You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 lines
7.2 KiB
1 lines
7.2 KiB
{"version":3,"sources":["../../../src/bootstrap/tools/sanitizer.js"],"names":["unsafeHtml","whiteList","sanitizeFn","length","domParser","window","DOMParser","createdDocument","parseFromString","whitelistKeys","Object","keys","elements","slice","call","body","querySelectorAll","i","el","elName","nodeName","toLowerCase","indexOf","parentNode","removeChild","attributeList","attributes","whitelistedAttributes","concat","forEach","attr","allowedAttribute","removeAttribute","len","innerHTML","uriAttrs","a","area","b","br","col","code","div","em","hr","h1","h2","h3","h4","h5","h6","img","li","ol","p","pre","s","small","span","sub","sup","strong","u","ul","allowedAttributeList","attrName","nodeValue","match","regExp","filter","attrRegex","RegExp"],"mappings":"qJA2FO,SAAsBA,CAAtB,CAAkCC,CAAlC,CAA6CC,CAA7C,CAAyD,CAC9D,GAA0B,CAAtB,GAAAF,CAAU,CAACG,MAAf,CAA6B,CAC3B,MAAOH,CAAAA,CACR,CAED,GAAIE,CAAU,EAA0B,UAAtB,QAAOA,CAAAA,CAAzB,CAAoD,CAClD,MAAOA,CAAAA,CAAU,CAACF,CAAD,CAClB,CAOD,OALMI,CAAAA,CAAS,CAAG,GAAIC,CAAAA,MAAM,CAACC,SAK7B,CAJMC,CAAe,CAAGH,CAAS,CAACI,eAAV,CAA0BR,CAA1B,CAAsC,WAAtC,CAIxB,CAHMS,CAAa,CAAGC,MAAM,CAACC,IAAP,CAAYV,CAAZ,CAGtB,CAFMW,CAAQ,CAAG,GAAGC,KAAH,CAASC,IAAT,CAAcP,CAAe,CAACQ,IAAhB,CAAqBC,gBAArB,CAAsC,GAAtC,CAAd,CAEjB,YAASC,CAAT,KACQC,CAAAA,CAAE,CAAGN,CAAQ,CAACK,CAAD,CADrB,CAEQE,CAAM,CAAGD,CAAE,CAACE,QAAH,CAAYC,WAAZ,EAFjB,CAIE,GAAyD,CAAC,CAAtD,GAAAZ,CAAa,CAACa,OAAd,CAAsBJ,CAAE,CAACE,QAAH,CAAYC,WAAZ,EAAtB,CAAJ,CAA6D,CAC3DH,CAAE,CAACK,UAAH,CAAcC,WAAd,CAA0BN,CAA1B,EAEA,gBACD,CARH,GAUQO,CAAAA,CAAa,CAAG,GAAGZ,KAAH,CAASC,IAAT,CAAcI,CAAE,CAACQ,UAAjB,CAVxB,CAWQC,CAAqB,CAAG,GAAGC,MAAH,CAAU3B,CAAS,CAAC,GAAD,CAAT,EAAkB,EAA5B,CAAgCA,CAAS,CAACkB,CAAD,CAAT,EAAqB,EAArD,CAXhC,CAaEM,CAAa,CAACI,OAAd,CAAsB,SAAAC,CAAI,CAAI,CAC5B,GAAI,CAACC,CAAgB,CAACD,CAAD,CAAOH,CAAP,CAArB,CAAoD,CAClDT,CAAE,CAACc,eAAH,CAAmBF,CAAI,CAACV,QAAxB,CACD,CACF,CAJD,CAbF,EAASH,CAAC,CAAG,CAAb,CAAgBgB,CAAG,CAAGrB,CAAQ,CAACT,MAA/B,GAAuCc,CAAC,CAAGgB,CAA3C,CAAgDhB,CAAC,EAAjD,CAAqD,KAA5CA,CAA4C,CAArCgB,CAAqC,oBAOjD,QAWH,CAED,MAAO1B,CAAAA,CAAe,CAACQ,IAAhB,CAAqBmB,SAC7B,C,8BAvHKC,CAAAA,CAAQ,CAAG,CACf,YADe,CAEf,MAFe,CAGf,MAHe,CAIf,UAJe,CAKf,UALe,CAMf,QANe,CAOf,KAPe,CAQf,YARe,C,oBAae,CAE9B,IAAK,CAAC,OAAD,CAAU,KAAV,CAAiB,IAAjB,CAAuB,MAAvB,CAA+B,MAA/B,CAJwB,gBAIxB,CAFyB,CAG9BC,CAAC,CAAE,CAAC,QAAD,CAAW,MAAX,CAAmB,OAAnB,CAA4B,KAA5B,CAH2B,CAI9BC,IAAI,CAAE,EAJwB,CAK9BC,CAAC,CAAE,EAL2B,CAM9BC,EAAE,CAAE,EAN0B,CAO9BC,GAAG,CAAE,EAPyB,CAQ9BC,IAAI,CAAE,EARwB,CAS9BC,GAAG,CAAE,EATyB,CAU9BC,EAAE,CAAE,EAV0B,CAW9BC,EAAE,CAAE,EAX0B,CAY9BC,EAAE,CAAE,EAZ0B,CAa9BC,EAAE,CAAE,EAb0B,CAc9BC,EAAE,CAAE,EAd0B,CAe9BC,EAAE,CAAE,EAf0B,CAgB9BC,EAAE,CAAE,EAhB0B,CAiB9BC,EAAE,CAAE,EAjB0B,CAkB9BjC,CAAC,CAAE,EAlB2B,CAmB9BkC,GAAG,CAAE,CAAC,KAAD,CAAQ,QAAR,CAAkB,KAAlB,CAAyB,OAAzB,CAAkC,OAAlC,CAA2C,QAA3C,CAnByB,CAoB9BC,EAAE,CAAE,EApB0B,CAqB9BC,EAAE,CAAE,EArB0B,CAsB9BC,CAAC,CAAE,EAtB2B,CAuB9BC,GAAG,CAAE,EAvByB,CAwB9BC,CAAC,CAAE,EAxB2B,CAyB9BC,KAAK,CAAE,EAzBuB,CA0B9BC,IAAI,CAAE,EA1BwB,CA2B9BC,GAAG,CAAE,EA3ByB,CA4B9BC,GAAG,CAAE,EA5ByB,CA6B9BC,MAAM,CAAE,EA7BsB,CA8B9BC,CAAC,CAAE,EA9B2B,CA+B9BC,EAAE,CAAE,EA/B0B,C,CAgDhC,QAAShC,CAAAA,CAAT,CAA0BD,CAA1B,CAAgCkC,CAAhC,CAAsD,CACpD,GAAMC,CAAAA,CAAQ,CAAGnC,CAAI,CAACV,QAAL,CAAcC,WAAd,EAAjB,CAEA,GAA+C,CAAC,CAA5C,GAAA2C,CAAoB,CAAC1C,OAArB,CAA6B2C,CAA7B,CAAJ,CAAmD,CACjD,GAAmC,CAAC,CAAhC,GAAA9B,CAAQ,CAACb,OAAT,CAAiB2C,CAAjB,CAAJ,CAAuC,CACrC,SAAenC,CAAI,CAACoC,SAAL,CAAeC,KAAf,CAdI,6DAcJ,GAA0CrC,CAAI,CAACoC,SAAL,CAAeC,KAAf,CAPtC,oIAOsC,CAAzD,CACD,CAED,QACD,CAKD,OAHMC,CAAAA,CAAM,CAAGJ,CAAoB,CAACK,MAArB,CAA4B,SAAAC,CAAS,QAAIA,CAAAA,CAAS,WAAYC,CAAAA,MAAzB,CAArC,CAGf,CAAStD,CAAC,CAAG,CAAb,CAAgBgB,CAAG,CAAGmC,CAAM,CAACjE,MAA7B,CAAqCc,CAAC,CAAGgB,CAAzC,CAA8ChB,CAAC,EAA/C,CAAmD,CACjD,GAAIgD,CAAQ,CAACE,KAAT,CAAeC,CAAM,CAACnD,CAAD,CAArB,CAAJ,CAA+B,CAC7B,QACD,CACF,CAED,QACD,C","sourcesContent":["/**\n * --------------------------------------------------------------------------\n * Bootstrap (v4.6.0): tools/sanitizer.js\n * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)\n * --------------------------------------------------------------------------\n */\n\nconst uriAttrs = [\n 'background',\n 'cite',\n 'href',\n 'itemtype',\n 'longdesc',\n 'poster',\n 'src',\n 'xlink:href'\n]\n\nconst ARIA_ATTRIBUTE_PATTERN = /^aria-[\\w-]*$/i\n\nexport const DefaultWhitelist = {\n // Global attributes allowed on any supplied element below.\n '*': ['class', 'dir', 'id', 'lang', 'role', ARIA_ATTRIBUTE_PATTERN],\n a: ['target', 'href', 'title', 'rel'],\n area: [],\n b: [],\n br: [],\n col: [],\n code: [],\n div: [],\n em: [],\n hr: [],\n h1: [],\n h2: [],\n h3: [],\n h4: [],\n h5: [],\n h6: [],\n i: [],\n img: ['src', 'srcset', 'alt', 'title', 'width', 'height'],\n li: [],\n ol: [],\n p: [],\n pre: [],\n s: [],\n small: [],\n span: [],\n sub: [],\n sup: [],\n strong: [],\n u: [],\n ul: []\n}\n\n/**\n * A pattern that recognizes a commonly useful subset of URLs that are safe.