-
-
Notifications
You must be signed in to change notification settings - Fork 678
/
purify.min.js.map
1 lines (1 loc) · 99.7 KB
/
purify.min.js.map
1
{"version":3,"file":"purify.min.js","sources":["../src/utils.js","../src/tags.js","../src/attrs.js","../src/regexp.js","../src/purify.js"],"sourcesContent":["const {\r\n entries,\r\n setPrototypeOf,\r\n isFrozen,\r\n getPrototypeOf,\r\n getOwnPropertyDescriptor,\r\n} = Object;\r\n\r\nlet { freeze, seal, create } = Object; // eslint-disable-line import/no-mutable-exports\r\nlet { apply, construct } = typeof Reflect !== 'undefined' && Reflect;\r\n\r\nif (!freeze) {\r\n freeze = function (x) {\r\n return x;\r\n };\r\n}\r\n\r\nif (!seal) {\r\n seal = function (x) {\r\n return x;\r\n };\r\n}\r\n\r\nif (!apply) {\r\n apply = function (fun, thisValue, args) {\r\n return fun.apply(thisValue, args);\r\n };\r\n}\r\n\r\nif (!construct) {\r\n construct = function (Func, args) {\r\n return new Func(...args);\r\n };\r\n}\r\n\r\nconst arrayForEach = unapply(Array.prototype.forEach);\r\nconst arrayIndexOf = unapply(Array.prototype.indexOf);\r\nconst arrayPop = unapply(Array.prototype.pop);\r\nconst arrayPush = unapply(Array.prototype.push);\r\nconst arraySlice = unapply(Array.prototype.slice);\r\n\r\nconst stringToLowerCase = unapply(String.prototype.toLowerCase);\r\nconst stringToString = unapply(String.prototype.toString);\r\nconst stringMatch = unapply(String.prototype.match);\r\nconst stringReplace = unapply(String.prototype.replace);\r\nconst stringIndexOf = unapply(String.prototype.indexOf);\r\nconst stringTrim = unapply(String.prototype.trim);\r\n\r\nconst objectHasOwnProperty = unapply(Object.prototype.hasOwnProperty);\r\n\r\nconst regExpTest = unapply(RegExp.prototype.test);\r\n\r\nconst typeErrorCreate = unconstruct(TypeError);\r\n\r\n/**\r\n * Creates a new function that calls the given function with a specified thisArg and arguments.\r\n *\r\n * @param {Function} func - The function to be wrapped and called.\r\n * @returns {Function} A new function that calls the given function with a specified thisArg and arguments.\r\n */\r\nfunction unapply(func) {\r\n return (thisArg, ...args) => apply(func, thisArg, args);\r\n}\r\n\r\n/**\r\n * Creates a new function that constructs an instance of the given constructor function with the provided arguments.\r\n *\r\n * @param {Function} func - The constructor function to be wrapped and called.\r\n * @returns {Function} A new function that constructs an instance of the given constructor function with the provided arguments.\r\n */\r\nfunction unconstruct(func) {\r\n return (...args) => construct(func, args);\r\n}\r\n\r\n/**\r\n * Add properties to a lookup table\r\n *\r\n * @param {Object} set - The set to which elements will be added.\r\n * @param {Array} array - The array containing elements to be added to the set.\r\n * @param {Function} transformCaseFunc - An optional function to transform the case of each element before adding to the set.\r\n * @returns {Object} The modified set with added elements.\r\n */\r\nfunction addToSet(set, array, transformCaseFunc = stringToLowerCase) {\r\n if (setPrototypeOf) {\r\n // Make 'in' and truthy checks like Boolean(set.constructor)\r\n // independent of any properties defined on Object.prototype.\r\n // Prevent prototype setters from intercepting set as a this value.\r\n setPrototypeOf(set, null);\r\n }\r\n\r\n let l = array.length;\r\n while (l--) {\r\n let element = array[l];\r\n if (typeof element === 'string') {\r\n const lcElement = transformCaseFunc(element);\r\n if (lcElement !== element) {\r\n // Config presets (e.g. tags.js, attrs.js) are immutable.\r\n if (!isFrozen(array)) {\r\n array[l] = lcElement;\r\n }\r\n\r\n element = lcElement;\r\n }\r\n }\r\n\r\n set[element] = true;\r\n }\r\n\r\n return set;\r\n}\r\n\r\n/**\r\n * Clean up an array to harden against CSPP\r\n *\r\n * @param {Array} array - The array to be cleaned.\r\n * @returns {Array} The cleaned version of the array\r\n */\r\nfunction cleanArray(array) {\r\n for (let index = 0; index < array.length; index++) {\r\n const isPropertyExist = objectHasOwnProperty(array, index);\r\n\r\n if (!isPropertyExist) {\r\n array[index] = null;\r\n }\r\n }\r\n\r\n return array;\r\n}\r\n\r\n/**\r\n * Shallow clone an object\r\n *\r\n * @param {Object} object - The object to be cloned.\r\n * @returns {Object} A new object that copies the original.\r\n */\r\nfunction clone(object) {\r\n const newObject = create(null);\r\n\r\n for (const [property, value] of entries(object)) {\r\n const isPropertyExist = objectHasOwnProperty(object, property);\r\n\r\n if (isPropertyExist) {\r\n if (Array.isArray(value)) {\r\n newObject[property] = cleanArray(value);\r\n } else if (\r\n value &&\r\n typeof value === 'object' &&\r\n value.constructor === Object\r\n ) {\r\n newObject[property] = clone(value);\r\n } else {\r\n newObject[property] = value;\r\n }\r\n }\r\n }\r\n\r\n return newObject;\r\n}\r\n\r\n/**\r\n * This method automatically checks if the prop is function or getter and behaves accordingly.\r\n *\r\n * @param {Object} object - The object to look up the getter function in its prototype chain.\r\n * @param {String} prop - The property name for which to find the getter function.\r\n * @returns {Function} The getter function found in the prototype chain or a fallback function.\r\n */\r\nfunction lookupGetter(object, prop) {\r\n while (object !== null) {\r\n const desc = getOwnPropertyDescriptor(object, prop);\r\n\r\n if (desc) {\r\n if (desc.get) {\r\n return unapply(desc.get);\r\n }\r\n\r\n if (typeof desc.value === 'function') {\r\n return unapply(desc.value);\r\n }\r\n }\r\n\r\n object = getPrototypeOf(object);\r\n }\r\n\r\n function fallbackValue() {\r\n return null;\r\n }\r\n\r\n return fallbackValue;\r\n}\r\n\r\nexport {\r\n // Array\r\n arrayForEach,\r\n arrayIndexOf,\r\n arrayPop,\r\n arrayPush,\r\n arraySlice,\r\n // Object\r\n entries,\r\n freeze,\r\n getPrototypeOf,\r\n getOwnPropertyDescriptor,\r\n isFrozen,\r\n setPrototypeOf,\r\n seal,\r\n clone,\r\n create,\r\n objectHasOwnProperty,\r\n // RegExp\r\n regExpTest,\r\n // String\r\n stringIndexOf,\r\n stringMatch,\r\n stringReplace,\r\n stringToLowerCase,\r\n stringToString,\r\n stringTrim,\r\n // Errors\r\n typeErrorCreate,\r\n // Other\r\n lookupGetter,\r\n addToSet,\r\n // Reflect\r\n unapply,\r\n unconstruct,\r\n};\r\n","import { freeze } from './utils.js';\r\n\r\nexport const html = freeze([\r\n 'a',\r\n 'abbr',\r\n 'acronym',\r\n 'address',\r\n 'area',\r\n 'article',\r\n 'aside',\r\n 'audio',\r\n 'b',\r\n 'bdi',\r\n 'bdo',\r\n 'big',\r\n 'blink',\r\n 'blockquote',\r\n 'body',\r\n 'br',\r\n 'button',\r\n 'canvas',\r\n 'caption',\r\n 'center',\r\n 'cite',\r\n 'code',\r\n 'col',\r\n 'colgroup',\r\n 'content',\r\n 'data',\r\n 'datalist',\r\n 'dd',\r\n 'decorator',\r\n 'del',\r\n 'details',\r\n 'dfn',\r\n 'dialog',\r\n 'dir',\r\n 'div',\r\n 'dl',\r\n 'dt',\r\n 'element',\r\n 'em',\r\n 'fieldset',\r\n 'figcaption',\r\n 'figure',\r\n 'font',\r\n 'footer',\r\n 'form',\r\n 'h1',\r\n 'h2',\r\n 'h3',\r\n 'h4',\r\n 'h5',\r\n 'h6',\r\n 'head',\r\n 'header',\r\n 'hgroup',\r\n 'hr',\r\n 'html',\r\n 'i',\r\n 'img',\r\n 'input',\r\n 'ins',\r\n 'kbd',\r\n 'label',\r\n 'legend',\r\n 'li',\r\n 'main',\r\n 'map',\r\n 'mark',\r\n 'marquee',\r\n 'menu',\r\n 'menuitem',\r\n 'meter',\r\n 'nav',\r\n 'nobr',\r\n 'ol',\r\n 'optgroup',\r\n 'option',\r\n 'output',\r\n 'p',\r\n 'picture',\r\n 'pre',\r\n 'progress',\r\n 'q',\r\n 'rp',\r\n 'rt',\r\n 'ruby',\r\n 's',\r\n 'samp',\r\n 'section',\r\n 'select',\r\n 'shadow',\r\n 'small',\r\n 'source',\r\n 'spacer',\r\n 'span',\r\n 'strike',\r\n 'strong',\r\n 'style',\r\n 'sub',\r\n 'summary',\r\n 'sup',\r\n 'table',\r\n 'tbody',\r\n 'td',\r\n 'template',\r\n 'textarea',\r\n 'tfoot',\r\n 'th',\r\n 'thead',\r\n 'time',\r\n 'tr',\r\n 'track',\r\n 'tt',\r\n 'u',\r\n 'ul',\r\n 'var',\r\n 'video',\r\n 'wbr',\r\n]);\r\n\r\n// SVG\r\nexport const svg = freeze([\r\n 'svg',\r\n 'a',\r\n 'altglyph',\r\n 'altglyphdef',\r\n 'altglyphitem',\r\n 'animatecolor',\r\n 'animatemotion',\r\n 'animatetransform',\r\n 'circle',\r\n 'clippath',\r\n 'defs',\r\n 'desc',\r\n 'ellipse',\r\n 'filter',\r\n 'font',\r\n 'g',\r\n 'glyph',\r\n 'glyphref',\r\n 'hkern',\r\n 'image',\r\n 'line',\r\n 'lineargradient',\r\n 'marker',\r\n 'mask',\r\n 'metadata',\r\n 'mpath',\r\n 'path',\r\n 'pattern',\r\n 'polygon',\r\n 'polyline',\r\n 'radialgradient',\r\n 'rect',\r\n 'stop',\r\n 'style',\r\n 'switch',\r\n 'symbol',\r\n 'text',\r\n 'textpath',\r\n 'title',\r\n 'tref',\r\n 'tspan',\r\n 'view',\r\n 'vkern',\r\n]);\r\n\r\nexport const svgFilters = freeze([\r\n 'feBlend',\r\n 'feColorMatrix',\r\n 'feComponentTransfer',\r\n 'feComposite',\r\n 'feConvolveMatrix',\r\n 'feDiffuseLighting',\r\n 'feDisplacementMap',\r\n 'feDistantLight',\r\n 'feDropShadow',\r\n 'feFlood',\r\n 'feFuncA',\r\n 'feFuncB',\r\n 'feFuncG',\r\n 'feFuncR',\r\n 'feGaussianBlur',\r\n 'feImage',\r\n 'feMerge',\r\n 'feMergeNode',\r\n 'feMorphology',\r\n 'feOffset',\r\n 'fePointLight',\r\n 'feSpecularLighting',\r\n 'feSpotLight',\r\n 'feTile',\r\n 'feTurbulence',\r\n]);\r\n\r\n// List of SVG elements that are disallowed by default.\r\n// We still need to know them so that we can do namespace\r\n// checks properly in case one wants to add them to\r\n// allow-list.\r\nexport const svgDisallowed = freeze([\r\n 'animate',\r\n 'color-profile',\r\n 'cursor',\r\n 'discard',\r\n 'font-face',\r\n 'font-face-format',\r\n 'font-face-name',\r\n 'font-face-src',\r\n 'font-face-uri',\r\n 'foreignobject',\r\n 'hatch',\r\n 'hatchpath',\r\n 'mesh',\r\n 'meshgradient',\r\n 'meshpatch',\r\n 'meshrow',\r\n 'missing-glyph',\r\n 'script',\r\n 'set',\r\n 'solidcolor',\r\n 'unknown',\r\n 'use',\r\n]);\r\n\r\nexport const mathMl = freeze([\r\n 'math',\r\n 'menclose',\r\n 'merror',\r\n 'mfenced',\r\n 'mfrac',\r\n 'mglyph',\r\n 'mi',\r\n 'mlabeledtr',\r\n 'mmultiscripts',\r\n 'mn',\r\n 'mo',\r\n 'mover',\r\n 'mpadded',\r\n 'mphantom',\r\n 'mroot',\r\n 'mrow',\r\n 'ms',\r\n 'mspace',\r\n 'msqrt',\r\n 'mstyle',\r\n 'msub',\r\n 'msup',\r\n 'msubsup',\r\n 'mtable',\r\n 'mtd',\r\n 'mtext',\r\n 'mtr',\r\n 'munder',\r\n 'munderover',\r\n 'mprescripts',\r\n]);\r\n\r\n// Similarly to SVG, we want to know all MathML elements,\r\n// even those that we disallow by default.