1 | {"version":3,"file":"purify.min.js","sources":["../src/utils.js","../src/purify.js","../src/tags.js","../src/attrs.js","../src/regexp.js"],"sourcesContent":["/* Add properties to a lookup table */\nexport function addToSet(set, array) {\n let l = array.length;\n while (l--) {\n if (typeof array[l] === 'string') {\n array[l] = array[l].toLowerCase();\n }\n set[array[l]] = true;\n }\n return set;\n}\n\n/* Shallow clone an object */\nexport function clone(object) {\n const newObject = {};\n let property;\n for (property in object) {\n if (Object.prototype.hasOwnProperty.call(object, property)) {\n newObject[property] = object[property];\n }\n }\n return newObject;\n}\n","import * as TAGS from './tags';\nimport * as ATTRS from './attrs';\nimport { addToSet, clone } from './utils';\nimport * as EXPRESSIONS from './regexp';\n\nconst getGlobal = () => (typeof window === 'undefined' ? null : window);\n\nfunction createDOMPurify(window = getGlobal()) {\n const DOMPurify = root => createDOMPurify(root);\n\n /**\n * Version label, exposed for easier checks\n * if DOMPurify is up to date or not\n */\n DOMPurify.version = VERSION;\n\n /**\n * Array of elements that DOMPurify removed during sanitation.\n * Empty if nothing was removed.\n */\n DOMPurify.removed = [];\n\n if (!window || !window.document || window.document.nodeType !== 9) {\n // Not running in a browser, provide a factory function\n // so that you can pass your own Window\n DOMPurify.isSupported = false;\n\n return DOMPurify;\n }\n\n const originalDocument = window.document;\n let useDOMParser = false; // See comment below\n let useXHR = false;\n\n let document = window.document;\n const {\n DocumentFragment,\n HTMLTemplateElement,\n Node,\n NodeFilter,\n NamedNodeMap = window.NamedNodeMap || window.MozNamedAttrMap,\n Text,\n Comment,\n DOMParser,\n XMLHttpRequest = window.XMLHttpRequest,\n encodeURI = window.encodeURI,\n } = window;\n\n // As per issue #47, the web-components registry is inherited by a\n // new document created via createHTMLDocument. As per the spec\n // (http://w3c.github.io/webcomponents/spec/custom/#creating-and-passing-registries)\n // a new empty registry is used when creating a template contents owner\n // document, so we use that as our parent document to ensure nothing\n // is inherited.\n if (typeof HTMLTemplateElement === 'function') {\n const template = document.createElement('template');\n if (template.content && template.content.ownerDocument) {\n document = template.content.ownerDocument;\n }\n }\n\n const {\n implementation,\n createNodeIterator,\n getElementsByTagName,\n createDocumentFragment,\n } = document;\n const importNode = originalDocument.importNode;\n\n let hooks = {};\n\n /**\n * Expose whether this browser supports running the full DOMPurify.\n */\n DOMPurify.isSupported =\n implementation &&\n typeof implementation.createHTMLDocument !== 'undefined' &&\n document.documentMode !== 9;\n\n const {\n MUSTACHE_EXPR,\n ERB_EXPR,\n DATA_ATTR,\n ARIA_ATTR,\n IS_SCRIPT_OR_DATA,\n ATTR_WHITESPACE,\n } = EXPRESSIONS;\n\n let IS_ALLOWED_URI = EXPRESSIONS.IS_ALLOWED_URI;\n /**\n * We consider the elements and attributes below to be safe. Ideally\n * don't add any new ones but feel free to remove unwanted ones.\n */\n\n /* allowed element names */\n let ALLOWED_TAGS = null;\n const DEFAULT_ALLOWED_TAGS = addToSet({}, [\n ...TAGS.html,\n ...TAGS.svg,\n ...TAGS.svgFilters,\n ...TAGS.mathMl,\n ...TAGS.text,\n ]);\n\n /* Allowed attribute names */\n let ALLOWED_ATTR = null;\n const DEFAULT_ALLOWED_ATTR = addToSet({}, [\n ...ATTRS.html,\n ...ATTRS.svg,\n ...ATTRS.mathMl,\n ...ATTRS.xml,\n ]);\n\n /* Explicitly forbidden tags (overrides ALLOWED_TAGS/ADD_TAGS) */\n let FORBID_TAGS = null;\n\n /* Explicitly forbidden attributes (overrides ALLOWED_ATTR/ADD_ATTR) */\n let FORBID_ATTR = null;\n\n /* Decide if ARIA attributes are okay */\n let ALLOW_ARIA_ATTR = true;\n\n /* Decide if custom data attributes are okay */\n let ALLOW_DATA_ATTR = true;\n\n /* Decide if unknown protocols are okay */\n let ALLOW_UNKNOWN_PROTOCOLS = false;\n\n /* Output should be safe for jQuery's $() factory? */\n let SAFE_FOR_JQUERY = false;\n\n /* Output should be safe for common template engines.\n * This means, DOMPurify removes data attributes, mustaches and ERB\n */\n let SAFE_FOR_TEMPLATES = false;\n\n /* Decide if document with <html>... should be returned */\n let WHOLE_DOCUMENT = false;\n\n /* Track whether config is already set on this instance of DOMPurify. */\n let SET_CONFIG = false;\n\n /* Decide if all elements (e.g. style, script) must be children of\n * document.body. By default, browsers might move them to document.head */\n let FORCE_BODY = false;\n\n /* Decide if a DOM `HTMLBodyElement` should be returned, instead of a html string.\n * If `WHOLE_DOCUMENT` is enabled a `HTMLHtmlElement` will be returned instead\n */\n let RETURN_DOM = false;\n\n /* Decide if a DOM `DocumentFragment` should be returned, instead of a html string */\n let RETURN_DOM_FRAGMENT = false;\n\n /* If `RETURN_DOM` or `RETURN_DOM_FRAGMENT` is enabled, decide if the returned DOM\n * `Node` is imported into the current `Document`. If this flag is not enabled the\n * `Node` will belong (its ownerDocument) to a fresh `HTMLDocument`, created by\n * DOMPurify. */\n let RETURN_DOM_IMPORT = false;\n\n /* Output should be free from DOM clobbering attacks? */\n let SANITIZE_DOM = true;\n\n /* Keep element content when removing element? */\n let KEEP_CONTENT = true;\n\n /* Allow usage of profiles like html, svg and mathMl */\n let USE_PROFILES = {};\n\n /* Tags to ignore content of when KEEP_CONTENT is true */\n const FORBID_CONTENTS = addToSet({}, [\n 'audio',\n 'head',\n 'math',\n 'script',\n 'style',\n 'template',\n 'svg',\n 'video',\n ]);\n\n /* Tags that are safe for data: URIs */\n const DATA_URI_TAGS = addToSet({}, [\n 'audio',\n 'video',\n 'img',\n 'source',\n 'image',\n ]);\n\n /* Attributes safe for values like \"javascript:\" */\n const URI_SAFE_ATTRIBUTES = addToSet({}, [\n 'alt',\n 'class',\n 'for',\n 'id',\n 'label',\n 'name',\n 'pattern',\n 'placeholder',\n 'summary',\n 'title',\n 'value',\n 'style',\n 'xmlns',\n ]);\n\n /* Keep a reference to config to pass to hooks */\n let CONFIG = null;\n\n /* Ideally, do not touch anything below this line */\n /* ______________________________________________ */\n\n const formElement = document.createElement('form');\n\n /**\n * _parseConfig\n *\n * @param optional config literal\n */\n // eslint-disable-next-line complexity\n const _parseConfig = function(cfg) {\n /* Shield configuration object from tampering */\n if (typeof cfg !