\n *\n * Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts\n */\nconst SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^#&/:?]*(?:[#/?]|$))/gi\n\n/**\n * A pattern that matches safe data URLs. Only matches image, video and audio types.\n *\n * Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts\n */\nconst DATA_URL_PATTERN = /^data:(?:image\\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\\/(?:mpeg|mp4|ogg|webm)|audio\\/(?:mp3|oga|ogg|opus));base64,[\\d+/a-z]+=*$/i\n\nfunction allowedAttribute(attr, allowedAttributeList) {\n const attrName = attr.nodeName.toLowerCase()\n\n if (allowedAttributeList.indexOf(attrName) !== -1) {\n if (uriAttrs.indexOf(attrName) !== -1) {\n return Boolean(attr.nodeValue.match(SAFE_URL_PATTERN) || attr.nodeValue.match(DATA_URL_PATTERN))\n }\n\n return true\n }\n\n const regExp = allowedAttributeList.filter(attrRegex => attrRegex instanceof RegExp)\n\n // Check if a regular expression validates the attribute.\n for (let i = 0, len = regExp.length; i < len; i++) {\n if (attrName.match(regExp[i])) {\n return true\n }\n }\n\n return false\n}\n\nexport function sanitizeHtml(unsafeHtml, whiteList, sanitizeFn) {\n if (unsafeHtml.length === 0) {\n return unsafeHtml\n }\n\n if (sanitizeFn && typeof sanitizeFn === 'function') {\n return sanitizeFn(unsafeHtml)\n }\n\n const domParser = new window.DOMParser()\n const createdDocument = domParser.parseFromString(unsafeHtml, 'text/html')\n const whitelistKeys = Object.keys(whiteList)\n const elements = [].slice.call(createdDocument.body.querySelectorAll('*'))\n\n for (let i = 0, len = elements.length; i < len; i++) {\n const el = elements[i]\n const elName = el.nodeName.toLowerCase()\n\n if (whitelistKeys.indexOf(el.nodeName.toLowerCase()) === -1) {\n el.parentNode.removeChild(el)\n\n continue\n }\n\n const attributeList = [].slice.call(el.attributes)\n const whitelistedAttributes = [].concat(whiteList['*'] || [], whiteList[elName] || [])\n\n attributeList.forEach(attr => {\n if (!allowedAttribute(attr, whitelistedAttributes)) {\n el.removeAttribute(attr.nodeName)\n }\n })\n }\n\n return createdDocument.body.innerHTML\n}\n"],"file":"sanitizer.min.js"}
|