\r\nexport const mathMlDisallowed = freeze([\r\n 'maction',\r\n 'maligngroup',\r\n 'malignmark',\r\n 'mlongdiv',\r\n 'mscarries',\r\n 'mscarry',\r\n 'msgroup',\r\n 'mstack',\r\n 'msline',\r\n 'msrow',\r\n 'semantics',\r\n 'annotation',\r\n 'annotation-xml',\r\n 'mprescripts',\r\n 'none',\r\n]);\r\n\r\nexport const text = freeze(['#text']);\r\n","import { freeze } from './utils.js';\r\n\r\nexport const html = freeze([\r\n 'accept',\r\n 'action',\r\n 'align',\r\n 'alt',\r\n 'autocapitalize',\r\n 'autocomplete',\r\n 'autopictureinpicture',\r\n 'autoplay',\r\n 'background',\r\n 'bgcolor',\r\n 'border',\r\n 'capture',\r\n 'cellpadding',\r\n 'cellspacing',\r\n 'checked',\r\n 'cite',\r\n 'class',\r\n 'clear',\r\n 'color',\r\n 'cols',\r\n 'colspan',\r\n 'controls',\r\n 'controlslist',\r\n 'coords',\r\n 'crossorigin',\r\n 'datetime',\r\n 'decoding',\r\n 'default',\r\n 'dir',\r\n 'disabled',\r\n 'disablepictureinpicture',\r\n 'disableremoteplayback',\r\n 'download',\r\n 'draggable',\r\n 'enctype',\r\n 'enterkeyhint',\r\n 'face',\r\n 'for',\r\n 'headers',\r\n 'height',\r\n 'hidden',\r\n 'high',\r\n 'href',\r\n 'hreflang',\r\n 'id',\r\n 'inputmode',\r\n 'integrity',\r\n 'ismap',\r\n 'kind',\r\n 'label',\r\n 'lang',\r\n 'list',\r\n 'loading',\r\n 'loop',\r\n 'low',\r\n 'max',\r\n 'maxlength',\r\n 'media',\r\n 'method',\r\n 'min',\r\n 'minlength',\r\n 'multiple',\r\n 'muted',\r\n 'name',\r\n 'nonce',\r\n 'noshade',\r\n 'novalidate',\r\n 'nowrap',\r\n 'open',\r\n 'optimum',\r\n 'pattern',\r\n 'placeholder',\r\n 'playsinline',\r\n 'poster',\r\n 'preload',\r\n 'pubdate',\r\n 'radiogroup',\r\n 'readonly',\r\n 'rel',\r\n 'required',\r\n 'rev',\r\n 'reversed',\r\n 'role',\r\n 'rows',\r\n 'rowspan',\r\n 'spellcheck',\r\n 'scope',\r\n 'selected',\r\n 'shape',\r\n 'size',\r\n 'sizes',\r\n 'span',\r\n 'srclang',\r\n 'start',\r\n 'src',\r\n 'srcset',\r\n 'step',\r\n 'style',\r\n 'summary',\r\n 'tabindex',\r\n 'title',\r\n 'translate',\r\n 'type',\r\n 'usemap',\r\n 'valign',\r\n 'value',\r\n 'width',\r\n 'wrap',\r\n 'xmlns',\r\n 'slot',\r\n]);\r\n\r\nexport const svg = freeze([\r\n 'accent-height',\r\n 'accumulate',\r\n 'additive',\r\n 'alignment-baseline',\r\n 'ascent',\r\n 'attributename',\r\n 'attributetype',\r\n 'azimuth',\r\n 'basefrequency',\r\n 'baseline-shift',\r\n 'begin',\r\n 'bias',\r\n 'by',\r\n 'class',\r\n 'clip',\r\n 'clippathunits',\r\n 'clip-path',\r\n 'clip-rule',\r\n 'color',\r\n 'color-interpolation',\r\n 'color-interpolation-filters',\r\n 'color-profile',\r\n 'color-rendering',\r\n 'cx',\r\n 'cy',\r\n 'd',\r\n 'dx',\r\n 'dy',\r\n 'diffuseconstant',\r\n 'direction',\r\n 'display',\r\n 'divisor',\r\n 'dur',\r\n 'edgemode',\r\n 'elevation',\r\n 'end',\r\n 'fill',\r\n 'fill-opacity',\r\n 'fill-rule',\r\n 'filter',\r\n 'filterunits',\r\n 'flood-color',\r\n 'flood-opacity',\r\n 'font-family',\r\n 'font-size',\r\n 'font-size-adjust',\r\n 'font-stretch',\r\n 'font-style',\r\n 'font-variant',\r\n 'font-weight',\r\n 'fx',\r\n 'fy',\r\n 'g1',\r\n 'g2',\r\n 'glyph-name',\r\n 'glyphref',\r\n 'gradientunits',\r\n 'gradienttransform',\r\n 'height',\r\n 'href',\r\n 'id',\r\n 'image-rendering',\r\n 'in',\r\n 'in2',\r\n 'k',\r\n 'k1',\r\n 'k2',\r\n 'k3',\r\n 'k4',\r\n 'kerning',\r\n 'keypoints',\r\n 'keysplines',\r\n 'keytimes',\r\n 'lang',\r\n 'lengthadjust',\r\n 'letter-spacing',\r\n 'kernelmatrix',\r\n 'kernelunitlength',\r\n 'lighting-color',\r\n 'local',\r\n 'marker-end',\r\n 'marker-mid',\r\n 'marker-start',\r\n 'markerheight',\r\n 'markerunits',\r\n 'markerwidth',\r\n 'maskcontentunits',\r\n 'maskunits',\r\n 'max',\r\n 'mask',\r\n 'media',\r\n 'method',\r\n 'mode',\r\n 'min',\r\n 'name',\r\n 'numoctaves',\r\n 'offset',\r\n 'operator',\r\n 'opacity',\r\n 'order',\r\n 'orient',\r\n 'orientation',\r\n 'origin',\r\n 'overflow',\r\n 'paint-order',\r\n 'path',\r\n 'pathlength',\r\n 'patterncontentunits',\r\n 'patterntransform',\r\n 'patternunits',\r\n 'points',\r\n 'preservealpha',\r\n 'preserveaspectratio',\r\n 'primitiveunits',\r\n 'r',\r\n 'rx',\r\n 'ry',\r\n 'radius',\r\n 'refx',\r\n 'refy',\r\n 'repeatcount',\r\n 'repeatdur',\r\n 'restart',\r\n 'result',\r\n 'rotate',\r\n 'scale',\r\n 'seed',\r\n 'shape-rendering',\r\n 'specularconstant',\r\n 'specularexponent',\r\n 'spreadmethod',\r\n 'startoffset',\r\n 'stddeviation',\r\n 'stitchtiles',\r\n 'stop-color',\r\n 'stop-opacity',\r\n 'stroke-dasharray',\r\n 'stroke-dashoffset',\r\n 'stroke-linecap',\r\n 'stroke-linejoin',\r\n 'stroke-miterlimit',\r\n 'stroke-opacity',\r\n 'stroke',\r\n 'stroke-width',\r\n 'style',\r\n 'surfacescale',\r\n 'systemlanguage',\r\n 'tabindex',\r\n 'targetx',\r\n 'targety',\r\n 'transform',\r\n 'transform-origin',\r\n 'text-anchor',\r\n 'text-decoration',\r\n 'text-rendering',\r\n 'textlength',\r\n 'type',\r\n 'u1',\r\n 'u2',\r\n 'unicode',\r\n 'values',\r\n 'viewbox',\r\n 'visibility',\r\n 'version',\r\n 'vert-adv-y',\r\n 'vert-origin-x',\r\n 'vert-origin-y',\r\n 'width',\r\n 'word-spacing',\r\n 'wrap',\r\n 'writing-mode',\r\n 'xchannelselector',\r\n 'ychannelselector',\r\n 'x',\r\n 'x1',\r\n 'x2',\r\n 'xmlns',\r\n 'y',\r\n 'y1',\r\n 'y2',\r\n 'z',\r\n 'zoomandpan',\r\n]);\r\n\r\nexport const mathMl = freeze([\r\n 'accent',\r\n 'accentunder',\r\n 'align',\r\n 'bevelled',\r\n 'close',\r\n 'columnsalign',\r\n 'columnlines',\r\n 'columnspan',\r\n 'denomalign',\r\n 'depth',\r\n 'dir',\r\n 'display',\r\n 'displaystyle',\r\n 'encoding',\r\n 'fence',\r\n 'frame',\r\n 'height',\r\n 'href',\r\n 'id',\r\n 'largeop',\r\n 'length',\r\n 'linethickness',\r\n 'lspace',\r\n 'lquote',\r\n 'mathbackground',\r\n 'mathcolor',\r\n 'mathsize',\r\n 'mathvariant',\r\n 'maxsize',\r\n 'minsize',\r\n 'movablelimits',\r\n 'notation',\r\n 'numalign',\r\n 'open',\r\n 'rowalign',\r\n 'rowlines',\r\n 'rowspacing',\r\n 'rowspan',\r\n 'rspace',\r\n 'rquote',\r\n 'scriptlevel',\r\n 'scriptminsize',\r\n 'scriptsizemultiplier',\r\n 'selection',\r\n 'separator',\r\n 'separators',\r\n 'stretchy',\r\n 'subscriptshift',\r\n 'supscriptshift',\r\n 'symmetric',\r\n 'voffset',\r\n 'width',\r\n 'xmlns',\r\n]);\r\n\r\nexport const xml = freeze([\r\n 'xlink:href',\r\n 'xml:id',\r\n 'xlink:title',\r\n 'xml:space',\r\n 'xmlns:xlink',\r\n]);\r\n","import { seal } from './utils.js';\r\n\r\n// eslint-disable-next-line unicorn/better-regex\r\nexport const MUSTACHE_EXPR = seal(/\\{\\{[\\w\\W]*|[\\w\\W]*\\}\\}/gm); // Specify template detection regex for SAFE_FOR_TEMPLATES mode\r\nexport const ERB_EXPR = seal(/<%[\\w\\W]*|[\\w\\W]*%>/gm);\r\nexport const TMPLIT_EXPR = seal(/\\${[\\w\\W]*}/gm);\r\nexport const DATA_ATTR = seal(/^data-[\\-\\w.\\u00B7-\\uFFFF]/); // eslint-disable-line no-useless-escape\r\nexport const ARIA_ATTR = seal(/^aria-[\\-\\w]+$/); // eslint-disable-line no-useless-escape\r\nexport const IS_ALLOWED_URI = seal(\r\n /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\\-]+(?:[^a-z+.\\-:]|$))/i // eslint-disable-line no-useless-escape\r\n);\r\nexport const IS_SCRIPT_OR_DATA = seal(/^(?:\\w+script|data):/i);\r\nexport const ATTR_WHITESPACE = seal(\r\n /[\\u0000-\\u0020\\u00A0\\u1680\\u180E\\u2000-\\u2029\\u205F\\u3000]/g // eslint-disable-line no-control-regex\r\n);\r\nexport const DOCTYPE_NAME = seal(/^html$/i);\r\nexport const CUSTOM_ELEMENT = seal(/^[a-z][.\\w]*(-[.\\w]+)+$/i);\r\n","import * as TAGS from './tags.js';\r\nimport * as ATTRS from './attrs.js';\r\nimport * as EXPRESSIONS from './regexp.js';\r\nimport {\r\n addToSet,\r\n clone,\r\n entries,\r\n freeze,\r\n arrayForEach,\r\n arrayPop,\r\n arrayPush,\r\n stringMatch,\r\n stringReplace,\r\n stringToLowerCase,\r\n stringToString,\r\n stringIndexOf,\r\n stringTrim,\r\n regExpTest,\r\n typeErrorCreate,\r\n lookupGetter,\r\n create,\r\n objectHasOwnProperty,\r\n} from './utils.js';\r\n\r\nconst getGlobal = function () {\r\n return typeof window === 'undefined' ? null : window;\r\n};\r\n\r\n/**\r\n * Creates a no-op policy for internal use only.\r\n * Don't export this function outside this module!\r\n * @param {TrustedTypePolicyFactory} trustedTypes The policy factory.\r\n * @param {HTMLScriptElement} purifyHostElement The Script element used to load DOMPurify (to determine policy name suffix).\r\n * @return {TrustedTypePolicy} The policy created (or null, if Trusted Types\r\n * are not supported or creating the policy failed).\r\n */\r\nconst _createTrustedTypesPolicy = function (trustedTypes, purifyHostElement) {\r\n if (\r\n typeof trustedTypes !== 'object' ||\r\n typeof trustedTypes.createPolicy !== 'function'\r\n ) {\r\n return null;\r\n }\r\n\r\n // Allow the callers to control the unique policy name\r\n // by adding a data-tt-policy-suffix to the script element with the DOMPurify.\r\n // Policy creation with duplicate names throws in Trusted Types.\r\n let suffix = null;\r\n const ATTR_NAME = 'data-tt-policy-suffix';\r\n if (purifyHostElement && purifyHostElement.hasAttribute(ATTR_NAME)) {\r\n suffix = purifyHostElement.getAttribute(ATTR_NAME);\r\n }\r\n\r\n const policyName = 'dompurify' + (suffix ? '#' + suffix : '');\r\n\r\n try {\r\n return trustedTypes.createPolicy(policyName, {\r\n createHTML(html) {\r\n return html;\r\n },\r\n createScriptURL(scriptUrl) {\r\n return scriptUrl;\r\n },\r\n });\r\n } catch (_) {\r\n // Policy creation failed (most likely another DOMPurify script has\r\n // already run). Skip creating the policy, as this will only cause errors\r\n // if TT are enforced.\r\n console.warn(\r\n 'TrustedTypes policy ' + policyName + ' could not be created.'\r\n );\r\n return null;\r\n }\r\n};\r\n\r\nfunction createDOMPurify(window = getGlobal()) {\r\n const DOMPurify = (root) => createDOMPurify(root);\r\n\r\n /**\r\n * Version label, exposed for easier checks\r\n * if DOMPurify is up to date or not\r\n */\r\n DOMPurify.version = VERSION;\r\n\r\n /**\r\n * Array of elements that DOMPurify removed during sanitation.\r\n * Empty if nothing was removed.\r\n */\r\n DOMPurify.removed = [];\r\n\r\n if (!window || !window.document || window.document.nodeType !== 9) {\r\n // Not running in a browser, provide a factory function\r\n // so that you can pass your own Window\r\n DOMPurify.isSupported = false;\r\n\r\n return DOMPurify;\r\n }\r\n\r\n let { document } = window;\r\n\r\n const originalDocument = document;\r\n const currentScript = originalDocument.currentScript;\r\n const {\r\n DocumentFragment,\r\n HTMLTemplateElement,\r\n Node,\r\n Element,\r\n NodeFilter,\r\n NamedNodeMap = window.NamedNodeMap || window.MozNamedAttrMap,\r\n HTMLFormElement,\r\n DOMParser,\r\n trustedTypes,\r\n } = window;\r\n\r\n const ElementPrototype = Element.prototype;\r\n\r\n const cloneNode = lookupGetter(ElementPrototype, 'cloneNode');\r\n const getNextSibling = lookupGetter(ElementPrototype, 'nextSibling');\r\n const getChildNodes = lookupGetter(ElementPrototype, 'childNodes');\r\n const getParentNode = lookupGetter(ElementPrototype, 'parentNode');\r\n\r\n // As per issue #47, the web-components registry is inherited by a\r\n // new document created via createHTMLDocument. As per the spec\r\n // (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)\r\n // a new empty registry is used when creating a template contents owner\r\n // document, so we use that as our parent document to ensure nothing\r\n // is inherited.\r\n if (typeof HTMLTemplateElement === 'function') {\r\n const template = document.createElement('template');\r\n if (template.content && template.content.ownerDocument) {\r\n document = template.content.ownerDocument;\r\n }\r\n }\r\n\r\n let trustedTypesPolicy;\r\n let emptyHTML = '';\r\n\r\n const {\r\n implementation,\r\n createNodeIterator,\r\n createDocumentFragment,\r\n getElementsByTagName,\r\n } = document;\r\n const { importNode } = originalDocument;\r\n\r\n let hooks = {};\r\n\r\n /**\r\n * Expose whether this browser supports running the full DOMPurify.\r\n */\r\n DOMPurify.isSupported =\r\n typeof entries === 'function' &&\r\n typeof getParentNode === 'function' &&\r\n implementation &&\r\n implementation.createHTMLDocument !== undefined;\r\n\r\n const {\r\n MUSTACHE_EXPR,\r\n ERB_EXPR,\r\n TMPLIT_EXPR,\r\n DATA_ATTR,\r\n ARIA_ATTR,\r\n IS_SCRIPT_OR_DATA,\r\n ATTR_WHITESPACE,\r\n CUSTOM_ELEMENT,\r\n } = EXPRESSIONS;\r\n\r\n let { IS_ALLOWED_URI } = EXPRESSIONS;\r\n\r\n /**\r\n * We consider the elements and attributes below to be safe. Ideally\r\n * don't add any new ones but feel free to remove unwanted ones.\r\n */\r\n\r\n /* allowed element names */\r\n let ALLOWED_TAGS = null;\r\n const DEFAULT_ALLOWED_TAGS = addToSet({}, [\r\n ...TAGS.html,\r\n ...TAGS.svg,\r\n ...TAGS.svgFilters,\r\n ...TAGS.mathMl,\r\n ...TAGS.text,\r\n ]);\r\n\r\n /* Allowed attribute names */\r\n let ALLOWED_ATTR = null;\r\n const DEFAULT_ALLOWED_ATTR = addToSet({}, [\r\n ...ATTRS.html,\r\n ...ATTRS.svg,\r\n ...ATTRS.mathMl,\r\n ...ATTRS.xml,\r\n ]);\r\n\r\n /*\r\n * Configure how DOMPUrify should handle custom elements and their attributes as well as customized built-in elements.\r\n * @property {RegExp|Function|null} tagNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any custom elements)\r\n * @property {RegExp|Function|null} attributeNameCheck one of [null, regexPattern, predicate]. Default: `null` (disallow any attributes not on the allow list)\r\n * @property {boolean} allowCustomizedBuiltInElements allow custom elements derived from built-ins if they pass CUSTOM_ELEMENT_HANDLING.tagNameCheck. Default: `false`.