UNPKG

45.7 kBJavaScriptView Raw
1/* eslint-disable camelcase */
2// Copyright (c) Jupyter Development Team.
3// Distributed under the terms of the Modified BSD License.
4import sanitize from 'sanitize-html';
5/**
6 * Helper class that contains regular expressions for inline CSS style validation.
7 *
8 * Which properties (and values) to allow is largely based on the Google Caja project:
9 * https://github.com/google/caja
10 *
11 * The regular expressions are largly based on the syntax definition found at
12 * https://developer.mozilla.org/en-US/docs/Web/CSS.
13 */
14class CssProp {
15 static reg(r) {
16 return new RegExp('^' + r + '$', 'i');
17 }
18}
19/*
20 * Numeric base expressions used to help build more complex regular expressions
21 */
22CssProp.N = {
23 integer: `[+-]?[0-9]+`,
24 integer_pos: `[+]?[0-9]+`,
25 integer_zero_ff: `([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])`,
26 number: `[+-]?([0-9]*[.])?[0-9]+(e-?[0-9]*)?`,
27 number_pos: `[+]?([0-9]*[.])?[0-9]+(e-?[0-9]*)?`,
28 number_zero_hundred: `[+]?(([0-9]|[1-9][0-9])([.][0-9]+)?|100)`,
29 number_zero_one: `[+]?(1([.][0]+)?|0?([.][0-9]+)?)`
30};
31/*
32 * Base expressions of common CSS syntax elements
33 */
34CssProp.B = {
35 angle: `(${CssProp.N.number}(deg|rad|grad|turn)|0)`,
36 frequency: `${CssProp.N.number}(Hz|kHz)`,
37 ident: String.raw `-?([_a-z]|[\xA0-\xFF]|\\[0-9a-f]{1,6}(\r\n|[ \t\r\n\f])?|\\[^\r\n\f0-9a-f])([_a-z0-9-]|[\xA0-\xFF]|\\[0-9a-f]{1,6}(\r\n|[ \t\r\n\f])?|\\[^\r\n\f0-9a-f])*`,
38 len_or_perc: `(0|${CssProp.N.number}(px|em|rem|ex|in|cm|mm|pt|pc|%))`,
39 length: `(${CssProp.N.number}(px|em|rem|ex|in|cm|mm|pt|pc)|0)`,
40 length_pos: `(${CssProp.N.number_pos}(px|em|rem|ex|in|cm|mm|pt|pc)|0)`,
41 percentage: `${CssProp.N.number}%`,
42 percentage_pos: `${CssProp.N.number_pos}%`,
43 percentage_zero_hundred: `${CssProp.N.number_zero_hundred}%`,
44 string: String.raw `(\"([^\n\r\f\\"]|\\\n|\r\n|\r|\f|\\[0-9a-f]{1,6}(\r\n|[ \t\r\n\f])?|\\[^\r\n\f0-9a-f])*\")|(\'([^\n\r\f\\']|\\\n|\r\n|\r|\f|\\[0-9a-f]{1,6}(\r\n|[ \t\r\n\f])?|\\[^\r\n\f0-9a-f])*\')`,
45 time: `${CssProp.N.number}(s|ms)`,
46 url: `url\\(.*?\\)`,
47 z_index: `[+-]?[0-9]{1,7}`
48};
49/*
50 * Atomic (i.e. not dependant on other regular expressions) sub RegEx segments
51 */
52CssProp.A = {
53 absolute_size: `xx-small|x-small|small|medium|large|x-large|xx-large`,
54 attachment: `scroll|fixed|local`,
55 bg_origin: `border-box|padding-box|content-box`,
56 border_style: `none|hidden|dotted|dashed|solid|double|groove|ridge|inset|outset`,
57 box: `border-box|padding-box|content-box`,
58 display_inside: `auto|block|table|flex|grid`,
59 display_outside: `block-level|inline-level|none|table-row-group|table-header-group|table-footer-group|table-row|table-cell|table-column-group|table-column|table-caption`,
60 ending_shape: `circle|ellipse`,
61 generic_family: `serif|sans-serif|cursive|fantasy|monospace`,
62 generic_voice: `male|female|child`,
63 relative_size: `smaller|larger`,
64 repeat_style: `repeat-x|repeat-y|((?:repeat|space|round|no-repeat)(?:\\s*(?:repeat|space|round|no-repeat))?)`,
65 side_or_corner: `(left|right)?\\s*(top|bottom)?`,
66 single_animation_direction: `normal|reverse|alternate|alternate-reverse`,
67 single_animation_fill_mode: `none|forwards|backwards|both`,
68 single_animation_play_state: `running|paused`
69};
70/*
71 * Color definition sub expressions
72 */
73CssProp._COLOR = {
74 hex: `\\#(0x)?[0-9a-f]+`,
75 name: `aliceblue|antiquewhite|aqua|aquamarine|azure|beige|bisque|black|blanchedalmond|blue|blueviolet|brown|burlywood|cadetblue|chartreuse|chocolate|coral|cornflowerblue|cornsilk|crimson|cyan|darkblue|darkcyan|darkgoldenrod|darkgray|darkgreen|darkkhaki|darkmagenta|darkolivegreen|darkorange|darkorchid|darkred|darksalmon|darkseagreen|darkslateblue|darkslategray|darkturquoise|darkviolet|deeppink|deepskyblue|dimgray|dodgerblue|firebrick|floralwhite|forestgreen|fuchsia|gainsboro|ghostwhite|gold|goldenrod|gray|green|greenyellow|honeydew|hotpink|indianred|indigo|ivory|khaki|lavender|lavenderblush|lawngreen|lemonchiffon|lightblue|lightcoral|lightcyan|lightgoldenrodyellow|lightgreen|lightgrey|lightpink|lightsalmon|lightseagreen|lightskyblue|lightslategray|lightsteelblue|lightyellow|lime|limegreen|linen|magenta|maroon|mediumaquamarine|mediumblue|mediumorchid|mediumpurple|mediumseagreen|mediumslateblue|mediumspringgreen|mediumturquoise|mediumvioletred|midnightblue|mintcream|mistyrose|moccasin|navajowhite|navy|oldlace|olive|olivedrab|orange|orangered|orchid|palegoldenrod|palegreen|paleturquoise|palevioletred|papayawhip|peachpuff|peru|pink|plum|powderblue|purple|red|rosybrown|royalblue|saddlebrown|salmon|sandybrown|seagreen|seashell|sienna|silver|skyblue|slateblue|slategray|snow|springgreen|steelblue|tan|teal|thistle|tomato|turquoise|transparent|violet|wheat|white|whitesmoke|yellow|yellowgreen`,
76 rgb: String.raw `rgb\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*\)`,
77 rgba: String.raw `rgba\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(${CssProp.N.integer_zero_ff}|${CssProp.N.number_zero_one}|${CssProp.B.percentage_zero_hundred})\s*\)`
