| 1 | (function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){
|
| 2 | |
| 3 | |
| 4 | |
| 5 | |
| 6 |
|
| 7 |
|
| 8 | var FilterCSS = require("cssfilter").FilterCSS;
|
| 9 | var getDefaultCSSWhiteList = require("cssfilter").getDefaultWhiteList;
|
| 10 | var _ = require("./util");
|
| 11 |
|
| 12 | function getDefaultWhiteList() {
|
| 13 | return {
|
| 14 | a: ["target", "href", "title"],
|
| 15 | abbr: ["title"],
|
| 16 | address: [],
|
| 17 | area: ["shape", "coords", "href", "alt"],
|
| 18 | article: [],
|
| 19 | aside: [],
|
| 20 | audio: [
|
| 21 | "autoplay",
|
| 22 | "controls",
|
| 23 | "crossorigin",
|
| 24 | "loop",
|
| 25 | "muted",
|
| 26 | "preload",
|
| 27 | "src",
|
| 28 | ],
|
| 29 | b: [],
|
| 30 | bdi: ["dir"],
|
| 31 | bdo: ["dir"],
|
| 32 | big: [],
|
| 33 | blockquote: ["cite"],
|
| 34 | br: [],
|
| 35 | caption: [],
|
| 36 | center: [],
|
| 37 | cite: [],
|
| 38 | code: [],
|
| 39 | col: ["align", "valign", "span", "width"],
|
| 40 | colgroup: ["align", "valign", "span", "width"],
|
| 41 | dd: [],
|
| 42 | del: ["datetime"],
|
| 43 | details: ["open"],
|
| 44 | div: [],
|
| 45 | dl: [],
|
| 46 | dt: [],
|
| 47 | em: [],
|
| 48 | figcaption: [],
|
| 49 | figure: [],
|
| 50 | font: ["color", "size", "face"],
|
| 51 | footer: [],
|
| 52 | h1: [],
|
| 53 | h2: [],
|
| 54 | h3: [],
|
| 55 | h4: [],
|
| 56 | h5: [],
|
| 57 | h6: [],
|
| 58 | header: [],
|
| 59 | hr: [],
|
| 60 | i: [],
|
| 61 | img: ["src", "alt", "title", "width", "height"],
|
| 62 | ins: ["datetime"],
|
| 63 | li: [],
|
| 64 | mark: [],
|
| 65 | nav: [],
|
| 66 | ol: [],
|
| 67 | p: [],
|
| 68 | pre: [],
|
| 69 | s: [],
|
| 70 | section: [],
|
| 71 | small: [],
|
| 72 | span: [],
|
| 73 | sub: [],
|
| 74 | summary: [],
|
| 75 | sup: [],
|
| 76 | strong: [],
|
| 77 | strike: [],
|
| 78 | table: ["width", "border", "align", "valign"],
|
| 79 | tbody: ["align", "valign"],
|
| 80 | td: ["width", "rowspan", "colspan", "align", "valign"],
|
| 81 | tfoot: ["align", "valign"],
|
| 82 | th: ["width", "rowspan", "colspan", "align", "valign"],
|
| 83 | thead: ["align", "valign"],
|
| 84 | tr: ["rowspan", "align", "valign"],
|
| 85 | tt: [],
|
| 86 | u: [],
|
| 87 | ul: [],
|
| 88 | video: [
|
| 89 | "autoplay",
|
| 90 | "controls",
|
| 91 | "crossorigin",
|
| 92 | "loop",
|
| 93 | "muted",
|
| 94 | "playsinline",
|
| 95 | "poster",
|
| 96 | "preload",
|
| 97 | "src",
|
| 98 | "height",
|
| 99 | "width",
|
| 100 | ],
|
| 101 | };
|
| 102 | }
|
| 103 |
|
| 104 | var defaultCSSFilter = new FilterCSS();
|
| 105 |
|
| 106 | |
| 107 | |
| 108 | |
| 109 | |
| 110 | |
| 111 | |
| 112 | |
| 113 |
|
| 114 | function onTag(tag, html, options) {
|
| 115 |
|
| 116 | }
|
| 117 |
|
| 118 | |
| 119 | |
| 120 | |
| 121 | |
| 122 | |
| 123 | |
| 124 | |
| 125 |
|
| 126 | function onIgnoreTag(tag, html, options) {
|
| 127 |
|
| 128 | }
|
| 129 |
|
| 130 | |