\r\n */\r\n let CUSTOM_ELEMENT_HANDLING = Object.seal(\r\n create(null, {\r\n tagNameCheck: {\r\n writable: true,\r\n configurable: false,\r\n enumerable: true,\r\n value: null,\r\n },\r\n attributeNameCheck: {\r\n writable: true,\r\n configurable: false,\r\n enumerable: true,\r\n value: null,\r\n },\r\n allowCustomizedBuiltInElements: {\r\n writable: true,\r\n configurable: false,\r\n enumerable: true,\r\n value: false,\r\n },\r\n })\r\n );\r\n\r\n /* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */\r\n let FORBID_TAGS = null;\r\n\r\n /* Explicitly forbidden attributes (overrides ALLOWED_ATTR/ADD_ATTR) */\r\n let FORBID_ATTR = null;\r\n\r\n /* Decide if ARIA attributes are okay */\r\n let ALLOW_ARIA_ATTR = true;\r\n\r\n /* Decide if custom data attributes are okay */\r\n let ALLOW_DATA_ATTR = true;\r\n\r\n /* Decide if unknown protocols are okay */\r\n let ALLOW_UNKNOWN_PROTOCOLS = false;\r\n\r\n /* Decide if self-closing tags in attributes are allowed.\r\n * Usually removed due to a mXSS issue in jQuery 3.0 */\r\n let ALLOW_SELF_CLOSE_IN_ATTR = true;\r\n\r\n /* Output should be safe for common template engines.\r\n * This means, DOMPurify removes data attributes, mustaches and ERB\r\n */\r\n let SAFE_FOR_TEMPLATES = false;\r\n\r\n /* Output should be safe even for XML used within HTML and alike.\r\n * This means, DOMPurify removes comments when containing risky content.\r\n */\r\n let SAFE_FOR_XML = true;\r\n\r\n /* Decide if document with <html>... should be returned */\r\n let WHOLE_DOCUMENT = false;\r\n\r\n /* Track whether config is already set on this instance of DOMPurify. */\r\n let SET_CONFIG = false;\r\n\r\n /* Decide if all elements (e.g. style, script) must be children of\r\n * document.body. By default, browsers might move them to document.head */\r\n let FORCE_BODY = false;\r\n\r\n /* Decide if a DOM `HTMLBodyElement` should be returned, instead of a html\r\n * string (or a TrustedHTML object if Trusted Types are supported).\r\n * If `WHOLE_DOCUMENT` is enabled a `HTMLHtmlElement` will be returned instead\r\n */\r\n let RETURN_DOM = false;\r\n\r\n /* Decide if a DOM `DocumentFragment` should be returned, instead of a html\r\n * string (or a TrustedHTML object if Trusted Types are supported) */\r\n let RETURN_DOM_FRAGMENT = false;\r\n\r\n /* Try to return a Trusted Type object instead of a string, return a string in\r\n * case Trusted Types are not supported */\r\n let RETURN_TRUSTED_TYPE = false;\r\n\r\n /* Output should be free from DOM clobbering attacks?\r\n * This sanitizes markups named with colliding, clobberable built-in DOM APIs.\r\n */\r\n let SANITIZE_DOM = true;\r\n\r\n /* Achieve full DOM Clobbering protection by isolating the namespace of named\r\n * properties and JS variables, mitigating attacks that abuse the HTML/DOM spec rules.\r\n *\r\n * HTML/DOM spec rules that enable DOM Clobbering:\r\n * - Named Access on Window (§7.3.3)\r\n * - DOM Tree Accessors (§3.1.5)\r\n * - Form Element Parent-Child Relations (§4.10.3)\r\n * - Iframe srcdoc / Nested WindowProxies (§4.8.5)\r\n * - HTMLCollection (§4.2.10.2)\r\n *\r\n * Namespace isolation is implemented by prefixing `id` and `name` attributes\r\n * with a constant string, i.e., `user-content-`\r\n */\r\n let SANITIZE_NAMED_PROPS = false;\r\n const SANITIZE_NAMED_PROPS_PREFIX = 'user-content-';\r\n\r\n /* Keep element content when removing element? */\r\n let KEEP_CONTENT = true;\r\n\r\n /* If a `Node` is passed to sanitize(), then performs sanitization in-place instead\r\n * of importing it into a new Document and returning a sanitized copy */\r\n let IN_PLACE = false;\r\n\r\n /* Allow usage of profiles like html, svg and mathMl */\r\n let USE_PROFILES = {};\r\n\r\n /* Tags to ignore content of when KEEP_CONTENT is true */\r\n let FORBID_CONTENTS = null;\r\n const DEFAULT_FORBID_CONTENTS = addToSet({}, [\r\n 'annotation-xml',\r\n 'audio',\r\n 'colgroup',\r\n 'desc',\r\n 'foreignobject',\r\n 'head',\r\n 'iframe',\r\n 'math',\r\n 'mi',\r\n 'mn',\r\n 'mo',\r\n 'ms',\r\n 'mtext',\r\n 'noembed',\r\n 'noframes',\r\n 'noscript',\r\n 'plaintext',\r\n 'script',\r\n 'style',\r\n 'svg',\r\n 'template',\r\n 'thead',\r\n 'title',\r\n 'video',\r\n 'xmp',\r\n ]);\r\n\r\n /* Tags that are safe for data: URIs */\r\n let DATA_URI_TAGS = null;\r\n const DEFAULT_DATA_URI_TAGS = addToSet({}, [\r\n 'audio',\r\n 'video',\r\n 'img',\r\n 'source',\r\n 'image',\r\n 'track',\r\n ]);\r\n\r\n /* Attributes safe for values like \"javascript:\" */\r\n let URI_SAFE_ATTRIBUTES = null;\r\n const DEFAULT_URI_SAFE_ATTRIBUTES = addToSet({}, [\r\n 'alt',\r\n 'class',\r\n 'for',\r\n 'id',\r\n 'label',\r\n 'name',\r\n 'pattern',\r\n 'placeholder',\r\n 'role',\r\n 'summary',\r\n 'title',\r\n 'value',\r\n 'style',\r\n 'xmlns',\r\n ]);\r\n\r\n const MATHML_NAMESPACE = 'http://www.w3.org/1998/Math/MathML';\r\n const SVG_NAMESPACE = 'http://www.w3.org/2000/svg';\r\n const HTML_NAMESPACE = 'http://www.w3.org/1999/xhtml';\r\n /* Document namespace */\r\n let NAMESPACE = HTML_NAMESPACE;\r\n let IS_EMPTY_INPUT = false;\r\n\r\n /* Allowed XHTML+XML namespaces */\r\n let ALLOWED_NAMESPACES = null;\r\n const DEFAULT_ALLOWED_NAMESPACES = addToSet(\r\n {},\r\n [MATHML_NAMESPACE, SVG_NAMESPACE, HTML_NAMESPACE],\r\n stringToString\r\n );\r\n\r\n /* Parsing of strict XHTML documents */\r\n let PARSER_MEDIA_TYPE = null;\r\n const SUPPORTED_PARSER_MEDIA_TYPES = ['application/xhtml+xml', 'text/html'];\r\n const DEFAULT_PARSER_MEDIA_TYPE = 'text/html';\r\n let transformCaseFunc = null;\r\n\r\n /* Keep a reference to config to pass to hooks */\r\n let CONFIG = null;\r\n\r\n /* Specify the maximum element nesting depth to prevent mXSS */\r\n const MAX_NESTING_DEPTH = 500;\r\n\r\n /* Ideally, do not touch anything below this line */\r\n /* ______________________________________________ */\r\n\r\n const formElement = document.createElement('form');\r\n\r\n const isRegexOrFunction = function (testValue) {\r\n return testValue instanceof RegExp || testValue instanceof Function;\r\n };\r\n\r\n /**\r\n * _parseConfig\r\n *\r\n * @param {Object} cfg optional config literal\r\n */\r\n // eslint-disable-next-line complexity\r\n const _parseConfig = function (cfg = {}) {\r\n if (CONFIG && CONFIG === cfg) {\r\n return;\r\n }\r\n\r\n /* Shield configuration object from tampering */\r\n if (!cfg || typeof cfg !== 'object') {\r\n cfg = {};\r\n }\r\n\r\n /* Shield configuration object from prototype pollution */\r\n cfg = clone(cfg);\r\n\r\n PARSER_MEDIA_TYPE =\r\n // eslint-disable-next-line unicorn/prefer-includes\r\n SUPPORTED_PARSER_MEDIA_TYPES.indexOf(cfg.PARSER_MEDIA_TYPE) === -1\r\n ? DEFAULT_PARSER_MEDIA_TYPE\r\n : cfg.PARSER_MEDIA_TYPE;\r\n\r\n // HTML tags and attributes are not case-sensitive, converting to lowercase. Keeping XHTML as is.\r\n transformCaseFunc =\r\n PARSER_MEDIA_TYPE === 'application/xhtml+xml'\r\n ? stringToString\r\n : stringToLowerCase;\r\n\r\n /* Set configuration parameters */\r\n ALLOWED_TAGS = objectHasOwnProperty(cfg, 'ALLOWED_TAGS')\r\n ? addToSet({}, cfg.ALLOWED_TAGS, transformCaseFunc)\r\n : DEFAULT_ALLOWED_TAGS;\r\n ALLOWED_ATTR = objectHasOwnProperty(cfg, 'ALLOWED_ATTR')\r\n ? addToSet({}, cfg.ALLOWED_ATTR, transformCaseFunc)\r\n : DEFAULT_ALLOWED_ATTR;\r\n ALLOWED_NAMESPACES = objectHasOwnProperty(cfg, 'ALLOWED_NAMESPACES')\r\n ? addToSet({}, cfg.ALLOWED_NAMESPACES, stringToString)\r\n : DEFAULT_ALLOWED_NAMESPACES;\r\n URI_SAFE_ATTRIBUTES = objectHasOwnProperty(cfg, 'ADD_URI_SAFE_ATTR')\r\n ? addToSet(\r\n clone(DEFAULT_URI_SAFE_ATTRIBUTES), // eslint-disable-line indent\r\n cfg.ADD_URI_SAFE_ATTR, // eslint-disable-line indent\r\n transformCaseFunc // eslint-disable-line indent\r\n ) // eslint-disable-line indent\r\n : DEFAULT_URI_SAFE_ATTRIBUTES;\r\n DATA_URI_TAGS = objectHasOwnProperty(cfg, 'ADD_DATA_URI_TAGS')\r\n ? addToSet(\r\n clone(DEFAULT_DATA_URI_TAGS), // eslint-disable-line indent\r\n cfg.ADD_DATA_URI_TAGS, // eslint-disable-line indent\r\n transformCaseFunc // eslint-disable-line indent\r\n ) // eslint-disable-line indent\r\n : DEFAULT_DATA_URI_TAGS;\r\n FORBID_CONTENTS = objectHasOwnProperty(cfg, 'FORBID_CONTENTS')\r\n ? addToSet({}, cfg.FORBID_CONTENTS, transformCaseFunc)\r\n : DEFAULT_FORBID_CONTENTS;\r\n FORBID_TAGS = objectHasOwnProperty(cfg, 'FORBID_TAGS')\r\n ? addToSet({}, cfg.FORBID_TAGS, transformCaseFunc)\r\n : {};\r\n FORBID_ATTR = objectHasOwnProperty(cfg, 'FORBID_ATTR')\r\n ? addToSet({}, cfg.FORBID_ATTR, transformCaseFunc)\r\n : {};\r\n USE_PROFILES = objectHasOwnProperty(cfg, 'USE_PROFILES')\r\n ? cfg.USE_PROFILES\r\n : false;\r\n ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true\r\n ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true\r\n ALLOW_UNKNOWN_PROTOCOLS = cfg.ALLOW_UNKNOWN_PROTOCOLS || false; // Default false\r\n ALLOW_SELF_CLOSE_IN_ATTR = cfg.ALLOW_SELF_CLOSE_IN_ATTR !== false; // Default true\r\n SAFE_FOR_TEMPLATES = cfg.SAFE_FOR_TEMPLATES || false; // Default false\r\n SAFE_FOR_XML = cfg.SAFE_FOR_XML !== false; // Default true\r\n WHOLE_DOCUMENT = cfg.WHOLE_DOCUMENT || false; // Default false\r\n RETURN_DOM = cfg.RETURN_DOM || false; // Default false\r\n RETURN_DOM_FRAGMENT = cfg.RETURN_DOM_FRAGMENT || false; // Default false\r\n RETURN_TRUSTED_TYPE = cfg.RETURN_TRUSTED_TYPE || false; // Default false\r\n FORCE_BODY = cfg.FORCE_BODY || false; // Default false\r\n SANITIZE_DOM = cfg.SANITIZE_DOM !== false; // Default true\r\n SANITIZE_NAMED_PROPS = cfg.SANITIZE_NAMED_PROPS || false; // Default false\r\n KEEP_CONTENT = cfg.KEEP_CONTENT !== false; // Default true\r\n IN_PLACE = cfg.IN_PLACE || false; // Default false\r\n IS_ALLOWED_URI = cfg.ALLOWED_URI_REGEXP || EXPRESSIONS.IS_ALLOWED_URI;\r\n NAMESPACE = cfg.NAMESPACE || HTML_NAMESPACE;\r\n CUSTOM_ELEMENT_HANDLING = cfg.CUSTOM_ELEMENT_HANDLING || {};\r\n if (\r\n cfg.CUSTOM_ELEMENT_HANDLING &&\r\n isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck)\r\n ) {\r\n CUSTOM_ELEMENT_HANDLING.tagNameCheck =\r\n cfg.CUSTOM_ELEMENT_HANDLING.tagNameCheck;\r\n }\r\n\r\n if (\r\n cfg.CUSTOM_ELEMENT_HANDLING &&\r\n isRegexOrFunction(cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)\r\n ) {\r\n CUSTOM_ELEMENT_HANDLING.attributeNameCheck =\r\n cfg.CUSTOM_ELEMENT_HANDLING.attributeNameCheck;\r\n }\r\n\r\n if (\r\n cfg.CUSTOM_ELEMENT_HANDLING &&\r\n typeof cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements ===\r\n 'boolean'\r\n ) {\r\n CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements =\r\n cfg.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements;\r\n }\r\n\r\n if (SAFE_FOR_TEMPLATES) {\r\n ALLOW_DATA_ATTR = false;\r\n }\r\n\r\n if (RETURN_DOM_FRAGMENT) {\r\n RETURN_DOM = true;\r\n }\r\n\r\n /* Parse profile info */\r\n if (USE_PROFILES) {\r\n ALLOWED_TAGS = addToSet({}, TAGS.text);\r\n ALLOWED_ATTR = [];\r\n if (USE_PROFILES.html === true) {\r\n addToSet(ALLOWED_TAGS, TAGS.html);\r\n addToSet(ALLOWED_ATTR, ATTRS.html);\r\n }\r\n\r\n if (USE_PROFILES.svg === true) {\r\n addToSet(ALLOWED_TAGS, TAGS.svg);\r\n addToSet(ALLOWED_ATTR, ATTRS.svg);\r\n addToSet(ALLOWED_ATTR, ATTRS.xml);\r\n }\r\n\r\n if (USE_PROFILES.svgFilters === true) {\r\n addToSet(ALLOWED_TAGS, TAGS.svgFilters);\r\n addToSet(ALLOWED_ATTR, ATTRS.svg);\r\n addToSet(ALLOWED_ATTR, ATTRS.xml);\r\n }\r\n\r\n if (USE_PROFILES.mathMl === true) {\r\n addToSet(ALLOWED_TAGS, TAGS.mathMl);\r\n addToSet(ALLOWED_ATTR, ATTRS.mathMl);\r\n addToSet(ALLOWED_ATTR, ATTRS.xml);\r\n }\r\n }\r\n\r\n /* Merge configuration parameters */\r\n if (cfg.ADD_TAGS) {\r\n if (ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) {\r\n ALLOWED_TAGS = clone(ALLOWED_TAGS);\r\n }\r\n\r\n addToSet(ALLOWED_TAGS, cfg.ADD_TAGS, transformCaseFunc);\r\n }\r\n\r\n if (cfg.ADD_ATTR) {\r\n if (ALLOWED_ATTR === DEFAULT_ALLOWED_ATTR) {\r\n ALLOWED_ATTR = clone(ALLOWED_ATTR);\r\n }\r\n\r\n addToSet(ALLOWED_ATTR, cfg.ADD_ATTR, transformCaseFunc);\r\n }\r\n\r\n if (cfg.ADD_URI_SAFE_ATTR) {\r\n addToSet(URI_SAFE_ATTRIBUTES, cfg.ADD_URI_SAFE_ATTR, transformCaseFunc);\r\n }\r\n\r\n if (cfg.FORBID_CONTENTS) {\r\n if (FORBID_CONTENTS === DEFAULT_FORBID_CONTENTS) {\r\n FORBID_CONTENTS = clone(FORBID_CONTENTS);\r\n }\r\n\r\n addToSet(FORBID_CONTENTS, cfg.FORBID_CONTENTS, transformCaseFunc);\r\n }\r\n\r\n /* Add #text in case KEEP_CONTENT is set to true */\r\n if (KEEP_CONTENT) {\r\n ALLOWED_TAGS['#text'] = true;\r\n }\r\n\r\n /* Add html, head and body to ALLOWED_TAGS in case WHOLE_DOCUMENT is true */\r\n if (WHOLE_DOCUMENT) {\r\n addToSet(ALLOWED_TAGS, ['html', 'head', 'body']);\r\n }\r\n\r\n /* Add tbody to ALLOWED_TAGS in case tables are permitted, see #286, #365 */\r\n if (ALLOWED_TAGS.table) {\r\n addToSet(ALLOWED_TAGS, ['tbody']);\r\n delete FORBID_TAGS.tbody;\r\n }\r\n\r\n if (cfg.TRUSTED_TYPES_POLICY) {\r\n if (typeof cfg.TRUSTED_TYPES_POLICY.createHTML !