UAAU,CAACsG,IAAI,CAACjI,gBAAgB,EAAEkL,UAAU,EAAE,IAAI,CAAC,CAAA;AAClE,OAAA;AAEA,MAAA,OAAOA,UAAU,CAAA;AACnB,KAAA;IAEA,IAAIM,cAAc,GAAGpI,cAAc,GAAGyE,IAAI,CAAC4D,SAAS,GAAG5D,IAAI,CAACD,SAAS,CAAA;;AAErE;AACA,IAAA,IACExE,cAAc,IACdrB,YAAY,CAAC,UAAU,CAAC,IACxB8F,IAAI,CAACzG,aAAa,IAClByG,IAAI,CAACzG,aAAa,CAACsK,OAAO,IAC1B7D,IAAI,CAACzG,aAAa,CAACsK,OAAO,CAAC5E,IAAI,IAC/BzM,UAAU,CAACyH,YAAwB,EAAE+F,IAAI,CAACzG,aAAa,CAACsK,OAAO,CAAC5E,IAAI,CAAC,EACrE;AACA0E,MAAAA,cAAc,GACZ,YAAY,GAAG3D,IAAI,CAACzG,aAAa,CAACsK,OAAO,CAAC5E,IAAI,GAAG,KAAK,GAAG0E,cAAc,CAAA;AAC3E,KAAA;;AAEA;AACA,IAAA,IAAItI,kBAAkB,EAAE;MACtBrK,YAAY,CAAC,CAACqE,aAAa,EAAEC,QAAQ,EAAEC,WAAW,CAAC,EAAGyM,IAAI,IAAK;QAC7D2B,cAAc,GAAG3R,aAAa,CAAC2R,cAAc,EAAE3B,IAAI,EAAE,GAAG,CAAC,CAAA;AAC3D,OAAC,CAAC,CAAA;AACJ,KAAA;IAEA,OAAOxI,kBAAkB,IAAIoC,mBAAmB,GAC5CpC,kBAAkB,CAACnC,UAAU,CAACsM,cAAc,CAAC,GAC7CA,cAAc,CAAA;GACnB,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;EACE/L,SAAS,CAACkM,SAAS,GAAG,YAAoB;AAAA,IAAA,IAAVlG,GAAG,GAAA3K,SAAA,CAAAC,MAAA,GAAA,CAAA,IAAAD,SAAA,CAAA,CAAA,CAAA,KAAAS,SAAA,GAAAT,SAAA,CAAA,CAAA,CAAA,GAAG,EAAE,CAAA;IACtC0K,YAAY,CAACC,GAAG,CAAC,CAAA;AACjBpC,IAAAA,UAAU,GAAG,IAAI,CAAA;GAClB,CAAA;;AAED;AACF;AACA;AACA;AACA;EACE5D,SAAS,CAACmM,WAAW,GAAG,YAAY;AAClCzG,IAAAA,MAAM,GAAG,IAAI,CAAA;AACb9B,IAAAA,UAAU,GAAG,KAAK,CAAA;GACnB,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE5D,SAAS,CAACoM,gBAAgB,GAAG,UAAUC,GAAG,EAAEvB,IAAI,EAAErO,KAAK,EAAE;AACvD;IACA,IAAI,CAACiJ,MAAM,EAAE;MACXK,YAAY,CAAC,EAAE,CAAC,CAAA;AAClB,KAAA;AAEA,IAAA,MAAMuE,KAAK,GAAGzO,iBAAiB,CAACwQ,GAAG,CAAC,CAAA;AACpC,IAAA,MAAM9B,MAAM,GAAG1O,iBAAiB,CAACiP,IAAI,CAAC,CAAA;AACtC,IAAA,OAAOT,iBAAiB,CAACC,KAAK,EAAEC,MAAM,EAAE9N,KAAK,CAAC,CAAA;GAC/C,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACEuD,EAAAA,SAAS,CAACsM,OAAO,GAAG,UAAU/C,UAAU,EAAEgD,YAAY,EAAE;AACtD,IAAA,IAAI,OAAOA,YAAY,KAAK,UAAU,EAAE;AACtC,MAAA,OAAA;AACF,KAAA;IAEApK,KAAK,CAACoH,UAAU,CAAC,GAAGpH,KAAK,CAACoH,UAAU,CAAC,IAAI,EAAE,CAAA;AAC3C5P,IAAAA,SAAS,CAACwI,KAAK,CAACoH,UAAU,CAAC,EAAEgD,YAAY,CAAC,CAAA;GAC3C,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACEvM,EAAAA,SAAS,CAACwM,UAAU,GAAG,UAAUjD,UAAU,EAAE;AAC3C,IAAA,IAAIpH,KAAK,CAACoH,UAAU,CAAC,EAAE;AACrB,MAAA,OAAO9P,QAAQ,CAAC0I,KAAK,CAACoH,UAAU,CAAC,CAAC,CAAA;AACpC,KAAA;GACD,CAAA;;AAED;AACF;AACA;AACA;AACA;AACA;AACEvJ,EAAAA,SAAS,CAACyM,WAAW,GAAG,UAAUlD,UAAU,EAAE;AAC5C,IAAA,IAAIpH,KAAK,CAACoH,UAAU,CAAC,EAAE;AACrBpH,MAAAA,KAAK,CAACoH,UAAU,CAAC,GAAG,EAAE,CAAA;AACxB,KAAA;GACD,CAAA;;AAED;AACF;AACA;AACA;EACEvJ,SAAS,CAAC0M,cAAc,GAAG,YAAY;IACrCvK,KAAK,GAAG,EAAE,CAAA;GACX,CAAA;AAED,EAAA,OAAOnC,SAAS,CAAA;AAClB,CAAA;AAEA,aAAeD,eAAe,EAAE;;;;"} \ No newline at end of file +{"version":3,"file":"purify.es.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"} \ No newline at end of file diff --git a/dist/purify.js b/dist/purify.js index c9cac468c..3c008643a 100644 --- a/dist/purify.js +++ b/dist/purify.js @@ -54,12 +54,11 @@ const objectHasOwnProperty = unapply(Object.prototype.hasOwnProperty); const regExpTest = unapply(RegExp.prototype.test); const typeErrorCreate = unconstruct(TypeError); - /** * Creates a new function that calls the given function with a specified thisArg and arguments. * - * @param {Function} func - The function to be wrapped and called. - * @returns {Function} A new function that calls the given function with a specified thisArg and arguments. + * @param func - The function to be wrapped and called. + * @returns A new function that calls the given function with a specified thisArg and arguments. */ function unapply(func) { return function (thisArg) { @@ -69,12 +68,11 @@ return apply(func, thisArg, args); }; } - /** * Creates a new function that constructs an instance of the given constructor function with the provided arguments. * - * @param {Function} func - The constructor function to be wrapped and called. - * @returns {Function} A new function that constructs an instance of the given constructor function with the provided arguments. + * @param func - The constructor function to be wrapped and called. + * @returns A new function that constructs an instance of the given constructor function with the provided arguments. */ function unconstruct(func) { return function () { @@ -84,14 +82,13 @@ return construct(func, args); }; } - /** * Add properties to a lookup table * - * @param {Object} set - The set to which elements will be added. - * @param {Array} array - The array containing elements to be added to the set. - * @param {Function} transformCaseFunc - An optional function to transform the case of each element before adding to the set. - * @returns {Object} The modified set with added elements. + * @param set - The set to which elements will be added. + * @param array - The array containing elements to be added to the set. + * @param transformCaseFunc - An optional function to transform the case of each element before adding to the set. + * @returns The modified set with added elements. */ function addToSet(set, array) { let transformCaseFunc = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : stringToLowerCase; @@ -118,12 +115,11 @@ } return set; } - /** * Clean up an array to harden against CSPP * - * @param {Array} array - The array to be cleaned. - * @returns {Array} The cleaned version of the array + * @param array - The array to be cleaned. + * @returns The cleaned version of the array */ function cleanArray(array) { for (let index = 0; index < array.length; index++) { @@ -134,12 +130,11 @@ } return array; } - /** * Shallow clone an object * - * @param {Object} object - The object to be cloned. - * @returns {Object} A new object that copies the original. + * @param object - The object to be cloned. + * @returns A new object that copies the original. */ function clone(object) { const newObject = create(null); @@ -157,13 +152,12 @@ } return newObject; } - /** * This method automatically checks if the prop is function or getter and behaves accordingly. * - * @param {Object} object - The object to look up the getter function in its prototype chain. - * @param {String} prop - The property name for which to find the getter function. - * @returns {Function} The getter function found in the prototype chain or a fallback function. + * @param object - The object to look up the getter function in its prototype chain. + * @param prop - The property name for which to find the getter function. + * @returns The getter function found in the prototype chain or a fallback function. */ function lookupGetter(object, prop) { while (object !== null) { @@ -185,18 +179,15 @@ } const html$1 = freeze(['a', 'abbr', 'acronym', 'address', 'area', 'article', 'aside', 'audio', 'b', 'bdi', 'bdo', 'big', 'blink', 'blockquote', 'body', 'br', 'button', 'canvas', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'content', 'data', 'datalist', 'dd', 'decorator', 'del', 'details', 'dfn', 'dialog', 'dir', 'div', 'dl', 'dt', 'element', 'em', 'fieldset', 'figcaption', 'figure', 'font', 'footer', 'form', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'header', 'hgroup', 'hr', 'html', 'i', 'img', 'input', 'ins', 'kbd', 'label', 'legend', 'li', 'main', 'map', 'mark', 'marquee', 'menu', 'menuitem', 'meter', 'nav', 'nobr', 'ol', 'optgroup', 'option', 'output', 'p', 'picture', 'pre', 'progress', 'q', 'rp', 'rt', 'ruby', 's', 'samp', 'section', 'select', 'shadow', 'small', 'source', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'template', 'textarea', 'tfoot', 'th', 'thead', 'time', 'tr', 'track', 'tt', 'u', 'ul', 'var', 'video', 'wbr']); - // SVG const svg$1 = freeze(['svg', 'a', 'altglyph', 'altglyphdef', 'altglyphitem', 'animatecolor', 'animatemotion', 'animatetransform', 'circle', 'clippath', 'defs', 'desc', 'ellipse', 'filter', 'font', 'g', 'glyph', 'glyphref', 'hkern', 'image', 'line', 'lineargradient', 'marker', 'mask', 'metadata', 'mpath', 'path', 'pattern', 'polygon', 'polyline', 'radialgradient', 'rect', 'stop', 'style', 'switch', 'symbol', 'text', 'textpath', 'title', 'tref', 'tspan', 'view', 'vkern']); const svgFilters = freeze(['feBlend', 'feColorMatrix', 'feComponentTransfer', 'feComposite', 'feConvolveMatrix', 'feDiffuseLighting', 'feDisplacementMap', 'feDistantLight', 'feDropShadow', 'feFlood', 'feFuncA', 'feFuncB', 'feFuncG', 'feFuncR', 'feGaussianBlur', 'feImage', 'feMerge', 'feMergeNode', 'feMorphology', 'feOffset', 'fePointLight', 'feSpecularLighting', 'feSpotLight', 'feTile', 'feTurbulence']); - // List of SVG elements that are disallowed by default. // We still need to know them so that we can do namespace // checks properly in case one wants to add them to // allow-list. const svgDisallowed = freeze(['animate', 'color-profile', 'cursor', 'discard', 'font-face', 'font-face-format', 'font-face-name', 'font-face-src', 'font-face-uri', 'foreignobject', 'hatch', 'hatchpath', 'mesh', 'meshgradient', 'meshpatch', 'meshrow', 'missing-glyph', 'script', 'set', 'solidcolor', 'unknown', 'use']); const mathMl$1 = freeze(['math', 'menclose', 'merror', 'mfenced', 'mfrac', 'mglyph', 'mi', 'mlabeledtr', 'mmultiscripts', 'mn', 'mo', 'mover', 'mpadded', 'mphantom', 'mroot', 'mrow', 'ms', 'mspace', 'msqrt', 'mstyle', 'msub', 'msup', 'msubsup', 'mtable', 'mtd', 'mtext', 'mtr', 'munder', 'munderover', 'mprescripts']); - // Similarly to SVG, we want to know all MathML elements, // even those that we disallow by default. const mathMlDisallowed = freeze(['maction', 'maligngroup', 'malignmark', 'mlongdiv', 'mscarries', 'mscarry', 'msgroup', 'mstack', 'msline', 'msrow', 'semantics', 'annotation', 'annotation-xml', 'mprescripts', 'none']); @@ -223,18 +214,19 @@ var EXPRESSIONS = /*#__PURE__*/Object.freeze({ __proto__: null, - MUSTACHE_EXPR: MUSTACHE_EXPR, - ERB_EXPR: ERB_EXPR, - TMPLIT_EXPR: TMPLIT_EXPR, - DATA_ATTR: DATA_ATTR, ARIA_ATTR: ARIA_ATTR, - IS_ALLOWED_URI: IS_ALLOWED_URI, - IS_SCRIPT_OR_DATA: IS_SCRIPT_OR_DATA, ATTR_WHITESPACE: ATTR_WHITESPACE, + CUSTOM_ELEMENT: CUSTOM_ELEMENT, + DATA_ATTR: DATA_ATTR, DOCTYPE_NAME: DOCTYPE_NAME, - CUSTOM_ELEMENT: CUSTOM_ELEMENT + ERB_EXPR: ERB_EXPR, + IS_ALLOWED_URI: IS_ALLOWED_URI, + IS_SCRIPT_OR_DATA: IS_SCRIPT_OR_DATA, + MUSTACHE_EXPR: MUSTACHE_EXPR, + TMPLIT_EXPR: TMPLIT_EXPR }); + /* eslint-disable @typescript-eslint/indent */ // https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType const NODE_TYPE = { element: 1, @@ -255,7 +247,6 @@ const getGlobal = function getGlobal() { return typeof window === 'undefined' ? null : window; }; - /** * Creates a no-op policy for internal use only. * Don't export this function outside this module! @@ -268,7 +259,6 @@ if (typeof trustedTypes !== 'object' || typeof trustedTypes.createPolicy !== 'function') { return null; } - // Allow the callers to control the unique policy name // by adding a data-tt-policy-suffix to the script element with the DOMPurify. // Policy creation with duplicate names throws in Trusted Types. @@ -298,17 +288,7 @@ function createDOMPurify() { let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal(); const DOMPurify = root => createDOMPurify(root); - - /** - * Version label, exposed for easier checks - * if DOMPurify is up to date or not - */ DOMPurify.version = '3.1.7'; - - /** - * Array of elements that DOMPurify removed during sanitation. - * Empty if nothing was removed. - */ DOMPurify.removed = []; if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document) { // Not running in a browser, provide a factory function @@ -338,7 +318,6 @@ const getNextSibling = lookupGetter(ElementPrototype, 'nextSibling'); const getChildNodes = lookupGetter(ElementPrototype, 'childNodes'); const getParentNode = lookupGetter(ElementPrototype, 'parentNode'); - // As per issue #47, the web-components registry is inherited by a // new document created via createHTMLDocument. As per the spec // (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries) @@ -363,7 +342,6 @@ importNode } = originalDocument; let hooks = {}; - /** * Expose whether this browser supports running the full DOMPurify. */ @@ -381,22 +359,18 @@ let { IS_ALLOWED_URI: IS_ALLOWED_URI$1 } = EXPRESSIONS; - /** * We consider the elements and attributes below to be safe. Ideally * don't add any new ones but feel free to remove unwanted ones. */ - /* allowed element names */ let ALLOWED_TAGS = null; const DEFAULT_ALLOWED_TAGS = addToSet({}, [...html$1, ...svg$1, ...svgFilters, ...mathMl$1, ...text]); - /* Allowed attribute names */ let ALLOWED_ATTR = null; const DEFAULT_ALLOWED_ATTR = addToSet({}, [...html, ...svg, ...mathMl, ...xml]); - /* - * Configure how DOMPUrify should handle custom elements and their attributes as well as customized built-in elements. + * Configure how DOMPurify should handle custom elements and their attributes as well as customized built-in elements. * @property {RegExp|Function|null} tagNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any custom elements) * @property {RegExp|Function|null} attributeNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any attributes not on the allow list) * @property {boolean} allowCustomizedBuiltInElements allow custom elements derived from built-ins if they pass CUSTOM_ELEMENT_HANDLING.tagNameCheck. Default: `false`. @@ -421,65 +395,49 @@ value: false } })); - /* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */ let FORBID_TAGS = null; - /* Explicitly forbidden attributes (overrides ALLOWED_ATTR/ADD_ATTR) */ let FORBID_ATTR = null; - /* Decide if ARIA attributes are okay */ let ALLOW_ARIA_ATTR = true; - /* Decide if custom data attributes are okay */ let ALLOW_DATA_ATTR = true; - /* Decide if unknown protocols are okay */ let ALLOW_UNKNOWN_PROTOCOLS = false; - /* Decide if self-closing tags in attributes are allowed. * Usually removed due to a mXSS issue in jQuery 3.0 */ let ALLOW_SELF_CLOSE_IN_ATTR = true; - /* Output should be safe for common template engines. * This means, DOMPurify removes data attributes, mustaches and ERB */ let SAFE_FOR_TEMPLATES = false; - /* Output should be safe even for XML used within HTML and alike. * This means, DOMPurify removes comments when containing risky content. */ let SAFE_FOR_XML = true; - /* Decide if document with ... should be returned */ let WHOLE_DOCUMENT = false; - /* Track whether config is already set on this instance of DOMPurify. */ let SET_CONFIG = false; - /* Decide if all elements (e.g. style, script) must be children of * document.body. By default, browsers might move them to document.head */ let FORCE_BODY = false; - /* Decide if a DOM `HTMLBodyElement` should be returned, instead of a html * string (or a TrustedHTML object if Trusted Types are supported). * If `WHOLE_DOCUMENT` is enabled a `HTMLHtmlElement` will be returned instead */ let RETURN_DOM = false; - /* Decide if a DOM `DocumentFragment` should be returned, instead of a html * string (or a TrustedHTML object if Trusted Types are supported) */ let RETURN_DOM_FRAGMENT = false; - /* Try to return a Trusted Type object instead of a string, return a string in * case Trusted Types are not supported */ let RETURN_TRUSTED_TYPE = false; - /* Output should be free from DOM clobbering attacks? * This sanitizes markups named with colliding, clobberable built-in DOM APIs. */ let SANITIZE_DOM = true; - /* Achieve full DOM Clobbering protection by isolating the namespace of named * properties and JS variables, mitigating attacks that abuse the HTML/DOM spec rules. * @@ -495,25 +453,19 @@ */ let SANITIZE_NAMED_PROPS = false; const SANITIZE_NAMED_PROPS_PREFIX = 'user-content-'; - /* Keep element content when removing element? */ let KEEP_CONTENT = true; - /* If a `Node` is passed to sanitize(), then performs sanitization in-place instead * of importing it into a new Document and returning a sanitized copy */ let IN_PLACE = false; - /* Allow usage of profiles like html, svg and mathMl */ let USE_PROFILES = {}; - /* Tags to ignore content of when KEEP_CONTENT is true */ let FORBID_CONTENTS = null; const DEFAULT_FORBID_CONTENTS = addToSet({}, ['annotation-xml', 'audio', 'colgroup', 'desc', 'foreignobject', 'head', 'iframe', 'math', 'mi', 'mn', 'mo', 'ms', 'mtext', 'noembed', 'noframes', 'noscript', 'plaintext', 'script', 'style', 'svg', 'template', 'thead', 'title', 'video', 'xmp']); - /* Tags that are safe for data: URIs */ let DATA_URI_TAGS = null; const DEFAULT_DATA_URI_TAGS = addToSet({}, ['audio', 'video', 'img', 'source', 'image', 'track']); - /* Attributes safe for values like "javascript:" */ let URI_SAFE_ATTRIBUTES = null; const DEFAULT_URI_SAFE_ATTRIBUTES = addToSet({}, ['alt', 'class', 'for', 'id', 'label', 'name', 'pattern', 'placeholder', 'role', 'summary', 'title', 'value', 'style', 'xmlns']); @@ -523,36 +475,29 @@ /* Document namespace */ let NAMESPACE = HTML_NAMESPACE; let IS_EMPTY_INPUT = false; - /* Allowed XHTML+XML namespaces */ let ALLOWED_NAMESPACES = null; const DEFAULT_ALLOWED_NAMESPACES = addToSet({}, [MATHML_NAMESPACE, SVG_NAMESPACE, HTML_NAMESPACE], stringToString); let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, ['mi', 'mo', 'mn', 'ms', 'mtext']); let HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']); - // Certain elements are allowed in both SVG and HTML // namespace. We need to specify them explicitly // so that they don't get erroneously deleted from // HTML namespace. const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, ['title', 'style', 'font', 'a', 'script']); - /* Parsing of strict XHTML documents */ let PARSER_MEDIA_TYPE = null; const SUPPORTED_PARSER_MEDIA_TYPES = ['application/xhtml+xml', 'text/html']; const DEFAULT_PARSER_MEDIA_TYPE = 'text/html'; let transformCaseFunc = null; - /* Keep a reference to config to pass to hooks */ let CONFIG = null; - /* Ideally, do not touch anything below this line */ /* ______________________________________________ */ - const formElement = document.createElement('form'); const isRegexOrFunction = function isRegexOrFunction(testValue) { return testValue instanceof RegExp || testValue instanceof Function; }; - /** * _parseConfig * @@ -564,39 +509,23 @@ if (CONFIG && CONFIG === cfg) { return; } - /* Shield configuration object from tampering */ if (!cfg || typeof cfg !== 'object') { cfg = {}; } - /* Shield configuration object from prototype pollution */ cfg = clone(cfg); PARSER_MEDIA_TYPE = // eslint-disable-next-line unicorn/prefer-includes SUPPORTED_PARSER_MEDIA_TYPES.indexOf(cfg.PARSER_MEDIA_TYPE) === -1 ? DEFAULT_PARSER_MEDIA_TYPE : cfg.PARSER_MEDIA_TYPE; - // HTML tags and attributes are not case-sensitive, converting to lowercase. Keeping XHTML as is. transformCaseFunc = PARSER_MEDIA_TYPE === 'application/xhtml+xml' ? stringToString : stringToLowerCase; - /* Set configuration parameters */ ALLOWED_TAGS = objectHasOwnProperty(cfg, 'ALLOWED_TAGS') ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc) : DEFAULT_ALLOWED_TAGS; ALLOWED_ATTR = objectHasOwnProperty(cfg, 'ALLOWED_ATTR') ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc) : DEFAULT_ALLOWED_ATTR; ALLOWED_NAMESPACES = objectHasOwnProperty(cfg, 'ALLOWED_NAMESPACES') ? addToSet({}, cfg.ALLOWED_NAMESPACES, stringToString) : DEFAULT_ALLOWED_NAMESPACES; - URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR') ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), - // eslint-disable-line indent - cfg.ADD_URI_SAFE_ATTR, - // eslint-disable-line indent - transformCaseFunc // eslint-disable-line indent - ) // eslint-disable-line indent - : DEFAULT_URI_SAFE_ATTRIBUTES; - DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS') ? addToSet(clone(DEFAULT_DATA_URI_TAGS), - // eslint-disable-line indent - cfg.ADD_DATA_URI_TAGS, - // eslint-disable-line indent - transformCaseFunc // eslint-disable-line indent - ) // eslint-disable-line indent - : DEFAULT_DATA_URI_TAGS; + URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR') ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), cfg.ADD_URI_SAFE_ATTR, transformCaseFunc) : DEFAULT_URI_SAFE_ATTRIBUTES; + DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS') ? addToSet(clone(DEFAULT_DATA_URI_TAGS), cfg.ADD_DATA_URI_TAGS, transformCaseFunc) : DEFAULT_DATA_URI_TAGS; FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS') ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc) : DEFAULT_FORBID_CONTENTS; FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS') ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) : {}; FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR') ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) : {}; @@ -636,7 +565,6 @@ if (RETURN_DOM_FRAGMENT) { RETURN_DOM = true; } - /* Parse profile info */ if (USE_PROFILES) { ALLOWED_TAGS = addToSet({}, text); @@ -661,7 +589,6 @@ addToSet(ALLOWED_ATTR, xml); } } - /* Merge configuration parameters */ if (cfg.ADD_TAGS) { if (ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) { @@ -684,17 +611,14 @@ } addToSet(FORBID_CONTENTS, cfg.FORBID_CONTENTS, transformCaseFunc); } - /* Add #text in case KEEP_CONTENT is set to true */ if (KEEP_CONTENT) { ALLOWED_TAGS['#text'] = true; } - /* Add html, head and body to ALLOWED_TAGS in case WHOLE_DOCUMENT is true */ if (WHOLE_DOCUMENT) { addToSet(ALLOWED_TAGS, ['html', 'head', 'body']); } - /* Add tbody to ALLOWED_TAGS in case tables are permitted, see #286, #365 */ if (ALLOWED_TAGS.table) { addToSet(ALLOWED_TAGS, ['tbody']); @@ -707,10 +631,8 @@ if (typeof cfg.TRUSTED_TYPES_POLICY.createScriptURL !== 'function') { throw typeErrorCreate('TRUSTED_TYPES_POLICY configuration option must provide a "createScriptURL" hook.'); } - // Overwrite existing TrustedTypes policy. trustedTypesPolicy = cfg.TRUSTED_TYPES_POLICY; - // Sign local variables required by `sanitize`. emptyHTML = trustedTypesPolicy.createHTML(''); } else { @@ -718,13 +640,11 @@ if (trustedTypesPolicy === undefined) { trustedTypesPolicy = _createTrustedTypesPolicy(trustedTypes, currentScript); } - // If creating the internal policy succeeded sign internal variables. if (trustedTypesPolicy !== null && typeof emptyHTML === 'string') { emptyHTML = trustedTypesPolicy.createHTML(''); } } - // Prevent further manipulation of configuration. // Not available in IE8, Safari 5, etc. if (freeze) { @@ -732,13 +652,11 @@ } CONFIG = cfg; }; - /* Keep track of all possible SVG and MathML tags * so that we can perform the namespace checks * correctly. */ const ALL_SVG_TAGS = addToSet({}, [...svg$1, ...svgFilters, ...svgDisallowed]); const ALL_MATHML_TAGS = addToSet({}, [...mathMl$1, ...mathMlDisallowed]); - /** * @param {Element} element a DOM element whose namespace is being checked * @returns {boolean} Return false if the element has a @@ -747,7 +665,6 @@ */ const _checkValidNamespace = function _checkValidNamespace(element) { let parent = getParentNode(element); - // In JSDOM, if we're inside shadow DOM, then parentNode // can be null. We just simulate parent in this case. if (!parent || !parent.tagName) { @@ -768,14 +685,12 @@ if (parent.namespaceURI === HTML_NAMESPACE) { return tagName === 'svg'; } - // The only way to switch from MathML to SVG is via` // svg if parent is either or MathML // text integration points. if (parent.namespaceURI === MATHML_NAMESPACE) { return tagName === 'svg' && (parentTagName === 'annotation-xml' || MATHML_TEXT_INTEGRATION_POINTS[parentTagName]); } - // We only allow elements that are defined in SVG // spec. All others are disallowed in SVG namespace. return Boolean(ALL_SVG_TAGS[tagName]); @@ -787,13 +702,11 @@ if (parent.namespaceURI === HTML_NAMESPACE) { return tagName === 'math'; } - // The only way to switch from SVG to MathML is via // and HTML integration points if (parent.namespaceURI === SVG_NAMESPACE) { return tagName === 'math' && HTML_INTEGRATION_POINTS[parentTagName]; } - // We only allow elements that are defined in MathML // spec. All others are disallowed in MathML namespace. return Boolean(ALL_MATHML_TAGS[tagName]); @@ -808,24 +721,20 @@ if (parent.namespaceURI === MATHML_NAMESPACE && !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]) { return false; } - // We disallow tags that are specific for MathML // or SVG and should never appear in HTML namespace return !ALL_MATHML_TAGS[tagName] && (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName]); } - // For XHTML and XML documents that support custom namespaces if (PARSER_MEDIA_TYPE === 'application/xhtml+xml' && ALLOWED_NAMESPACES[element.namespaceURI]) { return true; } - // The code should never reach this place (this means // that the element somehow got namespace that is not // HTML, SVG, MathML or allowed via ALLOWED_NAMESPACES). // Return false just in case. return false; }; - /** * _forceRemove * @@ -842,7 +751,6 @@ remove(node); } }; - /** * _removeAttribute * @@ -862,7 +770,6 @@ }); } node.removeAttribute(name); - // We void attribute values for unremovable "is"" attributes if (name === 'is' && !ALLOWED_ATTR[name]) { if (RETURN_DOM || RETURN_DOM_FRAGMENT) { @@ -876,7 +783,6 @@ } } }; - /** * _initDocument * @@ -908,7 +814,6 @@ doc = new DOMParser().parseFromString(dirtyPayload, PARSER_MEDIA_TYPE); } catch (_) {} } - /* Use createHTMLDocument in case DOMParser is not available */ if (!doc || !doc.documentElement) { doc = implementation.createDocument(NAMESPACE, 'template', null); @@ -922,14 +827,12 @@ if (dirty && leadingWhitespace) { body.insertBefore(document.createTextNode(leadingWhitespace), body.childNodes[0] || null); } - /* Work on whole document or just its body */ if (NAMESPACE === HTML_NAMESPACE) { return getElementsByTagName.call(doc, WHOLE_DOCUMENT ? 'html' : 'body')[0]; } return WHOLE_DOCUMENT ? doc.documentElement : body; }; - /** * Creates a NodeIterator object that you can use to traverse filtered lists of nodes or elements in a document. * @@ -941,7 +844,6 @@ // eslint-disable-next-line no-bitwise NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT | NodeFilter.SHOW_PROCESSING_INSTRUCTION | NodeFilter.SHOW_CDATA_SECTION, null); }; - /** * _isClobbered * @@ -951,7 +853,6 @@ const _isClobbered = function _isClobbered(elm) { return elm instanceof HTMLFormElement && (typeof elm.nodeName !== 'string' || typeof elm.textContent !== 'string' || typeof elm.removeChild !== 'function' || !(elm.attributes instanceof NamedNodeMap) || typeof elm.removeAttribute !== 'function' || typeof elm.setAttribute !== 'function' || typeof elm.namespaceURI !== 'string' || typeof elm.insertBefore !== 'function' || typeof elm.hasChildNodes !== 'function'); }; - /** * Checks whether the given object is a DOM node. * @@ -961,24 +862,22 @@ const _isNode = function _isNode(object) { return typeof Node === 'function' && object instanceof Node; }; - /** * _executeHook * Execute user configurable hooks * - * @param {String} entryPoint Name of the hook's entry point - * @param {Node} currentNode node to work on with the hook + * @param entryPoint Name of the hook's entry point + * @param currentNode node to work on with the hook * @param {Object} data additional hook parameters */ - const _executeHook = function _executeHook(entryPoint, currentNode, data) { + function _executeHook(entryPoint, currentNode, data) { if (!hooks[entryPoint]) { return; } arrayForEach(hooks[entryPoint], hook => { hook.call(DOMPurify, currentNode, data, CONFIG); }); - }; - + } /** * _sanitizeElements * @@ -991,43 +890,35 @@ */ const _sanitizeElements = function _sanitizeElements(currentNode) { let content = null; - /* Execute a hook if present */ _executeHook('beforeSanitizeElements', currentNode, null); - /* Check if element is clobbered or can clobber */ if (_isClobbered(currentNode)) { _forceRemove(currentNode); return true; } - /* Now let's check the element's type and name */ const tagName = transformCaseFunc(currentNode.nodeName); - /* Execute a hook if present */ _executeHook('uponSanitizeElement', currentNode, { tagName, allowedTags: ALLOWED_TAGS }); - /* Detect mXSS attempts abusing namespace confusion */ if (currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w]/g, currentNode.innerHTML) && regExpTest(/<[/\w]/g, currentNode.textContent)) { _forceRemove(currentNode); return true; } - /* Remove any occurrence of processing instructions */ if (currentNode.nodeType === NODE_TYPE.progressingInstruction) { _forceRemove(currentNode); return true; } - /* Remove any kind of possibly harmful comments */ if (SAFE_FOR_XML && currentNode.nodeType === NODE_TYPE.comment && regExpTest(/<[/\w]/g, currentNode.data)) { _forceRemove(currentNode); return true; } - /* Remove element if anything forbids its presence */ if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) { /* Check if we have a custom element to handle */ @@ -1039,7 +930,6 @@ return false; } } - /* Keep content except for bad-listed elements */ if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) { const parentNode = getParentNode(currentNode) || currentNode.parentNode; @@ -1056,19 +946,16 @@ _forceRemove(currentNode); return true; } - /* Check whether element has a valid namespace */ if (currentNode instanceof Element && !_checkValidNamespace(currentNode)) { _forceRemove(currentNode); return true; } - /* Make sure that older browsers don't get fallback-tag mXSS */ if ((tagName === 'noscript' || tagName === 'noembed' || tagName === 'noframes') && regExpTest(/<\/no(script|embed|frames)/i, currentNode.innerHTML)) { _forceRemove(currentNode); return true; } - /* Sanitize element content to be template-safe */ if (SAFE_FOR_TEMPLATES && currentNode.nodeType === NODE_TYPE.text) { /* Get the element's text content */ @@ -1083,12 +970,10 @@ currentNode.textContent = content; } } - /* Execute a hook if present */ _executeHook('afterSanitizeElements', currentNode, null); return false; }; - /** * _isValidAttribute * @@ -1103,7 +988,6 @@ if (SANITIZE_DOM && (lcName === 'id' || lcName === 'name') && (value in document || value in formElement)) { return false; } - /* Allow valid data-* attributes: At least one character after "-" (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes) XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804) @@ -1125,7 +1009,6 @@ } else ; return true; }; - /** * _isBasicCustomElement * checks if at least one dash is included in tagName, and it's not the first char @@ -1137,7 +1020,6 @@ const _isBasicCustomElement = function _isBasicCustomElement(tagName) { return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT); }; - /** * _sanitizeAttributes * @@ -1154,7 +1036,6 @@ const { attributes } = currentNode; - /* Check if we have attributes; if not we might have a text node */ if (!attributes) { return; @@ -1163,10 +1044,10 @@ attrName: '', attrValue: '', keepAttr: true, - allowedAttributes: ALLOWED_ATTR + allowedAttributes: ALLOWED_ATTR, + forceKeepAttr: undefined }; let l = attributes.length; - /* Go backwards over all attributes; safely remove bad ones */ while (l--) { const attr = attributes[l]; @@ -1177,7 +1058,6 @@ } = attr; const lcName = transformCaseFunc(name); let value = name === 'value' ? attrValue : stringTrim(attrValue); - /* Execute a hook if present */ hookEvent.attrName = lcName; hookEvent.attrValue = value; @@ -1185,56 +1065,46 @@ hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set _executeHook('uponSanitizeAttribute', currentNode, hookEvent); value = hookEvent.attrValue; - /* Full DOM Clobbering protection via namespace isolation, * Prefix id and name attributes with `user-content-` */ if (SANITIZE_NAMED_PROPS && (lcName === 'id' || lcName === 'name')) { // Remove the attribute with this value _removeAttribute(name, currentNode); - // Prefix the value and later re-create the attribute with the sanitized value value = SANITIZE_NAMED_PROPS_PREFIX + value; } - /* Work around a security issue with comments inside attributes */ if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title)/i, value)) { _removeAttribute(name, currentNode); continue; } - /* Did the hooks approve of the attribute? */ if (hookEvent.forceKeepAttr) { continue; } - /* Remove attribute */ _removeAttribute(name, currentNode); - /* Did the hooks approve of the attribute? */ if (!hookEvent.keepAttr) { continue; } - /* Work around a security issue in jQuery 3.0 */ if (!ALLOW_SELF_CLOSE_IN_ATTR && regExpTest(/\/>/i, value)) { _removeAttribute(name, currentNode); continue; } - /* Sanitize attribute content to be template-safe */ if (SAFE_FOR_TEMPLATES) { arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], expr => { value = stringReplace(value, expr, ' '); }); } - /* Is `value` valid for this attribute? */ const lcTag = transformCaseFunc(currentNode.nodeName); if (!_isValidAttribute(lcTag, lcName, value)) { continue; } - /* Handle attributes that require Trusted Types */ if (trustedTypesPolicy && typeof trustedTypes === 'object' && typeof trustedTypes.getAttributeType === 'function') { if (namespaceURI) ; else { @@ -1252,7 +1122,6 @@ } } } - /* Handle invalid data-* attribute set by try-catching it */ try { if (namespaceURI) { @@ -1268,11 +1137,9 @@ } } catch (_) {} } - /* Execute a hook if present */ _executeHook('afterSanitizeAttributes', currentNode, null); }; - /** * _sanitizeShadowDOM * @@ -1281,38 +1148,25 @@ const _sanitizeShadowDOM = function _sanitizeShadowDOM(fragment) { let shadowNode = null; const shadowIterator = _createNodeIterator(fragment); - /* Execute a hook if present */ _executeHook('beforeSanitizeShadowDOM', fragment, null); while (shadowNode = shadowIterator.nextNode()) { /* Execute a hook if present */ _executeHook('uponSanitizeShadowNode', shadowNode, null); - /* Sanitize tags and elements */ if (_sanitizeElements(shadowNode)) { continue; } - /* Deep shadow DOM detected */ if (shadowNode.content instanceof DocumentFragment) { _sanitizeShadowDOM(shadowNode.content); } - /* Check attributes, sanitize if necessary */ _sanitizeAttributes(shadowNode); } - /* Execute a hook if present */ _executeHook('afterSanitizeShadowDOM', fragment, null); }; - - /** - * Sanitize - * Public method providing core sanitation functionality - * - * @param {String|Node} dirty string or DOM node - * @param {Object} cfg object - */ // eslint-disable-next-line complexity DOMPurify.sanitize = function (dirty) { let cfg = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {}; @@ -1327,7 +1181,6 @@ if (IS_EMPTY_INPUT) { dirty = ''; } - /* Stringify, in case dirty is an object */ if (typeof dirty !== 'string' && !_isNode(dirty)) { if (typeof dirty.toString === 'function') { @@ -1339,20 +1192,16 @@ throw typeErrorCreate('toString is not a function'); } } - /* Return dirty HTML if DOMPurify cannot run */ if (!DOMPurify.isSupported) { return dirty; } - /* Assign config vars */ if (!SET_CONFIG) { _parseConfig(cfg); } - /* Clean up removed elements */ DOMPurify.removed = []; - /* Check if dirty is correctly typed for IN_PLACE */ if (typeof dirty === 'string') { IN_PLACE = false; @@ -1386,45 +1235,36 @@ dirty.indexOf('<') === -1) { return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(dirty) : dirty; } - /* Initialize the document to work on */ body = _initDocument(dirty); - /* Check we have a DOM node from the data */ if (!body) { return RETURN_DOM ? null : RETURN_TRUSTED_TYPE ? emptyHTML : ''; } } - /* Remove first element node (ours) if FORCE_BODY is set */ if (body && FORCE_BODY) { _forceRemove(body.firstChild); } - /* Get node iterator */ const nodeIterator = _createNodeIterator(IN_PLACE ? dirty : body); - /* Now start iterating over the created document */ while (currentNode = nodeIterator.nextNode()) { /* Sanitize tags and elements */ if (_sanitizeElements(currentNode)) { continue; } - /* Shadow DOM detected, sanitize it */ if (currentNode.content instanceof DocumentFragment) { _sanitizeShadowDOM(currentNode.content); } - /* Check attributes, sanitize if necessary */ _sanitizeAttributes(currentNode); } - /* If we sanitized `dirty` in-place, return it. */ if (IN_PLACE) { return dirty; } - /* Return sanitized string or DOM */ if (RETURN_DOM) { if (RETURN_DOM_FRAGMENT) { @@ -1449,12 +1289,10 @@ return returnNode; } let serializedHTML = WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML; - /* Serialize doctype if allowed */ if (WHOLE_DOCUMENT && ALLOWED_TAGS['!doctype'] && body.ownerDocument && body.ownerDocument.doctype && body.ownerDocument.doctype.name && regExpTest(DOCTYPE_NAME, body.ownerDocument.doctype.name)) { serializedHTML = '\n' + serializedHTML; } - /* Sanitize final string template-safe */ if (SAFE_FOR_TEMPLATES) { arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], expr => { @@ -1463,39 +1301,15 @@ } return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(serializedHTML) : serializedHTML; }; - - /** - * Public method to set the configuration once - * setConfig - * - * @param {Object} cfg configuration object - */ DOMPurify.setConfig = function () { let cfg = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {}; _parseConfig(cfg); SET_CONFIG = true; }; - - /** - * Public method to remove the configuration - * clearConfig - * - */ DOMPurify.clearConfig = function () { CONFIG = null; SET_CONFIG = false; }; - - /** - * Public method to check if an attribute value is valid. - * Uses last set config, if any. Otherwise, uses config defaults. - * isValidAttribute - * - * @param {String} tag Tag name of containing element. - * @param {String} attr Attribute name. - * @param {String} value Attribute value. - * @return {Boolean} Returns true if `value` is valid. Otherwise, returns false. - */ DOMPurify.isValidAttribute = function (tag, attr, value) { /* Initialize shared config vars if necessary. */ if (!CONFIG) { @@ -1505,14 +1319,6 @@ const lcName = transformCaseFunc(attr); return _isValidAttribute(lcTag, lcName, value); }; - - /** - * AddHook - * Public method to add DOMPurify hooks - * - * @param {String} entryPoint entry point for the hook to add - * @param {Function} hookFunction function to execute - */ DOMPurify.addHook = function (entryPoint, hookFunction) { if (typeof hookFunction !== 'function') { return; @@ -1520,37 +1326,16 @@ hooks[entryPoint] = hooks[entryPoint] || []; arrayPush(hooks[entryPoint], hookFunction); }; - - /** - * RemoveHook - * Public method to remove a DOMPurify hook at a given entryPoint - * (pops it from the stack of hooks if more are present) - * - * @param {String} entryPoint entry point for the hook to remove - * @return {Function} removed(popped) hook - */ DOMPurify.removeHook = function (entryPoint) { if (hooks[entryPoint]) { return arrayPop(hooks[entryPoint]); } }; - - /** - * RemoveHooks - * Public method to remove all DOMPurify hooks at a given entryPoint - * - * @param {String} entryPoint entry point for the hooks to remove - */ DOMPurify.removeHooks = function (entryPoint) { if (hooks[entryPoint]) { hooks[entryPoint] = []; } }; - - /** - * RemoveAllHooks - * Public method to remove all DOMPurify hooks - */ DOMPurify.removeAllHooks = function () { hooks = {}; }; diff --git a/dist/purify.js.map b/dist/purify.js.map index 6d006cf6d..6f7a27015 100644 --- a/dist/purify.js.map +++ b/dist/purify.js.map @@ -1 +1 @@ -{"version":3,"file":"purify.js","sources":["../src/utils.js","../src/tags.js","../src/attrs.js","../src/regexp.js","../src/purify.js"],"sourcesContent":["const {\n entries,\n setPrototypeOf,\n isFrozen,\n getPrototypeOf,\n getOwnPropertyDescriptor,\n} = Object;\n\nlet { freeze, seal, create } = Object; // eslint-disable-line import/no-mutable-exports\nlet { apply, construct } = typeof Reflect !