| 131 | |
| 132 | |
| 133 | |
| 134 | |
| 135 | |
| 136 | |
| 137 |
|
| 138 | function onTagAttr(tag, name, value) {
|
| 139 |
|
| 140 | }
|
| 141 |
|
| 142 | |
| 143 | |
| 144 | |
| 145 | |
| 146 | |
| 147 | |
| 148 | |
| 149 |
|
| 150 | function onIgnoreTagAttr(tag, name, value) {
|
| 151 |
|
| 152 | }
|
| 153 |
|
| 154 | |
| 155 | |
| 156 | |
| 157 | |
| 158 |
|
| 159 | function escapeHtml(html) {
|
| 160 | return html.replace(REGEXP_LT, "<").replace(REGEXP_GT, ">");
|
| 161 | }
|
| 162 |
|
| 163 | |
| 164 | |
| 165 | |
| 166 | |
| 167 | |
| 168 | |
| 169 | |
| 170 | |
| 171 |
|
| 172 | function safeAttrValue(tag, name, value, cssFilter) {
|
| 173 |
|
| 174 | value = friendlyAttrValue(value);
|
| 175 |
|
| 176 | if (name === "href" || name === "src") {
|
| 177 |
|
| 178 |
|
| 179 | value = _.trim(value);
|
| 180 | if (value === "#") return "#";
|
| 181 | if (
|
| 182 | !(
|
| 183 | value.substr(0, 7) === "http://" ||
|
| 184 | value.substr(0, 8) === "https://" ||
|
| 185 | value.substr(0, 7) === "mailto:" ||
|
| 186 | value.substr(0, 4) === "tel:" ||
|
| 187 | value.substr(0, 11) === "data:image/" ||
|
| 188 | value.substr(0, 6) === "ftp://" ||
|
| 189 | value.substr(0, 2) === "./" ||
|
| 190 | value.substr(0, 3) === "../" ||
|
| 191 | value[0] === "#" ||
|
| 192 | value[0] === "/"
|
| 193 | )
|
| 194 | ) {
|
| 195 | return "";
|
| 196 | }
|
| 197 | } else if (name === "background") {
|
| 198 |
|
| 199 |
|
| 200 | REGEXP_DEFAULT_ON_TAG_ATTR_4.lastIndex = 0;
|
| 201 | if (REGEXP_DEFAULT_ON_TAG_ATTR_4.test(value)) {
|
| 202 | return "";
|
| 203 | }
|
| 204 | } else if (name === "style") {
|
| 205 |
|
| 206 | REGEXP_DEFAULT_ON_TAG_ATTR_7.lastIndex = 0;
|
| 207 | if (REGEXP_DEFAULT_ON_TAG_ATTR_7.test(value)) {
|
| 208 | return "";
|
| 209 | }
|
| 210 |
|
| 211 | REGEXP_DEFAULT_ON_TAG_ATTR_8.lastIndex = 0;
|
| 212 | if (REGEXP_DEFAULT_ON_TAG_ATTR_8.test(value)) {
|
| 213 | REGEXP_DEFAULT_ON_TAG_ATTR_4.lastIndex = 0;
|
| 214 | if (REGEXP_DEFAULT_ON_TAG_ATTR_4.test(value)) {
|
| 215 | return "";
|
| 216 | }
|
| 217 | }
|
| 218 | if (cssFilter !== false) {
|
| 219 | cssFilter = cssFilter || defaultCSSFilter;
|
| 220 | value = cssFilter.process(value);
|
| 221 | }
|
| 222 | }
|
| 223 |
|
| 224 |
|
| 225 | value = escapeAttrValue(value);
|
| 226 | return value;
|
| 227 | }
|
| 228 |
|
| 229 |
|
| 230 | var REGEXP_LT = /</g;
|
| 231 | var REGEXP_GT = />/g;
|
| 232 | var REGEXP_QUOTE = /"/g;
|
| 233 | var REGEXP_QUOTE_2 = /"/g;
|
| 234 | var REGEXP_ATTR_VALUE_1 = /&#([a-zA-Z0-9]*);?/gim;
|
| 235 | var REGEXP_ATTR_VALUE_COLON = /:?/gim;
|
| 236 | var REGEXP_ATTR_VALUE_NEWLINE = /&newline;?/gim;
|
| 237 |
|
| 238 | var REGEXP_DEFAULT_ON_TAG_ATTR_4 =
|
| 239 | /((j\s*a\s*v\s*a|v\s*b|l\s*i\s*v\s*e)\s*s\s*c\s*r\s*i\s*p\s*t\s*|m\s*o\s*c\s*h\s*a):/gi;
|
| 240 |
|
| 241 |
|
| 242 | var REGEXP_DEFAULT_ON_TAG_ATTR_7 =
|
