mirror of https://github.com/M66B/FairEmail.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 line
87 KiB
1 line
87 KiB
{"version":3,"file":"purify.min.js","sources":["../src/utils.js","../src/tags.js","../src/attrs.js","../src/regexp.js","../src/purify.js"],"sourcesContent":["const {\n hasOwnProperty,\n setPrototypeOf,\n isFrozen,\n getPrototypeOf,\n getOwnPropertyDescriptor,\n} = Object;\n\nlet { freeze, seal, create } = Object; // eslint-disable-line import/no-mutable-exports\nlet { apply, construct } = typeof Reflect !== 'undefined' && Reflect;\n\nif (!apply) {\n apply = function (fun, thisValue, args) {\n return fun.apply(thisValue, args);\n };\n}\n\nif (!freeze) {\n freeze = function (x) {\n return x;\n };\n}\n\nif (!seal) {\n seal = function (x) {\n return x;\n };\n}\n\nif (!construct) {\n construct = function (Func, args) {\n return new Func(...args);\n };\n}\n\nconst arrayForEach = unapply(Array.prototype.forEach);\nconst arrayIndexOf = unapply(Array.prototype.indexOf);\nconst arrayPop = unapply(Array.prototype.pop);\nconst arrayPush = unapply(Array.prototype.push);\nconst arraySlice = unapply(Array.prototype.slice);\n\nconst stringToLowerCase = unapply(String.prototype.toLowerCase);\nconst stringMatch = unapply(String.prototype.match);\nconst stringReplace = unapply(String.prototype.replace);\nconst stringIndexOf = unapply(String.prototype.indexOf);\nconst stringTrim = unapply(String.prototype.trim);\n\nconst regExpTest = unapply(RegExp.prototype.test);\n\nconst typeErrorCreate = unconstruct(TypeError);\n\nexport function unapply(func) {\n return (thisArg, ...args) => apply(func, thisArg, args);\n}\n\nexport function unconstruct(func) {\n return (...args) => construct(func, args);\n}\n\n/* Add properties to a lookup table */\nexport function addToSet(set, array, transformCaseFunc) {\n transformCaseFunc = transformCaseFunc ? transformCaseFunc : stringToLowerCase;\n if (setPrototypeOf) {\n // Make 'in' and truthy checks like Boolean(set.constructor)\n // independent of any properties defined on Object.prototype.\n // Prevent prototype setters from intercepting set as a this value.\n setPrototypeOf(set, null);\n }\n\n let l = array.length;\n while (l--) {\n let element = array[l];\n if (typeof element === 'string') {\n const lcElement = transformCaseFunc(element);\n if (lcElement !== element) {\n // Config presets (e.g. tags.js, attrs.js) are immutable.\n if (!isFrozen(array)) {\n array[l] = lcElement;\n }\n\n element = lcElement;\n }\n }\n\n set[element] = true;\n }\n\n return set;\n}\n\n/* Shallow clone an object */\nexport function clone(object) {\n const newObject = create(null);\n\n let property;\n for (property in object) {\n if (apply(hasOwnProperty, object, [property])) {\n newObject[property] = object[property];\n }\n }\n\n return newObject;\n}\n\n/* IE10 doesn't support __lookupGetter__ so lets'\n * simulate it. It also automatically checks\n * if the prop is function or getter and behaves\n * accordingly. */\nfunction lookupGetter(object, prop) {\n while (object !== null) {\n const desc = getOwnPropertyDescriptor(object, prop);\n if (desc) {\n if (desc.get) {\n return unapply(desc.get);\n }\n\n if (typeof desc.value === 'function') {\n return unapply(desc.value);\n }\n }\n\n object = getPrototypeOf(object);\n }\n\n function fallbackValue(element) {\n console.warn('fallback value for', element);\n return null;\n }\n\n return fallbackValue;\n}\n\nexport {\n // Array\n arrayForEach,\n arrayIndexOf,\n arrayPop,\n arrayPush,\n arraySlice,\n // Object\n freeze,\n getPrototypeOf,\n getOwnPropertyDescriptor,\n hasOwnProperty,\n isFrozen,\n setPrototypeOf,\n seal,\n // RegExp\n regExpTest,\n // String\n stringIndexOf,\n stringMatch,\n stringReplace,\n stringToLowerCase,\n stringTrim,\n // Errors\n typeErrorCreate,\n // Other\n lookupGetter,\n};\n","import { freeze } from './utils.js';\n\nexport const html = freeze([\n 'a',\n 'abbr',\n 'acronym',\n 'address',\n 'area',\n 'article',\n 'aside',\n 'audio',\n 'b',\n 'bdi',\n 'bdo',\n 'big',\n 'blink',\n 'blockquote',\n 'body',\n 'br',\n 'button',\n 'canvas',\n 'caption',\n 'center',\n 'cite',\n 'code',\n 'col',\n 'colgroup',\n 'content',\n 'data',\n 'datalist',\n 'dd',\n 'decorator',\n 'del',\n 'details',\n 'dfn',\n 'dialog',\n 'dir',\n 'div',\n 'dl',\n 'dt',\n 'element',\n 'em',\n 'fieldset',\n 'figcaption',\n 'figure',\n 'font',\n 'footer',\n 'form',\n 'h1',\n 'h2',\n 'h3',\n 'h4',\n 'h5',\n 'h6',\n 'head',\n 'header',\n 'hgroup',\n 'hr',\n 'html',\n 'i',\n 'img',\n 'input',\n 'ins',\n 'kbd',\n 'label',\n 'legend',\n 'li',\n 'main',\n 'map',\n 'mark',\n 'marquee',\n 'menu',\n 'menuitem',\n 'meter',\n 'nav',\n 'nobr',\n 'ol',\n 'optgroup',\n 'option',\n 'output',\n 'p',\n 'picture',\n 'pre',\n 'progress',\n 'q',\n 'rp',\n 'rt',\n 'ruby',\n 's',\n 'samp',\n 'section',\n 'select',\n 'shadow',\n 'small',\n 'source',\n 'spacer',\n 'span',\n 'strike',\n 'strong',\n 'style',\n 'sub',\n 'summary',\n 'sup',\n 'table',\n 'tbody',\n 'td',\n 'template',\n 'textarea',\n 'tfoot',\n 'th',\n 'thead',\n 'time',\n 'tr',\n 'track',\n 'tt',\n 'u',\n 'ul',\n 'var',\n 'video',\n 'wbr',\n]);\n\n// SVG\nexport const svg = freeze([\n 'svg',\n 'a',\n 'altglyph',\n 'altglyphdef',\n 'altglyphitem',\n 'animatecolor',\n 'animatemotion',\n 'animatetransform',\n 'circle',\n 'clippath',\n 'defs',\n 'desc',\n 'ellipse',\n 'filter',\n 'font',\n 'g',\n 'glyph',\n 'glyphref',\n 'hkern',\n 'image',\n 'line',\n 'lineargradient',\n 'marker',\n 'mask',\n 'metadata',\n 'mpath',\n 'path',\n 'pattern',\n 'polygon',\n 'polyline',\n 'radialgradient',\n 'rect',\n 'stop',\n 'style',\n 'switch',\n 'symbol',\n 'text',\n 'textpath',\n 'title',\n 'tref',\n 'tspan',\n 'view',\n 'vkern',\n]);\n\nexport const svgFilters = freeze([\n 'feBlend',\n 'feColorMatrix',\n 'feComponentTransfer',\n 'feComposite',\n 'feConvolveMatrix',\n 'feDiffuseLighting',\n 'feDisplacementMap',\n 'feDistantLight',\n 'feFlood',\n 'feFuncA',\n 'feFuncB',\n 'feFuncG',\n 'feFuncR',\n 'feGaussianBlur',\n 'feImage',\n 'feMerge',\n 'feMergeNode',\n 'feMorphology',\n 'feOffset',\n 'fePointLight',\n 'feSpecularLighting',\n 'feSpotLight',\n 'feTile',\n 'feTurbulence',\n]);\n\n// List of SVG elements that are disallowed by default.\n// We still need to know them so that we can do namespace\n// checks properly in case one wants to add them to\n// allow-list.\nexport const svgDisallowed = freeze([\n 'animate',\n 'color-profile',\n 'cursor',\n 'discard',\n 'fedropshadow',\n 'font-face',\n 'font-face-format',\n 'font-face-name',\n 'font-face-src',\n 'font-face-uri',\n 'foreignobject',\n 'hatch',\n 'hatchpath',\n 'mesh',\n 'meshgradient',\n 'meshpatch',\n 'meshrow',\n 'missing-glyph',\n 'script',\n 'set',\n 'solidcolor',\n 'unknown',\n 'use',\n]);\n\nexport const mathMl = freeze([\n 'math',\n 'menclose',\n 'merror',\n 'mfenced',\n 'mfrac',\n 'mglyph',\n 'mi',\n 'mlabeledtr',\n 'mmultiscripts',\n 'mn',\n 'mo',\n 'mover',\n 'mpadded',\n 'mphantom',\n 'mroot',\n 'mrow',\n 'ms',\n 'mspace',\n 'msqrt',\n 'mstyle',\n 'msub',\n 'msup',\n 'msubsup',\n 'mtable',\n 'mtd',\n 'mtext',\n 'mtr',\n 'munder',\n 'munderover',\n]);\n\n// Similarly to SVG, we want to know all MathML elements,\n// even those that we disallow by default.\nexport const mathMlDisallowed = freeze([\n 'maction',\n 'maligngroup',\n 'malignmark',\n 'mlongdiv',\n 'mscarries',\n 'mscarry',\n 'msgroup',\n 'mstack',\n 'msline',\n 'msrow',\n 'semantics',\n 'annotation',\n 'annotation-xml',\n 'mprescripts',\n 'none',\n]);\n\nexport const text = freeze(['#text']);\n","import { freeze } from './utils.js';\n\nexport const html = freeze([\n 'accept',\n 'action',\n 'align',\n 'alt',\n 'autocapitalize',\n 'autocomplete',\n 'autopictureinpicture',\n 'autoplay',\n 'background',\n 'bgcolor',\n 'border',\n 'capture',\n 'cellpadding',\n 'cellspacing',\n 'checked',\n 'cite',\n 'class',\n 'clear',\n 'color',\n 'cols',\n 'colspan',\n 'controls',\n 'controlslist',\n 'coords',\n 'crossorigin',\n 'datetime',\n 'decoding',\n 'default',\n 'dir',\n 'disabled',\n 'disablepictureinpicture',\n 'disableremoteplayback',\n 'download',\n 'draggable',\n 'enctype',\n 'enterkeyhint',\n 'face',\n 'for',\n 'headers',\n 'height',\n 'hidden',\n 'high',\n 'href',\n 'hreflang',\n 'id',\n 'inputmode',\n 'integrity',\n 'ismap',\n 'kind',\n 'label',\n 'lang',\n 'list',\n 'loading',\n 'loop',\n 'low',\n 'max',\n 'maxlength',\n 'media',\n 'method',\n 'min',\n 'minlength',\n 'multiple',\n 'muted',\n 'name',\n 'nonce',\n 'noshade',\n 'novalidate',\n 'nowrap',\n 'open',\n 'optimum',\n 'pattern',\n 'placeholder',\n 'playsinline',\n 'poster',\n 'preload',\n 'pubdate',\n 'radiogroup',\n 'readonly',\n 'rel',\n 'required',\n 'rev',\n 'reversed',\n 'role',\n 'rows',\n 'rowspan',\n 'spellcheck',\n 'scope',\n 'selected',\n 'shape',\n 'size',\n 'sizes',\n 'span',\n 'srclang',\n 'start',\n 'src',\n 'srcset',\n 'step',\n 'style',\n 'summary',\n 'tabindex',\n 'title',\n 'translate',\n 'type',\n 'usemap',\n 'valign',\n 'value',\n 'width',\n 'xmlns',\n 'slot',\n]);\n\nexport const svg = freeze([\n 'accent-height',\n 'accumulate',\n 'additive',\n 'alignment-baseline',\n 'ascent',\n 'attributename',\n 'attributetype',\n 'azimuth',\n 'basefrequency',\n 'baseline-shift',\n 'begin',\n 'bias',\n 'by',\n 'class',\n 'clip',\n 'clippathunits',\n 'clip-path',\n 'clip-rule',\n 'color',\n 'color-interpolation',\n 'color-interpolation-filters',\n 'color-profile',\n 'color-rendering',\n 'cx',\n 'cy',\n 'd',\n 'dx',\n 'dy',\n 'diffuseconstant',\n 'direction',\n 'display',\n 'divisor',\n 'dur',\n 'edgemode',\n 'elevation',\n 'end',\n 'fill',\n 'fill-opacity',\n 'fill-rule',\n 'filter',\n 'filterunits',\n 'flood-color',\n 'flood-opacity',\n 'font-family',\n 'font-size',\n 'font-size-adjust',\n 'font-stretch',\n 'font-style',\n 'font-variant',\n 'font-weight',\n 'fx',\n 'fy',\n 'g1',\n 'g2',\n 'glyph-name',\n 'glyphref',\n 'gradientunits',\n 'gradienttransform',\n 'height',\n 'href',\n 'id',\n 'image-rendering',\n 'in',\n 'in2',\n 'k',\n 'k1',\n 'k2',\n 'k3',\n 'k4',\n 'kerning',\n 'keypoints',\n 'keysplines',\n 'keytimes',\n 'lang',\n 'lengthadjust',\n 'letter-spacing',\n 'kernelmatrix',\n 'kernelunitlength',\n 'lighting-color',\n 'local',\n 'marker-end',\n 'marker-mid',\n 'marker-start',\n 'markerheight',\n 