== 'undefined' && Reflect;\n\nif (!freeze) {\n freeze = function (x) {\n return x;\n };\n}\n\nif (!seal) {\n seal = function (x) {\n return x;\n };\n}\n\nif (!apply) {\n apply = function (fun, thisValue, args) {\n return fun.apply(thisValue, args);\n };\n}\n\nif (!construct) {\n construct = function (Func, args) {\n return new Func(...args);\n };\n}\n\nconst arrayForEach = unapply(Array.prototype.forEach);\nconst arrayIndexOf = unapply(Array.prototype.indexOf);\nconst arrayPop = unapply(Array.prototype.pop);\nconst arrayPush = unapply(Array.prototype.push);\nconst arraySlice = unapply(Array.prototype.slice);\n\nconst stringToLowerCase = unapply(String.prototype.toLowerCase);\nconst stringToString = unapply(String.prototype.toString);\nconst stringMatch = unapply(String.prototype.match);\nconst stringReplace = unapply(String.prototype.replace);\nconst stringIndexOf = unapply(String.prototype.indexOf);\nconst stringTrim = unapply(String.prototype.trim);\n\nconst objectHasOwnProperty = unapply(Object.prototype.hasOwnProperty);\n\nconst regExpTest = unapply(RegExp.prototype.test);\n\nconst typeErrorCreate = unconstruct(TypeError);\n\n/**\n * Creates a new function that calls the given function with a specified thisArg and arguments.\n *\n * @param {Function} func - The function to be wrapped and called.\n * @returns {Function} A new function that calls the given function with a specified thisArg and arguments.\n */\nfunction unapply(func) {\n return (thisArg, ...args) => apply(func, thisArg, args);\n}\n\n/**\n * Creates a new function that constructs an instance of the given constructor function with the provided arguments.\n *\n * @param {Function} func - The constructor function to be wrapped and called.\n * @returns {Function} A new function that constructs an instance of the given constructor function with the provided arguments.\n */\nfunction unconstruct(func) {\n return (...args) => construct(func, args);\n}\n\n/**\n * Add properties to a lookup table\n *\n * @param {Object} set - The set to which elements will be added.\n * @param {Array} array - The array containing elements to be added to the set.\n * @param {Function} transformCaseFunc - An optional function to transform the case of each element before adding to the set.\n * @returns {Object} The modified set with added elements.\n */\nfunction addToSet(set, array, transformCaseFunc = stringToLowerCase) {\n if (setPrototypeOf) {\n // Make 'in' and truthy checks like Boolean(set.constructor)\n // independent of any properties defined on Object.prototype.\n // Prevent prototype setters from intercepting set as a this value.\n setPrototypeOf(set, null);\n }\n\n let l = array.length;\n while (l--) {\n let element = array[l];\n if (typeof element === 'string') {\n const lcElement = transformCaseFunc(element);\n if (lcElement !== element) {\n // Config presets (e.g. tags.js, attrs.js) are immutable.\n if (!isFrozen(array)) {\n array[l] = lcElement;\n }\n\n element = lcElement;\n }\n }\n\n set[element] = true;\n }\n\n return set;\n}\n\n/**\n * Clean up an array to harden against CSPP\n *\n * @param {Array} array - The array to be cleaned.\n * @returns {Array} The cleaned version of the array\n */\nfunction cleanArray(array) {\n for (let index = 0; index < array.length; index++) {\n const isPropertyExist = objectHasOwnProperty(array, index);\n\n if (!isPropertyExist) {\n array[index] = null;\n }\n }\n\n return array;\n}\n\n/**\n * Shallow clone an object\n *\n * @param {Object} object - The object to be cloned.\n * @returns {Object} A new object that copies the original.\n */\nfunction clone(object) {\n const newObject = create(null);\n\n for (const [property, value] of entries(object)) {\n const isPropertyExist = objectHasOwnProperty(object, property);\n\n if (isPropertyExist) {\n if (Array.isArray(value)) {\n newObject[property] = cleanArray(value);\n } else if (\n value &&\n typeof value === 'object' &&\n value.constructor === Object\n ) {\n newObject[property] = clone(value);\n } else {\n newObject[property] = value;\n }\n }\n }\n\n return newObject;\n}\n\n/**\n * This method automatically checks if the prop is function or getter and behaves accordingly.\n *\n * @param {Object} object - The object to look up the getter function in its prototype chain.\n * @param {String} prop - The property name for which to find the getter function.\n * @returns {Function} The getter function found in the prototype chain or a fallback function.\n */\nfunction lookupGetter(object, prop) {\n while (object !== null) {\n const desc = getOwnPropertyDescriptor(object, prop);\n\n if (desc) {\n if (desc.get) {\n return unapply(desc.get);\n }\n\n if (typeof desc.value === 'function') {\n return unapply(desc.value);\n }\n }\n\n object = getPrototypeOf(object);\n }\n\n function fallbackValue() {\n return null;\n }\n\n return fallbackValue;\n}\n\nexport {\n // Array\n arrayForEach,\n arrayIndexOf,\n arrayPop,\n arrayPush,\n arraySlice,\n // Object\n entries,\n freeze,\n getPrototypeOf,\n getOwnPropertyDescriptor,\n isFrozen,\n setPrototypeOf,\n seal,\n clone,\n create,\n objectHasOwnProperty,\n // RegExp\n regExpTest,\n // String\n stringIndexOf,\n stringMatch,\n stringReplace,\n stringToLowerCase,\n stringToString,\n stringTrim,\n // Errors\n typeErrorCreate,\n // Other\n lookupGetter,\n addToSet,\n // Reflect\n unapply,\n unconstruct,\n};\n","import { freeze } from './utils.js';\n\nexport const html = freeze([\n 'a',\n 'abbr',\n 'acronym',\n 'address',\n 'area',\n 'article',\n 'aside',\n 'audio',\n 'b',\n 'bdi',\n 'bdo',\n 'big',\n 'blink',\n 'blockquote',\n 'body',\n 'br',\n 'button',\n 'canvas',\n 'caption',\n 'center',\n 'cite',\n 'code',\n 'col',\n 'colgroup',\n 'content',\n 'data',\n 'datalist',\n 'dd',\n 'decorator',\n 'del',\n 'details',\n 'dfn',\n 'dialog',\n 'dir',\n 'div',\n 'dl',\n 'dt',\n 'element',\n 'em',\n 'fieldset',\n 'figcaption',\n 'figure',\n 'font',\n 'footer',\n 'form',\n 'h1',\n 'h2',\n 'h3',\n 'h4',\n 'h5',\n 'h6',\n 'head',\n 'header',\n 'hgroup',\n 'hr',\n 'html',\n 'i',\n 'img',\n 'input',\n 'ins',\n 'kbd',\n 'label',\n 'legend',\n 'li',\n 'main',\n 'map',\n 'mark',\n 'marquee',\n 'menu',\n 'menuitem',\n 'meter',\n 'nav',\n 'nobr',\n 'ol',\n 'optgroup',\n 'option',\n 'output',\n 'p',\n 'picture',\n 'pre',\n 'progress',\n 'q',\n 'rp',\n 'rt',\n 'ruby',\n 's',\n 'samp',\n 'section',\n 'select',\n 'shadow',\n 'small',\n 'source',\n 'spacer',\n 'span',\n 'strike',\n 'strong',\n 'style',\n 'sub',\n 'summary',\n 'sup',\n 'table',\n 'tbody',\n 'td',\n 'template',\n 'textarea',\n 'tfoot',\n 'th',\n 'thead',\n 'time',\n 'tr',\n 'track',\n 'tt',\n 'u',\n 'ul',\n 'var',\n 'video',\n 'wbr',\n]);\n\n// SVG\nexport const svg = freeze([\n 'svg',\n 'a',\n 'altglyph',\n 'altglyphdef',\n 'altglyphitem',\n 'animatecolor',\n 'animatemotion',\n 'animatetransform',\n 'circle',\n 'clippath',\n 'defs',\n 'desc',\n 'ellipse',\n 'filter',\n 'font',\n 'g',\n 'glyph',\n 'glyphref',\n 'hkern',\n 'image',\n 'line',\n 'lineargradient',\n 'marker',\n 'mask',\n 'metadata',\n 'mpath',\n 'path',\n 'pattern',\n 'polygon',\n 'polyline',\n 'radialgradient',\n 'rect',\n 'stop',\n 'style',\n 'switch',\n 'symbol',\n 'text',\n 'textpath',\n 'title',\n 'tref',\n 'tspan',\n 'view',\n 'vkern',\n]);\n\nexport const svgFilters = freeze([\n 'feBlend',\n 'feColorMatrix',\n 'feComponentTransfer',\n 'feComposite',\n 'feConvolveMatrix',\n 'feDiffuseLighting',\n 'feDisplacementMap',\n 'feDistantLight',\n 'feDropShadow',\n 'feFlood',\n 'feFuncA',\n 'feFuncB',\n 'feFuncG',\n 'feFuncR',\n 'feGaussianBlur',\n 'feImage',\n 'feMerge',\n 'feMergeNode',\n 'feMorphology',\n 'feOffset',\n 'fePointLight',\n 'feSpecularLighting',\n 'feSpotLight',\n 'feTile',\n 'feTurbulence',\n]);\n\n// List of SVG elements that are disallowed by default.\n// We still need to know them so that we can do namespace\n// checks properly in case one wants to add them to\n// allow-list.\nexport const svgDisallowed = freeze([\n 'animate',\n 'color-profile',\n 'cursor',\n 'discard',\n 'font-face',\n 'font-face-format',\n 'font-face-name',\n 'font-face-src',\n 'font-face-uri',\n 'foreignobject',\n 'hatch',\n 'hatchpath',\n 'mesh',\n 'meshgradient',\n 'meshpatch',\n 'meshrow',\n 'missing-glyph',\n 'script',\n 'set',\n 'solidcolor',\n 'unknown',\n 'use',\n]);\n\nexport const mathMl = freeze([\n 'math',\n 'menclose',\n 'merror',\n 'mfenced',\n 'mfrac',\n 'mglyph',\n 'mi',\n 'mlabeledtr',\n 'mmultiscripts',\n 'mn',\n 'mo',\n 'mover',\n 'mpadded',\n 'mphantom',\n 'mroot',\n 'mrow',\n 'ms',\n 'mspace',\n 'msqrt',\n 'mstyle',\n 'msub',\n 'msup',\n 'msubsup',\n 'mtable',\n 'mtd',\n 'mtext',\n 'mtr',\n 'munder',\n 'munderover',\n 'mprescripts',\n]);\n\n// Similarly to SVG, we want to know all MathML elements,\n// even those that we disallow by default.\nexport const mathMlDisallowed = freeze([\n 'maction',\n 'maligngroup',\n 'malignmark',\n 'mlongdiv',\n 'mscarries',\n 'mscarry',\n 'msgroup',\n 'mstack',\n 'msline',\n 'msrow',\n 'semantics',\n 'annotation',\n 'annotation-xml',\n 'mprescripts',\n 'none',\n]);\n\nexport const text = freeze(['#text']);\n","import { freeze } from './utils.js';\n\nexport const html = freeze([\n 'accept',\n 'action',\n 'align',\n 'alt',\n 'autocapitalize',\n 'autocomplete',\n 'autopictureinpicture',\n 'autoplay',\n 'background',\n 'bgcolor',\n 'border',\n 'capture',\n 'cellpadding',\n 'cellspacing',\n 'checked',\n 'cite',\n 'class',\n 'clear',\n 'color',\n 'cols',\n 'colspan',\n 'controls',\n 'controlslist',\n 'coords',\n 'crossorigin',\n 'datetime',\n 'decoding',\n 'default',\n 'dir',\n 'disabled',\n 'disablepictureinpicture',\n 'disableremoteplayback',\n 'download',\n 'draggable',\n 'enctype',\n 'enterkeyhint',\n 'face',\n 'for',\n 'headers',\n 'height',\n 'hidden',\n 'high',\n 'href',\n 'hreflang',\n 'id',\n 'inputmode',\n 'integrity',\n 'ismap',\n 'kind',\n 'label',\n 'lang',\n 'list',\n 'loading',\n 'loop',\n 'low',\n 'max',\n 'maxlength',\n 'media',\n 'method',\n 'min',\n 'minlength',\n 'multiple',\n 'muted',\n 'name',\n 'nonce',\n 'noshade',\n 'novalidate',\n 'nowrap',\n 'open',\n 'optimum',\n 'pattern',\n 'placeholder',\n 'playsinline',\n 'popover',\n 'popovertarget',\n 'popovertargetaction',\n 'poster',\n 'preload',\n 'pubdate',\n 'radiogroup',\n 'readonly',\n 'rel',\n 'required',\n 'rev',\n 'reversed',\n 'role',\n 'rows',\n 'rowspan',\n 'spellcheck',\n 'scope',\n 'selected',\n 'shape',\n 'size',\n 'sizes',\n 'span',\n 'srclang',\n 'start',\n 'src',\n 'srcset',\n 'step',\n 'style',\n 'summary',\n 'tabindex',\n 'title',\n 'translate',\n 'type',\n 'usemap',\n 'valign',\n 'value',\n 'width',\n 'wrap',\n 'xmlns',\n 'slot',\n]);\n\nexport const svg = freeze([\n 'accent-height',\n 'accumulate',\n 'additive',\n 'alignment-baseline',\n 'amplitude',\n 'ascent',\n 'attributename',\n 'attributetype',\n 'azimuth',\n 'basefrequency',\n 'baseline-shift',\n 'begin',\n 'bias',\n 'by',\n 'class',\n 'clip',\n 'clippathunits',\n 'clip-path',\n 'clip-rule',\n 'color',\n 'color-interpolation',\n 'color-interpolation-filters',\n 'color-profile',\n 'color-rendering',\n 'cx',\n 'cy',\n 'd',\n 'dx',\n 'dy',\n 'diffuseconstant',\n 'direction',\n 'display',\n 'divisor',\n 'dur',\n 'edgemode',\n 'elevation',\n 'end',\n 'exponent',\n 'fill',\n 'fill-opacity',\n 'fill-rule',\n 'filter',\n 'filterunits',\n 'flood-color',\n 'flood-opacity',\n 'font-family',\n 'font-size',\n 'font-size-adjust',\n 'font-stretch',\n 'font-style',\n 'font-variant',\n 'font-weight',\n 'fx',\n 'fy',\n 'g1',\n 'g2',\n 'glyph-name',\n 'glyphref',\n 'gradientunits',\n 'gradienttransform',\n 'height',\n 'href',\n 'id',\n 'image-rendering',\n 'in',\n 'in2',\n 'intercept',\n 'k',\n 'k1',\n 'k2',\n 'k3',\n 'k4',\n 'kerning',\n 'keypoints',\n 'keysplines',\n 'keytimes',\n 'lang',\n 'lengthadjust',\n 'letter-spacing',\n 'kernelmatrix',\n 'kernelunitlength',\n 'lighting-color',\n 'local',\n 'marker-end',\n 'marker-mid',\n 'marker-start',\n 'markerheight',\n 'markerunits',\n 'markerwidth',\n 'maskcontentunits',\n 'maskunits',\n 'max',\n 'mask',\n 'media',\n 'method',\n 'mode',\n 'min',\n 'name',\n 'numoctaves',\n 'offset',\n 'operator',\n 'opacity',\n 'order',\n 'orient',\n 'orientation',\n 'origin',\n 'overflow',\n 'paint-order',\n 'path',\n 'pathlength',\n 'patterncontentunits',\n 'patterntransform',\n 'patternunits',\n 'points',\n 'preservealpha',\n 'preserveaspectratio',\n 'primitiveunits',\n 'r',\n 'rx',\n 'ry',\n 'radius',\n 'refx',\n 'refy',\n 'repeatcount',\n 'repeatdur',\n 'restart',\n 'result',\n 'rotate',\n 'scale',\n 'seed',\n 'shape-rendering',\n 'slope',\n 'specularconstant',\n 'specularexponent',\n 'spreadmethod',\n 'startoffset',\n 'stddeviation',\n 'stitchtiles',\n 'stop-color',\n 'stop-opacity',\n 'stroke-dasharray',\n 'stroke-dashoffset',\n 'stroke-linecap',\n 'stroke-linejoin',\n 'stroke-miterlimit',\n 'stroke-opacity',\n 'stroke',\n 'stroke-width',\n 'style',\n 'surfacescale',\n 'systemlanguage',\n 'tabindex',\n 'tablevalues',\n 'targetx',\n 'targety',\n 'transform',\n 'transform-origin',\n 'text-anchor',\n 'text-decoration',\n 'text-rendering',\n 'textlength',\n 'type',\n 'u1',\n 'u2',\n 'unicode',\n 'values',\n 'viewbox',\n 'visibility',\n 'version',\n 'vert-adv-y',\n 'vert-origin-x',\n 'vert-origin-y',\n 'width',\n 'word-spacing',\n 'wrap',\n 'writing-mode',\n 'xchannelselector',\n 'ychannelselector',\n 'x',\n 'x1',\n 'x2',\n 'xmlns',\n 'y',\n 'y1',\n 'y2',\n 'z',\n 'zoomandpan',\n]);\n\nexport const mathMl = freeze([\n 'accent',\n 'accentunder',\n 'align',\n 'bevelled',\n 'close',\n 'columnsalign',\n 'columnlines',\n 'columnspan',\n 'denomalign',\n 'depth',\n 'dir',\n 'display',\n 'displaystyle',\n 'encoding',\n 'fence',\n 'frame',\n 'height',\n 'href',\n 'id',\n 'largeop',\n 'length',\n 'linethickness',\n 'lspace',\n 'lquote',\n 'mathbackground',\n 'mathcolor',\n 'mathsize',\n 'mathvariant',\n 'maxsize',\n 'minsize',\n 'movablelimits',\n 'notation',\n 'numalign',\n 'open',\n 'rowalign',\n 'rowlines',\n 'rowspacing',\n 'rowspan',\n 'rspace',\n 'rquote',\n 'scriptlevel',\n 'scriptminsize',\n 'scriptsizemultiplier',\n 'selection',\n 'separator',\n 'separators',\n 'stretchy',\n 'subscriptshift',\n 'supscriptshift',\n 'symmetric',\n 'voffset',\n 'width',\n 'xmlns',\n]);\n\nexport const xml = freeze([\n 'xlink:href',\n 'xml:id',\n 'xlink:title',\n 'xml:space',\n 'xmlns:xlink',\n]);\n","import { seal } from './utils.js';\n\n// eslint-disable-next-line unicorn/better-regex\nexport const MUSTACHE_EXPR = seal(/\\{\\{[\\w\\W]*|[\\w\\W]*\\}\\}/gm); // Specify template detection regex for SAFE_FOR_TEMPLATES mode\nexport const ERB_EXPR = seal(/<%[\\w\\W]*|[\\w\\W]*%>/gm);\nexport const TMPLIT_EXPR = seal(/\\${[\\w\\W]*}/gm);\nexport const DATA_ATTR = seal(/^data-[\\-\\w.\\u00B7-\\uFFFF]/); // eslint-disable-line no-useless-escape\nexport const ARIA_ATTR = seal(/^aria-[\\-\\w]+$/); // eslint-disable-line no-useless-escape\nexport const IS_ALLOWED_URI = seal(\n /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\\-]+(?:[^a-z+.\\-:]|$))/i // eslint-disable-line no-useless-escape\n);\nexport const IS_SCRIPT_OR_DATA = seal(/^(?:\\w+script|data):/i);\nexport const ATTR_WHITESPACE = seal(\n /[\\u0000-\\u0020\\u00A0\\u1680\\u180E\\u2000-\\u2029\\u205F\\u3000]/g // eslint-disable-line no-control-regex\n);\nexport const DOCTYPE_NAME = seal(/^html$/i);\nexport const CUSTOM_ELEMENT = seal(/^[a-z][.\\w]*(-[.\\w]+)+$/i);\n","import * as TAGS from './tags.js';\nimport * as ATTRS from './attrs.js';\nimport * as EXPRESSIONS from './regexp.js';\nimport {\n addToSet,\n clone,\n entries,\n freeze,\n arrayForEach,\n arrayPop,\n arrayPush,\n stringMatch,\n stringReplace,\n stringToLowerCase,\n stringToString,\n stringIndexOf,\n stringTrim,\n regExpTest,\n typeErrorCreate,\n lookupGetter,\n create,\n objectHasOwnProperty,\n} from './utils.js';\n\n// https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType\nconst NODE_TYPE = {\n element: 1,\n attribute: 2,\n text: 3,\n cdataSection: 4,\n entityReference: 5, // Deprecated\n entityNode: 6, // Deprecated\n progressingInstruction: 7,\n comment: 8,\n document: 9,\n documentType: 10,\n documentFragment: 11,\n notation: 12, // Deprecated\n};\n\nconst getGlobal = function () {\n return typeof window === 'undefined' ? null : window;\n};\n\n/**\n * Creates a no-op policy for internal use only.\n * Don't export this function outside this module!\n * @param {TrustedTypePolicyFactory} trustedTypes The policy factory.\n * @param {HTMLScriptElement} purifyHostElement The Script element used to load DOMPurify (to determine policy name suffix).\n * @return {TrustedTypePolicy} The policy created (or null, if Trusted Types\n * are not supported or creating the policy failed).\n */\nconst _createTrustedTypesPolicy = function (trustedTypes, purifyHostElement) {\n if (\n typeof trustedTypes !== 'object' ||\n typeof trustedTypes.createPolicy !== 'function'\n ) {\n return null;\n }\n\n // Allow the callers to control the unique policy name\n // by adding a data-tt-policy-suffix to the script element with the DOMPurify.\n // Policy creation with duplicate names throws in Trusted Types.\n let suffix = null;\n const ATTR_NAME = 'data-tt-policy-suffix';\n if (purifyHostElement && purifyHostElement.hasAttribute(ATTR_NAME)) {\n suffix = purifyHostElement.getAttribute(ATTR_NAME);\n }\n\n const policyName = 'dompurify' + (suffix ? '#' + suffix : '');\n\n try {\n return trustedTypes.createPolicy(policyName, {\n createHTML(html) {\n return html;\n },\n createScriptURL(scriptUrl) {\n return scriptUrl;\n },\n });\n } catch (_) {\n // Policy creation failed (most likely another DOMPurify script has\n // already run). Skip creating the policy, as this will only cause errors\n // if TT are enforced.\n console.warn(\n 'TrustedTypes policy ' + policyName + ' could not be created.'\n );\n return null;\n }\n};\n\nfunction createDOMPurify(window = getGlobal()) {\n const DOMPurify = (root) => createDOMPurify(root);\n\n /**\n * Version label, exposed for easier checks\n * if DOMPurify is up to date or not\n */\n DOMPurify.version = VERSION;\n\n /**\n * Array of elements that DOMPurify removed during sanitation.\n * Empty if nothing was removed.\n */\n DOMPurify.removed = [];\n\n if (\n !window ||\n !window.document ||\n window.document.nodeType !== NODE_TYPE.document\n ) {\n // Not running in a browser, provide a factory function\n // so that you can pass your own Window\n DOMPurify.isSupported = false;\n\n return DOMPurify;\n }\n\n let { document } = window;\n\n const originalDocument = document;\n const currentScript = originalDocument.currentScript;\n const {\n DocumentFragment,\n HTMLTemplateElement,\n Node,\n Element,\n NodeFilter,\n NamedNodeMap = window.NamedNodeMap || window.MozNamedAttrMap,\n HTMLFormElement,\n DOMParser,\n trustedTypes,\n } = window;\n\n const ElementPrototype = Element.prototype;\n\n const cloneNode = lookupGetter(ElementPrototype, 'cloneNode');\n const remove = lookupGetter(ElementPrototype, 'remove');\n const getNextSibling = lookupGetter(ElementPrototype, 'nextSibling');\n const getChildNodes = lookupGetter(ElementPrototype, 'childNodes');\n const getParentNode = lookupGetter(ElementPrototype, 'parentNode');\n\n // As per issue #47, the web-components registry is inherited by a\n // new document created via createHTMLDocument. As per the spec\n // (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)\n // a new empty registry is used when creating a template contents owner\n // document, so we use that as our parent document to ensure nothing\n // is inherited.\n if (typeof HTMLTemplateElement === 'function') {\n const template = document.createElement('template');\n if (template.content && template.content.ownerDocument) {\n document = template.content.ownerDocument;\n }\n }\n\n let trustedTypesPolicy;\n let emptyHTML = '';\n\n const {\n implementation,\n createNodeIterator,\n createDocumentFragment,\n getElementsByTagName,\n } = document;\n const { importNode } = originalDocument;\n\n let hooks = {};\n\n /**\n * Expose whether this browser supports running the full DOMPurify.\n */\n DOMPurify.isSupported =\n typeof entries === 'function' &&\n typeof getParentNode === 'function' &&\n implementation &&\n implementation.createHTMLDocument !== undefined;\n\n const {\n MUSTACHE_EXPR,\n ERB_EXPR,\n TMPLIT_EXPR,\n DATA_ATTR,\n ARIA_ATTR,\n IS_SCRIPT_OR_DATA,\n ATTR_WHITESPACE,\n CUSTOM_ELEMENT,\n } = EXPRESSIONS;\n\n let { IS_ALLOWED_URI } = EXPRESSIONS;\n\n /**\n * We consider the elements and attributes below to be safe. Ideally\n * don't add any new ones but feel free to remove unwanted ones.\n */\n\n /* allowed element names */\n let ALLOWED_TAGS = null;\n const DEFAULT_ALLOWED_TAGS = addToSet({}, [\n ...TAGS.html,\n ...TAGS.svg,\n ...TAGS.svgFilters,\n ...TAGS.mathMl,\n ...TAGS.text,\n ]);\n\n /* Allowed attribute names */\n let ALLOWED_ATTR = null;\n const DEFAULT_ALLOWED_ATTR = addToSet({}, [\n ...ATTRS.html,\n ...ATTRS.svg,\n ...ATTRS.mathMl,\n ...ATTRS.xml,\n ]);\n\n /*\n * Configure how DOMPUrify should handle custom elements and their attributes as well as customized built-in elements.\n * @property {RegExp|Function|null} tagNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any custom elements)\n * @property {RegExp|Function|null} attributeNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any attributes not on the allow list)\n * @property {boolean} allowCustomizedBuiltInElements allow custom elements derived from built-ins if they pass CUSTOM_ELEMENT_HANDLING.tagNameCheck. Default: `false`.\n */\n let CUSTOM_ELEMENT_HANDLING = Object.seal(\n create(null, {\n tagNameCheck: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: null,\n },\n attributeNameCheck: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: null,\n },\n allowCustomizedBuiltInElements: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: false,\n },\n })\n );\n\n /* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */\n let FORBID_TAGS = null;\n\n /* Explicitly forbidden attributes (overrides ALLOWED_ATTR/ADD_ATTR) */\n let FORBID_ATTR = null;\n\n /* Decide if ARIA attributes are okay */\n let ALLOW_ARIA_ATTR = true;\n\n /* Decide if custom data attributes are okay */\n let ALLOW_DATA_ATTR = true;\n\n /* Decide if unknown protocols are okay */\n let ALLOW_UNKNOWN_PROTOCOLS = false;\n\n /* Decide if self-closing tags in attributes are allowed.\n * Usually removed due to a mXSS issue in jQuery 3.0 */\n let ALLOW_SELF_CLOSE_IN_ATTR = true;\n\n /* Output should be safe for common template engines.\n * This means, DOMPurify removes data attributes, mustaches and ERB\n */\n let SAFE_FOR_TEMPLATES = false;\n\n /* Output should be safe even for XML used within HTML and alike.\n * This means, DOMPurify removes comments when containing risky content.\n */\n let SAFE_FOR_XML = true;\n\n /* Decide if document with ... should be returned */\n let WHOLE_DOCUMENT = false;\n\n /* Track whether config is already set on this instance of DOMPurify. */\n let SET_CONFIG = false;\n\n /* Decide if all elements (e.g. style, script) must be children of\n * document.body. By default, browsers might move them to document.head */\n let FORCE_BODY = false;\n\n /* Decide if a DOM `HTMLBodyElement` should be returned, instead of a html\n * string (or a TrustedHTML object if Trusted Types are supported).\n * If `WHOLE_DOCUMENT` is enabled a `HTMLHtmlElement` will be returned instead\n */\n let RETURN_DOM = false;\n\n /* Decide if a DOM `DocumentFragment` should be returned, instead of a html\n * string (or a TrustedHTML object if Trusted Types are supported) */\n let RETURN_DOM_FRAGMENT = false;\n\n /* Try to return a Trusted Type object instead of a string, return a string in\n * case Trusted Types are not supported */\n let RETURN_TRUSTED_TYPE = false;\n\n /* Output should be free from DOM clobbering attacks?\n * This sanitizes markups named with colliding, clobberable built-in DOM APIs.\n */\n let SANITIZE_DOM = true;\n\n /* Achieve full DOM Clobbering protection by isolating the namespace of named\n * properties and JS variables, mitigating attacks that abuse the HTML/DOM spec rules.\n *\n * HTML/DOM spec rules that enable DOM Clobbering:\n * - Named Access on Window (§7.3.3)\n * - DOM Tree Accessors (§3.1.5)\n * - Form Element Parent-Child Relations (§4.10.3)\n * - Iframe srcdoc / Nested WindowProxies (§4.8.5)\n * - HTMLCollection (§4.2.10.2)\n *\n * Namespace isolation is implemented by prefixing `id` and `name` attributes\n * with a constant string, i.e., `user-content-`\n */\n let SANITIZE_NAMED_PROPS = false;\n const SANITIZE_NAMED_PROPS_PREFIX = 'user-content-';\n\n /* Keep element content when removing element? */\n let KEEP_CONTENT = true;\n\n /* If a `Node` is passed to sanitize(), then performs sanitization in-place instead\n * of importing it into a new Document and returning a sanitized copy */\n let IN_PLACE = false;\n\n /* Allow usage of profiles like html, svg and mathMl */\n let USE_PROFILES = {};\n\n /* Tags to ignore content of when KEEP_CONTENT is true */\n let FORBID_CONTENTS = null;\n const DEFAULT_FORBID_CONTENTS = addToSet({}, [\n 'annotation-xml',\n 'audio',\n 'colgroup',\n 'desc',\n 'foreignobject',\n 'head',\n 'iframe',\n 'math',\n 'mi',\n 'mn',\n 'mo',\n 'ms',\n 'mtext',\n 'noembed',\n 'noframes',\n 'noscript',\n 'plaintext',\n 'script',\n 'style',\n 'svg',\n 'template',\n 'thead',\n 'title',\n 'video',\n 'xmp',\n ]);\n\n /* Tags that are safe for data: URIs */\n let DATA_URI_TAGS = null;\n const DEFAULT_DATA_URI_TAGS = addToSet({}, [\n 'audio',\n 'video',\n 'img',\n 'source',\n 'image',\n 'track',\n ]);\n\n /* Attributes safe for values like \"javascript:\" */\n let URI_SAFE_ATTRIBUTES = null;\n const DEFAULT_URI_SAFE_ATTRIBUTES = addToSet({}, [\n 'alt',\n 'class',\n 'for',\n 'id',\n 'label',\n 'name',\n 'pattern',\n 'placeholder',\n 'role',\n 'summary',\n 'title',\n 'value',\n 'style',\n 'xmlns',\n ]);\n\n const MATHML_NAMESPACE = 'http://www.w3.org/1998/Math/MathML';\n const SVG_NAMESPACE = 'http://www.w3.org/2000/svg';\n const HTML_NAMESPACE = 'http://www.w3.org/1999/xhtml';\n /* Document namespace */\n let NAMESPACE = HTML_NAMESPACE;\n let IS_EMPTY_INPUT = false;\n\n /* Allowed XHTML+XML namespaces */\n let ALLOWED_NAMESPACES = null;\n const DEFAULT_ALLOWED_NAMESPACES = addToSet(\n {},\n [MATHML_NAMESPACE, SVG_NAMESPACE, HTML_NAMESPACE],\n stringToString\n );\n\n let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, [\n 'mi',\n 'mo',\n 'mn',\n 'ms',\n 'mtext',\n ]);\n\n let HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']);\n\n // Certain elements are allowed in both SVG and HTML\n // namespace. We need to specify them explicitly\n // so that they don't get erroneously deleted from\n // HTML namespace.\n const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, [\n 'title',\n 'style',\n 'font',\n 'a',\n 'script',\n ]);\n\n /* Parsing of strict XHTML documents */\n let PARSER_MEDIA_TYPE = null;\n const SUPPORTED_PARSER_MEDIA_TYPES = ['application/xhtml+xml', 'text/html'];\n const DEFAULT_PARSER_MEDIA_TYPE = 'text/html';\n let transformCaseFunc = null;\n\n /* Keep a reference to config to pass to hooks */\n let CONFIG = null;\n\n /* Ideally, do not touch anything below this line */\n /* ______________________________________________ */\n\n const formElement = document.createElement('form');\n\n const isRegexOrFunction = function (testValue) {\n return testValue instanceof RegExp || testValue instanceof Function;\n };\n\n /**\n * _parseConfig\n *\n * @param {Object} cfg optional config literal\n */\n // eslint-disable-next-line complexity\n const _parseConfig = function (cfg = {}) {\n if (CONFIG && CONFIG === cfg) {\n return;\n }\n\n /* Shield configuration object from tampering */\n if (!cfg || typeof cfg !== 'object') {\n cfg = {};\n }\n\n /* Shield configuration object from prototype pollution */\n cfg = clone(cfg);\n\n PARSER_MEDIA_TYPE =\n // eslint-disable-next-line unicorn/prefer-includes\n SUPPORTED_PARSER_MEDIA_TYPES.indexOf(cfg.PARSER_MEDIA_TYPE) === -1\n ? DEFAULT_PARSER_MEDIA_TYPE\n : cfg.PARSER_MEDIA_TYPE;\n\n // HTML tags and attributes are not case-sensitive, converting to lowercase. Keeping XHTML as is.\n transformCaseFunc =\n PARSER_MEDIA_TYPE === 'application/xhtml+xml'\n ? stringToString\n : stringToLowerCase;\n\n /* Set configuration parameters */\n ALLOWED_TAGS = objectHasOwnProperty(cfg, 'ALLOWED_TAGS')\n ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc)\n : DEFAULT_ALLOWED_TAGS;\n ALLOWED_ATTR = objectHasOwnProperty(cfg, 'ALLOWED_ATTR')\n ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc)\n : DEFAULT_ALLOWED_ATTR;\n ALLOWED_NAMESPACES = objectHasOwnProperty(cfg, 'ALLOWED_NAMESPACES')\n ? addToSet({}, cfg.ALLOWED_NAMESPACES, stringToString)\n : DEFAULT_ALLOWED_NAMESPACES;\n URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR')\n ? addToSet(\n clone(DEFAULT_URI_SAFE_ATTRIBUTES), // eslint-disable-line indent\n cfg.ADD_URI_SAFE_ATTR, // eslint-disable-line indent\n transformCaseFunc // eslint-disable-line indent\n ) // eslint-disable-line indent\n : DEFAULT_URI_SAFE_ATTRIBUTES;\n DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS')\n ? addToSet(\n clone(DEFAULT_DATA_URI_TAGS), // eslint-disable-line indent\n cfg.ADD_DATA_URI_TAGS, // eslint-disable-line indent\n transformCaseFunc // eslint-disable-line indent\n ) // eslint-disable-line indent\n : DEFAULT_DATA_URI_TAGS;\n FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS')\n ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc)\n : DEFAULT_FORBID_CONTENTS;\n FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS')\n ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc)\n : {};\n FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR')\n ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc)\n : {};\n USE_PROFILES = objectHasOwnProperty(cfg, 'USE_PROFILES')\n ? cfg.USE_PROFILES\n : false;\n ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true\n ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true\n ALLOW_UNKNOWN_PROTOCOLS = cfg.ALLOW_UNKNOWN_PROTOCOLS || false; // Default false\n ALLOW_SELF_CLOSE_IN_ATTR = cfg.ALLOW_SELF_CLOSE_IN_ATTR !== false; // Default true\n SAFE_FOR_TEMPLATES = cfg.SAFE_FOR_TEMPLATES || false; // Default false\n SAFE_FOR_XML = cfg.SAFE_FOR_XML !== false; // Default true\n WHOLE_DOCUMENT = cfg.WHOLE_DOCUMENT || false; // Default false\n RETURN_DOM = cfg.RETURN_DOM || false; // Default false\n RETURN_DOM_FRAGMENT = cfg.RETURN_DOM_FRAGMENT || false; // Default false\n RETURN_TRUSTED_TYPE = cfg.RETURN_TRUSTED_TYPE || false; // Default false\n FORCE_BODY = cfg.FORCE_BODY || false; // Default false\n SANITIZE_DOM = cfg.SANITIZE_DOM !== false; // Default true\n SANITIZE_NAMED_PROPS = cfg.SANITIZE_NAMED_PROPS || false; // Default false\n KEEP_CONTENT = cfg.KEEP_CONTENT !== false; // Default true\n IN_PLACE = cfg.IN_PLACE || false; // Default false\n IS_ALLOWED_URI = cfg.ALLOWED_URI_REGEXP || EXPRESSIONS.IS_ALLOWED_URI;\n NAMESPACE = cfg.NAMESPACE || HTML_NAMESPACE;\n MATHML_TEXT_INTEGRATION_POINTS =\n cfg.MATHML_TEXT_INTEGRATION_POINTS || MATHML_TEXT_INTEGRATION_POINTS;\n HTML_INTEGRATION_POINTS =\n cfg.HTML_INTEGRATION_POINTS || HTML_INTEGRATION_POINTS;\n\n CUSTOM_ELEMENT_HANDLING = cfg.CUSTOM_ELEMENT_HANDLING || {};\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck)\n ) {\n CUSTOM_ELEMENT_HANDLING.tagNameCheck =\n cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck;\n }\n\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)\n ) {\n CUSTOM_ELEMENT_HANDLING.attributeNameCheck =\n cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck;\n }\n\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n typeof cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements ===\n 'boolean'\n ) {\n CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements =\n cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements;\n }\n\n if (SAFE_FOR_TEMPLATES) {\n ALLOW_DATA_ATTR = false;\n }\n\n if (RETURN_DOM_FRAGMENT) {\n RETURN_DOM = true;\n }\n\n /* Parse profile info */\n if (USE_PROFILES) {\n ALLOWED_TAGS = addToSet({}, TAGS.text);\n ALLOWED_ATTR = [];\n if (USE_PROFILES.html === true) {\n addToSet(ALLOWED_TAGS, TAGS.html);\n addToSet(ALLOWED_ATTR, ATTRS.html);\n }\n\n if (USE_PROFILES.svg === true) {\n addToSet(ALLOWED_TAGS, TAGS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n\n if (USE_PROFILES.svgFilters === true) {\n addToSet(ALLOWED_TAGS, TAGS.svgFilters);\n addToSet(ALLOWED_ATTR, ATTRS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n\n if (USE_PROFILES.mathMl === true) {\n addToSet(ALLOWED_TAGS, TAGS.mathMl);\n addToSet(ALLOWED_ATTR, ATTRS.mathMl);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n }\n\n /* Merge configuration parameters */\n if (cfg.ADD_TAGS) {\n if (ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) {\n ALLOWED_TAGS = clone(ALLOWED_TAGS);\n }\n\n addToSet(ALLOWED_TAGS, cfg.ADD_TAGS, transformCaseFunc);\n }\n\n if (cfg.ADD_ATTR) {\n if (ALLOWED_ATTR === DEFAULT_ALLOWED_ATTR) {\n ALLOWED_ATTR = clone(ALLOWED_ATTR);\n }\n\n addToSet(ALLOWED_ATTR, cfg.ADD_ATTR, transformCaseFunc);\n }\n\n if (cfg.ADD_URI_SAFE_ATTR) {\n addToSet(URI_SAFE_ATTRIBUTES, cfg.ADD_URI_SAFE_ATTR, transformCaseFunc);\n }\n\n if (cfg.FORBID_CONTENTS) {\n if (FORBID_CONTENTS === DEFAULT_FORBID_CONTENTS) {\n FORBID_CONTENTS = clone(FORBID_CONTENTS);\n }\n\n addToSet(FORBID_CONTENTS, cfg.FORBID_CONTENTS, transformCaseFunc);\n }\n\n /* Add #text in case KEEP_CONTENT is set to true */\n if (KEEP_CONTENT) {\n ALLOWED_TAGS['#text'] = true;\n }\n\n /* Add html, head and body to ALLOWED_TAGS in case WHOLE_DOCUMENT is true */\n if (WHOLE_DOCUMENT) {\n addToSet(ALLOWED_TAGS, ['html', 'head', 'body']);\n }\n\n /* Add tbody to ALLOWED_TAGS in case tables are permitted, see #286, #365 */\n if (ALLOWED_TAGS.table) {\n addToSet(ALLOWED_TAGS, ['tbody']);\n delete FORBID_TAGS.tbody;\n }\n\n if (cfg.TRUSTED_TYPES_POLICY) {\n if (typeof cfg.TRUSTED_TYPES_POLICY.createHTML !== 'function') {\n throw typeErrorCreate(\n 'TRUSTED_TYPES_POLICY configuration option must provide a \"createHTML\" hook.'\n );\n }\n\n if (typeof cfg.TRUSTED_TYPES_POLICY.createScriptURL !== 'function') {\n throw typeErrorCreate(\n 'TRUSTED_TYPES_POLICY configuration option must provide a \"createScriptURL\" hook.'\n );\n }\n\n // Overwrite existing TrustedTypes policy.\n trustedTypesPolicy = cfg.TRUSTED_TYPES_POLICY;\n\n // Sign local variables required by `sanitize`.\n emptyHTML = trustedTypesPolicy.createHTML('');\n } else {\n // Uninitialized policy, attempt to initialize the internal dompurify policy.\n if (trustedTypesPolicy === undefined) {\n trustedTypesPolicy = _createTrustedTypesPolicy(\n trustedTypes,\n currentScript\n );\n }\n\n // If creating the internal policy succeeded sign internal variables.\n if (trustedTypesPolicy !== null && typeof emptyHTML === 'string') {\n emptyHTML = trustedTypesPolicy.createHTML('');\n }\n }\n\n // Prevent further manipulation of configuration.\n // Not available in IE8, Safari 5, etc.\n if (freeze) {\n freeze(cfg);\n }\n\n CONFIG = cfg;\n };\n\n /* Keep track of all possible SVG and MathML tags\n * so that we can perform the namespace checks\n * correctly. */\n const ALL_SVG_TAGS = addToSet({}, [\n ...TAGS.svg,\n ...TAGS.svgFilters,\n ...TAGS.svgDisallowed,\n ]);\n const ALL_MATHML_TAGS = addToSet({}, [\n ...TAGS.mathMl,\n ...TAGS.mathMlDisallowed,\n ]);\n\n /**\n * @param {Element} element a DOM element whose namespace is being checked\n * @returns {boolean} Return false if the element has a\n * namespace that a spec-compliant parser would never\n * return. Return true otherwise.\n */\n const _checkValidNamespace = function (element) {\n let parent = getParentNode(element);\n\n // In JSDOM, if we're inside shadow DOM, then parentNode\n // can be null. We just simulate parent in this case.\n if (!parent || !parent.tagName) {\n parent = {\n namespaceURI: NAMESPACE,\n tagName: 'template',\n };\n }\n\n const tagName = stringToLowerCase(element.tagName);\n const parentTagName = stringToLowerCase(parent.tagName);\n\n if (!ALLOWED_NAMESPACES[element.namespaceURI]) {\n return false;\n }\n\n if (element.namespaceURI === SVG_NAMESPACE) {\n // The only way to switch from HTML namespace to SVG\n // is via . If it happens via any other tag, then\n // it should be killed.\n if (parent.namespaceURI === HTML_NAMESPACE) {\n return tagName === 'svg';\n }\n\n // The only way to switch from MathML to SVG is via`\n // svg if parent is either or MathML\n // text integration points.\n if (parent.namespaceURI === MATHML_NAMESPACE) {\n return (\n tagName === 'svg' &&\n (parentTagName === 'annotation-xml' ||\n MATHML_TEXT_INTEGRATION_POINTS[parentTagName])\n );\n }\n\n // We only allow elements that are defined in SVG\n // spec. All others are disallowed in SVG namespace.\n return Boolean(ALL_SVG_TAGS[tagName]);\n }\n\n if (element.namespaceURI === MATHML_NAMESPACE) {\n // The only way to switch from HTML namespace to MathML\n // is via . If it happens via any other tag, then\n // it should be killed.\n if (parent.namespaceURI === HTML_NAMESPACE) {\n return tagName === 'math';\n }\n\n // The only way to switch from SVG to MathML is via\n // and HTML integration points\n if (parent.namespaceURI === SVG_NAMESPACE) {\n return tagName === 'math' && HTML_INTEGRATION_POINTS[parentTagName];\n }\n\n // We only allow elements that are defined in MathML\n // spec. All others are disallowed in MathML namespace.\n return Boolean(ALL_MATHML_TAGS[tagName]);\n }\n\n if (element.namespaceURI === HTML_NAMESPACE) {\n // The only way to switch from SVG to HTML is via\n // HTML integration points, and from MathML to HTML\n // is via MathML text integration points\n if (\n parent.namespaceURI === SVG_NAMESPACE &&\n !HTML_INTEGRATION_POINTS[parentTagName]\n ) {\n return false;\n }\n\n if (\n parent.namespaceURI === MATHML_NAMESPACE &&\n !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]\n ) {\n return false;\n }\n\n // We disallow tags that are specific for MathML\n // or SVG and should never appear in HTML namespace\n return (\n !ALL_MATHML_TAGS[tagName] &&\n (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName])\n );\n }\n\n // For XHTML and XML documents that support custom namespaces\n if (\n PARSER_MEDIA_TYPE === 'application/xhtml+xml' &&\n ALLOWED_NAMESPACES[element.namespaceURI]\n ) {\n return true;\n }\n\n // The code should never reach this place (this means\n // that the element somehow got namespace that is not\n // HTML, SVG, MathML or allowed via ALLOWED_NAMESPACES).\n // Return false just in case.\n return false;\n };\n\n /**\n * _forceRemove\n *\n * @param {Node} node a DOM node\n */\n const _forceRemove = function (node) {\n arrayPush(DOMPurify.removed, { element: node });\n\n try {\n // eslint-disable-next-line unicorn/prefer-dom-node-remove\n getParentNode(node).removeChild(node);\n } catch (_) {\n remove(node);\n }\n };\n\n /**\n * _removeAttribute\n *\n * @param {String} name an Attribute name\n * @param {Node} node a DOM node\n */\n const _removeAttribute = function (name, node) {\n try {\n arrayPush(DOMPurify.removed, {\n attribute: node.getAttributeNode(name),\n from: node,\n });\n } catch (_) {\n arrayPush(DOMPurify.removed, {\n attribute: null,\n from: node,\n });\n }\n\n node.removeAttribute(name);\n\n // We void attribute values for unremovable \"is\"\" attributes\n if (name === 'is' && !ALLOWED_ATTR[name]) {\n if (RETURN_DOM || RETURN_DOM_FRAGMENT) {\n try {\n _forceRemove(node);\n } catch (_) {}\n } else {\n try {\n node.setAttribute(name, '');\n } catch (_) {}\n }\n }\n };\n\n /**\n * _initDocument\n *\n * @param {String} dirty a string of dirty markup\n * @return {Document} a DOM, filled with the dirty markup\n */\n const _initDocument = function (dirty) {\n /* Create a HTML document */\n let doc = null;\n let leadingWhitespace = null;\n\n if (FORCE_BODY) {\n dirty = '' + dirty;\n } else {\n /* If FORCE_BODY isn't used, leading whitespace needs to be preserved manually */\n const matches = stringMatch(dirty, /^[\\r\\n\\t ]+/);\n leadingWhitespace = matches && matches[0];\n }\n\n if (\n PARSER_MEDIA_TYPE === 'application/xhtml+xml' &&\n NAMESPACE === HTML_NAMESPACE\n ) {\n // Root of XHTML doc must contain xmlns declaration (see https://www.w3.org/TR/xhtml1/normative.html#strict)\n dirty =\n '' +\n dirty +\n '';\n }\n\n const dirtyPayload = trustedTypesPolicy\n ? trustedTypesPolicy.createHTML(dirty)\n : dirty;\n /*\n * Use the DOMParser API by default, fallback later if needs be\n * DOMParser not work for svg when has multiple root element.