| 243 | /e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n\s*\(.*/gi;
|
| 244 | var REGEXP_DEFAULT_ON_TAG_ATTR_8 = /u\s*r\s*l\s*\(.*/gi;
|
| 245 |
|
| 246 | |
| 247 | |
| 248 | |
| 249 | |
| 250 | |
| 251 |
|
| 252 | function escapeQuote(str) {
|
| 253 | return str.replace(REGEXP_QUOTE, """);
|
| 254 | }
|
| 255 |
|
| 256 | |
| 257 | |
| 258 | |
| 259 | |
| 260 | |
| 261 |
|
| 262 | function unescapeQuote(str) {
|
| 263 | return str.replace(REGEXP_QUOTE_2, '"');
|
| 264 | }
|
| 265 |
|
| 266 | |
| 267 | |
| 268 | |
| 269 | |
| 270 | |
| 271 |
|
| 272 | function escapeHtmlEntities(str) {
|
| 273 | return str.replace(REGEXP_ATTR_VALUE_1, function replaceUnicode(str, code) {
|
| 274 | return code[0] === "x" || code[0] === "X"
|
| 275 | ? String.fromCharCode(parseInt(code.substr(1), 16))
|
| 276 | : String.fromCharCode(parseInt(code, 10));
|
| 277 | });
|
| 278 | }
|
| 279 |
|
| 280 | |
| 281 | |
| 282 | |
| 283 | |
| 284 | |
| 285 |
|
| 286 | function escapeDangerHtml5Entities(str) {
|
| 287 | return str
|
| 288 | .replace(REGEXP_ATTR_VALUE_COLON, ":")
|
| 289 | .replace(REGEXP_ATTR_VALUE_NEWLINE, " ");
|
| 290 | }
|
| 291 |
|
| 292 | |
| 293 | |
| 294 | |
| 295 | |
| 296 | |
| 297 |
|
| 298 | function clearNonPrintableCharacter(str) {
|
| 299 | var str2 = "";
|
| 300 | for (var i = 0, len = str.length; i < len; i++) {
|
| 301 | str2 += str.charCodeAt(i) < 32 ? " " : str.charAt(i);
|
| 302 | }
|
| 303 | return _.trim(str2);
|
| 304 | }
|
| 305 |
|
| 306 | |
| 307 | |
| 308 | |
| 309 | |
| 310 | |
| 311 |
|
| 312 | function friendlyAttrValue(str) {
|
| 313 | str = unescapeQuote(str);
|
| 314 | str = escapeHtmlEntities(str);
|
| 315 | str = escapeDangerHtml5Entities(str);
|
| 316 | str = clearNonPrintableCharacter(str);
|
| 317 | return str;
|
| 318 | }
|
| 319 |
|
| 320 | |
| 321 | |
| 322 | |
| 323 | |
| 324 | |
| 325 |
|
| 326 | function escapeAttrValue(str) {
|
| 327 | str = escapeQuote(str);
|
| 328 | str = escapeHtml(str);
|
| 329 | return str;
|
| 330 | }
|
| 331 |
|
| 332 | |
| 333 | |
| 334 |
|
| 335 | function onIgnoreTagStripAll() {
|
| 336 | return "";
|
| 337 | }
|
| 338 |
|
| 339 | |
| 340 | |
| 341 | |
| 342 | |
| 343 | |
| 344 | |
| 345 |
|
| 346 | function StripTagBody(tags, next) {
|
| 347 | if (typeof next !== "function") {
|
| 348 | next = function () {};
|
| 349 | }
|
| 350 |
|
| 351 | var isRemoveAllTag = !Array.isArray(tags);
|
| 352 | function isRemoveTag(tag) {
|
| 353 | if (isRemoveAllTag) return true;
|
| 354 | return _.indexOf(tags, tag) !== -1;
|
| 355 | }
|
| 356 |
|
| 357 | var removeList = [];
|
| 358 | var posStart = false;
|
| 359 |
|
| 360 | return {
|
| 361 | onIgnoreTag: function (tag, html, options) {
|
| 362 | if (isRemoveTag(tag)) {
|
| 363 | if (options.isClosing) {
|
| 364 | var ret = "[/removed]";
|
| 365 | var end = options.position + ret.length;
|
| 366 | removeList.push([
|
| 367 | posStart !== false ? posStart : options.position,