78};
79/*
80 * Compound (i.e. dependant on other (sub) regular expressions) sub RegEx segments
81 */
82CssProp._C = {
83 alpha: `${CssProp.N.integer_zero_ff}|${CssProp.N.number_zero_one}|${CssProp.B.percentage_zero_hundred}`,
84 alphavalue: CssProp.N.number_zero_one,
85 bg_position: `((${CssProp.B.len_or_perc}|left|center|right|top|bottom)\\s*){1,4}`,
86 bg_size: `(${CssProp.B.length_pos}|${CssProp.B.percentage}|auto){1,2}|cover|contain`,
87 border_width: `thin|medium|thick|${CssProp.B.length}`,
88 bottom: `${CssProp.B.length}|auto`,
89 color: `${CssProp._COLOR.hex}|${CssProp._COLOR.rgb}|${CssProp._COLOR.rgba}|${CssProp._COLOR.name}`,
90 color_stop_length: `(${CssProp.B.len_or_perc}\\s*){1,2}`,
91 linear_color_hint: `${CssProp.B.len_or_perc}`,
92 family_name: `${CssProp.B.string}|(${CssProp.B.ident}\\s*)+`,
93 image_decl: CssProp.B.url,
94 left: `${CssProp.B.length}|auto`,
95 loose_quotable_words: `(${CssProp.B.ident})+`,
96 margin_width: `${CssProp.B.len_or_perc}|auto`,
97 padding_width: `${CssProp.B.length_pos}|${CssProp.B.percentage_pos}`,
98 page_url: CssProp.B.url,
99 position: `((${CssProp.B.len_or_perc}|left|center|right|top|bottom)\\s*){1,4}`,
100 right: `${CssProp.B.length}|auto`,
101 shadow: '',
102 size: `closest-side|farthest-side|closest-corner|farthest-corner|${CssProp.B.length}|(${CssProp.B.len_or_perc})\\s+(${CssProp.B.len_or_perc})`,
103 top: `${CssProp.B.length}|auto`
104};
105CssProp._C1 = {
106 image_list: `image\\(\\s*(${CssProp.B.url})*\\s*(${CssProp.B.url}|${CssProp._C.color})\\s*\\)`,
107 linear_color_stop: `(${CssProp._C.color})(\\s*${CssProp._C.color_stop_length})?`,
108 shadow: `((${CssProp._C.color})\\s+((${CssProp.B.length})\\s*){2,4}(\s+inset)?)|((inset\\s+)?((${CssProp.B.length})\\s*){2,4}\\s*(${CssProp._C.color})?)`
109};
110CssProp._C2 = {
111 color_stop_list: `((${CssProp._C1.linear_color_stop})(\\s*(${CssProp._C.linear_color_hint}))?\\s*,\\s*)+(${CssProp._C1.linear_color_stop})`,
112 shape: `rect\\(\\s*(${CssProp._C.top})\\s*,\\s*(${CssProp._C.right})\\s*,\\s*(${CssProp._C.bottom})\\s*,\\s*(${CssProp._C.left})\\s*\\)`
113};
114CssProp._C3 = {
115 linear_gradient: `linear-gradient\\((((${CssProp.B.angle})|to\\s+(${CssProp.A.side_or_corner}))\\s*,\\s*)?\\s*(${CssProp._C2.color_stop_list})\\s*\\)`,
116 radial_gradient: `radial-gradient\\(((((${CssProp.A.ending_shape})|(${CssProp._C.size}))\\s*)*\\s*(at\\s+${CssProp._C.position})?\\s*,\\s*)?\\s*(${CssProp._C2.color_stop_list})\\s*\\)`
117};
118CssProp._C4 = {
119 image: `${CssProp.B.url}|${CssProp._C3.linear_gradient}|${CssProp._C3.radial_gradient}|${CssProp._C1.image_list}`,
120 bg_image: `(${CssProp.B.url}|${CssProp._C3.linear_gradient}|${CssProp._C3.radial_gradient}|${CssProp._C1.image_list})|none`
121};
122CssProp.C = {
123 ...CssProp._C,
124 ...CssProp._C1,
125 ...CssProp._C2,
126 ...CssProp._C3,
127 ...CssProp._C4
128};
129/*
130 * Property value regular expressions not dependant on other sub expressions
131 */
132CssProp.AP = {
133 border_collapse: `collapse|separate`,
134 box: `normal|none|contents`,
135 box_sizing: `content-box|padding-box|border-box`,
136 caption_side: `top|bottom`,
137 clear: `none|left|right|both`,
138 direction: `ltr|rtl`,
139 empty_cells: `show|hide`,
140 float: `left|right|none`,
141 font_stretch: `normal|wider|narrower|ultra-condensed|extra-condensed|condensed|semi-condensed|semi-expanded|expanded|extra-expanded|ultra-expanded`,
142 font_style: `normal|italic|oblique`,
143 font_variant: `normal|small-caps`,
144 font_weight: `normal|bold|bolder|lighter|100|200|300|400|500|600|700|800|900`,
145 list_style_position: `inside|outside`,
146 list_style_type: `disc|circle|square|decimal|decimal-leading-zero|lower-roman|upper-roman|lower-greek|lower-latin|upper-latin|armenian|georgian|lower-alpha|upper-alpha|none`,
147 overflow: `visible|hidden|scroll|auto`,
148 overflow_wrap: `normal|break-word`,
149 overflow_x: `visible|hidden|scroll|auto|no-display|no-content`,
150 page_break_after: `auto|always|avoid|left|right`,
151 page_break_before: `auto|always|avoid|left|right`,
152 page_break_inside: `avoid|auto`,
153 position: `static|relative|absolute`,
154 resize: `none|both|horizontal|vertical`,
155 speak: `normal|none|spell-out`,
156 speak_header: `once|always`,
157 speak_numeral: `digits|continuous`,
158 speak_punctuation: `code|none`,
159 table_layout: `auto|fixed`,
160 text_align: `left|right|center|justify`,
161 text_decoration: `none|((underline|overline|line-through|blink)\\s*)+`,
162 text_transform: `capitalize|uppercase|lowercase|none`,
163 text_wrap: `normal|unrestricted|none|suppress`,
164 unicode_bidi: `normal|embed|bidi-override`,
165 visibility: `visible|hidden|collapse`,
166 white_space: `normal|pre|nowrap|pre-wrap|pre-line`,
167 word_break: `normal|keep-all|break-all`
168};
169/*
170 * Compound propertiy value regular expressions (i.e. dependant on other sub expressions)
171 */
172CssProp._CP = {
173 background_attachment: `${CssProp.A.attachment}(,\\s*${CssProp.A.attachment})*`,
174 background_color: CssProp.C.color,
175 background_origin: `${CssProp.A.box}(,\\s*${CssProp.A.box})*`,