== 'function') {\r\n throw typeErrorCreate(\r\n 'TRUSTED_TYPES_POLICY configuration option must provide a \"createHTML\" hook.'\r\n );\r\n }\r\n\r\n if (typeof cfg.TRUSTED_TYPES_POLICY.createScriptURL !== 'function') {\r\n throw typeErrorCreate(\r\n 'TRUSTED_TYPES_POLICY configuration option must provide a \"createScriptURL\" hook.'\r\n );\r\n }\r\n\r\n // Overwrite existing TrustedTypes policy.\r\n trustedTypesPolicy = cfg.TRUSTED_TYPES_POLICY;\r\n\r\n // Sign local variables required by `sanitize`.\r\n emptyHTML = trustedTypesPolicy.createHTML('');\r\n } else {\r\n // Uninitialized policy, attempt to initialize the internal dompurify policy.\r\n if (trustedTypesPolicy === undefined) {\r\n trustedTypesPolicy = _createTrustedTypesPolicy(\r\n trustedTypes,\r\n currentScript\r\n );\r\n }\r\n\r\n // If creating the internal policy succeeded sign internal variables.\r\n if (trustedTypesPolicy !== null && typeof emptyHTML === 'string') {\r\n emptyHTML = trustedTypesPolicy.createHTML('');\r\n }\r\n }\r\n\r\n // Prevent further manipulation of configuration.\r\n // Not available in IE8, Safari 5, etc.\r\n if (freeze) {\r\n freeze(cfg);\r\n }\r\n\r\n CONFIG = cfg;\r\n };\r\n\r\n const MATHML_TEXT_INTEGRATION_POINTS = addToSet({}, [\r\n 'mi',\r\n 'mo',\r\n 'mn',\r\n 'ms',\r\n 'mtext',\r\n ]);\r\n\r\n const HTML_INTEGRATION_POINTS = addToSet({}, [\r\n 'foreignobject',\r\n 'desc',\r\n 'title',\r\n 'annotation-xml',\r\n ]);\r\n\r\n // Certain elements are allowed in both SVG and HTML\r\n // namespace. We need to specify them explicitly\r\n // so that they don't get erroneously deleted from\r\n // HTML namespace.\r\n const COMMON_SVG_AND_HTML_ELEMENTS = addToSet({}, [\r\n 'title',\r\n 'style',\r\n 'font',\r\n 'a',\r\n 'script',\r\n ]);\r\n\r\n /* Keep track of all possible SVG and MathML tags\r\n * so that we can perform the namespace checks\r\n * correctly. */\r\n const ALL_SVG_TAGS = addToSet({}, [\r\n ...TAGS.svg,\r\n ...TAGS.svgFilters,\r\n ...TAGS.svgDisallowed,\r\n ]);\r\n const ALL_MATHML_TAGS = addToSet({}, [\r\n ...TAGS.mathMl,\r\n ...TAGS.mathMlDisallowed,\r\n ]);\r\n\r\n /**\r\n * @param {Element} element a DOM element whose namespace is being checked\r\n * @returns {boolean} Return false if the element has a\r\n * namespace that a spec-compliant parser would never\r\n * return. Return true otherwise.\r\n */\r\n const _checkValidNamespace = function (element) {\r\n let parent = getParentNode(element);\r\n\r\n // In JSDOM, if we're inside shadow DOM, then parentNode\r\n // can be null. We just simulate parent in this case.\r\n if (!parent || !parent.tagName) {\r\n parent = {\r\n namespaceURI: NAMESPACE,\r\n tagName: 'template',\r\n };\r\n }\r\n\r\n const tagName = stringToLowerCase(element.tagName);\r\n const parentTagName = stringToLowerCase(parent.tagName);\r\n\r\n if (!ALLOWED_NAMESPACES[element.namespaceURI]) {\r\n return false;\r\n }\r\n\r\n if (element.namespaceURI === SVG_NAMESPACE) {\r\n // The only way to switch from HTML namespace to SVG\r\n // is via <svg>. If it happens via any other tag, then\r\n // it should be killed.\r\n if (parent.namespaceURI === HTML_NAMESPACE) {\r\n return tagName === 'svg';\r\n }\r\n\r\n // The only way to switch from MathML to SVG is via`\r\n // svg if parent is either <annotation-xml> or MathML\r\n // text integration points.\r\n if (parent.namespaceURI === MATHML_NAMESPACE) {\r\n return (\r\n tagName === 'svg' &&\r\n (parentTagName === 'annotation-xml' ||\r\n MATHML_TEXT_INTEGRATION_POINTS[parentTagName])\r\n );\r\n }\r\n\r\n // We only allow elements that are defined in SVG\r\n // spec. All others are disallowed in SVG namespace.\r\n return Boolean(ALL_SVG_TAGS[tagName]);\r\n }\r\n\r\n if (element.namespaceURI === MATHML_NAMESPACE) {\r\n // The only way to switch from HTML namespace to MathML\r\n // is via <math>. If it happens via any other tag, then\r\n // it should be killed.\r\n if (parent.namespaceURI === HTML_NAMESPACE) {\r\n return tagName === 'math';\r\n }\r\n\r\n // The only way to switch from SVG to MathML is via\r\n // <math> and HTML integration points\r\n if (parent.namespaceURI === SVG_NAMESPACE) {\r\n return tagName === 'math' && HTML_INTEGRATION_POINTS[parentTagName];\r\n }\r\n\r\n // We only allow elements that are defined in MathML\r\n // spec. All others are disallowed in MathML namespace.\r\n return Boolean(ALL_MATHML_TAGS[tagName]);\r\n }\r\n\r\n if (element.namespaceURI === HTML_NAMESPACE) {\r\n // The only way to switch from SVG to HTML is via\r\n // HTML integration points, and from MathML to HTML\r\n // is via MathML text integration points\r\n if (\r\n parent.namespaceURI === SVG_NAMESPACE &&\r\n !HTML_INTEGRATION_POINTS[parentTagName]\r\n ) {\r\n return false;\r\n }\r\n\r\n if (\r\n parent.namespaceURI === MATHML_NAMESPACE &&\r\n !MATHML_TEXT_INTEGRATION_POINTS[parentTagName]\r\n ) {\r\n return false;\r\n }\r\n\r\n // We disallow tags that are specific for MathML\r\n // or SVG and should never appear in HTML namespace\r\n return (\r\n !ALL_MATHML_TAGS[tagName] &&\r\n (COMMON_SVG_AND_HTML_ELEMENTS[tagName] || !ALL_SVG_TAGS[tagName])\r\n );\r\n }\r\n\r\n // For XHTML and XML documents that support custom namespaces\r\n if (\r\n PARSER_MEDIA_TYPE === 'application/xhtml+xml' &&\r\n ALLOWED_NAMESPACES[element.namespaceURI]\r\n ) {\r\n return true;\r\n }\r\n\r\n // The code should never reach this place (this means\r\n // that the element somehow got namespace that is not\r\n // HTML, SVG, MathML or allowed via ALLOWED_NAMESPACES).\r\n // Return false just in case.\r\n return false;\r\n };\r\n\r\n /**\r\n * _forceRemove\r\n *\r\n * @param {Node} node a DOM node\r\n */\r\n const _forceRemove = function (node) {\r\n arrayPush(DOMPurify.removed, { element: node });\r\n\r\n try {\r\n // eslint-disable-next-line unicorn/prefer-dom-node-remove\r\n node.parentNode.removeChild(node);\r\n } catch (_) {\r\n node.remove();\r\n }\r\n };\r\n\r\n /**\r\n * _removeAttribute\r\n *\r\n * @param {String} name an Attribute name\r\n * @param {Node} node a DOM node\r\n */\r\n const _removeAttribute = function (name, node) {\r\n try {\r\n arrayPush(DOMPurify.removed, {\r\n attribute: node.getAttributeNode(name),\r\n from: node,\r\n });\r\n } catch (_) {\r\n arrayPush(DOMPurify.removed, {\r\n attribute: null,\r\n from: node,\r\n });\r\n }\r\n\r\n node.removeAttribute(name);\r\n\r\n // We void attribute values for unremovable \"is\"\" attributes\r\n if (name === 'is' && !ALLOWED_ATTR[name]) {\r\n if (RETURN_DOM || RETURN_DOM_FRAGMENT) {\r\n try {\r\n _forceRemove(node);\r\n } catch (_) {}\r\n } else {\r\n try {\r\n node.setAttribute(name, '');\r\n } catch (_) {}\r\n }\r\n }\r\n };\r\n\r\n /**\r\n * _initDocument\r\n *\r\n * @param {String} dirty a string of dirty markup\r\n * @return {Document} a DOM, filled with the dirty markup\r\n */\r\n const _initDocument = function (dirty) {\r\n /* Create a HTML document */\r\n let doc = null;\r\n let leadingWhitespace = null;\r\n\r\n if (FORCE_BODY) {\r\n dirty = '<remove></remove>' + dirty;\r\n } else {\r\n /* If FORCE_BODY isn't used, leading whitespace needs to be preserved manually */\r\n const matches = stringMatch(dirty, /^[\\r\\n\\t ]+/);\r\n leadingWhitespace = matches && matches[0];\r\n }\r\n\r\n if (\r\n PARSER_MEDIA_TYPE === 'application/xhtml+xml' &&\r\n NAMESPACE === HTML_NAMESPACE\r\n ) {\r\n // Root of XHTML doc must contain xmlns declaration (see https://www.w3.org/TR/xhtml1/normative.html#strict)\r\n dirty =\r\n '<html xmlns=\"http://www.w3.org/1999/xhtml\"><head></head><body>' +\r\n dirty +\r\n '</body></html>';\r\n }\r\n\r\n const dirtyPayload = trustedTypesPolicy\r\n ? trustedTypesPolicy.createHTML(dirty)\r\n : dirty;\r\n /*\r\n * Use the DOMParser API by default, fallback later if needs be\r\n * DOMParser not work for svg when has multiple root element.\r\n */\r\n if (NAMESPACE === HTML_NAMESPACE) {\r\n try {\r\n doc = new DOMParser().parseFromString(dirtyPayload, PARSER_MEDIA_TYPE);\r\n } catch (_) {}\r\n }\r\n\r\n /* Use createHTMLDocument in case DOMParser is not available */\r\n if (!doc || !doc.documentElement) {\r\n doc = implementation.createDocument(NAMESPACE, 'template', null);\r\n try {\r\n doc.documentElement.innerHTML = IS_EMPTY_INPUT\r\n ? emptyHTML\r\n : dirtyPayload;\r\n } catch (_) {\r\n // Syntax error if dirtyPayload is invalid xml\r\n }\r\n }\r\n\r\n const body = doc.body || doc.documentElement;\r\n\r\n if (dirty && leadingWhitespace) {\r\n body.insertBefore(\r\n document.createTextNode(leadingWhitespace),\r\n body.childNodes[0] || null\r\n );\r\n }\r\n\r\n /* Work on whole document or just its body */\r\n if (NAMESPACE === HTML_NAMESPACE) {\r\n return getElementsByTagName.call(\r\n doc,\r\n WHOLE_DOCUMENT ? 'html' : 'body'\r\n )[0];\r\n }\r\n\r\n return WHOLE_DOCUMENT ? doc.documentElement : body;\r\n };\r\n\r\n /**\r\n * Creates a NodeIterator object that you can use to traverse filtered lists of nodes or elements in a document.\r\n *\r\n * @param {Node} root The root element or node to start traversing on.\r\n * @return {NodeIterator} The created NodeIterator\r\n */\r\n const _createNodeIterator = function (root) {\r\n return createNodeIterator.call(\r\n root.ownerDocument || root,\r\n root,\r\n // eslint-disable-next-line no-bitwise\r\n NodeFilter.SHOW_ELEMENT |\r\n NodeFilter.SHOW_COMMENT |\r\n NodeFilter.SHOW_TEXT |\r\n NodeFilter.SHOW_PROCESSING_INSTRUCTION |\r\n NodeFilter.SHOW_CDATA_SECTION,\r\n null\r\n );\r\n };\r\n\r\n /**\r\n * _isClobbered\r\n *\r\n * @param {Node} elm element to check for clobbering attacks\r\n * @return {Boolean} true if clobbered, false if safe\r\n */\r\n const _isClobbered = function (elm) {\r\n return (\r\n elm instanceof HTMLFormElement &&\r\n // eslint-disable-next-line unicorn/no-typeof-undefined\r\n ((typeof elm.__depth !== 'undefined' &&\r\n typeof elm.__depth !== 'number') ||\r\n // eslint-disable-next-line unicorn/no-typeof-undefined\r\n (typeof elm.__removalCount !== 'undefined' &&\r\n typeof elm.__removalCount !== 'number') ||\r\n typeof elm.nodeName !== 'string' ||\r\n typeof elm.textContent !== 'string' ||\r\n typeof elm.removeChild !== 'function' ||\r\n !(elm.attributes instanceof NamedNodeMap) ||\r\n typeof elm.removeAttribute !== 'function' ||\r\n typeof elm.setAttribute !== 'function' ||\r\n typeof elm.namespaceURI !== 'string' ||\r\n typeof elm.insertBefore !== 'function' ||\r\n typeof elm.hasChildNodes !== 'function')\r\n );\r\n };\r\n\r\n /**\r\n * Checks whether the given object is a DOM node.