'markerunits',\n 'markerwidth',\n 'maskcontentunits',\n 'maskunits',\n 'max',\n 'mask',\n 'media',\n 'method',\n 'mode',\n 'min',\n 'name',\n 'numoctaves',\n 'offset',\n 'operator',\n 'opacity',\n 'order',\n 'orient',\n 'orientation',\n 'origin',\n 'overflow',\n 'paint-order',\n 'path',\n 'pathlength',\n 'patterncontentunits',\n 'patterntransform',\n 'patternunits',\n 'points',\n 'preservealpha',\n 'preserveaspectratio',\n 'primitiveunits',\n 'r',\n 'rx',\n 'ry',\n 'radius',\n 'refx',\n 'refy',\n 'repeatcount',\n 'repeatdur',\n 'restart',\n 'result',\n 'rotate',\n 'scale',\n 'seed',\n 'shape-rendering',\n 'specularconstant',\n 'specularexponent',\n 'spreadmethod',\n 'startoffset',\n 'stddeviation',\n 'stitchtiles',\n 'stop-color',\n 'stop-opacity',\n 'stroke-dasharray',\n 'stroke-dashoffset',\n 'stroke-linecap',\n 'stroke-linejoin',\n 'stroke-miterlimit',\n 'stroke-opacity',\n 'stroke',\n 'stroke-width',\n 'style',\n 'surfacescale',\n 'systemlanguage',\n 'tabindex',\n 'targetx',\n 'targety',\n 'transform',\n 'transform-origin',\n 'text-anchor',\n 'text-decoration',\n 'text-rendering',\n 'textlength',\n 'type',\n 'u1',\n 'u2',\n 'unicode',\n 'values',\n 'viewbox',\n 'visibility',\n 'version',\n 'vert-adv-y',\n 'vert-origin-x',\n 'vert-origin-y',\n 'width',\n 'word-spacing',\n 'wrap',\n 'writing-mode',\n 'xchannelselector',\n 'ychannelselector',\n 'x',\n 'x1',\n 'x2',\n 'xmlns',\n 'y',\n 'y1',\n 'y2',\n 'z',\n 'zoomandpan',\n]);\n\nexport const mathMl = freeze([\n 'accent',\n 'accentunder',\n 'align',\n 'bevelled',\n 'close',\n 'columnsalign',\n 'columnlines',\n 'columnspan',\n 'denomalign',\n 'depth',\n 'dir',\n 'display',\n 'displaystyle',\n 'encoding',\n 'fence',\n 'frame',\n 'height',\n 'href',\n 'id',\n 'largeop',\n 'length',\n 'linethickness',\n 'lspace',\n 'lquote',\n 'mathbackground',\n 'mathcolor',\n 'mathsize',\n 'mathvariant',\n 'maxsize',\n 'minsize',\n 'movablelimits',\n 'notation',\n 'numalign',\n 'open',\n 'rowalign',\n 'rowlines',\n 'rowspacing',\n 'rowspan',\n 'rspace',\n 'rquote',\n 'scriptlevel',\n 'scriptminsize',\n 'scriptsizemultiplier',\n 'selection',\n 'separator',\n 'separators',\n 'stretchy',\n 'subscriptshift',\n 'supscriptshift',\n 'symmetric',\n 'voffset',\n 'width',\n 'xmlns',\n]);\n\nexport const xml = freeze([\n 'xlink:href',\n 'xml:id',\n 'xlink:title',\n 'xml:space',\n 'xmlns:xlink',\n]);\n","import { seal } from './utils.js';\n\n// eslint-disable-next-line unicorn/better-regex\nexport const MUSTACHE_EXPR = seal(/\\{\\{[\\w\\W]*|[\\w\\W]*\\}\\}/gm); // Specify template detection regex for SAFE_FOR_TEMPLATES mode\nexport const ERB_EXPR = seal(/<%[\\w\\W]*|[\\w\\W]*%>/gm);\nexport const DATA_ATTR = seal(/^data-[\\-\\w.\\u00B7-\\uFFFF]/); // eslint-disable-line no-useless-escape\nexport const ARIA_ATTR = seal(/^aria-[\\-\\w]+$/); // eslint-disable-line no-useless-escape\nexport const IS_ALLOWED_URI = seal(\n /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\\-]+(?:[^a-z+.\\-:]|$))/i // eslint-disable-line no-useless-escape\n);\nexport const IS_SCRIPT_OR_DATA = seal(/^(?:\\w+script|data):/i);\nexport const ATTR_WHITESPACE = seal(\n /[\\u0000-\\u0020\\u00A0\\u1680\\u180E\\u2000-\\u2029\\u205F\\u3000]/g // eslint-disable-line no-control-regex\n);\nexport const DOCTYPE_NAME = seal(/^html$/i);\n","import * as TAGS from './tags.js';\nimport * as ATTRS from './attrs.js';\nimport * as EXPRESSIONS from './regexp.js';\nimport {\n addToSet,\n clone,\n freeze,\n arrayForEach,\n arrayPop,\n arrayPush,\n stringMatch,\n stringReplace,\n stringToLowerCase,\n stringIndexOf,\n stringTrim,\n regExpTest,\n typeErrorCreate,\n lookupGetter,\n} from './utils.js';\n\nconst getGlobal = () => (typeof window === 'undefined' ? null : window);\n\n/**\n * Creates a no-op policy for internal use only.\n * Don't export this function outside this module!\n * @param {?TrustedTypePolicyFactory} trustedTypes The policy factory.\n * @param {Document} document The document object (to determine policy name suffix)\n * @return {?TrustedTypePolicy} The policy created (or null, if Trusted Types\n * are not supported).\n */\nconst _createTrustedTypesPolicy = function (trustedTypes, document) {\n if (\n typeof trustedTypes !== 'object' ||\n typeof trustedTypes.createPolicy !== 'function'\n ) {\n return null;\n }\n\n // Allow the callers to control the unique policy name\n // by adding a data-tt-policy-suffix to the script element with the DOMPurify.\n // Policy creation with duplicate names throws in Trusted Types.\n let suffix = null;\n const ATTR_NAME = 'data-tt-policy-suffix';\n if (\n document.currentScript &&\n document.currentScript.hasAttribute(ATTR_NAME)\n ) {\n suffix = document.currentScript.getAttribute(ATTR_NAME);\n }\n\n const policyName = 'dompurify' + (suffix ? '#' + suffix : '');\n\n try {\n return trustedTypes.createPolicy(policyName, {\n createHTML(html) {\n return html;\n },\n createScriptURL(scriptUrl) {\n return scriptUrl;\n },\n });\n } catch (_) {\n // Policy creation failed (most likely another DOMPurify script has\n // already run). Skip creating the policy, as this will only cause errors\n // if TT are enforced.\n console.warn(\n 'TrustedTypes policy ' + policyName + ' could not be created.'\n );\n return null;\n }\n};\n\nfunction createDOMPurify(window = getGlobal()) {\n const DOMPurify = (root) => createDOMPurify(root);\n\n /**\n * Version label, exposed for easier checks\n * if DOMPurify is up to date or not\n */\n DOMPurify.version = VERSION;\n\n /**\n * Array of elements that DOMPurify removed during sanitation.\n * Empty if nothing was removed.\n */\n DOMPurify.removed = [];\n\n if (!window || !window.document || window.document.nodeType !== 9) {\n // Not running in a browser, provide a factory function\n // so that you can pass your own Window\n DOMPurify.isSupported = false;\n\n return DOMPurify;\n }\n\n const originalDocument = window.document;\n\n let { document } = window;\n const {\n DocumentFragment,\n HTMLTemplateElement,\n Node,\n Element,\n NodeFilter,\n NamedNodeMap = window.NamedNodeMap || window.MozNamedAttrMap,\n HTMLFormElement,\n DOMParser,\n trustedTypes,\n } = window;\n\n const ElementPrototype = Element.prototype;\n\n const cloneNode = lookupGetter(ElementPrototype, 'cloneNode');\n const getNextSibling = lookupGetter(ElementPrototype, 'nextSibling');\n const getChildNodes = lookupGetter(ElementPrototype, 'childNodes');\n const getParentNode = lookupGetter(ElementPrototype, 'parentNode');\n\n // As per issue #47, the web-components registry is inherited by a\n // new document created via createHTMLDocument. As per the spec\n // (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)\n // a new empty registry is used when creating a template contents owner\n // document, so we use that as our parent document to ensure nothing\n // is inherited.\n if (typeof HTMLTemplateElement === 'function') {\n const template = document.createElement('template');\n if (template.content && template.content.ownerDocument) {\n document = template.content.ownerDocument;\n }\n }\n\n const trustedTypesPolicy = _createTrustedTypesPolicy(\n trustedTypes,\n originalDocument\n );\n const emptyHTML = trustedTypesPolicy ? trustedTypesPolicy.createHTML('') : '';\n\n const {\n implementation,\n createNodeIterator,\n createDocumentFragment,\n getElementsByTagName,\n } = document;\n const { importNode } = originalDocument;\n\n let documentMode = {};\n try {\n documentMode = clone(document).documentMode ? document.documentMode : {};\n } catch (_) {}\n\n let hooks = {};\n\n /**\n * Expose whether this browser supports running the full DOMPurify.\n */\n DOMPurify.isSupported =\n typeof getParentNode === 'function' &&\n implementation &&\n typeof implementation.createHTMLDocument !== 'undefined' &&\n documentMode !== 9;\n\n const {\n MUSTACHE_EXPR,\n ERB_EXPR,\n DATA_ATTR,\n ARIA_ATTR,\n IS_SCRIPT_OR_DATA,\n ATTR_WHITESPACE,\n } = EXPRESSIONS;\n\n let { IS_ALLOWED_URI } = EXPRESSIONS;\n\n /**\n * We consider the elements and attributes below to be safe. Ideally\n * don't add any new ones but feel free to remove unwanted ones.\n */\n\n /* allowed element names */\n let ALLOWED_TAGS = null;\n const DEFAULT_ALLOWED_TAGS = addToSet({}, [\n ...TAGS.html,\n ...TAGS.svg,\n ...TAGS.svgFilters,\n ...TAGS.mathMl,\n ...TAGS.text,\n ]);\n\n /* Allowed attribute names */\n let ALLOWED_ATTR = null;\n const DEFAULT_ALLOWED_ATTR = addToSet({}, [\n ...ATTRS.html,\n ...ATTRS.svg,\n ...ATTRS.mathMl,\n ...ATTRS.xml,\n ]);\n\n /*\n * Configure how DOMPUrify should handle custom elements and their attributes as well as customized built-in elements.\n * @property {RegExp|Function|null} tagNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any custom elements)\n * @property {RegExp|Function|null} attributeNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any attributes not on the allow list)\n * @property {boolean} allowCustomizedBuiltInElements allow custom elements derived from built-ins if they pass CUSTOM_ELEMENT_HANDLING.tagNameCheck. Default: `false`.\n */\n const CUSTOM_ELEMENT_HANDLING = Object.seal(\n Object.create(null, {\n tagNameCheck: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: null,\n },\n attributeNameCheck: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: null,\n },\n allowCustomizedBuiltInElements: {\n writable: true,\n configurable: false,\n enumerable: true,\n value: false,\n },\n })\n );\n\n /* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */\n let FORBID_TAGS = null;\n\n /* Explicitly forbidden attributes (overrides ALLOWED_ATTR/ADD_ATTR) */\n let FORBID_ATTR = null;\n\n /* Decide if ARIA attributes are okay */\n let ALLOW_ARIA_ATTR = true;\n\n /* Decide if custom data attributes are okay */\n let ALLOW_DATA_ATTR = true;\n\n /* Decide if unknown protocols are okay */\n let ALLOW_UNKNOWN_PROTOCOLS = false;\n\n /* Output should be safe for common template engines.\n * This means, DOMPurify removes data attributes, mustaches and ERB\n */\n let SAFE_FOR_TEMPLATES = false;\n\n /* Decide if document with <html>... should be returned */\n let WHOLE_DOCUMENT = false;\n\n /* Track whether config is already set on this instance of DOMPurify. */\n let SET_CONFIG = false;\n\n /* Decide if all elements (e.g. style, script) must be children of\n * document.body. By default, browsers might move them to document.head */\n let FORCE_BODY = false;\n\n /* Decide if a DOM `HTMLBodyElement` should be returned, instead of a html\n * string (or a TrustedHTML object if Trusted Types are supported).