{"version":3,"file":"lib-xss.cjs","sources":["../../../../../../node_modules/xss/lib/xss.js"],"sourcesContent":["/**\n * filter xss\n *\n * @author Zongmin Lei<leizongmin@gmail.com>\n */\n\nvar FilterCSS = require(\"cssfilter\").FilterCSS;\nvar DEFAULT = require(\"./default\");\nvar parser = require(\"./parser\");\nvar parseTag = parser.parseTag;\nvar parseAttr = parser.parseAttr;\nvar _ = require(\"./util\");\n\n/**\n * returns `true` if the input value is `undefined` or `null`\n *\n * @param {Object} obj\n * @return {Boolean}\n */\nfunction isNull(obj) {\n  return obj === undefined || obj === null;\n}\n\n/**\n * get attributes for a tag\n *\n * @param {String} html\n * @return {Object}\n *   - {String} html\n *   - {Boolean} closing\n */\nfunction getAttrs(html) {\n  var i = _.spaceIndex(html);\n  if (i === -1) {\n    return {\n      html: \"\",\n      closing: html[html.length - 2] === \"/\",\n    };\n  }\n  html = _.trim(html.slice(i + 1, -1));\n  var isClosing = html[html.length - 1] === \"/\";\n  if (isClosing) html = _.trim(html.slice(0, -1));\n  return {\n    html: html,\n    closing: isClosing,\n  };\n}\n\n/**\n * shallow copy\n *\n * @param {Object} obj\n * @return {Object}\n */\nfunction shallowCopyObject(obj) {\n  var ret = {};\n  for (var i in obj) {\n    ret[i] = obj[i];\n  }\n  return ret;\n}\n\nfunction keysToLowerCase(obj) {\n  var ret = {};\n  for (var i in obj) {\n    if (Array.isArray(obj[i])) {\n      ret[i.toLowerCase()] = obj[i].map(function (item) {\n        return item.toLowerCase();\n      });\n    } else {\n      ret[i.toLowerCase()] = obj[i];\n    }\n  }\n  return ret;\n}\n\n/**\n * FilterXSS class\n *\n * @param {Object} options\n *        whiteList (or allowList), onTag, onTagAttr, onIgnoreTag,\n *        onIgnoreTagAttr, safeAttrValue, escapeHtml\n *        stripIgnoreTagBody, allowCommentTag, stripBlankChar\n *        css{whiteList, onAttr, onIgnoreAttr} `css=false` means don't use `cssfilter`\n */\nfunction FilterXSS(options) {\n  options = shallowCopyObject(options || {});\n\n  if (options.stripIgnoreTag) {\n    if (options.onIgnoreTag) {\n      console.error(\n        'Notes: cannot use these two options \"stripIgnoreTag\" and \"onIgnoreTag\" at the same time'\n      );\n    }\n    options.onIgnoreTag = DEFAULT.onIgnoreTagStripAll;\n  }\n  if (options.whiteList || options.allowList) {\n    options.whiteList = keysToLowerCase(options.whiteList || options.allowList);\n  } else {\n    options.whiteList = DEFAULT.whiteList;\n  }\n\n  this.attributeWrapSign = options.singleQuotedAttributeValue === true ? \"'\" : DEFAULT.attributeWrapSign;\n\n  options.onTag = options.onTag || DEFAULT.onTag;\n  options.onTagAttr = options.onTagAttr || DEFAULT.onTagAttr;\n  options.onIgnoreTag = options.onIgnoreTag || DEFAULT.onIgnoreTag;\n  options.onIgnoreTagAttr = options.onIgnoreTagAttr || DEFAULT.onIgnoreTagAttr;\n  options.safeAttrValue = options.safeAttrValue || DEFAULT.safeAttrValue;\n  options.escapeHtml = options.escapeHtml || DEFAULT.escapeHtml;\n  this.options = options;\n\n  if (options.css === false) {\n    this.cssFilter = false;\n  } else {\n    options.css = options.css || {};\n    this.cssFilter = new FilterCSS(options.css);\n  }\n}\n\n/**\n * start process and returns result\n *\n * @param {String} html\n * @return {String}\n */\nFilterXSS.prototype.process = function (html) {\n  // compatible with the input\n  html = html || \"\";\n  html = html.toString();\n  if (!html) return \"\";\n\n  var me = this;\n  var options = me.options;\n  var whiteList = options.whiteList;\n  var onTag = options.onTag;\n  var onIgnoreTag = options.onIgnoreTag;\n  var onTagAttr = options.onTagAttr;\n  var onIgnoreTagAttr = options.onIgnoreTagAttr;\n  var safeAttrValue = options.safeAttrValue;\n  var escapeHtml = options.escapeHtml;\n  var attributeWrapSign = me.attributeWrapSign;\n  var cssFilter = me.cssFilter;\n\n  // remove invisible characters\n  if (options.stripBlankChar) {\n    html = DEFAULT.stripBlankChar(html);\n  }\n\n  // remove html comments\n  if (!options.allowCommentTag) {\n    html = DEFAULT.stripCommentTag(html);\n  }\n\n  // if enable stripIgnoreTagBody\n  var stripIgnoreTagBody = false;\n  if (options.stripIgnoreTagBody) {\n    stripIgnoreTagBody = DEFAULT.StripTagBody(\n      options.stripIgnoreTagBody,\n      onIgnoreTag\n    );\n    onIgnoreTag = stripIgnoreTagBody.onIgnoreTag;\n  }\n\n  var retHtml = parseTag(\n    html,\n    function (sourcePosition, position, tag, html, isClosing) {\n      var info = {\n        sourcePosition: sourcePosition,\n        position: position,\n        isClosing: isClosing,\n        isWhite: Object.prototype.hasOwnProperty.call(whiteList, tag),\n      };\n\n      // call `onTag()`\n      var ret = onTag(tag, html, info);\n      if (!isNull(ret)) return ret;\n\n      if (info.isWhite) {\n        if (info.isClosing) {\n          return \"</\" + tag + \">\";\n        }\n\n        var attrs = getAttrs(html);\n        var whiteAttrList = whiteList[tag];\n        var attrsHtml = parseAttr(attrs.html, function (name, value) {\n          // call `onTagAttr()`\n          var isWhiteAttr = _.indexOf(whiteAttrList, name) !