== 'object') {\n cfg = {};\n }\n /* Set configuration parameters */\n ALLOWED_TAGS =\n 'ALLOWED_TAGS' in cfg\n ? addToSet({}, cfg.ALLOWED_TAGS)\n : DEFAULT_ALLOWED_TAGS;\n ALLOWED_ATTR =\n 'ALLOWED_ATTR' in cfg\n ? addToSet({}, cfg.ALLOWED_ATTR)\n : DEFAULT_ALLOWED_ATTR;\n FORBID_TAGS = 'FORBID_TAGS' in cfg ? addToSet({}, cfg.FORBID_TAGS) : {};\n FORBID_ATTR = 'FORBID_ATTR' in cfg ? addToSet({}, cfg.FORBID_ATTR) : {};\n USE_PROFILES = 'USE_PROFILES' in cfg ? cfg.USE_PROFILES : false;\n ALLOW_ARIA_ATTR = cfg.ALLOW_ARIA_ATTR !== false; // Default true\n ALLOW_DATA_ATTR = cfg.ALLOW_DATA_ATTR !== false; // Default true\n ALLOW_UNKNOWN_PROTOCOLS = cfg.ALLOW_UNKNOWN_PROTOCOLS || false; // Default false\n SAFE_FOR_JQUERY = cfg.SAFE_FOR_JQUERY || false; // Default false\n SAFE_FOR_TEMPLATES = cfg.SAFE_FOR_TEMPLATES || false; // Default false\n WHOLE_DOCUMENT = cfg.WHOLE_DOCUMENT || false; // Default false\n RETURN_DOM = cfg.RETURN_DOM || false; // Default false\n RETURN_DOM_FRAGMENT = cfg.RETURN_DOM_FRAGMENT || false; // Default false\n RETURN_DOM_IMPORT = cfg.RETURN_DOM_IMPORT || false; // Default false\n FORCE_BODY = cfg.FORCE_BODY || false; // Default false\n SANITIZE_DOM = cfg.SANITIZE_DOM !== false; // Default true\n KEEP_CONTENT = cfg.KEEP_CONTENT !== false; // Default true\n\n IS_ALLOWED_URI = cfg.ALLOWED_URI_REGEXP || IS_ALLOWED_URI;\n\n if (SAFE_FOR_TEMPLATES) {\n ALLOW_DATA_ATTR = false;\n }\n\n if (RETURN_DOM_FRAGMENT) {\n RETURN_DOM = true;\n }\n\n /* Parse profile info */\n if (USE_PROFILES) {\n ALLOWED_TAGS = addToSet({}, [...TAGS.text]);\n ALLOWED_ATTR = [];\n if (USE_PROFILES.html === true) {\n addToSet(ALLOWED_TAGS, TAGS.html);\n addToSet(ALLOWED_ATTR, ATTRS.html);\n }\n if (USE_PROFILES.svg === true) {\n addToSet(ALLOWED_TAGS, TAGS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n if (USE_PROFILES.svgFilters === true) {\n addToSet(ALLOWED_TAGS, TAGS.svgFilters);\n addToSet(ALLOWED_ATTR, ATTRS.svg);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n if (USE_PROFILES.mathMl === true) {\n addToSet(ALLOWED_TAGS, TAGS.mathMl);\n addToSet(ALLOWED_ATTR, ATTRS.mathMl);\n addToSet(ALLOWED_ATTR, ATTRS.xml);\n }\n }\n\n /* Merge configuration parameters */\n if (cfg.ADD_TAGS) {\n if (ALLOWED_TAGS === DEFAULT_ALLOWED_TAGS) {\n ALLOWED_TAGS = clone(ALLOWED_TAGS);\n }\n addToSet(ALLOWED_TAGS, cfg.ADD_TAGS);\n }\n if (cfg.ADD_ATTR) {\n if (ALLOWED_ATTR === DEFAULT_ALLOWED_ATTR) {\n ALLOWED_ATTR = clone(ALLOWED_ATTR);\n }\n addToSet(ALLOWED_ATTR, cfg.ADD_ATTR);\n }\n if (cfg.ADD_URI_SAFE_ATTR) {\n addToSet(URI_SAFE_ATTRIBUTES, cfg.ADD_URI_SAFE_ATTR);\n }\n\n /* Add #text in case KEEP_CONTENT is set to true */\n if (KEEP_CONTENT) {\n ALLOWED_TAGS['#text'] = true;\n }\n\n // Prevent further manipulation of configuration.\n // Not available in IE8, Safari 5, etc.\n if (Object && 'freeze' in Object) {\n Object.freeze(cfg);\n }\n\n CONFIG = cfg;\n };\n\n /**\n * _forceRemove\n *\n * @param a DOM node\n */\n const _forceRemove = function(node) {\n DOMPurify.removed.push({ element: node });\n try {\n node.parentNode.removeChild(node);\n } catch (err) {\n node.outerHTML = '';\n }\n };\n\n /**\n * _removeAttribute\n *\n * @param an Attribute name\n * @param a DOM node\n */\n const _removeAttribute = function(name, node) {\n try {\n DOMPurify.removed.push({\n attribute: node.getAttributeNode(name),\n from: node,\n });\n } catch (err) {\n DOMPurify.removed.push({\n attribute: null,\n from: node,\n });\n }\n node.removeAttribute(name);\n };\n\n /**\n * _initDocument\n *\n * @param a string of dirty markup\n * @return a DOM, filled with the dirty markup\n */\n const _initDocument = function(dirty) {\n /* Create a HTML document */\n let doc;\n let body;\n\n if (FORCE_BODY) {\n dirty = '<remove></remove>' + dirty;\n }\n\n /* Use XHR if necessary because Safari 10.1 and newer are buggy */\n if (useXHR) {\n try {\n dirty = encodeURI(dirty);\n } catch (err) {}\n const xhr = new XMLHttpRequest();\n xhr.responseType = 'document';\n xhr.open('GET', 'data:text/html;charset=utf-8,' + dirty, false);\n xhr.send(null);\n doc = xhr.response;\n }\n\n /* Use DOMParser to workaround Firefox bug (see comment below) */\n if (useDOMParser) {\n try {\n doc = new DOMParser().parseFromString(dirty, 'text/html');\n } catch (err) {}\n }\n\n /* Otherwise use createHTMLDocument, because DOMParser is unsafe in\n Safari (see comment below) */\n if (!doc || !doc.documentElement) {\n doc = implementation.createHTMLDocument('');\n body = doc.body;\n body.parentNode.removeChild(body.parentNode.firstElementChild);\n body.outerHTML = dirty;\n }\n\n /* Work on whole document or just its body */\n return getElementsByTagName.call(doc, WHOLE_DOCUMENT ? 'html' : 'body')[0];\n };\n\n // Safari 10.1+ (unfixed as of time of writing) has a catastrophic bug in\n // its implementation of DOMParser such that the following executes the\n // JavaScript:\n //\n // new DOMParser()\n // .parseFromString('<svg onload=alert(document.domain)>', 'text/html');\n //\n // Later, it was also noticed that even more assumed benign and inert ways\n // of creating a document are now insecure thanks to Safari. So we work\n // around that with a feature test and use XHR to create the document in\n // case we really have to. That one seems safe for now.