176 background_repeat: `${CssProp.A.repeat_style}(,\\s*${CssProp.A.repeat_style})*`,
177 border: `((${CssProp.C.border_width}|${CssProp.A.border_style}|${CssProp.C.color})\\s*){1,3}`,
178 border_radius: `((${CssProp.B.len_or_perc})\\s*){1,4}(\\/\\s*((${CssProp.B.len_or_perc})\\s*){1,4})?`,
179 border_spacing: `${CssProp.B.length}\\s*(${CssProp.B.length})?`,
180 border_top_color: CssProp.C.color,
181 border_top_style: CssProp.A.border_style,
182 border_width: `((${CssProp.C.border_width})\\s*){1,4}`,
183 color: CssProp.C.color,
184 cursor: `(${CssProp.B.url}(\\s*,\\s*)?)*(auto|crosshair|default|pointer|move|e-resize|ne-resize|nw-resize|n-resize|se-resize|sw-resize|s-resize|w-resize|text|wait|help|progress|all-scroll|col-resize|hand|no-drop|not-allowed|row-resize|vertical-text)`,
185 display: `inline|block|list-item|run-in|inline-list-item|inline-block|table|inline-table|table-cell|table-caption|flex|inline-flex|grid|inline-grid|${CssProp.A.display_inside}|${CssProp.A.display_outside}|inherit|inline-box|inline-stack`,
186 display_outside: CssProp.A.display_outside,
187 elevation: `${CssProp.B.angle}|below|level|above|higher|lower`,
188 font_family: `(${CssProp.C.family_name}|${CssProp.A.generic_family})(,\\s*(${CssProp.C.family_name}|${CssProp.A.generic_family}))*`,
189 height: `${CssProp.B.length}|${CssProp.B.percentage}|auto`,
190 letter_spacing: `normal|${CssProp.B.length}`,
191 list_style_image: `${CssProp.C.image}|none`,
192 margin_right: CssProp.C.margin_width,
193 max_height: `${CssProp.B.length_pos}|${CssProp.B.percentage_pos}|none|auto`,
194 min_height: `${CssProp.B.length_pos}|${CssProp.B.percentage_pos}|auto`,
195 opacity: CssProp.C.alphavalue,
196 outline_color: `${CssProp.C.color}|invert`,
197 outline_width: CssProp.C.border_width,
198 padding: `((${CssProp.C.padding_width})\\s*){1,4}`,
199 padding_top: CssProp.C.padding_width,
200 pitch_range: CssProp.N.number,
201 right: `${CssProp.B.length}|${CssProp.B.percentage}|auto`,
202 stress: CssProp.N.number,
203 text_indent: `${CssProp.B.length}|${CssProp.B.percentage}`,
204 text_shadow: `none|${CssProp.C.shadow}(,\\s*(${CssProp.C.shadow}))*`,
205 volume: `${CssProp.N.number_pos}|${CssProp.B.percentage_pos}|silent|x-soft|soft|medium|loud|x-loud`,
206 word_wrap: CssProp.AP.overflow_wrap,
207 zoom: `normal|${CssProp.N.number_pos}|${CssProp.B.percentage_pos}`,
208 backface_visibility: CssProp.AP.visibility,
209 background_clip: `${CssProp.A.box}(,\\s*(${CssProp.A.box}))*`,
210 background_position: `${CssProp.C.bg_position}(,\\s*(${CssProp.C.bg_position}))*`,
211 border_bottom_color: CssProp.C.color,
212 border_bottom_style: CssProp.A.border_style,
213 border_color: `((${CssProp.C.color})\\s*){1,4}`,
214 border_left_color: CssProp.C.color,
215 border_right_color: CssProp.C.color,
216 border_style: `((${CssProp.A.border_style})\\s*){1,4}`,
217 border_top_left_radius: `(${CssProp.B.length}|${CssProp.B.percentage})(\\s*(${CssProp.B.length}|${CssProp.B.percentage}))?`,
218 border_top_width: CssProp.C.border_width,
219 box_shadow: `none|${CssProp.C.shadow}(,\\s*(${CssProp.C.shadow}))*`,
220 clip: `${CssProp.C.shape}|auto`,
221 display_inside: CssProp.A.display_inside,
222 font_size: `${CssProp.A.absolute_size}|${CssProp.A.relative_size}|${CssProp.B.length_pos}|${CssProp.B.percentage_pos}`,
223 line_height: `normal|${CssProp.N.number_pos}|${CssProp.B.length_pos}|${CssProp.B.percentage_pos}`,
224 margin_left: CssProp.C.margin_width,
225 max_width: `${CssProp.B.length_pos}|${CssProp.B.percentage_pos}|none|auto`,
226 outline_style: CssProp.A.border_style,
227 padding_bottom: CssProp.C.padding_width,
228 padding_right: CssProp.C.padding_width,
229 perspective: `none|${CssProp.B.length}`,
230 richness: CssProp.N.number,
231 text_overflow: `((clip|ellipsis|${CssProp.B.string})\\s*){1,2}`,
232 top: `${CssProp.B.length}|${CssProp.B.percentage}|auto`,
233 width: `${CssProp.B.length_pos}|${CssProp.B.percentage_pos}|auto`,
234 z_index: `auto|${CssProp.B.z_index}`,
235 // Simplified background
236 background: `(((${CssProp.C.bg_position}\\s*(\\/\\s*${CssProp.C.bg_size})?)|(${CssProp.A.repeat_style})|(${CssProp.A.attachment})|(${CssProp.A.bg_origin})|(${CssProp.C.bg_image})|(${CssProp.C.color}))\\s*)+`,
237 background_size: `${CssProp.C.bg_size}(,\\s*${CssProp.C.bg_size})*`,
238 border_bottom_left_radius: `(${CssProp.B.length}|${CssProp.B.percentage})(\\s*(${CssProp.B.length}|${CssProp.B.percentage}))?`,
239 border_bottom_width: CssProp.C.border_width,
240 border_left_style: CssProp.A.border_style,
241 border_right_style: CssProp.A.border_style,
242 border_top: `((${CssProp.C.border_width}|${CssProp.A.border_style}|${CssProp.C.color})\\s*){1,3}`,
243 bottom: `${CssProp.B.len_or_perc}|auto`,
244 list_style: `((${CssProp.AP.list_style_type}|${CssProp.AP.list_style_position}|${CssProp.C.image}|none})\\s*){1,3}`,
245 margin_top: CssProp.C.margin_width,
246 outline: `((${CssProp.C.color}|invert|${CssProp.A.border_style}|${CssProp.C.border_width})\\s*){1,3}`,
247 overflow_y: CssProp.AP.overflow_x,
248 pitch: `${CssProp.B.frequency}|x-low|low|medium|high|x-high`,