== -1;\n          var ret = onTagAttr(tag, name, value, isWhiteAttr);\n          if (!isNull(ret)) return ret;\n\n          if (isWhiteAttr) {\n            // call `safeAttrValue()`\n            value = safeAttrValue(tag, name, value, cssFilter);\n            if (value) {\n              return name + '=' + attributeWrapSign + value + attributeWrapSign;\n            } else {\n              return name;\n            }\n          } else {\n            // call `onIgnoreTagAttr()`\n            ret = onIgnoreTagAttr(tag, name, value, isWhiteAttr);\n            if (!isNull(ret)) return ret;\n            return;\n          }\n        });\n\n        // build new tag html\n        html = \"<\" + tag;\n        if (attrsHtml) html += \" \" + attrsHtml;\n        if (attrs.closing) html += \" /\";\n        html += \">\";\n        return html;\n      } else {\n        // call `onIgnoreTag()`\n        ret = onIgnoreTag(tag, html, info);\n        if (!isNull(ret)) return ret;\n        return escapeHtml(html);\n      }\n    },\n    escapeHtml\n  );\n\n  // if enable stripIgnoreTagBody\n  if (stripIgnoreTagBody) {\n    retHtml = stripIgnoreTagBody.remove(retHtml);\n  }\n\n  return retHtml;\n};\n\nmodule.exports = FilterXSS;\n"],"names":["require$$0","require$$1","require$$2","require$$3","html","ret"],"mappings":";;;;;;;;AAMA,IAAI,YAAYA,MAAAA,WAAqB;AACrC,IAAI,UAAUC,SAAAA;AACd,IAAI,SAASC,SAAAA;AACb,IAAI,WAAW,OAAO;AACtB,IAAI,YAAY,OAAO;AACvB,IAAI,IAAIC,KAAAA;AAQR,SAAS,OAAO,KAAK;AACnB,SAAO,QAAQ,UAAa,QAAQ;AACtC;AAUA,SAAS,SAAS,MAAM;AACtB,MAAI,IAAI,EAAE,WAAW,IAAI;AACzB,MAAI,MAAM,IAAI;AACZ,WAAO;AAAA,MACL,MAAM;AAAA,MACN,SAAS,KAAK,KAAK,SAAS,CAAC,MAAM;AAAA,IACzC;AAAA,EACA;AACE,SAAO,EAAE,KAAK,KAAK,MAAM,IAAI,GAAG,EAAE,CAAC;AACnC,MAAI,YAAY,KAAK,KAAK,SAAS,CAAC,MAAM;AAC1C,MAAI,UAAW,QAAO,EAAE,KAAK,KAAK,MAAM,GAAG,EAAE,CAAC;AAC9C,SAAO;AAAA,IACL;AAAA,IACA,SAAS;AAAA,EACb;AACA;AAQA,SAAS,kBAAkB,KAAK;AAC9B,MAAI,MAAM,CAAA;AACV,WAAS,KAAK,KAAK;AACjB,QAAI,CAAC,IAAI,IAAI,CAAC;AAAA,EAClB;AACE,SAAO;AACT;AAEA,SAAS,gBAAgB,KAAK;AAC5B,MAAI,MAAM,CAAA;AACV,WAAS,KAAK,KAAK;AACjB,QAAI,MAAM,QAAQ,IAAI,CAAC,CAAC,GAAG;AACzB,UAAI,EAAE,aAAa,IAAI,IAAI,CAAC,EAAE,IAAI,SAAU,MAAM;AAChD,eAAO,KAAK,YAAW;AAAA,MAC/B,CAAO;AAAA,IACP,OAAW;AACL,UAAI,EAAE,YAAW,CAAE,IAAI,IAAI,CAAC;AAAA,IAClC;AAAA,EACA;AACE,SAAO;AACT;AAWA,SAAS,UAAU,SAAS;AAC1B,YAAU,kBAAkB,WAAW,EAAE;AAEzC,MAAI,QAAQ,gBAAgB;AAC1B,QAAI,QAAQ,aAAa;AACvB,cAAQ;AAAA,QACN;AAAA,MACR;AAAA,IACA;AACI,YAAQ,cAAc,QAAQ;AAAA,EAClC;AACE,MAAI,QAAQ,aAAa,QAAQ,WAAW;AAC1C,YAAQ,YAAY,gBAAgB,QAAQ,aAAa,QAAQ,SAAS;AAAA,EAC9E,OAAS;AACL,YAAQ,YAAY,QAAQ;AAAA,EAChC;AAEE,OAAK,oBAAoB,QAAQ,+BAA+B,OAAO,MAAM,QAAQ;AAErF,UAAQ,QAAQ,QAAQ,SAAS,QAAQ;AACzC,UAAQ,YAAY,QAAQ,aAAa,QAAQ;AACjD,UAAQ,cAAc,QAAQ,eAAe,QAAQ;AACrD,UAAQ,kBAAkB,QAAQ,mBAAmB,QAAQ;AAC7D,UAAQ,gBAAgB,QAAQ,iBAAiB,QAAQ;AACzD,UAAQ,aAAa,QAAQ,cAAc,QAAQ;AACnD,OAAK,UAAU;AAEf,MAAI,QAAQ,QAAQ,OAAO;AACzB,SAAK,YAAY;AAAA,EACrB,OAAS;AACL,YAAQ,MAAM,QAAQ,OAAO,CAAA;AAC7B,SAAK,YAAY,IAAI,UAAU,QAAQ,GAAG;AAAA,EAC9C;AACA;AAQA,UAAU,UAAU,UAAU,SAAU,MAAM;AAE5C,SAAO,QAAQ;AACf,SAAO,KAAK,SAAQ;AACpB,MAAI,CAAC,KAAM,QAAO;AAElB,MAAI,KAAK;AACT,MAAI,UAAU,GAAG;AACjB,MAAI,YAAY,QAAQ;AACxB,MAAI,QAAQ,QAAQ;AACpB,MAAI,cAAc,QAAQ;AAC1B,MAAI,YAAY,QAAQ;AACxB,MAAI,kBAAkB,QAAQ;AAC9B,MAAI,gBAAgB,QAAQ;AAC5B,MAAI,aAAa,QAAQ;AACzB,MAAI,oBAAoB,GAAG;AAC3B,MAAI,YAAY,GAAG;AAGnB,MAAI,QAAQ,gBAAgB;AAC1B,WAAO,QAAQ,eAAe,IAAI;AAAA,EACtC;AAGE,MAAI,CAAC,QAAQ,iBAAiB;AAC5B,WAAO,QAAQ,gBAAgB,IAAI;AAAA,EACvC;AAGE,MAAI,qBAAqB;AACzB,MAAI,QAAQ,oBAAoB;AAC9B,yBAAqB,QAAQ;AAAA,MAC3B,QAAQ;AAAA,MACR;AAAA,IACN;AACI,kBAAc,mBAAmB;AAAA,EACrC;AAEE,MAAI,UAAU;AAAA,IACZ;AAAA,IACA,SAAU,gBAAgB,UAAU,KAAKC,OAAM,WAAW;AACxD,UAAI,OAAO;AAAA,QACT;AAAA,QACA;AAAA,QACA;AAAA,QACA,SAAS,OAAO,UAAU,eAAe,KAAK,WAAW,GAAG;AAAA,MACpE;AAGM,UAAI,MAAM,MAAM,KAAKA,OAAM,IAAI;AAC/B,UAAI,CAAC,OAAO,GAAG,EAAG,QAAO;AAEzB,UAAI,KAAK,SAAS;AAChB,YAAI,KAAK,WAAW;AAClB,iBAAO,OAAO,MAAM;AAAA,QAC9B;AAEQ,YAAI,QAAQ,SAASA,KAAI;AACzB,YAAI,gBAAgB,UAAU,GAAG;AACjC,YAAI,YAAY,UAAU,MAAM,MAAM,SAAU,MAAM,OAAO;AAE3D,cAAI,cAAc,EAAE,QAAQ,eAAe,IAAI,MAAM;AACrD,cAAIC,OAAM,UAAU,KAAK,MAAM,OAAO,WAAW;AACjD,cAAI,CAAC,OAAOA,IAAG,EAAG,QAAOA;AAEzB,cAAI,aAAa;AAEf,oBAAQ,cAAc,KAAK,MAAM,OAAO,SAAS;AACjD,gBAAI,OAAO;AACT,qBAAO,OAAO,MAAM,oBAAoB,QAAQ;AAAA,YAC9D,OAAmB;AACL,qBAAO;AAAA,YACrB;AAAA,UACA,OAAiB;AAEL,YAAAA,OAAM,gBAAgB,KAAK,MAAM,OAAO,WAAW;AACnD,gBAAI,CAAC,OAAOA,IAAG,EAAG,QAAOA;AACzB;AAAA,UACZ;AAAA,QACA,CAAS;AAGD,QAAAD,QAAO,MAAM;AACb,YAAI,UAAW,CAAAA,SAAQ,MAAM;AAC7B,YAAI,MAAM,QAAS,CAAAA,SAAQ;AAC3B,QAAAA,SAAQ;AACR,eAAOA;AAAA,MACf,OAAa;AAEL,cAAM,YAAY,KAAKA,OAAM,IAAI;AACjC,YAAI,CAAC,OAAO,GAAG,EAAG,QAAO;AACzB,eAAO,WAAWA,KAAI;AAAA,MAC9B;AAAA,IACA;AAAA,IACI;AAAA,EACJ;AAGE,MAAI,oBAAoB;AACtB,cAAU,mBAAmB,OAAO,OAAO;AAAA,EAC/C;AAEE,SAAO;AACT;AAEA,IAAA,MAAiB;;","x_google_ignoreList":[0]}