\n //\n // However, Firefox uses a different parser for innerHTML rather than\n // DOMParser (see https://bugzilla.mozilla.org/show_bug.cgi?id=1205631)\n // which means that you *must* use DOMParser, otherwise the output may\n // not be safe if used in a document.write context later.\n //\n // So we feature detect the Firefox bug and use the DOMParser if necessary.\n if (DOMPurify.isSupported) {\n (function() {\n let doc = _initDocument(\n '<svg><g onload=\"this.parentNode.remove()\"></g></svg>'\n );\n if (!doc.querySelector('svg')) {\n useXHR = true;\n }\n try {\n doc = _initDocument(\n '<svg><p><style><img src=\"</style><img src=x onerror=alert(1)//\">'\n );\n if (doc.querySelector('svg img')) {\n useDOMParser = true;\n }\n } catch (err) {}\n })();\n }\n\n /**\n * _createIterator\n *\n * @param document/fragment to create iterator for\n * @return iterator instance\n */\n const _createIterator = function(root) {\n return createNodeIterator.call(\n root.ownerDocument || root,\n root,\n NodeFilter.SHOW_ELEMENT | NodeFilter.SHOW_COMMENT | NodeFilter.SHOW_TEXT,\n () => {\n return NodeFilter.FILTER_ACCEPT;\n },\n false\n );\n };\n\n /**\n * _isClobbered\n *\n * @param element to check for clobbering attacks\n * @return true if clobbered, false if safe\n */\n const _isClobbered = function(elm) {\n if (elm instanceof Text || elm instanceof Comment) {\n return false;\n }\n if (\n typeof elm.nodeName !== 'string' ||\n typeof elm.textContent !== 'string' ||\n typeof elm.removeChild !== 'function' ||\n !(elm.attributes instanceof NamedNodeMap) ||\n typeof elm.removeAttribute !== 'function' ||\n typeof elm.setAttribute !== 'function'\n ) {\n return true;\n }\n return false;\n };\n\n /**\n * _isNode\n *\n * @param object to check whether it's a DOM node\n * @return true is object is a DOM node\n */\n const _isNode = function(obj) {\n return typeof Node === 'object'\n ? obj instanceof Node\n : obj &&\n typeof obj === 'object' &&\n typeof obj.nodeType === 'number' &&\n typeof obj.nodeName === 'string';\n };\n\n /**\n * _executeHook\n * Execute user configurable hooks\n *\n * @param {String} entryPoint Name of the hook's entry point\n * @param {Node} currentNode\n */\n const _executeHook = function(entryPoint, currentNode, data) {\n if (!hooks[entryPoint]) {\n return;\n }\n\n hooks[entryPoint].forEach(hook => {\n hook.call(DOMPurify, currentNode, data, CONFIG);\n });\n };\n\n /**\n * _sanitizeElements\n *\n * @protect nodeName\n * @protect textContent\n * @protect removeChild\n *\n * @param node to check for permission to exist\n * @return true if node was killed, false if left alive\n */\n const _sanitizeElements = function(currentNode) {\n let content;\n\n /* Execute a hook if present */\n _executeHook('beforeSanitizeElements', currentNode, null);\n\n /* Check if element is clobbered or can clobber */\n if (_isClobbered(currentNode)) {\n _forceRemove(currentNode);\n return true;\n }\n\n /* Now let's check the element's type and name */\n const tagName = currentNode.nodeName.toLowerCase();\n\n /* Execute a hook if present */\n _executeHook('uponSanitizeElement', currentNode, {\n tagName,\n allowedTags: ALLOWED_TAGS,\n });\n\n /* Remove element if anything forbids its presence */\n if (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName]) {\n /* Keep content except for black-listed elements */\n if (\n KEEP_CONTENT &&\n !FORBID_CONTENTS[tagName] &&\n typeof currentNode.insertAdjacentHTML === 'function'\n ) {\n try {\n currentNode.insertAdjacentHTML('AfterEnd', currentNode.innerHTML);\n } catch (err) {}\n }\n _forceRemove(currentNode);\n return true;\n }\n\n /* Convert markup to cover jQuery behavior */\n if (\n SAFE_FOR_JQUERY &&\n !currentNode.firstElementChild &&\n (!currentNode.content || !currentNode.content.firstElementChild) &&\n /</g.test(currentNode.textContent)\n ) {\n DOMPurify.removed.push({ element: currentNode.cloneNode() });\n currentNode.innerHTML = currentNode.textContent.replace(/</g, '<');\n }\n\n /* Sanitize element content to be template-safe */\n if (SAFE_FOR_TEMPLATES && currentNode.nodeType === 3) {\n /* Get the element's text content */\n content = currentNode.textContent;\n content = content.replace(MUSTACHE_EXPR, ' ');\n content = content.replace(ERB_EXPR, ' ');\n if (currentNode.textContent !== content) {\n DOMPurify.removed.push({ element: currentNode.cloneNode() });\n currentNode.textContent = content;\n }\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeElements', currentNode, null);\n\n return false;\n };\n\n /**\n * _sanitizeAttributes\n *\n * @protect attributes\n * @protect nodeName\n * @protect removeAttribute\n * @protect setAttribute\n *\n * @param node to sanitize\n * @return void\n */\n // eslint-disable-next-line complexity\n const _sanitizeAttributes = function(currentNode) {\n let attr;\n let name;\n let value;\n let lcName;\n let idAttr;\n let attributes;\n let l;\n /* Execute a hook if present */\n _executeHook('beforeSanitizeAttributes', currentNode, null);\n\n attributes = currentNode.attributes;\n\n /* Check if we have attributes; if not we might have a text node */\n if (!attributes) {\n return;\n }\n\n const hookEvent = {\n attrName: '',\n attrValue: '',\n keepAttr: true,\n allowedAttributes: ALLOWED_ATTR,\n };\n l = attributes.length;\n\n /* Go backwards over all attributes; safely remove bad ones */\n while (l--) {\n attr = attributes[l];\n name = attr.name;\n value = attr.value.trim();\n lcName = name.toLowerCase();\n\n /* Execute a hook if present */\n hookEvent.attrName = lcName;\n hookEvent.attrValue = value;\n hookEvent.keepAttr = true;\n _executeHook('uponSanitizeAttribute', currentNode, hookEvent);\n value = hookEvent.attrValue;\n\n /* Remove attribute */\n // Safari (iOS + Mac), last tested v8.0.5, crashes if you try to\n // remove a \"name\" attribute from an <img> tag that has an \"id\"\n // attribute at the time.