249 vertical_align: `baseline|sub|super|top|text-top|middle|bottom|text-bottom|${CssProp.B.len_or_perc}`,
250 word_spacing: `normal|${CssProp.B.length}`,
251 background_image: `${CssProp.C.bg_image}(,\\s*${CssProp.C.bg_image})*`,
252 border_bottom_right_radius: `(${CssProp.B.length}|${CssProp.B.percentage})(\\s*(${CssProp.B.length}|${CssProp.B.percentage}))?`,
253 border_left_width: CssProp.C.border_width,
254 border_right_width: CssProp.C.border_width,
255 left: `${CssProp.B.len_or_perc}|auto`,
256 margin_bottom: CssProp.C.margin_width,
257 pause_after: `${CssProp.B.time}|${CssProp.B.percentage}`,
258 speech_rate: `${CssProp.N.number}|x-slow|slow|medium|fast|x-fast|faster|slower`,
259 transition_duration: `${CssProp.B.time}(,\\s*${CssProp.B.time})*`,
260 border_bottom: `((${CssProp.C.border_width}|${CssProp.A.border_style}|${CssProp.C.color})\\s*){1,3}`,
261 border_right: `((${CssProp.C.border_width}|${CssProp.A.border_style}|${CssProp.C.color})\\s*){1,3}`,
262 margin: `((${CssProp.C.margin_width})\\s*){1,4}`,
263 padding_left: CssProp.C.padding_width,
264 border_left: `((${CssProp.C.border_width}|${CssProp.A.border_style}|${CssProp.C.color})\\s*){1,3}`,
265 quotes: `(${CssProp.B.string}\\s*${CssProp.B.string})+|none`,
266 border_top_right_radius: `(${CssProp.B.length}|${CssProp.B.percentage})(\\s*(${CssProp.B.length}|${CssProp.B.percentage}))?`,
267 min_width: `${CssProp.B.length_pos}|${CssProp.B.percentage_pos}|auto`
268};
269CssProp._CP1 = {
270 font: `(((((${CssProp.AP.font_style}|${CssProp.AP.font_variant}|${CssProp.AP.font_weight})\\s*){1,3})?\\s*(${CssProp._CP.font_size})\\s*(\\/\\s*(${CssProp._CP.line_height}))?\\s+(${CssProp._CP.font_family}))|caption|icon|menu|message-box|small-caption|status-bar)`
271};
272CssProp.CP = { ...CssProp._CP, ...CssProp._CP1 };
273// CSS Property value validation regular expressions for use with sanitize-html
274CssProp.BORDER_COLLAPSE = CssProp.reg(CssProp.AP.border_collapse);
275CssProp.BOX = CssProp.reg(CssProp.AP.box);
276CssProp.BOX_SIZING = CssProp.reg(CssProp.AP.box_sizing);
277CssProp.CAPTION_SIDE = CssProp.reg(CssProp.AP.caption_side);
278CssProp.CLEAR = CssProp.reg(CssProp.AP.clear);
279CssProp.DIRECTION = CssProp.reg(CssProp.AP.direction);
280CssProp.EMPTY_CELLS = CssProp.reg(CssProp.AP.empty_cells);
281CssProp.FLOAT = CssProp.reg(CssProp.AP.float);
282CssProp.FONT_STRETCH = CssProp.reg(CssProp.AP.font_stretch);
283CssProp.FONT_STYLE = CssProp.reg(CssProp.AP.font_style);
284CssProp.FONT_VARIANT = CssProp.reg(CssProp.AP.font_variant);
285CssProp.FONT_WEIGHT = CssProp.reg(CssProp.AP.font_weight);
286CssProp.LIST_STYLE_POSITION = CssProp.reg(CssProp.AP.list_style_position);
287CssProp.LIST_STYLE_TYPE = CssProp.reg(CssProp.AP.list_style_type);
288CssProp.OVERFLOW = CssProp.reg(CssProp.AP.overflow);
289CssProp.OVERFLOW_WRAP = CssProp.reg(CssProp.AP.overflow_wrap);
290CssProp.OVERFLOW_X = CssProp.reg(CssProp.AP.overflow_x);
291CssProp.PAGE_BREAK_AFTER = CssProp.reg(CssProp.AP.page_break_after);
292CssProp.PAGE_BREAK_BEFORE = CssProp.reg(CssProp.AP.page_break_before);
293CssProp.PAGE_BREAK_INSIDE = CssProp.reg(CssProp.AP.page_break_inside);
294CssProp.POSITION = CssProp.reg(CssProp.AP.position);
295CssProp.RESIZE = CssProp.reg(CssProp.AP.resize);
296CssProp.SPEAK = CssProp.reg(CssProp.AP.speak);
297CssProp.SPEAK_HEADER = CssProp.reg(CssProp.AP.speak_header);
298CssProp.SPEAK_NUMERAL = CssProp.reg(CssProp.AP.speak_numeral);
299CssProp.SPEAK_PUNCTUATION = CssProp.reg(CssProp.AP.speak_punctuation);
300CssProp.TABLE_LAYOUT = CssProp.reg(CssProp.AP.table_layout);
301CssProp.TEXT_ALIGN = CssProp.reg(CssProp.AP.text_align);
302CssProp.TEXT_DECORATION = CssProp.reg(CssProp.AP.text_decoration);
303CssProp.TEXT_TRANSFORM = CssProp.reg(CssProp.AP.text_transform);
304CssProp.TEXT_WRAP = CssProp.reg(CssProp.AP.text_wrap);
305CssProp.UNICODE_BIDI = CssProp.reg(CssProp.AP.unicode_bidi);
306CssProp.VISIBILITY = CssProp.reg(CssProp.AP.visibility);
307CssProp.WHITE_SPACE = CssProp.reg(CssProp.AP.white_space);
308CssProp.WORD_BREAK = CssProp.reg(CssProp.AP.word_break);
309CssProp.BACKGROUND_ATTACHMENT = CssProp.reg(CssProp.CP.background_attachment);
310CssProp.BACKGROUND_COLOR = CssProp.reg(CssProp.CP.background_color);
311CssProp.BACKGROUND_ORIGIN = CssProp.reg(CssProp.CP.background_origin);
312CssProp.BACKGROUND_REPEAT = CssProp.reg(CssProp.CP.background_repeat);
313CssProp.BORDER = CssProp.reg(CssProp.CP.border);
314CssProp.BORDER_RADIUS = CssProp.reg(CssProp.CP.border_radius);
315CssProp.BORDER_SPACING = CssProp.reg(CssProp.CP.border_spacing);
316CssProp.BORDER_TOP_COLOR = CssProp.reg(CssProp.CP.border_top_color);
317CssProp.BORDER_TOP_STYLE = CssProp.reg(CssProp.CP.border_top_style);
318CssProp.BORDER_WIDTH = CssProp.reg(CssProp.CP.border_width);
319CssProp.COLOR = CssProp.reg(CssProp.CP.color);
320CssProp.CURSOR = CssProp.reg(CssProp.CP.cursor);
321CssProp.DISPLAY = CssProp.reg(CssProp.CP.display);
322CssProp.DISPLAY_OUTSIDE = CssProp.reg(CssProp.CP.display_outside);
323CssProp.ELEVATION = CssProp.reg(CssProp.CP.elevation);
324CssProp.FONT_FAMILY = CssProp.reg(CssProp.CP.font_family);