\n */\n if (NAMESPACE === HTML_NAMESPACE) {\n try {\n doc = new DOMParser().parseFromString(dirtyPayload, PARSER_MEDIA_TYPE);\n } catch (_) {}\n }\n\n /* Use createHTMLDocument in case DOMParser is not available */\n if (!doc || !doc.documentElement) {\n doc = implementation.createDocument(NAMESPACE, 'template', null);\n try {\n doc.documentElement.innerHTML = IS_EMPTY_INPUT\n ? emptyHTML\n : dirtyPayload;\n } catch (_) {\n // Syntax error if dirtyPayload is invalid xml\n }\n }\n\n const body = doc.body || doc.documentElement;\n\n if (dirty && leadingWhitespace) {\n body.insertBefore(\n document.createTextNode(leadingWhitespace),\n body.childNodes[0] || null\n );\n }\n\n /* Work on whole document or just its body */\n if (NAMESPACE === HTML_NAMESPACE) {\n return getElementsByTagName.call(\n doc,\n WHOLE_DOCUMENT ? 'html' : 'body'\n )[0];\n }\n\n return WHOLE_DOCUMENT ? doc.documentElement : body;\n };\n\n /**\n * Creates a NodeIterator object that you can use to traverse filtered lists of nodes or elements in a document.\n *\n * @param {Node} root The root element or node to start traversing on.\n * @return {NodeIterator} The created NodeIterator\n */\n const _createNodeIterator = function (root) {\n return createNodeIterator.call(\n root.ownerDocument || root,\n root,\n // eslint-disable-next-line no-bitwise\n NodeFilter.SHOW_ELEMENT |\n NodeFilter.SHOW_COMMENT |\n NodeFilter.SHOW_TEXT |\n NodeFilter.SHOW_PROCESSING_INSTRUCTION |\n NodeFilter.SHOW_CDATA_SECTION,\n null\n );\n };\n\n /**\n * _isClobbered\n *\n * @param {Node} elm element to check for clobbering attacks\n * @return {Boolean} true if clobbered, false if safe\n */\n const _isClobbered = function (elm) {\n return (\n elm instanceof HTMLFormElement &&\n (typeof elm.nodeName !== 'string' ||\n typeof elm.textContent !== 'string' ||\n typeof elm.removeChild !== 'function' ||\n !(elm.attributes instanceof NamedNodeMap) ||\n typeof elm.removeAttribute !== 'function' ||\n typeof elm.setAttribute !== 'function' ||\n typeof elm.namespaceURI !== 'string' ||\n typeof elm.insertBefore !== 'function' ||\n typeof elm.hasChildNodes !== 'function')\n );\n };\n\n /**\n * Checks whether the given object is a DOM node.\n *\n * @param {Node} object object to check whether it's a DOM node\n * @return {Boolean} true is object is a DOM node\n */\n const _isNode = function (object) {\n return typeof Node === 'function' && object instanceof Node;\n };\n\n /**\n * _executeHook\n * Execute user configurable hooks\n *\n * @param {String} entryPoint Name of the hook's entry point\n * @param {Node} currentNode node to work on with the hook\n * @param {Object} data additional hook parameters\n */\n const _executeHook = function (entryPoint, currentNode, data) {\n if (!hooks[entryPoint]) {\n return;\n }\n\n arrayForEach(hooks[entryPoint], (hook) => {\n hook.call(DOMPurify, currentNode, data, CONFIG);\n });\n };\n\n /**\n * _sanitizeElements\n *\n * @protect nodeName\n * @protect textContent\n * @protect removeChild\n *\n * @param {Node} currentNode to check for permission to exist\n * @return {Boolean} true if node was killed, false if left alive\n */\n const _sanitizeElements = function (currentNode) {\n let content = null;\n\n /* Execute a hook if present */\n _executeHook('beforeSanitizeElements', currentNode, null);\n\n /* Check if element is clobbered or can clobber */\n if (_isClobbered(currentNode)) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Now let's check the element's type and name */\n const tagName = transformCaseFunc(currentNode.nodeName);\n\n /* Execute a hook if present */\n _executeHook('uponSanitizeElement', currentNode, {\n tagName,\n allowedTags: ALLOWED_TAGS,\n });\n\n /* Detect mXSS attempts abusing namespace confusion */\n if (\n currentNode.hasChildNodes() &&\n !_isNode(currentNode.firstElementChild) &&\n regExpTest(/<[/\\w]/g, currentNode.innerHTML) &&\n regExpTest(/<[/\\w]/g, currentNode.textContent)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Remove any occurrence of processing instructions */\n if (currentNode.nodeType === NODE_TYPE.progressingInstruction) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Remove any kind of possibly harmful comments */\n if (\n SAFE_FOR_XML &&\n currentNode.nodeType === NODE_TYPE.comment &&\n regExpTest(/<[/\\w]/g, currentNode.data)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Remove element if anything forbids its presence */\n if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {\n /* Check if we have a custom element to handle */\n if (!FORBID_TAGS[tagName] && _isBasicCustomElement(tagName)) {\n if (\n CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, tagName)\n ) {\n return false;\n }\n\n if (\n CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(tagName)\n ) {\n return false;\n }\n }\n\n /* Keep content except for bad-listed elements */\n if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) {\n const parentNode = getParentNode(currentNode) || currentNode.parentNode;\n const childNodes = getChildNodes(currentNode) || currentNode.childNodes;\n\n if (childNodes && parentNode) {\n const childCount = childNodes.length;\n\n for (let i = childCount - 1; i >= 0; --i) {\n const childClone = cloneNode(childNodes[i], true);\n childClone.__removalCount = (currentNode.__removalCount || 0) + 1;\n parentNode.insertBefore(childClone, getNextSibling(currentNode));\n }\n }\n }\n\n _forceRemove(currentNode);\n return true;\n }\n\n /* Check whether element has a valid namespace */\n if (currentNode instanceof Element && !_checkValidNamespace(currentNode)) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Make sure that older browsers don't get fallback-tag mXSS */\n if (\n (tagName === 'noscript' ||\n tagName === 'noembed' ||\n tagName === 'noframes') &&\n regExpTest(/<\\/no(script|embed|frames)/i, currentNode.innerHTML)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Sanitize element content to be template-safe */\n if (SAFE_FOR_TEMPLATES && currentNode.nodeType === NODE_TYPE.text) {\n /* Get the element's text content */\n content = currentNode.textContent;\n\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\n content = stringReplace(content, expr, ' ');\n });\n\n if (currentNode.textContent !== content) {\n arrayPush(DOMPurify.removed, { element: currentNode.cloneNode() });\n currentNode.textContent = content;\n }\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeElements', currentNode, null);\n\n return false;\n };\n\n /**\n * _isValidAttribute\n *\n * @param {string} lcTag Lowercase tag name of containing element.\n * @param {string} lcName Lowercase attribute name.\n * @param {string} value Attribute value.\n * @return {Boolean} Returns true if `value` is valid, otherwise false.\n */\n // eslint-disable-next-line complexity\n const _isValidAttribute = function (lcTag, lcName, value) {\n /* Make sure attribute cannot clobber */\n if (\n SANITIZE_DOM &&\n (lcName === 'id' || lcName === 'name') &&\n (value in document || value in formElement)\n ) {\n return false;\n }\n\n /* Allow valid data-* attributes: At least one character after \"-\"\n (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)\n XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804)\n We don't need to check the value; it's always URI safe. */\n if (\n ALLOW_DATA_ATTR &&\n !FORBID_ATTR[lcName] &&\n regExpTest(DATA_ATTR, lcName)\n ) {\n // This attribute is safe\n } else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR, lcName)) {\n // This attribute is safe\n /* Otherwise, check the name is permitted */\n } else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) {\n if (\n // First condition does a very basic check if a) it's basically a valid custom element tagname AND\n // b) if the tagName passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck\n // and c) if the attribute name passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.attributeNameCheck\n (_isBasicCustomElement(lcTag) &&\n ((CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, lcTag)) ||\n (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(lcTag))) &&\n ((CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.attributeNameCheck, lcName)) ||\n (CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.attributeNameCheck(lcName)))) ||\n // Alternative, second condition checks if it's an `is`-attribute, AND\n // the value passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck\n (lcName === 'is' &&\n CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements &&\n ((CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, value)) ||\n (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(value))))\n ) {\n // If user has supplied a regexp or function in CUSTOM_ELEMENT_HANDLING.tagNameCheck, we need to also allow derived custom elements using the same tagName test.\n // Additionally, we need to allow attributes passing the CUSTOM_ELEMENT_HANDLING.attributeNameCheck user has configured, as custom elements can define these at their own discretion.\n } else {\n return false;\n }\n /* Check value is safe. First, is attr inert? If so, is safe */\n } else if (URI_SAFE_ATTRIBUTES[lcName]) {\n // This attribute is safe\n /* Check no script, data or unknown possibly unsafe URI\n unless we know URI values are safe for that attribute */\n } else if (\n regExpTest(IS_ALLOWED_URI, stringReplace(value, ATTR_WHITESPACE, ''))\n ) {\n // This attribute is safe\n /* Keep image data URIs alive if src/xlink:href is allowed */\n /* Further prevent gadget XSS for dynamically built script tags */\n } else if (\n (lcName === 'src' || lcName === 'xlink:href' || lcName === 'href') &&\n lcTag !== 'script' &&\n stringIndexOf(value, 'data:') === 0 &&\n DATA_URI_TAGS[lcTag]\n ) {\n // This attribute is safe\n /* Allow unknown protocols: This provides support for links that\n are handled by protocol handlers which may be unknown ahead of\n time, e.g. fb:, spotify: */\n } else if (\n ALLOW_UNKNOWN_PROTOCOLS &&\n !regExpTest(IS_SCRIPT_OR_DATA, stringReplace(value, ATTR_WHITESPACE, ''))\n ) {\n // This attribute is safe\n /* Check for binary attributes */\n } else if (value) {\n return false;\n } else {\n // Binary attributes are safe at this point\n /* Anything else, presume unsafe, do not add it back */\n }\n\n return true;\n };\n\n /**\n * _isBasicCustomElement\n * checks if at least one dash is included in tagName, and it's not the first char\n * for more sophisticated checking see https://github.com/sindresorhus/validate-element-name\n *\n * @param {string} tagName name of the tag of the node to sanitize\n * @returns {boolean} Returns true if the tag name meets the basic criteria for a custom element, otherwise false.\n */\n const _isBasicCustomElement = function (tagName) {\n return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT);\n };\n\n /**\n * _sanitizeAttributes\n *\n * @protect attributes\n * @protect nodeName\n * @protect removeAttribute\n * @protect setAttribute\n *\n * @param {Node} currentNode to sanitize\n */\n const _sanitizeAttributes = function (currentNode) {\n /* Execute a hook if present */\n _executeHook('beforeSanitizeAttributes', currentNode, null);\n\n const { attributes } = currentNode;\n\n /* Check if we have attributes; if not we might have a text node */\n if (!attributes) {\n return;\n }\n\n const hookEvent = {\n attrName: '',\n attrValue: '',\n keepAttr: true,\n allowedAttributes: ALLOWED_ATTR,\n };\n let l = attributes.length;\n\n /* Go backwards over all attributes; safely remove bad ones */\n while (l--) {\n const attr = attributes[l];\n const { name, namespaceURI, value: attrValue } = attr;\n const lcName = transformCaseFunc(name);\n\n let value = name === 'value' ? attrValue : stringTrim(attrValue);\n\n /* Execute a hook if present */\n hookEvent.attrName = lcName;\n hookEvent.attrValue = value;\n hookEvent.keepAttr = true;\n hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set\n _executeHook('uponSanitizeAttribute', currentNode, hookEvent);\n value = hookEvent.attrValue;\n\n /* Full DOM Clobbering protection via namespace isolation,\n * Prefix id and name attributes with `user-content-`\n */\n if (SANITIZE_NAMED_PROPS && (lcName === 'id' || lcName === 'name')) {\n // Remove the attribute with this value\n _removeAttribute(name, currentNode);\n\n // Prefix the value and later re-create the attribute with the sanitized value\n value = SANITIZE_NAMED_PROPS_PREFIX + value;\n }\n\n /* Work around a security issue with comments inside attributes */\n if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\\/(style|title)/i, value)) {\n _removeAttribute(name, currentNode);\n continue;\n }\n\n /* Did the hooks approve of the attribute? */\n if (hookEvent.forceKeepAttr) {\n continue;\n }\n\n /* Remove attribute */\n _removeAttribute(name, currentNode);\n\n /* Did the hooks approve of the attribute? */\n if (!hookEvent.keepAttr) {\n continue;\n }\n\n /* Work around a security issue in jQuery 3.0 */\n if (!ALLOW_SELF_CLOSE_IN_ATTR && regExpTest(/\\/>/i, value)) {\n _removeAttribute(name, currentNode);\n continue;\n }\n\n /* Sanitize attribute content to be template-safe */\n if (SAFE_FOR_TEMPLATES) {\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\n value = stringReplace(value, expr, ' ');\n });\n }\n\n /* Is `value` valid for this attribute? */\n const lcTag = transformCaseFunc(currentNode.nodeName);\n if (!_isValidAttribute(lcTag, lcName, value)) {\n continue;\n }\n\n /* Handle attributes that require Trusted Types */\n if (\n trustedTypesPolicy &&\n typeof trustedTypes === 'object' &&\n typeof trustedTypes.getAttributeType === 'function'\n ) {\n if (namespaceURI) {\n /* Namespaces are not yet supported, see https://bugs.chromium.org/p/chromium/issues/detail?id=1305293 */\n } else {\n switch (trustedTypes.getAttributeType(lcTag, lcName)) {\n case 'TrustedHTML': {\n value = trustedTypesPolicy.createHTML(value);\n break;\n }\n\n case 'TrustedScriptURL': {\n value = trustedTypesPolicy.createScriptURL(value);\n break;\n }\n\n default: {\n break;\n }\n }\n }\n }\n\n /* Handle invalid data-* attribute set by try-catching it */\n try {\n if (namespaceURI) {\n currentNode.setAttributeNS(namespaceURI, name, value);\n } else {\n /* Fallback to setAttribute() for browser-unrecognized namespaces e.g. \"x-schema\". */\n currentNode.setAttribute(name, value);\n }\n\n if (_isClobbered(currentNode)) {\n _forceRemove(currentNode);\n } else {\n arrayPop(DOMPurify.removed);\n }\n } catch (_) {}\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeAttributes', currentNode, null);\n };\n\n /**\n * _sanitizeShadowDOM\n *\n * @param {DocumentFragment} fragment to iterate over recursively\n */\n const _sanitizeShadowDOM = function (fragment) {\n let shadowNode = null;\n const shadowIterator = _createNodeIterator(fragment);\n\n /* Execute a hook if present */\n _executeHook('beforeSanitizeShadowDOM', fragment, null);\n\n while ((shadowNode = shadowIterator.nextNode())) {\n /* Execute a hook if present */\n _executeHook('uponSanitizeShadowNode', shadowNode, null);\n\n /* Sanitize tags and elements */\n if (_sanitizeElements(shadowNode)) {\n continue;\n }\n\n /* Deep shadow DOM detected */\n if (shadowNode.content instanceof DocumentFragment) {\n _sanitizeShadowDOM(shadowNode.content);\n }\n\n /* Check attributes, sanitize if necessary */\n _sanitizeAttributes(shadowNode);\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeShadowDOM', fragment, null);\n };\n\n /**\n * Sanitize\n * Public method providing core sanitation functionality\n *\n * @param {String|Node} dirty string or DOM node\n * @param {Object} cfg object\n */\n // eslint-disable-next-line complexity\n DOMPurify.sanitize = function (dirty, cfg = {}) {\n let body = null;\n let importedNode = null;\n let currentNode = null;\n let returnNode = null;\n /* Make sure we have a string to sanitize.\n DO NOT return early, as this will return the wrong type if\n the user has requested a DOM object rather than a string */\n IS_EMPTY_INPUT = !dirty;\n if (IS_EMPTY_INPUT) {\n dirty = '';\n }\n\n /* Stringify, in case dirty is an object */\n if (typeof dirty !== 'string' && !_isNode(dirty)) {\n if (typeof dirty.toString === 'function') {\n dirty = dirty.toString();\n if (typeof dirty !== 'string') {\n throw typeErrorCreate('dirty is not a string, aborting');\n }\n } else {\n throw typeErrorCreate('toString is not a function');\n }\n }\n\n /* Return dirty HTML if DOMPurify cannot run */\n if (!DOMPurify.isSupported) {\n return dirty;\n }\n\n /* Assign config vars */\n if (!SET_CONFIG) {\n _parseConfig(cfg);\n }\n\n /* Clean up removed elements */\n DOMPurify.removed = [];\n\n /* Check if dirty is correctly typed for IN_PLACE */\n if (typeof dirty === 'string') {\n IN_PLACE = false;\n }\n\n if (IN_PLACE) {\n /* Do some early pre-sanitization to avoid unsafe root nodes */\n if (dirty.nodeName) {\n const tagName = transformCaseFunc(dirty.nodeName);\n if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {\n throw typeErrorCreate(\n 'root node is forbidden and cannot be sanitized in-place'\n );\n }\n }\n } else if (dirty instanceof Node) {\n /* If dirty is a DOM element, append to an empty document to avoid\n elements being stripped by the parser */\n body = _initDocument('');\n importedNode = body.ownerDocument.importNode(dirty, true);\n if (\n importedNode.nodeType === NODE_TYPE.element &&\n importedNode.nodeName === 'BODY'\n ) {\n /* Node is already a body, use as is */\n body = importedNode;\n } else if (importedNode.nodeName === 'HTML') {\n body = importedNode;\n } else {\n // eslint-disable-next-line unicorn/prefer-dom-node-append\n body.appendChild(importedNode);\n }\n } else {\n /* Exit directly if we have nothing to do */\n if (\n !RETURN_DOM &&\n !SAFE_FOR_TEMPLATES &&\n !WHOLE_DOCUMENT &&\n // eslint-disable-next-line unicorn/prefer-includes\n dirty.indexOf('<') === -1\n ) {\n return trustedTypesPolicy && RETURN_TRUSTED_TYPE\n ? trustedTypesPolicy.createHTML(dirty)\n : dirty;\n }\n\n /* Initialize the document to work on */\n body = _initDocument(dirty);\n\n /* Check we have a DOM node from the data */\n if (!body) {\n return RETURN_DOM ? null : RETURN_TRUSTED_TYPE ? emptyHTML : '';\n }\n }\n\n /* Remove first element node (ours) if FORCE_BODY is set */\n if (body && FORCE_BODY) {\n _forceRemove(body.firstChild);\n }\n\n /* Get node iterator */\n const nodeIterator = _createNodeIterator(IN_PLACE ? dirty : body);\n\n /* Now start iterating over the created document */\n while ((currentNode = nodeIterator.nextNode())) {\n /* Sanitize tags and elements */\n if (_sanitizeElements(currentNode)) {\n continue;\n }\n\n /* Shadow DOM detected, sanitize it */\n if (currentNode.content instanceof DocumentFragment) {\n _sanitizeShadowDOM(currentNode.content);\n }\n\n /* Check attributes, sanitize if necessary */\n _sanitizeAttributes(currentNode);\n }\n\n /* If we sanitized `dirty` in-place, return it. */\n if (IN_PLACE) {\n return dirty;\n }\n\n /* Return sanitized string or DOM */\n if (RETURN_DOM) {\n if (RETURN_DOM_FRAGMENT) {\n returnNode = createDocumentFragment.call(body.ownerDocument);\n\n while (body.firstChild) {\n // eslint-disable-next-line unicorn/prefer-dom-node-append\n returnNode.appendChild(body.firstChild);\n }\n } else {\n returnNode = body;\n }\n\n if (ALLOWED_ATTR.shadowroot || ALLOWED_ATTR.shadowrootmode) {\n /*\n AdoptNode() is not used because internal state is not reset\n (e.g. the past names map of a HTMLFormElement), this is safe\n in theory but we would rather not risk another attack vector.\n The state that is cloned by importNode() is explicitly defined\n by the specs.\n */\n returnNode = importNode.call(originalDocument, returnNode, true);\n }\n\n return returnNode;\n }\n\n let serializedHTML = WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML;\n\n /* Serialize doctype if allowed */\n if (\n WHOLE_DOCUMENT &&\n ALLOWED_TAGS['!doctype'] &&\n body.ownerDocument &&\n body.ownerDocument.doctype &&\n body.ownerDocument.doctype.name &&\n regExpTest(EXPRESSIONS.DOCTYPE_NAME, body.ownerDocument.doctype.name)\n ) {\n serializedHTML =\n '\\n' + serializedHTML;\n }\n\n /* Sanitize final string template-safe */\n if (SAFE_FOR_TEMPLATES) {\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\n serializedHTML = stringReplace(serializedHTML, expr, ' ');\n });\n }\n\n return trustedTypesPolicy && RETURN_TRUSTED_TYPE\n ? trustedTypesPolicy.createHTML(serializedHTML)\n : serializedHTML;\n };\n\n /**\n * Public method to set the configuration once\n * setConfig\n *\n * @param {Object} cfg configuration object\n */\n DOMPurify.setConfig = function (cfg = {}) {\n _parseConfig(cfg);\n SET_CONFIG = true;\n };\n\n /**\n * Public method to remove the configuration\n * clearConfig\n *\n */\n DOMPurify.clearConfig = function () {\n CONFIG = null;\n SET_CONFIG = false;\n };\n\n /**\n * Public method to check if an attribute value is valid.\n * Uses last set config, if any. Otherwise, uses config defaults.\n * isValidAttribute\n *\n * @param {String} tag Tag name of containing element.\n * @param {String} attr Attribute name.\n * @param {String} value Attribute value.\n * @return {Boolean} Returns true if `value` is valid. Otherwise, returns false.\n */\n DOMPurify.isValidAttribute = function (tag, attr, value) {\n /* Initialize shared config vars if necessary. */\n if (!CONFIG) {\n _parseConfig({});\n }\n\n const lcTag = transformCaseFunc(tag);\n const lcName = transformCaseFunc(attr);\n return _isValidAttribute(lcTag, lcName, value);\n };\n\n /**\n * AddHook\n * Public method to add DOMPurify hooks\n *\n * @param {String} entryPoint entry point for the hook to add\n * @param {Function} hookFunction function to execute\n */\n DOMPurify.addHook = function (entryPoint, hookFunction) {\n if (typeof hookFunction !== 'function') {\n return;\n }\n\n hooks[entryPoint] = hooks[entryPoint] || [];\n arrayPush(hooks[entryPoint], hookFunction);\n };\n\n /**\n * RemoveHook\n * Public method to remove a DOMPurify hook at a given entryPoint\n * (pops it from the stack of hooks if more are present)\n *\n * @param {String} entryPoint entry point for the hook to remove\n * @return {Function} removed(popped) hook\n */\n DOMPurify.removeHook = function (entryPoint) {\n if (hooks[entryPoint]) {\n return arrayPop(hooks[entryPoint]);\n }\n };\n\n /**\n * RemoveHooks\n * Public method to remove all DOMPurify hooks at a given entryPoint\n *\n * @param {String} entryPoint entry point for the hooks to remove\n */\n DOMPurify.removeHooks = function (entryPoint) {\n if (hooks[entryPoint]) {\n hooks[entryPoint] = [];\n }\n };\n\n /**\n * RemoveAllHooks\n * Public method to remove all DOMPurify hooks\n */\n DOMPurify.removeAllHooks = function () {\n hooks = {};\n };\n\n return DOMPurify;\n}\n\nexport default createDOMPurify();\n"],"names":["entries","setPrototypeOf","isFrozen","getPrototypeOf","getOwnPropertyDescriptor","Object","freeze","seal","create","apply","construct","Reflect","x","fun","thisValue","args","Func","arrayForEach","unapply","Array","prototype","forEach","arrayPop","pop","arrayPush","push","stringToLowerCase","String","toLowerCase","stringToString","toString","stringMatch","match","stringReplace","replace","stringIndexOf","indexOf","stringTrim","trim","objectHasOwnProperty","hasOwnProperty","regExpTest","RegExp","test","typeErrorCreate","unconstruct","TypeError","func","thisArg","_len","arguments","length","_key","_len2","_key2","addToSet","set","array","transformCaseFunc","undefined","l","element","lcElement","cleanArray","index","isPropertyExist","clone","object","newObject","property","value","isArray","constructor","lookupGetter","prop","desc","get","fallbackValue","html","svg","svgFilters","svgDisallowed","mathMl","mathMlDisallowed","text","xml","MUSTACHE_EXPR","ERB_EXPR","TMPLIT_EXPR","DATA_ATTR","ARIA_ATTR","IS_ALLOWED_URI","IS_SCRIPT_OR_DATA","ATTR_WHITESPACE","DOCTYPE_NAME","CUSTOM_ELEMENT","NODE_TYPE","attribute","cdataSection","entityReference","entityNode","progressingInstruction","comment","document","documentType","documentFragment","notation","getGlobal","window","_createTrustedTypesPolicy","trustedTypes","purifyHostElement","createPolicy","suffix","ATTR_NAME","hasAttribute","getAttribute","policyName","createHTML","createScriptURL","scriptUrl","_","console","warn","createDOMPurify","DOMPurify","root","version","VERSION","removed","nodeType","isSupported","originalDocument","currentScript","DocumentFragment","HTMLTemplateElement","Node","Element","NodeFilter","NamedNodeMap","MozNamedAttrMap","HTMLFormElement","DOMParser","ElementPrototype","cloneNode","remove","getNextSibling","getChildNodes","getParentNode","template","createElement","content","ownerDocument","trustedTypesPolicy","emptyHTML","implementation","createNodeIterator","createDocumentFragment","getElementsByTagName","importNode","hooks","createHTMLDocument","EXPRESSIONS","ALLOWED_TAGS","DEFAULT_ALLOWED_TAGS","TAGS","ALLOWED_ATTR","DEFAULT_ALLOWED_ATTR","ATTRS","CUSTOM_ELEMENT_HANDLING","tagNameCheck","writable","configurable","enumerable","attributeNameCheck","allowCustomizedBuiltInElements","FORBID_TAGS","FORBID_ATTR","ALLOW_ARIA_ATTR","ALLOW_DATA_ATTR","ALLOW_UNKNOWN_PROTOCOLS","ALLOW_SELF_CLOSE_IN_ATTR","SAFE_FOR_TEMPLATES","SAFE_FOR_XML","WHOLE_DOCUMENT","SET_CONFIG","FORCE_BODY","RETURN_DOM","RETURN_DOM_FRAGMENT","RETURN_TRUSTED_TYPE","SANITIZE_DOM","SANITIZE_NAMED_PROPS","SANITIZE_NAMED_PROPS_PREFIX","KEEP_CONTENT","IN_PLACE","USE_PROFILES","FORBID_CONTENTS","DEFAULT_FORBID_CONTENTS","DATA_URI_TAGS","DEFAULT_DATA_URI_TAGS","URI_SAFE_ATTRIBUTES","DEFAULT_URI_SAFE_ATTRIBUTES","MATHML_NAMESPACE","SVG_NAMESPACE","HTML_NAMESPACE","NAMESPACE","IS_EMPTY_INPUT","ALLOWED_NAMESPACES","DEFAULT_ALLOWED_NAMESPACES","MATHML_TEXT_INTEGRATION_POINTS","HTML_INTEGRATION_POINTS","COMMON_SVG_AND_HTML_ELEMENTS","PARSER_MEDIA_TYPE","SUPPORTED_PARSER_MEDIA_TYPES","DEFAULT_PARSER_MEDIA_TYPE","CONFIG","formElement","isRegexOrFunction","testValue","Function","_parseConfig","cfg","ADD_URI_SAFE_ATTR","ADD_DATA_URI_TAGS","ALLOWED_URI_REGEXP","ADD_TAGS","ADD_ATTR","table","tbody","TRUSTED_TYPES_POLICY","ALL_SVG_TAGS","ALL_MATHML_TAGS","_checkValidNamespace","parent","tagName","namespaceURI","parentTagName","Boolean","_forceRemove","node","removeChild","_removeAttribute","name","getAttributeNode","from","removeAttribute","setAttribute","_initDocument","dirty","doc","leadingWhitespace","matches","dirtyPayload","parseFromString","documentElement","createDocument","innerHTML","body","insertBefore","createTextNode","childNodes","call","_createNodeIterator","SHOW_ELEMENT","SHOW_COMMENT","SHOW_TEXT","SHOW_PROCESSING_INSTRUCTION","SHOW_CDATA_SECTION","_isClobbered","elm","nodeName","textContent","attributes","hasChildNodes","_isNode","_executeHook","entryPoint","currentNode","data","hook","_sanitizeElements","allowedTags","firstElementChild","_isBasicCustomElement","parentNode","childCount","i","childClone","__removalCount","expr","_isValidAttribute","lcTag","lcName","_sanitizeAttributes","hookEvent","attrName","attrValue","keepAttr","allowedAttributes","attr","forceKeepAttr","getAttributeType","setAttributeNS","_sanitizeShadowDOM","fragment","shadowNode","shadowIterator","nextNode","sanitize","importedNode","returnNode","appendChild","firstChild","nodeIterator","shadowroot","shadowrootmode","serializedHTML","outerHTML","doctype","setConfig","clearConfig","isValidAttribute","tag","addHook","hookFunction","removeHook","removeHooks","removeAllHooks"],"mappings":";;;;;;;;EAAA,MAAM;IACJA,OAAO;IACPC,cAAc;IACdC,QAAQ;IACRC,cAAc;EACdC,EAAAA,wBAAAA;EACF,CAAC,GAAGC,MAAM,CAAA;EAEV,IAAI;IAAEC,MAAM;IAAEC,IAAI;EAAEC,EAAAA,MAAAA;EAAO,CAAC,GAAGH,MAAM,CAAC;EACtC,IAAI;IAAEI,KAAK;EAAEC,EAAAA,SAAAA;EAAU,CAAC,GAAG,OAAOC,OAAO,KAAK,WAAW,IAAIA,OAAO,CAAA;EAEpE,IAAI,CAACL,MAAM,EAAE;EACXA,EAAAA,MAAM,GAAG,SAAAA,MAAUM,CAAAA,CAAC,EAAE;EACpB,IAAA,OAAOA,CAAC,CAAA;KACT,CAAA;EACH,CAAA;EAEA,IAAI,CAACL,IAAI,EAAE;EACTA,EAAAA,IAAI,GAAG,SAAAA,IAAUK,CAAAA,CAAC,EAAE;EAClB,IAAA,OAAOA,CAAC,CAAA;KACT,CAAA;EACH,CAAA;EAEA,IAAI,CAACH,KAAK,EAAE;IACVA,KAAK,GAAG,SAAAA,KAAUI,CAAAA,GAAG,EAAEC,SAAS,EAAEC,IAAI,EAAE;EACtC,IAAA,OAAOF,GAAG,CAACJ,KAAK,CAACK,SAAS,EAAEC,IAAI,CAAC,CAAA;KAClC,CAAA;EACH,CAAA;EAEA,IAAI,CAACL,SAAS,EAAE;EACdA,EAAAA,SAAS,GAAG,SAAAA,SAAAA,CAAUM,IAAI,EAAED,IAAI,EAAE;EAChC,IAAA,OAAO,IAAIC,IAAI,CAAC,GAAGD,IAAI,CAAC,CAAA;KACzB,CAAA;EACH,CAAA;EAEA,MAAME,YAAY,GAAGC,OAAO,CAACC,KAAK,CAACC,SAAS,CAACC,OAAO,CAAC,CAAA;EAErD,MAAMC,QAAQ,GAAGJ,OAAO,CAACC,KAAK,CAACC,SAAS,CAACG,GAAG,CAAC,CAAA;EAC7C,MAAMC,SAAS,GAAGN,OAAO,CAACC,KAAK,CAACC,SAAS,CAACK,IAAI,CAAC,CAAA;EAG/C,MAAMC,iBAAiB,GAAGR,OAAO,CAACS,MAAM,CAACP,SAAS,CAACQ,WAAW,CAAC,CAAA;EAC/D,MAAMC,cAAc,GAAGX,OAAO,CAACS,MAAM,CAACP,SAAS,CAACU,QAAQ,CAAC,CAAA;EACzD,MAAMC,WAAW,GAAGb,OAAO,CAACS,MAAM,CAACP,SAAS,CAACY,KAAK,CAAC,CAAA;EACnD,MAAMC,aAAa,GAAGf,OAAO,CAACS,MAAM,CAACP,SAAS,CAACc,OAAO,CAAC,CAAA;EACvD,MAAMC,aAAa,GAAGjB,OAAO,CAACS,MAAM,CAACP,SAAS,CAACgB,OAAO,CAAC,CAAA;EACvD,MAAMC,UAAU,GAAGnB,OAAO,CAACS,MAAM,CAACP,SAAS,CAACkB,IAAI,CAAC,CAAA;EAEjD,MAAMC,oBAAoB,GAAGrB,OAAO,CAACb,MAAM,CAACe,SAAS,CAACoB,cAAc,CAAC,CAAA;EAErE,MAAMC,UAAU,GAAGvB,OAAO,CAACwB,MAAM,CAACtB,SAAS,CAACuB,IAAI,CAAC,CAAA;EAEjD,MAAMC,eAAe,GAAGC,WAAW,CAACC,SAAS,CAAC,CAAA;;EAE9C;EACA;EACA;EACA;EACA;EACA;EACA,SAAS5B,OAAOA,CAAC6B,IAAI,EAAE;EACrB,EAAA,OAAO,UAACC,OAAO,EAAA;MAAA,KAAAC,IAAAA,IAAA,GAAAC,SAAA,CAAAC,MAAA,EAAKpC,IAAI,OAAAI,KAAA,CAAA8B,IAAA,GAAAA,CAAAA,GAAAA,IAAA,WAAAG,IAAA,GAAA,CAAA,EAAAA,IAAA,GAAAH,IAAA,EAAAG,IAAA,EAAA,EAAA;EAAJrC,MAAAA,IAAI,CAAAqC,IAAA,GAAAF,CAAAA,CAAAA,GAAAA,SAAA,CAAAE,IAAA,CAAA,CAAA;EAAA,KAAA;EAAA,IAAA,OAAK3C,KAAK,CAACsC,IAAI,EAAEC,OAAO,EAAEjC,IAAI,CAAC,CAAA;EAAA,GAAA,CAAA;EACzD,CAAA;;EAEA;EACA;EACA;EACA;EACA;EACA;EACA,SAAS8B,WAAWA,CAACE,IAAI,EAAE;IACzB,OAAO,YAAA;EAAA,IAAA,KAAA,IAAAM,KAAA,GAAAH,SAAA,CAAAC,MAAA,EAAIpC,IAAI,GAAAI,IAAAA,KAAA,CAAAkC,KAAA,GAAAC,KAAA,GAAA,CAAA,EAAAA,KAAA,GAAAD,KAAA,EAAAC,KAAA,EAAA,EAAA;EAAJvC,MAAAA,IAAI,CAAAuC,KAAA,CAAAJ,GAAAA,SAAA,CAAAI,KAAA,CAAA,CAAA;EAAA,KAAA;EAAA,IAAA,OAAK5C,SAAS,CAACqC,IAAI,EAAEhC,IAAI,CAAC,CAAA;EAAA,GAAA,CAAA;EAC3C,CAAA;;EAEA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA,SAASwC,QAAQA,CAACC,GAAG,EAAEC,KAAK,EAAyC;EAAA,EAAA,IAAvCC,iBAAiB,GAAAR,SAAA,CAAAC,MAAA,GAAA,CAAA,IAAAD,SAAA,CAAA,CAAA,CAAA,KAAAS,SAAA,GAAAT,SAAA,CAAA,CAAA,CAAA,GAAGxB,iBAAiB,CAAA;EACjE,EAAA,IAAIzB,cAAc,EAAE;EAClB;EACA;EACA;EACAA,IAAAA,cAAc,CAACuD,GAAG,EAAE,IAAI,CAAC,CAAA;EAC3B,GAAA;EAEA,EAAA,IAAII,CAAC,GAAGH,KAAK,CAACN,MAAM,CAAA;IACpB,OAAOS,CAAC,EAAE,EAAE;EACV,IAAA,IAAIC,OAAO,GAAGJ,KAAK,CAACG,CAAC,CAAC,CAAA;EACtB,IAAA,IAAI,OAAOC,OAAO,KAAK,QAAQ,EAAE;EAC/B,MAAA,MAAMC,SAAS,GAAGJ,iBAAiB,CAACG,OAAO,CAAC,CAAA;QAC5C,IAAIC,SAAS,KAAKD,OAAO,EAAE;EACzB;EACA,QAAA,IAAI,CAAC3D,QAAQ,CAACuD,KAAK,CAAC,EAAE;EACpBA,UAAAA,KAAK,CAACG,CAAC,CAAC,GAAGE,SAAS,CAAA;EACtB,SAAA;EAEAD,QAAAA,OAAO,GAAGC,SAAS,CAAA;EACrB,OAAA;EACF,KAAA;EAEAN,IAAAA,GAAG,CAACK,OAAO,CAAC,GAAG,IAAI,CAAA;EACrB,GAAA;EAEA,EAAA,OAAOL,GAAG,CAAA;EACZ,CAAA;;EAEA;EACA;EACA;EACA;EACA;EACA;EACA,SAASO,UAAUA,CAACN,KAAK,EAAE;EACzB,EAAA,KAAK,IAAIO,KAAK,GAAG,CAAC,EAAEA,KAAK,GAAGP,KAAK,CAACN,MAAM,EAAEa,KAAK,EAAE,EAAE;EACjD,IAAA,MAAMC,eAAe,GAAG1B,oBAAoB,CAACkB,KAAK,EAAEO,KAAK,CAAC,CAAA;MAE1D,IAAI,CAACC,eAAe,EAAE;EACpBR,MAAAA,KAAK,CAACO,KAAK,CAAC,GAAG,IAAI,CAAA;EACrB,KAAA;EACF,GAAA;EAEA,EAAA,OAAOP,KAAK,CAAA;EACd,CAAA;;EAEA;EACA;EACA;EACA;EACA;EACA;EACA,SAASS,KAAKA,CAACC,MAAM,EAAE;EACrB,EAAA,MAAMC,SAAS,GAAG5D,MAAM,CAAC,IAAI,CAAC,CAAA;IAE9B,KAAK,MAAM,CAAC6D,QAAQ,EAAEC,KAAK,CAAC,IAAItE,OAAO,CAACmE,MAAM,CAAC,EAAE;EAC/C,IAAA,MAAMF,eAAe,GAAG1B,oBAAoB,CAAC4B,MAAM,EAAEE,QAAQ,CAAC,CAAA;EAE9D,IAAA,IAAIJ,eAAe,EAAE;EACnB,MAAA,IAAI9C,KAAK,CAACoD,OAAO,CAACD,KAAK,CAAC,EAAE;EACxBF,QAAAA,SAAS,CAACC,QAAQ,CAAC,GAAGN,UAAU,CAACO,KAAK,CAAC,CAAA;EACzC,OAAC,MAAM,IACLA,KAAK,IACL,OAAOA,KAAK,KAAK,QAAQ,IACzBA,KAAK,CAACE,WAAW,KAAKnE,MAAM,EAC5B;EACA+D,QAAAA,SAAS,CAACC,QAAQ,CAAC,GAAGH,KAAK,CAACI,KAAK,CAAC,CAAA;EACpC,OAAC,MAAM;EACLF,QAAAA,SAAS,CAACC,QAAQ,CAAC,GAAGC,KAAK,CAAA;EAC7B,OAAA;EACF,KAAA;EACF,GAAA;EAEA,EAAA,OAAOF,SAAS,CAAA;EAClB,CAAA;;EAEA;EACA;EACA;EACA;EACA;EACA;EACA;EACA,SAASK,YAAYA,CAACN,MAAM,EAAEO,IAAI,EAAE;IAClC,OAAOP,MAAM,KAAK,IAAI,EAAE;EACtB,IAAA,MAAMQ,IAAI,GAAGvE,wBAAwB,CAAC+D,MAAM,EAAEO,IAAI,CAAC,CAAA;EAEnD,IAAA,IAAIC,IAAI,EAAE;QACR,IAAIA,IAAI,CAACC,GAAG,EAAE;EACZ,QAAA,OAAO1D,OAAO,CAACyD,IAAI,CAACC,GAAG,CAAC,CAAA;EAC1B,OAAA;EAEA,MAAA,IAAI,OAAOD,IAAI,CAACL,KAAK,KAAK,UAAU,EAAE;EACpC,QAAA,OAAOpD,OAAO,CAACyD,IAAI,CAACL,KAAK,CAAC,CAAA;EAC5B,OAAA;EACF,KAAA;EAEAH,IAAAA,MAAM,GAAGhE,cAAc,CAACgE,MAAM,CAAC,CAAA;EACjC,GAAA;IAEA,SAASU,aAAaA,GAAG;EACvB,IAAA,OAAO,IAAI,CAAA;EACb,GAAA;EAEA,EAAA,OAAOA,aAAa,CAAA;EACtB;;EC1LO,MAAMC,MAAI,GAAGxE,MAAM,CAAC,CACzB,GAAG,EACH,MAAM,EACN,SAAS,EACT,SAAS,EACT,MAAM,EACN,SAAS,EACT,OAAO,EACP,OAAO,EACP,GAAG,EACH,KAAK,EACL,KAAK,EACL,KAAK,EACL,OAAO,EACP,YAAY,EACZ,MAAM,EACN,IAAI,EACJ,QAAQ,EACR,QAAQ,EACR,SAAS,EACT,QAAQ,EACR,MAAM,EACN,MAAM,EACN,KAAK,EACL,UAAU,EACV,SAAS,EACT,MAAM,EACN,UAAU,EACV,IAAI,EACJ,WAAW,EACX,KAAK,EACL,SAAS,EACT,KAAK,EACL,QAAQ,EACR,KAAK,EACL,KAAK,EACL,IAAI,EACJ,IAAI,EACJ,SAAS,EACT,IAAI,EACJ,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,MAAM,EACN,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,IAAI,EACJ,MAAM,EACN,GAAG,EACH,KAAK,EACL,OAAO,EACP,KAAK,EACL,KAAK,EACL,OAAO,EACP,QAAQ,EACR,IAAI,EACJ,MAAM,EACN,KAAK,EACL,MAAM,EACN,SAAS,EACT,MAAM,EACN,UAAU,EACV,OAAO,EACP,KAAK,EACL,MAAM,EACN,IAAI,EACJ,UAAU,EACV,QAAQ,EACR,QAAQ,EACR,GAAG,EACH,SAAS,EACT,KAAK,EACL,UAAU,EACV,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,GAAG,EACH,MAAM,EACN,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,KAAK,EACL,SAAS,EACT,KAAK,EACL,OAAO,EACP,OAAO,EACP,IAAI,EACJ,UAAU,EACV,UAAU,EACV,OAAO,EACP,IAAI,EACJ,OAAO,EACP,MAAM,EACN,IAAI,EACJ,OAAO,EACP,IAAI,EACJ,GAAG,EACH,IAAI,EACJ,KAAK,EACL,OAAO,EACP,KAAK,CACN,CAAC,CAAA;;EAEF;EACO,MAAMyE,KAAG,GAAGzE,MAAM,CAAC,CACxB,KAAK,EACL,GAAG,EACH,UAAU,EACV,aAAa,EACb,cAAc,EACd,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,QAAQ,EACR,UAAU,EACV,MAAM,EACN,MAAM,EACN,SAAS,EACT,QAAQ,EACR,MAAM,EACN,GAAG,EACH,OAAO,EACP,UAAU,EACV,OAAO,EACP,OAAO,EACP,MAAM,EACN,gBAAgB,EAChB,QAAQ,EACR,MAAM,EACN,UAAU,EACV,OAAO,EACP,MAAM,EACN,SAAS,EACT,SAAS,EACT,UAAU,EACV,gBAAgB,EAChB,MAAM,EACN,MAAM,EACN,OAAO,EACP,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,UAAU,EACV,OAAO,EACP,MAAM,EACN,OAAO,EACP,MAAM,EACN,OAAO,CACR,CAAC,CAAA;EAEK,MAAM0E,UAAU,GAAG1E,MAAM,CAAC,CAC/B,SAAS,EACT,eAAe,EACf,qBAAqB,EACrB,aAAa,EACb,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACT,gBAAgB,EAChB,SAAS,EACT,SAAS,EACT,aAAa,EACb,cAAc,EACd,UAAU,EACV,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,QAAQ,EACR,cAAc,CACf,CAAC,CAAA;;EAEF;EACA;EACA;EACA;EACO,MAAM2E,aAAa,GAAG3E,MAAM,CAAC,CAClC,SAAS,EACT,eAAe,EACf,QAAQ,EACR,SAAS,EACT,WAAW,EACX,kBAAkB,EAClB,gBAAgB,EAChB,eAAe,EACf,eAAe,EACf,eAAe,EACf,OAAO,EACP,WAAW,EACX,MAAM,EACN,cAAc,EACd,WAAW,EACX,SAAS,EACT,eAAe,EACf,QAAQ,EACR,KAAK,EACL,YAAY,EACZ,SAAS,EACT,KAAK,CACN,CAAC,CAAA;EAEK,MAAM4E,QAAM,GAAG5E,MAAM,CAAC,CAC3B,MAAM,EACN,UAAU,EACV,QAAQ,EACR,SAAS,EACT,OAAO,EACP,QAAQ,EACR,IAAI,EACJ,YAAY,EACZ,eAAe,EACf,IAAI,EACJ,IAAI,EACJ,OAAO,EACP,SAAS,EACT,UAAU,EACV,OAAO,EACP,MAAM,EACN,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,MAAM,EACN,MAAM,EACN,SAAS,EACT,QAAQ,EACR,KAAK,EACL,OAAO,EACP,KAAK,EACL,QAAQ,EACR,YAAY,EACZ,aAAa,CACd,CAAC,CAAA;;EAEF;EACA;EACO,MAAM6E,gBAAgB,GAAG7E,MAAM,CAAC,CACrC,SAAS,EACT,aAAa,EACb,YAAY,EACZ,UAAU,EACV,WAAW,EACX,SAAS,EACT,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,WAAW,EACX,YAAY,EACZ,gBAAgB,EAChB,aAAa,EACb,MAAM,CACP,CAAC,CAAA;EAEK,MAAM8E,IAAI,GAAG9E,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC;;ECrR9B,MAAMwE,IAAI,GAAGxE,MAAM,CAAC,CACzB,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,KAAK,EACL,gBAAgB,EAChB,cAAc,EACd,sBAAsB,EACtB,UAAU,EACV,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,SAAS,EACT,aAAa,EACb,aAAa,EACb,SAAS,EACT,MAAM,EACN,OAAO,EACP,OAAO,EACP,OAAO,EACP,MAAM,EACN,SAAS,EACT,UAAU,EACV,cAAc,EACd,QAAQ,EACR,aAAa,EACb,UAAU,EACV,UAAU,EACV,SAAS,EACT,KAAK,EACL,UAAU,EACV,yBAAyB,EACzB,uBAAuB,EACvB,UAAU,EACV,WAAW,EACX,SAAS,EACT,cAAc,EACd,MAAM,EACN,KAAK,EACL,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,MAAM,EACN,UAAU,EACV,IAAI,EACJ,WAAW,EACX,WAAW,EACX,OAAO,EACP,MAAM,EACN,OAAO,EACP,MAAM,EACN,MAAM,EACN,SAAS,EACT,MAAM,EACN,KAAK,EACL,KAAK,EACL,WAAW,EACX,OAAO,EACP,QAAQ,EACR,KAAK,EACL,WAAW,EACX,UAAU,EACV,OAAO,EACP,MAAM,EACN,OAAO,EACP,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,EACN,SAAS,EACT,SAAS,EACT,aAAa,EACb,aAAa,EACb,SAAS,EACT,eAAe,EACf,qBAAqB,EACrB,QAAQ,EACR,SAAS,EACT,SAAS,EACT,YAAY,EACZ,UAAU,EACV,KAAK,EACL,UAAU,EACV,KAAK,EACL,UAAU,EACV,MAAM,EACN,MAAM,EACN,SAAS,EACT,YAAY,EACZ,OAAO,EACP,UAAU,EACV,OAAO,EACP,MAAM,EACN,OAAO,EACP,MAAM,EACN,SAAS,EACT,OAAO,EACP,KAAK,EACL,QAAQ,EACR,MAAM,EACN,OAAO,EACP,SAAS,EACT,UAAU,EACV,OAAO,EACP,WAAW,EACX,MAAM,EACN,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,OAAO,EACP,MAAM,EACN,OAAO,EACP,MAAM,CACP,CAAC,CAAA;EAEK,MAAMyE,GAAG,GAAGzE,MAAM,CAAC,CACxB,eAAe,EACf,YAAY,EACZ,UAAU,EACV,oBAAoB,EACpB,WAAW,EACX,QAAQ,EACR,eAAe,EACf,eAAe,EACf,SAAS,EACT,eAAe,EACf,gBAAgB,EAChB,OAAO,EACP,MAAM,EACN,IAAI,EACJ,OAAO,EACP,MAAM,EACN,eAAe,EACf,WAAW,EACX,WAAW,EACX,OAAO,EACP,qBAAqB,EACrB,6BAA6B,EAC7B,eAAe,EACf,iBAAiB,EACjB,IAAI,EACJ,IAAI,EACJ,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,iBAAiB,EACjB,WAAW,EACX,SAAS,EACT,SAAS,EACT,KAAK,EACL,UAAU,EACV,WAAW,EACX,KAAK,EACL,UAAU,EACV,MAAM,EACN,cAAc,EACd,WAAW,EACX,QAAQ,EACR,aAAa,EACb,aAAa,EACb,eAAe,EACf,aAAa,EACb,WAAW,EACX,kBAAkB,EAClB,cAAc,EACd,YAAY,EACZ,cAAc,EACd,aAAa,EACb,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,YAAY,EACZ,UAAU,EACV,eAAe,EACf,mBAAmB,EACnB,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,iBAAiB,EACjB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,SAAS,EACT,WAAW,EACX,YAAY,EACZ,UAAU,EACV,MAAM,EACN,cAAc,EACd,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,OAAO,EACP,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,cAAc,EACd,aAAa,EACb,aAAa,EACb,kBAAkB,EAClB,WAAW,EACX,KAAK,EACL,MAAM,EACN,OAAO,EACP,QAAQ,EACR,MAAM,EACN,KAAK,EACL,MAAM,EACN,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,SAAS,EACT,OAAO,EACP,QAAQ,EACR,aAAa,EACb,QAAQ,EACR,UAAU,EACV,aAAa,EACb,MAAM,EACN,YAAY,EACZ,qBAAqB,EACrB,kBAAkB,EAClB,cAAc,EACd,QAAQ,EACR,eAAe,EACf,qBAAqB,EACrB,gBAAgB,EAChB,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,QAAQ,EACR,MAAM,EACN,MAAM,EACN,aAAa,EACb,WAAW,EACX,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,MAAM,EACN,iBAAiB,EACjB,OAAO,EACP,kBAAkB,EAClB,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,cAAc,EACd,aAAa,EACb,YAAY,EACZ,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,gBAAgB,EAChB,QAAQ,EACR,cAAc,EACd,OAAO,EACP,cAAc,EACd,gBAAgB,EAChB,UAAU,EACV,aAAa,EACb,SAAS,EACT,SAAS,EACT,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,YAAY,EACZ,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,SAAS,EACT,QAAQ,EACR,SAAS,EACT,YAAY,EACZ,SAAS,EACT,YAAY,EACZ,eAAe,EACf,eAAe,EACf,OAAO,EACP,cAAc,EACd,MAAM,EACN,cAAc,EACd,kBAAkB,EAClB,kBAAkB,EAClB,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,OAAO,EACP,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,GAAG,EACH,YAAY,CACb,CAAC,CAAA;EAEK,MAAM4E,MAAM,GAAG5E,MAAM,CAAC,CAC3B,QAAQ,EACR,aAAa,EACb,OAAO,EACP,UAAU,EACV,OAAO,EACP,cAAc,EACd,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,OAAO,EACP,KAAK,EACL,SAAS,EACT,cAAc,EACd,UAAU,EACV,OAAO,EACP,OAAO,EACP