\n if (\n lcName === 'name' &&\n currentNode.nodeName === 'IMG' &&\n attributes.id\n ) {\n idAttr = attributes.id;\n attributes = Array.prototype.slice.apply(attributes);\n _removeAttribute('id', currentNode);\n _removeAttribute(name, currentNode);\n if (attributes.indexOf(idAttr) > l) {\n currentNode.setAttribute('id', idAttr.value);\n }\n } else if (\n // This works around a bug in Safari, where input[type=file]\n // cannot be dynamically set after type has been removed\n currentNode.nodeName === 'INPUT' &&\n lcName === 'type' &&\n value === 'file' &&\n (ALLOWED_ATTR[lcName] || !FORBID_ATTR[lcName])\n ) {\n continue;\n } else {\n // This avoids a crash in Safari v9.0 with double-ids.\n // The trick is to first set the id to be empty and then to\n // remove the attribute\n if (name === 'id') {\n currentNode.setAttribute(name, '');\n }\n _removeAttribute(name, currentNode);\n }\n\n /* Did the hooks approve of the attribute? */\n if (!hookEvent.keepAttr) {\n continue;\n }\n\n /* Make sure attribute cannot clobber */\n if (\n SANITIZE_DOM &&\n (lcName === 'id' || lcName === 'name') &&\n (value in document || value in formElement)\n ) {\n continue;\n }\n\n /* Sanitize attribute content to be template-safe */\n if (SAFE_FOR_TEMPLATES) {\n value = value.replace(MUSTACHE_EXPR, ' ');\n value = value.replace(ERB_EXPR, ' ');\n }\n\n /* Allow valid data-* attributes: At least one character after \"-\"\n (https://html.spec.whatwg.org/multipage/dom.html#embedding-custom-non-visible-data-with-the-data-*-attributes)\n XML-compatible (https://html.spec.whatwg.org/multipage/infrastructure.html#xml-compatible and http://www.w3.org/TR/xml/#d0e804)\n We don't need to check the value; it's always URI safe. */\n if (ALLOW_DATA_ATTR && DATA_ATTR.test(lcName)) {\n // This attribute is safe\n } else if (ALLOW_ARIA_ATTR && ARIA_ATTR.test(lcName)) {\n // This attribute is safe\n /* Otherwise, check the name is permitted */\n } else if (!ALLOWED_ATTR[lcName] || FORBID_ATTR[lcName]) {\n continue;\n\n /* Check value is safe. First, is attr inert? If so, is safe */\n } else if (URI_SAFE_ATTRIBUTES[lcName]) {\n // This attribute is safe\n /* Check no script, data or unknown possibly unsafe URI\n unless we know URI values are safe for that attribute */\n } else if (IS_ALLOWED_URI.test(value.replace(ATTR_WHITESPACE, ''))) {\n // This attribute is safe\n /* Keep image data URIs alive if src/xlink:href is allowed */\n } else if (\n (lcName === 'src' || lcName === 'xlink:href') &&\n value.indexOf('data:') === 0 &&\n DATA_URI_TAGS[currentNode.nodeName.toLowerCase()]\n ) {\n // This attribute is safe\n /* Allow unknown protocols: This provides support for links that\n are handled by protocol handlers which may be unknown ahead of\n time, e.g. fb:, spotify: */\n } else if (\n ALLOW_UNKNOWN_PROTOCOLS &&\n !IS_SCRIPT_OR_DATA.test(value.replace(ATTR_WHITESPACE, ''))\n ) {\n // This attribute is safe\n /* Check for binary attributes */\n // eslint-disable-next-line no-negated-condition\n } else if (!value) {\n // Binary attributes are safe at this point\n /* Anything else, presume unsafe, do not add it back */\n } else {\n continue;\n }\n\n /* Handle invalid data-* attribute set by try-catching it */\n try {\n currentNode.setAttribute(name, value);\n DOMPurify.removed.pop();\n } catch (err) {}\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeAttributes', currentNode, null);\n };\n\n /**\n * _sanitizeShadowDOM\n *\n * @param fragment to iterate over recursively\n * @return void\n */\n const _sanitizeShadowDOM = function(fragment) {\n let shadowNode;\n const shadowIterator = _createIterator(fragment);\n\n /* Execute a hook if present */\n _executeHook('beforeSanitizeShadowDOM', fragment, null);\n\n while ((shadowNode = shadowIterator.nextNode())) {\n /* Execute a hook if present */\n _executeHook('uponSanitizeShadowNode', shadowNode, null);\n\n /* Sanitize tags and elements */\n if (_sanitizeElements(shadowNode)) {\n continue;\n }\n\n /* Deep shadow DOM detected */\n if (shadowNode.content instanceof DocumentFragment) {\n _sanitizeShadowDOM(shadowNode.content);\n }\n\n /* Check attributes, sanitize if necessary */\n _sanitizeAttributes(shadowNode);\n }\n\n /* Execute a hook if present */\n _executeHook('afterSanitizeShadowDOM', fragment, null);\n };\n\n /**\n * Sanitize\n * Public method providing core sanitation functionality\n *\n * @param {String|Node} dirty string or DOM node\n * @param {Object} configuration object\n */\n // eslint-disable-next-line complexity\n DOMPurify.sanitize = function(dirty, cfg) {\n let body;\n let importedNode;\n let currentNode;\n let oldNode;\n let returnNode;\n /* Make sure we have a string to sanitize.\n DO NOT return early, as this will return the wrong type if\n the user has requested a DOM object rather than a string */\n if (!dirty) {\n dirty = '<!-->';\n }\n\n /* Stringify, in case dirty is an object */\n if (typeof dirty !== 'string' && !_isNode(dirty)) {\n // eslint-disable-next-line no-negated-condition\n if (typeof dirty.toString !== 'function') {\n throw new TypeError('toString is not a function');\n } else {\n dirty = dirty.toString();\n if (typeof dirty !== 'string') {\n throw new TypeError('dirty is not a string, aborting');\n }\n }\n }\n\n /* Check we can run. Otherwise fall back or ignore */\n if (!DOMPurify.isSupported) {\n if (\n typeof window.toStaticHTML === 'object' ||\n typeof window.toStaticHTML === 'function'\n ) {\n if (typeof dirty === 'string') {\n return window.toStaticHTML(dirty);\n } else if (_isNode(dirty)) {\n return window.toStaticHTML(dirty.outerHTML);\n }\n }\n return dirty;\n }\n\n /* Assign config vars */\n if (!SET_CONFIG) {\n _parseConfig(cfg);\n }\n\n /* Clean up removed elements */\n DOMPurify.removed = [];\n\n if (dirty instanceof Node) {\n /* If dirty is a DOM element, append to an empty document to avoid\n elements being stripped by the parser */\n body = _initDocument('<!