325CssProp.HEIGHT = CssProp.reg(CssProp.CP.height);
326CssProp.LETTER_SPACING = CssProp.reg(CssProp.CP.letter_spacing);
327CssProp.LIST_STYLE_IMAGE = CssProp.reg(CssProp.CP.list_style_image);
328CssProp.MARGIN_RIGHT = CssProp.reg(CssProp.CP.margin_right);
329CssProp.MAX_HEIGHT = CssProp.reg(CssProp.CP.max_height);
330CssProp.MIN_HEIGHT = CssProp.reg(CssProp.CP.min_height);
331CssProp.OPACITY = CssProp.reg(CssProp.CP.opacity);
332CssProp.OUTLINE_COLOR = CssProp.reg(CssProp.CP.outline_color);
333CssProp.OUTLINE_WIDTH = CssProp.reg(CssProp.CP.outline_width);
334CssProp.PADDING = CssProp.reg(CssProp.CP.padding);
335CssProp.PADDING_TOP = CssProp.reg(CssProp.CP.padding_top);
336CssProp.PITCH_RANGE = CssProp.reg(CssProp.CP.pitch_range);
337CssProp.RIGHT = CssProp.reg(CssProp.CP.right);
338CssProp.STRESS = CssProp.reg(CssProp.CP.stress);
339CssProp.TEXT_INDENT = CssProp.reg(CssProp.CP.text_indent);
340CssProp.TEXT_SHADOW = CssProp.reg(CssProp.CP.text_shadow);
341CssProp.VOLUME = CssProp.reg(CssProp.CP.volume);
342CssProp.WORD_WRAP = CssProp.reg(CssProp.CP.word_wrap);
343CssProp.ZOOM = CssProp.reg(CssProp.CP.zoom);
344CssProp.BACKFACE_VISIBILITY = CssProp.reg(CssProp.CP.backface_visibility);
345CssProp.BACKGROUND_CLIP = CssProp.reg(CssProp.CP.background_clip);
346CssProp.BACKGROUND_POSITION = CssProp.reg(CssProp.CP.background_position);
347CssProp.BORDER_BOTTOM_COLOR = CssProp.reg(CssProp.CP.border_bottom_color);
348CssProp.BORDER_BOTTOM_STYLE = CssProp.reg(CssProp.CP.border_bottom_style);
349CssProp.BORDER_COLOR = CssProp.reg(CssProp.CP.border_color);
350CssProp.BORDER_LEFT_COLOR = CssProp.reg(CssProp.CP.border_left_color);
351CssProp.BORDER_RIGHT_COLOR = CssProp.reg(CssProp.CP.border_right_color);
352CssProp.BORDER_STYLE = CssProp.reg(CssProp.CP.border_style);
353CssProp.BORDER_TOP_LEFT_RADIUS = CssProp.reg(CssProp.CP.border_top_left_radius);
354CssProp.BORDER_TOP_WIDTH = CssProp.reg(CssProp.CP.border_top_width);
355CssProp.BOX_SHADOW = CssProp.reg(CssProp.CP.box_shadow);
356CssProp.CLIP = CssProp.reg(CssProp.CP.clip);
357CssProp.DISPLAY_INSIDE = CssProp.reg(CssProp.CP.display_inside);
358CssProp.FONT_SIZE = CssProp.reg(CssProp.CP.font_size);
359CssProp.LINE_HEIGHT = CssProp.reg(CssProp.CP.line_height);
360CssProp.MARGIN_LEFT = CssProp.reg(CssProp.CP.margin_left);
361CssProp.MAX_WIDTH = CssProp.reg(CssProp.CP.max_width);
362CssProp.OUTLINE_STYLE = CssProp.reg(CssProp.CP.outline_style);
363CssProp.PADDING_BOTTOM = CssProp.reg(CssProp.CP.padding_bottom);
364CssProp.PADDING_RIGHT = CssProp.reg(CssProp.CP.padding_right);
365CssProp.PERSPECTIVE = CssProp.reg(CssProp.CP.perspective);
366CssProp.RICHNESS = CssProp.reg(CssProp.CP.richness);
367CssProp.TEXT_OVERFLOW = CssProp.reg(CssProp.CP.text_overflow);
368CssProp.TOP = CssProp.reg(CssProp.CP.top);
369CssProp.WIDTH = CssProp.reg(CssProp.CP.width);
370CssProp.Z_INDEX = CssProp.reg(CssProp.CP.z_index);
371CssProp.BACKGROUND = CssProp.reg(CssProp.CP.background);
372CssProp.BACKGROUND_SIZE = CssProp.reg(CssProp.CP.background_size);
373CssProp.BORDER_BOTTOM_LEFT_RADIUS = CssProp.reg(CssProp.CP.border_bottom_left_radius);
374CssProp.BORDER_BOTTOM_WIDTH = CssProp.reg(CssProp.CP.border_bottom_width);
375CssProp.BORDER_LEFT_STYLE = CssProp.reg(CssProp.CP.border_left_style);
376CssProp.BORDER_RIGHT_STYLE = CssProp.reg(CssProp.CP.border_right_style);
377CssProp.BORDER_TOP = CssProp.reg(CssProp.CP.border_top);
378CssProp.BOTTOM = CssProp.reg(CssProp.CP.bottom);
379CssProp.LIST_STYLE = CssProp.reg(CssProp.CP.list_style);
380CssProp.MARGIN_TOP = CssProp.reg(CssProp.CP.margin_top);
381CssProp.OUTLINE = CssProp.reg(CssProp.CP.outline);
382CssProp.OVERFLOW_Y = CssProp.reg(CssProp.CP.overflow_y);
383CssProp.PITCH = CssProp.reg(CssProp.CP.pitch);
384CssProp.VERTICAL_ALIGN = CssProp.reg(CssProp.CP.vertical_align);
385CssProp.WORD_SPACING = CssProp.reg(CssProp.CP.word_spacing);
386CssProp.BACKGROUND_IMAGE = CssProp.reg(CssProp.CP.background_image);
387CssProp.BORDER_BOTTOM_RIGHT_RADIUS = CssProp.reg(CssProp.CP.border_bottom_right_radius);
388CssProp.BORDER_LEFT_WIDTH = CssProp.reg(CssProp.CP.border_left_width);
389CssProp.BORDER_RIGHT_WIDTH = CssProp.reg(CssProp.CP.border_right_width);
390CssProp.LEFT = CssProp.reg(CssProp.CP.left);
391CssProp.MARGIN_BOTTOM = CssProp.reg(CssProp.CP.margin_bottom);
392CssProp.PAUSE_AFTER = CssProp.reg(CssProp.CP.pause_after);
393CssProp.SPEECH_RATE = CssProp.reg(CssProp.CP.speech_rate);
394CssProp.TRANSITION_DURATION = CssProp.reg(CssProp.CP.transition_duration);
395CssProp.BORDER_BOTTOM = CssProp.reg(CssProp.CP.border_bottom);
396CssProp.BORDER_RIGHT = CssProp.reg(CssProp.CP.border_right);
397CssProp.MARGIN = CssProp.reg(CssProp.CP.margin);
398CssProp.PADDING_LEFT = CssProp.reg(CssProp.CP.padding_left);
399CssProp.BORDER_LEFT = CssProp.reg(CssProp.CP.border_left);
400CssProp.FONT = CssProp.reg(CssProp.CP.font);
401CssProp.QUOTES = CssProp.reg(CssProp.CP.quotes);
402CssProp.BORDER_TOP_RIGHT_RADIUS = CssProp.reg(CssProp.CP.border_top_right_radius);
403CssProp.MIN_WIDTH = CssProp.reg(CssProp.CP.min_width);
404/**
405 * A class to sanitize HTML strings.