|
| 368 | end,
|
| 369 | ]);
|
| 370 | posStart = false;
|
| 371 | return ret;
|
| 372 | } else {
|
| 373 | if (!posStart) {
|
| 374 | posStart = options.position;
|
| 375 | }
|
| 376 | return "[removed]";
|
| 377 | }
|
| 378 | } else {
|
| 379 | return next(tag, html, options);
|
| 380 | }
|
| 381 | },
|
| 382 | remove: function (html) {
|
| 383 | var rethtml = "";
|
| 384 | var lastPos = 0;
|
| 385 | _.forEach(removeList, function (pos) {
|
| 386 | rethtml += html.slice(lastPos, pos[0]);
|
| 387 | lastPos = pos[1];
|
| 388 | });
|
| 389 | rethtml += html.slice(lastPos);
|
| 390 | return rethtml;
|
| 391 | },
|
| 392 | };
|
| 393 | }
|
| 394 |
|
| 395 | |
| 396 | |
| 397 | |
| 398 | |
| 399 | |
| 400 |
|
| 401 | function stripCommentTag(html) {
|
| 402 | var retHtml = "";
|
| 403 | var lastPos = 0;
|
| 404 | while (lastPos < html.length) {
|
| 405 | var i = html.indexOf("<!--", lastPos);
|
| 406 | if (i === -1) {
|
| 407 | retHtml += html.slice(lastPos);
|
| 408 | break;
|
| 409 | }
|
| 410 | retHtml += html.slice(lastPos, i);
|
| 411 | var j = html.indexOf("-->", i);
|
| 412 | if (j === -1) {
|
| 413 | break;
|
| 414 | }
|
| 415 | lastPos = j + 3;
|
| 416 | }
|
| 417 | return retHtml;
|
| 418 | }
|
| 419 |
|
| 420 | |
| 421 | |
| 422 | |
| 423 | |
| 424 | |
| 425 |
|
| 426 | function stripBlankChar(html) {
|
| 427 | var chars = html.split("");
|
| 428 | chars = chars.filter(function (char) {
|
| 429 | var c = char.charCodeAt(0);
|
| 430 | if (c === 127) return false;
|
| 431 | if (c <= 31) {
|
| 432 | if (c === 10 || c === 13) return true;
|
| 433 | return false;
|
| 434 | }
|
| 435 | return true;
|
| 436 | });
|
| 437 | return chars.join("");
|
| 438 | }
|
| 439 |
|
| 440 | exports.whiteList = getDefaultWhiteList();
|
| 441 | exports.getDefaultWhiteList = getDefaultWhiteList;
|
| 442 | exports.onTag = onTag;
|
| 443 | exports.onIgnoreTag = onIgnoreTag;
|
| 444 | exports.onTagAttr = onTagAttr;
|
| 445 | exports.onIgnoreTagAttr = onIgnoreTagAttr;
|
| 446 | exports.safeAttrValue = safeAttrValue;
|
| 447 | exports.escapeHtml = escapeHtml;
|
| 448 | exports.escapeQuote = escapeQuote;
|
| 449 | exports.unescapeQuote = unescapeQuote;
|
| 450 | exports.escapeHtmlEntities = escapeHtmlEntities;
|
| 451 | exports.escapeDangerHtml5Entities = escapeDangerHtml5Entities;
|
| 452 | exports.clearNonPrintableCharacter = clearNonPrintableCharacter;
|
| 453 | exports.friendlyAttrValue = friendlyAttrValue;
|
| 454 | exports.escapeAttrValue = escapeAttrValue;
|
| 455 | exports.onIgnoreTagStripAll = onIgnoreTagStripAll;
|
| 456 | exports.StripTagBody = StripTagBody;
|
| 457 | exports.stripCommentTag = stripCommentTag;
|
| 458 | exports.stripBlankChar = stripBlankChar;
|
| 459 | exports.cssFilter = defaultCSSFilter;
|
| 460 | exports.getDefaultCSSWhiteList = getDefaultCSSWhiteList;
|
| 461 |
|