-->');\n importedNode = body.ownerDocument.importNode(dirty, true);\n if (importedNode.nodeType === 1 && importedNode.nodeName === 'BODY') {\n /* Node is already a body, use as is */\n body = importedNode;\n } else {\n body.appendChild(importedNode);\n }\n } else {\n /* Exit directly if we have nothing to do */\n if (!RETURN_DOM && !WHOLE_DOCUMENT && dirty.indexOf('<') === -1) {\n return dirty;\n }\n\n /* Initialize the document to work on */\n body = _initDocument(dirty);\n\n /* Check we have a DOM node from the data */\n if (!body) {\n return RETURN_DOM ? null : '';\n }\n }\n\n /* Remove first element node (ours) if FORCE_BODY is set */\n if (FORCE_BODY) {\n _forceRemove(body.firstChild);\n }\n\n /* Get node iterator */\n const nodeIterator = _createIterator(body);\n\n /* Now start iterating over the created document */\n while ((currentNode = nodeIterator.nextNode())) {\n /* Fix IE's strange behavior with manipulated textNodes #89 */\n if (currentNode.nodeType === 3 && currentNode === oldNode) {\n continue;\n }\n\n /* Sanitize tags and elements */\n if (_sanitizeElements(currentNode)) {\n continue;\n }\n\n /* Shadow DOM detected, sanitize it */\n if (currentNode.content instanceof DocumentFragment) {\n _sanitizeShadowDOM(currentNode.content);\n }\n\n /* Check attributes, sanitize if necessary */\n _sanitizeAttributes(currentNode);\n\n oldNode = currentNode;\n }\n\n /* Return sanitized string or DOM */\n if (RETURN_DOM) {\n if (RETURN_DOM_FRAGMENT) {\n returnNode = createDocumentFragment.call(body.ownerDocument);\n\n while (body.firstChild) {\n returnNode.appendChild(body.firstChild);\n }\n } else {\n returnNode = body;\n }\n\n if (RETURN_DOM_IMPORT) {\n /* AdoptNode() is not used because internal state is not reset\n (e.g. the past names map of a HTMLFormElement), this is safe\n in theory but we would rather not risk another attack vector.\n The state that is cloned by importNode() is explicitly defined\n by the specs. */\n returnNode = importNode.call(originalDocument, returnNode, true);\n }\n\n return returnNode;\n }\n\n return WHOLE_DOCUMENT ? body.outerHTML : body.innerHTML;\n };\n\n /**\n * Public method to set the configuration once\n * setConfig\n *\n * @param {Object} configuration object\n * @return void\n */\n DOMPurify.setConfig = function(cfg) {\n _parseConfig(cfg);\n SET_CONFIG = true;\n };\n\n /**\n * Public method to remove the configuration\n * clearConfig\n *\n * @return void\n */\n DOMPurify.clearConfig = function() {\n CONFIG = null;\n SET_CONFIG = false;\n };\n\n /**\n * AddHook\n * Public method to add DOMPurify hooks\n *\n * @param {String} entryPoint\n * @param {Function} hookFunction\n */\n DOMPurify.addHook = function(entryPoint, hookFunction) {\n if (typeof hookFunction !== 'function') {\n return;\n }\n hooks[entryPoint] = hooks[entryPoint] || [];\n hooks[entryPoint].push(hookFunction);\n };\n\n /**\n * RemoveHook\n * Public method to remove a DOMPurify hook at a given entryPoint\n * (pops it from the stack of hooks if more are present)\n *\n * @param {String} entryPoint\n * @return void\n */\n DOMPurify.removeHook = function(entryPoint) {\n if (hooks[entryPoint]) {\n hooks[entryPoint].pop();\n }\n };\n\n /**\n * RemoveHooks\n * Public method to remove all DOMPurify hooks at a given entryPoint\n *\n * @param {String} entryPoint\n * @return void\n */\n DOMPurify.removeHooks = function(entryPoint) {\n if (hooks[entryPoint]) {\n hooks[entryPoint] = [];\n }\n };\n\n /**\n * RemoveAllHooks\n * Public method to remove all DOMPurify hooks\n *\n * @return void\n */\n DOMPurify.removeAllHooks = function() {\n hooks = {};\n };\n\n return DOMPurify;\n}\n\nexport default createDOMPurify();\n","export const html = [\n 'a',\n 'abbr',\n 'acronym',\n 'address',\n 'area',\n 'article',\n 'aside',\n 'audio',\n 'b',\n 'bdi',\n 'bdo',\n 'big',\n 'blink',\n 'blockquote',\n 'body',\n 'br',\n 'button',\n 'canvas',\n 'caption',\n 'center',\n 'cite',\n 'code',\n 'col',\n 'colgroup',\n 'content',\n 'data',\n 'datalist',\n 'dd',\n 'decorator',\n 'del',\n 'details',\n 'dfn',\n 'dir',\n 'div',\n 'dl',\n 'dt',\n 'element',\n 'em',\n 'fieldset',\n 'figcaption',\n 'figure',\n 'font',\n 'footer',\n 'form',\n 'h1',\n 'h2',\n 'h3',\n 'h4',\n 'h5',\n 'h6',\n 'head',\n 'header',\n 'hgroup',\n 'hr',\n 'html',\n 'i',\n 'img',\n 'input',\n 'ins',\n 'kbd',\n 'label',\n 'legend',\n 'li',\n 'main',\n 'map',\n 'mark',\n 'marquee',\n 'menu',\n 'menuitem',\n 'meter',\n 'nav',\n 'nobr',\n 'ol',\n 'optgroup',\n 'option',\n 'output',\n 'p',\n 'pre',\n 'progress',\n 'q',\n 'rp',\n 'rt',\n 'ruby',\n 's',\n 'samp',\n 'section',\n 'select',\n 'shadow',\n 'small',\n 'source',\n 'spacer',\n 'span',\n 'strike',\n 'strong',\n 'style',\n 'sub',\n 'summary',\n 'sup',\n 'table',\n 'tbody',\n 'td',\n 'template',\n 'textarea',\n 'tfoot',\n 'th',\n 'thead',\n 'time',\n 'tr',\n 'track',\n 'tt',\n 'u',\n 'ul',\n 'var',\n 'video',\n 'wbr',\n];\n\n// SVG\nexport const svg = [\n 'svg',\n 'a',\n 'altglyph',\n 'altglyphdef',\n 'altglyphitem',\n 'animatecolor',\n 'animatemotion',\n 'animatetransform',\n 'audio',\n 'canvas',\n 'circle',\n 'clippath',\n 'defs',\n 'desc',\n 'ellipse',\n 'filter',\n 'font',\n 'g',\n 'glyph',\n 'glyphref',\n 'hkern',\n 'image',\n 'line',\n 'lineargradient',\n 'marker',\n 'mask',\n 'metadata',\n 'mpath',\n 'path',\n 'pattern',\n 'polygon',\n 'polyline',\n 'radialgradient',\n 'rect',\n 'stop',\n 'style',\n 'switch',\n 'symbol',\n 'text',\n 'textpath',\n 'title',\n 'tref',\n 'tspan',\n 'video',\n 'view',\n 'vkern',\n];\n\nexport const svgFilters = [\n 'feBlend',\n 'feColorMatrix',\n 'feComponentTransfer',\n 'feComposite',\n 'feConvolveMatrix',\n 'feDiffuseLighting',\n 'feDisplacementMap',\n 'feDistantLight',\n 'feFlood',\n 'feFuncA',\n 'feFuncB',\n 'feFuncG',\n 'feFuncR',\n 'feGaussianBlur',\n 'feMerge',\n 'feMergeNode',\n 'feMorphology',\n 'feOffset',\n 'fePointLight',\n 'feSpecularLighting',\n 'feSpotLight',\n 