406 */
407export class Sanitizer {
408 constructor() {
409 this._autolink = true;
410 this._options = {
411 // HTML tags that are allowed to be used. Tags were extracted from Google Caja
412 allowedTags: [
413 'a',
414 'abbr',
415 'acronym',
416 'address',
417 'area',
418 'article',
419 'aside',
420 'audio',
421 'b',
422 'bdi',
423 'bdo',
424 'big',
425 'blockquote',
426 'br',
427 'button',
428 'canvas',
429 'caption',
430 'center',
431 'cite',
432 'code',
433 'col',
434 'colgroup',
435 'colspan',
436 'command',
437 'data',
438 'datalist',
439 'dd',
440 'del',
441 'details',
442 'dfn',
443 'dir',
444 'div',
445 'dl',
446 'dt',
447 'em',
448 'fieldset',
449 'figcaption',
450 'figure',
451 'font',
452 'footer',
453 'form',
454 'h1',
455 'h2',
456 'h3',
457 'h4',
458 'h5',
459 'h6',
460 'header',
461 'hgroup',
462 'hr',
463 'i',
464 // 'iframe' is allowed by Google Caja, but disallowed by default by sanitize-html
465 // , 'iframe'
466 'img',
467 'input',
468 'ins',
469 'kbd',
470 'label',
471 'legend',
472 'li',
473 'map',
474 'mark',
475 'menu',
476 'meter',
477 'nav',
478 'nobr',
479 'ol',
480 'optgroup',
481 'option',
482 'output',
483 'p',
484 'pre',
485 'progress',
486 'q',
487 'rowspan',
488 's',
489 'samp',
490 'section',
491 'select',
492 'small',
493 'source',
494 'span',
495 'strike',
496 'strong',
497 'sub',
498 'summary',
499 'sup',
500 'table',
501 'tbody',
502 'td',
503 'textarea',
504 'tfoot',
505 'th',
506 'thead',
507 'time',
508 'tr',
509 'track',
510 'tt',
511 'u',
512 'ul',
513 'var',
514 'video',
515 'wbr'
516 ],
517 // Attributes that HTML tags are allowed to have, extracted from Google Caja.
518 // See https://github.com/jupyterlab/jupyterlab/issues/1812#issuecomment-285848435
519 allowedAttributes: {
520 '*': [
521 'class',
522 'dir',
523 'draggable',
524 'hidden',
525 'id',
526 'inert',
527 'itemprop',
528 'itemref',
529 'itemscope',
530 'lang',
531 'spellcheck',
532 'style',
533 'title',
534 'translate'
535 ],
536 // 'rel' and 'target' were *not* allowed by Google Caja
537 a: [
538 'accesskey',
539 'coords',
540 'href',
541 'hreflang',
542 'name',
543 'rel',
544 'shape',
545 'tabindex',
546 'target',
547 'type'
548 ],
549 area: [
550 'accesskey',
551 'alt',
552 'coords',
553 'href',
554 'nohref',
555 'shape',
556 'tabindex'
557 ],
558 // 'autoplay' was *not* allowed by Google Caja
559 audio: [
560 'autoplay',
561 'controls',
562 'loop',
563 'mediagroup',
564 'muted',
565 'preload',
566 'src'
567 ],
568 bdo: ['dir'],
569 blockquote: ['cite'],
570 br: ['clear'],
571 button: [
572 'accesskey',
573 'data-commandlinker-args',
574 'data-commandlinker-command',
575 'disabled',
576 'name',
577 'tabindex',
578 'type',
579 'value'
580 ],
581 canvas: ['height', 'width'],
582 caption: ['align'],
583 col: ['align', 'char', 'charoff', 'span', 'valign', 'width'],
584 colgroup: ['align', 'char', 'charoff', 'span', 'valign', 'width'],
585 command: [
586 'checked',
587 'command',
588 'disabled',
589 'icon',
590 'label',
591 'radiogroup',
592 'type'
593 ],
594 data: ['value'],
595 del: ['cite', 'datetime'],
596 details: ['open'],
597 dir: ['compact'],
598 div: ['align'],
599 dl: ['compact'],
600 fieldset: ['disabled'],
601 font: ['color', 'face', 'size'],
602 form: [
603 'accept',
604 'autocomplete',
605 'enctype',
606 'method',
607 'name',
608 'novalidate'
609 ],
610 h1: ['align'],
611 h2: ['align'],
612 h3: ['align'],
613 h4: ['align'],
614 h5: ['align'],
615 h6: ['align'],
616 hr: ['align', 'noshade', 'size', 'width'],
617 iframe: [
618 'align',
619 'frameborder',
620 'height',
621 'marginheight',
622 'marginwidth',
623 'width'
624 ],
625 img: [
626 'align',
627 'alt',
628 'border',
629 'height',
630 'hspace',
631 'ismap',
632 'name',
633 'src',
634 'usemap',
635 'vspace',
636 'width'
637 ],
638 input: [
639 'accept',
640 'accesskey',
641 'align',
642 'alt',
643 'autocomplete',
644 'checked',
645 'disabled',
646 'inputmode',
647 'ismap',
648 'list',
649 'max',
650 'maxlength',
651 'min',
652 'multiple',
653 'name',
654 'placeholder',
655 'readonly',
656 'required',
657 'size',
658 'src',
659 'step',
660 'tabindex',
661 'type',
662 'usemap',
663 'value'
664 ],
665 ins: ['cite', 'datetime'],
666 label: ['accesskey', 'for'],
667 legend: ['accesskey', 'align'],
668 li: ['type', 'value'],
669 map: ['name'],
670 menu: ['compact', 'label', 'type'],
671 meter: ['high', 'low', 'max', 'min', 'value'],
672 ol: ['compact', 'reversed', 'start', 'type'],
673 optgroup: ['disabled', 'label'],
674 option: ['disabled', 'label', 'selected', 'value'],