\n * If `WHOLE_DOCUMENT` is enabled a `HTMLHtmlElement` will be returned instead\n */\n let RETURN_DOM = false;\n\n /* Decide if a DOM `DocumentFragment` should be returned, instead of a html\n * string (or a TrustedHTML object if Trusted Types are supported) */\n let RETURN_DOM_FRAGMENT = false;\n\n /* Try to return a Trusted Type object instead of a string, return a string in\n * case Trusted Types are not supported */\n let RETURN_TRUSTED_TYPE = false;\n\n /* Output should be free from DOM clobbering attacks?\n * This sanitizes markups named with colliding, clobberable built-in DOM APIs.\n */\n let SANITIZE_DOM = true;\n\n /* Achieve full DOM Clobbering protection by isolating the namespace of named\n * properties and JS variables, mitigating attacks that abuse the HTML/DOM spec rules.\n *\n * HTML/DOM spec rules that enable DOM Clobbering:\n * - Named Access on Window (§7.3.3)\n * - DOM Tree Accessors (§3.1.5)\n * - Form Element Parent-Child Relations (§4.10.3)\n * - Iframe srcdoc / Nested WindowProxies (§4.8.5)\n * - HTMLCollection (§4.2.10.2)\n *\n * Namespace isolation is implemented by prefixing `id` and `name` attributes\n * with a constant string, i.e., `user-content-`\n */\n let SANITIZE_NAMED_PROPS = false;\n const SANITIZE_NAMED_PROPS_PREFIX = 'user-content-';\n\n /* Keep element content when removing element? */\n let KEEP_CONTENT = true;\n\n /* If a `Node` is passed to sanitize(), then performs sanitization in-place instead\n * of importing it into a new Document and returning a sanitized copy */\n let IN_PLACE = false;\n\n /* Allow usage of profiles like html, svg and mathMl */\n let USE_PROFILES = {};\n\n /* Tags to ignore content of when KEEP_CONTENT is true */\n let FORBID_CONTENTS = null;\n const DEFAULT_FORBID_CONTENTS = addToSet({}, [\n 'annotation-xml',\n 'audio',\n 'colgroup',\n 'desc',\n 'foreignobject',\n 'head',\n 'iframe',\n 'math',\n 'mi',\n 'mn',\n 'mo',\n 'ms',\n 'mtext',\n 'noembed',\n 'noframes',\n 'noscript',\n 'plaintext',\n 'script',\n 'style',\n 'svg',\n 'template',\n 'thead',\n 'title',\n 'video',\n 'xmp',\n ]);\n\n /* Tags that are safe for data: URIs */\n let DATA_URI_TAGS = null;\n const DEFAULT_DATA_URI_TAGS = addToSet({}, [\n 'audio',\n 'video',\n 'img',\n 'source',\n 'image',\n 'track',\n ]);\n\n /* Attributes safe for values like \"javascript:\" */\n let URI_SAFE_ATTRIBUTES = null;\n const DEFAULT_URI_SAFE_ATTRIBUTES = addToSet({}, [\n 'alt',\n 'class',\n 'for',\n 'id',\n 'label',\n 'name',\n 'pattern',\n 'placeholder',\n 'role',\n 'summary',\n 'title',\n 'value',\n 'style',\n 'xmlns',\n ]);\n\n const MATHML_NAMESPACE = 'http://www.w3.org/1998/Math/MathML';\n const SVG_NAMESPACE = 'http://www.w3.org/2000/svg';\n const HTML_NAMESPACE = 'http://www.w3.org/1999/xhtml';\n /* Document namespace */\n let NAMESPACE = HTML_NAMESPACE;\n let IS_EMPTY_INPUT = false;\n\n /* Parsing of strict XHTML documents */\n let PARSER_MEDIA_TYPE;\n const SUPPORTED_PARSER_MEDIA_TYPES = ['application/xhtml+xml', 'text/html'];\n const DEFAULT_PARSER_MEDIA_TYPE = 'text/html';\n let transformCaseFunc;\n\n /* Keep a reference to config to pass to hooks */\n let CONFIG = null;\n\n /* Ideally, do not touch anything below this line */\n /* ______________________________________________ */\n\n const formElement = document.createElement('form');\n\n const isRegexOrFunction = function (testValue) {\n return testValue instanceof RegExp || testValue instanceof Function;\n };\n\n /**\n * _parseConfig\n *\n * @param {Object} cfg optional config literal\n */\n // eslint-disable-next-line complexity\n const _parseConfig = function (cfg) {\n if (CONFIG && CONFIG === cfg) {\n return;\n }\n\n /* Shield configuration object from tampering */\n if (!cfg || typeof cfg !== 'object') {\n cfg = {};\n }\n\n /* Shield configuration object from prototype pollution */\n cfg = clone(cfg);\n\n PARSER_MEDIA_TYPE =\n // eslint-disable-next-line unicorn/prefer-includes\n SUPPORTED_PARSER_MEDIA_TYPES.indexOf(cfg.PARSER_MEDIA_TYPE) === -1\n ? (PARSER_MEDIA_TYPE = DEFAULT_PARSER_MEDIA_TYPE)\n : (PARSER_MEDIA_TYPE = cfg.PARSER_MEDIA_TYPE);\n\n // HTML tags and attributes are not case-sensitive, converting to lowercase. Keeping XHTML as is.\n transformCaseFunc =\n PARSER_MEDIA_TYPE === 'application/xhtml+xml'\n ? (x) => x\n : stringToLowerCase;\n\n /* Set configuration parameters */\n ALLOWED_TAGS =\n 'ALLOWED_TAGS' in cfg\n ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc)\n : DEFAULT_ALLOWED_TAGS;\n ALLOWED_ATTR =\n 'ALLOWED_ATTR' in cfg\n ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc)\n : DEFAULT_ALLOWED_ATTR;\n URI_SAFE_ATTRIBUTES =\n 'ADD_URI_SAFE_ATTR' in cfg\n ? addToSet(\n clone(DEFAULT_URI_SAFE_ATTRIBUTES), // eslint-disable-line indent\n cfg.ADD_URI_SAFE_ATTR, // eslint-disable-line indent\n transformCaseFunc // eslint-disable-line indent\n ) // eslint-disable-line indent\n : DEFAULT_URI_SAFE_ATTRIBUTES;\n DATA_URI_TAGS =\n 'ADD_DATA_URI_TAGS' in cfg\n ? addToSet(\n clone(DEFAULT_DATA_URI_TAGS), // eslint-disable-line indent\n cfg.ADD_DATA_URI_TAGS, // eslint-disable-line indent\n transformCaseFunc // eslint-disable-line indent\n ) // eslint-disable-line indent\n : DEFAULT_DATA_URI_TAGS;\n FORBID_CONTENTS =\n 'FORBID_CONTENTS' in cfg\n ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc)\n : DEFAULT_FORBID_CONTENTS;\n FORBID_TAGS =\n 'FORBID_TAGS' in cfg\n ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc)\n : {};\n FORBID_ATTR =\n 'FORBID_ATTR' in cfg\n ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc)\n : {};\n USE_PROFILES = 'USE_PROFILES' in cfg ? cfg.USE_PROFILES : false;\n ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true\n ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true\n ALLOW_UNKNOWN_PROTOCOLS = cfg.ALLOW_UNKNOWN_PROTOCOLS || false; // Default false\n SAFE_FOR_TEMPLATES = cfg.SAFE_FOR_TEMPLATES || false; // Default false\n WHOLE_DOCUMENT = cfg.WHOLE_DOCUMENT || false; // Default false\n RETURN_DOM = cfg.RETURN_DOM || false; // Default false\n RETURN_DOM_FRAGMENT = cfg.RETURN_DOM_FRAGMENT || false; // Default false\n RETURN_TRUSTED_TYPE = cfg.RETURN_TRUSTED_TYPE || false; // Default false\n FORCE_BODY = cfg.FORCE_BODY || false; // Default false\n SANITIZE_DOM = cfg.SANITIZE_DOM !== false; // Default true\n SANITIZE_NAMED_PROPS = cfg.SANITIZE_NAMED_PROPS || false; // Default false\n KEEP_CONTENT = cfg.KEEP_CONTENT !== false; // Default true\n IN_PLACE = cfg.IN_PLACE || false; // Default false\n IS_ALLOWED_URI = cfg.ALLOWED_URI_REGEXP || IS_ALLOWED_URI;\n NAMESPACE = cfg.NAMESPACE || HTML_NAMESPACE;\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck)\n ) {\n CUSTOM_ELEMENT_HANDLING.tagNameCheck =\n cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck;\n }\n\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)\n ) {\n CUSTOM_ELEMENT_HANDLING.attributeNameCheck =\n cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck;\n }\n\n if (\n cfg.CUSTOM_ELEMENT_HANDLING &&\n typeof cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements ===\n 'boolean'\n ) {\n CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements =\n cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements;\n }\n\n if (SAFE_FOR_TEMPLATES) {\n ALLOW_DATA_ATTR = false;\n }\n\n if (RETURN_DOM_FRAGMENT) {\n RETURN_DOM = true;\n }\n\n /* Parse profile info */\n if (USE_PROFILES) {\n ALLOWED_TAGS = addToSet({}, [...TAGS.text]);\n ALLOWED_ATTR = [];\n if (USE_PROFILES.html === true) {\n addToSet(ALLOWED_TAGS, TAGS.html);\n addToSet(ALLOWED_ATTR, ATTRS.html);\n }\n\n if (USE_PROFILES.svg === true) {\n addToSet(ALLOWED_TAGS, TAGS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n\n if (USE_PROFILES.svgFilters === true) {\n addToSet(ALLOWED_TAGS, TAGS.svgFilters);\n addToSet(ALLOWED_ATTR, ATTRS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n\n if (USE_PROFILES.mathMl === true) {\n addToSet(ALLOWED_TAGS, TAGS.mathMl);\n addToSet(ALLOWED_ATTR, ATTRS.mathMl);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n }\n\n /* Merge configuration parameters */\n if (cfg.ADD_TAGS) {\n if (ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) {\n ALLOWED_TAGS = clone(ALLOWED_TAGS);\n }\n\n addToSet(ALLOWED_TAGS, cfg.ADD_TAGS, transformCaseFunc);\n }\n\n if (cfg.ADD_ATTR) {\n if (ALLOWED_ATTR === DEFAULT_ALLOWED_ATTR) {\n ALLOWED_ATTR = clone(ALLOWED_ATTR);\n }\n\n addToSet(ALLOWED_ATTR, cfg.ADD_ATTR, transformCaseFunc);\n }\n\n if (cfg.ADD_URI_SAFE_ATTR) {\n addToSet(URI_SAFE_ATTRIBUTES, cfg.ADD_URI_SAFE_ATTR, transformCaseFunc);\n }\n\n if (cfg.FORBID_CONTENTS) {\n if (FORBID_CONTENTS === DEFAULT_FORBID_CONTENTS) {\n FORBID_CONTENTS = clone(FORBID_CONTENTS);\n }\n\n addToSet(FORBID_CONTENTS, cfg.FORBID_CONTENTS, transformCaseFunc);\n }\n\n /* Add #text in case KEEP_CONTENT is set to true */\n if (KEEP_CONTENT) {\n ALLOWED_TAGS['#text'] = true;\n }\n\n /* Add html, head and body to ALLOWED_TAGS in case WHOLE_DOCUMENT is true */\n if (WHOLE_DOCUMENT) {\n addToSet(ALLOWED_TAGS, ['html', 'head', 'body']);\n }\n\n /* Add tbody to ALLOWED_TAGS in case tables are permitted, see #286, #365 */\n if (ALLOWED_TAGS.table) {\n addToSet(ALLOWED_TAGS, ['tbody']);\n delete FORBID_TAGS.tbody;\n }\n\n // Prevent further manipulation of configuration.\n // Not available in IE8, Safari 5, etc.\n if (freeze) {\n freeze(cfg);\n }\n\n CONFIG = cfg;\n };\n\n const MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, [\n 'mi',\n 'mo',\n 'mn',\n 'ms',\n 'mtext',\n ]);\n\n const HTML_INTEGRATION_POINTS = addToSet({}, [\n 'foreignobject',\n 'desc',\n 'title',\n 'annotation-xml',\n ]);\n\n // Certain elements are allowed in both SVG and HTML\n // namespace. We need to specify them explicitly\n // so that they don't get erroneously deleted from\n // HTML namespace.