'feTile',\n 'feTurbulence',\n];\n\nexport const mathMl = [\n 'math',\n 'menclose',\n 'merror',\n 'mfenced',\n 'mfrac',\n 'mglyph',\n 'mi',\n 'mlabeledtr',\n 'mmuliscripts',\n 'mn',\n 'mo',\n 'mover',\n 'mpadded',\n 'mphantom',\n 'mroot',\n 'mrow',\n 'ms',\n 'mpspace',\n 'msqrt',\n 'mystyle',\n 'msub',\n 'msup',\n 'msubsup',\n 'mtable',\n 'mtd',\n 'mtext',\n 'mtr',\n 'munder',\n 'munderover',\n];\n\nexport const text = ['#text'];\n","export const html = [\n 'accept',\n 'action',\n 'align',\n 'alt',\n 'autocomplete',\n 'background',\n 'bgcolor',\n 'border',\n 'cellpadding',\n 'cellspacing',\n 'checked',\n 'cite',\n 'class',\n 'clear',\n 'color',\n 'cols',\n 'colspan',\n 'coords',\n 'crossorigin',\n 'datetime',\n 'default',\n 'dir',\n 'disabled',\n 'download',\n 'enctype',\n 'face',\n 'for',\n 'headers',\n 'height',\n 'hidden',\n 'high',\n 'href',\n 'hreflang',\n 'id',\n 'integrity',\n 'ismap',\n 'label',\n 'lang',\n 'list',\n 'loop',\n 'low',\n 'max',\n 'maxlength',\n 'media',\n 'method',\n 'min',\n 'multiple',\n 'name',\n 'noshade',\n 'novalidate',\n 'nowrap',\n 'open',\n 'optimum',\n 'pattern',\n 'placeholder',\n 'poster',\n 'preload',\n 'pubdate',\n 'radiogroup',\n 'readonly',\n 'rel',\n 'required',\n 'rev',\n 'reversed',\n 'role',\n 'rows',\n 'rowspan',\n 'spellcheck',\n 'scope',\n 'selected',\n 'shape',\n 'size',\n 'sizes',\n 'span',\n 'srclang',\n 'start',\n 'src',\n 'srcset',\n 'step',\n 'style',\n 'summary',\n 'tabindex',\n 'title',\n 'type',\n 'usemap',\n 'valign',\n 'value',\n 'width',\n 'xmlns',\n];\n\nexport const svg = [\n 'accent-height',\n 'accumulate',\n 'additivive',\n 'alignment-baseline',\n 'ascent',\n 'attributename',\n 'attributetype',\n 'azimuth',\n 'basefrequency',\n 'baseline-shift',\n 'begin',\n 'bias',\n 'by',\n 'class',\n 'clip',\n 'clip-path',\n 'clip-rule',\n 'color',\n 'color-interpolation',\n 'color-interpolation-filters',\n 'color-profile',\n 'color-rendering',\n 'cx',\n 'cy',\n 'd',\n 'dx',\n 'dy',\n 'diffuseconstant',\n 'direction',\n 'display',\n 'divisor',\n 'dur',\n 'edgemode',\n 'elevation',\n 'end',\n 'fill',\n 'fill-opacity',\n 'fill-rule',\n 'filter',\n 'flood-color',\n 'flood-opacity',\n 'font-family',\n 'font-size',\n 'font-size-adjust',\n 'font-stretch',\n 'font-style',\n 'font-variant',\n 'font-weight',\n 'fx',\n 'fy',\n 'g1',\n 'g2',\n 'glyph-name',\n 'glyphref',\n 'gradientunits',\n 'gradienttransform',\n 'height',\n 'href',\n 'id',\n 'image-rendering',\n 'in',\n 'in2',\n 'k',\n 'k1',\n 'k2',\n 'k3',\n 'k4',\n 'kerning',\n 'keypoints',\n 'keysplines',\n 'keytimes',\n 'lang',\n 'lengthadjust',\n 'letter-spacing',\n 'kernelmatrix',\n 'kernelunitlength',\n 'lighting-color',\n 'local',\n 'marker-end',\n 'marker-mid',\n 'marker-start',\n 'markerheight',\n 'markerunits',\n 'markerwidth',\n 'maskcontentunits',\n 'maskunits',\n 'max',\n 'mask',\n 'media',\n 'method',\n 'mode',\n 'min',\n 'name',\n 'numoctaves',\n 'offset',\n 'operator',\n 'opacity',\n 'order',\n 'orient',\n 'orientation',\n 'origin',\n 'overflow',\n 'paint-order',\n 'path',\n 'pathlength',\n 'patterncontentunits',\n 'patterntransform',\n 'patternunits',\n 'points',\n 'preservealpha',\n 'preserveaspectratio',\n 'r',\n 'rx',\n 'ry',\n 'radius',\n 'refx',\n 'refy',\n 'repeatcount',\n 'repeatdur',\n 'restart',\n 'result',\n 'rotate',\n 'scale',\n 'seed',\n 'shape-rendering',\n 'specularconstant',\n 'specularexponent',\n 'spreadmethod',\n 'stddeviation',\n 'stitchtiles',\n 'stop-color',\n 'stop-opacity',\n 'stroke-dasharray',\n 'stroke-dashoffset',\n 'stroke-linecap',\n 'stroke-linejoin',\n 'stroke-miterlimit',\n 'stroke-opacity',\n 'stroke',\n 'stroke-width',\n 'style',\n 'surfacescale',\n 'tabindex',\n 'targetx',\n 'targety',\n 'transform',\n 'text-anchor',\n 'text-decoration',\n 'text-rendering',\n 'textlength',\n 'type',\n 'u1',\n 'u2',\n 'unicode',\n 'values',\n 'viewbox',\n 'visibility',\n 'vert-adv-y',\n 'vert-origin-x',\n 'vert-origin-y',\n 'width',\n 'word-spacing',\n 'wrap',\n 'writing-mode',\n 'xchannelselector',\n 'ychannelselector',\n 'x',\n 'x1',\n 'x2',\n 'xmlns',\n 'y',\n 'y1',\n 'y2',\n 'z',\n 'zoomandpan',\n];\n\nexport const mathMl = [\n 'accent',\n 'accentunder',\n 'align',\n 'bevelled',\n 'close',\n 'columnsalign',\n 'columnlines',\n 'columnspan',\n 'denomalign',\n 'depth',\n 'dir',\n 'display',\n 'displaystyle',\n 'fence',\n 'frame',\n 'height',\n 'href',\n 'id',\n 'largeop',\n 'length',\n 'linethickness',\n 'lspace',\n 'lquote',\n 'mathbackground',\n 'mathcolor',\n 'mathsize',\n 'mathvariant',\n 'maxsize',\n 'minsize',\n 'movablelimits',\n 'notation',\n 'numalign',\n 'open',\n 'rowalign',\n 'rowlines',\n 'rowspacing',\n 'rowspan',\n 'rspace',\n 'rquote',\n 'scriptlevel',\n 'scriptminsize',\n 'scriptsizemultiplier',\n 'selection',\n 'separator',\n 'separators',\n 'stretchy',\n 'subscriptshift',\n 'supscriptshift',\n 'symmetric',\n 'voffset',\n 'width',\n 'xmlns',\n];\n\nexport const xml = [\n 'xlink:href',\n 'xml:id',\n 'xlink:title',\n 'xml:space',\n 'xmlns:xlink',\n];\n","export const MUSTACHE_EXPR = /\\{\\{[\\s\\S]*|[\\s\\S]*\\}\\}/gm; // Specify template detection regex for SAFE_FOR_TEMPLATES mode\nexport const ERB_EXPR = /<%[\\s\\S]*|[\\s\\S]*%>/gm;\nexport const DATA_ATTR = /^data-[\\-\\w.\\u00B7-\\uFFFF]/; // eslint-disable-line no-useless-escape\nexport const ARIA_ATTR = /^aria-[\\-\\w]+$/; // eslint-disable-line no-useless-escape\nexport const IS_ALLOWED_URI = /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\\-]+(?:[^a-z+.