675 output: ['for', 'name'],
676 p: ['align'],
677 pre: ['width'],
678 progress: ['max', 'min', 'value'],
679 q: ['cite'],
680 select: [
681 'autocomplete',
682 'disabled',
683 'multiple',
684 'name',
685 'required',
686 'size',
687 'tabindex'
688 ],
689 source: ['type'],
690 table: [
691 'align',
692 'bgcolor',
693 'border',
694 'cellpadding',
695 'cellspacing',
696 'frame',
697 'rules',
698 'summary',
699 'width'
700 ],
701 tbody: ['align', 'char', 'charoff', 'valign'],
702 td: [
703 'abbr',
704 'align',
705 'axis',
706 'bgcolor',
707 'char',
708 'charoff',
709 'colspan',
710 'headers',
711 'height',
712 'nowrap',
713 'rowspan',
714 'scope',
715 'valign',
716 'width'
717 ],
718 textarea: [
719 'accesskey',
720 'autocomplete',
721 'cols',
722 'disabled',
723 'inputmode',
724 'name',
725 'placeholder',
726 'readonly',
727 'required',
728 'rows',
729 'tabindex',
730 'wrap'
731 ],
732 tfoot: ['align', 'char', 'charoff', 'valign'],
733 th: [
734 'abbr',
735 'align',
736 'axis',
737 'bgcolor',
738 'char',
739 'charoff',
740 'colspan',
741 'headers',
742 'height',
743 'nowrap',
744 'rowspan',
745 'scope',
746 'valign',
747 'width'
748 ],
749 thead: ['align', 'char', 'charoff', 'valign'],
750 tr: ['align', 'bgcolor', 'char', 'charoff', 'valign'],
751 track: ['default', 'kind', 'label', 'srclang'],
752 ul: ['compact', 'type'],
753 video: [
754 'autoplay',
755 'controls',
756 'height',
757 'loop',
758 'mediagroup',
759 'muted',
760 'poster',
761 'preload',
762 'src',
763 'width'
764 ]
765 },
766 // Inline CSS styles that HTML tags may have (and their allowed values)
767 allowedStyles: {
768 // To simplify the data, all styles are allowed on all tags that allow the style attribute
769 '*': {
770 'backface-visibility': [CssProp.BACKFACE_VISIBILITY],
771 background: [CssProp.BACKGROUND],
772 'background-attachment': [CssProp.BACKGROUND_ATTACHMENT],
773 'background-clip': [CssProp.BACKGROUND_CLIP],
774 'background-color': [CssProp.BACKGROUND_COLOR],
775 'background-image': [CssProp.BACKGROUND_IMAGE],
776 'background-origin': [CssProp.BACKGROUND_ORIGIN],
777 'background-position': [CssProp.BACKGROUND_POSITION],
778 'background-repeat': [CssProp.BACKGROUND_REPEAT],
779 'background-size': [CssProp.BACKGROUND_SIZE],
780 border: [CssProp.BORDER],
781 'border-bottom': [CssProp.BORDER_BOTTOM],
782 'border-bottom-color': [CssProp.BORDER_BOTTOM_COLOR],
783 'border-bottom-left-radius': [CssProp.BORDER_BOTTOM_LEFT_RADIUS],
784 'border-bottom-right-radius': [CssProp.BORDER_BOTTOM_RIGHT_RADIUS],
785 'border-bottom-style': [CssProp.BORDER_BOTTOM_STYLE],
786 'border-bottom-width': [CssProp.BORDER_BOTTOM_WIDTH],
787 'border-collapse': [CssProp.BORDER_COLLAPSE],
788 'border-color': [CssProp.BORDER_COLOR],
789 'border-left': [CssProp.BORDER_LEFT],
790 'border-left-color': [CssProp.BORDER_LEFT_COLOR],
791 'border-left-style': [CssProp.BORDER_LEFT_STYLE],
792 'border-left-width': [CssProp.BORDER_LEFT_WIDTH],
793 'border-radius': [CssProp.BORDER_RADIUS],
794 'border-right': [CssProp.BORDER_RIGHT],
795 'border-right-color': [CssProp.BORDER_RIGHT_COLOR],
796 'border-right-style': [CssProp.BORDER_RIGHT_STYLE],
797 'border-right-width': [CssProp.BORDER_RIGHT_WIDTH],
798 'border-spacing': [CssProp.BORDER_SPACING],
799 'border-style': [CssProp.BORDER_STYLE],
800 'border-top': [CssProp.BORDER_TOP],
801 'border-top-color': [CssProp.BORDER_TOP_COLOR],
802 'border-top-left-radius': [CssProp.BORDER_TOP_LEFT_RADIUS],
803 'border-top-right-radius': [CssProp.BORDER_TOP_RIGHT_RADIUS],
804 'border-top-style': [CssProp.BORDER_TOP_STYLE],
805 'border-top-width': [CssProp.BORDER_TOP_WIDTH],
806 'border-width': [CssProp.BORDER_WIDTH],
807 bottom: [CssProp.BOTTOM],
808 box: [CssProp.BOX],
809 'box-shadow': [CssProp.BOX_SHADOW],
810 'box-sizing': [CssProp.BOX_SIZING],
811 'caption-side': [CssProp.CAPTION_SIDE],
812 clear: [CssProp.CLEAR],
813 clip: [CssProp.CLIP],
814 color: [CssProp.COLOR],
815 cursor: [CssProp.CURSOR],
816 direction: [CssProp.DIRECTION],
817 display: [CssProp.DISPLAY],
818 'display-inside': [CssProp.DISPLAY_INSIDE],
819 'display-outside': [CssProp.DISPLAY_OUTSIDE],
820 elevation: [CssProp.ELEVATION],
821 'empty-cells': [CssProp.EMPTY_CELLS],
822 float: [CssProp.FLOAT],
823 font: [CssProp.FONT],
824 'font-family': [CssProp.FONT_FAMILY],
825 'font-size': [CssProp.FONT_SIZE],
826 'font-stretch': [CssProp.FONT_STRETCH],
827 'font-style': [CssProp.FONT_STYLE],
828 'font-variant': [CssProp.FONT_VARIANT],
829 'font-weight': [CssProp.FONT_WEIGHT],
830 height: [CssProp.HEIGHT],
