| /*! |
| * Bootstrap sanitizer.js v5.2.1 (https://getbootstrap.com/) |
| * Copyright 2011-2022 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) |
| * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) |
| */ |
| (function (global, factory) { |
| typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) : |
| typeof define === 'function' && define.amd ? define(['exports'], factory) : |
| (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.Sanitizer = {})); |
| })(this, (function (exports) { 'use strict'; |
| |
| /** |
| * -------------------------------------------------------------------------- |
| * Bootstrap (v5.2.1): util/sanitizer.js |
| * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) |
| * -------------------------------------------------------------------------- |
| */ |
| const uriAttributes = new Set(['background', 'cite', 'href', 'itemtype', 'longdesc', 'poster', 'src', 'xlink:href']); |
| const ARIA_ATTRIBUTE_PATTERN = /^aria-[\w-]*$/i; |
| /** |
| * A pattern that recognizes a commonly useful subset of URLs that are safe. |
| * |
| * Shout-out to Angular https://github.com/angular/angular/blob/12.2.x/packages/core/src/sanitization/url_sanitizer.ts |
| */ |
| |
| const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file|sms):|[^#&/:?]*(?:[#/?]|$))/i; |
| /** |
| * A pattern that matches safe data URLs. Only matches image, video and audio types. |
| * |
| * Shout-out to Angular https://github.com/angular/angular/blob/12.2.x/packages/core/src/sanitization/url_sanitizer.ts |
| */ |
| |
| const DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[\d+/a-z]+=*$/i; |
| |
| const allowedAttribute = (attribute, allowedAttributeList) => { |
| const attributeName = attribute.nodeName.toLowerCase(); |
| |
| if (allowedAttributeList.includes(attributeName)) { |
| if (uriAttributes.has(attributeName)) { |
| return Boolean(SAFE_URL_PATTERN.test(attribute.nodeValue) || DATA_URL_PATTERN.test(attribute.nodeValue)); |
| } |
| |
| return true; |
| } // Check if a regular expression validates the attribute. |
| |
| |
| return allowedAttributeList.filter(attributeRegex => attributeRegex instanceof RegExp).some(regex => regex.test(attributeName)); |
| }; |
| |
| const DefaultAllowlist = { |
| // Global attributes allowed on any supplied element below. |
| '*': ['class', 'dir', 'id', 'lang', 'role', ARIA_ATTRIBUTE_PATTERN], |
| a: ['target', 'href', 'title', 'rel'], |
| area: [], |
| b: [], |
| br: [], |
| col: [], |
| code: [], |
| div: [], |
| em: [], |
| hr: [], |
| h1: [], |
| h2: [], |
| h3: [], |
| h4: [], |
| h5: [], |
| h6: [], |
| i: [], |
| img: ['src', 'srcset', 'alt', 'title', 'width', 'height'], |
| li: [], |
| ol: [], |
| p: [], |
| pre: [], |
| s: [], |
| small: [], |
| span: [], |
| sub: [], |
| sup: [], |
| strong: [], |
| u: [], |
| ul: [] |
| }; |
| function sanitizeHtml(unsafeHtml, allowList, sanitizeFunction) { |
| if (!unsafeHtml.length) { |
| return unsafeHtml; |
| } |
| |
| if (sanitizeFunction && typeof sanitizeFunction === 'function') { |
| return sanitizeFunction(unsafeHtml); |
| } |
| |
| const domParser = new window.DOMParser(); |
| const createdDocument = domParser.parseFromString(unsafeHtml, 'text/html'); |
| const elements = [].concat(...createdDocument.body.querySelectorAll('*')); |
| |
| for (const element of elements) { |
| const elementName = element.nodeName.toLowerCase(); |
| |
| if (!Object.keys(allowList).includes(elementName)) { |
| element.remove(); |
| continue; |
| } |
| |
| const attributeList = [].concat(...element.attributes); |
| const allowedAttributes = [].concat(allowList['*'] || [], allowList[elementName] || []); |
| |
| for (const attribute of attributeList) { |
| if (!allowedAttribute(attribute, allowedAttributes)) { |
| element.removeAttribute(attribute.nodeName); |
| } |
| } |
| } |
| |
| return createdDocument.body.innerHTML; |
| } |
| |
| exports.DefaultAllowlist = DefaultAllowlist; |
| exports.sanitizeHtml = sanitizeHtml; |
| |
| Object.defineProperties(exports, { __esModule: { value: true }, [Symbol.toStringTag]: { value: 'Module' } }); |
| |
| })); |
| //# sourceMappingURL=sanitizer.js.map |