\n const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, [\n 'title',\n 'style',\n 'font',\n 'a',\n 'script',\n ]);\n\n /* Keep track of all possible SVG and MathML tags\n * so that we can perform the namespace checks\n * correctly. */\n const ALL_SVG_TAGS = addToSet({}, TAGS.svg);\n addToSet(ALL_SVG_TAGS, TAGS.svgFilters);\n addToSet(ALL_SVG_TAGS, TAGS.svgDisallowed);\n\n const ALL_MATHML_TAGS = addToSet({}, TAGS.mathMl);\n addToSet(ALL_MATHML_TAGS, TAGS.mathMlDisallowed);\n\n /**\n *\n *\n * @param {Element} element a DOM element whose namespace is being checked\n * @returns {boolean} Return false if the element has a\n * namespace that a spec-compliant parser would never\n * return. Return true otherwise.\n */\n const _checkValidNamespace = function (element) {\n let parent = getParentNode(element);\n\n // In JSDOM, if we're inside shadow DOM, then parentNode\n // can be null. We just simulate parent in this case.\n if (!parent || !parent.tagName) {\n parent = {\n namespaceURI: HTML_NAMESPACE,\n tagName: 'template',\n };\n }\n\n const tagName = stringToLowerCase(element.tagName);\n const parentTagName = stringToLowerCase(parent.tagName);\n\n if (element.namespaceURI === SVG_NAMESPACE) {\n // The only way to switch from HTML namespace to SVG\n // is via <svg>. If it happens via any other tag, then\n // it should be killed.\n if (parent.namespaceURI === HTML_NAMESPACE) {\n return tagName === 'svg';\n }\n\n // The only way to switch from MathML to SVG is via\n // svg if parent is either <annotation-xml> or MathML\n // text integration points.\n if (parent.namespaceURI === MATHML_NAMESPACE) {\n return (\n tagName === 'svg' &&\n (parentTagName === 'annotation-xml' ||\n MATHML_TEXT_INTEGRATION_POINTS[parentTagName])\n );\n }\n\n // We only allow elements that are defined in SVG\n // spec. All others are disallowed in SVG namespace.\n return Boolean(ALL_SVG_TAGS[tagName]);\n }\n\n if (element.namespaceURI === MATHML_NAMESPACE) {\n // The only way to switch from HTML namespace to MathML\n // is via <math>. If it happens via any other tag, then\n // it should be killed.\n if (parent.namespaceURI === HTML_NAMESPACE) {\n return tagName === 'math';\n }\n\n // The only way to switch from SVG to MathML is via\n // <math> and HTML integration points\n if (parent.namespaceURI === SVG_NAMESPACE) {\n return tagName === 'math' && HTML_INTEGRATION_POINTS[parentTagName];\n }\n\n // We only allow elements that are defined in MathML\n // spec. All others are disallowed in MathML namespace.\n return Boolean(ALL_MATHML_TAGS[tagName]);\n }\n\n if (element.namespaceURI === HTML_NAMESPACE) {\n // The only way to switch from SVG to HTML is via\n // HTML integration points, and from MathML to HTML\n // is via MathML text integration points\n if (\n parent.namespaceURI === SVG_NAMESPACE &&\n !HTML_INTEGRATION_POINTS[parentTagName]\n ) {\n return false;\n }\n\n if (\n parent.namespaceURI === MATHML_NAMESPACE &&\n !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]\n ) {\n return false;\n }\n\n // We disallow tags that are specific for MathML\n // or SVG and should never appear in HTML namespace\n return (\n !ALL_MATHML_TAGS[tagName] &&\n (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName])\n );\n }\n\n // The code should never reach this place (this means\n // that the element somehow got namespace that is not\n // HTML, SVG or MathML). Return false just in case.\n return false;\n };\n\n /**\n * _forceRemove\n *\n * @param {Node} node a DOM node\n */\n const _forceRemove = function (node) {\n arrayPush(DOMPurify.removed, { element: node });\n try {\n // eslint-disable-next-line unicorn/prefer-dom-node-remove\n node.parentNode.removeChild(node);\n } catch (_) {\n try {\n node.outerHTML = emptyHTML;\n } catch (_) {\n node.remove();\n }\n }\n };\n\n /**\n * _removeAttribute\n *\n * @param {String} name an Attribute name\n * @param {Node} node a DOM node\n */\n const _removeAttribute = function (name, node) {\n try {\n arrayPush(DOMPurify.removed, {\n attribute: node.getAttributeNode(name),\n from: node,\n });\n } catch (_) {\n arrayPush(DOMPurify.removed, {\n attribute: null,\n from: node,\n });\n }\n\n node.removeAttribute(name);\n\n // We void attribute values for unremovable \"is\"\" attributes\n if (name === 'is' && !ALLOWED_ATTR[name]) {\n if (RETURN_DOM || RETURN_DOM_FRAGMENT) {\n try {\n _forceRemove(node);\n } catch (_) {}\n } else {\n try {\n node.setAttribute(name, '');\n } catch (_) {}\n }\n }\n };\n\n /**\n * _initDocument\n *\n * @param {String} dirty a string of dirty markup\n * @return {Document} a DOM, filled with the dirty markup\n */\n const _initDocument = function (dirty) {\n /* Create a HTML document */\n let doc;\n let leadingWhitespace;\n\n if (FORCE_BODY) {\n dirty = '<remove></remove>' + dirty;\n } else {\n /* If FORCE_BODY isn't used, leading whitespace needs to be preserved manually */\n const matches = stringMatch(dirty, /^[\\r\\n\\t ]+/);\n leadingWhitespace = matches && matches[0];\n }\n\n if (PARSER_MEDIA_TYPE === 'application/xhtml+xml') {\n // Root of XHTML doc must contain xmlns declaration (see https://www.w3.org/TR/xhtml1/normative.html#strict)\n dirty =\n '<html xmlns=\"http://www.w3.org/1999/xhtml\"><head></head><body>' +\n dirty +\n '</body></html>';\n }\n\n const dirtyPayload = trustedTypesPolicy\n ? trustedTypesPolicy.createHTML(dirty)\n : dirty;\n /*\n * Use the DOMParser API by default, fallback later if needs be\n * DOMParser not work for svg when has multiple root element.\n */\n if (NAMESPACE === HTML_NAMESPACE) {\n try {\n doc = new DOMParser().parseFromString(dirtyPayload, PARSER_MEDIA_TYPE);\n } catch (_) {}\n }\n\n /* Use createHTMLDocument in case DOMParser is not available */\n if (!doc || !doc.documentElement) {\n doc = implementation.createDocument(NAMESPACE, 'template', null);\n try {\n doc.documentElement.innerHTML = IS_EMPTY_INPUT ? '' : dirtyPayload;\n } catch (_) {\n // Syntax error if dirtyPayload is invalid xml\n }\n }\n\n const body = doc.body || doc.documentElement;\n\n if (dirty && leadingWhitespace) {\n body.insertBefore(\n document.createTextNode(leadingWhitespace),\n body.childNodes[0] || null\n );\n }\n\n /* Work on whole document or just its body */\n if (NAMESPACE === HTML_NAMESPACE) {\n return getElementsByTagName.call(\n doc,\n WHOLE_DOCUMENT ? 'html' : 'body'\n )[0];\n }\n\n return WHOLE_DOCUMENT ? doc.documentElement : body;\n };\n\n /**\n * _createIterator\n *\n * @param {Document} root document/fragment to create iterator for\n * @return {Iterator} iterator instance\n */\n const _createIterator = function (root) {\n return createNodeIterator.call(\n root.ownerDocument || root,\n root,\n // eslint-disable-next-line no-bitwise\n NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT,\n null,\n false\n );\n };\n\n /**\n * _isClobbered\n *\n * @param {Node} elm element to check for clobbering attacks\n * @return {Boolean} true if clobbered, false if safe\n */\n const _isClobbered = function (elm) {\n return (\n elm instanceof HTMLFormElement &&\n (typeof elm.nodeName !== 'string' ||\n typeof elm.textContent !== 'string' ||\n typeof elm.removeChild !== 'function' ||\n !(elm.attributes instanceof NamedNodeMap) ||\n typeof elm.removeAttribute !== 'function' ||\n typeof elm.setAttribute !== 'function' ||\n typeof elm.namespaceURI !== 'string' ||\n typeof elm.insertBefore !== 'function' ||\n typeof elm.hasChildNodes !== 'function')\n );\n };\n\n /**\n * _isNode\n *\n * @param {Node} obj object to check whether it's a DOM node\n * @return {Boolean} true is object is a DOM node\n */\n const _isNode = function (object) {\n return typeof Node === 'object'\n ? object instanceof Node\n : object &&\n typeof object === 'object' &&\n typeof object.nodeType === 'number' &&\n typeof object.nodeName === 'string';\n };\n\n /**\n * _executeHook\n * Execute user configurable hooks\n *\n * @param {String} entryPoint Name of the hook's entry point\n * @param {Node} currentNode node to work on with the hook\n * @param {Object} data additional hook parameters\n */\n const _executeHook = function (entryPoint, currentNode, data) {\n if (!hooks[entryPoint]) {\n return;\n }\n\n arrayForEach(hooks[entryPoint], (hook) => {\n hook.call(DOMPurify, currentNode, data, CONFIG);\n });\n };\n\n /**\n * _sanitizeElements\n *\n * @protect nodeName\n * @protect textContent\n * @protect removeChild\n *\n * @param {Node} currentNode to check for permission to exist\n * @return {Boolean} true if node was killed, false if left alive\n */\n const _sanitizeElements = function (currentNode) {\n let content;\n\n /* Execute a hook if present */\n _executeHook('beforeSanitizeElements', currentNode, null);\n\n /* Check if element is clobbered or can clobber */\n if (_isClobbered(currentNode)) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Check if tagname contains Unicode */\n if (regExpTest(/[\\u0080-\\uFFFF]/, currentNode.nodeName)) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Now let's check the element's type and name */\n const tagName = transformCaseFunc(currentNode.nodeName);\n\n /* Execute a hook if present */\n _executeHook('uponSanitizeElement', currentNode, {\n tagName,\n allowedTags: ALLOWED_TAGS,\n });\n\n /* Detect mXSS attempts abusing namespace confusion */\n if (\n currentNode.hasChildNodes() &&\n !_isNode(currentNode.firstElementChild) &&\n (!_isNode(currentNode.content) ||\n !_isNode(currentNode.content.firstElementChild)) &&\n regExpTest(/<[/\\w]/g, currentNode.innerHTML) &&\n regExpTest(/<[/\\w]/g, currentNode.textContent)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Mitigate a problem with templates inside select */\n if (\n tagName === 'select' &&\n regExpTest(/<template/i, currentNode.innerHTML)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Remove element if anything forbids its presence */\n if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {\n /* Check if we have a custom element to handle */\n if (!FORBID_TAGS[tagName] && _basicCustomElementTest(tagName)) {\n if (\n CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, tagName)\n )\n return false;\n if (\n CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(tagName)\n )\n return false;\n }\n\n /* Keep content except for bad-listed elements */\n if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) {\n const parentNode = getParentNode(currentNode) || currentNode.parentNode;\n const childNodes = getChildNodes(currentNode) || currentNode.childNodes;\n\n if (childNodes && parentNode) {\n const childCount = childNodes.length;\n\n for (let i = childCount - 1; i >= 0; --i) {\n parentNode.insertBefore(\n cloneNode(childNodes[i], true),\n getNextSibling(currentNode)\n );\n }\n }\n }\n\n _forceRemove(currentNode);\n return true;\n }\n\n /* Check whether element has a valid namespace */\n if (currentNode instanceof Element && !