,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,SAAS,EACT,QAAQ,EACR,eAAe,EACf,QAAQ,EACR,QAAQ,EACR,gBAAgB,EAChB,WAAW,EACX,UAAU,EACV,aAAa,EACb,SAAS,EACT,SAAS,EACT,eAAe,EACf,UAAU,EACV,UAAU,EACV,MAAM,EACN,UAAU,EACV,UAAU,EACV,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,QAAQ,EACR,aAAa,EACb,eAAe,EACf,sBAAsB,EACtB,WAAW,EACX,WAAW,EACX,YAAY,EACZ,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,EACX,SAAS,EACT,OAAO,EACP,OAAO,CACR,CAAC,CAAA;EAEK,MAAM+E,GAAG,GAAG/E,MAAM,CAAC,CACxB,YAAY,EACZ,QAAQ,EACR,aAAa,EACb,WAAW,EACX,aAAa,CACd,CAAC;;EChXF;EACO,MAAMgF,aAAa,GAAG/E,IAAI,CAAC,2BAA2B,CAAC,CAAC;EACxD,MAAMgF,QAAQ,GAAGhF,IAAI,CAAC,uBAAuB,CAAC,CAAA;EAC9C,MAAMiF,WAAW,GAAGjF,IAAI,CAAC,eAAe,CAAC,CAAA;EACzC,MAAMkF,SAAS,GAAGlF,IAAI,CAAC,4BAA4B,CAAC,CAAC;EACrD,MAAMmF,SAAS,GAAGnF,IAAI,CAAC,gBAAgB,CAAC,CAAC;EACzC,MAAMoF,cAAc,GAAGpF,IAAI,CAChC,2FAA2F;EAC7F,CAAC,CAAA;EACM,MAAMqF,iBAAiB,GAAGrF,IAAI,CAAC,uBAAuB,CAAC,CAAA;EACvD,MAAMsF,eAAe,GAAGtF,IAAI,CACjC,6DAA6D;EAC/D,CAAC,CAAA;EACM,MAAMuF,YAAY,GAAGvF,IAAI,CAAC,SAAS,CAAC,CAAA;EACpC,MAAMwF,cAAc,GAAGxF,IAAI,CAAC,0BAA0B,CAAC;;;;;;;;;;;;;;;;ECQ9D;EACA,MAAMyF,SAAS,GAAG;EAChBnC,EAAAA,OAAO,EAAE,CAAC;EACVoC,EAAAA,SAAS,EAAE,CAAC;EACZb,EAAAA,IAAI,EAAE,CAAC;EACPc,EAAAA,YAAY,EAAE,CAAC;EACfC,EAAAA,eAAe,EAAE,CAAC;EAAE;EACpBC,EAAAA,UAAU,EAAE,CAAC;EAAE;EACfC,EAAAA,sBAAsB,EAAE,CAAC;EACzBC,EAAAA,OAAO,EAAE,CAAC;EACVC,EAAAA,QAAQ,EAAE,CAAC;EACXC,EAAAA,YAAY,EAAE,EAAE;EAChBC,EAAAA,gBAAgB,EAAE,EAAE;IACpBC,QAAQ,EAAE,EAAE;EACd,CAAC,CAAA;EAED,MAAMC,SAAS,GAAG,SAAZA,SAASA,GAAe;EAC5B,EAAA,OAAO,OAAOC,MAAM,KAAK,WAAW,GAAG,IAAI,GAAGA,MAAM,CAAA;EACtD,CAAC,CAAA;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA,MAAMC,yBAAyB,GAAG,SAA5BA,yBAAyBA,CAAaC,YAAY,EAAEC,iBAAiB,EAAE;IAC3E,IACE,OAAOD,YAAY,KAAK,QAAQ,IAChC,OAAOA,YAAY,CAACE,YAAY,KAAK,UAAU,EAC/C;EACA,IAAA,OAAO,IAAI,CAAA;EACb,GAAA;;EAEA;EACA;EACA;IACA,IAAIC,MAAM,GAAG,IAAI,CAAA;IACjB,MAAMC,SAAS,GAAG,uBAAuB,CAAA;IACzC,IAAIH,iBAAiB,IAAIA,iBAAiB,CAACI,YAAY,CAACD,SAAS,CAAC,EAAE;EAClED,IAAAA,MAAM,GAAGF,iBAAiB,CAACK,YAAY,CAACF,SAAS,CAAC,CAAA;EACpD,GAAA;IAEA,MAAMG,UAAU,GAAG,WAAW,IAAIJ,MAAM,GAAG,GAAG,GAAGA,MAAM,GAAG,EAAE,CAAC,CAAA;IAE7D,IAAI;EACF,IAAA,OAAOH,YAAY,CAACE,YAAY,CAACK,UAAU,EAAE;QAC3CC,UAAUA,CAACxC,IAAI,EAAE;EACf,QAAA,OAAOA,IAAI,CAAA;SACZ;QACDyC,eAAeA,CAACC,SAAS,EAAE;EACzB,QAAA,OAAOA,SAAS,CAAA;EAClB,OAAA;EACF,KAAC,CAAC,CAAA;KACH,CAAC,OAAOC,CAAC,EAAE;EACV;EACA;EACA;MACAC,OAAO,CAACC,IAAI,CACV,sBAAsB,GAAGN,UAAU,GAAG,wBACxC,CAAC,CAAA;EACD,IAAA,OAAO,IAAI,CAAA;EACb,GAAA;EACF,CAAC,CAAA;EAED,SAASO,eAAeA,GAAuB;EAAA,EAAA,IAAtBhB,MAAM,GAAA1D,SAAA,CAAAC,MAAA,GAAAD,CAAAA,IAAAA,SAAA,CAAAS,CAAAA,CAAAA,KAAAA,SAAA,GAAAT,SAAA,CAAGyD,CAAAA,CAAAA,GAAAA,SAAS,EAAE,CAAA;EAC3C,EAAA,MAAMkB,SAAS,GAAIC,IAAI,IAAKF,eAAe,CAACE,IAAI,CAAC,CAAA;;EAEjD;EACF;EACA;EACA;IACED,SAAS,CAACE,OAAO,GAAGC,OAAO,CAAA;;EAE3B;EACF;EACA;EACA;IACEH,SAAS,CAACI,OAAO,GAAG,EAAE,CAAA;EAEtB,EAAA,IACE,CAACrB,MAAM,IACP,CAACA,MAAM,CAACL,QAAQ,IAChBK,MAAM,CAACL,QAAQ,CAAC2B,QAAQ,KAAKlC,SAAS,CAACO,QAAQ,EAC/C;EACA;EACA;MACAsB,SAAS,CAACM,WAAW,GAAG,KAAK,CAAA;EAE7B,IAAA,OAAON,SAAS,CAAA;EAClB,GAAA;IAEA,IAAI;EAAEtB,IAAAA,QAAAA;EAAS,GAAC,GAAGK,MAAM,CAAA;IAEzB,MAAMwB,gBAAgB,GAAG7B,QAAQ,CAAA;EACjC,EAAA,MAAM8B,aAAa,GAAGD,gBAAgB,CAACC,aAAa,CAAA;IACpD,MAAM;MACJC,gBAAgB;MAChBC,mBAAmB;MACnBC,IAAI;MACJC,OAAO;MACPC,UAAU;EACVC,IAAAA,YAAY,GAAG/B,MAAM,CAAC+B,YAAY,IAAI/B,MAAM,CAACgC,eAAe;MAC5DC,eAAe;MACfC,SAAS;EACThC,IAAAA,YAAAA;EACF,GAAC,GAAGF,MAAM,CAAA;EAEV,EAAA,MAAMmC,gBAAgB,GAAGN,OAAO,CAACrH,SAAS,CAAA;EAE1C,EAAA,MAAM4H,SAAS,GAAGvE,YAAY,CAACsE,gBAAgB,EAAE,WAAW,CAAC,CAAA;EAC7D,EAAA,MAAME,MAAM,GAAGxE,YAAY,CAACsE,gBAAgB,EAAE,QAAQ,CAAC,CAAA;EACvD,EAAA,MAAMG,cAAc,GAAGzE,YAAY,CAACsE,gBAAgB,EAAE,aAAa,CAAC,CAAA;EACpE,EAAA,MAAMI,aAAa,GAAG1E,YAAY,CAACsE,gBAAgB,EAAE,YAAY,CAAC,CAAA;EAClE,EAAA,MAAMK,aAAa,GAAG3E,YAAY,CAACsE,gBAAgB,EAAE,YAAY,CAAC,CAAA;;EAElE;EACA;EACA;EACA;EACA;EACA;EACA,EAAA,IAAI,OAAOR,mBAAmB,KAAK,UAAU,EAAE;EAC7C,IAAA,MAAMc,QAAQ,GAAG9C,QAAQ,CAAC+C,aAAa,CAAC,UAAU,CAAC,CAAA;MACnD,IAAID,QAAQ,CAACE,OAAO,IAAIF,QAAQ,CAACE,OAAO,CAACC,aAAa,EAAE;EACtDjD,MAAAA,QAAQ,GAAG8C,QAAQ,CAACE,OAAO,CAACC,aAAa,CAAA;EAC3C,KAAA;EACF,GAAA;EAEA,EAAA,IAAIC,kBAAkB,CAAA;IACtB,IAAIC,SAAS,GAAG,EAAE,CAAA;IAElB,MAAM;MACJC,cAAc;MACdC,kBAAkB;MAClBC,sBAAsB;EACtBC,IAAAA,oBAAAA;EACF,GAAC,GAAGvD,QAAQ,CAAA;IACZ,MAAM;EAAEwD,IAAAA,UAAAA;EAAW,GAAC,GAAG3B,gBAAgB,CAAA;IAEvC,IAAI4B,KAAK,GAAG,EAAE,CAAA;;EAEd;EACF;EACA;EACEnC,EAAAA,SAAS,CAACM,WAAW,GACnB,OAAOnI,OAAO,KAAK,UAAU,IAC7B,OAAOoJ,aAAa,KAAK,UAAU,IACnCO,cAAc,IACdA,cAAc,CAACM,kBAAkB,KAAKtG,SAAS,CAAA;IAEjD,MAAM;MACJ2B,aAAa;MACbC,QAAQ;MACRC,WAAW;MACXC,SAAS;MACTC,SAAS;MACTE,iBAAiB;MACjBC,eAAe;EACfE,IAAAA,cAAAA;EACF,GAAC,GAAGmE,WAAW,CAAA;IAEf,IAAI;EAAEvE,oBAAAA,gBAAAA;EAAe,GAAC,GAAGuE,WAAW,CAAA;;EAEpC;EACF;EACA;EACA;;EAEE;IACA,IAAIC,YAAY,GAAG,IAAI,CAAA;EACvB,EAAA,MAAMC,oBAAoB,GAAG7G,QAAQ,CAAC,EAAE,EAAE,CACxC,GAAG8G,MAAS,EACZ,GAAGA,KAAQ,EACX,GAAGA,UAAe,EAClB,GAAGA,QAAW,EACd,GAAGA,IAAS,CACb,CAAC,CAAA;;EAEF;IACA,IAAIC,YAAY,GAAG,IAAI,CAAA;EACvB,EAAA,MAAMC,oBAAoB,GAAGhH,QAAQ,CAAC,EAAE,EAAE,CACxC,GAAGiH,IAAU,EACb,GAAGA,GAAS,EACZ,GAAGA,MAAY,EACf,GAAGA,GAAS,CACb,CAAC,CAAA;;EAEF;EACF;EACA;EACA;EACA;EACA;IACE,IAAIC,uBAAuB,GAAGpK,MAAM,CAACE,IAAI,CACvCC,MAAM,CAAC,IAAI,EAAE;EACXkK,IAAAA,YAAY,EAAE;EACZC,MAAAA,QAAQ,EAAE,IAAI;EACdC,MAAAA,YAAY,EAAE,KAAK;EACnBC,MAAAA,UAAU,EAAE,IAAI;EAChBvG,MAAAA,KAAK,EAAE,IAAA;OACR;EACDwG,IAAAA,kBAAkB,EAAE;EAClBH,MAAAA,QAAQ,EAAE,IAAI;EACdC,MAAAA,YAAY,EAAE,KAAK;EACnBC,MAAAA,UAAU,EAAE,IAAI;EAChBvG,MAAAA,KAAK,EAAE,IAAA;OACR;EACDyG,IAAAA,8BAA8B,EAAE;EAC9BJ,MAAAA,QAAQ,EAAE,IAAI;EACdC,MAAAA,YAAY,EAAE,KAAK;EACnBC,MAAAA,UAAU,EAAE,IAAI;EAChBvG,MAAAA,KAAK,EAAE,KAAA;EACT,KAAA;EACF,GAAC,CACH,CAAC,CAAA;;EAED;IACA,IAAI0G,WAAW,GAAG,IAAI,CAAA;;EAEtB;IACA,IAAIC,WAAW,GAAG,IAAI,CAAA;;EAEtB;IACA,IAAIC,eAAe,GAAG,IAAI,CAAA;;EAE1B;IACA,IAAIC,eAAe,GAAG,IAAI,CAAA;;EAE1B;IACA,IAAIC,uBAAuB,GAAG,KAAK,CAAA;;EAEnC;EACF;IACE,IAAIC,wBAAwB,GAAG,IAAI,CAAA;;EAEnC;EACF;EACA;IACE,IAAIC,kBAAkB,GAAG,KAAK,CAAA;;EAE9B;EACF;EACA;IACE,IAAIC,YAAY,GAAG,IAAI,CAAA;;EAEvB;IACA,IAAIC,cAAc,GAAG,KAAK,CAAA;;EAE1B;IACA,IAAIC,UAAU,GAAG,KAAK,CAAA;;EAEtB;EACF;IACE,IAAIC,UAAU,GAAG,KAAK,CAAA;;EAEtB;EACF;EACA;EACA;IACE,IAAIC,UAAU,GAAG,KAAK,CAAA;;EAEtB;EACF;IACE,IAAIC,mBAAmB,GAAG,KAAK,CAAA;;EAE/B;EACF;IACE,IAAIC,mBAAmB,GAAG,KAAK,CAAA;;EAE/B;EACF;EACA;IACE,IAAIC,YAAY,GAAG,IAAI,CAAA;;EAEvB;EACF;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;IACE,IAAIC,oBAAoB,GAAG,KAAK,CAAA;IAChC,MAAMC,2BAA2B,GAAG,eAAe,CAAA;;EAEnD;IACA,IAAIC,YAAY,GAAG,IAAI,CAAA;;EAEvB;EACF;IACE,IAAIC,QAAQ,GAAG,KAAK,CAAA;;EAEpB;IACA,IAAIC,YAAY,GAAG,EAAE,CAAA;;EAErB;IACA,IAAIC,eAAe,GAAG,IAAI,CAAA;IAC1B,MAAMC,uBAAuB,GAAG9I,QAAQ,CAAC,EAAE,EAAE,CAC3C,gBAAgB,EAChB,OAAO,EACP,UAAU,EACV,MAAM,EACN,eAAe,EACf,MAAM,EACN,QAAQ,EACR,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,OAAO,EACP,SAAS,EACT,UAAU,EACV,UAAU,EACV,WAAW,EACX,QAAQ,EACR,OAAO,EACP,KAAK,EACL,UAAU,EACV,OAAO,EACP,OAAO,EACP,OAAO,EACP,KAAK,CACN,CAAC,CAAA;;EAEF;IACA,IAAI+I,aAAa,GAAG,IAAI,CAAA;IACxB,MAAMC,qBAAqB,GAAGhJ,QAAQ,CAAC,EAAE,EAAE,CACzC,OAAO,EACP,OAAO,EACP,KAAK,EACL,QAAQ,EACR,OAAO,EACP,OAAO,CACR,CAAC,CAAA;;EAEF;IACA,IAAIiJ,mBAAmB,GAAG,IAAI,CAAA;EAC9B,EAAA,MAAMC,2BAA2B,GAAGlJ,QAAQ,CAAC,EAAE,EAAE,CAC/C,KAAK,EACL,OAAO,EACP,KAAK,EACL,IAAI,EACJ,OAAO,EACP,MAAM,EACN,SAAS,EACT,aAAa,EACb,MAAM,EACN,SAAS,EACT,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR,CAAC,CAAA;IAEF,MAAMmJ,gBAAgB,GAAG,oCAAoC,CAAA;IAC7D,MAAMC,aAAa,GAAG,4BAA4B,CAAA;IAClD,MAAMC,cAAc,GAAG,8BAA8B,CAAA;EACrD;IACA,IAAIC,SAAS,GAAGD,cAAc,CAAA;IAC9B,IAAIE,cAAc,GAAG,KAAK,CAAA;;EAE1B;IACA,IAAIC,kBAAkB,GAAG,IAAI,CAAA;EAC7B,EAAA,MAAMC,0BAA0B,GAAGzJ,QAAQ,CACzC,EAAE,EACF,CAACmJ,gBAAgB,EAAEC,aAAa,EAAEC,cAAc,CAAC,EACjD/K,cACF,CAAC,CAAA;EAED,EAAA,IAAIoL,8BAA8B,GAAG1J,QAAQ,CAAC,EAAE,EAAE,CAChD,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,OAAO,CACR,CAAC,CAAA;IAEF,IAAI2J,uBAAuB,GAAG3J,QAAQ,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAA;;EAE9D;EACA;EACA;EACA;EACA,EAAA,MAAM4J,4BAA4B,GAAG5J,QAAQ,CAAC,EAAE,EAAE,CAChD,OAAO,EACP,OAAO,EACP,MAAM,EACN,GAAG,EACH,QAAQ,CACT,CAAC,CAAA;;EAEF;IACA,IAAI6J,iBAAiB,GAAG,IAAI,CAAA;EAC5B,EAAA,MAAMC,4BAA4B,GAAG,CAAC,uBAAuB,EAAE,WAAW,CAAC,CAAA;IAC3E,MAAMC,yBAAyB,GAAG,WAAW,CAAA;IAC7C,IAAI5J,iBAAiB,GAAG,IAAI,CAAA;;EAE5B;IACA,IAAI6J,MAAM,GAAG,IAAI,CAAA;;EAEjB;EACA;;EAEA,EAAA,MAAMC,WAAW,GAAGjH,QAAQ,CAAC+C,aAAa,CAAC,MAAM,CAAC,CAAA;EAElD,EAAA,MAAMmE,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAaC,SAAS,EAAE;EAC7C,IAAA,OAAOA,SAAS,YAAYhL,MAAM,IAAIgL,SAAS,YAAYC,QAAQ,CAAA;KACpE,CAAA;;EAED;EACF;EACA;EACA;EACA;EACE;EACA,EAAA,MAAMC,YAAY,GAAG,SAAfA,YAAYA,GAAuB;EAAA,IAAA,IAAVC,GAAG,GAAA3K,SAAA,CAAAC,MAAA,GAAA,CAAA,IAAAD,SAAA,CAAA,CAAA,CAAA,KAAAS,SAAA,GAAAT,SAAA,CAAA,CAAA,CAAA,GAAG,EAAE,CAAA;EACrC,IAAA,IAAIqK,MAAM,IAAIA,MAAM,KAAKM,GAAG,EAAE;EAC5B,MAAA,OAAA;EACF,KAAA;;EAEA;EACA,IAAA,IAAI,CAACA,GAAG,IAAI,OAAOA,GAAG,KAAK,QAAQ,EAAE;QACnCA,GAAG,GAAG,EAAE,CAAA;EACV,KAAA;;EAEA;EACAA,IAAAA,GAAG,GAAG3J,KAAK,CAAC2J,GAAG,CAAC,CAAA;MAEhBT,iBAAiB;EACf;EACAC,IAAAA,4BAA4B,CAACjL,OAAO,CAACyL,GAAG,CAACT,iBAAiB,CAAC,KAAK,CAAC,CAAC,GAC9DE,yBAAyB,GACzBO,GAAG,CAACT,iBAAiB,CAAA;;EAE3B;EACA1J,IAAAA,iBAAiB,GACf0J,iBAAiB,KAAK,uBAAuB,GACzCvL,cAAc,GACdH,iBAAiB,CAAA;;EAEvB;MACAyI,YAAY,GAAG5H,oBAAoB,CAACsL,GAAG,EAAE,cAAc,CAAC,GACpDtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAAC1D,YAAY,EAAEzG,iBAAiB,CAAC,GACjD0G,oBAAoB,CAAA;MACxBE,YAAY,GAAG/H,oBAAoB,CAACsL,GAAG,EAAE,cAAc,CAAC,GACpDtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAACvD,YAAY,EAAE5G,iBAAiB,CAAC,GACjD6G,oBAAoB,CAAA;MACxBwC,kBAAkB,GAAGxK,oBAAoB,CAACsL,GAAG,EAAE,oBAAoB,CAAC,GAChEtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAACd,kBAAkB,EAAElL,cAAc,CAAC,GACpDmL,0BAA0B,CAAA;EAC9BR,IAAAA,mBAAmB,GAAGjK,oBAAoB,CAACsL,GAAG,EAAE,mBAAmB,CAAC,GAChEtK,QAAQ,CACNW,KAAK,CAACuI,2BAA2B,CAAC;EAAE;EACpCoB,IAAAA,GAAG,CAACC,iBAAiB;EAAE;EACvBpK,IAAAA,iBAAiB;EACnB,KAAC;EAAC,MACF+I,2BAA2B,CAAA;EAC/BH,IAAAA,aAAa,GAAG/J,oBAAoB,CAACsL,GAAG,EAAE,mBAAmB,CAAC,GAC1DtK,QAAQ,CACNW,KAAK,CAACqI,qBAAqB,CAAC;EAAE;EAC9BsB,IAAAA,GAAG,CAACE,iBAAiB;EAAE;EACvBrK,IAAAA,iBAAiB;EACnB,KAAC;EAAC,MACF6I,qBAAqB,CAAA;MACzBH,eAAe,GAAG7J,oBAAoB,CAACsL,GAAG,EAAE,iBAAiB,CAAC,GAC1DtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAACzB,eAAe,EAAE1I,iBAAiB,CAAC,GACpD2I,uBAAuB,CAAA;MAC3BrB,WAAW,GAAGzI,oBAAoB,CAACsL,GAAG,EAAE,aAAa,CAAC,GAClDtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAAC7C,WAAW,EAAEtH,iBAAiB,CAAC,GAChD,EAAE,CAAA;MACNuH,WAAW,GAAG1I,oBAAoB,CAACsL,GAAG,EAAE,aAAa,CAAC,GAClDtK,QAAQ,CAAC,EAAE,EAAEsK,GAAG,CAAC5C,WAAW,EAAEvH,iBAAiB,CAAC,GAChD,EAAE,CAAA;EACNyI,IAAAA,YAAY,GAAG5J,oBAAoB,CAACsL,GAAG,EAAE,cAAc,CAAC,GACpDA,GAAG,CAAC1B,YAAY,GAChB,KAAK,CAAA;EACTjB,IAAAA,eAAe,GAAG2C,GAAG,CAAC3C,eAAe,KAAK,KAAK,CAAC;EAChDC,IAAAA,eAAe,GAAG0C,GAAG,CAAC1C,eAAe,KAAK,KAAK,CAAC;EAChDC,IAAAA,uBAAuB,GAAGyC,GAAG,CAACzC,uBAAuB,IAAI,KAAK,CAAC;EAC/DC,IAAAA,wBAAwB,GAAGwC,GAAG,CAACxC,wBAAwB,KAAK,KAAK,CAAC;EAClEC,IAAAA,kBAAkB,GAAGuC,GAAG,CAACvC,kBAAkB,IAAI,KAAK,CAAC;EACrDC,IAAAA,YAAY,GAAGsC,GAAG,CAACtC,YAAY,KAAK,KAAK,CAAC;EAC1CC,IAAAA,cAAc,GAAGqC,GAAG,CAACrC,cAAc,IAAI,KAAK,CAAC;EAC7CG,IAAAA,UAAU,GAAGkC,GAAG,CAAClC,UAAU,IAAI,KAAK,CAAC;EACrCC,IAAAA,mBAAmB,GAAGiC,GAAG,CAACjC,mBAAmB,IAAI,KAAK,CAAC;EACvDC,IAAAA,mBAAmB,GAAGgC,GAAG,CAAChC,mBAAmB,IAAI,KAAK,CAAC;EACvDH,IAAAA,UAAU,GAAGmC,GAAG,CAACnC,UAAU,IAAI,KAAK,CAAC;EACrCI,IAAAA,YAAY,GAAG+B,GAAG,CAAC/B,YAAY,KAAK,KAAK,CAAC;EAC1CC,IAAAA,oBAAoB,GAAG8B,GAAG,CAAC9B,oBAAoB,IAAI,KAAK,CAAC;EACzDE,IAAAA,YAAY,GAAG4B,GAAG,CAAC5B,YAAY,KAAK,KAAK,CAAC;EAC1CC,IAAAA,QAAQ,GAAG2B,GAAG,CAAC3B,QAAQ,IAAI,KAAK,CAAC;EACjCvG,IAAAA,gBAAc,GAAGkI,GAAG,CAACG,kBAAkB,IAAI9D,cAA0B,CAAA;EACrE2C,IAAAA,SAAS,GAAGgB,GAAG,CAAChB,SAAS,IAAID,cAAc,CAAA;EAC3CK,IAAAA,8BAA8B,GAC5BY,GAAG,CAACZ,8BAA8B,IAAIA,8BAA8B,CAAA;EACtEC,IAAAA,uBAAuB,GACrBW,GAAG,CAACX,uBAAuB,IAAIA,uBAAuB,CAAA;EAExDzC,IAAAA,uBAAuB,GAAGoD,GAAG,CAACpD,uBAAuB,IAAI,EAAE,CAAA;EAC3D,IAAA,IACEoD,GAAG,CAACpD,uBAAuB,IAC3BgD,iBAAiB,CAACI,GAAG,CAACpD,uBAAuB,CAACC,YAAY,CAAC,EAC3D;EACAD,MAAAA,uBAAuB,CAACC,YAAY,GAClCmD,GAAG,CAACpD,uBAAuB,CAACC,YAAY,CAAA;EAC5C,KAAA;EAEA,IAAA,IACEmD,GAAG,CAACpD,uBAAuB,IAC3BgD,iBAAiB,CAACI,GAAG,CAACpD,uBAAuB,CAACK,kBAAkB,CAAC,EACjE;EACAL,MAAAA,uBAAuB,CAACK,kBAAkB,GACxC+C,GAAG,CAACpD,uBAAuB,CAACK,kBAAkB,CAAA;EAClD,KAAA;EAEA,IAAA,IACE+C,GAAG,CAACpD,uBAAuB,IAC3B,OAAOoD,GAAG,CAACpD,uBAAuB,CAACM,8BAA8B,KAC/D,SAAS,EACX;EACAN,MAAAA,uBAAuB,CAACM,8BAA8B,GACpD8C,GAAG,CAACpD,uBAAuB,CAACM,8BAA8B,CAAA;EAC9D,KAAA;EAEA,IAAA,IAAIO,kBAAkB,EAAE;EACtBH,MAAAA,eAAe,GAAG,KAAK,CAAA;EACzB,KAAA;EAEA,IAAA,IAAIS,mBAAmB,EAAE;EACvBD,MAAAA,UAAU,GAAG,IAAI,CAAA;EACnB,KAAA;;EAEA;EACA,IAAA,IAAIQ,YAAY,EAAE;QAChBhC,YAAY,GAAG5G,QAAQ,CAAC,EAAE,EAAE8G,IAAS,CAAC,CAAA;EACtCC,MAAAA,YAAY,GAAG,EAAE,CAAA;EACjB,MAAA,IAAI6B,YAAY,CAACrH,IAAI,KAAK,IAAI,EAAE;EAC9BvB,QAAAA,QAAQ,CAAC4G,YAAY,EAAEE,MAAS,CAAC,CAAA;EACjC9G,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,IAAU,CAAC,CAAA;EACpC,OAAA;EAEA,MAAA,IAAI2B,YAAY,CAACpH,GAAG,KAAK,IAAI,EAAE;EAC7BxB,QAAAA,QAAQ,CAAC4G,YAAY,EAAEE,KAAQ,CAAC,CAAA;EAChC9G,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;EACjCjH,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;EACnC,OAAA;EAEA,MAAA,IAAI2B,YAAY,CAACnH,UAAU,KAAK,IAAI,EAAE;EACpCzB,QAAAA,QAAQ,CAAC4G,YAAY,EAAEE,UAAe,CAAC,CAAA;EACvC9G,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;EACjCjH,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;EACnC,OAAA;EAEA,MAAA,IAAI2B,YAAY,CAACjH,MAAM,KAAK,IAAI,EAAE;EAChC3B,QAAAA,QAAQ,CAAC4G,YAAY,EAAEE,QAAW,CAAC,CAAA;EACnC9G,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,MAAY,CAAC,CAAA;EACpCjH,QAAAA,QAAQ,CAAC+G,YAAY,EAAEE,GAAS,CAAC,CAAA;EACnC,OAAA;EACF,KAAA;;EAEA;MACA,IAAIqD,GAAG,CAACI,QAAQ,EAAE;QAChB,IAAI9D,YAAY,KAAKC,oBAAoB,EAAE;EACzCD,QAAAA,YAAY,GAAGjG,KAAK,CAACiG,YAAY,CAAC,CAAA;EACpC,OAAA;QAEA5G,QAAQ,CAAC4G,YAAY,EAAE0D,GAAG,CAACI,QAAQ,EAAEvK,iBAAiB,CAAC,CAAA;EACzD,KAAA;MAEA,IAAImK,GAAG,CAACK,QAAQ,EAAE;QAChB,IAAI5D,YAAY,KAAKC,oBAAoB,EAAE;EACzCD,QAAAA,YAAY,GAAGpG,KAAK,CAACoG,YAAY,CAAC,CAAA;EACpC,OAAA;QAEA/G,QAAQ,CAAC+G,YAAY,EAAEuD,GAAG,CAACK,QAAQ,EAAExK,iBAAiB,CAAC,CAAA;EACzD,KAAA;MAEA,IAAImK,GAAG,CAACC,iBAAiB,EAAE;QACzBvK,QAAQ,CAACiJ,mBAAmB,EAAEqB,GAAG,CAACC,iBAAiB,EAAEpK,iBAAiB,CAAC,CAAA;EACzE,KAAA;MAEA,IAAImK,GAAG,CAACzB,eAAe,EAAE;QACvB,IAAIA,eAAe,KAAKC,uBAAuB,EAAE;EAC/CD,QAAAA,eAAe,GAAGlI,KAAK,CAACkI,eAAe,CAAC,CAAA;EAC1C,OAAA;QAEA7I,QAAQ,CAAC6I,eAAe,EAAEyB,GAAG,CAACzB,eAAe,EAAE1I,iBAAiB,CAAC,CAAA;EACnE,KAAA;;EAEA;EACA,IAAA,IAAIuI,YAAY,EAAE;EAChB9B,MAAAA,YAAY,CAAC,OAAO,CAAC,GAAG,IAAI,CAAA;EAC9B,KAAA;;EAEA;EACA,IAAA,IAAIqB,cAAc,EAAE;QAClBjI,QAAQ,CAAC4G,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;EAClD,KAAA;;EAEA;MACA,IAAIA,YAAY,CAACgE,KAAK,EAAE;EACtB5K,MAAAA,QAAQ,CAAC4G,YAAY,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;QACjC,OAAOa,WAAW,CAACoD,KAAK,CAAA;EAC1B,KAAA;MAEA,IAAIP,GAAG,CAACQ,oBAAoB,EAAE;QAC5B,IAAI,OAAOR,GAAG,CAACQ,oBAAoB,CAAC/G,UAAU,KAAK,UAAU,EAAE;UAC7D,MAAM1E,eAAe,CACnB,6EACF,CAAC,CAAA;EACH,OAAA;QAEA,IAAI,OAAOiL,GAAG,CAACQ,oBAAoB,CAAC9G,eAAe,KAAK,UAAU,EAAE;UAClE,MAAM3E,eAAe,CACnB,kFACF,CAAC,CAAA;EACH,OAAA;;EAEA;QACA6G,kBAAkB,GAAGoE,GAAG,CAACQ,oBAAoB,CAAA;;EAE7C;EACA3E,MAAAA,SAAS,GAAGD,kBAAkB,CAACnC,UAAU,CAAC,EAAE,CAAC,CAAA;EAC/C,KAAC,MAAM;EACL;QACA,IAAImC,kBAAkB,KAAK9F,SAAS,EAAE;EACpC8F,QAAAA,kBAAkB,GAAG5C,yBAAyB,CAC5CC,YAAY,EACZuB,aACF,CAAC,CAAA;EACH,OAAA;;EAEA;QACA,IAAIoB,kBAAkB,KAAK,IAAI,IAAI,OAAOC,SAAS,KAAK,QAAQ,EAAE;EAChEA,QAAAA,SAAS,GAAGD,kBAAkB,CAACnC,UAAU,CAAC,EAAE,CAAC,CAAA;EAC/C,OAAA;EACF,KAAA;;EAEA;EACA;EACA,IAAA,IAAIhH,MAAM,EAAE;QACVA,MAAM,CAACuN,GAAG,CAAC,CAAA;EACb,KAAA;EAEAN,IAAAA,MAAM,GAAGM,GAAG,CAAA;KACb,CAAA;;EAED;EACF;EACA;IACE,MAAMS,YAAY,GAAG/K,QAAQ,CAAC,EAAE,EAAE,CAChC,GAAG8G,KAAQ,EACX,GAAGA,UAAe,EAClB,GAAGA,aAAkB,CACtB,CAAC,CAAA;EACF,EAAA,MAAMkE,eAAe,GAAGhL,QAAQ,CAAC,EAAE,EAAE,CACnC,GAAG8G,QAAW,EACd,GAAGA,gBAAqB,CACzB,CAAC,CAAA;;EAEF;EACF;EACA;EACA;EACA;EACA;EACE,EAAA,MAAMmE,oBAAoB,GAAG,SAAvBA,oBAAoBA,CAAa3K,OAAO,EAAE;EAC9C,IAAA,IAAI4K,MAAM,GAAGrF,aAAa,CAACvF,OAAO,CAAC,CAAA;;EAEnC;EACA;EACA,IAAA,IAAI,CAAC4K,MAAM,IAAI,CAACA,MAAM,CAACC,OAAO,EAAE;EAC9BD,MAAAA,MAAM,GAAG;EACPE,QAAAA,YAAY,EAAE9B,SAAS;EACvB6B,QAAAA,OAAO,EAAE,UAAA;SACV,CAAA;EACH,KAAA;EAEA,IAAA,MAAMA,OAAO,GAAGhN,iBAAiB,CAACmC,OAAO,CAAC6K,OAAO,CAAC,CAAA;EAClD,IAAA,MAAME,aAAa,GAAGlN,iBAAiB,CAAC+M,MAAM,CAACC,OAAO,CAAC,CAAA;EAEvD,IAAA,IAAI,CAAC3B,kBAAkB,CAAClJ,OAAO,CAAC8K,YAAY,CAAC,EAAE;EAC7C,MAAA,OAAO,KAAK,CAAA;EACd,KAAA;EAEA,IAAA,IAAI9K,OAAO,CAAC8K,YAAY,KAAKhC,aAAa,EAAE;EAC1C;EACA;EACA;EACA,MAAA,IAAI8B,MAAM,CAACE,YAAY,KAAK/B,cAAc,EAAE;UAC1C,OAAO8B,OAAO,KAAK,KAAK,CAAA;EAC1B,OAAA;;EAEA;EACA;EACA;EACA,MAAA,IAAID,MAAM,CAACE,YAAY,KAAKjC,gBAAgB,EAAE;EAC5C,QAAA,OACEgC,OAAO,KAAK,KAAK,KAChBE,aAAa,KAAK,gBAAgB,IACjC3B,8BAA8B,CAAC2B,aAAa,CAAC,CAAC,CAAA;EAEpD,OAAA;;EAEA;EACA;EACA,MAAA,OAAOC,OAAO,CAACP,YAAY,CAACI,OAAO,CAAC,CAAC,CAAA;EACvC,KAAA;EAEA,IAAA,IAAI7K,OAAO,CAAC8K,YAAY,KAAKjC,gBAAgB,EAAE;EAC7C;EACA;EACA;EACA,MAAA,IAAI+B,MAAM,CAACE,YAAY,KAAK/B,cAAc,EAAE;UAC1C,OAAO8B,OAAO,KAAK,MAAM,CAAA;EAC3B,OAAA;;EAEA;EACA;EACA,MAAA,IAAID,MAAM,CAACE,YAAY,KAAKhC,aAAa,EAAE;EACzC,QAAA,OAAO+B,OAAO,KAAK,MAAM,IAAIxB,uBAAuB,CAAC0B,aAAa,CAAC,CAAA;EACrE,OAAA;;EAEA;EACA;EACA,MAAA,OAAOC,OAAO,CAACN,eAAe,CAACG,OAAO,CAAC,CAAC,CAAA;EAC1C,KAAA;EAEA,IAAA,IAAI7K,OAAO,CAAC8K,YAAY,KAAK/B,cAAc,EAAE;EAC3C;EACA;EACA;QACA,IACE6B,MAAM,CAACE,YAAY,KAAKhC,aAAa,IACrC,CAACO,uBAAuB,CAAC0B,aAAa,CAAC,EACvC;EACA,QAAA,OAAO,KAAK,CAAA;EACd,OAAA;QAEA,IACEH,MAAM,CAACE,YAAY,KAAKjC,gBAAgB,IACxC,CAACO,8BAA8B,CAAC2B,aAAa,CAAC,EAC9C;EACA,QAAA,OAAO,KAAK,CAAA;EACd,OAAA;;EAEA;EACA;EACA,MAAA,OACE,CAACL,eAAe,CAACG,OAAO,CAAC,KACxBvB,4BAA4B,CAACuB,OAAO,CAAC,IAAI,CAACJ,YAAY,CAACI,OAAO,CAAC,CAAC,CAAA;EAErE,KAAA;;EAEA;MACA,IACEtB,iBAAiB,KAAK,uBAAuB,IAC7CL,kBAAkB,CAAClJ,OAAO,CAAC8K,YAAY,CAAC,EACxC;EACA,MAAA,OAAO,IAAI,CAAA;EACb,KAAA;;EAEA;EACA;EACA;EACA;EACA,IAAA,OAAO,KAAK,CAAA;KACb,CAAA;;EAED;EACF;EACA;EACA;EACA;EACE,EAAA,MAAMG,YAAY,GAAG,SAAfA,YAAYA,CAAaC,IAAI,EAAE;EACnCvN,IAAAA,SAAS,CAACqG,SAAS,CAACI,OAAO,EAAE;EAAEpE,MAAAA,OAAO,EAAEkL,IAAAA;EAAK,KAAC,CAAC,CAAA;MAE/C,IAAI;EACF;EACA3F,MAAAA,aAAa,CAAC2F,IAAI,CAAC,CAACC,WAAW,CAACD,IAAI,CAAC,CAAA;OACtC,CAAC,OAAOtH,CAAC,EAAE;QACVwB,MAAM,CAAC8F,IAAI,CAAC,CAAA;EACd,KAAA;KACD,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;IACE,MAAME,gBAAgB,GAAG,SAAnBA,gBAAgBA,CAAaC,IAAI,EAAEH,IAAI,EAAE;MAC7C,IAAI;EACFvN,MAAAA,SAAS,CAACqG,SAAS,CAACI,OAAO,EAAE;EAC3BhC,QAAAA,SAAS,EAAE8I,IAAI,CAACI,gBAAgB,CAACD,IAAI,CAAC;EACtCE,QAAAA,IAAI,EAAEL,IAAAA;EACR,OAAC,CAAC,CAAA;OACH,CAAC,OAAOtH,CAAC,EAAE;EACVjG,MAAAA,SAAS,CAACqG,SAAS,CAACI,OAAO,EAAE;EAC3BhC,QAAAA,SAAS,EAAE,IAAI;EACfmJ,QAAAA,IAAI,EAAEL,IAAAA;EACR,OAAC,CAAC,CAAA;EACJ,KAAA;EAEAA,IAAAA,IAAI,CAACM,eAAe,CAACH,IAAI,CAAC,CAAA;;EAE1B;MACA,IAAIA,IAAI,KAAK,IAAI,IAAI,CAAC5E,YAAY,CAAC4E,IAAI,CAAC,EAAE;QACxC,IAAIvD,UAAU,IAAIC,mBAAmB,EAAE;UACrC,IAAI;YACFkD,YAAY,CAACC,IAAI,CAAC,CAAA;EACpB,SAAC,CAAC,OAAOtH,CAAC,EAAE,EAAC;EACf,OAAC,MAAM;UACL,IAAI;EACFsH,UAAAA,IAAI,CAACO,YAAY,CAACJ,IAAI,EAAE,EAAE,CAAC,CAAA;EAC7B,SAAC,CAAC,OAAOzH,CAAC,EAAE,EAAC;EACf,OAAA;EACF,KAAA;KACD,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACE,EAAA,MAAM8H,aAAa,GAAG,SAAhBA,aAAaA,CAAaC,KAAK,EAAE;EACrC;MACA,IAAIC,GAAG,GAAG,IAAI,CAAA;MACd,IAAIC,iBAAiB,GAAG,IAAI,CAAA;EAE5B,IAAA,IAAIhE,UAAU,EAAE;QACd8D,KAAK,GAAG,mBAAmB,GAAGA,KAAK,CAAA;EACrC,KAAC,MAAM;EACL;EACA,MAAA,MAAMG,OAAO,GAAG5N,WAAW,CAACyN,KAAK,EAAE,aAAa,CAAC,CAAA;EACjDE,MAAAA,iBAAiB,GAAGC,OAAO,IAAIA,OAAO,CAAC,CAAC,CAAC,CAAA;EAC3C,KAAA;EAEA,IAAA,IACEvC,iBAAiB,KAAK,uBAAuB,IAC7CP,SAAS,KAAKD,cAAc,EAC5B;EACA;EACA4C,MAAAA,KAAK,GACH,gEAAgE,GAChEA,KAAK,GACL,gBAAgB,CAAA;EACpB,KAAA;MAEA,MAAMI,YAAY,GAAGnG,kBAAkB,GACnCA,kBAAkB,CAACnC,UAAU,CAACkI,KAAK,CAAC,GACpCA,KAAK,CAAA;EACT;EACJ;EACA;EACA;MACI,IAAI3C,SAAS,KAAKD,cAAc,EAAE;QAChC,IAAI;UACF6C,GAAG,GAAG,IAAI3G,SAAS,EAAE,CAAC+G,eAAe,CAACD,YAAY,EAAExC,iBAAiB,CAAC,CAAA;EACxE,OAAC,CAAC,OAAO3F,CAAC,EAAE,EAAC;EACf,KAAA;;EAEA;EACA,IAAA,IAAI,CAACgI,GAAG,IAAI,CAACA,GAAG,CAACK,eAAe,EAAE;QAChCL,GAAG,GAAG9F,cAAc,CAACoG,cAAc,CAAClD,SAAS,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;QAChE,IAAI;UACF4C,GAAG,CAACK,eAAe,CAACE,SAAS,GAAGlD,cAAc,GAC1CpD,SAAS,GACTkG,YAAY,CAAA;SACjB,CAAC,OAAOnI,CAAC,EAAE;EACV;EAAA,OAAA;EAEJ,KAAA;MAEA,MAAMwI,IAAI,GAAGR,GAAG,CAACQ,IAAI,IAAIR,GAAG,CAACK,eAAe,CAAA;MAE5C,IAAIN,KAAK,IAAIE,iBAAiB,EAAE;EAC9BO,MAAAA,IAAI,CAACC,YAAY,CACf3J,QAAQ,CAAC4J,cAAc,CAACT,iBAAiB,CAAC,EAC1CO,IAAI,CAACG,UAAU,CAAC,CAAC,CAAC,IAAI,IACxB,CAAC,CAAA;EACH,KAAA;;EAEA;MACA,IAAIvD,SAAS,KAAKD,cAAc,EAAE;EAChC,MAAA,OAAO9C,oBAAoB,CAACuG,IAAI,CAC9BZ,GAAG,EACHjE,cAAc,GAAG,MAAM,GAAG,MAC5B,CAAC,CAAC,CAAC,CAAC,CAAA;EACN,KAAA;EAEA,IAAA,OAAOA,cAAc,GAAGiE,GAAG,CAACK,eAAe,GAAGG,IAAI,CAAA;KACnD,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACE,EAAA,MAAMK,mBAAmB,GAAG,SAAtBA,mBAAmBA,CAAaxI,IAAI,EAAE;MAC1C,OAAO8B,kBAAkB,CAACyG,IAAI,CAC5BvI,IAAI,CAAC0B,aAAa,IAAI1B,IAAI,EAC1BA,IAAI;EACJ;MACAY,UAAU,CAAC6H,YAAY,GACrB7H,UAAU,CAAC8H,YAAY,GACvB9H,UAAU,CAAC+H,SAAS,GACpB/H,UAAU,CAACgI,2BAA2B,GACtChI,UAAU,CAACiI,kBAAkB,EAC/B,IACF,CAAC,CAAA;KACF,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACE,EAAA,MAAMC,YAAY,GAAG,SAAfA,YAAYA,CAAaC,GAAG,EAAE;EAClC,IAAA,OACEA,GAAG,YAAYhI,eAAe,KAC7B,OAAOgI,GAAG,CAACC,QAAQ,KAAK,QAAQ,IAC/B,OAAOD,GAAG,CAACE,WAAW,KAAK,QAAQ,IACnC,OAAOF,GAAG,CAAC7B,WAAW,KAAK,UAAU,IACrC,EAAE6B,GAAG,CAACG,UAAU,YAAYrI,YAAY,CAAC,IACzC,OAAOkI,GAAG,CAACxB,eAAe,KAAK,UAAU,IACzC,OAAOwB,GAAG,CAACvB,YAAY,KAAK,UAAU,IACtC,OAAOuB,GAAG,CAAClC,YAAY,KAAK,QAAQ,IACpC,OAAOkC,GAAG,CAACX,YAAY,KAAK,UAAU,IACtC,OAAOW,GAAG,CAACI,aAAa,KAAK,UAAU,CAAC,CAAA;KAE7C,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACE,EAAA,MAAMC,OAAO,GAAG,SAAVA,OAAOA,CAAa/M,MAAM,EAAE;EAChC,IAAA,OAAO,OAAOqE,IAAI,KAAK,UAAU,IAAIrE,MAAM,YAAYqE,IAAI,CAAA;KAC5D,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACA;EACA;IACE,MAAM2I,YAAY,GAAG,SAAfA,YAAYA,CAAaC,UAAU,EAAEC,WAAW,EAAEC,IAAI,EAAE;EAC5D,IAAA,IAAI,CAACtH,KAAK,CAACoH,UAAU,CAAC,EAAE;EACtB,MAAA,OAAA;EACF,KAAA;EAEAnQ,IAAAA,YAAY,CAAC+I,KAAK,CAACoH,UAAU,CAAC,EAAGG,IAAI,IAAK;QACxCA,IAAI,CAAClB,IAAI,CAACxI,SAAS,EAAEwJ,WAAW,EAAEC,IAAI,EAAE/D,MAAM,CAAC,CAAA;EACjD,KAAC,CAAC,CAAA;KACH,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACE,EAAA,MAAMiE,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAaH,WAAW,EAAE;MAC/C,IAAI9H,OAAO,GAAG,IAAI,CAAA;;EAElB;EACA4H,IAAAA,YAAY,CAAC,wBAAwB,EAAEE,WAAW,EAAE,IAAI,CAAC,CAAA;;EAEzD;EACA,IAAA,IAAIT,YAAY,CAACS,WAAW,CAAC,EAAE;QAC7BvC,YAAY,CAACuC,WAAW,CAAC,CAAA;EACzB,MAAA,OAAO,IAAI,CAAA;EACb,KAAA;;EAEA;EACA,IAAA,MAAM3C,OAAO,GAAGhL,iBAAiB,CAAC2N,WAAW,CAACP,QAAQ,CAAC,CAAA;;EAEvD;EACAK,IAAAA,YAAY,CAAC,qBAAqB,EAAEE,WAAW,EAAE;QAC/C3C,OAAO;EACP+C,MAAAA,WAAW,EAAEtH,YAAAA;EACf,KAAC,CAAC,CAAA;;EAEF;EACA,IAAA,IACEkH,WAAW,CAACJ,aAAa,EAAE,IAC3B,CAACC,OAAO,CAACG,WAAW,CAACK,iBAAiB,CAAC,IACvCjP,UAAU,CAAC,SAAS,EAAE4O,WAAW,CAACrB,SAAS,CAAC,IAC5CvN,UAAU,CAAC,SAAS,EAAE4O,WAAW,CAACN,WAAW,CAAC,EAC9C;QACAjC,YAAY,CAACuC,WAAW,CAAC,CAAA;EACzB,MAAA,OAAO,IAAI,CAAA;EACb,KAAA;;EAEA;EACA,IAAA,IAAIA,WAAW,CAACnJ,QAAQ,KAAKlC,SAAS,CAACK,sBAAsB,EAAE;QAC7DyI,YAAY,CAACuC,WAAW,CAAC,CAAA;EACzB,MAAA,OAAO,IAAI,CAAA;EACb,KAAA;;EAEA;EACA,IAAA,IACE9F,YAAY,IACZ8F,WAAW,CAACnJ,QAAQ,KAAKlC,SAAS,CAACM,OAAO,IAC1C7D,UAAU,CAAC,SAAS,EAAE4O,WAAW,CAACC,IAAI,CAAC,EACvC;QACAxC,YAAY,CAACuC,WAAW,CAAC,CAAA;EACzB,MAAA,OAAO,IAAI,CAAA;EACb,KAAA;;EAEA;MACA,IAAI,CAAClH,YAAY,CAACuE,OAAO,CAAC,IAAI1D,WAAW,CAAC0D,OAAO,CAAC,EAAE;EAClD;QACA,IAAI,CAAC1D,WAAW,CAAC0D,OAAO,CAAC,IAAIiD,qBAAqB,CAACjD,OAAO,CAAC,EAAE;EAC3D,QAAA,IACEjE,uBAAuB,CAACC,YAAY,YAAYhI,MAAM,IACtDD,UAAU,CAACgI,uBAAuB,CAACC,YAAY,EAAEgE,OAAO,CAAC,EACzD;EACA,UAAA,OAAO,KAAK,CAAA;EACd,SAAA;EAEA,QAAA,IACEjE,uBAAuB,CAACC,YAAY,YAAYiD,QAAQ,IACxDlD,uBAAuB,CAACC,YAAY,CAACgE,OAAO,CAAC,EAC7C;EACA,UAAA,OAAO,KAAK,CAAA;EACd,SAAA;EACF,OAAA;;EAEA;EACA,MAAA,IAAIzC,YAAY,IAAI,CAACG,eAAe,CAACsC,OAAO,CAAC,EAAE;UAC7C,MAAMkD,UAAU,GAAGxI,aAAa,CAACiI,WAAW,CAAC,IAAIA,WAAW,CAACO,UAAU,CAAA;UACvE,MAAMxB,UAAU,GAAGjH,aAAa,CAACkI,WAAW,CAAC,IAAIA,WAAW,CAACjB,UAAU,CAAA;UAEvE,IAAIA,UAAU,IAAIwB,UAAU,EAAE;EAC5B,UAAA,MAAMC,UAAU,GAAGzB,UAAU,CAACjN,MAAM,CAAA;EAEpC,UAAA,KAAK,IAAI2O,CAAC,GAAGD,UAAU,GAAG,CAAC,EAAEC,CAAC,IAAI,CAAC,EAAE,EAAEA,CAAC,EAAE;cACxC,MAAMC,UAAU,GAAG/I,SAAS,CAACoH,UAAU,CAAC0B,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;cACjDC,UAAU,CAACC,cAAc,GAAG,CAACX,WAAW,CAACW,cAAc,IAAI,CAAC,IAAI,CAAC,CAAA;cACjEJ,UAAU,CAAC1B,YAAY,CAAC6B,UAAU,EAAE7I,cAAc,CAACmI,WAAW,CAAC,CAAC,CAAA;EAClE,WAAA;EACF,SAAA;EACF,OAAA;QAEAvC,YAAY,CAACuC,WAAW,CAAC,CAAA;EACzB,MAAA,OAAO,IAAI,CAAA;EACb,KAAA;;EAEA;MACA,IAAIA,WAAW,YAAY5I,OAAO,IAAI,CAAC+F,oBAAoB,CAAC6C,WAAW,CAAC,EAAE;QACxEvC,YAAY,CAACuC,WAAW,CAAC,CAAA;EACzB,MAAA,OAAO,IAAI,CAAA;EACb,KAAA;;EAEA;MACA,IACE,CAAC3C,OAAO,KAAK,UAAU,IACrBA,OAAO,KAAK,SAAS,IACrBA,OAAO,KAAK,UAAU,KACxBjM,UAAU,CAAC,6BAA6B,EAAE4O,WAAW,CAACrB,SAAS,CAAC,EAChE;QACAlB,YAAY,CAACuC,WAAW,CAAC,CAAA;EACzB,MAAA,OAAO,IAAI,CAAA;EACb,KAAA;;EAEA;MACA,IAAI/F,kBAAkB,IAAI+F,WAAW,CAACnJ,QAAQ,KAAKlC,SAAS,CAACZ,IAAI,EAAE;EACjE;QACAmE,OAAO,GAAG8H,WAAW,CAACN,WAAW,CAAA;QAEjC9P,YAAY,CAAC,CAACqE,aAAa,EAAEC,QAAQ,EAAEC,WAAW,CAAC,EAAGyM,IAAI,IAAK;UAC7D1I,OAAO,GAAGtH,aAAa,CAACsH,OAAO,EAAE0I,IAAI,EAAE,GAAG,CAAC,CAAA;EAC7C,OAAC,CAAC,CAAA;EAEF,MAAA,IAAIZ,WAAW,CAACN,WAAW,KAAKxH,OAAO,EAAE;EACvC/H,QAAAA,SAAS,CAACqG,SAAS,CAACI,OAAO,EAAE;EAAEpE,UAAAA,OAAO,EAAEwN,WAAW,CAACrI,SAAS,EAAC;EAAE,SAAC,CAAC,CAAA;UAClEqI,WAAW,CAACN,WAAW,GAAGxH,OAAO,CAAA;EACnC,OAAA;EACF,KAAA;;EAEA;EACA4H,IAAAA,YAAY,CAAC,uBAAuB,EAAEE,WAAW,EAAE,IAAI,CAAC,CAAA;EAExD,IAAA,OAAO,KAAK,CAAA;KACb,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACA;EACA;EACE;IACA,MAAMa,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAaC,KAAK,EAAEC,MAAM,EAAE9N,KAAK,EAAE;EACxD;EACA,IAAA,IACEwH,YAAY,KACXsG,MAAM,KAAK,IAAI,IAAIA,MAAM,KAAK,MAAM,CAAC,KACrC9N,KAAK,IAAIiC,QAAQ,IAAIjC,KAAK,IAAIkJ,WAAW,CAAC,EAC3C;EACA,MAAA,OAAO,KAAK,CAAA;EACd,KAAA;;EAEA;EACJ;EACA;EACA;EACI,IAAA,IACErC,eAAe,IACf,CAACF,WAAW,CAACmH,MAAM,CAAC,IACpB3P,UAAU,CAACgD,SAAS,EAAE2M,MAAM,CAAC,EAC7B,CAED,MAAM,IAAIlH,eAAe,IAAIzI,UAAU,CAACiD,SAAS,EAAE0M,MAAM,CAAC,EAAE,CAG5D,MAAM,IAAI,CAAC9H,YAAY,CAAC8H,MAAM,CAAC,IAAInH,WAAW,CAACmH,MAAM,CAAC,EAAE;EACvD,MAAA;EACE;EACA;EACA;EACCT,MAAAA,qBAAqB,CAACQ,KAAK,CAAC,KACzB1H,uBAAuB,CAACC,YAAY,YAAYhI,MAAM,IACtDD,UAAU,CAACgI,uBAAuB,CAACC,YAAY,EAAEyH,KAAK,CAAC,IACtD1H,uBAAuB,CAACC,YAAY,YAAYiD,QAAQ,IACvDlD,uBAAuB,CAACC,YAAY,CAACyH,KAAK,CAAE,CAAC,KAC/C1H,uBAAuB,CAACK,kBAAkB,YAAYpI,MAAM,IAC5DD,UAAU,CAACgI,uBAAuB,CAACK,kBAAkB,EAAEsH,MAAM,CAAC,IAC7D3H,uBAAuB,CAACK,kBAAkB,YAAY6C,QAAQ,IAC7DlD,uBAAuB,CAACK,kBAAkB,CAACsH,MAAM,CAAE,CAAC;EAC1D;EACA;EACCA,MAAAA,MAAM,KAAK,IAAI,IACd3H,uBAAuB,CAACM,8BAA8B,KACpDN,uBAAuB,CAACC,YAAY,YAAYhI,MAAM,IACtDD,UAAU,CAACgI,uBAAuB,CAACC,YAAY,EAAEpG,KAAK,CAAC,IACtDmG,uBAAuB,CAACC,YAAY,YAAYiD,QAAQ,IACvDlD,uBAAuB,CAACC,YAAY,CAACpG,KAAK,CAAE,CAAE,EACpD,CAGD,MAAM;EACL,QAAA,OAAO,KAAK,CAAA;EACd,OAAA;EACA;EACF,KAAC,MAAM,IAAIkI,mBAAmB,CAAC4F,MAAM,CAAC,EAAE,CAIvC,MAAM,IACL3P,UAAU,CAACkD,gBAAc,EAAE1D,aAAa,CAACqC,KAAK,EAAEuB,eAAe,EAAE,EAAE,CAAC,CAAC,EACrE,CAID,MAAM,IACL,CAACuM,MAAM,KAAK,KAAK,IAAIA,MAAM,KAAK,YAAY,IAAIA,MAAM,KAAK,MAAM,KACjED,KAAK,KAAK,QAAQ,IAClBhQ,aAAa,CAACmC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,IACnCgI,aAAa,CAAC6F,KAAK,CAAC,EACpB,CAKD,MAAM,IACL/G,uBAAuB,IACvB,CAAC3I,UAAU,CAACmD,iBAAiB,EAAE3D,aAAa,CAACqC,KAAK,EAAEuB,eAAe,EAAE,EAAE,CAAC,CAAC,EACzE,CAGD,MAAM,IAAIvB,KAAK,EAAE;EAChB,MAAA,OAAO,KAAK,CAAA;EACd,KAAC,MAAM,CAEL;EAGF,IAAA,OAAO,IAAI,CAAA;KACZ,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACA;EACA;EACE,EAAA,MAAMqN,qBAAqB,GAAG,SAAxBA,qBAAqBA,CAAajD,OAAO,EAAE;MAC/C,OAAOA,OAAO,KAAK,gBAAgB,IAAI3M,WAAW,CAAC2M,OAAO,EAAE3I,cAAc,CAAC,CAAA;KAC5E,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACE,EAAA,MAAMsM,mBAAmB,GAAG,SAAtBA,mBAAmBA,CAAahB,WAAW,EAAE;EACjD;EACAF,IAAAA,YAAY,CAAC,0BAA0B,EAAEE,WAAW,EAAE,IAAI,CAAC,CAAA;MAE3D,MAAM;EAAEL,MAAAA,UAAAA;EAAW,KAAC,GAAGK,WAAW,CAAA;;EAElC;MACA,IAAI,CAACL,UAAU,EAAE;EACf,MAAA,OAAA;EACF,KAAA;EAEA,IAAA,MAAMsB,SAAS,GAAG;EAChBC,MAAAA,QAAQ,EAAE,EAAE;EACZC,MAAAA,SAAS,EAAE,EAAE;EACbC,MAAAA,QAAQ,EAAE,IAAI;EACdC,MAAAA,iBAAiB,EAAEpI,YAAAA;OACpB,CAAA;EACD,IAAA,IAAI1G,CAAC,GAAGoN,UAAU,CAAC7N,MAAM,CAAA;;EAEzB;MACA,OAAOS,CAAC,EAAE,EAAE;EACV,MAAA,MAAM+O,IAAI,GAAG3B,UAAU,CAACpN,CAAC,CAAC,CAAA;QAC1B,MAAM;UAAEsL,IAAI;UAAEP,YAAY;EAAErK,QAAAA,KAAK,EAAEkO,SAAAA;EAAU,OAAC,GAAGG,IAAI,CAAA;EACrD,MAAA,MAAMP,MAAM,GAAG1O,iBAAiB,CAACwL,IAAI,CAAC,CAAA;QAEtC,IAAI5K,KAAK,GAAG4K,IAAI,KAAK,OAAO,GAAGsD,SAAS,GAAGnQ,UAAU,CAACmQ,SAAS,CAAC,CAAA;;EAEhE;QACAF,SAAS,CAACC,QAAQ,GAAGH,MAAM,CAAA;QAC3BE,SAAS,CAACE,SAAS,GAAGlO,KAAK,CAAA;QAC3BgO,SAAS,CAACG,QAAQ,GAAG,IAAI,CAAA;EACzBH,MAAAA,SAAS,CAACM,aAAa,GAAGjP,SAAS,CAAC;EACpCwN,MAAAA,YAAY,CAAC,uBAAuB,EAAEE,WAAW,EAAEiB,SAAS,CAAC,CAAA;QAC7DhO,KAAK,GAAGgO,SAAS,CAACE,SAAS,CAAA;;EAE3B;EACN;EACA;QACM,IAAIzG,oBAAoB,KAAKqG,MAAM,KAAK,IAAI,IAAIA,MAAM,KAAK,MAAM,CAAC,EAAE;EAClE;EACAnD,QAAAA,gBAAgB,CAACC,IAAI,EAAEmC,WAAW,CAAC,CAAA;;EAEnC;UACA/M,KAAK,GAAG0H,2BAA2B,GAAG1H,KAAK,CAAA;EAC7C,OAAA;;EAEA;QACA,IAAIiH,YAAY,IAAI9I,UAAU,CAAC,+BAA+B,EAAE6B,KAAK,CAAC,EAAE;EACtE2K,QAAAA,gBAAgB,CAACC,IAAI,EAAEmC,WAAW,CAAC,CAAA;EACnC,QAAA,SAAA;EACF,OAAA;;EAEA;QACA,IAAIiB,SAAS,CAACM,aAAa,EAAE;EAC3B,QAAA,SAAA;EACF,OAAA;;EAEA;EACA3D,MAAAA,gBAAgB,CAACC,IAAI,EAAEmC,WAAW,CAAC,CAAA;;EAEnC;EACA,MAAA,IAAI,CAACiB,SAAS,CAACG,QAAQ,EAAE;EACvB,QAAA,SAAA;EACF,OAAA;;EAEA;QACA,IAAI,CAACpH,wBAAwB,IAAI5I,UAAU,CAAC,MAAM,EAAE6B,KAAK,CAAC,EAAE;EAC1D2K,QAAAA,gBAAgB,CAACC,IAAI,EAAEmC,WAAW,CAAC,CAAA;EACnC,QAAA,SAAA;EACF,OAAA;;EAEA;EACA,MAAA,IAAI/F,kBAAkB,EAAE;UACtBrK,YAAY,CAAC,CAACqE,aAAa,EAAEC,QAAQ,EAAEC,WAAW,CAAC,EAAGyM,IAAI,IAAK;YAC7D3N,KAAK,GAAGrC,aAAa,CAACqC,KAAK,EAAE2N,IAAI,EAAE,GAAG,CAAC,CAAA;EACzC,SAAC,CAAC,CAAA;EACJ,OAAA;;EAEA;EACA,MAAA,MAAME,KAAK,GAAGzO,iBAAiB,CAAC2N,WAAW,CAACP,QAAQ,CAAC,CAAA;QACrD,IAAI,CAACoB,iBAAiB,CAACC,KAAK,EAAEC,MAAM,EAAE9N,KAAK,CAAC,EAAE;EAC5C,QAAA,SAAA;EACF,OAAA;;EAEA;EACA,MAAA,IACEmF,kBAAkB,IAClB,OAAO3C,YAAY,KAAK,QAAQ,IAChC,OAAOA,YAAY,CAAC+L,gBAAgB,KAAK,UAAU,EACnD;EACA,QAAA,IAAIlE,YAAY,EAAE,CAEjB,MAAM;EACL,UAAA,QAAQ7H,YAAY,CAAC+L,gBAAgB,CAACV,KAAK,EAAEC,MAAM,CAAC;EAClD,YAAA,KAAK,aAAa;EAAE,cAAA;EAClB9N,gBAAAA,KAAK,GAAGmF,kBAAkB,CAACnC,UAAU,CAAChD,KAAK,CAAC,CAAA;EAC5C,gBAAA,MAAA;EACF,eAAA;EAEA,YAAA,KAAK,kBAAkB;EAAE,cAAA;EACvBA,gBAAAA,KAAK,GAAGmF,kBAAkB,CAAClC,eAAe,CAACjD,KAAK,CAAC,CAAA;EACjD,gBAAA,MAAA;EACF,eAAA;EAKF,WAAA;EACF,SAAA;EACF,OAAA;;EAEA;QACA,IAAI;EACF,QAAA,IAAIqK,YAAY,EAAE;YAChB0C,WAAW,CAACyB,cAAc,CAACnE,YAAY,EAAEO,IAAI,EAAE5K,KAAK,CAAC,CAAA;EACvD,SAAC,MAAM;EACL;EACA+M,UAAAA,WAAW,CAAC/B,YAAY,CAACJ,IAAI,EAAE5K,KAAK,CAAC,CAAA;EACvC,SAAA;EAEA,QAAA,IAAIsM,YAAY,CAACS,WAAW,CAAC,EAAE;YAC7BvC,YAAY,CAACuC,WAAW,CAAC,CAAA;EAC3B,SAAC,MAAM;EACL/P,UAAAA,QAAQ,CAACuG,SAAS,CAACI,OAAO,CAAC,CAAA;EAC7B,SAAA;EACF,OAAC,CAAC,OAAOR,CAAC,EAAE,EAAC;EACf,KAAA;;EAEA;EACA0J,IAAAA,YAAY,CAAC,yBAAyB,EAAEE,WAAW,EAAE,IAAI,CAAC,CAAA;KAC3D,CAAA;;EAED;EACF;EACA;EACA;EACA;EACE,EAAA,MAAM0B,kBAAkB,GAAG,SAArBA,kBAAkBA,CAAaC,QAAQ,EAAE;MAC7C,IAAIC,UAAU,GAAG,IAAI,CAAA;EACrB,IAAA,MAAMC,cAAc,GAAG5C,mBAAmB,CAAC0C,QAAQ,CAAC,CAAA;;EAEpD;EACA7B,IAAAA,YAAY,CAAC,yBAAyB,EAAE6B,QAAQ,EAAE,IAAI,CAAC,CAAA;EAEvD,IAAA,OAAQC,UAAU,GAAGC,cAAc,CAACC,QAAQ,EAAE,EAAG;EAC/C;EACAhC,MAAAA,YAAY,CAAC,wBAAwB,EAAE8B,UAAU,EAAE,IAAI,CAAC,CAAA;;EAExD;EACA,MAAA,IAAIzB,iBAAiB,CAACyB,UAAU,CAAC,EAAE;EACjC,QAAA,SAAA;EACF,OAAA;;EAEA;EACA,MAAA,IAAIA,UAAU,CAAC1J,OAAO,YAAYjB,gBAAgB,EAAE;EAClDyK,QAAAA,kBAAkB,CAACE,UAAU,CAAC1J,OAAO,CAAC,CAAA;EACxC,OAAA;;EAEA;QACA8I,mBAAmB,CAACY,UAAU,CAAC,CAAA;EACjC,KAAA;;EAEA;EACA9B,IAAAA,YAAY,CAAC,wBAAwB,EAAE6B,QAAQ,EAAE,IAAI,CAAC,CAAA;KACvD,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACA;EACE;EACAnL,EAAAA,SAAS,CAACuL,QAAQ,GAAG,UAAU5D,KAAK,EAAY;EAAA,IAAA,IAAV3B,GAAG,GAAA3K,SAAA,CAAAC,MAAA,GAAA,CAAA,IAAAD,SAAA,CAAA,CAAA,CAAA,KAAAS,SAAA,GAAAT,SAAA,CAAA,CAAA,CAAA,GAAG,EAAE,CAAA;MAC5C,IAAI+M,IAAI,GAAG,IAAI,CAAA;MACf,IAAIoD,YAAY,GAAG,IAAI,CAAA;MACvB,IAAIhC,WAAW,GAAG,IAAI,CAAA;MACtB,IAAIiC,UAAU,GAAG,IAAI,CAAA;EACrB;EACJ;EACA;MACIxG,cAAc,GAAG,CAAC0C,KAAK,CAAA;EACvB,IAAA,IAAI1C,cAAc,EAAE;EAClB0C,MAAAA,KAAK,GAAG,OAAO,CAAA;EACjB,KAAA;;EAEA;MACA,IAAI,OAAOA,KAAK,KAAK,QAAQ,IAAI,CAAC0B,OAAO,CAAC1B,KAAK,CAAC,EAAE;EAChD,MAAA,IAAI,OAAOA,KAAK,CAAC1N,QAAQ,KAAK,UAAU,EAAE;EACxC0N,QAAAA,KAAK,GAAGA,KAAK,CAAC1N,QAAQ,EAAE,CAAA;EACxB,QAAA,IAAI,OAAO0N,KAAK,KAAK,QAAQ,EAAE;YAC7B,MAAM5M,eAAe,CAAC,iCAAiC,CAAC,CAAA;EAC1D,SAAA;EACF,OAAC,MAAM;UACL,MAAMA,eAAe,CAAC,4BAA4B,CAAC,CAAA;EACrD,OAAA;EACF,KAAA;;EAEA;EACA,IAAA,IAAI,CAACiF,SAAS,CAACM,WAAW,EAAE;EAC1B,MAAA,OAAOqH,KAAK,CAAA;EACd,KAAA;;EAEA;MACA,IAAI,CAAC/D,UAAU,EAAE;QACfmC,YAAY,CAACC,GAAG,CAAC,CAAA;EACnB,KAAA;;EAEA;MACAhG,SAAS,CAACI,OAAO,GAAG,EAAE,CAAA;;EAEtB;EACA,IAAA,IAAI,OAAOuH,KAAK,KAAK,QAAQ,EAAE;EAC7BtD,MAAAA,QAAQ,GAAG,KAAK,CAAA;EAClB,KAAA;EAEA,IAAA,IAAIA,QAAQ,EAAE;EACZ;QACA,IAAIsD,KAAK,CAACsB,QAAQ,EAAE;EAClB,QAAA,MAAMpC,OAAO,GAAGhL,iBAAiB,CAAC8L,KAAK,CAACsB,QAAQ,CAAC,CAAA;UACjD,IAAI,CAAC3G,YAAY,CAACuE,OAAO,CAAC,IAAI1D,WAAW,CAAC0D,OAAO,CAAC,EAAE;YAClD,MAAM9L,eAAe,CACnB,yDACF,CAAC,CAAA;EACH,SAAA;EACF,OAAA;EACF,KAAC,MAAM,IAAI4M,KAAK,YAAYhH,IAAI,EAAE;EAChC;EACN;EACMyH,MAAAA,IAAI,GAAGV,aAAa,CAAC,SAAS,CAAC,CAAA;QAC/B8D,YAAY,GAAGpD,IAAI,CAACzG,aAAa,CAACO,UAAU,CAACyF,KAAK,EAAE,IAAI,CAAC,CAAA;EACzD,MAAA,IACE6D,YAAY,CAACnL,QAAQ,KAAKlC,SAAS,CAACnC,OAAO,IAC3CwP,YAAY,CAACvC,QAAQ,KAAK,MAAM,EAChC;EACA;EACAb,QAAAA,IAAI,GAAGoD,YAAY,CAAA;EACrB,OAAC,MAAM,IAAIA,YAAY,CAACvC,QAAQ,KAAK,MAAM,EAAE;EAC3Cb,QAAAA,IAAI,GAAGoD,YAAY,CAAA;EACrB,OAAC,MAAM;EACL;EACApD,QAAAA,IAAI,CAACsD,WAAW,CAACF,YAAY,CAAC,CAAA;EAChC,OAAA;EACF,KAAC,MAAM;EACL;EACA,MAAA,IACE,CAAC1H,UAAU,IACX,CAACL,kBAAkB,IACnB,CAACE,cAAc;EACf;QACAgE,KAAK,CAACpN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EACzB;UACA,OAAOqH,kBAAkB,IAAIoC,mBAAmB,GAC5CpC,kBAAkB,CAACnC,UAAU,CAACkI,KAAK,CAAC,GACpCA,KAAK,CAAA;EACX,OAAA;;EAEA;EACAS,MAAAA,IAAI,GAAGV,aAAa,CAACC,KAAK,CAAC,CAAA;;EAE3B;QACA,IAAI,CAACS,IAAI,EAAE;UACT,OAAOtE,UAAU,GAAG,IAAI,GAAGE,mBAAmB,GAAGnC,SAAS,GAAG,EAAE,CAAA;EACjE,OAAA;EACF,KAAA;;EAEA;MACA,IAAIuG,IAAI,IAAIvE,UAAU,EAAE;EACtBoD,MAAAA,YAAY,CAACmB,IAAI,CAACuD,UAAU,CAAC,CAAA;EAC/B,KAAA;;EAEA;MACA,MAAMC,YAAY,GAAGnD,mBAAmB,CAACpE,QAAQ,GAAGsD,KAAK,GAAGS,IAAI,CAAC,CAAA;;EAEjE;EACA,IAAA,OAAQoB,WAAW,GAAGoC,YAAY,CAACN,QAAQ,EAAE,EAAG;EAC9C;EACA,MAAA,IAAI3B,iBAAiB,CAACH,WAAW,CAAC,EAAE;EAClC,QAAA,SAAA;EACF,OAAA;;EAEA;EACA,MAAA,IAAIA,WAAW,CAAC9H,OAAO,YAAYjB,gBAAgB,EAAE;EACnDyK,QAAAA,kBAAkB,CAAC1B,WAAW,CAAC9H,OAAO,CAAC,CAAA;EACzC,OAAA;;EAEA;QACA8I,mBAAmB,CAAChB,WAAW,CAAC,CAAA;EAClC,KAAA;;EAEA;EACA,IAAA,IAAInF,QAAQ,EAAE;EACZ,MAAA,OAAOsD,KAAK,CAAA;EACd,KAAA;;EAEA;EACA,IAAA,IAAI7D,UAAU,EAAE;EACd,MAAA,IAAIC,mBAAmB,EAAE;UACvB0H,UAAU,GAAGzJ,sBAAsB,CAACwG,IAAI,CAACJ,IAAI,CAACzG,aAAa,CAAC,CAAA;UAE5D,OAAOyG,IAAI,CAACuD,UAAU,EAAE;EACtB;EACAF,UAAAA,UAAU,CAACC,WAAW,CAACtD,IAAI,CAACuD,UAAU,CAAC,CAAA;EACzC,SAAA;EACF,OAAC,MAAM;EACLF,QAAAA,UAAU,GAAGrD,IAAI,CAAA;EACnB,OAAA;EAEA,MAAA,IAAI3F,YAAY,CAACoJ,UAAU,IAAIpJ,YAAY,CAACqJ,cAAc,EAAE;EAC1D;EACR;EACA;EACA;EACA;EACA;EACA;UACQL,UAAU,GAAGvJ,UAAU,CAACsG,IAAI,CAACjI,gBAAgB,EAAEkL,UAAU,EAAE,IAAI,CAAC,CAAA;EAClE,OAAA;EAEA,MAAA,OAAOA,UAAU,CAAA;EACnB,KAAA;MAEA,IAAIM,cAAc,GAAGpI,cAAc,GAAGyE,IAAI,CAAC4D,SAAS,GAAG5D,IAAI,CAACD,SAAS,CAAA;;EAErE;EACA,IAAA,IACExE,cAAc,IACdrB,YAAY,CAAC,UAAU,CAAC,IACxB8F,IAAI,CAACzG,aAAa,IAClByG,IAAI,CAACzG,aAAa,CAACsK,OAAO,IAC1B7D,IAAI,CAACzG,aAAa,CAACsK,OAAO,CAAC5E,IAAI,IAC/BzM,UAAU,CAACyH,YAAwB,EAAE+F,IAAI,CAACzG,aAAa,CAACsK,OAAO,CAAC5E,IAAI,CAAC,EACrE;EACA0E,MAAAA,cAAc,GACZ,YAAY,GAAG3D,IAAI,CAACzG,aAAa,CAACsK,OAAO,CAAC5E,IAAI,GAAG,KAAK,GAAG0E,cAAc,CAAA;EAC3E,KAAA;;EAEA;EACA,IAAA,IAAItI,kBAAkB,EAAE;QACtBrK,YAAY,CAAC,CAACqE,aAAa,EAAEC,QAAQ,EAAEC,WAAW,CAAC,EAAGyM,IAAI,IAAK;UAC7D2B,cAAc,GAAG3R,aAAa,CAAC2R,cAAc,EAAE3B,IAAI,EAAE,GAAG,CAAC,CAAA;EAC3D,OAAC,CAAC,CAAA;EACJ,KAAA;MAEA,OAAOxI,kBAAkB,IAAIoC,mBAAmB,GAC5CpC,kBAAkB,CAACnC,UAAU,CAACsM,cAAc,CAAC,GAC7CA,cAAc,CAAA;KACnB,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;IACE/L,SAAS,CAACkM,SAAS,GAAG,YAAoB;EAAA,IAAA,IAAVlG,GAAG,GAAA3K,SAAA,CAAAC,MAAA,GAAA,CAAA,IAAAD,SAAA,CAAA,CAAA,CAAA,KAAAS,SAAA,GAAAT,SAAA,CAAA,CAAA,CAAA,GAAG,EAAE,CAAA;MACtC0K,YAAY,CAACC,GAAG,CAAC,CAAA;EACjBpC,IAAAA,UAAU,GAAG,IAAI,CAAA;KAClB,CAAA;;EAED;EACF;EACA;EACA;EACA;IACE5D,SAAS,CAACmM,WAAW,GAAG,YAAY;EAClCzG,IAAAA,MAAM,GAAG,IAAI,CAAA;EACb9B,IAAAA,UAAU,GAAG,KAAK,CAAA;KACnB,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;IACE5D,SAAS,CAACoM,gBAAgB,GAAG,UAAUC,GAAG,EAAEvB,IAAI,EAAErO,KAAK,EAAE;EACvD;MACA,IAAI,CAACiJ,MAAM,EAAE;QACXK,YAAY,CAAC,EAAE,CAAC,CAAA;EAClB,KAAA;EAEA,IAAA,MAAMuE,KAAK,GAAGzO,iBAAiB,CAACwQ,GAAG,CAAC,CAAA;EACpC,IAAA,MAAM9B,MAAM,GAAG1O,iBAAiB,CAACiP,IAAI,CAAC,CAAA;EACtC,IAAA,OAAOT,iBAAiB,CAACC,KAAK,EAAEC,MAAM,EAAE9N,KAAK,CAAC,CAAA;KAC/C,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACA;EACEuD,EAAAA,SAAS,CAACsM,OAAO,GAAG,UAAU/C,UAAU,EAAEgD,YAAY,EAAE;EACtD,IAAA,IAAI,OAAOA,YAAY,KAAK,UAAU,EAAE;EACtC,MAAA,OAAA;EACF,KAAA;MAEApK,KAAK,CAACoH,UAAU,CAAC,GAAGpH,KAAK,CAACoH,UAAU,CAAC,IAAI,EAAE,CAAA;EAC3C5P,IAAAA,SAAS,CAACwI,KAAK,CAACoH,UAAU,CAAC,EAAEgD,YAAY,CAAC,CAAA;KAC3C,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACA;EACA;EACEvM,EAAAA,SAAS,CAACwM,UAAU,GAAG,UAAUjD,UAAU,EAAE;EAC3C,IAAA,IAAIpH,KAAK,CAACoH,UAAU,CAAC,EAAE;EACrB,MAAA,OAAO9P,QAAQ,CAAC0I,KAAK,CAACoH,UAAU,CAAC,CAAC,CAAA;EACpC,KAAA;KACD,CAAA;;EAED;EACF;EACA;EACA;EACA;EACA;EACEvJ,EAAAA,SAAS,CAACyM,WAAW,GAAG,UAAUlD,UAAU,EAAE;EAC5C,IAAA,IAAIpH,KAAK,CAACoH,UAAU,CAAC,EAAE;EACrBpH,MAAAA,KAAK,CAACoH,UAAU,CAAC,GAAG,EAAE,CAAA;EACxB,KAAA;KACD,CAAA;;EAED;EACF;EACA;EACA;IACEvJ,SAAS,CAAC0M,cAAc,GAAG,YAAY;MACrCvK,KAAK,GAAG,EAAE,CAAA;KACX,CAAA;EAED,EAAA,OAAOnC,SAAS,CAAA;EAClB,CAAA;AAEA,eAAeD,eAAe,EAAE;;;;;;;;"} \ No newline at end of file +{"version":3,"file":"purify.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"} \ No newline at end of file diff --git a/dist/purify.min.js b/dist/purify.min.js index 630c1818c..7cee4760a 100644 --- a/dist/purify.min.js +++ b/dist/purify.min.js @@ -1,3 +1,1349 @@ /*! @license DOMPurify 3.1.7 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.1.7/LICENSE */ -!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).DOMPurify=t()}(this,(function(){"use strict";const{entries:e,setPrototypeOf:t,isFrozen:n,getPrototypeOf:o,getOwnPropertyDescriptor:r}=Object;let{freeze:i,seal:a,create:l}=Object,{apply:c,construct:s}="undefined"!=typeof Reflect&&Reflect;i||(i=function(e){return e}),a||(a=function(e){return e}),c||(c=function(e,t,n){return e.apply(t,n)}),s||(s=function(e,t){return new e(...t)});const u=b(Array.prototype.forEach),m=b(Array.prototype.pop),p=b(Array.prototype.push),f=b(String.prototype.toLowerCase),d=b(String.prototype.toString),h=b(String.prototype.match),g=b(String.prototype.replace),T=b(String.prototype.indexOf),y=b(String.prototype.trim),E=b(Object.prototype.hasOwnProperty),_=b(RegExp.prototype.test),A=(N=TypeError,function(){for(var e=arguments.length,t=new Array(e),n=0;n1?n-1:0),r=1;r2&&void 0!==arguments[2]?arguments[2]:f;t&&t(e,null);let i=o.length;for(;i--;){let t=o[i];if("string"==typeof t){const e=r(t);e!==t&&(n(o)||(o[i]=e),t=e)}e[t]=!0}return e}function R(e){for(let t=0;t/gm),B=a(/\${[\w\W]*}/gm),W=a(/^data-[\-\w.\u00B7-\uFFFF]/),G=a(/^aria-[\-\w]+$/),Y=a(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),j=a(/^(?:\w+script|data):/i),X=a(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),q=a(/^html$/i),$=a(/^[a-z][.\w]*(-[.\w]+)+$/i);var K=Object.freeze({__proto__:null,MUSTACHE_EXPR:F,ERB_EXPR:z,TMPLIT_EXPR:B,DATA_ATTR:W,ARIA_ATTR:G,IS_ALLOWED_URI:Y,IS_SCRIPT_OR_DATA:j,ATTR_WHITESPACE:X,DOCTYPE_NAME:q,CUSTOM_ELEMENT:$});const V=1,Z=3,J=7,Q=8,ee=9,te=function(){return"undefined"==typeof window?null:window};var ne=function t(){let n=arguments.length>0&&void 0!==arguments[0]?arguments[0]:te();const o=e=>t(e);if(o.version="3.1.7",o.removed=[],!n||!n.document||n.document.nodeType!==ee)return o.isSupported=!1,o;let{document:r}=n;const a=r,c=a.currentScript,{DocumentFragment:s,HTMLTemplateElement:N,Node:b,Element:R,NodeFilter:F,NamedNodeMap:z=n.NamedNodeMap||n.MozNamedAttrMap,HTMLFormElement:B,DOMParser:W,trustedTypes:G}=n,j=R.prototype,X=L(j,"cloneNode"),$=L(j,"remove"),ne=L(j,"nextSibling"),oe=L(j,"childNodes"),re=L(j,"parentNode");if("function"==typeof N){const e=r.createElement("template");e.content&&e.content.ownerDocument&&(r=e.content.ownerDocument)}let ie,ae="";const{implementation:le,createNodeIterator:ce,createDocumentFragment:se,getElementsByTagName:ue}=r,{importNode:me}=a;let pe={};o.isSupported="function"==typeof e&&"function"==typeof re&&le&&void 0!