\r\n *\r\n * @param {Node} object object to check whether it's a DOM node\r\n * @return {Boolean} true is object is a DOM node\r\n */\r\n const _isNode = function (object) {\r\n return typeof Node === 'function' && object instanceof Node;\r\n };\r\n\r\n /**\r\n * _executeHook\r\n * Execute user configurable hooks\r\n *\r\n * @param {String} entryPoint Name of the hook's entry point\r\n * @param {Node} currentNode node to work on with the hook\r\n * @param {Object} data additional hook parameters\r\n */\r\n const _executeHook = function (entryPoint, currentNode, data) {\r\n if (!hooks[entryPoint]) {\r\n return;\r\n }\r\n\r\n arrayForEach(hooks[entryPoint], (hook) => {\r\n hook.call(DOMPurify, currentNode, data, CONFIG);\r\n });\r\n };\r\n\r\n /**\r\n * _sanitizeElements\r\n *\r\n * @protect nodeName\r\n * @protect textContent\r\n * @protect removeChild\r\n *\r\n * @param {Node} currentNode to check for permission to exist\r\n * @return {Boolean} true if node was killed, false if left alive\r\n */\r\n const _sanitizeElements = function (currentNode) {\r\n let content = null;\r\n\r\n /* Execute a hook if present */\r\n _executeHook('beforeSanitizeElements', currentNode, null);\r\n\r\n /* Check if element is clobbered or can clobber */\r\n if (_isClobbered(currentNode)) {\r\n _forceRemove(currentNode);\r\n return true;\r\n }\r\n\r\n /* Now let's check the element's type and name */\r\n const tagName = transformCaseFunc(currentNode.nodeName);\r\n\r\n /* Execute a hook if present */\r\n _executeHook('uponSanitizeElement', currentNode, {\r\n tagName,\r\n allowedTags: ALLOWED_TAGS,\r\n });\r\n\r\n /* Detect mXSS attempts abusing namespace confusion */\r\n if (\r\n currentNode.hasChildNodes() &&\r\n !_isNode(currentNode.firstElementChild) &&\r\n regExpTest(/<[/\\w]/g, currentNode.innerHTML) &&\r\n regExpTest(/<[/\\w]/g, currentNode.textContent)\r\n ) {\r\n _forceRemove(currentNode);\r\n return true;\r\n }\r\n\r\n /* Remove any ocurrence of processing instructions */\r\n if (currentNode.nodeType === 7) {\r\n _forceRemove(currentNode);\r\n return true;\r\n }\r\n\r\n /* Remove any kind of possibly harmful comments */\r\n if (\r\n SAFE_FOR_XML &&\r\n currentNode.nodeType === 8 &&\r\n regExpTest(/<[/\\w]/g, currentNode.data)\r\n ) {\r\n _forceRemove(currentNode);\r\n return true;\r\n }\r\n\r\n /* Remove element if anything forbids its presence */\r\n if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {\r\n /* Check if we have a custom element to handle */\r\n if (!FORBID_TAGS[tagName] && _isBasicCustomElement(tagName)) {\r\n if (\r\n CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\r\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, tagName)\r\n ) {\r\n return false;\r\n }\r\n\r\n if (\r\n CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\r\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(tagName)\r\n ) {\r\n return false;\r\n }\r\n }\r\n\r\n /* Keep content except for bad-listed elements */\r\n if (KEEP_CONTENT && !FORBID_CONTENTS[tagName]) {\r\n const parentNode = getParentNode(currentNode) || currentNode.parentNode;\r\n const childNodes = getChildNodes(currentNode) || currentNode.childNodes;\r\n\r\n if (childNodes && parentNode) {\r\n const childCount = childNodes.length;\r\n\r\n for (let i = childCount - 1; i >= 0; --i) {\r\n const childClone = cloneNode(childNodes[i], true);\r\n childClone.__removalCount = (currentNode.__removalCount || 0) + 1;\r\n parentNode.insertBefore(childClone, getNextSibling(currentNode));\r\n }\r\n }\r\n }\r\n\r\n _forceRemove(currentNode);\r\n return true;\r\n }\r\n\r\n /* Check whether element has a valid namespace */\r\n if (currentNode instanceof Element && !_checkValidNamespace(currentNode)) {\r\n _forceRemove(currentNode);\r\n return true;\r\n }\r\n\r\n /* Make sure that older browsers don't get fallback-tag mXSS */\r\n if (\r\n (tagName === 'noscript' ||\r\n tagName === 'noembed' ||\r\n tagName === 'noframes') &&\r\n regExpTest(/<\\/no(script|embed|frames)/i, currentNode.innerHTML)\r\n ) {\r\n _forceRemove(currentNode);\r\n return true;\r\n }\r\n\r\n /* Sanitize element content to be template-safe */\r\n if (SAFE_FOR_TEMPLATES && currentNode.nodeType === 3) {\r\n /* Get the element's text content */\r\n content = currentNode.textContent;\r\n\r\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\r\n content = stringReplace(content, expr, ' ');\r\n });\r\n\r\n if (currentNode.textContent !== content) {\r\n arrayPush(DOMPurify.removed, { element: currentNode.cloneNode() });\r\n currentNode.textContent = content;\r\n }\r\n }\r\n\r\n /* Execute a hook if present */\r\n _executeHook('afterSanitizeElements', currentNode, null);\r\n\r\n return false;\r\n };\r\n\r\n /**\r\n * _isValidAttribute\r\n *\r\n * @param {string} lcTag Lowercase tag name of containing element.\r\n * @param {string} lcName Lowercase attribute name.\r\n * @param {string} value Attribute value.\r\n * @return {Boolean} Returns true if `value` is valid, otherwise false.\r\n */\r\n // eslint-disable-next-line complexity\r\n const _isValidAttribute = function (lcTag, lcName, value) {\r\n /* Make sure attribute cannot clobber */\r\n if (\r\n SANITIZE_DOM &&\r\n (lcName === 'id' || lcName === 'name') &&\r\n (value in document || value in formElement)\r\n ) {\r\n return false;\r\n }\r\n\r\n /* Allow valid data-* attributes: At least one character after \"-\"\r\n (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)\r\n XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804)\r\n We don't need to check the value; it's always URI safe. */\r\n if (\r\n ALLOW_DATA_ATTR &&\r\n !FORBID_ATTR[lcName] &&\r\n regExpTest(DATA_ATTR, lcName)\r\n ) {\r\n // This attribute is safe\r\n } else if (ALLOW_ARIA_ATTR && regExpTest(ARIA_ATTR, lcName)) {\r\n // This attribute is safe\r\n /* Otherwise, check the name is permitted */\r\n } else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) {\r\n if (\r\n // First condition does a very basic check if a) it's basically a valid custom element tagname AND\r\n // b) if the tagName passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck\r\n // and c) if the attribute name passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.attributeNameCheck\r\n (_isBasicCustomElement(lcTag) &&\r\n ((CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\r\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, lcTag)) ||\r\n (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\r\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(lcTag))) &&\r\n ((CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof RegExp &&\r\n regExpTest(CUSTOM_ELEMENT_HANDLING.attributeNameCheck, lcName)) ||\r\n (CUSTOM_ELEMENT_HANDLING.attributeNameCheck instanceof Function &&\r\n CUSTOM_ELEMENT_HANDLING.attributeNameCheck(lcName)))) ||\r\n // Alternative, second condition checks if it's an `is`-attribute, AND\r\n // the value passes whatever the user has configured for CUSTOM_ELEMENT_HANDLING.tagNameCheck\r\n (lcName === 'is' &&\r\n CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements &&\r\n ((CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof RegExp &&\r\n regExpTest(CUSTOM_ELEMENT_HANDLING.tagNameCheck, value)) ||\r\n (CUSTOM_ELEMENT_HANDLING.tagNameCheck instanceof Function &&\r\n CUSTOM_ELEMENT_HANDLING.tagNameCheck(value))))\r\n ) {\r\n // If user has supplied a regexp or function in CUSTOM_ELEMENT_HANDLING.tagNameCheck, we need to also allow derived custom elements using the same tagName test.\r\n // Additionally, we need to allow attributes passing the CUSTOM_ELEMENT_HANDLING.attributeNameCheck user has configured, as custom elements can define these at their own discretion.\r\n } else {\r\n return false;\r\n }\r\n /* Check value is safe. First, is attr inert? If so, is safe */\r\n } else if (URI_SAFE_ATTRIBUTES[lcName]) {\r\n // This attribute is safe\r\n /* Check no script, data or unknown possibly unsafe URI\r\n unless we know URI values are safe for that attribute */\r\n } else if (\r\n regExpTest(IS_ALLOWED_URI, stringReplace(value, ATTR_WHITESPACE, ''))\r\n ) {\r\n // This attribute is safe\r\n /* Keep image data URIs alive if src/xlink:href is allowed */\r\n /* Further prevent gadget XSS for dynamically built script tags */\r\n } else if (\r\n (lcName === 'src' || lcName === 'xlink:href' || lcName === 'href') &&\r\n lcTag !== 'script' &&\r\n stringIndexOf(value, 'data:') === 0 &&\r\n DATA_URI_TAGS[lcTag]\r\n ) {\r\n // This attribute is safe\r\n /* Allow unknown protocols: This provides support for links that\r\n are handled by protocol handlers which may be unknown ahead of\r\n time, e.g. fb:, spotify: */\r\n } else if (\r\n ALLOW_UNKNOWN_PROTOCOLS &&\r\n !regExpTest(IS_SCRIPT_OR_DATA, stringReplace(value, ATTR_WHITESPACE, ''))\r\n ) {\r\n // This attribute is safe\r\n /* Check for binary attributes */\r\n } else if (value) {\r\n return false;\r\n } else {\r\n // Binary attributes are safe at this point\r\n /* Anything else, presume unsafe, do not add it back */\r\n }\r\n\r\n return true;\r\n };\r\n\r\n /**\r\n * _isBasicCustomElement\r\n * checks if at least one dash is included in tagName, and it's not the first char\r\n * for more sophisticated checking see https://github.com/sindresorhus/validate-element-name\r\n *\r\n * @param {string} tagName name of the tag of the node to sanitize\r\n * @returns {boolean} Returns true if the tag name meets the basic criteria for a custom element, otherwise false.\r\n */\r\n const _isBasicCustomElement = function (tagName) {\r\n return tagName !== 'annotation-xml' && stringMatch(tagName, CUSTOM_ELEMENT);\r\n };\r\n\r\n /**\r\n * _sanitizeAttributes\r\n *\r\n * @protect attributes\r\n * @protect nodeName\r\n * @protect removeAttribute\r\n * @protect setAttribute\r\n *\r\n * @param {Node} currentNode to sanitize\r\n */\r\n const _sanitizeAttributes = function (currentNode) {\r\n /* Execute a hook if present */\r\n _executeHook('beforeSanitizeAttributes', currentNode, null);\r\n\r\n const { attributes } = currentNode;\r\n\r\n /* Check if we have attributes; if not we might have a text node */\r\n if (!attributes) {\r\n return;\r\n }\r\n\r\n const hookEvent = {\r\n attrName: '',\r\n attrValue: '',\r\n keepAttr: true,\r\n allowedAttributes: ALLOWED_ATTR,\r\n };\r\n let l = attributes.length;\r\n\r\n /* Go backwards over all attributes; safely remove bad ones */\r\n while (l--) {\r\n const attr = attributes[l];\r\n const { name, namespaceURI, value: attrValue } = attr;\r\n const lcName = transformCaseFunc(name);\r\n\r\n let value = name === 'value' ? attrValue : stringTrim(attrValue);\r\n\r\n /* Execute a hook if present */\r\n hookEvent.attrName = lcName;\r\n hookEvent.attrValue = value;\r\n hookEvent.keepAttr = true;\r\n hookEvent.forceKeepAttr = undefined; // Allows developers to see this is a property they can set\r\n _executeHook('uponSanitizeAttribute', currentNode, hookEvent);\r\n value = hookEvent.attrValue;\r\n /* Did the hooks approve of the attribute? */\r\n if (hookEvent.forceKeepAttr) {\r\n continue;\r\n }\r\n\r\n /* Remove attribute */\r\n _removeAttribute(name, currentNode);\r\n\r\n /* Did the hooks approve of the attribute? */\r\n if (!hookEvent.keepAttr) {\r\n continue;\r\n }\r\n\r\n /* Work around a security issue in jQuery 3.0 */\r\n if (!ALLOW_SELF_CLOSE_IN_ATTR && regExpTest(/\\/>/i, value)) {\r\n _removeAttribute(name, currentNode);\r\n continue;\r\n }\r\n\r\n /* Sanitize attribute content to be template-safe */\r\n if (SAFE_FOR_TEMPLATES) {\r\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\r\n value = stringReplace(value, expr, ' ');\r\n });\r\n }\r\n\r\n /* Is `value` valid for this attribute? */\r\n const lcTag = transformCaseFunc(currentNode.nodeName);\r\n if (!