_checkValidNamespace(currentNode)) {\n _forceRemove(currentNode);\n return true;\n }\n\n if (\n (tagName === 'noscript' || tagName === 'noembed') &&\n regExpTest(/<\\/no(script|embed)/i, currentNode.innerHTML)\n ) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Sanitize element content to be template-safe */\n if (SAFE_FOR_TEMPLATES && currentNode.nodeType === 3) {\n /* Get the element's text content */\n content = currentNode.textContent;\n content = stringReplace(content, MUSTACHE_EXPR, ' ');\n content = stringReplace(content, ERB_EXPR, ' ');\n if (currentNode.textContent !== content) {\n arrayPush(DOMPurify.removed, { element: currentNode.cloneNode() });\n currentNode.textContent = content;\n }\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeElements', currentNode, null);\n\n return false;\n };\n\n /**\n * _isValidAttribute\n *\n * @param {string} lcTag Lowercase tag name of containing element.\n * @param {string} lcName Lowercase attribute name.\n * @param {string} value Attribute value.\n * @return {Boolean} Returns true if `value` is valid, otherwise false.\n */\n // eslint-disable-next-line complexity\n const _isValidAttribute = function (lcTag, lcName, value) {\n /* Make sure attribute cannot clobber */\n if (\n SANITIZE_DOM &&\n (lcName === 'id' || lcName === 'name') &&\n (value in document || value in formElement)\n ) {\n return false;\n }\n\n /* Allow valid data-* attributes: At least one character after \"-\"\n (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)\n XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804)\n We don't need to check the value; it's always URI safe. */\n if (\n ALLOW_DATA_ATTR &&\n !FORBID_ATTR[lcName] &&\n regExpTest(DATA_ATTR, lcName)\n ) {\n // This attribute is safe\n } else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR, lcName)) {\n // This attribute is safe\n /* Otherwise, check the name is permitted */\n } else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) {\n if (\n // First condition does a very basic check if a) it's basically a valid custom element tagname AND\n // b) if the tagName passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck\n // and c) if the attribute name passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.attributeNameCheck\n (_basicCustomElementTest(lcTag) &&\n ((CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, lcTag)) ||\n (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(lcTag))) &&\n ((CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.attributeNameCheck, lcName)) ||\n (CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.attributeNameCheck(lcName)))) ||\n // Alternative, second condition checks if it's an `is`-attribute, AND\n // the value passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck\n (lcName === 'is' &&\n CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements &&\n ((CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, value)) ||\n (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(value))))\n ) {\n // If user has supplied a regexp or function in CUSTOM_ELEMENT_HANDLING.tagNameCheck, we need to also allow derived custom elements using the same tagName test.\n // Additionally, we need to allow attributes passing the CUSTOM_ELEMENT_HANDLING.attributeNameCheck user has configured, as custom elements can define these at their own discretion.\n } else {\n return false;\n }\n /* Check value is safe. First, is attr inert? If so, is safe */\n } else if (URI_SAFE_ATTRIBUTES[lcName]) {\n // This attribute is safe\n /* Check no script, data or unknown possibly unsafe URI\n unless we know URI values are safe for that attribute */\n } else if (\n regExpTest(IS_ALLOWED_URI, stringReplace(value, ATTR_WHITESPACE, ''))\n ) {\n // This attribute is safe\n /* Keep image data URIs alive if src/xlink:href is allowed */\n /* Further prevent gadget XSS for dynamically built script tags */\n } else if (\n (lcName === 'src' || lcName === 'xlink:href' || lcName === 'href') &&\n lcTag !== 'script' &&\n stringIndexOf(value, 'data:') === 0 &&\n DATA_URI_TAGS[lcTag]\n ) {\n // This attribute is safe\n /* Allow unknown protocols: This provides support for links that\n are handled by protocol handlers which may be unknown ahead of\n time, e.g. fb:, spotify: */\n } else if (\n ALLOW_UNKNOWN_PROTOCOLS &&\n !regExpTest(IS_SCRIPT_OR_DATA, stringReplace(value, ATTR_WHITESPACE, ''))\n ) {\n // This attribute is safe\n /* Check for binary attributes */\n // eslint-disable-next-line no-negated-condition\n } else if (!value) {\n // Binary attributes are safe at this point\n /* Anything else, presume unsafe, do not add it back */\n } else {\n return false;\n }\n\n return true;\n };\n\n /**\n * _basicCustomElementCheck\n * checks if at least one dash is included in tagName, and it's not the first char\n * for more sophisticated checking see https://github.com/sindresorhus/validate-element-name\n * @param {string} tagName name of the tag of the node to sanitize\n */\n const _basicCustomElementTest = function (tagName) {\n return tagName.indexOf('-') > 0;\n };\n\n /**\n * _sanitizeAttributes\n *\n * @protect attributes\n * @protect nodeName\n * @protect removeAttribute\n * @protect setAttribute\n *\n * @param {Node} currentNode to sanitize\n */\n const _sanitizeAttributes = function (currentNode) {\n let attr;\n let value;\n let lcName;\n let l;\n /* Execute a hook if present */\n _executeHook('beforeSanitizeAttributes', currentNode, null);\n\n const { attributes } = currentNode;\n\n /* Check if we have attributes; if not we might have a text node */\n if (!attributes) {\n return;\n }\n\n const hookEvent = {\n attrName: '',\n attrValue: '',\n keepAttr: true,\n allowedAttributes: ALLOWED_ATTR,\n };\n l = attributes.length;\n\n /* Go backwards over all attributes; safely remove bad ones */\n while (l--) {\n attr = attributes[l];\n const { name, namespaceURI } = attr;\n value = name === 'value' ? attr.value : stringTrim(attr.value);\n lcName = transformCaseFunc(name);\n\n /* Execute a hook if present */\n hookEvent.attrName = lcName;\n hookEvent.attrValue = value;\n hookEvent.keepAttr = true;\n hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set\n _executeHook('uponSanitizeAttribute', currentNode, hookEvent);\n value = hookEvent.attrValue;\n /* Did the hooks approve of the attribute? */\n if (hookEvent.forceKeepAttr) {\n continue;\n }\n\n /* Remove attribute */\n _removeAttribute(name, currentNode);\n\n /* Did the hooks approve of the attribute? */\n if (!hookEvent.keepAttr) {\n continue;\n }\n\n /* Work around a security issue in jQuery 3.0 */\n if (regExpTest(/\\/>/i, value)) {\n _removeAttribute(name, currentNode);\n continue;\n }\n\n /* Sanitize attribute content to be template-safe */\n if (SAFE_FOR_TEMPLATES) {\n value = stringReplace(value, MUSTACHE_EXPR, ' ');\n value = stringReplace(value, ERB_EXPR, ' ');\n }\n\n /* Is `value` valid for this attribute? */\n const lcTag = transformCaseFunc(currentNode.nodeName);\n if (!_isValidAttribute(lcTag, lcName, value)) {\n continue;\n }\n\n /* Full DOM Clobbering protection via namespace isolation,\n * Prefix id and name attributes with `user-content-`\n */\n if (SANITIZE_NAMED_PROPS && (lcName === 'id' || lcName === 'name')) {\n // Remove the attribute with this value\n _removeAttribute(name, currentNode);\n\n // Prefix the value and later re-create the attribute with the sanitized value\n value = SANITIZE_NAMED_PROPS_PREFIX + value;\n }\n\n /* Handle attributes that require Trusted Types */\n if (\n trustedTypesPolicy &&\n typeof trustedTypes === 'object' &&\n typeof trustedTypes.getAttributeType === 'function'\n ) {\n if (namespaceURI) {\n /* Namespaces are not yet supported, see https://bugs.chromium.org/p/chromium/issues/detail?id=1305293 */\n } else {\n switch (trustedTypes.getAttributeType(lcTag, lcName)) {\n case 'TrustedHTML':\n value = trustedTypesPolicy.createHTML(value);\n break;\n case 'TrustedScriptURL':\n value = trustedTypesPolicy.createScriptURL(value);\n break;\n default:\n break;\n }\n }\n }\n\n /* Handle invalid data-* attribute set by try-catching it */\n try {\n if (namespaceURI) {\n currentNode.setAttributeNS(namespaceURI, name, value);\n } else {\n /* Fallback to setAttribute() for browser-unrecognized namespaces e.g. \"x-schema\". */\n currentNode.setAttribute(name, value);\n }\n\n arrayPop(DOMPurify.removed);\n } catch (_) {}\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeAttributes', currentNode, null);\n };\n\n /**\n * _sanitizeShadowDOM\n *\n * @param {DocumentFragment} fragment to iterate over recursively\n */\n const _sanitizeShadowDOM = function (fragment) {\n let shadowNode;\n const shadowIterator = _createIterator(fragment);\n\n /* Execute a hook if present */\n _executeHook('beforeSanitizeShadowDOM', fragment, null);\n\n while ((shadowNode = shadowIterator.nextNode())) {\n /* Execute a hook if present */\n _executeHook('uponSanitizeShadowNode', shadowNode, null);\n\n /* Sanitize tags and elements */\n if (_sanitizeElements(shadowNode)) {\n continue;\n }\n\n /* Deep shadow DOM detected */\n if (shadowNode.content instanceof DocumentFragment) {\n _sanitizeShadowDOM(shadowNode.content);\n }\n\n /* Check attributes, sanitize if necessary */\n _sanitizeAttributes(shadowNode);\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeShadowDOM', fragment, null);\n };\n\n /**\n * Sanitize\n * Public method providing core sanitation functionality\n *\n * @param {String|Node} dirty string or DOM node\n * @param {Object} configuration object\n */\n // eslint-disable-next-line complexity\n DOMPurify.sanitize = function (dirty, cfg = {}) {\n let body;\n let importedNode;\n let currentNode;\n let oldNode;\n let returnNode;\n /* Make sure we have a string to sanitize.\n DO NOT return early, as this will return the wrong type if\n the user has requested a DOM object rather than a string */\n IS_EMPTY_INPUT = !dirty;\n if (IS_EMPTY_INPUT) {\n dirty = '<!