==le.createHTMLDocument;const{MUSTACHE_EXPR:fe,ERB_EXPR:de,TMPLIT_EXPR:he,DATA_ATTR:ge,ARIA_ATTR:Te,IS_SCRIPT_OR_DATA:ye,ATTR_WHITESPACE:Ee,CUSTOM_ELEMENT:_e}=K;let{IS_ALLOWED_URI:Ae}=K,Ne=null;const be=S({},[...C,...O,...v,...x,...I]);let Se=null;const Re=S({},[...M,...U,...P,...H]);let we=Object.seal(l(null,{tagNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},attributeNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},allowCustomizedBuiltInElements:{writable:!0,configurable:!1,enumerable:!0,value:!1}})),Le=null,Ce=null,Oe=!0,ve=!0,De=!1,xe=!0,ke=!1,Ie=!0,Me=!1,Ue=!1,Pe=!1,He=!1,Fe=!1,ze=!1,Be=!0,We=!1,Ge=!0,Ye=!1,je={},Xe=null;const qe=S({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","noscript","plaintext","script","style","svg","template","thead","title","video","xmp"]);let $e=null;const Ke=S({},["audio","video","img","source","image","track"]);let Ve=null;const Ze=S({},["alt","class","for","id","label","name","pattern","placeholder","role","summary","title","value","style","xmlns"]),Je="http://www.w3.org/1998/Math/MathML",Qe="http://www.w3.org/2000/svg",et="http://www.w3.org/1999/xhtml";let tt=et,nt=!1,ot=null;const rt=S({},[Je,Qe,et],d);let it=S({},["mi","mo","mn","ms","mtext"]),at=S({},["annotation-xml"]);const lt=S({},["title","style","font","a","script"]);let ct=null;const st=["application/xhtml+xml","text/html"];let ut=null,mt=null;const pt=r.createElement("form"),ft=function(e){return e instanceof RegExp||e instanceof Function},dt=function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};if(!mt||mt!==e){if(e&&"object"==typeof e||(e={}),e=w(e),ct=-1===st.indexOf(e.PARSER_MEDIA_TYPE)?"text/html":e.PARSER_MEDIA_TYPE,ut="application/xhtml+xml"===ct?d:f,Ne=E(e,"ALLOWED_TAGS")?S({},e.ALLOWED_TAGS,ut):be,Se=E(e,"ALLOWED_ATTR")?S({},e.ALLOWED_ATTR,ut):Re,ot=E(e,"ALLOWED_NAMESPACES")?S({},e.ALLOWED_NAMESPACES,d):rt,Ve=E(e,"ADD_URI_SAFE_ATTR")?S(w(Ze),e.ADD_URI_SAFE_ATTR,ut):Ze,$e=E(e,"ADD_DATA_URI_TAGS")?S(w(Ke),e.ADD_DATA_URI_TAGS,ut):Ke,Xe=E(e,"FORBID_CONTENTS")?S({},e.FORBID_CONTENTS,ut):qe,Le=E(e,"FORBID_TAGS")?S({},e.FORBID_TAGS,ut):{},Ce=E(e,"FORBID_ATTR")?S({},e.FORBID_ATTR,ut):{},je=!!E(e,"USE_PROFILES")&&e.USE_PROFILES,Oe=!1!==e.ALLOW_ARIA_ATTR,ve=!1!==e.ALLOW_DATA_ATTR,De=e.ALLOW_UNKNOWN_PROTOCOLS||!1,xe=!1!==e.ALLOW_SELF_CLOSE_IN_ATTR,ke=e.SAFE_FOR_TEMPLATES||!1,Ie=!1!==e.SAFE_FOR_XML,Me=e.WHOLE_DOCUMENT||!1,He=e.RETURN_DOM||!1,Fe=e.RETURN_DOM_FRAGMENT||!1,ze=e.RETURN_TRUSTED_TYPE||!1,Pe=e.FORCE_BODY||!1,Be=!1!==e.SANITIZE_DOM,We=e.SANITIZE_NAMED_PROPS||!1,Ge=!1!==e.KEEP_CONTENT,Ye=e.IN_PLACE||!1,Ae=e.ALLOWED_URI_REGEXP||Y,tt=e.NAMESPACE||et,it=e.MATHML_TEXT_INTEGRATION_POINTS||it,at=e.HTML_INTEGRATION_POINTS||at,we=e.CUSTOM_ELEMENT_HANDLING||{},e.CUSTOM_ELEMENT_HANDLING&&ft(e.CUSTOM_ELEMENT_HANDLING.tagNameCheck)&&(we.tagNameCheck=e.CUSTOM_ELEMENT_HANDLING.tagNameCheck),e.CUSTOM_ELEMENT_HANDLING&&ft(e.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)&&(we.attributeNameCheck=e.CUSTOM_ELEMENT_HANDLING.attributeNameCheck),e.CUSTOM_ELEMENT_HANDLING&&"boolean"==typeof e.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements&&(we.allowCustomizedBuiltInElements=e.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements),ke&&(ve=!1),Fe&&(He=!0),je&&(Ne=S({},I),Se=[],!0===je.html&&(S(Ne,C),S(Se,M)),!0===je.svg&&(S(Ne,O),S(Se,U),S(Se,H)),!0===je.svgFilters&&(S(Ne,v),S(Se,U),S(Se,H)),!0===je.mathMl&&(S(Ne,x),S(Se,P),S(Se,H))),e.ADD_TAGS&&(Ne===be&&(Ne=w(Ne)),S(Ne,e.ADD_TAGS,ut)),e.ADD_ATTR&&(Se===Re&&(Se=w(Se)),S(Se,e.ADD_ATTR,ut)),e.ADD_URI_SAFE_ATTR&&S(Ve,e.ADD_URI_SAFE_ATTR,ut),e.FORBID_CONTENTS&&(Xe===qe&&(Xe=w(Xe)),S(Xe,e.FORBID_CONTENTS,ut)),Ge&&(Ne["#text"]=!0),Me&&S(Ne,["html","head","body"]),Ne.table&&(S(Ne,["tbody"]),delete Le.tbody),e.TRUSTED_TYPES_POLICY){if("function"!=typeof e.TRUSTED_TYPES_POLICY.createHTML)throw A('TRUSTED_TYPES_POLICY configuration option must provide a "createHTML" hook.');if("function"!=typeof e.TRUSTED_TYPES_POLICY.createScriptURL)throw A('TRUSTED_TYPES_POLICY configuration option must provide a "createScriptURL" hook.');ie=e.TRUSTED_TYPES_POLICY,ae=ie.createHTML("")}else void 0===ie&&(ie=function(e,t){if("object"!=typeof e||"function"!=typeof e.createPolicy)return null;let n=null;const o="data-tt-policy-suffix";t&&t.hasAttribute(o)&&(n=t.getAttribute(o));const r="dompurify"+(n?"#"+n:"");try{return e.createPolicy(r,{createHTML:e=>e,createScriptURL:e=>e})}catch(e){return console.warn("TrustedTypes policy "+r+" could not be created."),null}}(G,c)),null!==ie&&"string"==typeof ae&&(ae=ie.createHTML(""));i&&i(e),mt=e}},ht=S({},[...O,...v,...D]),gt=S({},[...x,...k]),Tt=function(e){p(o.removed,{element:e});try{re(e).removeChild(e)}catch(t){$(e)}},yt=function(e,t){try{p(o.removed,{attribute:t.getAttributeNode(e),from:t})}catch(e){p(o.removed,{attribute:null,from:t})}if(t.removeAttribute(e),"is"===e&&!Se[e])if(He||Fe)try{Tt(t)}catch(e){}else try{t.setAttribute(e,"")}catch(e){}},Et=function(e){let t=null,n=null;if(Pe)e=""+e;else{const t=h(e,/^[\r\n\t ]+/);n=t&&t[0]}"application/xhtml+xml"===ct&&tt===et&&(e=''+e+"");const o=ie?ie.createHTML(e):e;if(tt===et)try{t=(new W).parseFromString(o,ct)}catch(e){}if(!t||!t.documentElement){t=le.createDocument(tt,"template",null);try{t.documentElement.innerHTML=nt?ae:o}catch(e){}}const i=t.body||t.documentElement;return e&&n&&i.insertBefore(r.createTextNode(n),i.childNodes[0]||null),tt===et?ue.call(t,Me?"html":"body")[0]:Me?t.documentElement:i},_t=function(e){return ce.call(e.ownerDocument||e,e,F.SHOW_ELEMENT|F.SHOW_COMMENT|F.SHOW_TEXT|F.SHOW_PROCESSING_INSTRUCTION|F.SHOW_CDATA_SECTION,null)},At=function(e){return e instanceof B&&("string"!=typeof e.nodeName||"string"!=typeof e.textContent||"function"!=typeof e.removeChild||!(e.attributes instanceof z)||"function"!=typeof e.removeAttribute||"function"!=typeof e.setAttribute||"string"!=typeof e.namespaceURI||"function"!=typeof e.insertBefore||"function"!=typeof e.hasChildNodes)},Nt=function(e){return"function"==typeof b&&e instanceof b},bt=function(e,t,n){pe[e]&&u(pe[e],(e=>{e.call(o,t,n,mt)}))},St=function(e){let t=null;if(bt("beforeSanitizeElements",e,null),At(e))return Tt(e),!0;const n=ut(e.nodeName);if(bt("uponSanitizeElement",e,{tagName:n,allowedTags:Ne}),e.hasChildNodes()&&!Nt(e.firstElementChild)&&_(/<[/\w]/g,e.innerHTML)&&_(/<[/\w]/g,e.textContent))return Tt(e),!0;if(e.nodeType===J)return Tt(e),!0;if(Ie&&e.nodeType===Q&&_(/<[/\w]/g,e.data))return Tt(e),!0;if(!Ne[n]||Le[n]){if(!Le[n]&&wt(n)){if(we.tagNameCheck instanceof RegExp&&_(we.tagNameCheck,n))return!1;if(we.tagNameCheck instanceof Function&&we.tagNameCheck(n))return!1}if(Ge&&!Xe[n]){const t=re(e)||e.parentNode,n=oe(e)||e.childNodes;if(n&&t){for(let o=n.length-1;o>=0;--o){const r=X(n[o],!0);r.__removalCount=(e.__removalCount||0)+1,t.insertBefore(r,ne(e))}}}return Tt(e),!0}return e instanceof R&&!function(e){let t=re(e);t&&t.tagName||(t={namespaceURI:tt,tagName:"template"});const n=f(e.tagName),o=f(t.tagName);return!!ot[e.namespaceURI]&&(e.namespaceURI===Qe?t.namespaceURI===et?"svg"===n:t.namespaceURI===Je?"svg"===n&&("annotation-xml"===o||it[o]):Boolean(ht[n]):e.namespaceURI===Je?t.namespaceURI===et?"math"===n:t.namespaceURI===Qe?"math"===n&&at[o]:Boolean(gt[n]):e.namespaceURI===et?!(t.namespaceURI===Qe&&!at[o])&&!(t.namespaceURI===Je&&!it[o])&&!gt[n]&&(lt[n]||!ht[n]):!("application/xhtml+xml"!==ct||!ot[e.namespaceURI]))}(e)?(Tt(e),!0):"noscript"!==n&&"noembed"!==n&&"noframes"!==n||!_(/<\/no(script|embed|frames)/i,e.innerHTML)?(ke&&e.nodeType===Z&&(t=e.textContent,u([fe,de,he],(e=>{t=g(t,e," ")})),e.textContent!==t&&(p(o.removed,{element:e.cloneNode()}),e.textContent=t)),bt("afterSanitizeElements",e,null),!1):(Tt(e),!0)},Rt=function(e,t,n){if(Be&&("id"===t||"name"===t)&&(n in r||n in pt))return!1;if(ve&&!Ce[t]&&_(ge,t));else if(Oe&&_(Te,t));else if(!Se[t]||Ce[t]){if(!(wt(e)&&(we.tagNameCheck instanceof RegExp&&_(we.tagNameCheck,e)||we.tagNameCheck instanceof Function&&we.tagNameCheck(e))&&(we.attributeNameCheck instanceof RegExp&&_(we.attributeNameCheck,t)||we.attributeNameCheck instanceof Function&&we.attributeNameCheck(t))||"is"===t&&we.allowCustomizedBuiltInElements&&(we.tagNameCheck instanceof RegExp&&_(we.tagNameCheck,n)||we.tagNameCheck instanceof Function&&we.tagNameCheck(n))))return!1}else if(Ve[t]);else if(_(Ae,g(n,Ee,"")));else if("src"!==t&&"xlink:href"!==t&&"href"!==t||"script"===e||0!==T(n,"data:")||!$e[e]){if(De&&!_(ye,g(n,Ee,"")));else if(n)return!1}else;return!0},wt=function(e){return"annotation-xml"!==e&&h(e,_e)},Lt=function(e){bt("beforeSanitizeAttributes",e,null);const{attributes:t}=e;if(!t)return;const n={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:Se};let r=t.length;for(;r--;){const i=t[r],{name:a,namespaceURI:l,value:c}=i,s=ut(a);let p="value"===a?c:y(c);if(n.attrName=s,n.attrValue=p,n.keepAttr=!0,n.forceKeepAttr=void 0,bt("uponSanitizeAttribute",e,n),p=n.attrValue,!We||"id"!==s&&"name"!==s||(yt(a,e),p="user-content-"+p),Ie&&_(/((--!?|])>)|<\/(style|title)/i,p)){yt(a,e);continue}if(n.forceKeepAttr)continue;if(yt(a,e),!n.keepAttr)continue;if(!xe&&_(/\/>/i,p)){yt(a,e);continue}ke&&u([fe,de,he],(e=>{p=g(p,e," ")}));const f=ut(e.nodeName);if(Rt(f,s,p)){if(ie&&"object"==typeof G&&"function"==typeof G.getAttributeType)if(l);else switch(G.getAttributeType(f,s)){case"TrustedHTML":p=ie.createHTML(p);break;case"TrustedScriptURL":p=ie.createScriptURL(p)}try{l?e.setAttributeNS(l,a,p):e.setAttribute(a,p),At(e)?Tt(e):m(o.removed)}catch(e){}}}bt("afterSanitizeAttributes",e,null)},Ct=function e(t){let n=null;const o=_t(t);for(bt("beforeSanitizeShadowDOM",t,null);n=o.nextNode();)bt("uponSanitizeShadowNode",n,null),St(n)||(n.content instanceof s&&e(n.content),Lt(n));bt("afterSanitizeShadowDOM",t,null)};return o.sanitize=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=null,r=null,i=null,l=null;if(nt=!e,nt&&(e="\x3c!--\x3e"),"string"!=typeof e&&!Nt(e)){if("function"!=typeof e.toString)throw A("toString is not a function");if("string"!=typeof(e=e.toString()))throw A("dirty is not a string, aborting")}if(!o.isSupported)return e;if(Ue||dt(t),o.removed=[],"string"==typeof e&&(Ye=!1),Ye){if(e.nodeName){const t=ut(e.nodeName);if(!Ne[t]||Le[t])throw A("root node is forbidden and cannot be sanitized in-place")}}else if(e instanceof b)n=Et("\x3c!----\x3e"),r=n.ownerDocument.importNode(e,!0),r.nodeType===V&&"BODY"===r.nodeName||"HTML"===r.nodeName?n=r:n.appendChild(r);else{if(!He&&!ke&&!Me&&-1===e.indexOf("<"))return ie&&ze?ie.createHTML(e):e;if(n=Et(e),!n)return He?null:ze?ae:""}n&&Pe&&Tt(n.firstChild);const c=_t(Ye?e:n);for(;i=c.nextNode();)St(i)||(i.content instanceof s&&Ct(i.content),Lt(i));if(Ye)return e;if(He){if(Fe)for(l=se.call(n.ownerDocument);n.firstChild;)l.appendChild(n.firstChild);else l=n;return(Se.shadowroot||Se.shadowrootmode)&&(l=me.call(a,l,!0)),l}let m=Me?n.outerHTML:n.innerHTML;return Me&&Ne["!doctype"]&&n.ownerDocument&&n.ownerDocument.doctype&&n.ownerDocument.doctype.name&&_(q,n.ownerDocument.doctype.name)&&(m="\n"+m),ke&&u([fe,de,he],(e=>{m=g(m,e," ")})),ie&&ze?ie.createHTML(m):m},o.setConfig=function(){dt(arguments.length>0&&void 0!==arguments[0]?arguments[0]:{}),Ue=!0},o.clearConfig=function(){mt=null,Ue=!1},o.isValidAttribute=function(e,t,n){mt||dt({});const o=ut(e),r=ut(t);return Rt(o,r,n)},o.addHook=function(e,t){"function"==typeof t&&(pe[e]=pe[e]||[],p(pe[e],t))},o.removeHook=function(e){if(pe[e])return m(pe[e])},o.removeHooks=function(e){pe[e]&&(pe[e]=[])},o.removeAllHooks=function(){pe={}},o}();return ne})); + +(function (global, factory) { + typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() : + typeof define === 'function' && define.amd ? define(factory) : + (global = typeof globalThis !== 'undefined' ? globalThis : global || self, global.DOMPurify = factory()); +})(this, (function () { 'use strict'; + + const { + entries, + setPrototypeOf, + isFrozen, + getPrototypeOf, + getOwnPropertyDescriptor + } = Object; + let { + freeze, + seal, + create + } = Object; // eslint-disable-line import/no-mutable-exports + let { + apply, + construct + } = typeof Reflect !== 'undefined' && Reflect; + if (!freeze) { + freeze = function freeze(x) { + return x; + }; + } + if (!seal) { + seal = function seal(x) { + return x; + }; + } + if (!apply) { + apply = function apply(fun, thisValue, args) { + return fun.apply(thisValue, args); + }; + } + if (!construct) { + construct = function construct(Func, args) { + return new Func(...args); + }; + } + const arrayForEach = unapply(Array.prototype.forEach); + const arrayPop = unapply(Array.prototype.pop); + const arrayPush = unapply(Array.prototype.push); + const stringToLowerCase = unapply(String.prototype.toLowerCase); + const stringToString = unapply(String.prototype.toString); + const stringMatch = unapply(String.prototype.match); + const stringReplace = unapply(String.prototype.replace); + const stringIndexOf = unapply(String.prototype.indexOf); + const stringTrim = unapply(String.prototype.trim); + const objectHasOwnProperty = unapply(Object.prototype.hasOwnProperty); + const regExpTest = unapply(RegExp.prototype.test); + const typeErrorCreate = unconstruct(TypeError); + /** + * Creates a new function that calls the given function with a specified thisArg and arguments. + * + * @param func - The function to be wrapped and called. + * @returns A new function that calls the given function with a specified thisArg and arguments. + */ + function unapply(func) { + return function (thisArg) { + for (var _len = arguments.length, args = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) { + args[_key - 1] = arguments[_key]; + } + return apply(func, thisArg, args); + }; + } + /** + * Creates a new function that constructs an instance of the given constructor function with the provided arguments. + * + * @param func - The constructor function to be wrapped and called. + * @returns A new function that constructs an instance of the given constructor function with the provided arguments. + */ + function unconstruct(func) { + return function () { + for (var _len2 = arguments.length, args = new Array(_len2), _key2 = 0; _key2 < _len2; _key2++) { + args[_key2] = arguments[_key2]; + } + return construct(func, args); + }; + } + /** + * Add properties to a lookup table + * + * @param set - The set to which elements will be added. + * @param array - The array containing elements to be added to the set. + * @param transformCaseFunc - An optional function to transform the case of each element before adding to the set. + * @returns The modified set with added elements. + */ + function addToSet(set, array) { + let transformCaseFunc = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : stringToLowerCase; + if (setPrototypeOf) { + // Make 'in' and truthy checks like Boolean(set.constructor) + // independent of any properties defined on Object.prototype. + // Prevent prototype setters from intercepting set as a this value. + setPrototypeOf(set, null); + } + let l = array.length; + while (l--) { + let element = array[l]; + if (typeof element === 'string') { + const lcElement = transformCaseFunc(element); + if (lcElement !== element) { + // Config presets (e.g. tags.js, attrs.js) are immutable. + if (!isFrozen(array)) { + array[l] = lcElement; + } + element = lcElement; + } + } + set[element] = true; + } + return set; + } + /** + * Clean up an array to harden against CSPP + * + * @param array - The array to be cleaned. + * @returns The cleaned version of the array + */ + function cleanArray(array) { + for (let index = 0; index < array.length; index++) { + const isPropertyExist = objectHasOwnProperty(array, index); + if (!isPropertyExist) { + array[index] = null; + } + } + return array; + } + /** + * Shallow clone an object + * + * @param object - The object to be cloned. + * @returns A new object that copies the original. + */ + function clone(object) { + const newObject = create(null); + for (const [property, value] of entries(object)) { + const isPropertyExist = objectHasOwnProperty(object, property); + if (isPropertyExist) { + if (Array.isArray(value)) { + newObject[property] = cleanArray(value); + } else if (value && typeof value === 'object' && value.constructor === Object) { + newObject[property] = clone(value); + } else { + newObject[property] = value; + } + } + } + return newObject; + } + /** + * This method automatically checks if the prop is function or getter and behaves accordingly. + * + * @param object - The object to look up the getter function in its prototype chain. + * @param prop - The property name for which to find the getter function. + * @returns The getter function found in the prototype chain or a fallback function. + */ + function lookupGetter(object, prop) { + while (object !== null) { + const desc = getOwnPropertyDescriptor(object, prop); + if (desc) { + if (desc.get) { + return unapply(desc.get); + } + if (typeof desc.value === 'function') { + return unapply(desc.value); + } + } + object = getPrototypeOf(object); + } + function fallbackValue() { + return null; + } + return fallbackValue; + } + + const html$1 = freeze(['a', 'abbr', 'acronym', 'address', 'area', 'article', 'aside', 'audio', 'b', 'bdi', 'bdo', 'big', 'blink', 'blockquote', 'body', 'br', 'button', 'canvas', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'content', 'data', 'datalist', 'dd', 'decorator', 'del', 'details', 'dfn', 'dialog', 'dir', 'div', 'dl', 'dt', 'element', 'em', 'fieldset', 'figcaption', 'figure', 'font', 'footer', 'form', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'header', 'hgroup', 'hr', 'html', 'i', 'img', 'input', 'ins', 'kbd', 'label', 'legend', 'li', 'main', 'map', 'mark', 'marquee', 'menu', 'menuitem', 'meter', 'nav', 'nobr', 'ol', 'optgroup', 'option', 'output', 'p', 'picture', 'pre', 'progress', 'q', 'rp', 'rt', 'ruby', 's', 'samp', 'section', 'select', 'shadow', 'small', 'source', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'template', 'textarea', 'tfoot', 'th', 'thead', 'time', 'tr', 'track', 'tt', 'u', 'ul', 'var', 'video', 'wbr']); + // SVG + const svg$1 = freeze(['svg', 'a', 'altglyph', 'altglyphdef', 'altglyphitem', 'animatecolor', 'animatemotion', 'animatetransform', 'circle', 'clippath', 'defs', 'desc', 'ellipse', 'filter', 'font', 'g', 'glyph', 'glyphref', 'hkern', 'image', 'line', 'lineargradient', 'marker', 'mask', 'metadata', 'mpath', 'path', 'pattern', 'polygon', 'polyline', 'radialgradient', 'rect', 'stop', 'style', 'switch', 'symbol', 'text', 'textpath', 'title', 'tref', 'tspan', 'view', 'vkern']); + const svgFilters = freeze(['feBlend', 'feColorMatrix', 'feComponentTransfer', 'feComposite', 'feConvolveMatrix', 'feDiffuseLighting', 'feDisplacementMap', 'feDistantLight', 'feDropShadow', 'feFlood', 'feFuncA', 'feFuncB', 'feFuncG', 'feFuncR', 'feGaussianBlur', 'feImage', 'feMerge', 'feMergeNode', 'feMorphology', 'feOffset', 'fePointLight', 'feSpecularLighting', 'feSpotLight', 'feTile', 'feTurbulence']); + // List of SVG elements that are disallowed by default. + // We still need to know them so that we can do namespace + // checks properly in case one wants to add them to + // allow-list. + const svgDisallowed = freeze(['animate', 'color-profile', 'cursor', 'discard', 'font-face', 'font-face-format', 'font-face-name', 'font-face-src', 'font-face-uri', 'foreignobject', 'hatch', 'hatchpath', 'mesh', 'meshgradient', 'meshpatch', 'meshrow', 'missing-glyph', 'script', 'set', 'solidcolor', 'unknown', 'use']); + const mathMl$1 = freeze(['math', 'menclose', 'merror', 'mfenced', 'mfrac', 'mglyph', 'mi', 'mlabeledtr', 'mmultiscripts', 'mn', 'mo', 'mover', 'mpadded', 'mphantom', 'mroot', 'mrow', 'ms', 'mspace', 'msqrt', 'mstyle', 'msub', 'msup', 'msubsup', 'mtable', 'mtd', 'mtext', 'mtr', 'munder', 'munderover', 'mprescripts']); + // Similarly to SVG, we want to know all MathML elements, + // even those that we disallow by default. + const mathMlDisallowed = freeze(['maction', 'maligngroup', 'malignmark', 'mlongdiv', 'mscarries', 'mscarry', 'msgroup', 'mstack', 'msline', 'msrow', 'semantics', 'annotation', 'annotation-xml', 'mprescripts', 'none']); + const text = freeze(['#text']); + + const html = freeze(['accept', 'action', 'align', 'alt', 'autocapitalize', 'autocomplete', 'autopictureinpicture', 'autoplay', 'background', 'bgcolor', 'border', 'capture', 'cellpadding', 'cellspacing', 'checked', 'cite', 'class', 'clear', 'color', 'cols', 'colspan', 'controls', 'controlslist', 'coords', 'crossorigin', 'datetime', 'decoding', 'default', 'dir', 'disabled', 'disablepictureinpicture', 'disableremoteplayback', 'download', 'draggable', 'enctype', 'enterkeyhint', 'face', 'for', 'headers', 'height', 'hidden', 'high', 'href', 'hreflang', 'id', 'inputmode', 'integrity', 'ismap', 'kind', 'label', 'lang', 'list', 'loading', 'loop', 'low', 'max', 'maxlength', 'media', 'method', 'min', 'minlength', 'multiple', 'muted', 'name', 'nonce', 'noshade', 'novalidate', 'nowrap', 'open', 'optimum', 'pattern', 'placeholder', 'playsinline', 'popover', 'popovertarget', 'popovertargetaction', 'poster', 'preload', 'pubdate', 'radiogroup', 'readonly', 'rel', 'required', 'rev', 'reversed', 'role', 'rows', 'rowspan', 'spellcheck', 'scope', 'selected', 'shape', 'size', 'sizes', 'span', 'srclang', 'start', 'src', 'srcset', 'step', 'style', 'summary', 'tabindex', 'title', 'translate', 'type', 'usemap', 'valign', 'value', 'width', 'wrap', 'xmlns', 'slot']); + const svg = freeze(['accent-height', 'accumulate', 'additive', 'alignment-baseline', 'amplitude', 'ascent', 'attributename', 'attributetype', 'azimuth', 'basefrequency', 'baseline-shift', 'begin', 'bias', 'by', 'class', 'clip', 'clippathunits', 'clip-path', 'clip-rule', 'color', 'color-interpolation', 'color-interpolation-filters', 'color-profile', 'color-rendering', 'cx', 'cy', 'd', 'dx', 'dy', 'diffuseconstant', 'direction', 'display', 'divisor', 'dur', 'edgemode', 'elevation', 'end', 'exponent', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'filterunits', 'flood-color', 'flood-opacity', 'font-family', 'font-size', 'font-size-adjust', 'font-stretch', 'font-style', 'font-variant', 'font-weight', 'fx', 'fy', 'g1', 'g2', 'glyph-name', 'glyphref', 'gradientunits', 'gradienttransform', 'height', 'href', 'id', 'image-rendering', 'in', 'in2', 'intercept', 'k', 'k1', 'k2', 'k3', 'k4', 'kerning', 'keypoints', 'keysplines', 'keytimes', 'lang', 'lengthadjust', 'letter-spacing', 'kernelmatrix', 'kernelunitlength', 'lighting-color', 'local', 'marker-end', 'marker-mid', 'marker-start', 'markerheight', 'markerunits', 'markerwidth', 'maskcontentunits', 'maskunits', 'max', 'mask', 'media', 'method', 'mode', 'min', 'name', 'numoctaves', 'offset', 'operator', 'opacity', 'order', 'orient', 'orientation', 'origin', 'overflow', 'paint-order', 'path', 'pathlength', 'patterncontentunits', 'patterntransform', 'patternunits', 'points', 'preservealpha', 'preserveaspectratio', 'primitiveunits', 'r', 'rx', 'ry', 'radius', 'refx', 'refy', 'repeatcount', 'repeatdur', 'restart', 'result', 'rotate', 'scale', 'seed', 'shape-rendering', 'slope', 'specularconstant', 'specularexponent', 'spreadmethod', 'startoffset', 'stddeviation', 'stitchtiles', 'stop-color', 'stop-opacity', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke', 'stroke-width', 'style', 'surfacescale', 'systemlanguage', 'tabindex', 'tablevalues', 'targetx', 'targety', 'transform', 'transform-origin', 'text-anchor', 'text-decoration', 'text-rendering', 'textlength', 'type', 'u1', 'u2', 'unicode', 'values', 'viewbox', 'visibility', 'version', 'vert-adv-y', 'vert-origin-x', 'vert-origin-y', 'width', 'word-spacing', 'wrap', 'writing-mode', 'xchannelselector', 'ychannelselector', 'x', 'x1', 'x2', 'xmlns', 'y', 'y1', 'y2', 'z', 'zoomandpan']); + const mathMl = freeze(['accent', 'accentunder', 'align', 'bevelled', 'close', 'columnsalign', 'columnlines', 'columnspan', 'denomalign', 'depth', 'dir', 'display', 'displaystyle', 'encoding', 'fence', 'frame', 'height', 'href', 'id', 'largeop', 'length', 'linethickness', 'lspace', 'lquote', 'mathbackground', 'mathcolor', 'mathsize', 'mathvariant', 'maxsize', 'minsize', 'movablelimits', 'notation', 'numalign', 'open', 'rowalign', 'rowlines', 'rowspacing', 'rowspan', 'rspace', 'rquote', 'scriptlevel', 'scriptminsize', 'scriptsizemultiplier', 'selection', 'separator', 'separators', 'stretchy', 'subscriptshift', 'supscriptshift', 'symmetric', 'voffset', 'width', 'xmlns']); + const xml = freeze(['xlink:href', 'xml:id', 'xlink:title', 'xml:space', 'xmlns:xlink']); + + // eslint-disable-next-line unicorn/better-regex + const MUSTACHE_EXPR = seal(/\{\{[\w\W]*|[\w\W]*\}\}/gm); // Specify template detection regex for SAFE_FOR_TEMPLATES mode + const ERB_EXPR = seal(/<%[\w\W]*|[\w\W]*%>/gm); + const TMPLIT_EXPR = seal(/\${[\w\W]*}/gm); + const DATA_ATTR = seal(/^data-[\-\w.\u00B7-\uFFFF]/); // eslint-disable-line no-useless-escape + const ARIA_ATTR = seal(/^aria-[\-\w]+$/); // eslint-disable-line no-useless-escape + const IS_ALLOWED_URI = seal(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i // eslint-disable-line no-useless-escape + ); + const IS_SCRIPT_OR_DATA = seal(/^(?:\w+script|data):/i); + const ATTR_WHITESPACE = seal(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g // eslint-disable-line no-control-regex + ); + const DOCTYPE_NAME = seal(/^html$/i); + const CUSTOM_ELEMENT = seal(/^[a-z][.\w]*(-[.\w]+)+$/i); + + var EXPRESSIONS = /*#__PURE__*/Object.freeze({ + __proto__: null, + ARIA_ATTR: ARIA_ATTR, + ATTR_WHITESPACE: ATTR_WHITESPACE, + CUSTOM_ELEMENT: CUSTOM_ELEMENT, + DATA_ATTR: DATA_ATTR, + DOCTYPE_NAME: DOCTYPE_NAME, + ERB_EXPR: ERB_EXPR, + IS_ALLOWED_URI: IS_ALLOWED_URI, + IS_SCRIPT_OR_DATA: IS_SCRIPT_OR_DATA, + MUSTACHE_EXPR: MUSTACHE_EXPR, + TMPLIT_EXPR: TMPLIT_EXPR + }); + + /* eslint-disable @typescript-eslint/indent */ + // https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType + const NODE_TYPE = { + element: 1, + attribute: 2, + text: 3, + cdataSection: 4, + entityReference: 5, + // Deprecated + entityNode: 6, + // Deprecated + progressingInstruction: 7, + comment: 8, + document: 9, + documentType: 10, + documentFragment: 11, + notation: 12 // Deprecated + }; + const getGlobal = function getGlobal() { + return typeof window === 'undefined' ? null : window; + }; + /** + * Creates a no-op policy for internal use only. + * Don't export this function outside this module! + * @param {TrustedTypePolicyFactory} trustedTypes The policy factory. + * @param {HTMLScriptElement} purifyHostElement The Script element used to load DOMPurify (to determine policy name suffix). + * @return {TrustedTypePolicy} The policy created (or null, if Trusted Types + * are not supported or creating the policy failed). + */ + const _createTrustedTypesPolicy = function _createTrustedTypesPolicy(trustedTypes, purifyHostElement) { + if (typeof trustedTypes !== 'object' || typeof trustedTypes.createPolicy !== 'function') { + return null; + } + // Allow the callers to control the unique policy name + // by adding a data-tt-policy-suffix to the script element with the DOMPurify. + // Policy creation with duplicate names throws in Trusted Types. + let suffix = null; + const ATTR_NAME = 'data-tt-policy-suffix'; + if (purifyHostElement && purifyHostElement.hasAttribute(ATTR_NAME)) { + suffix = purifyHostElement.getAttribute(ATTR_NAME); + } + const policyName = 'dompurify' + (suffix ? '#' + suffix : ''); + try { + return trustedTypes.createPolicy(policyName, { + createHTML(html) { + return html; + }, + createScriptURL(scriptUrl) { + return scriptUrl; + } + }); + } catch (_) { + // Policy creation failed (most likely another DOMPurify script has + // already run). Skip creating the policy, as this will only cause errors + // if TT are enforced. + console.warn('TrustedTypes policy ' + policyName + ' could not be created.'); + return null; + } + }; + function createDOMPurify() { + let window = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : getGlobal(); + const DOMPurify = root => createDOMPurify(root); + DOMPurify.version = '3.1.7'; + DOMPurify.removed = []; + if (!window || !window.document || window.document.nodeType !== NODE_TYPE.document) { + // Not running in a browser, provide a factory function + // so that you can pass your own Window + DOMPurify.isSupported = false; + return DOMPurify; + } + let { + document + } = window; + const originalDocument = document; + const currentScript = originalDocument.currentScript; + const { + DocumentFragment, + HTMLTemplateElement, + Node, + Element, + NodeFilter, + NamedNodeMap = window.NamedNodeMap || window.MozNamedAttrMap, + HTMLFormElement, + DOMParser, + trustedTypes + } = window; + const ElementPrototype = Element.prototype; + const cloneNode = lookupGetter(ElementPrototype, 'cloneNode'); + const remove = lookupGetter(ElementPrototype, 'remove'); + const getNextSibling = lookupGetter(ElementPrototype, 'nextSibling'); + const getChildNodes = lookupGetter(ElementPrototype, 'childNodes'); + const getParentNode = lookupGetter(ElementPrototype, 'parentNode'); + // As per issue #47, the web-components registry is inherited by a + // new document created via createHTMLDocument. As per the spec + // (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries) + // a new empty registry is used when creating a template contents owner + // document, so we use that as our parent document to ensure nothing + // is inherited. + if (typeof HTMLTemplateElement === 'function') { + const template = document.createElement('template'); + if (template.content && template.content.ownerDocument) { + document = template.content.ownerDocument; + } + } + let trustedTypesPolicy; + let emptyHTML = ''; + const { + implementation, + createNodeIterator, + createDocumentFragment, + getElementsByTagName + } = document; + const { + importNode + } = originalDocument; + let hooks = {}; + /** + * Expose whether this browser supports running the full DOMPurify. + */ + DOMPurify.isSupported = typeof entries === 'function' && typeof getParentNode === 'function' && implementation && implementation.createHTMLDocument !== undefined; + const { + MUSTACHE_EXPR, + ERB_EXPR, + TMPLIT_EXPR, + DATA_ATTR, + ARIA_ATTR, + IS_SCRIPT_OR_DATA, + ATTR_WHITESPACE, + CUSTOM_ELEMENT + } = EXPRESSIONS; + let { + IS_ALLOWED_URI: IS_ALLOWED_URI$1 + } = EXPRESSIONS; + /** + * We consider the elements and attributes below to be safe. Ideally + * don't add any new ones but feel free to remove unwanted ones. + */ + /* allowed element names */ + let ALLOWED_TAGS = null; + const DEFAULT_ALLOWED_TAGS = addToSet({}, [...html$1, ...svg$1, ...svgFilters, ...mathMl$1, ...text]); + /* Allowed attribute names */ + let ALLOWED_ATTR = null; + const DEFAULT_ALLOWED_ATTR = addToSet({}, [...html, ...svg, ...mathMl, ...xml]); + /* + * Configure how DOMPurify should handle custom elements and their attributes as well as customized built-in elements. + * @property {RegExp|Function|null} tagNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any custom elements) + * @property {RegExp|Function|null} attributeNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any attributes not on the allow list) + * @property {boolean} allowCustomizedBuiltInElements allow custom elements derived from built-ins if they pass CUSTOM_ELEMENT_HANDLING.tagNameCheck. Default: `false`. + */ + let CUSTOM_ELEMENT_HANDLING = Object.seal(create(null, { + tagNameCheck: { + writable: true, + configurable: false, + enumerable: true, + value: null + }, + attributeNameCheck: { + writable: true, + configurable: false, + enumerable: true, + value: null + }, + allowCustomizedBuiltInElements: { + writable: true, + configurable: false, + enumerable: true, + value: false + } + })); + /* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */ + let FORBID_TAGS = null; + /* Explicitly forbidden attributes (overrides ALLOWED_ATTR/ADD_ATTR) */ + let FORBID_ATTR = null; + /* Decide if ARIA attributes are okay */ + let ALLOW_ARIA_ATTR = true; + /* Decide if custom data attributes are okay */ + let ALLOW_DATA_ATTR = true; + /* Decide if unknown protocols are okay */ + let ALLOW_UNKNOWN_PROTOCOLS = false; + /* Decide if self-closing tags in attributes are allowed. + * Usually removed due to a mXSS issue in jQuery 3.0 */ + let ALLOW_SELF_CLOSE_IN_ATTR = true; + /* Output should be safe for common template engines. + * This means, DOMPurify removes data attributes, mustaches and ERB + */ + let SAFE_FOR_TEMPLATES = false; + /* Output should be safe even for XML used within HTML and alike. + * This means, DOMPurify removes comments when containing risky content. + */ + let SAFE_FOR_XML = true; + /* Decide if document with ... should be returned */ + let WHOLE_DOCUMENT = false; + /* Track whether config is already set on this instance of DOMPurify. */ + let SET_CONFIG = false; + /* Decide if all elements (e.g. style, script) must be children of + * document.body. By default, browsers might move them to document.head */ + let FORCE_BODY = false; + /* Decide if a DOM `HTMLBodyElement` should be returned, instead of a html + * string (or a TrustedHTML object if Trusted Types are supported). + * If `WHOLE_DOCUMENT` is enabled a `HTMLHtmlElement` will be returned instead + */ + let RETURN_DOM = false; + /* Decide if a DOM `DocumentFragment` should be returned, instead of a html + * string (or a TrustedHTML object if Trusted Types are supported) */ + let RETURN_DOM_FRAGMENT = false; + /* Try to return a Trusted Type object instead of a string, return a string in + * case Trusted Types are not supported */ + let RETURN_TRUSTED_TYPE = false; + /* Output should be free from DOM clobbering attacks? + * This sanitizes markups named with colliding, clobberable built-in DOM APIs. + */ + let SANITIZE_DOM = true; + /* Achieve full DOM Clobbering protection by isolating the namespace of named + * properties and JS variables, mitigating attacks that abuse the HTML/DOM spec rules. + * + * HTML/DOM spec rules that enable DOM Clobbering: + * - Named Access on Window (§7.3.3) + * - DOM Tree Accessors (§3.1.5) + * - Form Element Parent-Child Relations (§4.10.3) + * - Iframe srcdoc / Nested WindowProxies (§4.8.5) + * - HTMLCollection (§4.2.10.2) + * + * Namespace isolation is implemented by prefixing `id` and `name` attributes + * with a constant string, i.e., `user-content-` + */ + let SANITIZE_NAMED_PROPS = false; + const SANITIZE_NAMED_PROPS_PREFIX = 'user-content-'; + /* Keep element content when removing element? */ + let KEEP_CONTENT = true; + /* If a `Node` is passed to sanitize(), then performs sanitization in-place instead + * of importing it into a new Document and returning a sanitized copy */ + let IN_PLACE = false; + /* Allow usage of profiles like html, svg and mathMl */ + let USE_PROFILES = {}; + /* Tags to ignore content of when KEEP_CONTENT is true */ + let FORBID_CONTENTS = null; + const DEFAULT_FORBID_CONTENTS = addToSet({}, ['annotation-xml', 'audio', 'colgroup', 'desc', 'foreignobject', 'head', 'iframe', 'math', 'mi', 'mn', 'mo', 'ms', 'mtext', 'noembed', 'noframes', 'noscript', 'plaintext', 'script', 'style', 'svg', 'template', 'thead', 'title', 'video', 'xmp']); + /* Tags that are safe for data: URIs */ + let DATA_URI_TAGS = null; + const DEFAULT_DATA_URI_TAGS = addToSet({}, ['audio', 'video', 'img', 'source', 'image', 'track']); + /* Attributes safe for values like "javascript:" */ + let URI_SAFE_ATTRIBUTES = null; + const DEFAULT_URI_SAFE_ATTRIBUTES = addToSet({}, ['alt', 'class', 'for', 'id', 'label', 'name', 'pattern', 'placeholder', 'role', 'summary', 'title', 'value', 'style', 'xmlns']); + const MATHML_NAMESPACE = 'http://www.w3.org/1998/Math/MathML'; + const SVG_NAMESPACE = 'http://www.w3.org/2000/svg'; + const HTML_NAMESPACE = 'http://www.w3.org/1999/xhtml'; + /* Document namespace */ + let NAMESPACE = HTML_NAMESPACE; + let IS_EMPTY_INPUT = false; + /* Allowed XHTML+XML namespaces */ + let ALLOWED_NAMESPACES = null; + const DEFAULT_ALLOWED_NAMESPACES = addToSet({}, [MATHML_NAMESPACE, SVG_NAMESPACE, HTML_NAMESPACE], stringToString); + let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, ['mi', 'mo', 'mn', 'ms', 'mtext']); + let HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']); + // Certain elements are allowed in both SVG and HTML + // namespace. We need to specify them explicitly + // so that they don't get erroneously deleted from + // HTML namespace. + const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, ['title', 'style', 'font', 'a', 'script']); + /* Parsing of strict XHTML documents */ + let PARSER_MEDIA_TYPE = null; + const SUPPORTED_PARSER_MEDIA_TYPES = ['application/xhtml+xml', 'text/html']; + const DEFAULT_PARSER_MEDIA_TYPE = 'text/html'; + let transformCaseFunc = null; + /* Keep a reference to config to pass to hooks */ + let CONFIG = null; + /* Ideally, do not touch anything below this line */ + /* ______________________________________________ */ + const formElement = document.createElement('form'); + const isRegexOrFunction = function isRegexOrFunction(testValue) { + return testValue instanceof RegExp || testValue instanceof Function; + }; + /** + * _parseConfig + * + * @param {Object} cfg optional config literal + */ + // eslint-disable-next-line complexity + const _parseConfig = function _parseConfig() { + let cfg = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {}; + if (CONFIG && CONFIG === cfg) { + return; + } + /* Shield configuration object from tampering */ + if (!cfg || typeof cfg !== 'object') { + cfg = {}; + } + /* Shield configuration object from prototype pollution */ + cfg = clone(cfg); + PARSER_MEDIA_TYPE = + // eslint-disable-next-line unicorn/prefer-includes + SUPPORTED_PARSER_MEDIA_TYPES.indexOf(cfg.PARSER_MEDIA_TYPE) === -1 ? DEFAULT_PARSER_MEDIA_TYPE : cfg.PARSER_MEDIA_TYPE; + // HTML tags and attributes are not case-sensitive, converting to lowercase. Keeping XHTML as is. + transformCaseFunc = PARSER_MEDIA_TYPE === 'application/xhtml+xml' ? stringToString : stringToLowerCase; + /* Set configuration parameters */ + ALLOWED_TAGS = objectHasOwnProperty(cfg, 'ALLOWED_TAGS') ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc) : DEFAULT_ALLOWED_TAGS; + ALLOWED_ATTR = objectHasOwnProperty(cfg, 'ALLOWED_ATTR') ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc) : DEFAULT_ALLOWED_ATTR; + ALLOWED_NAMESPACES = objectHasOwnProperty(cfg, 'ALLOWED_NAMESPACES') ? addToSet({}, cfg.ALLOWED_NAMESPACES, stringToString) : DEFAULT_ALLOWED_NAMESPACES; + URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR') ? addToSet(clone(DEFAULT_URI_SAFE_ATTRIBUTES), cfg.ADD_URI_SAFE_ATTR, transformCaseFunc) : DEFAULT_URI_SAFE_ATTRIBUTES; + DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS') ? addToSet(clone(DEFAULT_DATA_URI_TAGS), cfg.ADD_DATA_URI_TAGS, transformCaseFunc) : DEFAULT_DATA_URI_TAGS; + FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS') ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc) : DEFAULT_FORBID_CONTENTS; + FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS') ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc) : {}; + FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR') ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc) : {}; + USE_PROFILES = objectHasOwnProperty(cfg, 'USE_PROFILES') ? cfg.USE_PROFILES : false; + ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true + ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true + ALLOW_UNKNOWN_PROTOCOLS = cfg.ALLOW_UNKNOWN_PROTOCOLS || false; // Default false + ALLOW_SELF_CLOSE_IN_ATTR = cfg.ALLOW_SELF_CLOSE_IN_ATTR !