\\-:]|$))/i; // eslint-disable-line no-useless-escape\nexport const IS_SCRIPT_OR_DATA = /^(?:\\w+script|data):/i;\nexport const ATTR_WHITESPACE = /[\\u0000-\\u0020\\u00A0\\u1680\\u180E\\u2000-\\u2029\\u205f\\u3000]/g; // This needs to be extensive thanks to Webkit/Blink's behavior\n"],"names":["addToSet","set","array","l","length","toLowerCase","clone","object","newObject","property","Object","prototype","hasOwnProperty","call","createDOMPurify","window","getGlobal","DOMPurify","root","version","VERSION","removed","document","nodeType","isSupported","originalDocument","useDOMParser","useXHR","DocumentFragment","HTMLTemplateElement","Node","NodeFilter","NamedNodeMap","MozNamedAttrMap","Text","Comment","DOMParser","XMLHttpRequest","encodeURI","template","createElement","content","ownerDocument","implementation","createNodeIterator","getElementsByTagName","createDocumentFragment","importNode","hooks","createHTMLDocument","documentMode","MUSTACHE_EXPR","EXPRESSIONS","ERB_EXPR","DATA_ATTR","ARIA_ATTR","IS_SCRIPT_OR_DATA","ATTR_WHITESPACE","IS_ALLOWED_URI","ALLOWED_TAGS","DEFAULT_ALLOWED_TAGS","TAGS","ALLOWED_ATTR","DEFAULT_ALLOWED_ATTR","ATTRS","FORBID_TAGS","FORBID_ATTR","ALLOW_ARIA_ATTR","ALLOW_DATA_ATTR","ALLOW_UNKNOWN_PROTOCOLS","SAFE_FOR_JQUERY","SAFE_FOR_TEMPLATES","WHOLE_DOCUMENT","SET_CONFIG","FORCE_BODY","RETURN_DOM","RETURN_DOM_FRAGMENT","RETURN_DOM_IMPORT","SANITIZE_DOM","KEEP_CONTENT","USE_PROFILES","FORBID_CONTENTS","DATA_URI_TAGS","URI_SAFE_ATTRIBUTES","CONFIG","formElement","_parseConfig","cfg","ALLOWED_URI_REGEXP","html","svg","svgFilters","mathMl","ADD_TAGS","ADD_ATTR","ADD_URI_SAFE_ATTR","freeze","_forceRemove","node","push","element","parentNode","removeChild","err","outerHTML","_removeAttribute","name","getAttributeNode","removeAttribute","_initDocument","dirty","doc","body","xhr","responseType","open","send","response","parseFromString","documentElement","firstElementChild","querySelector","_createIterator","SHOW_ELEMENT","SHOW_COMMENT","SHOW_TEXT","FILTER_ACCEPT","_isClobbered","elm","nodeName","textContent","attributes","setAttribute","_isNode","obj","_executeHook","entryPoint","currentNode","data","forEach","_sanitizeElements","tagName","insertAdjacentHTML","innerHTML","test","cloneNode","replace","_sanitizeAttributes","attr","value","lcName","idAttr","hookEvent","trim","attrName","attrValue","keepAttr","id","Array","slice","apply","indexOf","pop","_sanitizeShadowDOM","fragment","shadowNode","shadowIterator","nextNode","sanitize","importedNode","oldNode","returnNode","toString","TypeError","_typeof","toStaticHTML","appendChild","firstChild","nodeIterator","setConfig","clearConfig","addHook","hookFunction","removeHook","removeHooks","removeAllHooks","text","xml"],"mappings":"qLACA,SAAgBA,EAASC,EAAKC,WACxBC,EAAID,EAAME,OACPD,KACmB,iBAAbD,EAAMC,OACTA,GAAKD,EAAMC,GAAGE,iBAElBH,EAAMC,KAAM,SAEXF,EAIT,SAAgBK,EAAMC,OACdC,KACFC,aACCA,KAAYF,EACXG,OAAOC,UAAUC,eAAeC,KAAKN,EAAQE,OACrCA,GAAYF,EAAOE,WAG1BD,0HCdT,SAASM,QAAgBC,yDAASC,IAC1BC,EAAY,mBAAQH,EAAgBI,SAMhCC,QAAUC,UAMVC,YAELN,IAAWA,EAAOO,UAAyC,IAA7BP,EAAOO,SAASC,kBAGvCC,aAAc,EAEjBP,MAGHQ,EAAmBV,EAAOO,SAC5BI,GAAe,EACfC,GAAS,EAETL,EAAWP,EAAOO,SAEpBM,EAUEb,EAVFa,iBACAC,EASEd,EATFc,oBACAC,EAQEf,EARFe,KACAC,EAOEhB,EAPFgB,aAOEhB,EANFiB,aAAAA,aAAejB,EAAOiB,cAAgBjB,EAAOkB,kBAC7CC,EAKEnB,EALFmB,KACAC,EAIEpB,EAJFoB,QACAC,EAGErB,EAHFqB,YAGErB,EAFFsB,eAAAA,aAAiBtB,EAAOsB,mBAEtBtB,EADFuB,UAAAA,aAAYvB,EAAOuB,eASc,mBAAxBT,EAAoC,KACvCU,EAAWjB,EAASkB,cAAc,YACpCD,EAASE,SAAWF,EAASE,QAAQC,kBAC5BH,EAASE,QAAQC,qBAS5BpB,EAJFqB,IAAAA,eACAC,IAAAA,mBACAC,IAAAA,qBACAC,IAAAA,uBAEIC,EAAatB,EAAiBsB,WAEhCC,OAKMxB,YACRmB,QAC6C,IAAtCA,EAAeM,oBACI,IAA1B3B,EAAS4B,iBAGTC,EAMEC,EALFC,EAKED,EAJFE,EAIEF,EAHFG,EAGEH,EAFFI,EAEEJ,EADFK,GACEL,EAEAM,GAAiBN,EAOjBO,GAAe,KACbC,GAAuB5D,iBACxB6D,KACAA,KACAA,KACAA,KACAA,KAIDC,GAAe,KACbC,GAAuB/D,iBACxBgE,KACAA,KACAA,KACAA,KAIDC,GAAc,KAGdC,GAAc,KAGdC,IAAkB,EAGlBC,IAAkB,EAGlBC,IAA0B,EAG1BC,IAAkB,EAKlBC,IAAqB,EAGrBC,IAAiB,EAGjBC,IAAa,EAIbC,IAAa,EAKbC,IAAa,EAGbC,IAAsB,EAMtBC,IAAoB,EAGpBC,IAAe,EAGfC,IAAe,EAGfC,MAGEC,GAAkBjF,MACtB,QACA,OACA,OACA,SACA,QACA,WACA,MACA,UAIIkF,GAAgBlF,MACpB,QACA,QACA,MACA,SACA,UAIImF,GAAsBnF,MAC1B,MACA,QACA,MACA,KACA,QACA,OACA,UACA,cACA,UACA,QACA,QACA,QACA,UAIEoF,GAAS,KAKPC,GAAc/D,EAASkB,cAAc,QAQrC8C,GAAe,SAASC,GAET,qBAARA,gBAAAA,eAKT,iBAAkBA,EACdvF,KAAauF,EAAI5B,cACjBC,MAEJ,iBAAkB2B,EACdvF,KAAauF,EAAIzB,cACjBC,MACQ,gBAAiBwB,EAAMvF,KAAauF,EAAItB,mBACxC,gBAAiBsB,EAAMvF,KAAauF,EAAIrB,mBACvC,iBAAkBqB,GAAMA,EAAIP,iBACD,IAAxBO,EAAIpB,oBACoB,IAAxBoB,EAAInB,mBACImB,EAAIlB,0BAA2B,KACvCkB,EAAIjB,kBAAmB,KACpBiB,EAAIhB,qBAAsB,KAC9BgB,EAAIf,iBAAkB,KAC1Be,EAAIZ,aAAc,KACTY,EAAIX,sBAAuB,KAC7BW,EAAIV,oBAAqB,KAChCU,EAAIb,aAAc,MACK,IAArBa,EAAIT,iBACiB,IAArBS,EAAIR,gBAEFQ,EAAIC,oBAAsB9B,GAEvCa,SACgB,GAGhBK,SACW,GAIXI,QACahF,iBAAiB6D,YAEN,IAAtBmB,GAAaS,SACN9B,GAAcE,KACdC,GAAcE,KAEA,IAArBgB,GAAaU,QACN/B,GAAcE,KACdC,GAAcE,KACdF,GAAcE,KAEO,IAA5BgB,GAAaW,eACNhC,GAAcE,KACdC,GAAcE,KACdF,GAAcE,KAEG,IAAxBgB,GAAaY,WACNjC,GAAcE,KACdC,GAAcE,KACdF,GAAcE,KAKvBuB,EAAIM,WACFlC,KAAiBC,QACJtD,EAAMqD,OAEdA,GAAc4B,EAAIM,WAEzBN,EAAIO,WACFhC,KAAiBC,QACJzD,EAAMwD,OAEdA,GAAcyB,EAAIO,WAEzBP,EAAIQ,qBACGZ,GAAqBI,EAAIQ,mBAIhChB,QACW,UAAW,GAKtBrE,QAAU,WAAYA,eACjBsF,OAAOT,MAGPA,GAQLU,GAAe,SAASC,KAClB7E,QAAQ8E,MAAOC,QAASF,UAE3BG,WAAWC,YAAYJ,GAC5B,MAAOK,KACFC,UAAY,KAUfC,GAAmB,SAASC,EAAMR,SAE1B7E,QAAQ8E,gBACLD,EAAKS,iBAAiBD,QAC3BR,IAER,MAAOK,KACGlF,QAAQ8E,gBACL,UACLD,MAGLU,gBAAgBF,IASjBG,GAAgB,SAASC,OAEzBC,SACAC,YAEAtC,OACM,oBAAsBoC,GAI5BnF,EAAQ,OAEAW,EAAUwE,GAClB,MAAOP,QACHU,EAAM,IAAI5E,IACZ6E,aAAe,aACfC,KAAK,MAAO,gCAAkCL,GAAO,KACrDM,KAAK,QACHH,EAAII,YAIR3F,SAEM,IAAIU,GAAYkF,gBAAgBR,EAAO,aAC7C,MAAOP,WAKNQ,GAAQA,EAAIQ,wBACT5E,EAAeM,mBAAmB,KAC7B+D,MACNX,WAAWC,YAAYU,EAAKX,WAAWmB,qBACvChB,UAAYM,GAIZjE,EAAqBhC,KAAKkG,EAAKvC,GAAiB,OAAS,QAAQ,IAqBtEvD,EAAUO,4BAENuF,EAAMF,GACR,wDAEGE,EAAIU,cAAc,YACZ,UAGHZ,GACJ,qEAEMY,cAAc,gBACL,GAEjB,MAAOlB,YAUPmB,GAAkB,SAASxG,UACxB0B,EAAmB/B,KACxBK,EAAKwB,eAAiBxB,EACtBA,EACAa,EAAW4F,aAAe5F,EAAW6F,aAAe7F,EAAW8F,UAC/D,kBACS9F,EAAW+F,gBAEpB,IAUEC,GAAe,SAASC,WACxBA,aAAe9F,GAAQ8F,aAAe7F,MAIhB,iBAAjB6F,EAAIC,UACgB,iBAApBD,EAAIE,aACgB,mBAApBF,EAAI1B,aACT0B,EAAIG,sBAAsBnG,GACG,mBAAxBgG,EAAIpB,iBACiB,mBAArBoB,EAAII,eAaTC,GAAU,SAASC,SACA,qBAATxG,gBAAAA,IACVwG,aAAexG,EACfwG,GACiB,qBAARA,gBAAAA,KACiB,iBAAjBA,EAAI/G,UACa,iBAAjB+G,EAAIL,UAUbM,GAAe,SAASC,EAAYC,EAAaC,GAChD1F,EAAMwF,MAILA,GAAYG,QAAQ,cACnB9H,KAAKI,EAAWwH,EAAaC,EAAMtD,