831 left: [CssProp.LEFT],
832 'letter-spacing': [CssProp.LETTER_SPACING],
833 'line-height': [CssProp.LINE_HEIGHT],
834 'list-style': [CssProp.LIST_STYLE],
835 'list-style-image': [CssProp.LIST_STYLE_IMAGE],
836 'list-style-position': [CssProp.LIST_STYLE_POSITION],
837 'list-style-type': [CssProp.LIST_STYLE_TYPE],
838 margin: [CssProp.MARGIN],
839 'margin-bottom': [CssProp.MARGIN_BOTTOM],
840 'margin-left': [CssProp.MARGIN_LEFT],
841 'margin-right': [CssProp.MARGIN_RIGHT],
842 'margin-top': [CssProp.MARGIN_TOP],
843 'max-height': [CssProp.MAX_HEIGHT],
844 'max-width': [CssProp.MAX_WIDTH],
845 'min-height': [CssProp.MIN_HEIGHT],
846 'min-width': [CssProp.MIN_WIDTH],
847 opacity: [CssProp.OPACITY],
848 outline: [CssProp.OUTLINE],
849 'outline-color': [CssProp.OUTLINE_COLOR],
850 'outline-style': [CssProp.OUTLINE_STYLE],
851 'outline-width': [CssProp.OUTLINE_WIDTH],
852 overflow: [CssProp.OVERFLOW],
853 'overflow-wrap': [CssProp.OVERFLOW_WRAP],
854 'overflow-x': [CssProp.OVERFLOW_X],
855 'overflow-y': [CssProp.OVERFLOW_Y],
856 padding: [CssProp.PADDING],
857 'padding-bottom': [CssProp.PADDING_BOTTOM],
858 'padding-left': [CssProp.PADDING_LEFT],
859 'padding-right': [CssProp.PADDING_RIGHT],
860 'padding-top': [CssProp.PADDING_TOP],
861 'page-break-after': [CssProp.PAGE_BREAK_AFTER],
862 'page-break-before': [CssProp.PAGE_BREAK_BEFORE],
863 'page-break-inside': [CssProp.PAGE_BREAK_INSIDE],
864 'pause-after': [CssProp.PAUSE_AFTER],
865 perspective: [CssProp.PERSPECTIVE],
866 pitch: [CssProp.PITCH],
867 'pitch-range': [CssProp.PITCH_RANGE],
868 position: [CssProp.POSITION],
869 quotes: [CssProp.QUOTES],
870 resize: [CssProp.RESIZE],
871 richness: [CssProp.RICHNESS],
872 right: [CssProp.RIGHT],
873 speak: [CssProp.SPEAK],
874 'speak-header': [CssProp.SPEAK_HEADER],
875 'speak-numeral': [CssProp.SPEAK_NUMERAL],
876 'speak-punctuation': [CssProp.SPEAK_PUNCTUATION],
877 'speech-rate': [CssProp.SPEECH_RATE],
878 stress: [CssProp.STRESS],
879 'table-layout': [CssProp.TABLE_LAYOUT],
880 'text-align': [CssProp.TEXT_ALIGN],
881 'text-decoration': [CssProp.TEXT_DECORATION],
882 'text-indent': [CssProp.TEXT_INDENT],
883 'text-overflow': [CssProp.TEXT_OVERFLOW],
884 'text-shadow': [CssProp.TEXT_SHADOW],
885 'text-transform': [CssProp.TEXT_TRANSFORM],
886 'text-wrap': [CssProp.TEXT_WRAP],
887 top: [CssProp.TOP],
888 'unicode-bidi': [CssProp.UNICODE_BIDI],
889 'vertical-align': [CssProp.VERTICAL_ALIGN],
890 visibility: [CssProp.VISIBILITY],
891 volume: [CssProp.VOLUME],
892 'white-space': [CssProp.WHITE_SPACE],
893 width: [CssProp.WIDTH],
894 'word-break': [CssProp.WORD_BREAK],
895 'word-spacing': [CssProp.WORD_SPACING],
896 'word-wrap': [CssProp.WORD_WRAP],
897 'z-index': [CssProp.Z_INDEX],
898 zoom: [CssProp.ZOOM]
899 }
900 },
901 transformTags: {
902 // Set the "rel" attribute for <a> tags to "nofollow".
903 a: sanitize.simpleTransform('a', { rel: 'nofollow' }),
904 // Set the "disabled" attribute for <input> tags.
905 input: sanitize.simpleTransform('input', { disabled: 'disabled' })
906 },
907 allowedSchemes: [...sanitize.defaults.allowedSchemes],
908 allowedSchemesByTag: {
909 // Allow 'attachment:' img src (used for markdown cell attachments).
910 img: sanitize.defaults.allowedSchemes.concat(['attachment'])
911 },
912 // Override of the default option, so we can skip 'src' attribute validation.
913 // 'src' Attributes are validated to be URIs, which does not allow for embedded (image) data.
914 // Since embedded data is no longer deemed to be a threat, validation can be skipped.
915 // See https://github.com/jupyterlab/jupyterlab/issues/5183
916 allowedSchemesAppliedToAttributes: ['href', 'cite']
917 };
918 }
919 /**
920 * Sanitize an HTML string.
921 *
922 * @param dirty - The dirty text.
923 *
924 * @param options - The optional sanitization options.
925 *
926 * @returns The sanitized string.
927 */
928 sanitize(dirty, options) {
929 return sanitize(dirty, { ...this._options, ...(options || {}) });
930 }
931 /**
932 * @returns Whether to replace URLs by HTML anchors.
933 */
934 getAutolink() {
935 return this._autolink;
936 }
937 /**
938 * Set the allowed schemes
939 *
940 * @param scheme Allowed schemes
941 */
942 setAllowedSchemes(scheme) {
943 // Force copy of `scheme`
944 this._options.allowedSchemes = [...scheme];
945 }
946 /**
947 * Set the URL replacement boolean.
948 *
949 * @param autolink URL replacement boolean.
950 */
951 setAutolink(autolink) {
952 this._autolink = autolink;
953 }
954}
955//# sourceMappingURL=sanitizer.js.map
\No newline at end of file