== false; // Default true + SAFE_FOR_TEMPLATES = cfg.SAFE_FOR_TEMPLATES || false; // Default false + SAFE_FOR_XML = cfg.SAFE_FOR_XML !== false; // Default true + WHOLE_DOCUMENT = cfg.WHOLE_DOCUMENT || false; // Default false + RETURN_DOM = cfg.RETURN_DOM || false; // Default false + RETURN_DOM_FRAGMENT = cfg.RETURN_DOM_FRAGMENT || false; // Default false + RETURN_TRUSTED_TYPE = cfg.RETURN_TRUSTED_TYPE || false; // Default false + FORCE_BODY = cfg.FORCE_BODY || false; // Default false + SANITIZE_DOM = cfg.SANITIZE_DOM !== false; // Default true + SANITIZE_NAMED_PROPS = cfg.SANITIZE_NAMED_PROPS || false; // Default false + KEEP_CONTENT = cfg.KEEP_CONTENT !== false; // Default true + IN_PLACE = cfg.IN_PLACE || false; // Default false + IS_ALLOWED_URI$1 = cfg.ALLOWED_URI_REGEXP || IS_ALLOWED_URI; + NAMESPACE = cfg.NAMESPACE || HTML_NAMESPACE; + MATHML_TEXT_INTEGRATION_POINTS = cfg.MATHML_TEXT_INTEGRATION_POINTS || MATHML_TEXT_INTEGRATION_POINTS; + HTML_INTEGRATION_POINTS = cfg.HTML_INTEGRATION_POINTS || HTML_INTEGRATION_POINTS; + CUSTOM_ELEMENT_HANDLING = cfg.CUSTOM_ELEMENT_HANDLING || {}; + if (cfg.CUSTOM_ELEMENT_HANDLING && isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck)) { + CUSTOM_ELEMENT_HANDLING.tagNameCheck = cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck; + } + if (cfg.CUSTOM_ELEMENT_HANDLING && isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)) { + CUSTOM_ELEMENT_HANDLING.attributeNameCheck = cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck; + } + if (cfg.CUSTOM_ELEMENT_HANDLING && typeof cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements === 'boolean') { + CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements = cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements; + } + if (SAFE_FOR_TEMPLATES) { + ALLOW_DATA_ATTR = false; + } + if (RETURN_DOM_FRAGMENT) { + RETURN_DOM = true; + } + /* Parse profile info */ + if (USE_PROFILES) { + ALLOWED_TAGS = addToSet({}, text); + ALLOWED_ATTR = []; + if (USE_PROFILES.html === true) { + addToSet(ALLOWED_TAGS, html$1); + addToSet(ALLOWED_ATTR, html); + } + if (USE_PROFILES.svg === true) { + addToSet(ALLOWED_TAGS, svg$1); + addToSet(ALLOWED_ATTR, svg); + addToSet(ALLOWED_ATTR, xml); + } + if (USE_PROFILES.svgFilters === true) { + addToSet(ALLOWED_TAGS, svgFilters); + addToSet(ALLOWED_ATTR, svg); + addToSet(ALLOWED_ATTR, xml); + } + if (USE_PROFILES.mathMl === true) { + addToSet(ALLOWED_TAGS, mathMl$1); + addToSet(ALLOWED_ATTR, mathMl); + addToSet(ALLOWED_ATTR, xml); + } + } + /* Merge configuration parameters */ + if (cfg.ADD_TAGS) { + if (ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) { + ALLOWED_TAGS = clone(ALLOWED_TAGS); + } + addToSet(ALLOWED_TAGS, cfg.ADD_TAGS, transformCaseFunc); + } + if (cfg.ADD_ATTR) { + if (ALLOWED_ATTR === DEFAULT_ALLOWED_ATTR) { + ALLOWED_ATTR = clone(ALLOWED_ATTR); + } + addToSet(ALLOWED_ATTR, cfg.ADD_ATTR, transformCaseFunc); + } + if (cfg.ADD_URI_SAFE_ATTR) { + addToSet(URI_SAFE_ATTRIBUTES, cfg.ADD_URI_SAFE_ATTR, transformCaseFunc); + } + if (cfg.FORBID_CONTENTS) { + if (FORBID_CONTENTS === DEFAULT_FORBID_CONTENTS) { + FORBID_CONTENTS = clone(FORBID_CONTENTS); + } + addToSet(FORBID_CONTENTS, cfg.FORBID_CONTENTS, transformCaseFunc); + } + /* Add #text in case KEEP_CONTENT is set to true */ + if (KEEP_CONTENT) { + ALLOWED_TAGS['#text'] = true; + } + /* Add html, head and body to ALLOWED_TAGS in case WHOLE_DOCUMENT is true */ + if (WHOLE_DOCUMENT) { + addToSet(ALLOWED_TAGS, ['html', 'head', 'body']); + } + /* Add tbody to ALLOWED_TAGS in case tables are permitted, see #286, #365 */ + if (ALLOWED_TAGS.table) { + addToSet(ALLOWED_TAGS, ['tbody']); + delete FORBID_TAGS.tbody; + } + if (cfg.TRUSTED_TYPES_POLICY) { + if (typeof cfg.TRUSTED_TYPES_POLICY.createHTML !== 'function') { + throw typeErrorCreate('TRUSTED_TYPES_POLICY configuration option must provide a "createHTML" hook.'); + } + if (typeof cfg.TRUSTED_TYPES_POLICY.createScriptURL !== 'function') { + throw typeErrorCreate('TRUSTED_TYPES_POLICY configuration option must provide a "createScriptURL" hook.'); + } + // Overwrite existing TrustedTypes policy. + trustedTypesPolicy = cfg.TRUSTED_TYPES_POLICY; + // Sign local variables required by `sanitize`. + emptyHTML = trustedTypesPolicy.createHTML(''); + } else { + // Uninitialized policy, attempt to initialize the internal dompurify policy. + if (trustedTypesPolicy === undefined) { + trustedTypesPolicy = _createTrustedTypesPolicy(trustedTypes, currentScript); + } + // If creating the internal policy succeeded sign internal variables. + if (trustedTypesPolicy !== null && typeof emptyHTML === 'string') { + emptyHTML = trustedTypesPolicy.createHTML(''); + } + } + // Prevent further manipulation of configuration. + // Not available in IE8, Safari 5, etc. + if (freeze) { + freeze(cfg); + } + CONFIG = cfg; + }; + /* Keep track of all possible SVG and MathML tags + * so that we can perform the namespace checks + * correctly. */ + const ALL_SVG_TAGS = addToSet({}, [...svg$1, ...svgFilters, ...svgDisallowed]); + const ALL_MATHML_TAGS = addToSet({}, [...mathMl$1, ...mathMlDisallowed]); + /** + * @param {Element} element a DOM element whose namespace is being checked + * @returns {boolean} Return false if the element has a + * namespace that a spec-compliant parser would never + * return. Return true otherwise. + */ + const _checkValidNamespace = function _checkValidNamespace(element) { + let parent = getParentNode(element); + // In JSDOM, if we're inside shadow DOM, then parentNode + // can be null. We just simulate parent in this case. + if (!parent || !parent.tagName) { + parent = { + namespaceURI: NAMESPACE, + tagName: 'template' + }; + } + const tagName = stringToLowerCase(element.tagName); + const parentTagName = stringToLowerCase(parent.tagName); + if (!ALLOWED_NAMESPACES[element.namespaceURI]) { + return false; + } + if (element.namespaceURI === SVG_NAMESPACE) { + // The only way to switch from HTML namespace to SVG + // is via . If it happens via any other tag, then + // it should be killed. + if (parent.namespaceURI === HTML_NAMESPACE) { + return tagName === 'svg'; + } + // The only way to switch from MathML to SVG is via` + // svg if parent is either or MathML + // text integration points. + if (parent.namespaceURI === MATHML_NAMESPACE) { + return tagName === 'svg' && (parentTagName === 'annotation-xml' || MATHML_TEXT_INTEGRATION_POINTS[parentTagName]); + } + // We only allow elements that are defined in SVG + // spec. All others are disallowed in SVG namespace. + return Boolean(ALL_SVG_TAGS[tagName]); + } + if (element.namespaceURI === MATHML_NAMESPACE) { + // The only way to switch from HTML namespace to MathML + // is via . If it happens via any other tag, then + // it should be killed. + if (parent.namespaceURI === HTML_NAMESPACE) { + return tagName === 'math'; + } + // The only way to switch from SVG to MathML is via + // and HTML integration points + if (parent.namespaceURI === SVG_NAMESPACE) { + return tagName === 'math' && HTML_INTEGRATION_POINTS[parentTagName]; + } + // We only allow elements that are defined in MathML + // spec. All others are disallowed in MathML namespace. + return Boolean(ALL_MATHML_TAGS[tagName]); + } + if (element.namespaceURI === HTML_NAMESPACE) { + // The only way to switch from SVG to HTML is via + // HTML integration points, and from MathML to HTML + // is via MathML text integration points + if (parent.namespaceURI === SVG_NAMESPACE && !HTML_INTEGRATION_POINTS[parentTagName]) { + return false; + } + if (parent.namespaceURI === MATHML_NAMESPACE && !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]) { + return false; + } + // We disallow tags that are specific for MathML + // or SVG and should never appear in HTML namespace + return !ALL_MATHML_TAGS[tagName] && (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName]); + } + // For XHTML and XML documents that support custom namespaces + if (PARSER_MEDIA_TYPE === 'application/xhtml+xml' && ALLOWED_NAMESPACES[element.namespaceURI]) { + return true; + } + // The code should never reach this place (this means + // that the element somehow got namespace that is not + // HTML, SVG, MathML or allowed via ALLOWED_NAMESPACES). + // Return false just in case. + return false; + }; + /** + * _forceRemove + * + * @param {Node} node a DOM node + */ + const _forceRemove = function _forceRemove(node) { + arrayPush(DOMPurify.removed, { + element: node + }); + try { + // eslint-disable-next-line unicorn/prefer-dom-node-remove + getParentNode(node).removeChild(node); + } catch (_) { + remove(node); + } + }; + /** + * _removeAttribute + * + * @param {String} name an Attribute name + * @param {Node} node a DOM node + */ + const _removeAttribute = function _removeAttribute(name, node) { + try { + arrayPush(DOMPurify.removed, { + attribute: node.getAttributeNode(name), + from: node + }); + } catch (_) { + arrayPush(DOMPurify.removed, { + attribute: null, + from: node + }); + } + node.removeAttribute(name); + // We void attribute values for unremovable "is"" attributes + if (name === 'is' && !ALLOWED_ATTR[name]) { + if (RETURN_DOM || RETURN_DOM_FRAGMENT) { + try { + _forceRemove(node); + } catch (_) {} + } else { + try { + node.setAttribute(name, ''); + } catch (_) {} + } + } + }; + /** + * _initDocument + * + * @param {String} dirty a string of dirty markup + * @return {Document} a DOM, filled with the dirty markup + */ + const _initDocument = function _initDocument(dirty) { + /* Create a HTML document */ + let doc = null; + let leadingWhitespace = null; + if (FORCE_BODY) { + dirty = '' + dirty; + } else { + /* If FORCE_BODY isn't used, leading whitespace needs to be preserved manually */ + const matches = stringMatch(dirty, /^[\r\n\t ]+/); + leadingWhitespace = matches && matches[0]; + } + if (PARSER_MEDIA_TYPE === 'application/xhtml+xml' && NAMESPACE === HTML_NAMESPACE) { + // Root of XHTML doc must contain xmlns declaration (see https://www.w3.org/TR/xhtml1/normative.html#strict) + dirty = '' + dirty + ''; + } + const dirtyPayload = trustedTypesPolicy ? trustedTypesPolicy.createHTML(dirty) : dirty; + /* + * Use the DOMParser API by default, fallback later if needs be + * DOMParser not work for svg when has multiple root element. + */ + if (NAMESPACE === HTML_NAMESPACE) { + try { + doc = new DOMParser().parseFromString(dirtyPayload, PARSER_MEDIA_TYPE); + } catch (_) {} + } + /* Use createHTMLDocument in case DOMParser is not available */ + if (!doc || !doc.documentElement) { + doc = implementation.createDocument(NAMESPACE, 'template', null); + try { + doc.documentElement.innerHTML = IS_EMPTY_INPUT ? emptyHTML : dirtyPayload; + } catch (_) { + // Syntax error if dirtyPayload is invalid xml + } + } + const body = doc.body || doc.documentElement; + if (dirty && leadingWhitespace) { + body.insertBefore(document.createTextNode(leadingWhitespace), body.childNodes[0] || null); + } + /* Work on whole document or just its body */ + if (NAMESPACE === HTML_NAMESPACE) { + return getElementsByTagName.call(doc, WHOLE_DOCUMENT ? 'html' : 'body')[0]; + } + return WHOLE_DOCUMENT ? doc.documentElement : body; + }; + /** + * Creates a NodeIterator object that you can use to traverse filtered lists of nodes or elements in a document. + * + * @param {Node} root The root element or node to start traversing on. + * @return {NodeIterator} The created NodeIterator + */ + const _createNodeIterator = function _createNodeIterator(root) { + return createNodeIterator.call(root.ownerDocument || root, root, + // eslint-disable-next-line no-bitwise + NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT | NodeFilter.SHOW_PROCESSING_INSTRUCTION | NodeFilter.SHOW_CDATA_SECTION, null); + }; + /** + * _isClobbered + * + * @param {Node} elm element to check for clobbering attacks + * @return {Boolean} true if clobbered, false if safe + */ + const _isClobbered = function _isClobbered(elm) { + return elm instanceof HTMLFormElement && (typeof elm.nodeName !== 'string' || typeof elm.textContent !== 'string' || typeof elm.removeChild !== 'function' || !(elm.attributes instanceof NamedNodeMap) || typeof elm.removeAttribute !== 'function' || typeof elm.setAttribute !== 'function' || typeof elm.namespaceURI !== 'string' || typeof elm.insertBefore !== 'function' || typeof elm.hasChildNodes !== 'function'); + }; + /** + * Checks whether the given object is a DOM node. + * + * @param {Node} object object to check whether it's a DOM node + * @return {Boolean} true is object is a DOM node + */ + const _isNode = function _isNode(object) { + return typeof Node === 'function' && object instanceof Node; + }; + /** + * _executeHook + * Execute user configurable hooks + * + * @param entryPoint Name of the hook's entry point + * @param currentNode node to work on with the hook + * @param {Object} data additional hook parameters + */ + function _executeHook(entryPoint, currentNode, data) { + if (!hooks[entryPoint]) { + return; + } + arrayForEach(hooks[entryPoint], hook => { + hook.call(DOMPurify, currentNode, data, CONFIG); + }); + } + /** + * _sanitizeElements + * + * @protect nodeName + * @protect textContent + * @protect removeChild + * + * @param {Node} currentNode to check for permission to exist + * @return {Boolean} true if node was killed, false if left alive + */ + const _sanitizeElements = function _sanitizeElements(currentNode) { + let content = null; + /* Execute a hook if present */ + _executeHook('beforeSanitizeElements', currentNode, null); + /* Check if element is clobbered or can clobber */ + if (_isClobbered(currentNode)) { + _forceRemove(currentNode); + return true; + } + /* Now let's check the element's type and name */ + const tagName = transformCaseFunc(currentNode.nodeName); + /* Execute a hook if present */ + _executeHook('uponSanitizeElement', currentNode, { + tagName, + allowedTags: ALLOWED_TAGS + }); + /* Detect mXSS attempts abusing namespace confusion */ + if (currentNode.hasChildNodes() && !_isNode(currentNode.firstElementChild) && regExpTest(/<[/\w]/g, currentNode.innerHTML) && regExpTest(/<[/\w]/g, currentNode.textContent)) { + _forceRemove(currentNode); + return true; + } + /* Remove any occurrence of processing instructions */ + if (currentNode.nodeType === NODE_TYPE.progressingInstruction) { + _forceRemove(currentNode); + return true; + } + /* Remove any kind of possibly harmful comments */ + if (SAFE_FOR_XML && currentNode.nodeType === NODE_TYPE.comment && regExpTest(/<[/\w]/g, currentNode.data)) { + _forceRemove(currentNode); + return true; + } + /* Remove element if anything forbids its presence */ + if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) { + /* Check if we have a custom element to handle */ + if (!FORBID_TAGS[tagName] && _isBasicCustomElement(tagName)) { + if (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, tagName)) { + return false; + } + if (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.tagNameCheck(tagName)) { + return false; + } + } + /* Keep content except for bad-listed elements */ + if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) { + const parentNode = getParentNode(currentNode) || currentNode.parentNode; + const childNodes = getChildNodes(currentNode) || currentNode.childNodes; + if (childNodes && parentNode) { + const childCount = childNodes.length; + for (let i = childCount - 1; i >= 0; --i) { + const childClone = cloneNode(childNodes[i], true); + childClone.__removalCount = (currentNode.__removalCount || 0) + 1; + parentNode.insertBefore(childClone, getNextSibling(currentNode)); + } + } + } + _forceRemove(currentNode); + return true; + } + /* Check whether element has a valid namespace */ + if (currentNode instanceof Element && !_checkValidNamespace(currentNode)) { + _forceRemove(currentNode); + return true; + } + /* Make sure that older browsers don't get fallback-tag mXSS */ + if ((tagName === 'noscript' || tagName === 'noembed' || tagName === 'noframes') && regExpTest(/<\/no(script|embed|frames)/i, currentNode.innerHTML)) { + _forceRemove(currentNode); + return true; + } + /* Sanitize element content to be template-safe */ + if (SAFE_FOR_TEMPLATES && currentNode.nodeType === NODE_TYPE.text) { + /* Get the element's text content */ + content = currentNode.textContent; + arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], expr => { + content = stringReplace(content, expr, ' '); + }); + if (currentNode.textContent !== content) { + arrayPush(DOMPurify.removed, { + element: currentNode.cloneNode() + }); + currentNode.textContent = content; + } + } + /* Execute a hook if present */ + _executeHook('afterSanitizeElements', currentNode, null); + return false; + }; + /** + * _isValidAttribute + * + * @param {string} lcTag Lowercase tag name of containing element. + * @param {string} lcName Lowercase attribute name. + * @param {string} value Attribute value. + * @return {Boolean} Returns true if `value` is valid, otherwise false. + */ + // eslint-disable-next-line complexity + const _isValidAttribute = function _isValidAttribute(lcTag, lcName, value) { + /* Make sure attribute cannot clobber */ + if (SANITIZE_DOM && (lcName === 'id' || lcName === 'name') && (value in document || value in formElement)) { + return false; + } + /* Allow valid data-* attributes: At least one character after "-" + (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes) + XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804) + We don't need to check the value; it's always URI safe. */ + if (ALLOW_DATA_ATTR && !FORBID_ATTR[lcName] && regExpTest(DATA_ATTR, lcName)) ; else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR, lcName)) ; else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) { + if ( + // First condition does a very basic check if a) it's basically a valid custom element tagname AND + // b) if the tagName passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck + // and c) if the attribute name passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.attributeNameCheck + _isBasicCustomElement(lcTag) && (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, lcTag) || CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.tagNameCheck(lcTag)) && (CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.attributeNameCheck, lcName) || CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.attributeNameCheck(lcName)) || + // Alternative, second condition checks if it's an `is`-attribute, AND + // the value passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck + lcName === 'is' && CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements && (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp && regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, value) || CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function && CUSTOM_ELEMENT_HANDLING.tagNameCheck(value))) ; else { + return false; + } + /* Check value is safe. First, is attr inert? If so, is safe */ + } else if (URI_SAFE_ATTRIBUTES[lcName]) ; else if (regExpTest(IS_ALLOWED_URI$1, stringReplace(value, ATTR_WHITESPACE, ''))) ; else if ((lcName === 'src' || lcName === 'xlink:href' || lcName === 'href') && lcTag !== 'script' && stringIndexOf(value, 'data:') === 0 && DATA_URI_TAGS[lcTag]) ; else if (ALLOW_UNKNOWN_PROTOCOLS && !regExpTest(IS_SCRIPT_OR_DATA, stringReplace(value, ATTR_WHITESPACE, ''))) ; else if (value) { + return false; + } else ; + return true; + }; + /** + * _isBasicCustomElement + * checks if at least one dash is included in tagName, and it's not the first char + * for more sophisticated checking see https://github.com/sindresorhus/validate-element-name + * + * @param {string} tagName name of the tag of the node to sanitize + * @returns {boolean} Returns true if the tag name meets the basic criteria for a custom element, otherwise false. + */ + const _isBasicCustomElement = function _isBasicCustomElement(tagName) { + return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT); + }; + /** + * _sanitizeAttributes + * + * @protect attributes + * @protect nodeName + * @protect removeAttribute + * @protect setAttribute + * + * @param {Node} currentNode to sanitize + */ + const _sanitizeAttributes = function _sanitizeAttributes(currentNode) { + /* Execute a hook if present */ + _executeHook('beforeSanitizeAttributes', currentNode, null); + const { + attributes + } = currentNode; + /* Check if we have attributes; if not we might have a text node */ + if (!attributes) { + return; + } + const hookEvent = { + attrName: '', + attrValue: '', + keepAttr: true, + allowedAttributes: ALLOWED_ATTR, + forceKeepAttr: undefined + }; + let l = attributes.length; + /* Go backwards over all attributes; safely remove bad ones */ + while (l--) { + const attr = attributes[l]; + const { + name, + namespaceURI, + value: attrValue + } = attr; + const lcName = transformCaseFunc(name); + let value = name === 'value' ? attrValue : stringTrim(attrValue); + /* Execute a hook if present */ + hookEvent.attrName = lcName; + hookEvent.attrValue = value; + hookEvent.keepAttr = true; + hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set + _executeHook('uponSanitizeAttribute', currentNode, hookEvent); + value = hookEvent.attrValue; + /* Full DOM Clobbering protection via namespace isolation, + * Prefix id and name attributes with `user-content-` + */ + if (SANITIZE_NAMED_PROPS && (lcName === 'id' || lcName === 'name')) { + // Remove the attribute with this value + _removeAttribute(name, currentNode); + // Prefix the value and later re-create the attribute with the sanitized value + value = SANITIZE_NAMED_PROPS_PREFIX + value; + } + /* Work around a security issue with comments inside attributes */ + if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title)/i, value)) { + _removeAttribute(name, currentNode); + continue; + } + /* Did the hooks approve of the attribute? */ + if (hookEvent.forceKeepAttr) { + continue; + } + /* Remove attribute */ + _removeAttribute(name, currentNode); + /* Did the hooks approve of the attribute? */ + if (!hookEvent.keepAttr) { + continue; + } + /* Work around a security issue in jQuery 3.0 */ + if (!ALLOW_SELF_CLOSE_IN_ATTR && regExpTest(/\/>/i, value)) { + _removeAttribute(name, currentNode); + continue; + } + /* Sanitize attribute content to be template-safe */ + if (SAFE_FOR_TEMPLATES) { + arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], expr => { + value = stringReplace(value, expr, ' '); + }); + } + /* Is `value` valid for this attribute? */ + const lcTag = transformCaseFunc(currentNode.nodeName); + if (!_isValidAttribute(lcTag, lcName, value)) { + continue; + } + /* Handle attributes that require Trusted Types */ + if (trustedTypesPolicy && typeof trustedTypes === 'object' && typeof trustedTypes.getAttributeType === 'function') { + if (namespaceURI) ; else { + switch (trustedTypes.getAttributeType(lcTag, lcName)) { + case 'TrustedHTML': + { + value = trustedTypesPolicy.createHTML(value); + break; + } + case 'TrustedScriptURL': + { + value = trustedTypesPolicy.createScriptURL(value); + break; + } + } + } + } + /* Handle invalid data-* attribute set by try-catching it */ + try { + if (namespaceURI) { + currentNode.setAttributeNS(namespaceURI, name, value); + } else { + /* Fallback to setAttribute() for browser-unrecognized namespaces e.g. "x-schema". */ + currentNode.setAttribute(name, value); + } + if (_isClobbered(currentNode)) { + _forceRemove(currentNode); + } else { + arrayPop(DOMPurify.removed); + } + } catch (_) {} + } + /* Execute a hook if present */ + _executeHook('afterSanitizeAttributes', currentNode, null); + }; + /** + * _sanitizeShadowDOM + * + * @param {DocumentFragment} fragment to iterate over recursively + */ + const _sanitizeShadowDOM = function _sanitizeShadowDOM(fragment) { + let shadowNode = null; + const shadowIterator = _createNodeIterator(fragment); + /* Execute a hook if present */ + _executeHook('beforeSanitizeShadowDOM', fragment, null); + while (shadowNode = shadowIterator.nextNode()) { + /* Execute a hook if present */ + _executeHook('uponSanitizeShadowNode', shadowNode, null); + /* Sanitize tags and elements */ + if (_sanitizeElements(shadowNode)) { + continue; + } + /* Deep shadow DOM detected */ + if (shadowNode.content instanceof DocumentFragment) { + _sanitizeShadowDOM(shadowNode.content); + } + /* Check attributes, sanitize if necessary */ + _sanitizeAttributes(shadowNode); + } + /* Execute a hook if present */ + _executeHook('afterSanitizeShadowDOM', fragment, null); + }; + // eslint-disable-next-line complexity + DOMPurify.sanitize = function (dirty) { + let cfg = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {}; + let body = null; + let importedNode = null; + let currentNode = null; + let returnNode = null; + /* Make sure we have a string to sanitize. + DO NOT return early, as this will return the wrong type if + the user has requested a DOM object rather than a string */ + IS_EMPTY_INPUT = !dirty; + if (IS_EMPTY_INPUT) { + dirty = ''; + } + /* Stringify, in case dirty is an object */ + if (typeof dirty !== 'string' && !_isNode(dirty)) { + if (typeof dirty.toString === 'function') { + dirty = dirty.toString(); + if (typeof dirty !== 'string') { + throw typeErrorCreate('dirty is not a string, aborting'); + } + } else { + throw typeErrorCreate('toString is not a function'); + } + } + /* Return dirty HTML if DOMPurify cannot run */ + if (!DOMPurify.isSupported) { + return dirty; + } + /* Assign config vars */ + if (!SET_CONFIG) { + _parseConfig(cfg); + } + /* Clean up removed elements */ + DOMPurify.removed = []; + /* Check if dirty is correctly typed for IN_PLACE */ + if (typeof dirty === 'string') { + IN_PLACE = false; + } + if (IN_PLACE) { + /* Do some early pre-sanitization to avoid unsafe root nodes */ + if (dirty.nodeName) { + const tagName = transformCaseFunc(dirty.nodeName); + if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) { + throw typeErrorCreate('root node is forbidden and cannot be sanitized in-place'); + } + } + } else if (dirty instanceof Node) { + /* If dirty is a DOM element, append to an empty document to avoid + elements being stripped by the parser */ + body = _initDocument(''); + importedNode = body.ownerDocument.importNode(dirty, true); + if (importedNode.nodeType === NODE_TYPE.element && importedNode.nodeName === 'BODY') { + /* Node is already a body, use as is */ + body = importedNode; + } else if (importedNode.nodeName === 'HTML') { + body = importedNode; + } else { + // eslint-disable-next-line unicorn/prefer-dom-node-append + body.appendChild(importedNode); + } + } else { + /* Exit directly if we have nothing to do */ + if (!RETURN_DOM && !SAFE_FOR_TEMPLATES && !WHOLE_DOCUMENT && + // eslint-disable-next-line unicorn/prefer-includes + dirty.indexOf('<') === -1) { + return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(dirty) : dirty; + } + /* Initialize the document to work on */ + body = _initDocument(dirty); + /* Check we have a DOM node from the data */ + if (!body) { + return RETURN_DOM ? null : RETURN_TRUSTED_TYPE ? emptyHTML : ''; + } + } + /* Remove first element node (ours) if FORCE_BODY is set */ + if (body && FORCE_BODY) { + _forceRemove(body.firstChild); + } + /* Get node iterator */ + const nodeIterator = _createNodeIterator(IN_PLACE ? dirty : body); + /* Now start iterating over the created document */ + while (currentNode = nodeIterator.nextNode()) { + /* Sanitize tags and elements */ + if (_sanitizeElements(currentNode)) { + continue; + } + /* Shadow DOM detected, sanitize it */ + if (currentNode.content instanceof DocumentFragment) { + _sanitizeShadowDOM(currentNode.content); + } + /* Check attributes, sanitize if necessary */ + _sanitizeAttributes(currentNode); + } + /* If we sanitized `dirty` in-place, return it. */ + if (IN_PLACE) { + return dirty; + } + /* Return sanitized string or DOM */ + if (RETURN_DOM) { + if (RETURN_DOM_FRAGMENT) { + returnNode = createDocumentFragment.call(body.ownerDocument); + while (body.firstChild) { + // eslint-disable-next-line unicorn/prefer-dom-node-append + returnNode.appendChild(body.firstChild); + } + } else { + returnNode = body; + } + if (ALLOWED_ATTR.shadowroot || ALLOWED_ATTR.shadowrootmode) { + /* + AdoptNode() is not used because internal state is not reset + (e.g. the past names map of a HTMLFormElement), this is safe + in theory but we would rather not risk another attack vector. + The state that is cloned by importNode() is explicitly defined + by the specs. + */ + returnNode = importNode.call(originalDocument, returnNode, true); + } + return returnNode; + } + let serializedHTML = WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML; + /* Serialize doctype if allowed */ + if (WHOLE_DOCUMENT && ALLOWED_TAGS['!doctype'] && body.ownerDocument && body.ownerDocument.doctype && body.ownerDocument.doctype.name && regExpTest(DOCTYPE_NAME, body.ownerDocument.doctype.name)) { + serializedHTML = '\n' + serializedHTML; + } + /* Sanitize final string template-safe */ + if (SAFE_FOR_TEMPLATES) { + arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], expr => { + serializedHTML = stringReplace(serializedHTML, expr, ' '); + }); + } + return trustedTypesPolicy && RETURN_TRUSTED_TYPE ? trustedTypesPolicy.createHTML(serializedHTML) : serializedHTML; + }; + DOMPurify.setConfig = function () { + let cfg = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {}; + _parseConfig(cfg); + SET_CONFIG = true; + }; + DOMPurify.clearConfig = function () { + CONFIG = null; + SET_CONFIG = false; + }; + DOMPurify.isValidAttribute = function (tag, attr, value) { + /* Initialize shared config vars if necessary. */ + if (!CONFIG) { + _parseConfig({}); + } + const lcTag = transformCaseFunc(tag); + const lcName = transformCaseFunc(attr); + return _isValidAttribute(lcTag, lcName, value); + }; + DOMPurify.addHook = function (entryPoint, hookFunction) { + if (typeof hookFunction !== 'function') { + return; + } + hooks[entryPoint] = hooks[entryPoint] || []; + arrayPush(hooks[entryPoint], hookFunction); + }; + DOMPurify.removeHook = function (entryPoint) { + if (hooks[entryPoint]) { + return arrayPop(hooks[entryPoint]); + } + }; + DOMPurify.removeHooks = function (entryPoint) { + if (hooks[entryPoint]) { + hooks[entryPoint] = []; + } + }; + DOMPurify.removeAllHooks = function () { + hooks = {}; + }; + return DOMPurify; + } + var purify = createDOMPurify(); + + return purify; + +})); //# sourceMappingURL=purify.min.js.map diff --git a/dist/purify.min.js.map b/dist/purify.min.js.map index 0dbac2951..7b10cb3c2 100644 --- a/dist/purify.min.js.map +++ b/dist/purify.min.js.map @@ -1 +1 @@ -{"version":3,"file":"purify.min.js","sources":["../src/utils.js","../src/tags.js","../src/attrs.js","../src/regexp.js","../src/purify.js"],"sourcesContent":["const {\n entries,\n setPrototypeOf,\n isFrozen,\n getPrototypeOf,\n getOwnPropertyDescriptor,\n} = Object;\n\nlet { freeze, seal, create } = Object; // eslint-disable-line import/no-mutable-exports\nlet { apply, construct } = typeof Reflect !== 'undefined' && Reflect;\n\nif (!freeze) {\n freeze = function (x) {\n return x;\n };\n}\n\nif (!seal) {\n seal = function (x) {\n return x;\n };\n}\n\nif (!apply) {\n apply = function (fun, thisValue, args) {\n return fun.apply(thisValue, args);\n };\n}\n\nif (!construct) {\n construct = function (Func, args) {\n return new Func(...args);\n };\n}\n\nconst arrayForEach = unapply(Array.prototype.forEach);\nconst arrayIndexOf = unapply(Array.prototype.indexOf);\nconst arrayPop = unapply(Array.prototype.pop);\nconst arrayPush = unapply(Array.prototype.push);\nconst arraySlice = unapply(Array.prototype.slice);\n\nconst stringToLowerCase = unapply(String.prototype.toLowerCase);\nconst stringToString = unapply(String.prototype.toString);\nconst stringMatch = unapply(String.prototype.match);\nconst stringReplace = unapply(String.prototype.replace);\nconst stringIndexOf = unapply(String.prototype.indexOf);\nconst stringTrim = unapply(String.prototype.trim);\n\nconst objectHasOwnProperty = unapply(Object.prototype.hasOwnProperty);\n\nconst regExpTest = unapply(RegExp.prototype.test);\n\nconst typeErrorCreate = unconstruct(TypeError);\n\n/**\n * Creates a new function that calls the given function with a specified thisArg and arguments.\n *\n * @param {Function} func - The function to be wrapped and called.\n * @returns {Function} A new function that calls the given function with a specified thisArg and arguments.\n */\nfunction unapply(func) {\n return (thisArg, ...args) => apply(func, thisArg, args);\n}\n\n/**\n * Creates a new function that constructs an instance of the given constructor function with the provided arguments.\n *\n * @param {Function} func - The constructor function to be wrapped and called.\n * @returns {Function} A new function that constructs an instance of the given constructor function with the provided arguments.\n */\nfunction unconstruct(func) {\n return (...args) => construct(func, args);\n}\n\n/**\n * Add properties to a lookup table\n *\n * @param {Object} set - The set to which elements will be added.\n * @param {Array} array - The array containing elements to be added to the set.\n * @param {Function} transformCaseFunc - An optional function to transform the case of each element before adding to the set.\n * @returns {Object} The modified set with added elements.\n */\nfunction addToSet(set, array, transformCaseFunc = stringToLowerCase) {\n if (setPrototypeOf) {\n // Make 'in' and truthy checks like Boolean(set.constructor)\n // independent of any properties defined on Object.prototype.\n // Prevent prototype setters from intercepting set as a this value.\n setPrototypeOf(set, null);\n }\n\n let l = array.length;\n while (l--) {\n let element = array[l];\n if (typeof element === 'string') {\n const lcElement = transformCaseFunc(element);\n if (lcElement !== element) {\n // Config presets (e.g. tags.js, attrs.js) are immutable.\n if (!isFrozen(array)) {\n array[l] = lcElement;\n }\n\n element = lcElement;\n }\n }\n\n set[element] = true;\n }\n\n return set;\n}\n\n/**\n * Clean up an array to harden against CSPP\n *\n * @param {Array} array - The array to be cleaned.\n * @returns {Array} The cleaned version of the array\n */\nfunction cleanArray(array) {\n for (let index = 0; index < array.length; index++) {\n const isPropertyExist = objectHasOwnProperty(array, index);\n\n if (!isPropertyExist) {\n array[index] = null;\n }\n }\n\n return array;\n}\n\n/**\n * Shallow clone an object\n *\n * @param {Object} object - The object to be cloned.\n * @returns {Object} A new object that copies the original.\n */\nfunction clone(object) {\n const newObject = create(null);\n\n for (const [property, value] of entries(object)) {\n const isPropertyExist = objectHasOwnProperty(object, property);\n\n if (isPropertyExist) {\n if (Array.isArray(value)) {\n newObject[property] = cleanArray(value);\n } else if (\n value &&\n typeof value === 'object' &&\n value.constructor === Object\n ) {\n newObject[property] = clone(value);\n } else {\n newObject[property] = value;\n }\n }\n }\n\n return newObject;\n}\n\n/**\n * This method automatically checks if the prop is function or getter and behaves accordingly.\n *\n * @param {Object} object - The object to look up the getter function in its prototype chain.\n * @param {String} prop - The property name for which to find the getter function.\n * @returns {Function} The getter function found in the prototype chain or a fallback function.\n */\nfunction lookupGetter(object, prop) {\n while (object !== null) {\n const desc = getOwnPropertyDescriptor(object, prop);\n\n if (desc) {\n if (desc.get) {\n return unapply(desc.get);\n }\n\n if (typeof desc.value === 'function') {\n return unapply(desc.value);\n }\n }\n\n object = getPrototypeOf(object);\n }\n\n function fallbackValue() {\n return null;\n }\n\n return fallbackValue;\n}\n\nexport {\n // Array\n arrayForEach,\n arrayIndexOf,\n arrayPop,\n arrayPush,\n arraySlice,\n // Object\n entries,\n freeze,\n getPrototypeOf,\n getOwnPropertyDescriptor,\n isFrozen,\n setPrototypeOf,\n seal,\n clone,\n create,\n objectHasOwnProperty,\n // RegExp\n regExpTest,\n // String\n stringIndexOf,\n stringMatch,\n stringReplace,\n stringToLowerCase,\n stringToString,\n stringTrim,\n // Errors\n typeErrorCreate,\n // Other\n lookupGetter,\n addToSet,\n // Reflect\n unapply,\n unconstruct,\n};\n","import { freeze } from './utils.js';\n\nexport const html = freeze([\n 'a',\n 'abbr',\n 'acronym',\n 'address',\n 'area',\n 'article',\n 'aside',\n 'audio',\n 'b',\n 'bdi',\n 'bdo',\n 'big',\n 'blink',\n 'blockquote',\n 'body',\n 'br',\n 'button',\n 'canvas',\n 'caption',\n 'center',\n 'cite',\n 'code',\n 'col',\n 'colgroup',\n 'content',\n 'data',\n 'datalist',\n 'dd',\n 'decorator',\n 'del',\n 'details',\n 'dfn',\n 'dialog',\n 'dir',\n 'div',\n 'dl',\n 'dt',\n 'element',\n 'em',\n 'fieldset',\n 'figcaption',\n 'figure',\n 'font',\n 'footer',\n 'form',\n 'h1',\n 'h2',\n 'h3',\n 'h4',\n 'h5',\n 'h6',\n 'head',\n 'header',\n 'hgroup',\n 'hr',\n 'html',\n 'i',\n 'img',\n 'input',\n 'ins',\n 'kbd',\n 'label',\n 'legend',\n 'li',\n 'main',\n 'map',\n 'mark',\n 'marquee',\n 'menu',\n 'menuitem',\n 'meter',\n 'nav',\n 'nobr',\n 'ol',\n 'optgroup',\n 'option',\n 'output',\n 'p',\n 'picture',\n 'pre',\n 'progress',\n 'q',\n 'rp',\n 'rt',\n 'ruby',\n 's',\n 'samp',\n 'section',\n 'select',\n 'shadow',\n 'small',\n 'source',\n 'spacer',\n 'span',\n 'strike',\n 'strong',\n 'style',\n 'sub',\n 'summary',\n 'sup',\n 'table',\n 'tbody',\n 'td',\n 'template',\n 'textarea',\n 'tfoot',\n 'th',\n 'thead',\n 'time',\n 'tr',\n 'track',\n 'tt',\n 'u',\n 'ul',\n 'var',\n 'video',\n 'wbr',\n]);\n\n// SVG\nexport const svg = freeze([\n 'svg',\n 'a',\n 'altglyph',\n 'altglyphdef',\n 'altglyphitem',\n 'animatecolor',\n 'animatemotion',\n 'animatetransform',\n 'circle',\n 'clippath',\n 'defs',\n 'desc',\n 'ellipse',\n 'filter',\n 'font',\n 'g',\n 'glyph',\n 'glyphref',\n 'hkern',\n 'image',\n 'line',\n 'lineargradient',\n 'marker',\n 'mask',\n 'metadata',\n 'mpath',\n 'path',\n 'pattern',\n 'polygon',\n 'polyline',\n 'radialgradient',\n 'rect',\n 'stop',\n 'style',\n 'switch',\n 'symbol',\n 'text',\n 'textpath',\n 'title',\n 'tref',\n 'tspan',\n 'view',\n 'vkern',\n]);\n\nexport const svgFilters = freeze([\n 'feBlend',\n 'feColorMatrix',\n 'feComponentTransfer',\n 'feComposite',\n 'feConvolveMatrix',\n 'feDiffuseLighting',\n 'feDisplacementMap',\n 'feDistantLight',\n 'feDropShadow',\n 'feFlood',\n 'feFuncA',\n 'feFuncB',\n 'feFuncG',\n 'feFuncR',\n 'feGaussianBlur',\n 'feImage',\n 'feMerge',\n 'feMergeNode',\n 'feMorphology',\n 'feOffset',\n 'fePointLight',\n 'feSpecularLighting',\n 'feSpotLight',\n 'feTile',\n 'feTurbulence',\n]);\n\n// List of SVG elements that are disallowed by default.\n// We still need to know them so that we can do namespace\n// checks properly in case one wants to add them to\n// allow-list.\nexport const svgDisallowed = freeze([\n 'animate',\n 'color-profile',\n 'cursor',\n 'discard',\n 'font-face',\n 'font-face-format',\n 'font-face-name',\n 'font-face-src',\n 'font-face-uri',\n 'foreignobject',\n 'hatch',\n 'hatchpath',\n 'mesh',\n 'meshgradient',\n 'meshpatch',\n 'meshrow',\n 'missing-glyph',\n 'script',\n 'set',\n 'solidcolor',\n 'unknown',\n 'use',\n]);\n\nexport const mathMl = freeze([\n 'math',\n 'menclose',\n 'merror',\n 'mfenced',\n 'mfrac',\n 'mglyph',\n 'mi',\n 'mlabeledtr',\n 'mmultiscripts',\n 'mn',\n 'mo',\n 'mover',\n 'mpadded',\n 'mphantom',\n 'mroot',\n 'mrow',\n 'ms',\n 'mspace',\n 'msqrt',\n 'mstyle',\n 'msub',\n 'msup',\n 'msubsup',\n 'mtable',\n 'mtd',\n 'mtext',\n 'mtr',\n 'munder',\n 'munderover',\n 'mprescripts',\n]);\n\n// Similarly to SVG, we want to know all MathML elements,\n// even those that we disallow by default.