-->';\n }\n\n /* Stringify, in case dirty is an object */\n if (typeof dirty !== 'string' && !_isNode(dirty)) {\n // eslint-disable-next-line no-negated-condition\n if (typeof dirty.toString !== 'function') {\n throw typeErrorCreate('toString is not a function');\n } else {\n dirty = dirty.toString();\n if (typeof dirty !== 'string') {\n throw typeErrorCreate('dirty is not a string, aborting');\n }\n }\n }\n\n /* Check we can run. Otherwise fall back or ignore */\n if (!DOMPurify.isSupported) {\n if (\n typeof window.toStaticHTML === 'object' ||\n typeof window.toStaticHTML === 'function'\n ) {\n if (typeof dirty === 'string') {\n return window.toStaticHTML(dirty);\n }\n\n if (_isNode(dirty)) {\n return window.toStaticHTML(dirty.outerHTML);\n }\n }\n\n return dirty;\n }\n\n /* Assign config vars */\n if (!SET_CONFIG) {\n _parseConfig(cfg);\n }\n\n /* Clean up removed elements */\n DOMPurify.removed = [];\n\n /* Check if dirty is correctly typed for IN_PLACE */\n if (typeof dirty === 'string') {\n IN_PLACE = false;\n }\n\n if (IN_PLACE) {\n /* Do some early pre-sanitization to avoid unsafe root nodes */\n if (dirty.nodeName) {\n const tagName = transformCaseFunc(dirty.nodeName);\n if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {\n throw typeErrorCreate(\n 'root node is forbidden and cannot be sanitized in-place'\n );\n }\n }\n } else if (dirty instanceof Node) {\n /* If dirty is a DOM element, append to an empty document to avoid\n elements being stripped by the parser */\n body = _initDocument('<!---->');\n importedNode = body.ownerDocument.importNode(dirty, true);\n if (importedNode.nodeType === 1 && importedNode.nodeName === 'BODY') {\n /* Node is already a body, use as is */\n body = importedNode;\n } else if (importedNode.nodeName === 'HTML') {\n body = importedNode;\n } else {\n // eslint-disable-next-line unicorn/prefer-dom-node-append\n body.appendChild(importedNode);\n }\n } else {\n /* Exit directly if we have nothing to do */\n if (\n !RETURN_DOM &&\n !SAFE_FOR_TEMPLATES &&\n !WHOLE_DOCUMENT &&\n // eslint-disable-next-line unicorn/prefer-includes\n dirty.indexOf('<') === -1\n ) {\n return trustedTypesPolicy && RETURN_TRUSTED_TYPE\n ? trustedTypesPolicy.createHTML(dirty)\n : dirty;\n }\n\n /* Initialize the document to work on */\n body = _initDocument(dirty);\n\n /* Check we have a DOM node from the data */\n if (!body) {\n return RETURN_DOM ? null : RETURN_TRUSTED_TYPE ? emptyHTML : '';\n }\n }\n\n /* Remove first element node (ours) if FORCE_BODY is set */\n if (body && FORCE_BODY) {\n _forceRemove(body.firstChild);\n }\n\n /* Get node iterator */\n const nodeIterator = _createIterator(IN_PLACE ? dirty : body);\n\n /* Now start iterating over the created document */\n while ((currentNode = nodeIterator.nextNode())) {\n /* Fix IE's strange behavior with manipulated textNodes #89 */\n if (currentNode.nodeType === 3 && currentNode === oldNode) {\n continue;\n }\n\n /* Sanitize tags and elements */\n if (_sanitizeElements(currentNode)) {\n continue;\n }\n\n /* Shadow DOM detected, sanitize it */\n if (currentNode.content instanceof DocumentFragment) {\n _sanitizeShadowDOM(currentNode.content);\n }\n\n /* Check attributes, sanitize if necessary */\n _sanitizeAttributes(currentNode);\n\n oldNode = currentNode;\n }\n\n oldNode = null;\n\n /* If we sanitized `dirty` in-place, return it. */\n if (IN_PLACE) {\n return dirty;\n }\n\n /* Return sanitized string or DOM */\n if (RETURN_DOM) {\n if (RETURN_DOM_FRAGMENT) {\n returnNode = createDocumentFragment.call(body.ownerDocument);\n\n while (body.firstChild) {\n // eslint-disable-next-line unicorn/prefer-dom-node-append\n returnNode.appendChild(body.firstChild);\n }\n } else {\n returnNode = body;\n }\n\n if (ALLOWED_ATTR.shadowroot) {\n /*\n AdoptNode() is not used because internal state is not reset\n (e.g. the past names map of a HTMLFormElement), this is safe\n in theory but we would rather not risk another attack vector.\n The state that is cloned by importNode() is explicitly defined\n by the specs.\n */\n returnNode = importNode.call(originalDocument, returnNode, true);\n }\n\n return returnNode;\n }\n\n let serializedHTML = WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML;\n\n /* Serialize doctype if allowed */\n if (\n WHOLE_DOCUMENT &&\n ALLOWED_TAGS['!doctype'] &&\n body.ownerDocument &&\n body.ownerDocument.doctype &&\n body.ownerDocument.doctype.name &&\n regExpTest(EXPRESSIONS.DOCTYPE_NAME, body.ownerDocument.doctype.name)\n ) {\n serializedHTML =\n '<!DOCTYPE ' + body.ownerDocument.doctype.name + '>\\n' + serializedHTML;\n }\n\n /* Sanitize final string template-safe */\n if (SAFE_FOR_TEMPLATES) {\n serializedHTML = stringReplace(serializedHTML, MUSTACHE_EXPR, ' ');\n serializedHTML = stringReplace(serializedHTML, ERB_EXPR, ' ');\n }\n\n return trustedTypesPolicy && RETURN_TRUSTED_TYPE\n ? trustedTypesPolicy.createHTML(serializedHTML)\n : serializedHTML;\n };\n\n /**\n * Public method to set the configuration once\n * setConfig\n *\n * @param {Object} cfg configuration object\n */\n DOMPurify.setConfig = function (cfg) {\n _parseConfig(cfg);\n SET_CONFIG = true;\n };\n\n /**\n * Public method to remove the configuration\n * clearConfig\n *\n */\n DOMPurify.clearConfig = function () {\n CONFIG = null;\n SET_CONFIG = false;\n };\n\n /**\n * Public method to check if an attribute value is valid.\n * Uses last set config, if any. Otherwise, uses config defaults.\n * isValidAttribute\n *\n * @param {string} tag Tag name of containing element.\n * @param {string} attr Attribute name.\n * @param {string} value Attribute value.\n * @return {Boolean} Returns true if `value` is valid. Otherwise, returns false.\n */\n DOMPurify.isValidAttribute = function (tag, attr, value) {\n /* Initialize shared config vars if necessary. */\n if (!CONFIG) {\n _parseConfig({});\n }\n\n const lcTag = transformCaseFunc(tag);\n const lcName = transformCaseFunc(attr);\n return _isValidAttribute(lcTag, lcName, value);\n };\n\n /**\n * AddHook\n * Public method to add DOMPurify hooks\n *\n * @param {String} entryPoint entry point for the hook to add\n * @param {Function} hookFunction function to execute\n */\n DOMPurify.addHook = function (entryPoint, hookFunction) {\n if (typeof hookFunction !== 'function') {\n return;\n }\n\n hooks[entryPoint] = hooks[entryPoint] || [];\n arrayPush(hooks[entryPoint], hookFunction);\n };\n\n /**\n * RemoveHook\n * Public method to remove a DOMPurify hook at a given entryPoint\n * (pops it from the stack of hooks if more are present)\n *\n * @param {String} entryPoint entry point for the hook to remove\n * @return {Function} removed(popped) hook\n */\n DOMPurify.removeHook = function (entryPoint) {\n if (hooks[entryPoint]) {\n return arrayPop(hooks[entryPoint]);\n }\n };\n\n /**\n * RemoveHooks\n * Public method to remove all DOMPurify hooks at a given entryPoint\n *\n * @param {String} entryPoint entry point for the hooks to remove\n */\n DOMPurify.removeHooks = function (entryPoint) {\n if (hooks[entryPoint]) {\n hooks[entryPoint] = [];\n }\n };\n\n /**\n * RemoveAllHooks\n * Public method to remove all DOMPurify hooks\n *\n */\n DOMPurify.removeAllHooks = function () {\n hooks = {};\n };\n\n return DOMPurify;\n}\n\nexport default createDOMPurify();\n"],"names":["hasOwnProperty","Object","setPrototypeOf","isFrozen","getPrototypeOf","getOwnPropertyDescriptor","freeze","seal","create","_ref","Reflect","apply","construct","fun","thisValue","args","x","Func","func","arrayForEach","unapply","Array","prototype","forEach","arrayPop","pop","arrayPush","push","stringToLowerCase","String","toLowerCase","stringMatch","match","stringReplace","replace","stringIndexOf","indexOf","stringTrim","trim","regExpTest","RegExp","test","typeErrorCreate","TypeError","_len2","arguments","length","_key2","thisArg","_len","_key","addToSet","set","array","transformCaseFunc","l","element","lcElement","clone","object","property","newObject","lookupGetter","prop","desc","get","value","fallbackValue","console","warn","html","svg","svgFilters","svgDisallowed","mathMl","mathMlDisallowed","text","xml","MUSTACHE_EXPR","ERB_EXPR","DATA_ATTR","ARIA_ATTR","IS_ALLOWED_URI","IS_SCRIPT_OR_DATA","ATTR_WHITESPACE","DOCTYPE_NAME","getGlobal","window","_createTrustedTypesPolicy","trustedTypes","document","_typeof","createPolicy","suffix","ATTR_NAME","currentScript","hasAttribute","getAttribute","policyName","createHTML","createScriptURL","scriptUrl","_","purify","createDOMPurify","DOMPurify","root","version","VERSION","removed","nodeType","isSupported","originalDocument","DocumentFragment","HTMLTemplateElement","Node","Element","NodeFilter","NamedNodeMap","MozNamedAttrMap","_window$NamedNodeMap","HTMLFormElement","DOMParser","ElementPrototype","cloneNode","getNextSibling","getChildNodes","getParentNode","template","createElement","content","ownerDocument","trustedTypesPolicy","emptyHTML","_document","implementation","createNodeIterator","createDocumentFragment","getElementsByTagName","importNode","documentMode","hooks","createHTMLDocument","PARSER_MEDIA_TYPE","EXPRESSIONS","ALLOWED_TAGS","DEFAULT_ALLOWED_TAGS","TAGS","_toConsumableArray","ALLOWED_ATTR","DEFAULT_ALLOWED_ATTR","ATTRS","CUSTOM_ELEMENT_HANDLING","tagNameCheck","writable","configurable","enumerable","attributeNameCheck","allowCustomizedBuiltInElements","FORBID_TAGS","FORBID_ATTR","ALLOW_ARIA_ATTR","ALLOW_DATA_ATTR","ALLOW_UNKNOWN_PROTOCOLS","SAFE_FOR_TEMPLATES","WHOLE_DOCUMENT","SET_CONFIG","FORCE_BODY","RETURN_DOM","RETURN_DOM_FRAGMENT","RETURN_TRUSTED_TYPE","SANITIZE_DOM","SANITIZE_NAMED_PROPS","SANITIZE_NAMED_PROPS_PREFIX","KEEP_CONTENT","IN_PLACE","USE_PROFILES","FORBID_CONTENTS","DEFAULT_FORBID_CONTENTS","DATA_URI_TAGS","DEFAULT_DATA_URI_TAGS","URI_SAFE_ATTRIBUTES","DEFAULT_URI_SAFE_ATTRIBUTES","MATHML_NAMESPACE","SVG_NAMESPACE","HTML_NAMESPACE","NAMESPACE","IS_EMPTY_INPUT","SUPPORTED_PARSER_MEDIA_TYPES","DEFAULT_PARSER_MEDIA_TYPE","CONFIG","formElement","isRegexOrFunction","testValue","Function","_parseConfig","cfg","ADD_URI_SAFE_ATTR","ADD_DATA_URI_TAGS","ALLOWED_URI_REGEXP","ADD_TAGS","ADD_ATTR","table","tbody","MATHML_TEXT_INTEGRATION_POINTS","HTML_INTEGRATION_POINTS","COMMON_SVG_AND_HTML_ELEMENTS","ALL_SVG_TAGS","ALL_MATHML_TAGS","_checkValidNamespace","parent","tagName","namespaceURI","parentTagName","Boolean","_forceRemove","node","parentNode","removeChild","outerHTML","remove","_removeAttribute","name","attribute","getAttributeNode","from","removeAttribute","setAttribute","_initDocument","dirty","doc","leadingWhitespace","matches","dirtyPayload","parseFromString","documentElement","createDocument","innerHTML","body","insertBefore","createTextNode","childNodes","call","_createIterator","SHOW_ELEMENT","SHOW_COMMENT","SHOW_TEXT","_isClobbered","elm","nodeName","textContent","attributes","hasChildNodes","_isNode","_executeHook","entryPoint","currentNode","data","hook","_sanitizeElements","allowedTags","firstElementChild","_basicCustomElementTest","i","_isValidAttribute","lcTag","lcName","_sanitizeAttributes","attr","hookEvent","attrName","attrValue","keepAttr","allowedAttributes","_attr","forceKeepAttr","undefined","getAttributeType","setAttributeNS","_sanitizeShadowDOM","fragment","shadowNode","shadowIterator","nextNode","sanitize","importedNode","oldNode","returnNode","toString","toStaticHTML","appendChild","firstChild","nodeIterator","shadowroot","serializedHTML","doctype","setConfig","clearConfig","isValidAttribute","tag","addHook","hookFunction","removeHook","removeHooks","removeAllHooks"],"mappings":";muDAAA,IACEA,EAKEC,OALFD,eACAE,EAIED,OAJFC,eACAC,EAGEF,OAHFE,SACAC,EAEEH,OAFFG,eACAC,EACEJ,OADFI,yBAGIC,EAAyBL,OAAzBK,OAAQC,EAAiBN,OAAjBM,KAAMC,EAAWP,OAAXO,OACpBC,EAA8C,oBAAZC,SAA2BA,QAAvDC,IAAAA,MAAOC,IAAAA,UAERD,IACHA,EAAQ,SAAUE,EAAKC,EAAWC,GAChC,OAAOF,EAAIF,MAAMG,EAAWC,EAC7B,GAGET,IACHA,EAAS,SAAUU,GACjB,OAAOA,CACR,GAGET,IACHA,EAAO,SAAUS,GACf,OAAOA,CACR,GAGEJ,IACHA,EAAY,SAAUK,EAAMF,GACfE,OAAAA,EAAAA,IAAQF,GACpB,GAGH,IAoB4BG,EApBtBC,EAAeC,EAAQC,MAAMC,UAAUC,SAEvCC,EAAWJ,EAAQC,MAAMC,UAAUG,KACnCC,EAAYN,EAAQC,MAAMC,UAAUK,MAGpCC,EAAoBR,EAAQS,OAAOP,UAAUQ,aAC7CC,EAAcX,EAAQS,OAAOP,UAAUU,OACvCC,EAAgBb,EAAQS,OAAOP,UAAUY,SACzCC,EAAgBf,EAAQS,OAAOP,UAAUc,SACzCC,EAAajB,EAAQS,OAAOP,UAAUgB,MAEtCC,EAAanB,EAAQoB,OAAOlB,UAAUmB,MAEtCC,GAMsBxB,EANQyB,UAO3B,WAAA,IAAA,IAAAC,EAAAC,UAAAC,OAAI/B,EAAJ,IAAAM,MAAAuB,GAAAG,EAAA,EAAAA,EAAAH,EAAAG,IAAIhC,EAAJgC,GAAAF,UAAAE,GAAA,OAAanC,EAAUM,EAAMH,EAA7B,GALF,SAASK,EAAQF,GACtB,OAAO,SAAC8B,GAAD,IAAA,IAAAC,EAAAJ,UAAAC,OAAa/B,EAAb,IAAAM,MAAA4B,EAAA,EAAAA,EAAA,EAAA,GAAAC,EAAA,EAAAA,EAAAD,EAAAC,IAAanC,EAAbmC,EAAA,GAAAL,UAAAK,GAAA,OAAsBvC,EAAMO,EAAM8B,EAASjC,EAA3C,CACR,CAOM,SAASoC,EAASC,EAAKC,EAAOC,GACnCA,EAAoBA,GAAwC1B,EACxD1B,GAIFA,EAAekD,EAAK,MAIfG,IADP,IAAIA,EAAIF,EAAMP,OACPS,KAAK,CACV,IAAIC,EAAUH,EAAME,GACpB,GAAuB,iBAAZC,EAAsB,CAC/B,IAAMC,EAAYH,EAAkBE,GAChCC,IAAcD,IAEXrD,EAASkD,KACZA,EAAME,GAAKE,GAGbD,EAAUC,EAEb,CAEDL,EAAII,IAAW,CAChB,CAED,OAAOJ,CACR,CAGM,SAASM,EAAMC,GACpB,IAEIC,EAFEC,EAAYrD,EAAO,MAGpBoD,IAAAA,KAAYD,EACXhD,EAAMX,EAAgB2D,EAAQ,CAACC,MACjCC,EAAUD,GAAYD,EAAOC,IAIjC,OAAOC,CACR,CAMD,SAASC,EAAaH,EAAQI,GACrBJ,KAAW,OAAXA,GAAiB,CACtB,IAAMK,EAAO3D,EAAyBsD,EAAQI,GAC9C,GAAIC,EAAM,CACJA,GAAAA,EAAKC,IACP,OAAO7C,EAAQ4C,EAAKC,KAGtB,GAA0B,mBAAfD,EAAKE,MACd,OAAO9C,EAAQ4C,EAAKE,MAEvB,CAEDP,EAASvD,EAAeuD,EACzB,CAOD,OALSQ,SAAcX,GAErB,OADAY,QAAQC,KAAK,qBAAsBb,GAC5B,IACR,CAGF,CChIM,IAAMc,EAAOhE,EAAO,CACzB,IACA,OACA,UACA,UACA,OACA,UACA,QACA,QACA,IACA,MACA,MACA,MACA,QACA,aACA,OACA,KACA,SACA,SACA,UACA,SACA,OACA,OACA,MACA,WACA,UACA,OACA,WACA,KACA,YACA,MACA,UACA,MACA,SACA,MACA,MACA,KACA,KACA,UACA,KACA,WACA,aACA,SACA,OACA,SACA,OACA,KACA,KACA,KACA,KACA,KACA,KACA,OACA,SACA,SACA,KACA,OACA,IACA,MACA,QACA,MACA,MACA,QACA,SACA,KACA,OACA,MACA,OACA,UACA,OACA,WACA,QACA,MACA,OACA,KACA,WACA,SACA,SACA,IACA,UACA,MACA,WACA,IACA,KACA,KACA,OACA,IACA,OACA,UACA,SACA,SACA,QACA,SACA,SACA,OACA,SACA,SACA,QACA,MACA,UACA,MACA,QACA,QACA,KACA,WACA,WACA,QACA,KACA,QACA,OACA,KACA,QACA,KACA,IACA,KACA,MACA,QACA,QAIWiE,EAAMjE,EAAO,CACxB,MACA,IACA,WACA,cACA,eACA,eACA,gBACA,mBACA,SACA,WACA,OACA,OACA,UACA,SACA,OACA,IACA,QACA,WACA,QACA,QACA,OACA,iBACA,SACA,OACA,WACA,QACA,OACA,UACA,UACA,WACA,iBACA,OACA,OACA,QACA,SACA,SACA,OACA,WACA,QACA,OACA,QACA,OACA,UAGWkE,EAAalE,EAAO,CAC/B,UACA,gBACA,sBACA,cACA,mBACA,oBACA,oBACA,iBACA,UACA,UACA,UACA,UACA,UACA,iBACA,UACA,UACA,cACA,eACA,WACA,eACA,qBACA,cACA,SACA,iBAOWmE,EAAgBnE,EAAO,CAClC,UACA,gBACA,SACA,UACA,eACA,YACA,mBACA,iBACA,gBACA,gBACA,gBACA,QACA,YACA,OACA,eACA,YACA,UACA,gBACA,SACA,MACA,aACA,UACA,QAGWoE,EAASpE,EAAO,CAC3B,OACA,WACA,SACA,UACA,QACA,SACA,KACA,aACA,gBACA,KACA,KACA,QACA,UACA,WACA,QACA,OACA,KACA,SACA,QACA,SACA,OACA,OACA,UACA,SACA,MACA,QACA,MACA,SACA,eAKWqE,EAAmBrE,EAAO,CACrC,UACA,cACA,aACA,WACA,YACA,UACA,UACA,SACA,SACA,QACA,YACA,aACA,iBACA,cACA,SAGWsE,EAAOtE,EAAO,CAAC,UCpRfgE,EAAOhE,EAAO,CACzB,SACA,SACA,QACA,MACA,iBACA,eACA,uBACA,WACA,aACA,UACA,SACA,UACA,cACA,cACA,UACA,OACA,QACA,QACA,QACA,OACA,UACA,WACA,eACA,SACA,cACA,WACA,WACA,UACA,MACA,WACA,0BACA,wBACA,WACA,YACA,UACA,eACA,OACA,MACA,UACA,SACA,SACA,OACA,OACA,WACA,KACA,YACA,YACA,QACA,OACA,QACA,OACA,OACA,UACA,OACA,MACA,MACA,YACA,QACA,SACA,MACA,YACA,WACA,QACA,OACA,QACA,UACA,aACA,SACA,OACA,UACA,UACA,cACA,cACA,SACA,UACA,UACA,aACA,WACA,MACA,WACA,MACA,WACA,OACA,OACA,UACA,aACA,QACA,WACA,QACA,OACA,QACA,OACA,UACA,QACA,MACA,SACA,OACA,QACA,UACA,WACA,QACA,YACA,OACA,SACA,SACA,QACA,QACA,QACA,SAGWiE,EAAMjE,EAAO,CACxB,gBACA,aACA,WACA,qBACA,SACA,gBACA,gBACA,UACA,gBACA,iBACA,QACA,OACA,KACA,QACA,OACA,gBACA,YACA,YACA,QACA,sBACA,8BACA,gBACA,kBACA,KACA,KACA,IACA,KACA,KACA,kBACA,YACA,UACA,UACA,MACA,WACA,YACA,MACA,OACA,eACA,YACA,SACA,cACA,cACA,gBACA,cACA,YACA,mBACA,eACA,aACA,eACA,cACA,KACA,KACA,KACA,KACA,aACA,WACA,gBACA,oBACA,SACA,OACA,KACA,kBACA,KACA,MACA,IACA,KACA,KACA,KACA,KACA,UACA,YACA,aACA,WACA,OACA,eACA,iBACA,eACA,mBACA,iBACA,QACA,aACA,aACA,eACA,eACA,cACA,cACA,mBACA,YACA,MACA,OACA,QACA,SACA,OACA,MACA,OACA,aACA,SACA,WACA,UACA,QACA,SACA,cACA,SACA,WACA,cACA,OACA,aACA,sBACA,mBACA,eACA,SACA,gBACA,sBACA,iBACA,IACA,KACA,KACA,SACA,OACA,OACA,cACA,YACA,UACA,SACA,SACA,QACA,OACA,kBACA,mBACA,mBACA,eACA,cACA,eACA,cACA,aACA,eACA,mBACA,oBACA,iBACA,kBACA,oBACA,iBACA,SACA,eACA,QACA,eACA,iBACA,WACA,UACA,UACA,YACA,mBACA,cACA,kBACA,iBACA,aACA,OACA,KACA,KACA,UACA,SACA,UACA,aACA,UACA,aACA,gBACA,gBACA,QACA,eACA,OACA,eACA,mBACA,mBACA,IACA,KACA,KACA,QACA,IACA,KACA,KACA,IACA,eAGWoE,EAASpE,EAAO,CAC3B,SACA,cACA,QACA,WACA,QACA,eACA,cACA,aACA,aACA,QACA,MACA,UACA,eACA,WACA,QACA,QACA,SACA,OACA,KACA,UACA,SACA,gBACA,SACA,SACA,iBACA,YACA,WACA,cACA,UACA,UACA,gBACA,WACA,WACA,OACA,WACA,WACA,aACA,UACA,SACA,SACA,cACA,gBACA,uBACA,YACA,YACA,aACA,WACA,iBACA,iBACA,YACA,UACA,QACA,UAGWuE,EAAMvE,EAAO,CACxB,aACA,SACA,cACA,YACA,gBCrWWwE,EAAgBvE,EAAK,6BACrBwE,EAAWxE,EAAK,yBAChByE,EAAYzE,EAAK,8BACjB0E,EAAY1E,EAAK,kBACjB2E,EAAiB3E,EAC5B,yFAEW4E,EAAoB5E,EAAK,yBACzB6E,EAAkB7E,EAC7B,+DAEW8E,EAAe9E,EAAK,WCM3B+E,EAAY,WAAA,MAAyB,oBAAXC,OAAyB,KAAOA,MAA9C,EAUZC,EAA4B,SAAUC,EAAcC,GAEtD,GAAwB,WAAxBC,EAAOF,IAC8B,mBAA9BA,EAAaG,aAEpB,OAAO,KAMLC,IAAAA,EAAS,KACPC,EAAY,wBAEhBJ,EAASK,eACTL,EAASK,cAAcC,aAAaF,KAEpCD,EAASH,EAASK,cAAcE,aAAaH,IAGzCI,IAAAA,EAAa,aAAeL,EAAS,IAAMA,EAAS,IAEtD,IACF,OAAOJ,EAAaG,aAAaM,EAAY,CAC3CC,WAAW7B,SAAAA,GACT,OAAOA,CAFkC,EAI3C8B,gBAAgBC,SAAAA,GACd,OAAOA,CACR,GAUJ,CARC,MAAOC,GAOP,OAHAlC,QAAQC,KACN,uBAAyB6B,EAAa,0BAEjC,IACR,CACF,EAqgDD,IAAAK,EAngDA,SAASC,IAAgBjB,IAAAA,EAASD,UAAAA,OAAAA,QAAAA,IAAAA,UAAAA,GAAAA,UAAAA,GAAAA,IAC1BmB,EAAY,SAACC,GAASF,OAAAA,EAAgBE,EAA1B,EAclB,GARAD,EAAUE,QAAUC,QAMpBH,EAAUI,QAAU,IAEftB,IAAWA,EAAOG,UAAyC,IAA7BH,EAAOG,SAASoB,SAKjD,OAFAL,EAAUM,aAAc,EAEjBN,EAGT,IAAMO,EAAmBzB,EAAOG,SAE1BA,EAAaH,EAAbG,SAEJuB,EASE1B,EATF0B,iBACAC,EAQE3B,EARF2B,oBACAC,EAOE5B,EAPF4B,KACAC,EAME7B,EANF6B,QACAC,EAKE9B,EALF8B,WAKE9B,EAAAA,EAJF+B,aAAAA,aAAe/B,EAAO+B,cAAgB/B,EAAOgC,gBAN/CC,EAOEC,EAGElC,EAHFkC,gBACAC,EAEEnC,EAFFmC,UACAjC,EACEF,EADFE,aAGIkC,EAAmBP,EAAQ9F,UAE3BsG,EAAY9D,EAAa6D,EAAkB,aAC3CE,GAAiB/D,EAAa6D,EAAkB,eAChDG,GAAgBhE,EAAa6D,EAAkB,cAC/CI,GAAgBjE,EAAa6D,EAAkB,cAQrD,GAAmC,mBAAxBT,EAAoC,CAC7C,IAAMc,GAAWtC,EAASuC,cAAc,YACpCD,GAASE,SAAWF,GAASE,QAAQC,gBACvCzC,EAAWsC,GAASE,QAAQC,cAE/B,CAED,IAAMC,GAAqB5C,EACzBC,EACAuB,GAEIqB,GAAYD,GAAqBA,GAAmBjC,WAAW,IAAM,GAE3EmC,GAKI5C,EAJF6C,MAAAA,eACAC,MAAAA,mBACAC,MAAAA,uBACAC,MAAAA,qBAEMC,GAAe3B,EAAf2B,WAEJC,GAAe,CAAA,EACf,IACFA,GAAelF,EAAMgC,GAAUkD,aAAelD,EAASkD,aAAe,EAC1D,CAAZ,MAAOtC,GAAK,CAEVuC,IAAAA,GAAQ,CAAA,EAKZpC,EAAUM,YACiB,mBAAlBgB,IACPQ,SAC6C,IAAtCA,GAAeO,oBACL,IAAjBF,GAEF,IA+MIG,GAGAzF,GAjNFwB,GAMEkE,EALFjE,GAKEiE,EAJFhE,GAIEgE,EAHF/D,GAGE+D,EAFF7D,GAEE6D,EADF5D,GACE4D,EAEE9D,GAAmB8D,EAQrBC,GAAe,KACbC,GAAuB/F,EAAS,eACjCgG,GADgCC,EAEhCD,GACAA,EAAAA,GACAA,EAAAA,GACAA,EAAAA,KAIDE,GAAe,KACbC,GAAuBnG,EAAS,CAAD,EAChCoG,GAAAA,OAAAA,EAAAA,GADgCH,EAEhCG,KACAA,GACAA,EAAAA,KASCC,GAA0BvJ,OAAOM,KACrCN,OAAOO,OAAO,KAAM,CAClBiJ,aAAc,CACZC,UAAU,EACVC,cAAc,EACdC,YAAY,EACZ1F,MAAO,MAET2F,mBAAoB,CAClBH,UAAU,EACVC,cAAc,EACdC,YAAY,EACZ1F,MAAO,MAET4F,+BAAgC,CAC9BJ,UAAU,EACVC,cAAc,EACdC,YAAY,EACZ1F,OAAO,MAMT6F,GAAc,KAGdC,GAAc,KAGdC,IAAkB,EAGlBC,IAAkB,EAGlBC,IAA0B,EAK1BC,IAAqB,EAGrBC,IAAiB,EAGjBC,IAAa,EAIbC,IAAa,EAMbC,IAAa,EAIbC,IAAsB,EAItBC,IAAsB,EAKtBC,IAAe,EAefC,IAAuB,EACrBC,GAA8B,gBAGhCC,IAAe,EAIfC,IAAW,EAGXC,GAAe,CAAA,EAGfC,GAAkB,KAChBC,GAA0B/H,EAAS,CAAD,EAAK,CAC3C,iBACA,QACA,WACA,OACA,gBACA,OACA,SACA,OACA,KACA,KACA,KACA,KACA,QACA,UACA,WACA,WACA,YACA,SACA,QACA,MACA,WACA,QACA,QACA,QACA,QAIEgI,GAAgB,KACdC,GAAwBjI,EAAS,CAAD,EAAK,CACzC,QACA,QACA,MACA,SACA,QACA,UAIEkI,GAAsB,KACpBC,GAA8BnI,EAAS,GAAI,CAC/C,MACA,QACA,MACA,KACA,QACA,OACA,UACA,cACA,OACA,UACA,QACA,QACA,QACA,UAGIoI,GAAmB,qCACnBC,GAAgB,6BAChBC,GAAiB,+BAEnBC,GAAYD,GACZE,IAAiB,EAIfC,GAA+B,CAAC,wBAAyB,aACzDC,GAA4B,YAI9BC,GAAS,KAKPC,GAAcrG,EAASuC,cAAc,QAErC+D,GAAoB,SAAUC,GAClC,OAAOA,aAAqBzJ,QAAUyJ,aAAqBC,QAC5D,EAQKC,GAAe,SAAUC,GACzBN,IAAUA,KAAWM,IAKpBA,GAAsB,WAAfzG,EAAOyG,KACjBA,EAAM,CAAA,GAIRA,EAAM1I,EAAM0I,GAEZrD,GAGOA,IAD4D,IAAjE6C,GAA6BxJ,QAAQgK,EAAIrD,mBAChB8C,GACAO,EAAIrD,kBAG/BzF,GACwB,0BAAtByF,GACI,SAAC/H,GAAD,OAAOA,CADX,EAEIY,EAGNqH,GACE,iBAAkBmD,EACdjJ,EAAS,CAAA,EAAIiJ,EAAInD,aAAc3F,IAC/B4F,GACNG,GACE,iBAAkB+C,EACdjJ,EAAS,CAAA,EAAIiJ,EAAI/C,aAAc/F,IAC/BgG,GACN+B,GACE,sBAAuBe,EACnBjJ,EACEO,EAAM4H,IACNc,EAAIC,kBACJ/I,IAEFgI,GACNH,GACE,sBAAuBiB,EACnBjJ,EACEO,EAAM0H,IACNgB,EAAIE,kBACJhJ,IAEF8H,GACNH,GACE,oBAAqBmB,EACjBjJ,EAAS,CAAA,EAAIiJ,EAAInB,gBAAiB3H,IAClC4H,GACNnB,GACE,gBAAiBqC,EACbjJ,EAAS,CAAA,EAAIiJ,EAAIrC,YAAazG,IAC9B,GACN0G,GACE,gBAAiBoC,EACbjJ,EAAS,CAAA,EAAIiJ,EAAIpC,YAAa1G,IAC9B,GACN0H,GAAe,iBAAkBoB,GAAMA,EAAIpB,aAC3Cf,IAA0C,IAAxBmC,EAAInC,gBACtBC,IAA0C,IAAxBkC,EAAIlC,gBACtBC,GAA0BiC,EAAIjC,0BAA2B,EACzDC,GAAqBgC,EAAIhC,qBAAsB,EAC/CC,GAAiB+B,EAAI/B,iBAAkB,EACvCG,GAAa4B,EAAI5B,aAAc,EAC/BC,GAAsB2B,EAAI3B,sBAAuB,EACjDC,GAAsB0B,EAAI1B,sBAAuB,EACjDH,GAAa6B,EAAI7B,aAAc,EAC/BI,IAAoC,IAArByB,EAAIzB,aACnBC,GAAuBwB,EAAIxB,uBAAwB,EACnDE,IAAoC,IAArBsB,EAAItB,aACnBC,GAAWqB,EAAIrB,WAAY,EAC3B7F,GAAiBkH,EAAIG,oBAAsBrH,GAC3CwG,GAAYU,EAAIV,WAAaD,GAE3BW,EAAI5C,yBACJwC,GAAkBI,EAAI5C,wBAAwBC,gBAE9CD,GAAwBC,aACtB2C,EAAI5C,wBAAwBC,cAI9B2C,EAAI5C,yBACJwC,GAAkBI,EAAI5C,wBAAwBK,sBAE9CL,GAAwBK,mBACtBuC,EAAI5C,wBAAwBK,oBAI9BuC,EAAI5C,yBAEF,kBADK4C,EAAI5C,wBAAwBM,iCAGnCN,GAAwBM,+BACtBsC,EAAI5C,wBAAwBM,gCAG5BM,KACFF,IAAkB,GAGhBO,KACFD,IAAa,GAIXQ,KACF/B,GAAe9F,EAAS,CAAA,EAAQgG,EAAAA,IAChCE,GAAe,IACW,IAAtB2B,GAAa1G,OACfnB,EAAS8F,GAAcE,GACvBhG,EAASkG,GAAcE,KAGA,IAArByB,GAAazG,MACfpB,EAAS8F,GAAcE,GACvBhG,EAASkG,GAAcE,GACvBpG,EAASkG,GAAcE,KAGO,IAA5ByB,GAAaxG,aACfrB,EAAS8F,GAAcE,GACvBhG,EAASkG,GAAcE,GACvBpG,EAASkG,GAAcE,KAGG,IAAxByB,GAAatG,SACfvB,EAAS8F,GAAcE,GACvBhG,EAASkG,GAAcE,GACvBpG,EAASkG,GAAcE,KAKvB6C,EAAII,WACFvD,KAAiBC,KACnBD,GAAevF,EAAMuF,KAGvB9F,EAAS8F,GAAcmD,EAAII,SAAUlJ,KAGnC8I,EAAIK,WACFpD,KAAiBC,KACnBD,GAAe3F,EAAM2F,KAGvBlG,EAASkG,GAAc+C,EAAIK,SAAUnJ,KAGnC8I,EAAIC,mBACNlJ,EAASkI,GAAqBe,EAAIC,kBAAmB/I,IAGnD8I,EAAInB,kBACFA,KAAoBC,KACtBD,GAAkBvH,EAAMuH,KAG1B9H,EAAS8H,GAAiBmB,EAAInB,gBAAiB3H,KAI7CwH,KACF7B,GAAa,UAAW,GAItBoB,IACFlH,EAAS8F,GAAc,CAAC,OAAQ,OAAQ,SAItCA,GAAayD,QACfvJ,EAAS8F,GAAc,CAAC,iBACjBc,GAAY4C,OAKjBrM,GACFA,EAAO8L,GAGTN,GAASM,EACV,EAEKQ,GAAiCzJ,EAAS,CAAA,EAAI,CAClD,KACA,KACA,KACA,KACA,UAGI0J,GAA0B1J,EAAS,GAAI,CAC3C,gBACA,OACA,QACA,mBAOI2J,GAA+B3J,EAAS,CAAA,EAAI,CAChD,QACA,QACA,OACA,IACA,WAMI4J,GAAe5J,EAAS,CAAD,EAAKgG,GAClChG,EAAS4J,GAAc5D,GACvBhG,EAAS4J,GAAc5D,GAEjB6D,IAAAA,GAAkB7J,EAAS,CAAD,EAAKgG,GACrChG,EAAS6J,GAAiB7D,GAU1B,IAAM8D,GAAuB,SAAUzJ,GACrC,IAAI0J,EAASnF,GAAcvE,GAItB0J,GAAWA,EAAOC,UACrBD,EAAS,CACPE,aAAc3B,GACd0B,QAAS,aAIb,IAAMA,EAAUvL,EAAkB4B,EAAQ2J,SACpCE,EAAgBzL,EAAkBsL,EAAOC,SAE/C,OAAI3J,EAAQ4J,eAAiB5B,GAIvB0B,EAAOE,eAAiB3B,GACP,QAAZ0B,EAMLD,EAAOE,eAAiB7B,GAEZ,QAAZ4B,IACmB,mBAAlBE,GACCT,GAA+BS,IAM9BC,QAAQP,GAAaI,IAG1B3J,EAAQ4J,eAAiB7B,GAIvB2B,EAAOE,eAAiB3B,GACP,SAAZ0B,EAKLD,EAAOE,eAAiB5B,GACP,SAAZ2B,GAAsBN,GAAwBQ,GAKhDC,QAAQN,GAAgBG,IAG7B3J,EAAQ4J,eAAiB3B,OAKzByB,EAAOE,eAAiB5B,KACvBqB,GAAwBQ,QAMzBH,EAAOE,eAAiB7B,KACvBqB,GAA+BS,OAQ/BL,GAAgBG,KAChBL,GAA6BK,KAAaJ,GAAaI,MAQ7D,EAOKI,GAAe,SAAUC,GAC7B9L,EAAU+E,EAAUI,QAAS,CAAErD,QAASgK,IACpC,IAEFA,EAAKC,WAAWC,YAAYF,EAO7B,CANC,MAAOlH,GACH,IACFkH,EAAKG,UAAYtF,EAGlB,CAFC,MAAO/B,GACPkH,EAAKI,QACN,CACF,CACF,EAQKC,GAAmB,SAAUC,EAAMN,GACnC,IACF9L,EAAU+E,EAAUI,QAAS,CAC3BkH,UAAWP,EAAKQ,iBAAiBF,GACjCG,KAAMT,GAOT,CALC,MAAOlH,GACP5E,EAAU+E,EAAUI,QAAS,CAC3BkH,UAAW,KACXE,KAAMT,GAET,CAKGM,GAHJN,EAAKU,gBAAgBJ,GAGR,OAATA,IAAkBzE,GAAayE,GAC7BtD,GAAAA,IAAcC,GACZ,IACF8C,GAAaC,EACD,CAAZ,MAAOlH,GAAK,MAEV,IACFkH,EAAKW,aAAaL,EAAM,GACZ,CAAZ,MAAOxH,GAAK,CAGnB,EAQK8H,GAAgB,SAAUC,GAE9B,IAAIC,EACAC,EAEJ,GAAIhE,GACF8D,EAAQ,oBAAsBA,MACzB,CAEL,IAAMG,EAAUzM,EAAYsM,EAAO,eACnCE,EAAoBC,GAAWA,EAAQ,EACxC,CAEyB,0BAAtBzF,KAEFsF,EACE,iEACAA,EACA,kBAGEI,IAAAA,EAAerG,GACjBA,GAAmBjC,WAAWkI,GAC9BA,EAKA3C,GAAAA,KAAcD,GACZ,IACF6C,GAAM,IAAI5G,GAAYgH,gBAAgBD,EAAc1F,GACxC,CAAZ,MAAOzC,GAAK,CAIhB,IAAKgI,IAAQA,EAAIK,gBAAiB,CAChCL,EAAM/F,GAAeqG,eAAelD,GAAW,WAAY,MACvD,IACF4C,EAAIK,gBAAgBE,UAAYlD,GAAiB,GAAK8C,CAGvD,CAFC,MAAOnI,GAER,CACF,CAEKwI,IAAAA,EAAOR,EAAIQ,MAAQR,EAAIK,gBAUzBjD,OARA2C,GAASE,GACXO,EAAKC,aACHrJ,EAASsJ,eAAeT,GACxBO,EAAKG,WAAW,IAAM,MAKtBvD,KAAcD,GACT/C,GAAqBwG,KAC1BZ,EACAjE,GAAiB,OAAS,QAC1B,GAGGA,GAAiBiE,EAAIK,gBAAkBG,CAC/C,EAQKK,GAAkB,SAAUzI,GACzB8B,OAAAA,GAAmB0G,KACxBxI,EAAKyB,eAAiBzB,EACtBA,EAEAW,EAAW+H,aAAe/H,EAAWgI,aAAehI,EAAWiI,UAC/D,MACA,EAEH,EAQKC,GAAe,SAAUC,GAC7B,OACEA,aAAe/H,IACU,iBAAjB+H,EAAIC,UACiB,iBAApBD,EAAIE,aACgB,mBAApBF,EAAI9B,eACT8B,EAAIG,sBAAsBrI,IACG,mBAAxBkI,EAAItB,iBACiB,mBAArBsB,EAAIrB,cACiB,iBAArBqB,EAAIpC,cACiB,mBAArBoC,EAAIT,cACkB,mBAAtBS,EAAII,cAEhB,EAQKC,GAAU,SAAUlM,GACxB,MAAuB,WAAhBgC,EAAOwB,GACVxD,aAAkBwD,EAClBxD,GACoB,WAAlBgC,EAAOhC,IACoB,iBAApBA,EAAOmD,UACa,iBAApBnD,EAAO8L,QACrB,EAUKK,GAAe,SAAUC,EAAYC,EAAaC,GACjDpH,GAAMkH,IAIX5O,EAAa0H,GAAMkH,IAAa,SAACG,GAC/BA,EAAKhB,KAAKzI,EAAWuJ,EAAaC,EAAMnE,GACzC,GACF,EAYKqE,GAAoB,SAAUH,GAClC,IAAI9H,EAMJ,GAHA4H,GAAa,yBAA0BE,EAAa,MAGhDT,GAAaS,GAEf,OADAzC,GAAayC,IACN,EAILzN,GAAAA,EAAW,kBAAmByN,EAAYP,UAE5C,OADAlC,GAAayC,IACN,EAIT,IAAM7C,EAAU7J,GAAkB0M,EAAYP,UAU5CO,GAPFF,GAAa,sBAAuBE,EAAa,CAC/C7C,QAAAA,EACAiD,YAAanH,KAKb+G,EAAYJ,kBACXC,GAAQG,EAAYK,sBACnBR,GAAQG,EAAY9H,WACnB2H,GAAQG,EAAY9H,QAAQmI,qBAC/B9N,EAAW,UAAWyN,EAAYnB,YAClCtM,EAAW,UAAWyN,EAAYN,aAGlC,OADAnC,GAAayC,IACN,EAIT,GACc,WAAZ7C,GACA5K,EAAW,aAAcyN,EAAYnB,WAGrC,OADAtB,GAAayC,IACN,EAIL,IAAC/G,GAAakE,IAAYpD,GAAYoD,GAAU,CAE9C,IAACpD,GAAYoD,IAAYmD,GAAwBnD,GAAU,CAC7D,GACE3D,GAAwBC,wBAAwBjH,QAChDD,EAAWiH,GAAwBC,aAAc0D,GAEjD,OAAO,EACT,GACE3D,GAAwBC,wBAAwByC,UAChD1C,GAAwBC,aAAa0D,GAErC,OAAO,CACV,CAGD,GAAIrC,KAAiBG,GAAgBkC,GAAU,CACvCM,IAAAA,EAAa1F,GAAciI,IAAgBA,EAAYvC,WACvDwB,EAAanH,GAAckI,IAAgBA,EAAYf,WAEzDA,GAAAA,GAAcxB,EAGhB,IAFA,IAES8C,EAFUtB,EAAWnM,OAEJ,EAAGyN,GAAK,IAAKA,EACrC9C,EAAWsB,aACTnH,EAAUqH,EAAWsB,IAAI,GACzB1I,GAAemI,GAItB,CAGD,OADAzC,GAAayC,IACN,CACR,CAGGA,OAAAA,aAAuB5I,IAAY6F,GAAqB+C,IAC1DzC,GAAayC,IACN,GAIM,aAAZ7C,GAAsC,YAAZA,IAC3B5K,EAAW,uBAAwByN,EAAYnB,YAO7CzE,IAA+C,IAAzB4F,EAAYlJ,WAEpCoB,EAAU8H,EAAYN,YACtBxH,EAAUjG,EAAciG,EAASpD,GAAe,KAChDoD,EAAUjG,EAAciG,EAASnD,GAAU,KACvCiL,EAAYN,cAAgBxH,IAC9BxG,EAAU+E,EAAUI,QAAS,CAAErD,QAASwM,EAAYpI,cACpDoI,EAAYN,YAAcxH,IAK9B4H,GAAa,wBAAyBE,EAAa,OAE5C,IAnBLzC,GAAayC,IACN,EAmBV,EAWKQ,GAAoB,SAAUC,EAAOC,EAAQxM,GAEjD,GACEyG,KACY,OAAX+F,GAA8B,SAAXA,KACnBxM,KAASwB,GAAYxB,KAAS6H,IAE/B,OAAO,EAOT,GACE7B,KACCF,GAAY0G,IACbnO,EAAWyC,GAAW0L,SAGjB,GAAIzG,IAAmB1H,EAAW0C,GAAWyL,SAG7C,IAAKrH,GAAaqH,IAAW1G,GAAY0G,IAE5C,KAGCJ,GAAwBG,KACrBjH,GAAwBC,wBAAwBjH,QAChDD,EAAWiH,GAAwBC,aAAcgH,IAChDjH,GAAwBC,wBAAwByC,UAC/C1C,GAAwBC,aAAagH,MACvCjH,GAAwBK,8BAA8BrH,QACtDD,EAAWiH,GAAwBK,mBAAoB6G,IACtDlH,GAAwBK,8BAA8BqC,UACrD1C,GAAwBK,mBAAmB6G,KAGrC,OAAXA,GACClH,GAAwBM,iCACtBN,GAAwBC,wBAAwBjH,QAChDD,EAAWiH,GAAwBC,aAAcvF,IAChDsF,GAAwBC,wBAAwByC,UAC/C1C,GAAwBC,aAAavF,KAK3C,OAAO,OAGJ,GAAImH,GAAoBqF,SAIxB,GACLnO,EAAW2C,GAAgBjD,EAAciC,EAAOkB,GAAiB,WAK5D,GACO,QAAXsL,GAA+B,eAAXA,GAAsC,SAAXA,GACtC,WAAVD,GACkC,IAAlCtO,EAAc+B,EAAO,WACrBiH,GAAcsF,IAMT,GACLtG,KACC5H,EAAW4C,GAAmBlD,EAAciC,EAAOkB,GAAiB,WAKhE,GAAKlB,EAIV,OAAO,OAGT,OAAO,CACR,EAQKoM,GAA0B,SAAUnD,GACxC,OAAOA,EAAQ/K,QAAQ,KAAO,CAC/B,EAYKuO,GAAsB,SAAUX,GACpC,IAAIY,EACA1M,EACAwM,EACAnN,EAEJuM,GAAa,2BAA4BE,EAAa,MAEtD,IAAQL,EAAeK,EAAfL,WAGJ,GAACA,EAAD,CAIJ,IAAMkB,EAAY,CAChBC,SAAU,GACVC,UAAW,GACXC,UAAU,EACVC,kBAAmB5H,IAKd9F,IAHPA,EAAIoM,EAAW7M,OAGRS,KAAK,CAEV,IAAA2N,EADAN,EAAOjB,EAAWpM,GACVuK,IAAAA,KAAMV,IAAAA,aAYVyD,GAXJ3M,EAAiB,UAAT4J,EAAmB8C,EAAK1M,MAAQ7B,EAAWuO,EAAK1M,OACxDwM,EAASpN,GAAkBwK,GAG3B+C,EAAUC,SAAWJ,EACrBG,EAAUE,UAAY7M,EACtB2M,EAAUG,UAAW,EACrBH,EAAUM,mBAAgBC,EAC1BtB,GAAa,wBAAyBE,EAAaa,GACnD3M,EAAQ2M,EAAUE,WAEdF,EAAUM,gBAKdtD,GAAiBC,EAAMkC,GAGlBa,EAAUG,UAKf,GAAIzO,EAAW,OAAQ2B,GACrB2J,GAAiBC,EAAMkC,OADzB,CAMI5F,KACFlG,EAAQjC,EAAciC,EAAOY,GAAe,KAC5CZ,EAAQjC,EAAciC,EAAOa,GAAU,MAIzC,IAAM0L,EAAQnN,GAAkB0M,EAAYP,UACxC,GAACe,GAAkBC,EAAOC,EAAQxM,GAAlC,CAgBJ,IATI0G,IAAoC,OAAX8F,GAA8B,SAAXA,IAE9C7C,GAAiBC,EAAMkC,GAGvB9L,EAAQ2G,GAA8B3G,GAKtCkE,IACwB,WAAxBzC,EAAOF,IACkC,mBAAlCA,EAAa4L,iBAEpB,GAAIjE,QAGF,OAAQ3H,EAAa4L,iBAAiBZ,EAAOC,IAC3C,IAAK,cACHxM,EAAQkE,GAAmBjC,WAAWjC,GACtC,MACF,IAAK,mBACHA,EAAQkE,GAAmBhC,gBAAgBlC,GAS/C,IACEkJ,EACF4C,EAAYsB,eAAelE,EAAcU,EAAM5J,GAG/C8L,EAAY7B,aAAaL,EAAM5J,GAGjC1C,EAASiF,EAAUI,QACP,CAAZ,MAAOP,GAAK,CA7Cb,CAZA,CA0DF,CAGDwJ,GAAa,0BAA2BE,EAAa,KAtGpD,CAuGF,EAOKuB,GAAqB,SAArBA,EAA+BC,GACnC,IAAIC,EACEC,EAAiBvC,GAAgBqC,GAKvC,IAFA1B,GAAa,0BAA2B0B,EAAU,MAE1CC,EAAaC,EAAeC,YAElC7B,GAAa,yBAA0B2B,EAAY,MAG/CtB,GAAkBsB,KAKlBA,EAAWvJ,mBAAmBjB,GAChCsK,EAAmBE,EAAWvJ,SAIhCyI,GAAoBc,IAItB3B,GAAa,yBAA0B0B,EAAU,KAClD,EA2SD,OAjSA/K,EAAUmL,SAAW,SAAUvD,GAAOjC,IAChC0C,EACA+C,EACA7B,EACA8B,EACAC,EALgC3F,yDAAM,CAAA,EAetC,IANJT,IAAkB0C,KAEhBA,EAAQ,eAIW,iBAAVA,IAAuBwB,GAAQxB,GAAQ,CAEhD,GAA8B,mBAAnBA,EAAM2D,SACTtP,MAAAA,EAAgB,8BAGtB,GAAqB,iBADrB2L,EAAQA,EAAM2D,YAENtP,MAAAA,EAAgB,kCAG3B,CAGD,IAAK+D,EAAUM,YAAa,CAC1B,GACiC,WAA/BpB,EAAOJ,EAAO0M,eACiB,mBAAxB1M,EAAO0M,aACd,CACA,GAAqB,iBAAV5D,EACT,OAAO9I,EAAO0M,aAAa5D,GAG7B,GAAIwB,GAAQxB,GACV,OAAO9I,EAAO0M,aAAa5D,EAAMV,UAEpC,CAED,OAAOU,CACR,CAeD,GAZK/D,IACH6B,GAAaC,GAIf3F,EAAUI,QAAU,GAGC,iBAAVwH,IACTtD,IAAW,GAGTA,IAEEsD,GAAAA,EAAMoB,SAAU,CAClB,IAAMtC,EAAU7J,GAAkB+K,EAAMoB,UACpC,IAACxG,GAAakE,IAAYpD,GAAYoD,GAClCzK,MAAAA,EACJ,0DAGL,OACI,GAAI2L,aAAiBlH,EAKI,KAD9B0K,GADA/C,EAAOV,GAAc,kBACDjG,cAAcQ,WAAW0F,GAAO,IACnCvH,UAA4C,SAA1B+K,EAAapC,UAGX,SAA1BoC,EAAapC,SADtBX,EAAO+C,EAKP/C,EAAKoD,YAAYL,OAEd,CAGH,IAACrH,KACAJ,KACAC,KAEuB,IAAxBgE,EAAMjM,QAAQ,KAEPgG,OAAAA,IAAsBsC,GACzBtC,GAAmBjC,WAAWkI,GAC9BA,EAOF,KAHJS,EAAOV,GAAcC,IAIZ7D,OAAAA,GAAa,KAAOE,GAAsBrC,GAAY,EAEhE,CAGGyG,GAAQvE,IACVgD,GAAauB,EAAKqD,YAOpB,IAHMC,IAAAA,EAAejD,GAAgBpE,GAAWsD,EAAQS,GAGhDkB,EAAcoC,EAAaT,YAEJ,IAAzB3B,EAAYlJ,UAAkBkJ,IAAgB8B,GAK9C3B,GAAkBH,KAKlBA,EAAY9H,mBAAmBjB,GACjCsK,GAAmBvB,EAAY9H,SAIjCyI,GAAoBX,GAEpB8B,EAAU9B,GAMZ,GAHA8B,EAAU,KAGN/G,GACF,OAAOsD,EAIT,GAAI7D,GAAY,CACd,GAAIC,GAGKqE,IAFPiD,EAAatJ,GAAuByG,KAAKJ,EAAK3G,eAEvC2G,EAAKqD,YAEVJ,EAAWG,YAAYpD,EAAKqD,iBAG9BJ,EAAajD,EAcf,OAXIzF,GAAagJ,aAQfN,EAAapJ,GAAWuG,KAAKlI,EAAkB+K,GAAY,IAGtDA,CACR,CAEGO,IAAAA,EAAiBjI,GAAiByE,EAAKnB,UAAYmB,EAAKD,UAqBrDzG,OAjBLiC,IACApB,GAAa,aACb6F,EAAK3G,eACL2G,EAAK3G,cAAcoK,SACnBzD,EAAK3G,cAAcoK,QAAQzE,MAC3BvL,EAAWyG,EAA0B8F,EAAK3G,cAAcoK,QAAQzE,QAEhEwE,EACE,aAAexD,EAAK3G,cAAcoK,QAAQzE,KAAO,MAAQwE,GAIzDlI,KACFkI,EAAiBrQ,EAAcqQ,EAAgBxN,GAAe,KAC9DwN,EAAiBrQ,EAAcqQ,EAAgBvN,GAAU,MAGpDqD,IAAsBsC,GACzBtC,GAAmBjC,WAAWmM,GAC9BA,CACL,EAQD7L,EAAU+L,UAAY,SAAUpG,GAC9BD,GAAaC,GACb9B,IAAa,CACd,EAOD7D,EAAUgM,YAAc,WACtB3G,GAAS,KACTxB,IAAa,CACd,EAYD7D,EAAUiM,iBAAmB,SAAUC,EAAK/B,EAAM1M,GAE3C4H,IACHK,GAAa,CAAD,GAGd,IAAMsE,EAAQnN,GAAkBqP,GAC1BjC,EAASpN,GAAkBsN,GACjC,OAAOJ,GAAkBC,EAAOC,EAAQxM,EACzC,EASDuC,EAAUmM,QAAU,SAAU7C,EAAY8C,GACZ,mBAAjBA,IAIXhK,GAAMkH,GAAclH,GAAMkH,IAAe,GACzCrO,EAAUmH,GAAMkH,GAAa8C,GAC9B,EAUDpM,EAAUqM,WAAa,SAAU/C,GAC/B,GAAIlH,GAAMkH,GACR,OAAOvO,EAASqH,GAAMkH,GAEzB,EAQDtJ,EAAUsM,YAAc,SAAUhD,GAC5BlH,GAAMkH,KACRlH,GAAMkH,GAAc,GAEvB,EAODtJ,EAAUuM,eAAiB,WACzBnK,GAAQ,CAAA,CACT,EAEMpC,CACR,CAEcD"} |