_isValidAttribute(lcTag, lcName, value)) {\r\n continue;\r\n }\r\n\r\n /* Full DOM Clobbering protection via namespace isolation,\r\n * Prefix id and name attributes with `user-content-`\r\n */\r\n if (SANITIZE_NAMED_PROPS && (lcName === 'id' || lcName === 'name')) {\r\n // Remove the attribute with this value\r\n _removeAttribute(name, currentNode);\r\n\r\n // Prefix the value and later re-create the attribute with the sanitized value\r\n value = SANITIZE_NAMED_PROPS_PREFIX + value;\r\n }\r\n\r\n /* Handle attributes that require Trusted Types */\r\n if (\r\n trustedTypesPolicy &&\r\n typeof trustedTypes === 'object' &&\r\n typeof trustedTypes.getAttributeType === 'function'\r\n ) {\r\n if (namespaceURI) {\r\n /* Namespaces are not yet supported, see https://bugs.chromium.org/p/chromium/issues/detail?id=1305293 */\r\n } else {\r\n switch (trustedTypes.getAttributeType(lcTag, lcName)) {\r\n case 'TrustedHTML': {\r\n value = trustedTypesPolicy.createHTML(value);\r\n break;\r\n }\r\n\r\n case 'TrustedScriptURL': {\r\n value = trustedTypesPolicy.createScriptURL(value);\r\n break;\r\n }\r\n\r\n default: {\r\n break;\r\n }\r\n }\r\n }\r\n }\r\n\r\n /* Handle invalid data-* attribute set by try-catching it */\r\n try {\r\n if (namespaceURI) {\r\n currentNode.setAttributeNS(namespaceURI, name, value);\r\n } else {\r\n /* Fallback to setAttribute() for browser-unrecognized namespaces e.g. \"x-schema\". */\r\n currentNode.setAttribute(name, value);\r\n }\r\n\r\n arrayPop(DOMPurify.removed);\r\n } catch (_) {}\r\n }\r\n\r\n /* Execute a hook if present */\r\n _executeHook('afterSanitizeAttributes', currentNode, null);\r\n };\r\n\r\n /**\r\n * _sanitizeShadowDOM\r\n *\r\n * @param {DocumentFragment} fragment to iterate over recursively\r\n */\r\n const _sanitizeShadowDOM = function (fragment) {\r\n let shadowNode = null;\r\n const shadowIterator = _createNodeIterator(fragment);\r\n\r\n /* Execute a hook if present */\r\n _executeHook('beforeSanitizeShadowDOM', fragment, null);\r\n\r\n while ((shadowNode = shadowIterator.nextNode())) {\r\n /* Execute a hook if present */\r\n _executeHook('uponSanitizeShadowNode', shadowNode, null);\r\n\r\n /* Sanitize tags and elements */\r\n if (_sanitizeElements(shadowNode)) {\r\n continue;\r\n }\r\n\r\n /* Set the nesting depth of an element */\r\n if (shadowNode.nodeType === 1) {\r\n if (shadowNode.parentNode && shadowNode.parentNode.__depth) {\r\n /*\r\n We want the depth of the node in the original tree, which can\r\n change when it's removed from its parent.\r\n */\r\n shadowNode.__depth =\r\n (shadowNode.__removalCount || 0) +\r\n shadowNode.parentNode.__depth +\r\n 1;\r\n } else {\r\n shadowNode.__depth = 1;\r\n }\r\n }\r\n\r\n /* Remove an element if nested too deeply to avoid mXSS */\r\n if (shadowNode.__depth >= MAX_NESTING_DEPTH) {\r\n _forceRemove(shadowNode);\r\n }\r\n\r\n /* Deep shadow DOM detected */\r\n if (shadowNode.content instanceof DocumentFragment) {\r\n shadowNode.content.__depth = shadowNode.__depth;\r\n _sanitizeShadowDOM(shadowNode.content);\r\n }\r\n\r\n /* Check attributes, sanitize if necessary */\r\n _sanitizeAttributes(shadowNode);\r\n }\r\n\r\n /* Execute a hook if present */\r\n _executeHook('afterSanitizeShadowDOM', fragment, null);\r\n };\r\n\r\n /**\r\n * Sanitize\r\n * Public method providing core sanitation functionality\r\n *\r\n * @param {String|Node} dirty string or DOM node\r\n * @param {Object} cfg object\r\n */\r\n // eslint-disable-next-line complexity\r\n DOMPurify.sanitize = function (dirty, cfg = {}) {\r\n let body = null;\r\n let importedNode = null;\r\n let currentNode = null;\r\n let returnNode = null;\r\n /* Make sure we have a string to sanitize.\r\n DO NOT return early, as this will return the wrong type if\r\n the user has requested a DOM object rather than a string */\r\n IS_EMPTY_INPUT = !dirty;\r\n if (IS_EMPTY_INPUT) {\r\n dirty = '<!-->';\r\n }\r\n\r\n /* Stringify, in case dirty is an object */\r\n if (typeof dirty !== 'string' && !_isNode(dirty)) {\r\n if (typeof dirty.toString === 'function') {\r\n dirty = dirty.toString();\r\n if (typeof dirty !== 'string') {\r\n throw typeErrorCreate('dirty is not a string, aborting');\r\n }\r\n } else {\r\n throw typeErrorCreate('toString is not a function');\r\n }\r\n }\r\n\r\n /* Return dirty HTML if DOMPurify cannot run */\r\n if (!DOMPurify.isSupported) {\r\n return dirty;\r\n }\r\n\r\n /* Assign config vars */\r\n if (!SET_CONFIG) {\r\n _parseConfig(cfg);\r\n }\r\n\r\n /* Clean up removed elements */\r\n DOMPurify.removed = [];\r\n\r\n /* Check if dirty is correctly typed for IN_PLACE */\r\n if (typeof dirty === 'string') {\r\n IN_PLACE = false;\r\n }\r\n\r\n if (IN_PLACE) {\r\n /* Do some early pre-sanitization to avoid unsafe root nodes */\r\n if (dirty.nodeName) {\r\n const tagName = transformCaseFunc(dirty.nodeName);\r\n if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {\r\n throw typeErrorCreate(\r\n 'root node is forbidden and cannot be sanitized in-place'\r\n );\r\n }\r\n }\r\n } else if (dirty instanceof Node) {\r\n /* If dirty is a DOM element, append to an empty document to avoid\r\n elements being stripped by the parser */\r\n body = _initDocument('<!---->');\r\n importedNode = body.ownerDocument.importNode(dirty, true);\r\n if (importedNode.nodeType === 1 && importedNode.nodeName === 'BODY') {\r\n /* Node is already a body, use as is */\r\n body = importedNode;\r\n } else if (importedNode.nodeName === 'HTML') {\r\n body = importedNode;\r\n } else {\r\n // eslint-disable-next-line unicorn/prefer-dom-node-append\r\n body.appendChild(importedNode);\r\n }\r\n } else {\r\n /* Exit directly if we have nothing to do */\r\n if (\r\n !RETURN_DOM &&\r\n !SAFE_FOR_TEMPLATES &&\r\n !WHOLE_DOCUMENT &&\r\n // eslint-disable-next-line unicorn/prefer-includes\r\n dirty.indexOf('<') === -1\r\n ) {\r\n return trustedTypesPolicy && RETURN_TRUSTED_TYPE\r\n ? trustedTypesPolicy.createHTML(dirty)\r\n : dirty;\r\n }\r\n\r\n /* Initialize the document to work on */\r\n body = _initDocument(dirty);\r\n\r\n /* Check we have a DOM node from the data */\r\n if (!body) {\r\n return RETURN_DOM ? null : RETURN_TRUSTED_TYPE ? emptyHTML : '';\r\n }\r\n }\r\n\r\n /* Remove first element node (ours) if FORCE_BODY is set */\r\n if (body && FORCE_BODY) {\r\n _forceRemove(body.firstChild);\r\n }\r\n\r\n /* Get node iterator */\r\n const nodeIterator = _createNodeIterator(IN_PLACE ? dirty : body);\r\n\r\n /* Now start iterating over the created document */\r\n while ((currentNode = nodeIterator.nextNode())) {\r\n /* Sanitize tags and elements */\r\n if (_sanitizeElements(currentNode)) {\r\n continue;\r\n }\r\n\r\n /* Set the nesting depth of an element */\r\n if (currentNode.nodeType === 1) {\r\n if (currentNode.parentNode && currentNode.parentNode.__depth) {\r\n /*\r\n We want the depth of the node in the original tree, which can\r\n change when it's removed from its parent.\r\n */\r\n currentNode.__depth =\r\n (currentNode.__removalCount || 0) +\r\n currentNode.parentNode.__depth +\r\n 1;\r\n } else {\r\n currentNode.__depth = 1;\r\n }\r\n }\r\n\r\n /* Remove an element if nested too deeply to avoid mXSS */\r\n if (currentNode.__depth >= MAX_NESTING_DEPTH) {\r\n _forceRemove(currentNode);\r\n }\r\n\r\n /* Shadow DOM detected, sanitize it */\r\n if (currentNode.content instanceof DocumentFragment) {\r\n currentNode.content.__depth = currentNode.__depth;\r\n _sanitizeShadowDOM(currentNode.content);\r\n }\r\n\r\n /* Check attributes, sanitize if necessary */\r\n _sanitizeAttributes(currentNode);\r\n }\r\n\r\n /* If we sanitized `dirty` in-place, return it. */\r\n if (IN_PLACE) {\r\n return dirty;\r\n }\r\n\r\n /* Return sanitized string or DOM */\r\n if (RETURN_DOM) {\r\n if (RETURN_DOM_FRAGMENT) {\r\n returnNode = createDocumentFragment.call(body.ownerDocument);\r\n\r\n while (body.firstChild) {\r\n // eslint-disable-next-line unicorn/prefer-dom-node-append\r\n returnNode.appendChild(body.firstChild);\r\n }\r\n } else {\r\n returnNode = body;\r\n }\r\n\r\n if (ALLOWED_ATTR.shadowroot || ALLOWED_ATTR.shadowrootmode) {\r\n /*\r\n AdoptNode() is not used because internal state is not reset\r\n (e.g. the past names map of a HTMLFormElement), this is safe\r\n in theory but we would rather not risk another attack vector.\r\n The state that is cloned by importNode() is explicitly defined\r\n by the specs.\r\n */\r\n returnNode = importNode.call(originalDocument, returnNode, true);\r\n }\r\n\r\n return returnNode;\r\n }\r\n\r\n let serializedHTML = WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML;\r\n\r\n /* Serialize doctype if allowed */\r\n if (\r\n WHOLE_DOCUMENT &&\r\n ALLOWED_TAGS['!doctype'] &&\r\n body.ownerDocument &&\r\n body.ownerDocument.doctype &&\r\n body.ownerDocument.doctype.name &&\r\n regExpTest(EXPRESSIONS.DOCTYPE_NAME, body.ownerDocument.doctype.name)\r\n ) {\r\n serializedHTML =\r\n '<!DOCTYPE ' + body.ownerDocument.doctype.name + '>\\n' + serializedHTML;\r\n }\r\n\r\n /* Sanitize final string template-safe */\r\n if (SAFE_FOR_TEMPLATES) {\r\n arrayForEach([MUSTACHE_EXPR, ERB_EXPR, TMPLIT_EXPR], (expr) => {\r\n serializedHTML = stringReplace(serializedHTML, expr, ' ');\r\n });\r\n }\r\n\r\n return trustedTypesPolicy && RETURN_TRUSTED_TYPE\r\n ? trustedTypesPolicy.createHTML(serializedHTML)\r\n : serializedHTML;\r\n };\r\n\r\n /**\r\n * Public method to set the configuration once\r\n * setConfig\r\n *\r\n * @param {Object} cfg configuration object\r\n */\r\n DOMPurify.setConfig = function (cfg = {}) {\r\n _parseConfig(cfg);\r\n SET_CONFIG = true;\r\n };\r\n\r\n /**\r\n * Public method to remove the configuration\r\n * clearConfig\r\n *\r\n */\r\n DOMPurify.clearConfig = function () {\r\n CONFIG = null;\r\n SET_CONFIG = false;\r\n };\r\n\r\n /**\r\n * Public method to check if an attribute value is valid.\r\n * Uses last set config, if any. Otherwise, uses config defaults.\r\n * isValidAttribute\r\n *\r\n * @param {String} tag Tag name of containing element.\r\n * @param {String} attr Attribute name.\r\n * @param {String} value Attribute value.\r\n * @return {Boolean} Returns true if `value` is valid. Otherwise, returns false.\r\n */\r\n DOMPurify.isValidAttribute = function (tag, attr, value) {\r\n /* Initialize shared config vars if necessary. */\r\n if (!CONFIG) {\r\n _parseConfig({});\r\n }\r\n\r\n const lcTag = transformCaseFunc(tag);\r\n const lcName = transformCaseFunc(attr);\r\n return _isValidAttribute(lcTag, lcName, value);\r\n };\r\n\r\n /**\r\n * AddHook\r\n * Public method to add DOMPurify hooks\r\n *\r\n * @param {String} entryPoint entry point for the hook to add\r\n * @param {Function} hookFunction function to execute\r\n */\r\n DOMPurify.addHook = function (entryPoint, hookFunction) {\r\n if (typeof hookFunction !== 'function') {\r\n return;\r\n }\r\n\r\n hooks[entryPoint] = hooks[entryPoint] || [];\r\n arrayPush(hooks[entryPoint], hookFunction);\r\n };\r\n\r\n /**\r\n * RemoveHook\r\n * Public method to remove a DOMPurify hook at a given entryPoint\r\n * (pops it from the stack of hooks if more are present)\r\n *\r\n * @param {String} entryPoint entry point for the hook to remove\r\n * @return {Function} removed(popped) hook\r\n */\r\n DOMPurify.removeHook = function (entryPoint) {\r\n if (hooks[entryPoint]) {\r\n return arrayPop(hooks[entryPoint]);\r\n }\r\n };\r\n\r\n /**\r\n * RemoveHooks\r\n * Public method to remove all DOMPurify hooks at a given entryPoint\r\n *\r\n * @param {String} entryPoint entry point for the hooks to remove\r\n */\r\n DOMPurify.removeHooks = function (entryPoint) {\r\n if (hooks[entryPoint]) {\r\n hooks[entryPoint] = [];\r\n }\r\n };\r\n\r\n /**\r\n * RemoveAllHooks\r\n * Public method to remove all DOMPurify hooks\r\n */\r\n DOMPurify.removeAllHooks = function () {\r\n hooks = {};\r\n };\r\n\r\n return DOMPurify;\r\n}\r\n\r\nexport default