\nexport const mathMlDisallowed = freeze([\n 'maction',\n 'maligngroup',\n 'malignmark',\n 'mlongdiv',\n 'mscarries',\n 'mscarry',\n 'msgroup',\n 'mstack',\n 'msline',\n 'msrow',\n 'semantics',\n 'annotation',\n 'annotation-xml',\n 'mprescripts',\n 'none',\n]);\n\nexport const text = freeze(['#text']);\n","import { freeze } from './utils.js';\n\nexport const html = freeze([\n 'accept',\n 'action',\n 'align',\n 'alt',\n 'autocapitalize',\n 'autocomplete',\n 'autopictureinpicture',\n 'autoplay',\n 'background',\n 'bgcolor',\n 'border',\n 'capture',\n 'cellpadding',\n 'cellspacing',\n 'checked',\n 'cite',\n 'class',\n 'clear',\n 'color',\n 'cols',\n 'colspan',\n 'controls',\n 'controlslist',\n 'coords',\n 'crossorigin',\n 'datetime',\n 'decoding',\n 'default',\n 'dir',\n 'disabled',\n 'disablepictureinpicture',\n 'disableremoteplayback',\n 'download',\n 'draggable',\n 'enctype',\n 'enterkeyhint',\n 'face',\n 'for',\n 'headers',\n 'height',\n 'hidden',\n 'high',\n 'href',\n 'hreflang',\n 'id',\n 'inputmode',\n 'integrity',\n 'ismap',\n 'kind',\n 'label',\n 'lang',\n 'list',\n 'loading',\n 'loop',\n 'low',\n 'max',\n 'maxlength',\n 'media',\n 'method',\n 'min',\n 'minlength',\n 'multiple',\n 'muted',\n 'name',\n 'nonce',\n 'noshade',\n 'novalidate',\n 'nowrap',\n 'open',\n 'optimum',\n 'pattern',\n 'placeholder',\n 'playsinline',\n 'popover',\n 'popovertarget',\n 'popovertargetaction',\n 'poster',\n 'preload',\n 'pubdate',\n 'radiogroup',\n 'readonly',\n 'rel',\n 'required',\n 'rev',\n 'reversed',\n 'role',\n 'rows',\n 'rowspan',\n 'spellcheck',\n 'scope',\n 'selected',\n 'shape',\n 'size',\n 'sizes',\n 'span',\n 'srclang',\n 'start',\n 'src',\n 'srcset',\n 'step',\n 'style',\n 'summary',\n 'tabindex',\n 'title',\n 'translate',\n 'type',\n 'usemap',\n 'valign',\n 'value',\n 'width',\n 'wrap',\n 'xmlns',\n 'slot',\n]);\n\nexport const svg = freeze([\n 'accent-height',\n 'accumulate',\n 'additive',\n 'alignment-baseline',\n 'amplitude',\n 'ascent',\n 'attributename',\n 'attributetype',\n 'azimuth',\n 'basefrequency',\n 'baseline-shift',\n 'begin',\n 'bias',\n 'by',\n 'class',\n 'clip',\n 'clippathunits',\n 'clip-path',\n 'clip-rule',\n 'color',\n 'color-interpolation',\n 'color-interpolation-filters',\n 'color-profile',\n 'color-rendering',\n 'cx',\n 'cy',\n 'd',\n 'dx',\n 'dy',\n 'diffuseconstant',\n 'direction',\n 'display',\n 'divisor',\n 'dur',\n 'edgemode',\n 'elevation',\n 'end',\n 'exponent',\n 'fill',\n 'fill-opacity',\n 'fill-rule',\n 'filter',\n 'filterunits',\n 'flood-color',\n 'flood-opacity',\n 'font-family',\n 'font-size',\n 'font-size-adjust',\n 'font-stretch',\n 'font-style',\n 'font-variant',\n 'font-weight',\n 'fx',\n 'fy',\n 'g1',\n 'g2',\n 'glyph-name',\n 'glyphref',\n 'gradientunits',\n 'gradienttransform',\n 'height',\n 'href',\n 'id',\n 'image-rendering',\n 'in',\n 'in2',\n 'intercept',\n 'k',\n 'k1',\n 'k2',\n 'k3',\n 'k4',\n 'kerning',\n 'keypoints',\n 'keysplines',\n 'keytimes',\n 'lang',\n 'lengthadjust',\n 'letter-spacing',\n 'kernelmatrix',\n 'kernelunitlength',\n 'lighting-color',\n 'local',\n 'marker-end',\n 'marker-mid',\n 'marker-start',\n 'markerheight',\n 'markerunits',\n 'markerwidth',\n 'maskcontentunits',\n 'maskunits',\n 'max',\n 'mask',\n 'media',\n 'method',\n 'mode',\n 'min',\n 'name',\n 'numoctaves',\n 'offset',\n 'operator',\n 'opacity',\n 'order',\n 'orient',\n 'orientation',\n 'origin',\n 'overflow',\n 'paint-order',\n 'path',\n 'pathlength',\n 'patterncontentunits',\n 'patterntransform',\n 'patternunits',\n 'points',\n 'preservealpha',\n 'preserveaspectratio',\n 'primitiveunits',\n 'r',\n 'rx',\n 'ry',\n 'radius',\n 'refx',\n 'refy',\n 'repeatcount',\n 'repeatdur',\n 'restart',\n 'result',\n 'rotate',\n 'scale',\n 'seed',\n 'shape-rendering',\n 'slope',\n 'specularconstant',\n 'specularexponent',\n 'spreadmethod',\n 'startoffset',\n 'stddeviation',\n 'stitchtiles',\n 'stop-color',\n 'stop-opacity',\n 'stroke-dasharray',\n 'stroke-dashoffset',\n 'stroke-linecap',\n 'stroke-linejoin',\n 'stroke-miterlimit',\n 'stroke-opacity',\n 'stroke',\n 'stroke-width',\n 'style',\n 'surfacescale',\n 'systemlanguage',\n 'tabindex',\n 'tablevalues',\n 'targetx',\n 'targety',\n 'transform',\n 'transform-origin',\n 'text-anchor',\n 'text-decoration',\n 'text-rendering',\n 'textlength',\n 'type',\n 'u1',\n 'u2',\n 'unicode',\n 'values',\n 'viewbox',\n 'visibility',\n 'version',\n 'vert-adv-y',\n 'vert-origin-x',\n 'vert-origin-y',\n 'width',\n 'word-spacing',\n 'wrap',\n 'writing-mode',\n 'xchannelselector',\n 'ychannelselector',\n 'x',\n 'x1',\n 'x2',\n 'xmlns',\n 'y',\n 'y1',\n 'y2',\n 'z',\n 'zoomandpan',\n]);\n\nexport const mathMl = freeze([\n 'accent',\n 'accentunder',\n 'align',\n 'bevelled',\n 'close',\n 'columnsalign',\n 'columnlines',\n 'columnspan',\n 'denomalign',\n 'depth',\n 'dir',\n 'display',\n 'displaystyle',\n 'encoding',\n 'fence',\n 'frame',\n 'height',\n 'href',\n 'id',\n 'largeop',\n 'length',\n 'linethickness',\n 'lspace',\n 'lquote',\n 'mathbackground',\n 'mathcolor',\n 'mathsize',\n 'mathvariant',\n 'maxsize',\n 'minsize',\n 'movablelimits',\n 'notation',\n 'numalign',\n 'open',\n 'rowalign',\n 'rowlines',\n 'rowspacing',\n 'rowspan',\n 'rspace',\n 'rquote',\n 'scriptlevel',\n 'scriptminsize',\n 'scriptsizemultiplier',\n 'selection',\n 'separator',\n 'separators',\n 'stretchy',\n 'subscriptshift',\n 'supscriptshift',\n 'symmetric',\n 'voffset',\n 'width',\n 'xmlns',\n]);\n\nexport const xml = freeze([\n 'xlink:href',\n 'xml:id',\n 'xlink:title',\n 'xml:space',\n 'xmlns:xlink',\n]);\n","import { seal } from './utils.js';\n\n// eslint-disable-next-line unicorn/better-regex\nexport const MUSTACHE_EXPR = seal(/\\{\\{[\\w\\W]*|[\\w\\W]*\\}\\}/gm); // Specify template detection regex for SAFE_FOR_TEMPLATES mode\nexport const ERB_EXPR = seal(/<%[\\w\\W]*|[\\w\\W]*%>/gm);\nexport const TMPLIT_EXPR = seal(/\\${[\\w\\W]*}/gm);\nexport const DATA_ATTR = seal(/^data-[\\-\\w.\\u00B7-\\uFFFF]/); // eslint-disable-line no-useless-escape\nexport const ARIA_ATTR = seal(/^aria-[\\-\\w]+$/); // eslint-disable-line no-useless-escape\nexport const IS_ALLOWED_URI = seal(\n /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\\-]+(?:[^a-z+.\\-:]|$))/i // eslint-disable-line no-useless-escape\n);\nexport const IS_SCRIPT_OR_DATA = seal(/^(?:\\w+script|data):/i);\nexport const ATTR_WHITESPACE = seal(\n /[\\u0000-\\u0020\\u00A0\\u1680\\u180E\\u2000-\\u2029\\u205F\\u3000]/g // eslint-disable-line no-control-regex\n);\nexport const DOCTYPE_NAME = seal(/^html$/i);\nexport const CUSTOM_ELEMENT = seal(/^[a-z][.\\w]*(-[.\\w]+)+$/i);\n","import * as TAGS from './tags.js';\nimport * as ATTRS from './attrs.js';\nimport * as EXPRESSIONS from './regexp.js';\nimport {\n addToSet,\n clone,\n entries,\n freeze,\n arrayForEach,\n arrayPop,\n arrayPush,\n stringMatch,\n stringReplace,\n stringToLowerCase,\n stringToString,\n stringIndexOf,\n stringTrim,\n regExpTest,\n typeErrorCreate,\n lookupGetter,\n create,\n objectHasOwnProperty,\n} from './utils.js';\n\n// https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType\nconst NODE_TYPE = {\n element: 1,\n attribute: 2,\n text: 3,\n cdataSection: 4,\n entityReference: 5, // Deprecated\n entityNode: 6, // Deprecated\n progressingInstruction: 7,\n comment: 8,\n document: 9,\n documentType: 10,\n documentFragment: 11,\n notation: 12, // Deprecated\n};\n\nconst getGlobal = function () {\n return typeof window === 'undefined' ? null : window;\n};\n\n/**\n * Creates a no-op policy for internal use only.\n * Don't export this function outside this module!\n * @param {TrustedTypePolicyFactory} trustedTypes The policy factory.\n * @param {HTMLScriptElement} purifyHostElement The Script element used to load DOMPurify (to determine policy name suffix).\n * @return {TrustedTypePolicy} The policy created (or null, if Trusted Types\n * are not supported or creating the policy failed).\n */\nconst _createTrustedTypesPolicy = function (trustedTypes, purifyHostElement) {\n if (\n typeof trustedTypes !== 'object' ||\n typeof trustedTypes.createPolicy !== 'function'\n ) {\n return null;\n }\n\n // Allow the callers to control the unique policy name\n // by adding a data-tt-policy-suffix to the script element with the DOMPurify.\n // Policy creation with duplicate names throws in Trusted Types.\n let suffix = null;\n const ATTR_NAME = 'data-tt-policy-suffix';\n if (purifyHostElement && purifyHostElement.hasAttribute(ATTR_NAME)) {\n suffix = purifyHostElement.getAttribute(ATTR_NAME);\n }\n\n const policyName = 'dompurify' + (suffix ? '#' + suffix : '');\n\n try {\n return trustedTypes.createPolicy(policyName, {\n createHTML(html) {\n return html;\n },\n createScriptURL(scriptUrl) {\n return scriptUrl;\n },\n });\n } catch (_) {\n // Policy creation failed (most likely another DOMPurify script has\n // already run). Skip creating the policy, as this will only cause errors\n // if TT are enforced.\n console.warn(\n 'TrustedTypes policy ' + policyName + ' could not be created.'\n );\n return null;\n }\n};\n\nfunction createDOMPurify(window = getGlobal()) {\n const DOMPurify = (root) => createDOMPurify(root);\n\n /**\n * Version label, exposed for easier checks\n * if DOMPurify is up to date or not\n */\n DOMPurify.version = VERSION;\n\n /**\n * Array of elements that DOMPurify removed during sanitation.\n * Empty if nothing was removed.\n */\n DOMPurify.removed = [];\n\n if (\n !window ||\n !window.document ||\n window.document.nodeType !== NODE_TYPE.document\n ) {\n // Not running in a browser, provide a factory function\n // so that you can pass your own Window\n DOMPurify.isSupported = false;\n\n return DOMPurify;\n }\n\n let { document } = window;\n\n const originalDocument = document;\n const currentScript = originalDocument.currentScript;\n const {\n DocumentFragment,\n HTMLTemplateElement,\n Node,\n Element,\n NodeFilter,\n NamedNodeMap = window.NamedNodeMap || window.MozNamedAttrMap,\n HTMLFormElement,\n DOMParser,\n trustedTypes,\n } = window;\n\n const ElementPrototype = Element.prototype;\n\n const cloneNode = lookupGetter(ElementPrototype, 'cloneNode');\n const remove = lookupGetter(ElementPrototype, 'remove');\n const getNextSibling = lookupGetter(ElementPrototype, 'nextSibling');\n const getChildNodes = lookupGetter(ElementPrototype, 'childNodes');\n const getParentNode = lookupGetter(ElementPrototype, 'parentNode');\n\n // As per issue #47, the web-components registry is inherited by a\n // new document created via createHTMLDocument. As per the spec\n // (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)\n // a new empty registry is used when creating a template contents owner\n // document, so we use that as our parent document to ensure nothing\n // is inherited.\n if (typeof HTMLTemplateElement === 'function') {\n const template = document.createElement('template');\n if (template.content && template.content.ownerDocument) {\n document = template.content.ownerDocument;\n }\n }\n\n let trustedTypesPolicy;\n let emptyHTML = '';\n\n const {\n implementation,\n createNodeIterator,\n createDocumentFragment,\n getElementsByTagName,\n } = document;\n const { importNode } = originalDocument;\n\n let hooks = {};\n\n /**\n * Expose whether this browser supports running the full DOMPurify.\n */\n DOMPurify.isSupported =\n typeof entries === 'function' &&\n typeof getParentNode === 'function' &&\n implementation &&\n implementation.createHTMLDocument !== undefined;\n\n const {\n MUSTACHE_EXPR,\n ERB_EXPR,\n TMPLIT_EXPR,\n DATA_ATTR,\n ARIA_ATTR,\n IS_SCRIPT_OR_DATA,\n ATTR_WHITESPACE,\n CUSTOM_ELEMENT,\n } = EXPRESSIONS;\n\n let { IS_ALLOWED_URI } = EXPRESSIONS;\n\n /**\n * We consider the elements and attributes below to be safe. Ideally\n * don't add any new ones but feel free to remove unwanted ones.\n */\n\n /* allowed element names */\n let ALLOWED_TAGS = null;\n const DEFAULT_ALLOWED_TAGS = addToSet({}, [\n ...TAGS.html,\n ...TAGS.svg,\n ...TAGS.svgFilters,\n ...TAGS.mathMl,\n ...TAGS.text,\n ]);\n\n /* Allowed attribute names */\n let ALLOWED_ATTR = null;\n const DEFAULT_ALLOWED_ATTR = addToSet({}, [\n ...ATTRS.html,\n ...ATTRS.svg,\n ...ATTRS.mathMl,\n ...ATTRS.xml,\n ]);\n\n /*\n * Configure how DOMPUrify should handle custom elements and their attributes as well as customized built-in elements.\n * @property {RegExp|Function|null} tagNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any custom elements)\n * @property {RegExp|Function|null} attributeNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any attributes not on the allow list)\n * @property {boolean} allowCustomizedBuiltInElements allow custom elements derived from built-ins if they pass CUSTOM_ELEMENT_HANDLING.tagNameCheck. Default: `false`.\n */\n let CUSTOM_ELEMENT_HANDLING = Object.seal(\n create(null, {\n tagNameCheck: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: null,\n },\n attributeNameCheck: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: null,\n },\n allowCustomizedBuiltInElements: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: false,\n },\n })\n );\n\n /* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */\n let FORBID_TAGS = null;\n\n /* Explicitly forbidden attributes (overrides ALLOWED_ATTR/ADD_ATTR) */\n let FORBID_ATTR = null;\n\n /* Decide if ARIA attributes are okay */\n let ALLOW_ARIA_ATTR = true;\n\n /* Decide if custom data attributes are okay */\n let ALLOW_DATA_ATTR = true;\n\n /* Decide if unknown protocols are okay */\n let ALLOW_UNKNOWN_PROTOCOLS = false;\n\n /* Decide if self-closing tags in attributes are allowed.\n * Usually removed due to a mXSS issue in jQuery 3.0 */\n let ALLOW_SELF_CLOSE_IN_ATTR = true;\n\n /* Output should be safe for common template engines.\n * This means, DOMPurify removes data attributes, mustaches and ERB\n */\n let SAFE_FOR_TEMPLATES = false;\n\n /* Output should be safe even for XML used within HTML and alike.\n * This means, DOMPurify removes comments when containing risky content.\n */\n let SAFE_FOR_XML = true;\n\n /* Decide if document with ... should be returned */\n let WHOLE_DOCUMENT = false;\n\n /* Track whether config is already set on this instance of DOMPurify. */\n let SET_CONFIG = false;\n\n /* Decide if all elements (e.g. style, script) must be children of\n * document.body. By default, browsers might move them to document.head */\n let FORCE_BODY = false;\n\n /* Decide if a DOM `HTMLBodyElement` should be returned, instead of a html\n * string (or a TrustedHTML object if Trusted Types are supported).\n * If `WHOLE_DOCUMENT` is enabled a `HTMLHtmlElement` will be returned instead\n */\n let RETURN_DOM = false;\n\n /* Decide if a DOM `DocumentFragment` should be returned, instead of a html\n * string (or a TrustedHTML object if Trusted Types are supported) */\n let RETURN_DOM_FRAGMENT = false;\n\n /* Try to return a Trusted Type object instead of a string, return a string in\n * case Trusted Types are not supported */\n let RETURN_TRUSTED_TYPE = false;\n\n /* Output should be free from DOM clobbering attacks?\n * This sanitizes markups named with colliding, clobberable built-in DOM APIs.\n */\n let SANITIZE_DOM = true;\n\n /* Achieve full DOM Clobbering protection by isolating the namespace of named\n * properties and JS variables, mitigating attacks that abuse the HTML/DOM spec rules.\n *\n * HTML/DOM spec rules that enable DOM Clobbering:\n * - Named Access on Window (§7.3.3)\n * - DOM Tree Accessors (§3.1.5)\n * - Form Element Parent-Child Relations (§4.10.3)\n * - Iframe srcdoc / Nested WindowProxies (§4.8.5)\n * - HTMLCollection (§4.2.10.2)\n *\n * Namespace isolation is implemented by prefixing `id` and `name` attributes\n * with a constant string, i.e., `user-content-`\n */\n let SANITIZE_NAMED_PROPS = false;\n const SANITIZE_NAMED_PROPS_PREFIX = 'user-content-';\n\n /* Keep element content when removing element? */\n let KEEP_CONTENT = true;\n\n /* If a `Node` is passed to sanitize(), then performs sanitization in-place instead\n * of importing it into a new Document and returning a sanitized copy */\n let IN_PLACE = false;\n\n /* Allow usage of profiles like html, svg and mathMl */\n let USE_PROFILES = {};\n\n /* Tags to ignore content of when KEEP_CONTENT is true */\n let FORBID_CONTENTS = null;\n const DEFAULT_FORBID_CONTENTS = addToSet({}, [\n 'annotation-xml',\n 'audio',\n 'colgroup',\n 'desc',\n 'foreignobject',\n 'head',\n 'iframe',\n 'math',\n 'mi',\n 'mn',\n 'mo',\n 'ms',\n 'mtext',\n 'noembed',\n 'noframes',\n 'noscript',\n 'plaintext',\n 'script',\n 'style',\n 'svg',\n 'template',\n 'thead',\n 'title',\n 'video',\n 'xmp',\n ]);\n\n /* Tags that are safe for data: URIs */\n let DATA_URI_TAGS = null;\n const DEFAULT_DATA_URI_TAGS = addToSet({}, [\n 'audio',\n 'video',\n 'img',\n 'source',\n 'image',\n 'track',\n ]);\n\n /* Attributes safe for values like \"javascript:\" */\n let URI_SAFE_ATTRIBUTES = null;\n const DEFAULT_URI_SAFE_ATTRIBUTES = addToSet({}, [\n 'alt',\n 'class',\n 'for',\n 'id',\n 'label',\n 'name',\n 'pattern',\n 'placeholder',\n 'role',\n 'summary',\n 'title',\n 'value',\n 'style',\n 'xmlns',\n ]);\n\n const MATHML_NAMESPACE = 'http://www.w3.org/1998/Math/MathML';\n const SVG_NAMESPACE = 'http://www.w3.org/2000/svg';\n const HTML_NAMESPACE = 'http://www.w3.org/1999/xhtml';\n /* Document namespace */\n let NAMESPACE = HTML_NAMESPACE;\n let IS_EMPTY_INPUT = false;\n\n /* Allowed XHTML+XML namespaces */\n let ALLOWED_NAMESPACES = null;\n const DEFAULT_ALLOWED_NAMESPACES = addToSet(\n {},\n [MATHML_NAMESPACE, SVG_NAMESPACE, HTML_NAMESPACE],\n stringToString\n );\n\n let MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, [\n 'mi',\n 'mo',\n 'mn',\n 'ms',\n 'mtext',\n ]);\n\n let HTML_INTEGRATION_POINTS = addToSet({}, ['annotation-xml']);\n\n // Certain elements are allowed in both SVG and HTML\n // namespace. We need to specify them explicitly\n // so that they don't get erroneously deleted from\n // HTML namespace.\n const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, [\n 'title',\n 'style',\n 'font',\n 'a',\n 'script',\n ]);\n\n /* Parsing of strict XHTML documents */\n let PARSER_MEDIA_TYPE = null;\n const SUPPORTED_PARSER_MEDIA_TYPES = ['application/xhtml+xml', 'text/html'];\n const DEFAULT_PARSER_MEDIA_TYPE = 'text/html';\n let transformCaseFunc = null;\n\n /* Keep a reference to config to pass to hooks */\n let CONFIG = null;\n\n /* Ideally, do not touch anything below this line */\n /* ______________________________________________ */\n\n const formElement = document.createElement('form');\n\n const isRegexOrFunction = function (testValue) {\n return testValue instanceof RegExp || testValue instanceof Function;\n };\n\n /**\n * _parseConfig\n *\n * @param {Object} cfg optional config literal\n */\n // eslint-disable-next-line complexity\n const _parseConfig = function (cfg = {}) {\n if (CONFIG && CONFIG === cfg) {\n return;\n }\n\n /* Shield configuration object from tampering */\n if (!cfg || typeof cfg !== 'object') {\n cfg = {};\n }\n\n /* Shield configuration object from prototype pollution */\n cfg = clone(cfg);\n\n PARSER_MEDIA_TYPE =\n // eslint-disable-next-line unicorn/prefer-includes\n SUPPORTED_PARSER_MEDIA_TYPES.indexOf(cfg.PARSER_MEDIA_TYPE) === -1\n ? DEFAULT_PARSER_MEDIA_TYPE\n : cfg.PARSER_MEDIA_TYPE;\n\n // HTML tags and attributes are not case-sensitive, converting to lowercase. Keeping XHTML as is.\n transformCaseFunc =\n PARSER_MEDIA_TYPE === 'application/xhtml+xml'\n ? stringToString\n : stringToLowerCase;\n\n /* Set configuration parameters */\n ALLOWED_TAGS = objectHasOwnProperty(cfg, 'ALLOWED_TAGS')\n ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc)\n : DEFAULT_ALLOWED_TAGS;\n ALLOWED_ATTR = objectHasOwnProperty(cfg, 'ALLOWED_ATTR')\n ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc)\n : DEFAULT_ALLOWED_ATTR;\n ALLOWED_NAMESPACES = objectHasOwnProperty(cfg, 'ALLOWED_NAMESPACES')\n ? addToSet({}, cfg.ALLOWED_NAMESPACES, stringToString)\n : DEFAULT_ALLOWED_NAMESPACES;\n URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR')\n ? addToSet(\n clone(DEFAULT_URI_SAFE_ATTRIBUTES), // eslint-disable-line indent\n cfg.ADD_URI_SAFE_ATTR, // eslint-disable-line indent\n transformCaseFunc // eslint-disable-line indent\n ) // eslint-disable-line indent\n : DEFAULT_URI_SAFE_ATTRIBUTES;\n DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS')\n ? addToSet(\n clone(DEFAULT_DATA_URI_TAGS), // eslint-disable-line indent\n cfg.ADD_DATA_URI_TAGS, // eslint-disable-line indent\n transformCaseFunc // eslint-disable-line indent\n ) // eslint-disable-line indent\n : DEFAULT_DATA_URI_TAGS;\n FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS')\n ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc)\n : DEFAULT_FORBID_CONTENTS;\n FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS')\n ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc)\n : {};\n FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR')\n ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc)\n : {};\n USE_PROFILES = objectHasOwnProperty(cfg, 'USE_PROFILES')\n ? cfg.USE_PROFILES\n : false;\n ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true\n ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true\n ALLOW_UNKNOWN_PROTOCOLS = cfg.ALLOW_UNKNOWN_PROTOCOLS || false; // Default false\n ALLOW_SELF_CLOSE_IN_ATTR = cfg.ALLOW_SELF_CLOSE_IN_ATTR !== false; // Default true\n SAFE_FOR_TEMPLATES = cfg.SAFE_FOR_TEMPLATES || false; // Default false\n SAFE_FOR_XML = cfg.SAFE_FOR_XML !== false; // Default true\n WHOLE_DOCUMENT = cfg.WHOLE_DOCUMENT || false; // Default false\n RETURN_DOM = cfg.RETURN_DOM || false; // Default false\n RETURN_DOM_FRAGMENT = cfg.RETURN_DOM_FRAGMENT || false; // Default false\n RETURN_TRUSTED_TYPE = cfg.RETURN_TRUSTED_TYPE || false; // Default false\n FORCE_BODY = cfg.FORCE_BODY || false; // Default false\n SANITIZE_DOM = cfg.SANITIZE_DOM !== false; // Default true\n SANITIZE_NAMED_PROPS = cfg.SANITIZE_NAMED_PROPS || false; // Default false\n KEEP_CONTENT = cfg.KEEP_CONTENT !== false; // Default true\n IN_PLACE = cfg.IN_PLACE || false; // Default false\n IS_ALLOWED_URI = cfg.ALLOWED_URI_REGEXP || EXPRESSIONS.IS_ALLOWED_URI;\n NAMESPACE = cfg.NAMESPACE || HTML_NAMESPACE;\n MATHML_TEXT_INTEGRATION_POINTS =\n cfg.MATHML_TEXT_INTEGRATION_POINTS || MATHML_TEXT_INTEGRATION_POINTS;\n HTML_INTEGRATION_POINTS =\n cfg.HTML_INTEGRATION_POINTS || HTML_INTEGRATION_POINTS;\n\n CUSTOM_ELEMENT_HANDLING = cfg.CUSTOM_ELEMENT_HANDLING || {};\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck)\n ) {\n CUSTOM_ELEMENT_HANDLING.tagNameCheck =\n cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck;\n }\n\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)\n ) {\n CUSTOM_ELEMENT_HANDLING.attributeNameCheck =\n cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck;\n }\n\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n typeof cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements ===\n 'boolean'\n ) {\n CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements =\n cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements;\n }\n\n if (SAFE_FOR_TEMPLATES) {\n ALLOW_DATA_ATTR = false;\n }\n\n if (RETURN_DOM_FRAGMENT) {\n RETURN_DOM = true;\n }\n\n /* Parse profile info */\n if (USE_PROFILES) {\n ALLOWED_TAGS = addToSet({}, TAGS.text);\n ALLOWED_ATTR = [];\n if (USE_PROFILES.html === true) {\n addToSet(ALLOWED_TAGS, TAGS.html);\n addToSet(ALLOWED_ATTR, ATTRS.html);\n }\n\n if (USE_PROFILES.svg === true) {\n addToSet(ALLOWED_TAGS, TAGS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n\n if (USE_PROFILES.svgFilters === true) {\n addToSet(ALLOWED_TAGS, TAGS.svgFilters);\n addToSet(ALLOWED_ATTR, ATTRS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n\n if (USE_PROFILES.mathMl === true) {\n addToSet(ALLOWED_TAGS, TAGS.mathMl);\n addToSet(ALLOWED_ATTR, ATTRS.mathMl);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n }\n\n /* Merge configuration parameters */\n if (cfg.ADD_TAGS) {\n if (ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) {\n ALLOWED_TAGS = clone(ALLOWED_TAGS);\n }\n\n addToSet(ALLOWED_TAGS, cfg.ADD_TAGS, transformCaseFunc);\n }\n\n if (cfg.ADD_ATTR) {\n if (ALLOWED_ATTR === DEFAULT_ALLOWED_ATTR) {\n ALLOWED_ATTR = clone(ALLOWED_ATTR);\n }\n\n addToSet(ALLOWED_ATTR, cfg.ADD_ATTR, transformCaseFunc);\n }\n\n if (cfg.ADD_URI_SAFE_ATTR) {\n addToSet(URI_SAFE_ATTRIBUTES, cfg.ADD_URI_SAFE_ATTR, transformCaseFunc);\n }\n\n if (cfg.FORBID_CONTENTS) {\n if (FORBID_CONTENTS === DEFAULT_FORBID_CONTENTS) {\n FORBID_CONTENTS = clone(FORBID_CONTENTS);\n }\n\n addToSet(FORBID_CONTENTS, cfg.FORBID_CONTENTS, transformCaseFunc);\n }\n\n /* Add #text in case KEEP_CONTENT is set to true */\n if (KEEP_CONTENT) {\n ALLOWED_TAGS['#text'] = true;\n }\n\n /* Add html, head and body to ALLOWED_TAGS in case WHOLE_DOCUMENT is true */\n if (WHOLE_DOCUMENT) {\n addToSet(ALLOWED_TAGS, ['html', 'head', 'body']);\n }\n\n /* Add tbody to ALLOWED_TAGS in case tables are permitted, see #286, #365 */\n if (ALLOWED_TAGS.table) {\n addToSet(ALLOWED_TAGS, ['tbody']);\n delete FORBID_TAGS.tbody;\n }\n\n if (cfg.TRUSTED_TYPES_POLICY) {\n if (typeof cfg.TRUSTED_TYPES_POLICY.createHTML !== 'function') {\n throw typeErrorCreate(\n 'TRUSTED_TYPES_POLICY configuration option must provide a \"createHTML\" hook.'\n );\n }\n\n if (typeof cfg.TRUSTED_TYPES_POLICY.createScriptURL !== 'function') {\n throw typeErrorCreate(\n 'TRUSTED_TYPES_POLICY configuration option must provide a \"createScriptURL\" hook.'\n );\n }\n\n // Overwrite existing TrustedTypes policy.\n trustedTypesPolicy = cfg.TRUSTED_TYPES_POLICY;\n\n // Sign local variables required by `sanitize`.\n emptyHTML = trustedTypesPolicy.createHTML('');\n } else {\n // Uninitialized policy, attempt to initialize the internal dompurify policy.\n if (trustedTypesPolicy === undefined) {\n trustedTypesPolicy = _createTrustedTypesPolicy(\n trustedTypes,\n currentScript\n );\n }\n\n // If creating the internal policy succeeded sign internal variables.\n if (trustedTypesPolicy !== null && typeof emptyHTML === 'string') {\n emptyHTML = trustedTypesPolicy.createHTML('');\n }\n }\n\n // Prevent further manipulation of configuration.\n // Not available in IE8, Safari 5, etc.\n if (freeze) {\n freeze(cfg);\n }\n\n CONFIG = cfg;\n };\n\n /* Keep track of all possible SVG and MathML tags\n * so that we can perform the namespace checks\n * correctly. */\n const ALL_SVG_TAGS = addToSet({}, [\n ...TAGS.svg,\n ...TAGS.svgFilters,\n ...TAGS.svgDisallowed,\n ]);\n const ALL_MATHML_TAGS = addToSet({}, [\n ...TAGS.mathMl,\n ...TAGS.mathMlDisallowed,\n ]);\n\n /**\n * @param {Element} element a DOM element whose namespace is being checked\n * @returns {boolean} Return false if the element has a\n * namespace that a spec-compliant parser would never\n * return. Return true otherwise.\n */\n const _checkValidNamespace = function (element) {\n let parent = getParentNode(element);\n\n // In JSDOM, if we're inside shadow DOM, then parentNode\n // can be null. We just simulate parent in this case.\n if (!parent || !parent.tagName) {\n parent = {\n namespaceURI: NAMESPACE,\n tagName: 'template',\n };\n }\n\n const tagName = stringToLowerCase(element.tagName);\n const parentTagName = stringToLowerCase(parent.tagName);\n\n if (!ALLOWED_NAMESPACES[element.namespaceURI]) {\n return false;\n }\n\n if (element.namespaceURI === SVG_NAMESPACE) {\n // The only way to switch from HTML namespace to SVG\n // is via . If it happens via any other tag, then\n // it should be killed.\n if (parent.namespaceURI === HTML_NAMESPACE) {\n return tagName === 'svg';\n }\n\n // The only way to switch from MathML to SVG is via`\n // svg if parent is either or MathML\n // text integration points.\n if (parent.namespaceURI === MATHML_NAMESPACE) {\n return (\n tagName === 'svg' &&\n (parentTagName === 'annotation-xml' ||\n MATHML_TEXT_INTEGRATION_POINTS[parentTagName])\n );\n }\n\n // We only allow elements that are defined in SVG\n // spec. All others are disallowed in SVG namespace.\n return Boolean(ALL_SVG_TAGS[tagName]);\n }\n\n if (element.namespaceURI === MATHML_NAMESPACE) {\n // The only way to switch from HTML namespace to MathML\n // is via . If it happens via any other tag, then\n // it should be killed.\n if (parent.namespaceURI === HTML_NAMESPACE) {\n return tagName === 'math';\n }\n\n // The only way to switch from SVG to MathML is via\n // and HTML integration points\n if (parent.namespaceURI === SVG_NAMESPACE) {\n return tagName === 'math' && HTML_INTEGRATION_POINTS[parentTagName];\n }\n\n // We only allow elements that are defined in MathML\n // spec. All others are disallowed in MathML namespace.\n return Boolean(ALL_MATHML_TAGS[tagName]);\n }\n\n if (element.namespaceURI === HTML_NAMESPACE) {\n // The only way to switch from SVG to HTML is via\n // HTML integration points, and from MathML to HTML\n // is via MathML text integration points\n if (\n parent.namespaceURI === SVG_NAMESPACE &&\n !HTML_INTEGRATION_POINTS[parentTagName]\n ) {\n return false;\n }\n\n if (\n parent.namespaceURI === MATHML_NAMESPACE &&\n !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]\n ) {\n return false;\n }\n\n // We disallow tags that are specific for MathML\n // or SVG and should never appear in HTML namespace\n return (\n !ALL_MATHML_TAGS[tagName] &&\n (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName])\n );\n }\n\n // For XHTML and XML documents that support custom namespaces\n if (\n PARSER_MEDIA_TYPE === 'application/xhtml+xml' &&\n ALLOWED_NAMESPACES[element.namespaceURI]\n ) {\n return true;\n }\n\n // The code should never reach this place (this means\n // that the element somehow got namespace that is not\n // HTML, SVG, MathML or allowed via ALLOWED_NAMESPACES).\n // Return false just in case.\n return false;\n };\n\n /**\n * _forceRemove\n *\n * @param {Node} node a DOM node\n */\n const _forceRemove = function (node) {\n arrayPush(DOMPurify.removed, { element: node });\n\n try {\n // eslint-disable-next-line unicorn/prefer-dom-node-remove\n getParentNode(node).removeChild(node);\n } catch (_) {\n remove(node);\n }\n };\n\n /**\n * _removeAttribute\n *\n * @param {String} name an Attribute name\n * @param {Node} node a DOM node\n */\n const _removeAttribute = function (name, node) {\n try {\n arrayPush(DOMPurify.removed, {\n attribute: node.getAttributeNode(name),\n from: node,\n });\n } catch (_) {\n arrayPush(DOMPurify.removed, {\n attribute: null,\n from: node,\n });\n }\n\n node.removeAttribute(name);\n\n // We void attribute values for unremovable \"is\"\" attributes\n if (name === 'is' && !ALLOWED_ATTR[name]) {\n if (RETURN_DOM || RETURN_DOM_FRAGMENT) {\n try {\n _forceRemove(node);\n } catch (_) {}\n } else {\n try {\n node.setAttribute(name, '');\n } catch (_) {}\n }\n }\n };\n\n /**\n * _initDocument\n *\n * @param {String} dirty a string of dirty markup\n * @return {Document} a DOM, filled with the dirty markup\n */\n const _initDocument = function (dirty) {\n /* Create a HTML document */\n let doc = null;\n let leadingWhitespace = null;\n\n if (FORCE_BODY) {\n dirty = '' + dirty;\n } else {\n /* If FORCE_BODY isn't used, leading whitespace needs to be preserved manually */\n const matches = stringMatch(dirty, /^[\\r\\n\\t ]+/);\n leadingWhitespace = matches && matches[0];\n }\n\n if (\n PARSER_MEDIA_TYPE === 'application/xhtml+xml' &&\n NAMESPACE === HTML_NAMESPACE\n ) {\n // Root of XHTML doc must contain xmlns declaration (see https://www.w3.org/TR/xhtml1/normative.html#strict)\n dirty =\n '' +\n dirty +\n '';\n }\n\n const dirtyPayload = trustedTypesPolicy\n ? trustedTypesPolicy.createHTML(dirty)\n : dirty;\n /*\n * Use the DOMParser API by default, fallback later if needs be\n * DOMParser not work for svg when has multiple root element.\n */\n if (NAMESPACE === HTML_NAMESPACE) {\n try {\n doc = new DOMParser().parseFromString(dirtyPayload, PARSER_MEDIA_TYPE);\n } catch (_) {}\n }\n\n /* Use createHTMLDocument in case DOMParser is not available */\n if (!doc || !doc.documentElement) {\n doc = implementation.createDocument(NAMESPACE, 'template', null);\n try {\n doc.documentElement.innerHTML = IS_EMPTY_INPUT\n ? emptyHTML\n : dirtyPayload;\n } catch (_) {\n // Syntax error if dirtyPayload is invalid xml\n }\n }\n\n const body = doc.body || doc.documentElement;\n\n if (dirty && leadingWhitespace) {\n body.insertBefore(\n document.createTextNode(leadingWhitespace),\n body.childNodes[0] || null\n );\n }\n\n /* Work on whole document or just its body */\n if (NAMESPACE === HTML_NAMESPACE) {\n return getElementsByTagName.call(\n doc,\n WHOLE_DOCUMENT ? 'html' : 'body'\n )[0];\n }\n\n return WHOLE_DOCUMENT ? doc.documentElement : body;\n };\n\n /**\n * Creates a NodeIterator object that you can use to traverse filtered lists of nodes or elements in a document.\n *\n * @param {Node} root The root element or node to start traversing on.\n * @return {NodeIterator} The created NodeIterator\n */\n const _createNodeIterator = function (root) {\n return createNodeIterator.call(\n root.ownerDocument || root,\n root,\n // eslint-disable-next-line no-bitwise\n NodeFilter.SHOW_ELEMENT |\n NodeFilter.SHOW_COMMENT |\n NodeFilter.SHOW_TEXT |\n NodeFilter.SHOW_PROCESSING_INSTRUCTION |\n NodeFilter.SHOW_CDATA_SECTION,\n null\n );\n };\n\n /**\n * _isClobbered\n *\n * @param {Node} elm element to check for clobbering attacks\n * @return {Boolean} true if clobbered, false if safe\n */\n const _isClobbered = function (elm) {\n return (\n elm instanceof HTMLFormElement &&\n (typeof elm.nodeName !== 'string' ||\n typeof elm.textContent !== 'string' ||\n typeof elm.removeChild !== 'function' ||\n !(elm.attributes instanceof NamedNodeMap) ||\n typeof elm.removeAttribute !== 'function' ||\n typeof elm.setAttribute !== 'function' ||\n typeof elm.namespaceURI !== 'string' ||\n typeof elm.insertBefore !== 'function' ||\n typeof elm.hasChildNodes !== 'function')\n );\n };\n\n /**\n * Checks whether the given object is a DOM node.\n *\n * @param {Node} object object to check whether it's a DOM node\n * @return {Boolean} true is object is a DOM node\n */\n const _isNode = function (object) {\n return typeof Node === 'function' && object instanceof Node;\n };\n\n /**\n * _executeHook\n * Execute user configurable hooks\n *\n * @param {String} entryPoint Name of the hook's entry point\n * @param {Node} currentNode node to work on with the hook\n * @param {Object} data additional hook parameters\n */\n const _executeHook = function (entryPoint, currentNode, data) {\n if (!hooks[entryPoint]) {\n return;\n }\n\n arrayForEach(hooks[entryPoint], (hook) => {\n hook.call(DOMPurify, currentNode, data, CONFIG);\n });\n };\n\n /**\n * _sanitizeElements\n *\n * @protect nodeName\n * @protect textContent\n * @protect removeChild\n *\n * @param {Node} currentNode to check for permission to exist\n * @return {Boolean} true if node was killed, false if left alive\n */\n const _sanitizeElements = function (currentNode) {\n let content = null;\n\n /* Execute a hook if present */\n _executeHook('beforeSanitizeElements', currentNode, null);\n\n /* Check if element is clobbered or can clobber */\n if (_isClobbered(currentNode)) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Now let's check the element's type and name */\n const tagName = transformCaseFunc(currentNode.nodeName);\n\n /* Execute a hook if present */\n _executeHook('uponSanitizeElement', currentNode, {\n tagName,\n allowedTags: ALLOWED_TAGS,\n });\n\n /* Detect mXSS attempts abusing namespace confusion */\n if (\n currentNode.hasChildNodes() &&\n !_isNode(currentNode.firstElementChild) &&\n regExpTest(/<[/\\w]/g, currentNode.innerHTML) &&\n regExpTest(/<[/\\w]/g, currentNode.textContent)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Remove any occurrence of processing instructions */\n if (currentNode.nodeType === NODE_TYPE.progressingInstruction) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Remove any kind of possibly harmful comments */\n if (\n SAFE_FOR_XML &&\n currentNode.nodeType === NODE_TYPE.comment &&\n regExpTest(/<[/\\w]/g, currentNode.data)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Remove element if anything forbids its presence */\n if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {\n /* Check if we have a custom element to handle */\n if (!FORBID_TAGS[tagName] && _isBasicCustomElement(tagName)) {\n if (\n CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, tagName)\n ) {\n return false;\n }\n\n if (\n CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(tagName)\n ) {\n return false;\n }\n }\n\n /* Keep content except for bad-listed elements */\n if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) {\n const parentNode = getParentNode(currentNode) || currentNode.parentNode;\n const childNodes = getChildNodes(currentNode) || currentNode.childNodes;\n\n if (childNodes && parentNode) {\n const childCount = childNodes.length;\n\n for (let i = childCount - 1; i >= 0; --i) {\n const childClone = cloneNode(childNodes[i], true);\n childClone.__removalCount = (currentNode.__removalCount || 0) + 1;\n parentNode.insertBefore(childClone, getNextSibling(currentNode));\n }\n }\n }\n\n _forceRemove(currentNode);\n return true;\n }\n\n /* Check whether element has a valid namespace */\n if (currentNode instanceof Element && !_checkValidNamespace(currentNode)) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Make sure that older browsers don't get fallback-tag mXSS */\n if (\n (tagName === 'noscript' ||\n tagName === 'noembed' ||\n tagName === 'noframes') &&\n regExpTest(/<\\/no(script|embed|frames)/i, currentNode.innerHTML)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Sanitize element content to be template-safe */\n if (SAFE_FOR_TEMPLATES && currentNode.nodeType === NODE_TYPE.text) {\n /* Get the element's text content */\n content = currentNode.textContent;\n\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\n content = stringReplace(content, expr, ' ');\n });\n\n if (currentNode.textContent !== content) {\n arrayPush(DOMPurify.removed, { element: currentNode.cloneNode() });\n currentNode.textContent = content;\n }\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeElements', currentNode, null);\n\n return false;\n };\n\n /**\n * _isValidAttribute\n *\n * @param {string} lcTag Lowercase tag name of containing element.\n * @param {string} lcName Lowercase attribute name.\n * @param {string} value Attribute value.\n * @return {Boolean} Returns true if `value` is valid, otherwise false.