OActCwD,GAAoB,SAASH,OAC7BhG,eAGS,yBAA0BgG,EAAa,MAGhDV,GAAaU,aACFA,IACN,MAIHI,EAAUJ,EAAYR,SAAS5H,oBAGxB,sBAAuBoI,yBAErB9E,MAIVA,GAAakF,IAAY5E,GAAY4E,GAAU,IAGhD9D,KACCE,GAAgB4D,IACyB,mBAAnCJ,EAAYK,yBAGLA,mBAAmB,WAAYL,EAAYM,WACvD,MAAOxC,cAEEkC,IACN,SAKPnE,IACCmE,EAAYjB,mBACXiB,EAAYhG,SAAYgG,EAAYhG,QAAQ+E,oBAC9C,KAAKwB,KAAKP,EAAYP,iBAEZ7G,QAAQ8E,MAAOC,QAASqC,EAAYQ,gBAClCF,UAAYN,EAAYP,YAAYgB,QAAQ,KAAM,SAI5D3E,IAA+C,IAAzBkE,EAAYlH,mBAE1BkH,EAAYP,aACJgB,QAAQ/F,EAAe,MACvB+F,QAAQ7F,EAAU,KAChCoF,EAAYP,cAAgBzF,MACpBpB,QAAQ8E,MAAOC,QAASqC,EAAYQ,gBAClCf,YAAczF,OAKjB,wBAAyBgG,EAAa,OAE5C,GAeHU,GAAsB,SAASV,OAC/BW,SACA1C,SACA2C,SACAC,SACAC,SACApB,SACAhI,eAES,2BAA4BsI,EAAa,QAEzCA,EAAYN,gBAOnBqB,YACM,aACC,aACD,oBACS1F,UAEjBqE,EAAW/H,OAGRD,KAAK,MACHgI,EAAWhI,KACXiJ,EAAK1C,OACJ0C,EAAKC,MAAMI,SACV/C,EAAKrG,gBAGJqJ,SAAWJ,IACXK,UAAYN,IACZO,UAAW,KACR,wBAAyBnB,EAAae,KAC3CA,EAAUG,UAOL,SAAXL,GACyB,QAAzBb,EAAYR,UACZE,EAAW0B,KAEF1B,EAAW0B,KACPC,MAAMnJ,UAAUoJ,MAAMC,MAAM7B,MACxB,KAAMM,MACN/B,EAAM+B,GACnBN,EAAW8B,QAAQV,GAAUpJ,KACnBiI,aAAa,KAAMmB,EAAOF,WAEnC,CAAA,GAGoB,YAAbpB,UACD,SAAXqB,GACU,SAAVD,IACCvF,GAAawF,KAAYpF,GAAYoF,aAOzB,OAAT5C,KACU0B,aAAa1B,EAAM,OAEhBA,EAAM+B,MAIpBe,EAAUI,YAMb9E,IACY,OAAXwE,GAA8B,SAAXA,KACnBD,KAAS/H,GAAY+H,KAAShE,SAM7Bd,UACM8E,EAAMH,QAAQ/F,EAAe,MACvB+F,QAAQ7F,EAAU,MAO9Be,IAAmBd,EAAU0F,KAAKM,SAE/B,GAAInF,IAAmBZ,EAAUyF,KAAKM,QAGtC,CAAA,IAAKxF,GAAawF,IAAWpF,GAAYoF,YAIzC,GAAInE,GAAoBmE,SAIxB,GAAI5F,GAAesF,KAAKK,EAAMH,QAAQzF,GAAiB,WAGvD,GACO,QAAX6F,GAA+B,eAAXA,GACM,IAA3BD,EAAMY,QAAQ,WACd/E,GAAcuD,EAAYR,SAAS5H,gBAM9B,GACLgE,KACCb,EAAkBwF,KAAKK,EAAMH,QAAQzF,GAAiB,WAKlD,GAAK4F,uBASEjB,aAAa1B,EAAM2C,KACrBhI,QAAQ6I,MAClB,MAAO3D,SAIE,0BAA2BkC,EAAa,QASjD0B,GAAqB,SAArBA,EAA8BC,OAC9BC,SACEC,EAAiB5C,GAAgB0C,UAG1B,0BAA2BA,EAAU,MAE1CC,EAAaC,EAAeC,eAErB,yBAA0BF,EAAY,MAG/CzB,GAAkByB,KAKlBA,EAAW5H,mBAAmBb,KACbyI,EAAW5H,YAIZ4H,OAIT,yBAA0BD,EAAU,gBAWzCI,SAAW,SAAS1D,EAAOvB,OAC/ByB,SACAyD,SACAhC,SACAiC,SACAC,YAIC7D,MACK,eAIW,iBAAVA,IAAuBuB,GAAQvB,GAAQ,IAElB,mBAAnBA,EAAM8D,eACT,IAAIC,UAAU,iCAGC,mBADb/D,EAAM8D,kBAEN,IAAIC,UAAU,uCAMrB5J,EAAUO,YAAa,IAEO,WAA/BsJ,EAAO/J,EAAOgK,eACiB,mBAAxBhK,EAAOgK,aACd,IACqB,iBAAVjE,SACF/F,EAAOgK,aAAajE,GACtB,GAAIuB,GAAQvB,UACV/F,EAAOgK,aAAajE,EAAMN,kBAG9BM,KAIJrC,OACUc,KAILlE,WAENyF,aAAiBhF,EAKW,UAFvB+E,GAAc,gBACDnE,cAAcK,WAAW+D,GAAO,IACnCvF,UAA4C,SAA1BkJ,EAAaxC,WAEvCwC,IAEFO,YAAYP,OAEd,KAEA9F,KAAeH,KAA0C,IAAxBsC,EAAMmD,QAAQ,YAC3CnD,SAIFD,GAAcC,WAIZnC,GAAa,KAAO,GAK3BD,OACWsC,EAAKiE,oBAIdC,EAAexD,GAAgBV,GAG7ByB,EAAcyC,EAAaX,YAEJ,IAAzB9B,EAAYlH,UAAkBkH,IAAgBiC,GAK9C9B,GAAkBH,KAKlBA,EAAYhG,mBAAmBb,MACd6G,EAAYhG,YAIbgG,KAEVA,MAIR9D,GAAY,IACVC,SACW9B,EAAuBjC,KAAKmG,EAAKtE,eAEvCsE,EAAKiE,cACCD,YAAYhE,EAAKiE,mBAGjBjE,SAGXnC,OAMW9B,EAAWlC,KAAKY,EAAkBkJ,GAAY,IAGtDA,SAGFnG,GAAiBwC,EAAKR,UAAYQ,EAAK+B,aAUtCoC,UAAY,SAAS5F,MAChBA,OACA,KASL6F,YAAc,cACb,SACI,KAULC,QAAU,SAAS7C,EAAY8C,GACX,mBAAjBA,MAGL9C,GAAcxF,EAAMwF,SACpBA,GAAYrC,KAAKmF,OAWfC,WAAa,SAAS/C,GAC1BxF,EAAMwF,MACFA,GAAY0B,SAWZsB,YAAc,SAAShD,GAC3BxF,EAAMwF,OACFA,UAUAiD,eAAiB,iBAIpBxK,ECr+BF,IAAMwE,GACX,IACA,OACA,UACA,UACA,OACA,UACA,QACA,QACA,IACA,MACA,MACA,MACA,QACA,aACA,OACA,KACA,SACA,SACA,UACA,SACA,OACA,OACA,MACA,WACA,UACA,OACA,WACA,KACA,YACA,MACA,UACA,MACA,MACA,MACA,KACA,KACA,UACA,KACA,WACA,aACA,SACA,OACA,SACA,OACA,KACA,KACA,KACA,KACA,KACA,KACA,OACA,SACA,SACA,KACA,OACA,IACA,MACA,QACA,MACA,MACA,QACA,SACA,KACA,OACA,MACA,OACA,UACA,OACA,WACA,QACA,MACA,OACA,KACA,WACA,SACA,SACA,IACA,MACA,WACA,IACA,KACA,KACA,OACA,IACA,OACA,UACA,SACA,SACA,QACA,SACA,SACA,OACA,SACA,SACA,QACA,MACA,UACA,MACA,QACA,QACA,KACA,WACA,WACA,QACA,KACA,QACA,OACA,KACA,QACA,KACA,IACA,KACA,MACA,QACA,OAIWC,GACX,MACA,IACA,WACA,cACA,eACA,eACA,gBACA,mBACA,QACA,SACA,SACA,WACA,OACA,OACA,UACA,SACA,OACA,IACA,QACA,WACA,QACA,QACA,OACA,iBACA,SACA,OACA,WACA,QACA,OACA,UACA,UACA,WACA,iBACA,OACA,OACA,QACA,SACA,SACA,OACA,WACA,QACA,OACA,QACA,QACA,OACA,SAGWC,GACX,UACA,gBACA,sBACA,cACA,mBACA,oBACA,oBACA,iBACA,UACA,UACA,UACA,UACA,UACA,iBACA,UACA,cACA,eACA,WACA,eACA,qBACA,cACA,SACA,gBAGWC,GACX,OACA,WACA,SACA,UACA,QACA,SACA,KACA,aACA,eACA,KACA,KACA,QACA,UACA,WACA,QACA,OACA,KACA,UACA,QACA,UACA,OACA,OACA,UACA,SACA,MACA,QACA,MACA,SACA,cAGW8F,GAAQ,SClORjG,GACX,SACA,SACA,QACA,MACA,eACA,aACA,UACA,SACA,cACA,cACA,UACA,OACA,QACA,QACA,QACA,OACA,UACA,SACA,cACA,WACA,UACA,MACA,WACA,WACA,UACA,OACA,MACA,UACA,SACA,SACA,OACA,OACA,WACA,KACA,YACA,QACA,QACA,OACA,OACA,OACA,MACA,MACA,YACA,QACA,SACA,MACA,WACA,OACA,UACA,aACA,SACA,OACA,UACA,UACA,cACA,SACA,UACA,UACA,aACA,WACA,MACA,WACA,MACA,WACA,OACA,OACA,UACA,aACA,QACA,WACA,QACA,OACA,QACA,OACA,UACA,QACA,MACA,SACA,OACA,QACA,UACA,WACA,QACA,OACA,SACA,SACA,QACA,QACA,SAGWC,GACX,gBACA,aACA,aACA,qBACA,SACA,gBACA,gBACA,UACA,gBACA,iBACA,QACA,OACA,KACA,QACA,OACA,YACA,YACA,QACA,sBACA,8BACA,gBACA,kBACA,KACA,KACA,IACA,KACA,KACA,kBACA,YACA,UACA,UACA,MACA,WACA,YACA,MACA,OACA,eACA,YACA,SACA,cACA,gBACA,cACA,YACA,mBACA,eACA,aACA,eACA,cACA,KACA,KACA,KACA,KACA,aACA,WACA,gBACA,oBACA,SACA,OACA,KACA,kBACA,KACA,MACA,IACA,KACA,KACA,KACA,KACA,UACA,YACA,aACA,WACA,OACA,eACA,iBACA,eACA,mBACA,iBACA,QACA,aACA,aACA,eACA,eACA,cACA,cACA,mBACA,YACA,MACA,OACA,QACA,SACA,OACA,MACA,OACA,aACA,SACA,WACA,UACA,QACA,SACA,cACA,SACA,WACA,cACA,OACA,aACA,sBACA,mBACA,eACA,SACA,gBACA,sBACA,IACA,KACA,KACA,SACA,OACA,OACA,cACA,YACA,UACA,SACA,SACA,QACA,OACA,kBACA,mBACA,mBACA,eACA,eACA,cACA,aACA,eACA,mBACA,oBACA,iBACA,kBACA,oBACA,iBACA,SACA,eACA,QACA,eACA,WACA,UACA,UACA,YACA,cACA,kBACA,iBACA,aACA,OACA,KACA,KACA,UACA,SACA,UACA,aACA,aACA,gBACA,gBACA,QACA,eACA,OACA,eACA,mBACA,mBACA,IACA,KACA,KACA,QACA,IACA,KACA,KACA,IACA,cAGWE,GACX,SACA,cACA,QACA,WACA,QACA,eACA,cACA,aACA,aACA,QACA,MACA,UACA,eACA,QACA,QACA,SACA,OACA,KACA,UACA,SACA,gBACA,SACA,SACA,iBACA,YACA,WACA,cACA,UACA,UACA,gBACA,WACA,WACA,OACA,WACA,WACA,aACA,UACA,SACA,SACA,cACA,gBACA,uBACA,YACA,YACA,aACA,WACA,iBACA,iBACA,YACA,UACA,QACA,SAGW+F,GACX,aACA,SACA,cACA,YACA,eC1UWxI,EAAgB,4BAChBE,EAAW,wBACXC,EAAY,6BACZC,EAAY,iBACZG,EAAiB,wFACjBF,EAAoB,wBACpBC,EAAkB,0QHDzBzC,EAAY,iBAAyB,oBAAXD,OAAyB,KAAOA,eAm+BjDD"} |