createDOMPurify();\r\n"],"names":["entries","setPrototypeOf","isFrozen","getPrototypeOf","getOwnPropertyDescriptor","Object","freeze","seal","create","apply","construct","Reflect","x","fun","thisValue","args","Func","arrayForEach","unapply","Array","prototype","forEach","arrayPop","pop","arrayPush","push","stringToLowerCase","String","toLowerCase","stringToString","toString","stringMatch","match","stringReplace","replace","stringIndexOf","indexOf","stringTrim","trim","objectHasOwnProperty","hasOwnProperty","regExpTest","RegExp","test","typeErrorCreate","func","TypeError","_len2","arguments","length","_key2","thisArg","_len","_key","addToSet","set","array","transformCaseFunc","undefined","l","element","lcElement","cleanArray","index","clone","object","newObject","property","value","isArray","constructor","lookupGetter","prop","desc","get","html","svg","svgFilters","svgDisallowed","mathMl","mathMlDisallowed","text","xml","MUSTACHE_EXPR","ERB_EXPR","TMPLIT_EXPR","DATA_ATTR","ARIA_ATTR","IS_ALLOWED_URI","IS_SCRIPT_OR_DATA","ATTR_WHITESPACE","DOCTYPE_NAME","CUSTOM_ELEMENT","getGlobal","window","_createTrustedTypesPolicy","trustedTypes","purifyHostElement","createPolicy","suffix","ATTR_NAME","hasAttribute","getAttribute","policyName","createHTML","createScriptURL","scriptUrl","_","console","warn","purify","createDOMPurify","DOMPurify","root","version","VERSION","removed","document","nodeType","isSupported","originalDocument","currentScript","DocumentFragment","HTMLTemplateElement","Node","Element","NodeFilter","NamedNodeMap","MozNamedAttrMap","HTMLFormElement","DOMParser","ElementPrototype","cloneNode","getNextSibling","getChildNodes","getParentNode","template","createElement","content","ownerDocument","trustedTypesPolicy","emptyHTML","implementation","createNodeIterator","createDocumentFragment","getElementsByTagName","importNode","hooks","createHTMLDocument","EXPRESSIONS","ALLOWED_TAGS","DEFAULT_ALLOWED_TAGS","TAGS","ALLOWED_ATTR","DEFAULT_ALLOWED_ATTR","ATTRS","CUSTOM_ELEMENT_HANDLING","tagNameCheck","writable","configurable","enumerable","attributeNameCheck","allowCustomizedBuiltInElements","FORBID_TAGS","FORBID_ATTR","ALLOW_ARIA_ATTR","ALLOW_DATA_ATTR","ALLOW_UNKNOWN_PROTOCOLS","ALLOW_SELF_CLOSE_IN_ATTR","SAFE_FOR_TEMPLATES","SAFE_FOR_XML","WHOLE_DOCUMENT","SET_CONFIG","FORCE_BODY","RETURN_DOM","RETURN_DOM_FRAGMENT","RETURN_TRUSTED_TYPE","SANITIZE_DOM","SANITIZE_NAMED_PROPS","SANITIZE_NAMED_PROPS_PREFIX","KEEP_CONTENT","IN_PLACE","USE_PROFILES","FORBID_CONTENTS","DEFAULT_FORBID_CONTENTS","DATA_URI_TAGS","DEFAULT_DATA_URI_TAGS","URI_SAFE_ATTRIBUTES","DEFAULT_URI_SAFE_ATTRIBUTES","MATHML_NAMESPACE","SVG_NAMESPACE","HTML_NAMESPACE","NAMESPACE","IS_EMPTY_INPUT","ALLOWED_NAMESPACES","DEFAULT_ALLOWED_NAMESPACES","PARSER_MEDIA_TYPE","SUPPORTED_PARSER_MEDIA_TYPES","DEFAULT_PARSER_MEDIA_TYPE","CONFIG","MAX_NESTING_DEPTH","formElement","isRegexOrFunction","testValue","Function","_parseConfig","cfg","ADD_URI_SAFE_ATTR","ADD_DATA_URI_TAGS","ALLOWED_URI_REGEXP","ADD_TAGS","ADD_ATTR","table","tbody","TRUSTED_TYPES_POLICY","MATHML_TEXT_INTEGRATION_POINTS","HTML_INTEGRATION_POINTS","COMMON_SVG_AND_HTML_ELEMENTS","ALL_SVG_TAGS","ALL_MATHML_TAGS","_checkValidNamespace","parent","tagName","namespaceURI","parentTagName","Boolean","_forceRemove","node","parentNode","removeChild","remove","_removeAttribute","name","attribute","getAttributeNode","from","removeAttribute","setAttribute","_initDocument","dirty","doc","leadingWhitespace","matches","dirtyPayload","parseFromString","documentElement","createDocument","innerHTML","body","insertBefore","createTextNode","childNodes","call","_createNodeIterator","SHOW_ELEMENT","SHOW_COMMENT","SHOW_TEXT","SHOW_PROCESSING_INSTRUCTION","SHOW_CDATA_SECTION","_isClobbered","elm","__depth","__removalCount","nodeName","textContent","attributes","hasChildNodes","_isNode","_executeHook","entryPoint","currentNode","data","hook","_sanitizeElements","allowedTags","firstElementChild","_isBasicCustomElement","i","childClone","expr","_isValidAttribute","lcTag","lcName","_sanitizeAttributes","hookEvent","attrName","attrValue","keepAttr","allowedAttributes","attr","forceKeepAttr","getAttributeType","setAttributeNS","_sanitizeShadowDOM","fragment","shadowNode","shadowIterator","nextNode","sanitize","importedNode","returnNode","appendChild","firstChild","nodeIterator","shadowroot","shadowrootmode","serializedHTML","outerHTML","doctype","setConfig","clearConfig","isValidAttribute","tag","addHook","hookFunction","removeHook","removeHooks","removeAllHooks"],"mappings":";0OAAA,MAAMA,QACJA,EAAOC,eACPA,EAAcC,SACdA,EAAQC,eACRA,EAAcC,yBACdA,GACEC,OAEJ,IAAIC,OAAEA,EAAMC,KAAEA,EAAIC,OAAEA,GAAWH,QAC3BI,MAAEA,EAAKC,UAAEA,GAAiC,oBAAZC,SAA2BA,QAExDL,IACHA,EAAS,SAAUM,GACjB,OAAOA,IAINL,IACHA,EAAO,SAAUK,GACf,OAAOA,IAINH,IACHA,EAAQ,SAAUI,EAAKC,EAAWC,GAChC,OAAOF,EAAIJ,MAAMK,EAAWC,KAI3BL,IACHA,EAAY,SAAUM,EAAMD,GAC1B,OAAO,IAAIC,KAAQD,KAIvB,MAAME,EAAeC,EAAQC,MAAMC,UAAUC,SAEvCC,EAAWJ,EAAQC,MAAMC,UAAUG,KACnCC,EAAYN,EAAQC,MAAMC,UAAUK,MAGpCC,EAAoBR,EAAQS,OAAOP,UAAUQ,aAC7CC,EAAiBX,EAAQS,OAAOP,UAAUU,UAC1CC,EAAcb,EAAQS,OAAOP,UAAUY,OACvCC,EAAgBf,EAAQS,OAAOP,UAAUc,SACzCC,EAAgBjB,EAAQS,OAAOP,UAAUgB,SACzCC,EAAanB,EAAQS,OAAOP,UAAUkB,MAEtCC,EAAuBrB,EAAQb,OAAOe,UAAUoB,gBAEhDC,EAAavB,EAAQwB,OAAOtB,UAAUuB,MAEtCC,GAkBeC,EAlBeC,UAmB3B,WAAA,IAAA,IAAAC,EAAAC,UAAAC,OAAIlC,EAAII,IAAAA,MAAA4B,GAAAG,EAAA,EAAAA,EAAAH,EAAAG,IAAJnC,EAAImC,GAAAF,UAAAE,GAAA,OAAKxC,EAAUmC,EAAM9B,EAAK,GAD3C,IAAqB8B,EAVrB,SAAS3B,EAAQ2B,GACf,OAAO,SAACM,GAAO,IAAAC,IAAAA,EAAAJ,UAAAC,OAAKlC,MAAII,MAAAiC,EAAAA,EAAAA,OAAAC,EAAA,EAAAA,EAAAD,EAAAC,IAAJtC,EAAIsC,EAAAL,GAAAA,UAAAK,GAAA,OAAK5C,EAAMoC,EAAMM,EAASpC,EAAK,CACzD,CAoBA,SAASuC,EAASC,EAAKC,GAA8C,IAAvCC,EAAiBT,UAAAC,OAAA,QAAAS,IAAAV,UAAA,GAAAA,UAAA,GAAGtB,EAC5CzB,GAIFA,EAAesD,EAAK,MAGtB,IAAII,EAAIH,EAAMP,OACd,KAAOU,KAAK,CACV,IAAIC,EAAUJ,EAAMG,GACpB,GAAuB,iBAAZC,EAAsB,CAC/B,MAAMC,EAAYJ,EAAkBG,GAChCC,IAAcD,IAEX1D,EAASsD,KACZA,EAAMG,GAAKE,GAGbD,EAAUC,EAEd,CAEAN,EAAIK,IAAW,CACjB,CAEA,OAAOL,CACT,CAQA,SAASO,EAAWN,GAClB,IAAK,IAAIO,EAAQ,EAAGA,EAAQP,EAAMP,OAAQc,IAAS,CACzBxB,EAAqBiB,EAAOO,KAGlDP,EAAMO,GAAS,KAEnB,CAEA,OAAOP,CACT,CAQA,SAASQ,EAAMC,GACb,MAAMC,EAAY1D,EAAO,MAEzB,IAAK,MAAO2D,EAAUC,KAAUpE,EAAQiE,GAAS,CACvB1B,EAAqB0B,EAAQE,KAG/ChD,MAAMkD,QAAQD,GAChBF,EAAUC,GAAYL,EAAWM,GAEjCA,GACiB,iBAAVA,GACPA,EAAME,cAAgBjE,OAEtB6D,EAAUC,GAAYH,EAAMI,GAE5BF,EAAUC,GAAYC,EAG5B,CAEA,OAAOF,CACT,CASA,SAASK,EAAaN,EAAQO,GAC5B,KAAkB,OAAXP,GAAiB,CACtB,MAAMQ,EAAOrE,EAAyB6D,EAAQO,GAE9C,GAAIC,EAAM,CACR,GAAIA,EAAKC,IACP,OAAOxD,EAAQuD,EAAKC,KAGtB,GAA0B,mBAAfD,EAAKL,MACd,OAAOlD,EAAQuD,EAAKL,MAExB,CAEAH,EAAS9D,EAAe8D,EAC1B,CAMA,OAJA,WACE,OAAO,IACT,CAGF,CC1LO,MAAMU,EAAOrE,EAAO,CACzB,IACA,OACA,UACA,UACA,OACA,UACA,QACA,QACA,IACA,MACA,MACA,MACA,QACA,aACA,OACA,KACA,SACA,SACA,UACA,SACA,OACA,OACA,MACA,WACA,UACA,OACA,WACA,KACA,YACA,MACA,UACA,MACA,SACA,MACA,MACA,KACA,KACA,UACA,KACA,WACA,aACA,SACA,OACA,SACA,OACA,KACA,KACA,KACA,KACA,KACA,KACA,OACA,SACA,SACA,KACA,OACA,IACA,MACA,QACA,MACA,MACA,QACA,SACA,KACA,OACA,MACA,OACA,UACA,OACA,WACA,QACA,MACA,OACA,KACA,WACA,SACA,SACA,IACA,UACA,MACA,WACA,IACA,KACA,KACA,OACA,IACA,OACA,UACA,SACA,SACA,QACA,SACA,SACA,OACA,SACA,SACA,QACA,MACA,UACA,MACA,QACA,QACA,KACA,WACA,WACA,QACA,KACA,QACA,OACA,KACA,QACA,KACA,IACA,KACA,MACA,QACA,QAIWsE,EAAMtE,EAAO,CACxB,MACA,IACA,WACA,cACA,eACA,eACA,gBACA,mBACA,SACA,WACA,OACA,OACA,UACA,SACA,OACA,IACA,QACA,WACA,QACA,QACA,OACA,iBACA,SACA,OACA,WACA,QACA,OACA,UACA,UACA,WACA,iBACA,OACA,OACA,QACA,SACA,SACA,OACA,WACA,QACA,OACA,QACA,OACA,UAGWuE,EAAavE,EAAO,CAC/B,UACA,gBACA,sBACA,cACA,mBACA,oBACA,oBACA,iBACA,eACA,UACA,UACA,UACA,UACA,UACA,iBACA,UACA,UACA,cACA,eACA,WACA,eACA,qBACA,cACA,SACA,iBAOWwE,EAAgBxE,EAAO,CAClC,UACA,gBACA,SACA,UACA,YACA,mBACA,iBACA,gBACA,gBACA,gBACA,QACA,YACA,OACA,eACA,YACA,UACA,gBACA,SACA,MACA,aACA,UACA,QAGWyE,EAASzE,EAAO,CAC3B,OACA,WACA,SACA,UACA,QACA,SACA,KACA,aACA,gBACA,KACA,KACA,QACA,UACA,WACA,QACA,OACA,KACA,SACA,QACA,SACA,OACA,OACA,UACA,SACA,MACA,QACA,MACA,SACA,aACA,gBAKW0E,EAAmB1E,EAAO,CACrC,UACA,cACA,aACA,WACA,YACA,UACA,UACA,SACA,SACA,QACA,YACA,aACA,iBACA,cACA,SAGW2E,EAAO3E,EAAO,CAAC,UCrRfqE,EAAOrE,EAAO,CACzB,SACA,SACA,QACA,MACA,iBACA,eACA,uBACA,WACA,aACA,UACA,SACA,UACA,cACA,cACA,UACA,OACA,QACA,QACA,QACA,OACA,UACA,WACA,eACA,SACA,cACA,WACA,WACA,UACA,MACA,WACA,0BACA,wBACA,WACA,YACA,UACA,eACA,OACA,MACA,UACA,SACA,SACA,OACA,OACA,WACA,KACA,YACA,YACA,QACA,OACA,QACA,OACA,OACA,UACA,OACA,MACA,MACA,YACA,QACA,SACA,MACA,YACA,WACA,QACA,OACA,QACA,UACA,aACA,SACA,OACA,UACA,UACA,cACA,cACA,SACA,UACA,UACA,aACA,WACA,MACA,WACA,MACA,WACA,OACA,OACA,UACA,aACA,QACA,WACA,QACA,OACA,QACA,OACA,UACA,QACA,MACA,SACA,OACA,QACA,UACA,WACA,QACA,YACA,OACA,SACA,SACA,QACA,QACA,OACA,QACA,SAGWsE,EAAMtE,EAAO,CACxB,gBACA,aACA,WACA,qBACA,SACA,gBACA,gBACA,UACA,gBACA,iBACA,QACA,OACA,KACA,QACA,OACA,gBACA,YACA,YACA,QACA,sBACA,8BACA,gBACA,kBACA,KACA,KACA,IACA,KACA,KACA,kBACA,YACA,UACA,UACA,MACA,WACA,YACA,MACA,OACA,eACA,YACA,SACA,cACA,cACA,gBACA,cACA,YACA,mBACA,eACA,aACA,eACA,cACA,KACA,KACA,KACA,KACA,aACA,WACA,gBACA,oBACA,SACA,OACA,KACA,kBACA,KACA,MACA,IACA,KACA,KACA,KACA,KACA,UACA,YACA,aACA,WACA,OACA,eACA,iBACA,eACA,mBACA,iBACA,QACA,aACA,aACA,eACA,eACA,cACA,cACA,mBACA,YACA,MACA,OACA,QACA,SACA,OACA,MACA,OACA,aACA,SACA,WACA,UACA,QACA,SACA,cACA,SACA,WACA,cACA,OACA,aACA,sBACA,mBACA,eACA,SACA,gBACA,sBACA,iBACA,IACA,KACA,KACA,SACA,OACA,OACA,cACA,YACA,UACA,SACA,SACA,QACA,OACA,kBACA,mBACA,mBACA,eACA,cACA,eACA,cACA,aACA,eACA,mBACA,oBACA,iBACA,kBACA,oBACA,iBACA,SACA,eACA,QACA,eACA,iBACA,WACA,UACA,UACA,YACA,mBACA,cACA,kBACA,iBACA,aACA,OACA,KACA,KACA,UACA,SACA,UACA,aACA,UACA,aACA,gBACA,gBACA,QACA,eACA,OACA,eACA,mBACA,mBACA,IACA,KACA,KACA,QACA,IACA,KACA,KACA,IACA,eAGWyE,EAASzE,EAAO,CAC3B,SACA,cACA,QACA,WACA,QACA,eACA,cACA,aACA,aACA,QACA,MACA,UACA,eACA,WACA,QACA,QACA,SACA,OACA,KACA,UACA,SACA,gBACA,SACA,SACA,iBACA,YACA,WACA,cACA,UACA,UACA,gBACA,WACA,WACA,OACA,WACA,WACA,aACA,UACA,SACA,SACA,cACA,gBACA,uBACA,YACA,YACA,aACA,WACA,iBACA,iBACA,YACA,UACA,QACA,UAGW4E,EAAM5E,EAAO,CACxB,aACA,SACA,cACA,YACA,gBCtWW6E,EAAgB5E,EAAK,6BACrB6E,EAAW7E,EAAK,yBAChB8E,EAAc9E,EAAK,iBACnB+E,EAAY/E,EAAK,8BACjBgF,EAAYhF,EAAK,kBACjBiF,EAAiBjF,EAC5B,6FAEWkF,EAAoBlF,EAAK,yBACzBmF,EAAkBnF,EAC7B,+DAEWoF,EAAepF,EAAK,WACpBqF,EAAiBrF,EAAK,0NCQnC,MAAMsF,EAAY,WAChB,MAAyB,oBAAXC,OAAyB,KAAOA,MAChD,EAUMC,EAA4B,SAAUC,EAAcC,GACxD,GAC0B,iBAAjBD,GAC8B,mBAA9BA,EAAaE,aAEpB,OAAO,KAMT,IAAIC,EAAS,KACb,MAAMC,EAAY,wBACdH,GAAqBA,EAAkBI,aAAaD,KACtDD,EAASF,EAAkBK,aAAaF,IAG1C,MAAMG,EAAa,aAAeJ,EAAS,IAAMA,EAAS,IAE1D,IACE,OAAOH,EAAaE,aAAaK,EAAY,CAC3CC,WAAW7B,GACFA,EAET8B,gBAAgBC,GACPA,GAWb,CARE,MAAOC,GAOP,OAHAC,QAAQC,KACN,uBAAyBN,EAAa,0BAEjC,IACT,CACF,EAymDA,IAAAO,EAvmDA,SAASC,IAAsC,IAAtBjB,EAAM9C,UAAAC,OAAAD,QAAAU,IAAAV,UAAAU,GAAAV,UAAG6C,GAAAA,IAChC,MAAMmB,EAAaC,GAASF,EAAgBE,GAc5C,GARAD,EAAUE,QAAUC,QAMpBH,EAAUI,QAAU,IAEftB,IAAWA,EAAOuB,UAAyC,IAA7BvB,EAAOuB,SAASC,SAKjD,OAFAN,EAAUO,aAAc,EAEjBP,EAGT,IAAIK,SAAEA,GAAavB,EAEnB,MAAM0B,EAAmBH,EACnBI,EAAgBD,EAAiBC,eACjCC,iBACJA,EAAgBC,oBAChBA,EAAmBC,KACnBA,EAAIC,QACJA,EAAOC,WACPA,EAAUC,aACVA,EAAejC,EAAOiC,cAAgBjC,EAAOkC,gBAAeC,gBAC5DA,EAAeC,UACfA,EAASlC,aACTA,GACEF,EAEEqC,EAAmBN,EAAQzG,UAE3BgH,EAAY7D,EAAa4D,EAAkB,aAC3CE,EAAiB9D,EAAa4D,EAAkB,eAChDG,EAAgB/D,EAAa4D,EAAkB,cAC/CI,EAAgBhE,EAAa4D,EAAkB,cAQrD,GAAmC,mBAAxBR,EAAoC,CAC7C,MAAMa,EAAWnB,EAASoB,cAAc,YACpCD,EAASE,SAAWF,EAASE,QAAQC,gBACvCtB,EAAWmB,EAASE,QAAQC,cAEhC,CAEA,IAAIC,GACAC,GAAY,GAEhB,MAAMC,eACJA,GAAcC,mBACdA,GAAkBC,uBAClBA,GAAsBC,qBACtBA,IACE5B,GACE6B,WAAEA,IAAe1B,EAEvB,IAAI2B,GAAQ,CAAA,EAKZnC,EAAUO,YACW,mBAAZvH,GACkB,mBAAlBuI,GACPO,SACsCpF,IAAtCoF,GAAeM,mBAEjB,MAAMjE,cACJA,GAAaC,SACbA,GAAQC,YACRA,GAAWC,UACXA,GAASC,UACTA,GAASE,kBACTA,GAAiBC,gBACjBA,GAAeE,eACfA,IACEyD,EAEJ,IAAM7D,eAAAA,IAAmB6D,EAQrBC,GAAe,KACnB,MAAMC,GAAuBjG,EAAS,GAAI,IACrCkG,KACAA,KACAA,KACAA,KACAA,IAIL,IAAIC,GAAe,KACnB,MAAMC,GAAuBpG,EAAS,CAAE,EAAE,IACrCqG,KACAA,KACAA,KACAA,IASL,IAAIC,GAA0BvJ,OAAOE,KACnCC,EAAO,KAAM,CACXqJ,aAAc,CACZC,UAAU,EACVC,cAAc,EACdC,YAAY,EACZ5F,MAAO,MAET6F,mBAAoB,CAClBH,UAAU,EACVC,cAAc,EACdC,YAAY,EACZ5F,MAAO,MAET8F,+BAAgC,CAC9BJ,UAAU,EACVC,cAAc,EACdC,YAAY,EACZ5F,OAAO,MAMT+F,GAAc,KAGdC,GAAc,KAGdC,IAAkB,EAGlBC,IAAkB,EAGlBC,IAA0B,EAI1BC,IAA2B,EAK3BC,IAAqB,EAKrBC,IAAe,EAGfC,IAAiB,EAGjBC,IAAa,EAIbC,IAAa,EAMbC,IAAa,EAIbC,IAAsB,EAItBC,IAAsB,EAKtBC,IAAe,EAefC,IAAuB,EAC3B,MAAMC,GAA8B,gBAGpC,IAAIC,IAAe,EAIfC,IAAW,EAGXC,GAAe,CAAA,EAGfC,GAAkB,KACtB,MAAMC,GAA0BlI,EAAS,CAAE,EAAE,CAC3C,iBACA,QACA,WACA,OACA,gBACA,OACA,SACA,OACA,KACA,KACA,KACA,KACA,QACA,UACA,WACA,WACA,YACA,SACA,QACA,MACA,WACA,QACA,QACA,QACA,QAIF,IAAImI,GAAgB,KACpB,MAAMC,GAAwBpI,EAAS,CAAE,EAAE,CACzC,QACA,QACA,MACA,SACA,QACA,UAIF,IAAIqI,GAAsB,KAC1B,MAAMC,GAA8BtI,EAAS,GAAI,CAC/C,MACA,QACA,MACA,KACA,QACA,OACA,UACA,cACA,OACA,UACA,QACA,QACA,QACA,UAGIuI,GAAmB,qCACnBC,GAAgB,6BAChBC,GAAiB,+BAEvB,IAAIC,GAAYD,GACZE,IAAiB,EAGjBC,GAAqB,KACzB,MAAMC,GAA6B7I,EACjC,GACA,CAACuI,GAAkBC,GAAeC,IAClClK,GAIF,IAAIuK,GAAoB,KACxB,MAAMC,GAA+B,CAAC,wBAAyB,aACzDC,GAA4B,YAClC,IAAI7I,GAAoB,KAGpB8I,GAAS,KAGb,MAAMC,GAAoB,IAKpBC,GAAcpF,EAASoB,cAAc,QAErCiE,GAAoB,SAAUC,GAClC,OAAOA,aAAqBjK,QAAUiK,aAAqBC,UASvDC,GAAe,WAAoB,IAAVC,EAAG9J,UAAAC,OAAA,QAAAS,IAAAV,UAAA,GAAAA,UAAA,GAAG,CAAA,EACnC,IAAIuJ,IAAUA,KAAWO,EAAzB,CAwLA,GAnLKA,GAAsB,iBAARA,IACjBA,EAAM,CAAA,GAIRA,EAAM9I,EAAM8I,GAEZV,IAEmE,IAAjEC,GAA6BjK,QAAQ0K,EAAIV,mBACrCE,GACAQ,EAAIV,kBAGV3I,GACwB,0BAAtB2I,GACIvK,EACAH,EAGN4H,GAAe/G,EAAqBuK,EAAK,gBACrCxJ,EAAS,CAAE,EAAEwJ,EAAIxD,aAAc7F,IAC/B8F,GACJE,GAAelH,EAAqBuK,EAAK,gBACrCxJ,EAAS,CAAE,EAAEwJ,EAAIrD,aAAchG,IAC/BiG,GACJwC,GAAqB3J,EAAqBuK,EAAK,sBAC3CxJ,EAAS,CAAE,EAAEwJ,EAAIZ,mBAAoBrK,GACrCsK,GACJR,GAAsBpJ,EAAqBuK,EAAK,qBAC5CxJ,EACEU,EAAM4H,IACNkB,EAAIC,kBACJtJ,IAEFmI,GACJH,GAAgBlJ,EAAqBuK,EAAK,qBACtCxJ,EACEU,EAAM0H,IACNoB,EAAIE,kBACJvJ,IAEFiI,GACJH,GAAkBhJ,EAAqBuK,EAAK,mBACxCxJ,EAAS,CAAE,EAAEwJ,EAAIvB,gBAAiB9H,IAClC+H,GACJrB,GAAc5H,EAAqBuK,EAAK,eACpCxJ,EAAS,CAAE,EAAEwJ,EAAI3C,YAAa1G,IAC9B,CAAA,EACJ2G,GAAc7H,EAAqBuK,EAAK,eACpCxJ,EAAS,CAAE,EAAEwJ,EAAI1C,YAAa3G,IAC9B,CAAA,EACJ6H,KAAe/I,EAAqBuK,EAAK,iBACrCA,EAAIxB,aAERjB,IAA0C,IAAxByC,EAAIzC,gBACtBC,IAA0C,IAAxBwC,EAAIxC,gBACtBC,GAA0BuC,EAAIvC,0BAA2B,EACzDC,IAA4D,IAAjCsC,EAAItC,yBAC/BC,GAAqBqC,EAAIrC,qBAAsB,EAC/CC,IAAoC,IAArBoC,EAAIpC,aACnBC,GAAiBmC,EAAInC,iBAAkB,EACvCG,GAAagC,EAAIhC,aAAc,EAC/BC,GAAsB+B,EAAI/B,sBAAuB,EACjDC,GAAsB8B,EAAI9B,sBAAuB,EACjDH,GAAaiC,EAAIjC,aAAc,EAC/BI,IAAoC,IAArB6B,EAAI7B,aACnBC,GAAuB4B,EAAI5B,uBAAwB,EACnDE,IAAoC,IAArB0B,EAAI1B,aACnBC,GAAWyB,EAAIzB,WAAY,EAC3B7F,GAAiBsH,EAAIG,oBAAsB5D,EAC3C2C,GAAYc,EAAId,WAAaD,GAC7BnC,GAA0BkD,EAAIlD,yBAA2B,GAEvDkD,EAAIlD,yBACJ8C,GAAkBI,EAAIlD,wBAAwBC,gBAE9CD,GAAwBC,aACtBiD,EAAIlD,wBAAwBC,cAI9BiD,EAAIlD,yBACJ8C,GAAkBI,EAAIlD,wBAAwBK,sBAE9CL,GAAwBK,mBACtB6C,EAAIlD,wBAAwBK,oBAI9B6C,EAAIlD,yBAEF,kBADKkD,EAAIlD,wBAAwBM,iCAGnCN,GAAwBM,+BACtB4C,EAAIlD,wBAAwBM,gCAG5BO,KACFH,IAAkB,GAGhBS,KACFD,IAAa,GAIXQ,KACFhC,GAAehG,EAAS,GAAIkG,GAC5BC,GAAe,IACW,IAAtB6B,GAAa3G,OACfrB,EAASgG,GAAcE,GACvBlG,EAASmG,GAAcE,KAGA,IAArB2B,GAAa1G,MACftB,EAASgG,GAAcE,GACvBlG,EAASmG,GAAcE,GACvBrG,EAASmG,GAAcE,KAGO,IAA5B2B,GAAazG,aACfvB,EAASgG,GAAcE,GACvBlG,EAASmG,GAAcE,GACvBrG,EAASmG,GAAcE,KAGG,IAAxB2B,GAAavG,SACfzB,EAASgG,GAAcE,GACvBlG,EAASmG,GAAcE,GACvBrG,EAASmG,GAAcE,KAKvBmD,EAAII,WACF5D,KAAiBC,KACnBD,GAAetF,EAAMsF,KAGvBhG,EAASgG,GAAcwD,EAAII,SAAUzJ,KAGnCqJ,EAAIK,WACF1D,KAAiBC,KACnBD,GAAezF,EAAMyF,KAGvBnG,EAASmG,GAAcqD,EAAIK,SAAU1J,KAGnCqJ,EAAIC,mBACNzJ,EAASqI,GAAqBmB,EAAIC,kBAAmBtJ,IAGnDqJ,EAAIvB,kBACFA,KAAoBC,KACtBD,GAAkBvH,EAAMuH,KAG1BjI,EAASiI,GAAiBuB,EAAIvB,gBAAiB9H,KAI7C2H,KACF9B,GAAa,UAAW,GAItBqB,IACFrH,EAASgG,GAAc,CAAC,OAAQ,OAAQ,SAItCA,GAAa8D,QACf9J,EAASgG,GAAc,CAAC,iBACjBa,GAAYkD,OAGjBP,EAAIQ,qBAAsB,CAC5B,GAAmD,mBAAxCR,EAAIQ,qBAAqB9G,WAClC,MAAM5D,EACJ,+EAIJ,GAAwD,mBAA7CkK,EAAIQ,qBAAqB7G,gBAClC,MAAM7D,EACJ,oFAKJgG,GAAqBkE,EAAIQ,qBAGzBzE,GAAYD,GAAmBpC,WAAW,GAC5C,WAE6B9C,IAAvBkF,KACFA,GAAqB7C,EACnBC,EACAyB,IAKuB,OAAvBmB,IAAoD,iBAAdC,KACxCA,GAAYD,GAAmBpC,WAAW,KAM1ClG,GACFA,EAAOwM,GAGTP,GAASO,CA7NT,GAgOIS,GAAiCjK,EAAS,CAAA,EAAI,CAClD,KACA,KACA,KACA,KACA,UAGIkK,GAA0BlK,EAAS,GAAI,CAC3C,gBACA,OACA,QACA,mBAOImK,GAA+BnK,EAAS,CAAA,EAAI,CAChD,QACA,QACA,OACA,IACA,WAMIoK,GAAepK,EAAS,CAAA,EAAI,IAC7BkG,KACAA,KACAA,IAECmE,GAAkBrK,EAAS,CAAE,EAAE,IAChCkG,KACAA,IASCoE,GAAuB,SAAUhK,GACrC,IAAIiK,EAAStF,EAAc3E,GAItBiK,GAAWA,EAAOC,UACrBD,EAAS,CACPE,aAAc/B,GACd8B,QAAS,aAIb,MAAMA,EAAUpM,EAAkBkC,EAAQkK,SACpCE,EAAgBtM,EAAkBmM,EAAOC,SAE/C,QAAK5B,GAAmBtI,EAAQmK,gBAI5BnK,EAAQmK,eAAiBjC,GAIvB+B,EAAOE,eAAiBhC,GACP,QAAZ+B,EAMLD,EAAOE,eAAiBlC,GAEZ,QAAZiC,IACmB,mBAAlBE,GACCT,GAA+BS,IAM9BC,QAAQP,GAAaI,IAG1BlK,EAAQmK,eAAiBlC,GAIvBgC,EAAOE,eAAiBhC,GACP,SAAZ+B,EAKLD,EAAOE,eAAiBjC,GACP,SAAZgC,GAAsBN,GAAwBQ,GAKhDC,QAAQN,GAAgBG,IAG7BlK,EAAQmK,eAAiBhC,KAKzB8B,EAAOE,eAAiBjC,KACvB0B,GAAwBQ,QAMzBH,EAAOE,eAAiBlC,KACvB0B,GAA+BS,OAQ/BL,GAAgBG,KAChBL,GAA6BK,KAAaJ,GAAaI,QAMpC,0BAAtB1B,KACAF,GAAmBtI,EAAQmK,iBAiBzBG,GAAe,SAAUC,GAC7B3M,EAAUwF,EAAUI,QAAS,CAAExD,QAASuK,IAExC,IAEEA,EAAKC,WAAWC,YAAYF,EAG9B,CAFE,MAAOxH,GACPwH,EAAKG,QACP,GASIC,GAAmB,SAAUC,EAAML,GACvC,IACE3M,EAAUwF,EAAUI,QAAS,CAC3BqH,UAAWN,EAAKO,iBAAiBF,GACjCG,KAAMR,GAOV,CALE,MAAOxH,GACPnF,EAAUwF,EAAUI,QAAS,CAC3BqH,UAAW,KACXE,KAAMR,GAEV,CAKA,GAHAA,EAAKS,gBAAgBJ,GAGR,OAATA,IAAkB/E,GAAa+E,GACjC,GAAI1D,IAAcC,GAChB,IACEmD,GAAaC,EACF,CAAX,MAAOxH,GAAI,MAEb,IACEwH,EAAKU,aAAaL,EAAM,GACb,CAAX,MAAO7H,GAAI,GAWbmI,GAAgB,SAAUC,GAE9B,IAAIC,EAAM,KACNC,EAAoB,KAExB,GAAIpE,GACFkE,EAAQ,oBAAsBA,MACzB,CAEL,MAAMG,EAAUnN,EAAYgN,EAAO,eACnCE,EAAoBC,GAAWA,EAAQ,EACzC,CAGwB,0BAAtB9C,IACAJ,KAAcD,KAGdgD,EACE,iEACAA,EACA,kBAGJ,MAAMI,EAAevG,GACjBA,GAAmBpC,WAAWuI,GAC9BA,EAKJ,GAAI/C,KAAcD,GAChB,IACEiD,GAAM,IAAI9G,GAAYkH,gBAAgBD,EAAc/C,GACzC,CAAX,MAAOzF,GAAI,CAIf,IAAKqI,IAAQA,EAAIK,gBAAiB,CAChCL,EAAMlG,GAAewG,eAAetD,GAAW,WAAY,MAC3D,IACEgD,EAAIK,gBAAgBE,UAAYtD,GAC5BpD,GACAsG,CAEJ,CADA,MAAOxI,GACP,CAEJ,CAEA,MAAM6I,EAAOR,EAAIQ,MAAQR,EAAIK,gBAU7B,OARIN,GAASE,GACXO,EAAKC,aACHpI,EAASqI,eAAeT,GACxBO,EAAKG,WAAW,IAAM,MAKtB3D,KAAcD,GACT9C,GAAqB2G,KAC1BZ,EACArE,GAAiB,OAAS,QAC1B,GAGGA,GAAiBqE,EAAIK,gBAAkBG,GAS1CK,GAAsB,SAAU5I,GACpC,OAAO8B,GAAmB6G,KACxB3I,EAAK0B,eAAiB1B,EACtBA,EAEAa,EAAWgI,aACThI,EAAWiI,aACXjI,EAAWkI,UACXlI,EAAWmI,4BACXnI,EAAWoI,mBACb,OAUEC,GAAe,SAAUC,GAC7B,OACEA,aAAenI,SAEU,IAAhBmI,EAAIC,SACY,iBAAhBD,EAAIC,cAEoB,IAAvBD,EAAIE,gBACoB,iBAAvBF,EAAIE,gBACW,iBAAjBF,EAAIG,UACgB,iBAApBH,EAAII,aACgB,mBAApBJ,EAAI/B,eACT+B,EAAIK,sBAAsB1I,IACG,mBAAxBqI,EAAIxB,iBACiB,mBAArBwB,EAAIvB,cACiB,iBAArBuB,EAAIrC,cACiB,mBAArBqC,EAAIX,cACkB,mBAAtBW,EAAIM,gBAUXC,GAAU,SAAU1M,GACxB,MAAuB,mBAAT2D,GAAuB3D,aAAkB2D,GAWnDgJ,GAAe,SAAUC,EAAYC,EAAaC,GACjD5H,GAAM0H,IAIX5P,EAAakI,GAAM0H,IAAcG,IAC/BA,EAAKpB,KAAK5I,EAAW8J,EAAaC,EAAMxE,GAAO,KAc7C0E,GAAoB,SAAUH,GAClC,IAAIpI,EAAU,KAMd,GAHAkI,GAAa,yBAA0BE,EAAa,MAGhDX,GAAaW,GAEf,OADA5C,GAAa4C,IACN,EAIT,MAAMhD,EAAUrK,GAAkBqN,EAAYP,UAS9C,GANAK,GAAa,sBAAuBE,EAAa,CAC/ChD,UACAoD,YAAa5H,KAKbwH,EAAYJ,kBACXC,GAAQG,EAAYK,oBACrB1O,EAAW,UAAWqO,EAAYvB,YAClC9M,EAAW,UAAWqO,EAAYN,aAGlC,OADAtC,GAAa4C,IACN,EAIT,GAA6B,IAAzBA,EAAYxJ,SAEd,OADA4G,GAAa4C,IACN,EAIT,GACEpG,IACyB,IAAzBoG,EAAYxJ,UACZ7E,EAAW,UAAWqO,EAAYC,MAGlC,OADA7C,GAAa4C,IACN,EAIT,IAAKxH,GAAawE,IAAY3D,GAAY2D,GAAU,CAElD,IAAK3D,GAAY2D,IAAYsD,GAAsBtD,GAAU,CAC3D,GACElE,GAAwBC,wBAAwBnH,QAChDD,EAAWmH,GAAwBC,aAAciE,GAEjD,OAAO,EAGT,GACElE,GAAwBC,wBAAwB+C,UAChDhD,GAAwBC,aAAaiE,GAErC,OAAO,CAEX,CAGA,GAAI1C,KAAiBG,GAAgBuC,GAAU,CAC7C,MAAMM,EAAa7F,EAAcuI,IAAgBA,EAAY1C,WACvDuB,EAAarH,EAAcwI,IAAgBA,EAAYnB,WAE7D,GAAIA,GAAcvB,EAAY,CAG5B,IAAK,IAAIiD,EAFU1B,EAAW1M,OAEJ,EAAGoO,GAAK,IAAKA,EAAG,CACxC,MAAMC,EAAalJ,EAAUuH,EAAW0B,IAAI,GAC5CC,EAAWhB,gBAAkBQ,EAAYR,gBAAkB,GAAK,EAChElC,EAAWqB,aAAa6B,EAAYjJ,EAAeyI,GACrD,CACF,CACF,CAGA,OADA5C,GAAa4C,IACN,CACT,CAGA,OAAIA,aAAuBjJ,IAAY+F,GAAqBkD,IAC1D5C,GAAa4C,IACN,GAKM,aAAZhD,GACa,YAAZA,GACY,aAAZA,IACFrL,EAAW,8BAA+BqO,EAAYvB,YAOpD9E,IAA+C,IAAzBqG,EAAYxJ,WAEpCoB,EAAUoI,EAAYN,YAEtBvP,EAAa,CAACkE,GAAeC,GAAUC,KAAekM,IACpD7I,EAAUzG,EAAcyG,EAAS6I,EAAM,IAAI,IAGzCT,EAAYN,cAAgB9H,IAC9BlH,EAAUwF,EAAUI,QAAS,CAAExD,QAASkN,EAAY1I,cACpD0I,EAAYN,YAAc9H,IAK9BkI,GAAa,wBAAyBE,EAAa,OAE5C,IAtBL5C,GAAa4C,IACN,IAiCLU,GAAoB,SAAUC,EAAOC,EAAQtN,GAEjD,GACE6G,KACY,OAAXyG,GAA8B,SAAXA,KACnBtN,KAASiD,GAAYjD,KAASqI,IAE/B,OAAO,EAOT,GACEnC,KACCF,GAAYsH,IACbjP,EAAW6C,GAAWoM,SAGjB,GAAIrH,IAAmB5H,EAAW8C,GAAWmM,SAG7C,IAAKjI,GAAaiI,IAAWtH,GAAYsH,IAC9C,KAIGN,GAAsBK,KACnB7H,GAAwBC,wBAAwBnH,QAChDD,EAAWmH,GAAwBC,aAAc4H,IAChD7H,GAAwBC,wBAAwB+C,UAC/ChD,GAAwBC,aAAa4H,MACvC7H,GAAwBK,8BAA8BvH,QACtDD,EAAWmH,GAAwBK,mBAAoByH,IACtD9H,GAAwBK,8BAA8B2C,UACrDhD,GAAwBK,mBAAmByH,KAGrC,OAAXA,GACC9H,GAAwBM,iCACtBN,GAAwBC,wBAAwBnH,QAChDD,EAAWmH,GAAwBC,aAAczF,IAChDwF,GAAwBC,wBAAwB+C,UAC/ChD,GAAwBC,aAAazF,KAK3C,OAAO,OAGJ,GAAIuH,GAAoB+F,SAIxB,GACLjP,EAAW+C,GAAgBvD,EAAcmC,EAAOsB,GAAiB,WAK5D,GACO,QAAXgM,GAA+B,eAAXA,GAAsC,SAAXA,GACtC,WAAVD,GACkC,IAAlCtP,EAAciC,EAAO,WACrBqH,GAAcgG,IAMT,GACLlH,KACC9H,EAAWgD,GAAmBxD,EAAcmC,EAAOsB,GAAiB,WAIhE,GAAItB,EACT,OAAO,OAMT,OAAO,GAWHgN,GAAwB,SAAUtD,GACtC,MAAmB,mBAAZA,GAAgC/L,EAAY+L,EAASlI,KAaxD+L,GAAsB,SAAUb,GAEpCF,GAAa,2BAA4BE,EAAa,MAEtD,MAAML,WAAEA,GAAeK,EAGvB,IAAKL,EACH,OAGF,MAAMmB,EAAY,CAChBC,SAAU,GACVC,UAAW,GACXC,UAAU,EACVC,kBAAmBvI,IAErB,IAAI9F,EAAI8M,EAAWxN,OAGnB,KAAOU,KAAK,CACV,MAAMsO,EAAOxB,EAAW9M,IAClB6K,KAAEA,EAAIT,aAAEA,EAAc3J,MAAO0N,GAAcG,EAC3CP,EAASjO,GAAkB+K,GAEjC,IAAIpK,EAAiB,UAAToK,EAAmBsD,EAAYzP,EAAWyP,GAUtD,GAPAF,EAAUC,SAAWH,EACrBE,EAAUE,UAAY1N,EACtBwN,EAAUG,UAAW,EACrBH,EAAUM,mBAAgBxO,EAC1BkN,GAAa,wBAAyBE,EAAac,GACnDxN,EAAQwN,EAAUE,UAEdF,EAAUM,cACZ,SAOF,GAHA3D,GAAiBC,EAAMsC,IAGlBc,EAAUG,SACb,SAIF,IAAKvH,IAA4B/H,EAAW,OAAQ2B,GAAQ,CAC1DmK,GAAiBC,EAAMsC,GACvB,QACF,CAGIrG,IACFxJ,EAAa,CAACkE,GAAeC,GAAUC,KAAekM,IACpDnN,EAAQnC,EAAcmC,EAAOmN,EAAM,IAAI,IAK3C,MAAME,EAAQhO,GAAkBqN,EAAYP,UAC5C,GAAKiB,GAAkBC,EAAOC,EAAQtN,GAAtC,CAgBA,IATI8G,IAAoC,OAAXwG,GAA8B,SAAXA,IAE9CnD,GAAiBC,EAAMsC,GAGvB1M,EAAQ+G,GAA8B/G,GAKtCwE,IACwB,iBAAjB5C,GACkC,mBAAlCA,EAAamM,iBAEpB,GAAIpE,QAGF,OAAQ/H,EAAamM,iBAAiBV,EAAOC,IAC3C,IAAK,cACHtN,EAAQwE,GAAmBpC,WAAWpC,GACtC,MAGF,IAAK,mBACHA,EAAQwE,GAAmBnC,gBAAgBrC,GAYnD,IACM2J,EACF+C,EAAYsB,eAAerE,EAAcS,EAAMpK,GAG/C0M,EAAYjC,aAAaL,EAAMpK,GAGjC9C,EAAS0F,EAAUI,QACR,CAAX,MAAOT,GAAI,CAlDb,CAmDF,CAGAiK,GAAa,0BAA2BE,EAAa,OAQjDuB,GAAqB,SAArBA,EAA+BC,GACnC,IAAIC,EAAa,KACjB,MAAMC,EAAiB3C,GAAoByC,GAK3C,IAFA1B,GAAa,0BAA2B0B,EAAU,MAE1CC,EAAaC,EAAeC,YAElC7B,GAAa,yBAA0B2B,EAAY,MAG/CtB,GAAkBsB,KAKM,IAAxBA,EAAWjL,WACTiL,EAAWnE,YAAcmE,EAAWnE,WAAWiC,QAKjDkC,EAAWlC,SACRkC,EAAWjC,gBAAkB,GAC9BiC,EAAWnE,WAAWiC,QACtB,EAEFkC,EAAWlC,QAAU,GAKrBkC,EAAWlC,SAAW7D,IACxB0B,GAAaqE,GAIXA,EAAW7J,mBAAmBhB,IAChC6K,EAAW7J,QAAQ2H,QAAUkC,EAAWlC,QACxCgC,EAAmBE,EAAW7J,UAIhCiJ,GAAoBY,IAItB3B,GAAa,yBAA0B0B,EAAU,OA0SnD,OA/RAtL,EAAU0L,SAAW,SAAU3D,GAAiB,IAAVjC,EAAG9J,UAAAC,OAAA,QAAAS,IAAAV,UAAA,GAAAA,UAAA,GAAG,CAAA,EACtCwM,EAAO,KACPmD,EAAe,KACf7B,EAAc,KACd8B,EAAa,KAUjB,GANA3G,IAAkB8C,EACd9C,KACF8C,EAAQ,eAIW,iBAAVA,IAAuB4B,GAAQ5B,GAAQ,CAChD,GAA8B,mBAAnBA,EAAMjN,SAMf,MAAMc,EAAgB,8BAJtB,GAAqB,iBADrBmM,EAAQA,EAAMjN,YAEZ,MAAMc,EAAgB,kCAK5B,CAGA,IAAKoE,EAAUO,YACb,OAAOwH,EAgBT,GAZKnE,IACHiC,GAAaC,GAIf9F,EAAUI,QAAU,GAGC,iBAAV2H,IACT1D,IAAW,GAGTA,IAEF,GAAI0D,EAAMwB,SAAU,CAClB,MAAMzC,EAAUrK,GAAkBsL,EAAMwB,UACxC,IAAKjH,GAAawE,IAAY3D,GAAY2D,GACxC,MAAMlL,EACJ,0DAGN,OACK,GAAImM,aAAiBnH,EAG1B4H,EAAOV,GAAc,iBACrB6D,EAAenD,EAAK7G,cAAcO,WAAW6F,GAAO,GACtB,IAA1B4D,EAAarL,UAA4C,SAA1BqL,EAAapC,UAGX,SAA1BoC,EAAapC,SADtBf,EAAOmD,EAKPnD,EAAKqD,YAAYF,OAEd,CAEL,IACG7H,KACAL,KACAE,KAEuB,IAAxBoE,EAAM3M,QAAQ,KAEd,OAAOwG,IAAsBoC,GACzBpC,GAAmBpC,WAAWuI,GAC9BA,EAON,GAHAS,EAAOV,GAAcC,IAGhBS,EACH,OAAO1E,GAAa,KAAOE,GAAsBnC,GAAY,EAEjE,CAGI2G,GAAQ3E,IACVqD,GAAasB,EAAKsD,YAIpB,MAAMC,EAAelD,GAAoBxE,GAAW0D,EAAQS,GAG5D,KAAQsB,EAAciC,EAAaN,YAE7BxB,GAAkBH,KAKO,IAAzBA,EAAYxJ,WACVwJ,EAAY1C,YAAc0C,EAAY1C,WAAWiC,QAKnDS,EAAYT,SACTS,EAAYR,gBAAkB,GAC/BQ,EAAY1C,WAAWiC,QACvB,EAEFS,EAAYT,QAAU,GAKtBS,EAAYT,SAAW7D,IACzB0B,GAAa4C,GAIXA,EAAYpI,mBAAmBhB,IACjCoJ,EAAYpI,QAAQ2H,QAAUS,EAAYT,QAC1CgC,GAAmBvB,EAAYpI,UAIjCiJ,GAAoBb,IAItB,GAAIzF,GACF,OAAO0D,EAIT,GAAIjE,GAAY,CACd,GAAIC,GAGF,IAFA6H,EAAa5J,GAAuB4G,KAAKJ,EAAK7G,eAEvC6G,EAAKsD,YAEVF,EAAWC,YAAYrD,EAAKsD,iBAG9BF,EAAapD,EAcf,OAXI/F,GAAauJ,YAAcvJ,GAAawJ,kBAQ1CL,EAAa1J,GAAW0G,KAAKpI,EAAkBoL,GAAY,IAGtDA,CACT,CAEA,IAAIM,EAAiBvI,GAAiB6E,EAAK2D,UAAY3D,EAAKD,UAsB5D,OAlBE5E,IACArB,GAAa,aACbkG,EAAK7G,eACL6G,EAAK7G,cAAcyK,SACnB5D,EAAK7G,cAAcyK,QAAQ5E,MAC3B/L,EAAW4G,EAA0BmG,EAAK7G,cAAcyK,QAAQ5E,QAEhE0E,EACE,aAAe1D,EAAK7G,cAAcyK,QAAQ5E,KAAO,MAAQ0E,GAIzDzI,IACFxJ,EAAa,CAACkE,GAAeC,GAAUC,KAAekM,IACpD2B,EAAiBjR,EAAciR,EAAgB3B,EAAM,IAAI,IAItD3I,IAAsBoC,GACzBpC,GAAmBpC,WAAW0M,GAC9BA,GASNlM,EAAUqM,UAAY,WAAoB,IAAVvG,EAAG9J,UAAAC,OAAA,QAAAS,IAAAV,UAAA,GAAAA,UAAA,GAAG,CAAA,EACpC6J,GAAaC,GACblC,IAAa,GAQf5D,EAAUsM,YAAc,WACtB/G,GAAS,KACT3B,IAAa,GAaf5D,EAAUuM,iBAAmB,SAAUC,EAAKvB,EAAM7N,GAE3CmI,IACHM,GAAa,CAAE,GAGjB,MAAM4E,EAAQhO,GAAkB+P,GAC1B9B,EAASjO,GAAkBwO,GACjC,OAAOT,GAAkBC,EAAOC,EAAQtN,IAU1C4C,EAAUyM,QAAU,SAAU5C,EAAY6C,GACZ,mBAAjBA,IAIXvK,GAAM0H,GAAc1H,GAAM0H,IAAe,GACzCrP,EAAU2H,GAAM0H,GAAa6C,KAW/B1M,EAAU2M,WAAa,SAAU9C,GAC/B,GAAI1H,GAAM0H,GACR,OAAOvP,EAAS6H,GAAM0H,KAU1B7J,EAAU4M,YAAc,SAAU/C,GAC5B1H,GAAM0H,KACR1H,GAAM0H,GAAc,KAQxB7J,EAAU6M,eAAiB,WACzB1K,GAAQ,CAAA,GAGHnC,CACT,CAEeD"}