\n */\n // eslint-disable-next-line complexity\n const _isValidAttribute = function (lcTag, lcName, value) {\n /* Make sure attribute cannot clobber */\n if (\n SANITIZE_DOM &&\n (lcName === 'id' || lcName === 'name') &&\n (value in document || value in formElement)\n ) {\n return false;\n }\n\n /* Allow valid data-* attributes: At least one character after \"-\"\n (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)\n XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804)\n We don't need to check the value; it's always URI safe. */\n if (\n ALLOW_DATA_ATTR &&\n !FORBID_ATTR[lcName] &&\n regExpTest(DATA_ATTR, lcName)\n ) {\n // This attribute is safe\n } else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR, lcName)) {\n // This attribute is safe\n /* Otherwise, check the name is permitted */\n } else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) {\n if (\n // First condition does a very basic check if a) it's basically a valid custom element tagname AND\n // b) if the tagName passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck\n // and c) if the attribute name passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.attributeNameCheck\n (_isBasicCustomElement(lcTag) &&\n ((CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, lcTag)) ||\n (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(lcTag))) &&\n ((CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.attributeNameCheck, lcName)) ||\n (CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.attributeNameCheck(lcName)))) ||\n // Alternative, second condition checks if it's an `is`-attribute, AND\n // the value passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck\n (lcName === 'is' &&\n CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements &&\n ((CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, value)) ||\n (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(value))))\n ) {\n // If user has supplied a regexp or function in CUSTOM_ELEMENT_HANDLING.tagNameCheck, we need to also allow derived custom elements using the same tagName test.\n // Additionally, we need to allow attributes passing the CUSTOM_ELEMENT_HANDLING.attributeNameCheck user has configured, as custom elements can define these at their own discretion.\n } else {\n return false;\n }\n /* Check value is safe. First, is attr inert? If so, is safe */\n } else if (URI_SAFE_ATTRIBUTES[lcName]) {\n // This attribute is safe\n /* Check no script, data or unknown possibly unsafe URI\n unless we know URI values are safe for that attribute */\n } else if (\n regExpTest(IS_ALLOWED_URI, stringReplace(value, ATTR_WHITESPACE, ''))\n ) {\n // This attribute is safe\n /* Keep image data URIs alive if src/xlink:href is allowed */\n /* Further prevent gadget XSS for dynamically built script tags */\n } else if (\n (lcName === 'src' || lcName === 'xlink:href' || lcName === 'href') &&\n lcTag !== 'script' &&\n stringIndexOf(value, 'data:') === 0 &&\n DATA_URI_TAGS[lcTag]\n ) {\n // This attribute is safe\n /* Allow unknown protocols: This provides support for links that\n are handled by protocol handlers which may be unknown ahead of\n time, e.g. fb:, spotify: */\n } else if (\n ALLOW_UNKNOWN_PROTOCOLS &&\n !regExpTest(IS_SCRIPT_OR_DATA, stringReplace(value, ATTR_WHITESPACE, ''))\n ) {\n // This attribute is safe\n /* Check for binary attributes */\n } else if (value) {\n return false;\n } else {\n // Binary attributes are safe at this point\n /* Anything else, presume unsafe, do not add it back */\n }\n\n return true;\n };\n\n /**\n * _isBasicCustomElement\n * checks if at least one dash is included in tagName, and it's not the first char\n * for more sophisticated checking see https://github.com/sindresorhus/validate-element-name\n *\n * @param {string} tagName name of the tag of the node to sanitize\n * @returns {boolean} Returns true if the tag name meets the basic criteria for a custom element, otherwise false.\n */\n const _isBasicCustomElement = function (tagName) {\n return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT);\n };\n\n /**\n * _sanitizeAttributes\n *\n * @protect attributes\n * @protect nodeName\n * @protect removeAttribute\n * @protect setAttribute\n *\n * @param {Node} currentNode to sanitize\n */\n const _sanitizeAttributes = function (currentNode) {\n /* Execute a hook if present */\n _executeHook('beforeSanitizeAttributes', currentNode, null);\n\n const { attributes } = currentNode;\n\n /* Check if we have attributes; if not we might have a text node */\n if (!attributes) {\n return;\n }\n\n const hookEvent = {\n attrName: '',\n attrValue: '',\n keepAttr: true,\n allowedAttributes: ALLOWED_ATTR,\n };\n let l = attributes.length;\n\n /* Go backwards over all attributes; safely remove bad ones */\n while (l--) {\n const attr = attributes[l];\n const { name, namespaceURI, value: attrValue } = attr;\n const lcName = transformCaseFunc(name);\n\n let value = name === 'value' ? attrValue : stringTrim(attrValue);\n\n /* Execute a hook if present */\n hookEvent.attrName = lcName;\n hookEvent.attrValue = value;\n hookEvent.keepAttr = true;\n hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set\n _executeHook('uponSanitizeAttribute', currentNode, hookEvent);\n value = hookEvent.attrValue;\n\n /* Full DOM Clobbering protection via namespace isolation,\n * Prefix id and name attributes with `user-content-`\n */\n if (SANITIZE_NAMED_PROPS && (lcName === 'id' || lcName === 'name')) {\n // Remove the attribute with this value\n _removeAttribute(name, currentNode);\n\n // Prefix the value and later re-create the attribute with the sanitized value\n value = SANITIZE_NAMED_PROPS_PREFIX + value;\n }\n\n /* Work around a security issue with comments inside attributes */\n if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\\/(style|title)/i, value)) {\n _removeAttribute(name, currentNode);\n continue;\n }\n\n /* Did the hooks approve of the attribute? */\n if (hookEvent.forceKeepAttr) {\n continue;\n }\n\n /* Remove attribute */\n _removeAttribute(name, currentNode);\n\n /* Did the hooks approve of the attribute? */\n if (!hookEvent.keepAttr) {\n continue;\n }\n\n /* Work around a security issue in jQuery 3.0 */\n if (!ALLOW_SELF_CLOSE_IN_ATTR && regExpTest(/\\/>/i, value)) {\n _removeAttribute(name, currentNode);\n continue;\n }\n\n /* Sanitize attribute content to be template-safe */\n if (SAFE_FOR_TEMPLATES) {\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\n value = stringReplace(value, expr, ' ');\n });\n }\n\n /* Is `value` valid for this attribute? */\n const lcTag = transformCaseFunc(currentNode.nodeName);\n if (!_isValidAttribute(lcTag, lcName, value)) {\n continue;\n }\n\n /* Handle attributes that require Trusted Types */\n if (\n trustedTypesPolicy &&\n typeof trustedTypes === 'object' &&\n typeof trustedTypes.getAttributeType === 'function'\n ) {\n if (namespaceURI) {\n /* Namespaces are not yet supported, see https://bugs.chromium.org/p/chromium/issues/detail?id=1305293 */\n } else {\n switch (trustedTypes.getAttributeType(lcTag, lcName)) {\n case 'TrustedHTML': {\n value = trustedTypesPolicy.createHTML(value);\n break;\n }\n\n case 'TrustedScriptURL': {\n value = trustedTypesPolicy.createScriptURL(value);\n break;\n }\n\n default: {\n break;\n }\n }\n }\n }\n\n /* Handle invalid data-* attribute set by try-catching it */\n try {\n if (namespaceURI) {\n currentNode.setAttributeNS(namespaceURI, name, value);\n } else {\n /* Fallback to setAttribute() for browser-unrecognized namespaces e.g. \"x-schema\". */\n currentNode.setAttribute(name, value);\n }\n\n if (_isClobbered(currentNode)) {\n _forceRemove(currentNode);\n } else {\n arrayPop(DOMPurify.removed);\n }\n } catch (_) {}\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeAttributes', currentNode, null);\n };\n\n /**\n * _sanitizeShadowDOM\n *\n * @param {DocumentFragment} fragment to iterate over recursively\n */\n const _sanitizeShadowDOM = function (fragment) {\n let shadowNode = null;\n const shadowIterator = _createNodeIterator(fragment);\n\n /* Execute a hook if present */\n _executeHook('beforeSanitizeShadowDOM', fragment, null);\n\n while ((shadowNode = shadowIterator.nextNode())) {\n /* Execute a hook if present */\n _executeHook('uponSanitizeShadowNode', shadowNode, null);\n\n /* Sanitize tags and elements */\n if (_sanitizeElements(shadowNode)) {\n continue;\n }\n\n /* Deep shadow DOM detected */\n if (shadowNode.content instanceof DocumentFragment) {\n _sanitizeShadowDOM(shadowNode.content);\n }\n\n /* Check attributes, sanitize if necessary */\n _sanitizeAttributes(shadowNode);\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeShadowDOM', fragment, null);\n };\n\n /**\n * Sanitize\n * Public method providing core sanitation functionality\n *\n * @param {String|Node} dirty string or DOM node\n * @param {Object} cfg object\n */\n // eslint-disable-next-line complexity\n DOMPurify.sanitize = function (dirty, cfg = {}) {\n let body = null;\n let importedNode = null;\n let currentNode = null;\n let returnNode = null;\n /* Make sure we have a string to sanitize.\n DO NOT return early, as this will return the wrong type if\n the user has requested a DOM object rather than a string */\n IS_EMPTY_INPUT = !dirty;\n if (IS_EMPTY_INPUT) {\n dirty = '';\n }\n\n /* Stringify, in case dirty is an object */\n if (typeof dirty !== 'string' && !_isNode(dirty)) {\n if (typeof dirty.toString === 'function') {\n dirty = dirty.toString();\n if (typeof dirty !== 'string') {\n throw typeErrorCreate('dirty is not a string, aborting');\n }\n } else {\n throw typeErrorCreate('toString is not a function');\n }\n }\n\n /* Return dirty HTML if DOMPurify cannot run */\n if (!DOMPurify.isSupported) {\n return dirty;\n }\n\n /* Assign config vars */\n if (!SET_CONFIG) {\n _parseConfig(cfg);\n }\n\n /* Clean up removed elements */\n DOMPurify.removed = [];\n\n /* Check if dirty is correctly typed for IN_PLACE */\n if (typeof dirty === 'string') {\n IN_PLACE = false;\n }\n\n if (IN_PLACE) {\n /* Do some early pre-sanitization to avoid unsafe root nodes */\n if (dirty.nodeName) {\n const tagName = transformCaseFunc(dirty.nodeName);\n if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {\n throw typeErrorCreate(\n 'root node is forbidden and cannot be sanitized in-place'\n );\n }\n }\n } else if (dirty instanceof Node) {\n /* If dirty is a DOM element, append to an empty document to avoid\n elements being stripped by the parser */\n body = _initDocument('');\n importedNode = body.ownerDocument.importNode(dirty, true);\n if (\n importedNode.nodeType === NODE_TYPE.element &&\n importedNode.nodeName === 'BODY'\n ) {\n /* Node is already a body, use as is */\n body = importedNode;\n } else if (importedNode.nodeName === 'HTML') {\n body = importedNode;\n } else {\n // eslint-disable-next-line unicorn/prefer-dom-node-append\n body.appendChild(importedNode);\n }\n } else {\n /* Exit directly if we have nothing to do */\n if (\n !RETURN_DOM &&\n !SAFE_FOR_TEMPLATES &&\n !WHOLE_DOCUMENT &&\n // eslint-disable-next-line unicorn/prefer-includes\n dirty.indexOf('<') === -1\n ) {\n return trustedTypesPolicy && RETURN_TRUSTED_TYPE\n ? trustedTypesPolicy.createHTML(dirty)\n : dirty;\n }\n\n /* Initialize the document to work on */\n body = _initDocument(dirty);\n\n /* Check we have a DOM node from the data */\n if (!body) {\n return RETURN_DOM ? null : RETURN_TRUSTED_TYPE ? emptyHTML : '';\n }\n }\n\n /* Remove first element node (ours) if FORCE_BODY is set */\n if (body && FORCE_BODY) {\n _forceRemove(body.firstChild);\n }\n\n /* Get node iterator */\n const nodeIterator = _createNodeIterator(IN_PLACE ? dirty : body);\n\n /* Now start iterating over the created document */\n while ((currentNode = nodeIterator.nextNode())) {\n /* Sanitize tags and elements */\n if (_sanitizeElements(currentNode)) {\n continue;\n }\n\n /* Shadow DOM detected, sanitize it */\n if (currentNode.content instanceof DocumentFragment) {\n _sanitizeShadowDOM(currentNode.content);\n }\n\n /* Check attributes, sanitize if necessary */\n _sanitizeAttributes(currentNode);\n }\n\n /* If we sanitized `dirty` in-place, return it. */\n if (IN_PLACE) {\n return dirty;\n }\n\n /* Return sanitized string or DOM */\n if (RETURN_DOM) {\n if (RETURN_DOM_FRAGMENT) {\n returnNode = createDocumentFragment.call(body.ownerDocument);\n\n while (body.firstChild) {\n // eslint-disable-next-line unicorn/prefer-dom-node-append\n returnNode.appendChild(body.firstChild);\n }\n } else {\n returnNode = body;\n }\n\n if (ALLOWED_ATTR.shadowroot || ALLOWED_ATTR.shadowrootmode) {\n /*\n AdoptNode() is not used because internal state is not reset\n (e.g. the past names map of a HTMLFormElement), this is safe\n in theory but we would rather not risk another attack vector.\n The state that is cloned by importNode() is explicitly defined\n by the specs.\n */\n returnNode = importNode.call(originalDocument, returnNode, true);\n }\n\n return returnNode;\n }\n\n let serializedHTML = WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML;\n\n /* Serialize doctype if allowed */\n if (\n WHOLE_DOCUMENT &&\n ALLOWED_TAGS['!doctype'] &&\n body.ownerDocument &&\n body.ownerDocument.doctype &&\n body.ownerDocument.doctype.name &&\n regExpTest(EXPRESSIONS.DOCTYPE_NAME, body.ownerDocument.doctype.name)\n ) {\n serializedHTML =\n '\\n' + serializedHTML;\n }\n\n /* Sanitize final string template-safe */\n if (SAFE_FOR_TEMPLATES) {\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\n serializedHTML = stringReplace(serializedHTML, expr, ' ');\n });\n }\n\n return trustedTypesPolicy && RETURN_TRUSTED_TYPE\n ? trustedTypesPolicy.createHTML(serializedHTML)\n : serializedHTML;\n };\n\n /**\n * Public method to set the configuration once\n * setConfig\n *\n * @param {Object} cfg configuration object\n */\n DOMPurify.setConfig = function (cfg = {}) {\n _parseConfig(cfg);\n SET_CONFIG = true;\n };\n\n /**\n * Public method to remove the configuration\n * clearConfig\n *\n */\n DOMPurify.clearConfig = function () {\n CONFIG = null;\n SET_CONFIG = false;\n };\n\n /**\n * Public method to check if an attribute value is valid.\n * Uses last set config, if any. Otherwise, uses config defaults.\n * isValidAttribute\n *\n * @param {String} tag Tag name of containing element.\n * @param {String} attr Attribute name.\n * @param {String} value Attribute value.\n * @return {Boolean} Returns true if `value` is valid. Otherwise, returns false.\n */\n DOMPurify.isValidAttribute = function (tag, attr, value) {\n /* Initialize shared config vars if necessary. */\n if (!CONFIG) {\n _parseConfig({});\n }\n\n const lcTag = transformCaseFunc(tag);\n const lcName = transformCaseFunc(attr);\n return _isValidAttribute(lcTag, lcName, value);\n };\n\n /**\n * AddHook\n * Public method to add DOMPurify hooks\n *\n * @param {String} entryPoint entry point for the hook to add\n * @param {Function} hookFunction function to execute\n */\n DOMPurify.addHook = function (entryPoint, hookFunction) {\n if (typeof hookFunction !== 'function') {\n return;\n }\n\n hooks[entryPoint] = hooks[entryPoint] || [];\n arrayPush(hooks[entryPoint], hookFunction);\n };\n\n /**\n * RemoveHook\n * Public method to remove a DOMPurify hook at a given entryPoint\n * (pops it from the stack of hooks if more are present)\n *\n * @param {String} entryPoint entry point for the hook to remove\n * @return {Function} removed(popped) hook\n */\n DOMPurify.removeHook = function (entryPoint) {\n if (hooks[entryPoint]) {\n return arrayPop(hooks[entryPoint]);\n }\n };\n\n /**\n * RemoveHooks\n * Public method to remove all DOMPurify hooks at a given entryPoint\n *\n * @param {String} entryPoint entry point for the hooks to remove\n */\n DOMPurify.removeHooks = function (entryPoint) {\n if (hooks[entryPoint]) {\n hooks[entryPoint] = [];\n }\n };\n\n /**\n * RemoveAllHooks\n * Public method to remove all DOMPurify hooks\n */\n DOMPurify.removeAllHooks = function () {\n hooks = {};\n };\n\n return DOMPurify;\n}\n\nexport default createDOMPurify();\n"],"names":["entries","setPrototypeOf","isFrozen","getPrototypeOf","getOwnPropertyDescriptor","Object","freeze","seal","create","apply","construct","Reflect","x","fun","thisValue","args","Func","arrayForEach","unapply","Array","prototype","forEach","arrayPop","pop","arrayPush","push","stringToLowerCase","String","toLowerCase","stringToString","toString","stringMatch","match","stringReplace","replace","stringIndexOf","indexOf","stringTrim","trim","objectHasOwnProperty","hasOwnProperty","regExpTest","RegExp","test","typeErrorCreate","func","TypeError","_len2","arguments","length","_key2","thisArg","_len","_key","addToSet","set","array","transformCaseFunc","undefined","l","element","lcElement","cleanArray","index","clone","object","newObject","property","value","isArray","constructor","lookupGetter","prop","desc","get","html","svg","svgFilters","svgDisallowed","mathMl","mathMlDisallowed","text","xml","MUSTACHE_EXPR","ERB_EXPR","TMPLIT_EXPR","DATA_ATTR","ARIA_ATTR","IS_ALLOWED_URI","IS_SCRIPT_OR_DATA","ATTR_WHITESPACE","DOCTYPE_NAME","CUSTOM_ELEMENT","NODE_TYPE","getGlobal","window","purify","createDOMPurify","DOMPurify","root","version","VERSION","removed","document","nodeType","isSupported","originalDocument","currentScript","DocumentFragment","HTMLTemplateElement","Node","Element","NodeFilter","NamedNodeMap","MozNamedAttrMap","HTMLFormElement","DOMParser","trustedTypes","ElementPrototype","cloneNode","remove","getNextSibling","getChildNodes","getParentNode","template","createElement","content","ownerDocument","trustedTypesPolicy","emptyHTML","implementation","createNodeIterator","createDocumentFragment","getElementsByTagName","importNode","hooks","createHTMLDocument","EXPRESSIONS","ALLOWED_TAGS","DEFAULT_ALLOWED_TAGS","TAGS","ALLOWED_ATTR","DEFAULT_ALLOWED_ATTR","ATTRS","CUSTOM_ELEMENT_HANDLING","tagNameCheck","writable","configurable","enumerable","attributeNameCheck","allowCustomizedBuiltInElements","FORBID_TAGS","FORBID_ATTR","ALLOW_ARIA_ATTR","ALLOW_DATA_ATTR","ALLOW_UNKNOWN_PROTOCOLS","ALLOW_SELF_CLOSE_IN_ATTR","SAFE_FOR_TEMPLATES","SAFE_FOR_XML","WHOLE_DOCUMENT","SET_CONFIG","FORCE_BODY","RETURN_DOM","RETURN_DOM_FRAGMENT","RETURN_TRUSTED_TYPE","SANITIZE_DOM","SANITIZE_NAMED_PROPS","KEEP_CONTENT","IN_PLACE","USE_PROFILES","FORBID_CONTENTS","DEFAULT_FORBID_CONTENTS","DATA_URI_TAGS","DEFAULT_DATA_URI_TAGS","URI_SAFE_ATTRIBUTES","DEFAULT_URI_SAFE_ATTRIBUTES","MATHML_NAMESPACE","SVG_NAMESPACE","HTML_NAMESPACE","NAMESPACE","IS_EMPTY_INPUT","ALLOWED_NAMESPACES","DEFAULT_ALLOWED_NAMESPACES","MATHML_TEXT_INTEGRATION_POINTS","HTML_INTEGRATION_POINTS","COMMON_SVG_AND_HTML_ELEMENTS","PARSER_MEDIA_TYPE","SUPPORTED_PARSER_MEDIA_TYPES","CONFIG","formElement","isRegexOrFunction","testValue","Function","_parseConfig","cfg","ADD_URI_SAFE_ATTR","ADD_DATA_URI_TAGS","ALLOWED_URI_REGEXP","ADD_TAGS","ADD_ATTR","table","tbody","TRUSTED_TYPES_POLICY","createHTML","createScriptURL","purifyHostElement","createPolicy","suffix","ATTR_NAME","hasAttribute","getAttribute","policyName","scriptUrl","_","console","warn","_createTrustedTypesPolicy","ALL_SVG_TAGS","ALL_MATHML_TAGS","_forceRemove","node","removeChild","_removeAttribute","name","attribute","getAttributeNode","from","removeAttribute","setAttribute","_initDocument","dirty","doc","leadingWhitespace","matches","dirtyPayload","parseFromString","documentElement","createDocument","innerHTML","body","insertBefore","createTextNode","childNodes","call","_createNodeIterator","SHOW_ELEMENT","SHOW_COMMENT","SHOW_TEXT","SHOW_PROCESSING_INSTRUCTION","SHOW_CDATA_SECTION","_isClobbered","elm","nodeName","textContent","attributes","namespaceURI","hasChildNodes","_isNode","_executeHook","entryPoint","currentNode","data","hook","_sanitizeElements","tagName","allowedTags","firstElementChild","_isBasicCustomElement","parentNode","i","childClone","__removalCount","parent","parentTagName","Boolean","_checkValidNamespace","expr","_isValidAttribute","lcTag","lcName","_sanitizeAttributes","hookEvent","attrName","attrValue","keepAttr","allowedAttributes","attr","forceKeepAttr","getAttributeType","setAttributeNS","_sanitizeShadowDOM","fragment","shadowNode","shadowIterator","nextNode","sanitize","importedNode","returnNode","appendChild","firstChild","nodeIterator","shadowroot","shadowrootmode","serializedHTML","outerHTML","doctype","setConfig","clearConfig","isValidAttribute","tag","addHook","hookFunction","removeHook","removeHooks","removeAllHooks"],"mappings":";0OAAA,MAAMA,QACJA,EAAOC,eACPA,EAAcC,SACdA,EAAQC,eACRA,EAAcC,yBACdA,GACEC,OAEJ,IAAIC,OAAEA,EAAMC,KAAEA,EAAIC,OAAEA,GAAWH,QAC3BI,MAAEA,EAAKC,UAAEA,GAAiC,oBAAZC,SAA2BA,QAExDL,IACHA,EAAS,SAAUM,GACjB,OAAOA,IAINL,IACHA,EAAO,SAAUK,GACf,OAAOA,IAINH,IACHA,EAAQ,SAAUI,EAAKC,EAAWC,GAChC,OAAOF,EAAIJ,MAAMK,EAAWC,KAI3BL,IACHA,EAAY,SAAUM,EAAMD,GAC1B,OAAO,IAAIC,KAAQD,KAIvB,MAAME,EAAeC,EAAQC,MAAMC,UAAUC,SAEvCC,EAAWJ,EAAQC,MAAMC,UAAUG,KACnCC,EAAYN,EAAQC,MAAMC,UAAUK,MAGpCC,EAAoBR,EAAQS,OAAOP,UAAUQ,aAC7CC,EAAiBX,EAAQS,OAAOP,UAAUU,UAC1CC,EAAcb,EAAQS,OAAOP,UAAUY,OACvCC,EAAgBf,EAAQS,OAAOP,UAAUc,SACzCC,EAAgBjB,EAAQS,OAAOP,UAAUgB,SACzCC,EAAanB,EAAQS,OAAOP,UAAUkB,MAEtCC,EAAuBrB,EAAQb,OAAOe,UAAUoB,gBAEhDC,EAAavB,EAAQwB,OAAOtB,UAAUuB,MAEtCC,GAkBeC,EAlBeC,UAmB3B,WAAA,IAAA,IAAAC,EAAAC,UAAAC,OAAIlC,EAAII,IAAAA,MAAA4B,GAAAG,EAAA,EAAAA,EAAAH,EAAAG,IAAJnC,EAAImC,GAAAF,UAAAE,GAAA,OAAKxC,EAAUmC,EAAM9B,EAAK,GAD3C,IAAqB8B,EAVrB,SAAS3B,EAAQ2B,GACf,OAAO,SAACM,GAAO,IAAAC,IAAAA,EAAAJ,UAAAC,OAAKlC,MAAII,MAAAiC,EAAAA,EAAAA,OAAAC,EAAA,EAAAA,EAAAD,EAAAC,IAAJtC,EAAIsC,EAAAL,GAAAA,UAAAK,GAAA,OAAK5C,EAAMoC,EAAMM,EAASpC,EAAK,CACzD,CAoBA,SAASuC,EAASC,EAAKC,GAA8C,IAAvCC,EAAiBT,UAAAC,OAAA,QAAAS,IAAAV,UAAA,GAAAA,UAAA,GAAGtB,EAC5CzB,GAIFA,EAAesD,EAAK,MAGtB,IAAII,EAAIH,EAAMP,OACd,KAAOU,KAAK,CACV,IAAIC,EAAUJ,EAAMG,GACpB,GAAuB,iBAAZC,EAAsB,CAC/B,MAAMC,EAAYJ,EAAkBG,GAChCC,IAAcD,IAEX1D,EAASsD,KACZA,EAAMG,GAAKE,GAGbD,EAAUC,EAEd,CAEAN,EAAIK,IAAW,CACjB,CAEA,OAAOL,CACT,CAQA,SAASO,EAAWN,GAClB,IAAK,IAAIO,EAAQ,EAAGA,EAAQP,EAAMP,OAAQc,IAAS,CACzBxB,EAAqBiB,EAAOO,KAGlDP,EAAMO,GAAS,KAEnB,CAEA,OAAOP,CACT,CAQA,SAASQ,EAAMC,GACb,MAAMC,EAAY1D,EAAO,MAEzB,IAAK,MAAO2D,EAAUC,KAAUpE,EAAQiE,GAAS,CACvB1B,EAAqB0B,EAAQE,KAG/ChD,MAAMkD,QAAQD,GAChBF,EAAUC,GAAYL,EAAWM,GAEjCA,GACiB,iBAAVA,GACPA,EAAME,cAAgBjE,OAEtB6D,EAAUC,GAAYH,EAAMI,GAE5BF,EAAUC,GAAYC,EAG5B,CAEA,OAAOF,CACT,CASA,SAASK,EAAaN,EAAQO,GAC5B,KAAkB,OAAXP,GAAiB,CACtB,MAAMQ,EAAOrE,EAAyB6D,EAAQO,GAE9C,GAAIC,EAAM,CACR,GAAIA,EAAKC,IACP,OAAOxD,EAAQuD,EAAKC,KAGtB,GAA0B,mBAAfD,EAAKL,MACd,OAAOlD,EAAQuD,EAAKL,MAExB,CAEAH,EAAS9D,EAAe8D,EAC1B,CAMA,OAJA,WACE,OAAO,IACT,CAGF,CC1LO,MAAMU,EAAOrE,EAAO,CACzB,IACA,OACA,UACA,UACA,OACA,UACA,QACA,QACA,IACA,MACA,MACA,MACA,QACA,aACA,OACA,KACA,SACA,SACA,UACA,SACA,OACA,OACA,MACA,WACA,UACA,OACA,WACA,KACA,YACA,MACA,UACA,MACA,SACA,MACA,MACA,KACA,KACA,UACA,KACA,WACA,aACA,SACA,OACA,SACA,OACA,KACA,KACA,KACA,KACA,KACA,KACA,OACA,SACA,SACA,KACA,OACA,IACA,MACA,QACA,MACA,MACA,QACA,SACA,KACA,OACA,MACA,OACA,UACA,OACA,WACA,QACA,MACA,OACA,KACA,WACA,SACA,SACA,IACA,UACA,MACA,WACA,IACA,KACA,KACA,OACA,IACA,OACA,UACA,SACA,SACA,QACA,SACA,SACA,OACA,SACA,SACA,QACA,MACA,UACA,MACA,QACA,QACA,KACA,WACA,WACA,QACA,KACA,QACA,OACA,KACA,QACA,KACA,IACA,KACA,MACA,QACA,QAIWsE,EAAMtE,EAAO,CACxB,MACA,IACA,WACA,cACA,eACA,eACA,gBACA,mBACA,SACA,WACA,OACA,OACA,UACA,SACA,OACA,IACA,QACA,WACA,QACA,QACA,OACA,iBACA,SACA,OACA,WACA,QACA,OACA,UACA,UACA,WACA,iBACA,OACA,OACA,QACA,SACA,SACA,OACA,WACA,QACA,OACA,QACA,OACA,UAGWuE,EAAavE,EAAO,CAC/B,UACA,gBACA,sBACA,cACA,mBACA,oBACA,oBACA,iBACA,eACA,UACA,UACA,UACA,UACA,UACA,iBACA,UACA,UACA,cACA,eACA,WACA,eACA,qBACA,cACA,SACA,iBAOWwE,EAAgBxE,EAAO,CAClC,UACA,gBACA,SACA,UACA,YACA,mBACA,iBACA,gBACA,gBACA,gBACA,QACA,YACA,OACA,eACA,YACA,UACA,gBACA,SACA,MACA,aACA,UACA,QAGWyE,EAASzE,EAAO,CAC3B,OACA,WACA,SACA,UACA,QACA,SACA,KACA,aACA,gBACA,KACA,KACA,QACA,UACA,WACA,QACA,OACA,KACA,SACA,QACA,SACA,OACA,OACA,UACA,SACA,MACA,QACA,MACA,SACA,aACA,gBAKW0E,EAAmB1E,EAAO,CACrC,UACA,cACA,aACA,WACA,YACA,UACA,UACA,SACA,SACA,QACA,YACA,aACA,iBACA,cACA,SAGW2E,EAAO3E,EAAO,CAAC,UCrRfqE,EAAOrE,EAAO,CACzB,SACA,SACA,QACA,MACA,iBACA,eACA,uBACA,WACA,aACA,UACA,SACA,UACA,cACA,cACA,UACA,OACA,QACA,QACA,QACA,OACA,UACA,WACA,eACA,SACA,cACA,WACA,WACA,UACA,MACA,WACA,0BACA,wBACA,WACA,YACA,UACA,eACA,OACA,MACA,UACA,SACA,SACA,OACA,OACA,WACA,KACA,YACA,YACA,QACA,OACA,QACA,OACA,OACA,UACA,OACA,MACA,MACA,YACA,QACA,SACA,MACA,YACA,WACA,QACA,OACA,QACA,UACA,aACA,SACA,OACA,UACA,UACA,cACA,cACA,UACA,gBACA,sBACA,SACA,UACA,UACA,aACA,WACA,MACA,WACA,MACA,WACA,OACA,OACA,UACA,aACA,QACA,WACA,QACA,OACA,QACA,OACA,UACA,QACA,MACA,SACA,OACA,QACA,UACA,WACA,QACA,YACA,OACA,SACA,SACA,QACA,QACA,OACA,QACA,SAGWsE,EAAMtE,EAAO,CACxB,gBACA,aACA,WACA,qBACA,YACA,SACA,gBACA,gBACA,UACA,gBACA,iBACA,QACA,OACA,KACA,QACA,OACA,gBACA,YACA,YACA,QACA,sBACA,8BACA,gBACA,kBACA,KACA,KACA,IACA,KACA,KACA,kBACA,YACA,UACA,UACA,MACA,WACA,YACA,MACA,WACA,OACA,eACA,YACA,SACA,cACA,cACA,gBACA,cACA,YACA,mBACA,eACA,aACA,eACA,cACA,KACA,KACA,KACA,KACA,aACA,WACA,gBACA,oBACA,SACA,OACA,KACA,kBACA,KACA,MACA,YACA,IACA,KACA,KACA,KACA,KACA,UACA,YACA,aACA,WACA,OACA,eACA,iBACA,eACA,mBACA,iBACA,QACA,aACA,aACA,eACA,eACA,cACA,cACA,mBACA,YACA,MACA,OACA,QACA,SACA,OACA,MACA,OACA,aACA,SACA,WACA,UACA,QACA,SACA,cACA,SACA,WACA,cACA,OACA,aACA,sBACA,mBACA,eACA,SACA,gBACA,sBACA,iBACA,IACA,KACA,KACA,SACA,OACA,OACA,cACA,YACA,UACA,SACA,SACA,QACA,OACA,kBACA,QACA,mBACA,mBACA,eACA,cACA,eACA,cACA,aACA,eACA,mBACA,oBACA,iBACA,kBACA,oBACA,iBACA,SACA,eACA,QACA,eACA,iBACA,WACA,cACA,UACA,UACA,YACA,mBACA,cACA,kBACA,iBACA,aACA,OACA,KACA,KACA,UACA,SACA,UACA,aACA,UACA,aACA,gBACA,gBACA,QACA,eACA,OACA,eACA,mBACA,mBACA,IACA,KACA,KACA,QACA,IACA,KACA,KACA,IACA,eAGWyE,EAASzE,EAAO,CAC3B,SACA,cACA,QACA,WACA,QACA,eACA,cACA,aACA,aACA,QACA,MACA,UACA,eACA,WACA,QACA,QACA,SACA,OACA,KACA,UACA,SACA,gBACA,SACA,SACA,iBACA,YACA,WACA,cACA,UACA,UACA,gBACA,WACA,WACA,OACA,WACA,WACA,aACA,UACA,SACA,SACA,cACA,gBACA,uBACA,YACA,YACA,aACA,WACA,iBACA,iBACA,YACA,UACA,QACA,UAGW4E,EAAM5E,EAAO,CACxB,aACA,SACA,cACA,YACA,gBC9WW6E,EAAgB5E,EAAK,6BACrB6E,EAAW7E,EAAK,yBAChB8E,EAAc9E,EAAK,iBACnB+E,EAAY/E,EAAK,8BACjBgF,EAAYhF,EAAK,kBACjBiF,EAAiBjF,EAC5B,6FAEWkF,EAAoBlF,EAAK,yBACzBmF,EAAkBnF,EAC7B,+DAEWoF,EAAepF,EAAK,WACpBqF,EAAiBrF,EAAK,0NCSnC,MAAMsF,EACK,EADLA,EAGE,EAHFA,EAOoB,EAPpBA,EAQK,EARLA,GASM,EAMNC,GAAY,WAChB,MAAyB,oBAAXC,OAAyB,KAAOA,MAChD,EAsnDA,IAAAC,GArkDA,SAASC,IAAsC,IAAtBF,EAAM/C,UAAAC,OAAAD,QAAAU,IAAAV,UAAAU,GAAAV,UAAG8C,GAAAA,KAChC,MAAMI,EAAaC,GAASF,EAAgBE,GAc5C,GARAD,EAAUE,QAAUC,QAMpBH,EAAUI,QAAU,IAGjBP,IACAA,EAAOQ,UACRR,EAAOQ,SAASC,WAAaX,GAM7B,OAFAK,EAAUO,aAAc,EAEjBP,EAGT,IAAIK,SAAEA,GAAaR,EAEnB,MAAMW,EAAmBH,EACnBI,EAAgBD,EAAiBC,eACjCC,iBACJA,EAAgBC,oBAChBA,EAAmBC,KACnBA,EAAIC,QACJA,EAAOC,WACPA,EAAUC,aACVA,EAAelB,EAAOkB,cAAgBlB,EAAOmB,gBAAeC,gBAC5DA,EAAeC,UACfA,EAASC,aACTA,GACEtB,EAEEuB,EAAmBP,EAAQ3F,UAE3BmG,EAAYhD,EAAa+C,EAAkB,aAC3CE,EAASjD,EAAa+C,EAAkB,UACxCG,GAAiBlD,EAAa+C,EAAkB,eAChDI,GAAgBnD,EAAa+C,EAAkB,cAC/CK,GAAgBpD,EAAa+C,EAAkB,cAQrD,GAAmC,mBAAxBT,EAAoC,CAC7C,MAAMe,EAAWrB,EAASsB,cAAc,YACpCD,EAASE,SAAWF,EAASE,QAAQC,gBACvCxB,EAAWqB,EAASE,QAAQC,cAEhC,CAEA,IAAIC,GACAC,GAAY,GAEhB,MAAMC,eACJA,GAAcC,mBACdA,GAAkBC,uBAClBA,GAAsBC,qBACtBA,IACE9B,GACE+B,WAAEA,IAAe5B,EAEvB,IAAI6B,GAAQ,CAAA,EAKZrC,EAAUO,YACW,mBAAZzG,GACkB,mBAAlB2H,IACPO,SACsCxE,IAAtCwE,GAAeM,mBAEjB,MAAMrD,cACJA,GAAaC,SACbA,GAAQC,YACRA,GAAWC,UACXA,GAASC,UACTA,GAASE,kBACTA,GAAiBC,gBACjBA,GAAeE,eACfA,IACE6C,EAEJ,IAAMjD,eAAAA,IAAmBiD,EAQrBC,GAAe,KACnB,MAAMC,GAAuBrF,EAAS,GAAI,IACrCsF,KACAA,KACAA,KACAA,KACAA,IAIL,IAAIC,GAAe,KACnB,MAAMC,GAAuBxF,EAAS,CAAE,EAAE,IACrCyF,KACAA,KACAA,KACAA,IASL,IAAIC,GAA0B3I,OAAOE,KACnCC,EAAO,KAAM,CACXyI,aAAc,CACZC,UAAU,EACVC,cAAc,EACdC,YAAY,EACZhF,MAAO,MAETiF,mBAAoB,CAClBH,UAAU,EACVC,cAAc,EACdC,YAAY,EACZhF,MAAO,MAETkF,+BAAgC,CAC9BJ,UAAU,EACVC,cAAc,EACdC,YAAY,EACZhF,OAAO,MAMTmF,GAAc,KAGdC,GAAc,KAGdC,IAAkB,EAGlBC,IAAkB,EAGlBC,IAA0B,EAI1BC,IAA2B,EAK3BC,IAAqB,EAKrBC,IAAe,EAGfC,IAAiB,EAGjBC,IAAa,EAIbC,IAAa,EAMbC,IAAa,EAIbC,IAAsB,EAItBC,IAAsB,EAKtBC,IAAe,EAefC,IAAuB,EAIvBC,IAAe,EAIfC,IAAW,EAGXC,GAAe,CAAA,EAGfC,GAAkB,KACtB,MAAMC,GAA0BrH,EAAS,CAAE,EAAE,CAC3C,iBACA,QACA,WACA,OACA,gBACA,OACA,SACA,OACA,KACA,KACA,KACA,KACA,QACA,UACA,WACA,WACA,YACA,SACA,QACA,MACA,WACA,QACA,QACA,QACA,QAIF,IAAIsH,GAAgB,KACpB,MAAMC,GAAwBvH,EAAS,CAAE,EAAE,CACzC,QACA,QACA,MACA,SACA,QACA,UAIF,IAAIwH,GAAsB,KAC1B,MAAMC,GAA8BzH,EAAS,GAAI,CAC/C,MACA,QACA,MACA,KACA,QACA,OACA,UACA,cACA,OACA,UACA,QACA,QACA,QACA,UAGI0H,GAAmB,qCACnBC,GAAgB,6BAChBC,GAAiB,+BAEvB,IAAIC,GAAYD,GACZE,IAAiB,EAGjBC,GAAqB,KACzB,MAAMC,GAA6BhI,EACjC,GACA,CAAC0H,GAAkBC,GAAeC,IAClCrJ,GAGF,IAAI0J,GAAiCjI,EAAS,CAAA,EAAI,CAChD,KACA,KACA,KACA,KACA,UAGEkI,GAA0BlI,EAAS,CAAE,EAAE,CAAC,mBAM5C,MAAMmI,GAA+BnI,EAAS,CAAA,EAAI,CAChD,QACA,QACA,OACA,IACA,WAIF,IAAIoI,GAAoB,KACxB,MAAMC,GAA+B,CAAC,wBAAyB,aAE/D,IAAIlI,GAAoB,KAGpBmI,GAAS,KAKb,MAAMC,GAActF,EAASsB,cAAc,QAErCiE,GAAoB,SAAUC,GAClC,OAAOA,aAAqBrJ,QAAUqJ,aAAqBC,UASvDC,GAAe,WAAoB,IAAVC,EAAGlJ,UAAAC,OAAA,QAAAS,IAAAV,UAAA,GAAAA,UAAA,GAAG,CAAA,EACnC,IAAI4I,IAAUA,KAAWM,EAAzB,CA6LA,GAxLKA,GAAsB,iBAARA,IACjBA,EAAM,CAAA,GAIRA,EAAMlI,EAAMkI,GAEZR,IAEmE,IAAjEC,GAA6BvJ,QAAQ8J,EAAIR,mBApCX,YAsC1BQ,EAAIR,kBAGVjI,GACwB,0BAAtBiI,GACI7J,EACAH,EAGNgH,GAAenG,EAAqB2J,EAAK,gBACrC5I,EAAS,CAAE,EAAE4I,EAAIxD,aAAcjF,IAC/BkF,GACJE,GAAetG,EAAqB2J,EAAK,gBACrC5I,EAAS,CAAE,EAAE4I,EAAIrD,aAAcpF,IAC/BqF,GACJuC,GAAqB9I,EAAqB2J,EAAK,sBAC3C5I,EAAS,CAAE,EAAE4I,EAAIb,mBAAoBxJ,GACrCyJ,GACJR,GAAsBvI,EAAqB2J,EAAK,qBAC5C5I,EACEU,EAAM+G,IACNmB,EAAIC,kBACJ1I,IAEFsH,GACJH,GAAgBrI,EAAqB2J,EAAK,qBACtC5I,EACEU,EAAM6G,IACNqB,EAAIE,kBACJ3I,IAEFoH,GACJH,GAAkBnI,EAAqB2J,EAAK,mBACxC5I,EAAS,CAAE,EAAE4I,EAAIxB,gBAAiBjH,IAClCkH,GACJpB,GAAchH,EAAqB2J,EAAK,eACpC5I,EAAS,CAAE,EAAE4I,EAAI3C,YAAa9F,IAC9B,CAAA,EACJ+F,GAAcjH,EAAqB2J,EAAK,eACpC5I,EAAS,CAAE,EAAE4I,EAAI1C,YAAa/F,IAC9B,CAAA,EACJgH,KAAelI,EAAqB2J,EAAK,iBACrCA,EAAIzB,aAERhB,IAA0C,IAAxByC,EAAIzC,gBACtBC,IAA0C,IAAxBwC,EAAIxC,gBACtBC,GAA0BuC,EAAIvC,0BAA2B,EACzDC,IAA4D,IAAjCsC,EAAItC,yBAC/BC,GAAqBqC,EAAIrC,qBAAsB,EAC/CC,IAAoC,IAArBoC,EAAIpC,aACnBC,GAAiBmC,EAAInC,iBAAkB,EACvCG,GAAagC,EAAIhC,aAAc,EAC/BC,GAAsB+B,EAAI/B,sBAAuB,EACjDC,GAAsB8B,EAAI9B,sBAAuB,EACjDH,GAAaiC,EAAIjC,aAAc,EAC/BI,IAAoC,IAArB6B,EAAI7B,aACnBC,GAAuB4B,EAAI5B,uBAAwB,EACnDC,IAAoC,IAArB2B,EAAI3B,aACnBC,GAAW0B,EAAI1B,WAAY,EAC3BhF,GAAiB0G,EAAIG,oBAAsB5D,EAC3C0C,GAAYe,EAAIf,WAAaD,GAC7BK,GACEW,EAAIX,gCAAkCA,GACxCC,GACEU,EAAIV,yBAA2BA,GAEjCxC,GAA0BkD,EAAIlD,yBAA2B,GAEvDkD,EAAIlD,yBACJ8C,GAAkBI,EAAIlD,wBAAwBC,gBAE9CD,GAAwBC,aACtBiD,EAAIlD,wBAAwBC,cAI9BiD,EAAIlD,yBACJ8C,GAAkBI,EAAIlD,wBAAwBK,sBAE9CL,GAAwBK,mBACtB6C,EAAIlD,wBAAwBK,oBAI9B6C,EAAIlD,yBAEF,kBADKkD,EAAIlD,wBAAwBM,iCAGnCN,GAAwBM,+BACtB4C,EAAIlD,wBAAwBM,gCAG5BO,KACFH,IAAkB,GAGhBS,KACFD,IAAa,GAIXO,KACF/B,GAAepF,EAAS,GAAIsF,GAC5BC,GAAe,IACW,IAAtB4B,GAAa9F,OACfrB,EAASoF,GAAcE,GACvBtF,EAASuF,GAAcE,KAGA,IAArB0B,GAAa7F,MACftB,EAASoF,GAAcE,GACvBtF,EAASuF,GAAcE,GACvBzF,EAASuF,GAAcE,KAGO,IAA5B0B,GAAa5F,aACfvB,EAASoF,GAAcE,GACvBtF,EAASuF,GAAcE,GACvBzF,EAASuF,GAAcE,KAGG,IAAxB0B,GAAa1F,SACfzB,EAASoF,GAAcE,GACvBtF,EAASuF,GAAcE,GACvBzF,EAASuF,GAAcE,KAKvBmD,EAAII,WACF5D,KAAiBC,KACnBD,GAAe1E,EAAM0E,KAGvBpF,EAASoF,GAAcwD,EAAII,SAAU7I,KAGnCyI,EAAIK,WACF1D,KAAiBC,KACnBD,GAAe7E,EAAM6E,KAGvBvF,EAASuF,GAAcqD,EAAIK,SAAU9I,KAGnCyI,EAAIC,mBACN7I,EAASwH,GAAqBoB,EAAIC,kBAAmB1I,IAGnDyI,EAAIxB,kBACFA,KAAoBC,KACtBD,GAAkB1G,EAAM0G,KAG1BpH,EAASoH,GAAiBwB,EAAIxB,gBAAiBjH,KAI7C8G,KACF7B,GAAa,UAAW,GAItBqB,IACFzG,EAASoF,GAAc,CAAC,OAAQ,OAAQ,SAItCA,GAAa8D,QACflJ,EAASoF,GAAc,CAAC,iBACjBa,GAAYkD,OAGjBP,EAAIQ,qBAAsB,CAC5B,GAAmD,mBAAxCR,EAAIQ,qBAAqBC,WAClC,MAAM/J,EACJ,+EAIJ,GAAwD,mBAA7CsJ,EAAIQ,qBAAqBE,gBAClC,MAAMhK,EACJ,oFAKJoF,GAAqBkE,EAAIQ,qBAGzBzE,GAAYD,GAAmB2E,WAAW,GAC5C,WAE6BjJ,IAAvBsE,KACFA,GA/lB0B,SAAUX,EAAcwF,GACxD,GAC0B,iBAAjBxF,GAC8B,mBAA9BA,EAAayF,aAEpB,OAAO,KAMT,IAAIC,EAAS,KACb,MAAMC,EAAY,wBACdH,GAAqBA,EAAkBI,aAAaD,KACtDD,EAASF,EAAkBK,aAAaF,IAG1C,MAAMG,EAAa,aAAeJ,EAAS,IAAMA,EAAS,IAE1D,IACE,OAAO1F,EAAayF,aAAaK,EAAY,CAC3CR,WAAWhI,GACFA,EAETiI,gBAAgBQ,GACPA,GAGZ,CAAC,MAAOC,GAOP,OAHAC,QAAQC,KACN,uBAAyBJ,EAAa,0BAEjC,IACT,CACF,CA0jB6BK,CACnBnG,EACAV,IAKuB,OAAvBqB,IAAoD,iBAAdC,KACxCA,GAAYD,GAAmB2E,WAAW,KAM1CrM,GACFA,EAAO4L,GAGTN,GAASM,CAlOT,GAwOIuB,GAAenK,EAAS,CAAA,EAAI,IAC7BsF,KACAA,KACAA,IAEC8E,GAAkBpK,EAAS,CAAE,EAAE,IAChCsF,KACAA,IAqHC+E,GAAe,SAAUC,GAC7BpM,EAAU0E,EAAUI,QAAS,CAAE1C,QAASgK,IAExC,IAEEjG,GAAciG,GAAMC,YAAYD,EACjC,CAAC,MAAOP,GACP7F,EAAOoG,EACT,GASIE,GAAmB,SAAUC,EAAMH,GACvC,IACEpM,EAAU0E,EAAUI,QAAS,CAC3B0H,UAAWJ,EAAKK,iBAAiBF,GACjCG,KAAMN,GAET,CAAC,MAAOP,GACP7L,EAAU0E,EAAUI,QAAS,CAC3B0H,UAAW,KACXE,KAAMN,GAEV,CAKA,GAHAA,EAAKO,gBAAgBJ,GAGR,OAATA,IAAkBlF,GAAakF,GACjC,GAAI7D,IAAcC,GAChB,IACEwD,GAAaC,EACf,CAAE,MAAOP,GAAI,MAEb,IACEO,EAAKQ,aAAaL,EAAM,GAC1B,CAAE,MAAOV,GAAI,GAWbgB,GAAgB,SAAUC,GAE9B,IAAIC,EAAM,KACNC,EAAoB,KAExB,GAAIvE,GACFqE,EAAQ,oBAAsBA,MACzB,CAEL,MAAMG,EAAU1M,EAAYuM,EAAO,eACnCE,EAAoBC,GAAWA,EAAQ,EACzC,CAGwB,0BAAtB/C,IACAP,KAAcD,KAGdoD,EACE,iEACAA,EACA,kBAGJ,MAAMI,EAAe1G,GACjBA,GAAmB2E,WAAW2B,GAC9BA,EAKJ,GAAInD,KAAcD,GAChB,IACEqD,GAAM,IAAInH,GAAYuH,gBAAgBD,EAAchD,GACtD,CAAE,MAAO2B,GAAI,CAIf,IAAKkB,IAAQA,EAAIK,gBAAiB,CAChCL,EAAMrG,GAAe2G,eAAe1D,GAAW,WAAY,MAC3D,IACEoD,EAAIK,gBAAgBE,UAAY1D,GAC5BnD,GACAyG,CACL,CAAC,MAAOrB,GACP,CAEJ,CAEA,MAAM0B,EAAOR,EAAIQ,MAAQR,EAAIK,gBAU7B,OARIN,GAASE,GACXO,EAAKC,aACHzI,EAAS0I,eAAeT,GACxBO,EAAKG,WAAW,IAAM,MAKtB/D,KAAcD,GACT7C,GAAqB8G,KAC1BZ,EACAxE,GAAiB,OAAS,QAC1B,GAGGA,GAAiBwE,EAAIK,gBAAkBG,GAS1CK,GAAsB,SAAUjJ,GACpC,OAAOgC,GAAmBgH,KACxBhJ,EAAK4B,eAAiB5B,EACtBA,EAEAa,EAAWqI,aACTrI,EAAWsI,aACXtI,EAAWuI,UACXvI,EAAWwI,4BACXxI,EAAWyI,mBACb,OAUEC,GAAe,SAAUC,GAC7B,OACEA,aAAexI,IACU,iBAAjBwI,EAAIC,UACiB,iBAApBD,EAAIE,aACgB,mBAApBF,EAAI9B,eACT8B,EAAIG,sBAAsB7I,IACG,mBAAxB0I,EAAIxB,iBACiB,mBAArBwB,EAAIvB,cACiB,iBAArBuB,EAAII,cACiB,mBAArBJ,EAAIX,cACkB,mBAAtBW,EAAIK,gBAUXC,GAAU,SAAUhM,GACxB,MAAuB,mBAAT6C,GAAuB7C,aAAkB6C,GAWnDoJ,GAAe,SAAUC,EAAYC,EAAaC,GACjD9H,GAAM4H,IAIXlP,EAAasH,GAAM4H,IAAcG,IAC/BA,EAAKnB,KAAKjJ,EAAWkK,EAAaC,EAAMzE,GAAO,KAc7C2E,GAAoB,SAAUH,GAClC,IAAItI,EAAU,KAMd,GAHAoI,GAAa,yBAA0BE,EAAa,MAGhDV,GAAaU,GAEf,OADAzC,GAAayC,IACN,EAIT,MAAMI,EAAU/M,GAAkB2M,EAAYR,UAS9C,GANAM,GAAa,sBAAuBE,EAAa,CAC/CI,UACAC,YAAa/H,KAKb0H,EAAYJ,kBACXC,GAAQG,EAAYM,oBACrBjO,EAAW,UAAW2N,EAAYtB,YAClCrM,EAAW,UAAW2N,EAAYP,aAGlC,OADAlC,GAAayC,IACN,EAIT,GAAIA,EAAY5J,WAAaX,EAE3B,OADA8H,GAAayC,IACN,EAIT,GACEtG,IACAsG,EAAY5J,WAAaX,GACzBpD,EAAW,UAAW2N,EAAYC,MAGlC,OADA1C,GAAayC,IACN,EAIT,IAAK1H,GAAa8H,IAAYjH,GAAYiH,GAAU,CAElD,IAAKjH,GAAYiH,IAAYG,GAAsBH,GAAU,CAC3D,GACExH,GAAwBC,wBAAwBvG,QAChDD,EAAWuG,GAAwBC,aAAcuH,GAEjD,OAAO,EAGT,GACExH,GAAwBC,wBAAwB+C,UAChDhD,GAAwBC,aAAauH,GAErC,OAAO,CAEX,CAGA,GAAIjG,KAAiBG,GAAgB8F,GAAU,CAC7C,MAAMI,EAAajJ,GAAcyI,IAAgBA,EAAYQ,WACvD1B,EAAaxH,GAAc0I,IAAgBA,EAAYlB,WAE7D,GAAIA,GAAc0B,EAAY,CAG5B,IAAK,IAAIC,EAFU3B,EAAWjM,OAEJ,EAAG4N,GAAK,IAAKA,EAAG,CACxC,MAAMC,EAAavJ,EAAU2H,EAAW2B,IAAI,GAC5CC,EAAWC,gBAAkBX,EAAYW,gBAAkB,GAAK,EAChEH,EAAW5B,aAAa8B,EAAYrJ,GAAe2I,GACrD,CACF,CACF,CAGA,OADAzC,GAAayC,IACN,CACT,CAGA,OAAIA,aAAuBrJ,IA5YA,SAAUnD,GACrC,IAAIoN,EAASrJ,GAAc/D,GAItBoN,GAAWA,EAAOR,UACrBQ,EAAS,CACPjB,aAAc5E,GACdqF,QAAS,aAIb,MAAMA,EAAU9O,EAAkBkC,EAAQ4M,SACpCS,EAAgBvP,EAAkBsP,EAAOR,SAE/C,QAAKnF,GAAmBzH,EAAQmM,gBAI5BnM,EAAQmM,eAAiB9E,GAIvB+F,EAAOjB,eAAiB7E,GACP,QAAZsF,EAMLQ,EAAOjB,eAAiB/E,GAEZ,QAAZwF,IACmB,mBAAlBS,GACC1F,GAA+B0F,IAM9BC,QAAQzD,GAAa+C,IAG1B5M,EAAQmM,eAAiB/E,GAIvBgG,EAAOjB,eAAiB7E,GACP,SAAZsF,EAKLQ,EAAOjB,eAAiB9E,GACP,SAAZuF,GAAsBhF,GAAwByF,GAKhDC,QAAQxD,GAAgB8C,IAG7B5M,EAAQmM,eAAiB7E,KAKzB8F,EAAOjB,eAAiB9E,KACvBO,GAAwByF,OAMzBD,EAAOjB,eAAiB/E,KACvBO,GAA+B0F,MAQ/BvD,GAAgB8C,KAChB/E,GAA6B+E,KAAa/C,GAAa+C,MAMpC,0BAAtB9E,KACAL,GAAmBzH,EAAQmM,gBAiTUoB,CAAqBf,IAC1DzC,GAAayC,IACN,GAKM,aAAZI,GACa,YAAZA,GACY,aAAZA,IACF/N,EAAW,8BAA+B2N,EAAYtB,YAOpDjF,IAAsBuG,EAAY5J,WAAaX,IAEjDiC,EAAUsI,EAAYP,YAEtB5O,EAAa,CAACkE,GAAeC,GAAUC,KAAe+L,IACpDtJ,EAAU7F,EAAc6F,EAASsJ,EAAM,IAAI,IAGzChB,EAAYP,cAAgB/H,IAC9BtG,EAAU0E,EAAUI,QAAS,CAAE1C,QAASwM,EAAY7I,cACpD6I,EAAYP,YAAc/H,IAK9BoI,GAAa,wBAAyBE,EAAa,OAE5C,IAtBLzC,GAAayC,IACN,IAiCLiB,GAAoB,SAAUC,EAAOC,EAAQnN,GAEjD,GACEiG,KACY,OAAXkH,GAA8B,SAAXA,KACnBnN,KAASmC,GAAYnC,KAASyH,IAE/B,OAAO,EAOT,GACEnC,KACCF,GAAY+H,IACb9O,EAAW6C,GAAWiM,SAGjB,GAAI9H,IAAmBhH,EAAW8C,GAAWgM,SAG7C,IAAK1I,GAAa0I,IAAW/H,GAAY+H,IAC9C,KAIGZ,GAAsBW,KACnBtI,GAAwBC,wBAAwBvG,QAChDD,EAAWuG,GAAwBC,aAAcqI,IAChDtI,GAAwBC,wBAAwB+C,UAC/ChD,GAAwBC,aAAaqI,MACvCtI,GAAwBK,8BAA8B3G,QACtDD,EAAWuG,GAAwBK,mBAAoBkI,IACtDvI,GAAwBK,8BAA8B2C,UACrDhD,GAAwBK,mBAAmBkI,KAGrC,OAAXA,GACCvI,GAAwBM,iCACtBN,GAAwBC,wBAAwBvG,QAChDD,EAAWuG,GAAwBC,aAAc7E,IAChD4E,GAAwBC,wBAAwB+C,UAC/ChD,GAAwBC,aAAa7E,KAK3C,OAAO,OAGJ,GAAI0G,GAAoByG,SAIxB,GACL9O,EAAW+C,GAAgBvD,EAAcmC,EAAOsB,GAAiB,WAK5D,GACO,QAAX6L,GAA+B,eAAXA,GAAsC,SAAXA,GACtC,WAAVD,GACkC,IAAlCnP,EAAciC,EAAO,WACrBwG,GAAc0G,IAMT,GACL3H,KACClH,EAAWgD,GAAmBxD,EAAcmC,EAAOsB,GAAiB,WAIhE,GAAItB,EACT,OAAO,OAMT,OAAO,GAWHuM,GAAwB,SAAUH,GACtC,MAAmB,mBAAZA,GAAgCzO,EAAYyO,EAAS5K,KAaxD4L,GAAsB,SAAUpB,GAEpCF,GAAa,2BAA4BE,EAAa,MAEtD,MAAMN,WAAEA,GAAeM,EAGvB,IAAKN,EACH,OAGF,MAAM2B,EAAY,CAChBC,SAAU,GACVC,UAAW,GACXC,UAAU,EACVC,kBAAmBhJ,IAErB,IAAIlF,EAAImM,EAAW7M,OAGnB,KAAOU,KAAK,CACV,MAAMmO,EAAOhC,EAAWnM,IAClBoK,KAAEA,EAAIgC,aAAEA,EAAc3L,MAAOuN,GAAcG,EAC3CP,EAAS9N,GAAkBsK,GAEjC,IAAI3J,EAAiB,UAAT2J,EAAmB4D,EAAYtP,EAAWsP,GAsBtD,GAnBAF,EAAUC,SAAWH,EACrBE,EAAUE,UAAYvN,EACtBqN,EAAUG,UAAW,EACrBH,EAAUM,mBAAgBrO,EAC1BwM,GAAa,wBAAyBE,EAAaqB,GACnDrN,EAAQqN,EAAUE,WAKdrH,IAAoC,OAAXiH,GAA8B,SAAXA,IAE9CzD,GAAiBC,EAAMqC,GAGvBhM,EAn9B8B,gBAm9BQA,GAIpC0F,IAAgBrH,EAAW,gCAAiC2B,GAAQ,CACtE0J,GAAiBC,EAAMqC,GACvB,QACF,CAGA,GAAIqB,EAAUM,cACZ,SAOF,GAHAjE,GAAiBC,EAAMqC,IAGlBqB,EAAUG,SACb,SAIF,IAAKhI,IAA4BnH,EAAW,OAAQ2B,GAAQ,CAC1D0J,GAAiBC,EAAMqC,GACvB,QACF,CAGIvG,IACF5I,EAAa,CAACkE,GAAeC,GAAUC,KAAe+L,IACpDhN,EAAQnC,EAAcmC,EAAOgN,EAAM,IAAI,IAK3C,MAAME,EAAQ7N,GAAkB2M,EAAYR,UAC5C,GAAKyB,GAAkBC,EAAOC,EAAQnN,GAAtC,CAKA,GACE4D,IACwB,iBAAjBX,GACkC,mBAAlCA,EAAa2K,iBAEpB,GAAIjC,QAGF,OAAQ1I,EAAa2K,iBAAiBV,EAAOC,IAC3C,IAAK,cACHnN,EAAQ4D,GAAmB2E,WAAWvI,GACtC,MAGF,IAAK,mBACHA,EAAQ4D,GAAmB4E,gBAAgBxI,GAYnD,IACM2L,EACFK,EAAY6B,eAAelC,EAAchC,EAAM3J,GAG/CgM,EAAYhC,aAAaL,EAAM3J,GAG7BsL,GAAaU,GACfzC,GAAayC,GAEb9O,EAAS4E,EAAUI,QAEvB,CAAE,MAAO+G,GAAI,CA3Cb,CA4CF,CAGA6C,GAAa,0BAA2BE,EAAa,OAQjD8B,GAAqB,SAArBA,EAA+BC,GACnC,IAAIC,EAAa,KACjB,MAAMC,EAAiBjD,GAAoB+C,GAK3C,IAFAjC,GAAa,0BAA2BiC,EAAU,MAE1CC,EAAaC,EAAeC,YAElCpC,GAAa,yBAA0BkC,EAAY,MAG/C7B,GAAkB6B,KAKlBA,EAAWtK,mBAAmBlB,GAChCsL,EAAmBE,EAAWtK,SAIhC0J,GAAoBY,IAItBlC,GAAa,yBAA0BiC,EAAU,OAuRnD,OA5QAjM,EAAUqM,SAAW,SAAUjE,GAAiB,IAAVpC,EAAGlJ,UAAAC,OAAA,QAAAS,IAAAV,UAAA,GAAAA,UAAA,GAAG,CAAA,EACtC+L,EAAO,KACPyD,EAAe,KACfpC,EAAc,KACdqC,EAAa,KAUjB,GANArH,IAAkBkD,EACdlD,KACFkD,EAAQ,eAIW,iBAAVA,IAAuB2B,GAAQ3B,GAAQ,CAChD,GAA8B,mBAAnBA,EAAMxM,SAMf,MAAMc,EAAgB,8BAJtB,GAAqB,iBADrB0L,EAAQA,EAAMxM,YAEZ,MAAMc,EAAgB,kCAK5B,CAGA,IAAKsD,EAAUO,YACb,OAAO6H,EAgBT,GAZKtE,IACHiC,GAAaC,GAIfhG,EAAUI,QAAU,GAGC,iBAAVgI,IACT9D,IAAW,GAGTA,IAEF,GAAI8D,EAAMsB,SAAU,CAClB,MAAMY,EAAU/M,GAAkB6K,EAAMsB,UACxC,IAAKlH,GAAa8H,IAAYjH,GAAYiH,GACxC,MAAM5N,EACJ,0DAGN,OACK,GAAI0L,aAAiBxH,EAG1BiI,EAAOV,GAAc,iBACrBmE,EAAezD,EAAKhH,cAAcO,WAAWgG,GAAO,GAElDkE,EAAahM,WAAaX,GACA,SAA1B2M,EAAa5C,UAIsB,SAA1B4C,EAAa5C,SADtBb,EAAOyD,EAKPzD,EAAK2D,YAAYF,OAEd,CAEL,IACGtI,KACAL,KACAE,KAEuB,IAAxBuE,EAAMlM,QAAQ,KAEd,OAAO4F,IAAsBoC,GACzBpC,GAAmB2E,WAAW2B,GAC9BA,EAON,GAHAS,EAAOV,GAAcC,IAGhBS,EACH,OAAO7E,GAAa,KAAOE,GAAsBnC,GAAY,EAEjE,CAGI8G,GAAQ9E,IACV0D,GAAaoB,EAAK4D,YAIpB,MAAMC,EAAexD,GAAoB5E,GAAW8D,EAAQS,GAG5D,KAAQqB,EAAcwC,EAAaN,YAE7B/B,GAAkBH,KAKlBA,EAAYtI,mBAAmBlB,GACjCsL,GAAmB9B,EAAYtI,SAIjC0J,GAAoBpB,IAItB,GAAI5F,GACF,OAAO8D,EAIT,GAAIpE,GAAY,CACd,GAAIC,GAGF,IAFAsI,EAAarK,GAAuB+G,KAAKJ,EAAKhH,eAEvCgH,EAAK4D,YAEVF,EAAWC,YAAY3D,EAAK4D,iBAG9BF,EAAa1D,EAcf,OAXIlG,GAAagK,YAAchK,GAAaiK,kBAQ1CL,EAAanK,GAAW6G,KAAKzI,EAAkB+L,GAAY,IAGtDA,CACT,CAEA,IAAIM,EAAiBhJ,GAAiBgF,EAAKiE,UAAYjE,EAAKD,UAsB5D,OAlBE/E,IACArB,GAAa,aACbqG,EAAKhH,eACLgH,EAAKhH,cAAckL,SACnBlE,EAAKhH,cAAckL,QAAQlF,MAC3BtL,EAAWgG,EAA0BsG,EAAKhH,cAAckL,QAAQlF,QAEhEgF,EACE,aAAehE,EAAKhH,cAAckL,QAAQlF,KAAO,MAAQgF,GAIzDlJ,IACF5I,EAAa,CAACkE,GAAeC,GAAUC,KAAe+L,IACpD2B,EAAiB9Q,EAAc8Q,EAAgB3B,EAAM,IAAI,IAItDpJ,IAAsBoC,GACzBpC,GAAmB2E,WAAWoG,GAC9BA,GASN7M,EAAUgN,UAAY,WACpBjH,GADiCjJ,UAAAC,OAAA,QAAAS,IAAAV,UAAA,GAAAA,UAAA,GAAG,CAAA,GAEpCgH,IAAa,GAQf9D,EAAUiN,YAAc,WACtBvH,GAAS,KACT5B,IAAa,GAaf9D,EAAUkN,iBAAmB,SAAUC,EAAKvB,EAAM1N,GAE3CwH,IACHK,GAAa,CAAE,GAGjB,MAAMqF,EAAQ7N,GAAkB4P,GAC1B9B,EAAS9N,GAAkBqO,GACjC,OAAOT,GAAkBC,EAAOC,EAAQnN,IAU1C8B,EAAUoN,QAAU,SAAUnD,EAAYoD,GACZ,mBAAjBA,IAIXhL,GAAM4H,GAAc5H,GAAM4H,IAAe,GACzC3O,EAAU+G,GAAM4H,GAAaoD,KAW/BrN,EAAUsN,WAAa,SAAUrD,GAC/B,GAAI5H,GAAM4H,GACR,OAAO7O,EAASiH,GAAM4H,KAU1BjK,EAAUuN,YAAc,SAAUtD,GAC5B5H,GAAM4H,KACR5H,GAAM4H,GAAc,KAQxBjK,EAAUwN,eAAiB,WACzBnL,GAAQ,CAAA,GAGHrC,CACT,CAEeD"} \ No newline at end of file +{"version":3,"file":"purify.min.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"} \ No newline at end of file