| 462 | },{"./util":4,"cssfilter":8}],2:[function(require,module,exports){
|
| 463 | |
| 464 | |
| 465 | |
| 466 | |
| 467 |
|
| 468 |
|
| 469 | var DEFAULT = require("./default");
|
| 470 | var parser = require("./parser");
|
| 471 | var FilterXSS = require("./xss");
|
| 472 |
|
| 473 | |
| 474 | |
| 475 | |
| 476 | |
| 477 | |
| 478 | |
| 479 |
|
| 480 | function filterXSS(html, options) {
|
| 481 | var xss = new FilterXSS(options);
|
| 482 | return xss.process(html);
|
| 483 | }
|
| 484 |
|
| 485 | exports = module.exports = filterXSS;
|
| 486 | exports.filterXSS = filterXSS;
|
| 487 | exports.FilterXSS = FilterXSS;
|
| 488 |
|
| 489 | (function () {
|
| 490 | for (var i in DEFAULT) {
|
| 491 | exports[i] = DEFAULT[i];
|
| 492 | }
|
| 493 | for (var j in parser) {
|
| 494 | exports[j] = parser[j];
|
| 495 | }
|
| 496 | })();
|
| 497 |
|
| 498 |
|
| 499 | if (typeof window !== "undefined") {
|
| 500 | window.filterXSS = module.exports;
|
| 501 | }
|
| 502 |
|
| 503 |
|
| 504 | function isWorkerEnv() {
|
| 505 | return (
|
| 506 | typeof self !== "undefined" &&
|
| 507 | typeof DedicatedWorkerGlobalScope !== "undefined" &&
|
| 508 | self instanceof DedicatedWorkerGlobalScope
|
| 509 | );
|
| 510 | }
|
| 511 | if (isWorkerEnv()) {
|
| 512 | self.filterXSS = module.exports;
|
| 513 | }
|
| 514 |
|
| 515 | },{"./default":1,"./parser":3,"./xss":5}],3:[function(require,module,exports){
|
| 516 | |
| 517 | |
| 518 | |
| 519 | |
| 520 |
|
| 521 |
|
| 522 | var _ = require("./util");
|
| 523 |
|
| 524 | |
| 525 | |
| 526 | |
| 527 | |
| 528 | |
| 529 |
|
| 530 | function getTagName(html) {
|
| 531 | var i = _.spaceIndex(html);
|
| 532 | var tagName;
|
| 533 | if (i === -1) {
|
| 534 | tagName = html.slice(1, -1);
|
| 535 | } else {
|
| 536 | tagName = html.slice(1, i + 1);
|
| 537 | }
|
| 538 | tagName = _.trim(tagName).toLowerCase();
|
| 539 | if (tagName.slice(0, 1) === "/") tagName = tagName.slice(1);
|
| 540 | if (tagName.slice(-1) === "/") tagName = tagName.slice(0, -1);
|
| 541 | return tagName;
|
| 542 | }
|
| 543 |
|
| 544 | |
| 545 | |
| 546 | |
| 547 | |
| 548 | |
| 549 |
|
| 550 | function isClosing(html) {
|
| 551 | return html.slice(0, 2) === "</";
|
| 552 | }
|
| 553 |
|
| 554 | |
| 555 | |
| 556 | |
| 557 | |
| 558 | |
| 559 | |
| 560 | |
| 561 |
|
| 562 | function parseTag(html, onTag, escapeHtml) {
|
| 563 | "use strict";
|
| 564 |
|
| 565 | var rethtml = "";
|
| 566 | var lastPos = 0;
|
| 567 | var tagStart = false;
|
| 568 | var quoteStart = false;
|
| 569 | var currentPos = 0;
|
| 570 | var len = html.length;
|
| 571 | var currentTagName = "";
|
| 572 | var currentHtml = "";
|
| 573 |
|
| 574 | chariterator: for (currentPos = 0; currentPos < len; currentPos++) {
|
| 575 | var c = html.charAt(currentPos);
|
| 576 | if (tagStart === false) {
|
| 577 | if (c === "<") {
|
| 578 | tagStart = currentPos;
|
| 579 | continue;
|
| 580 | }
|
| 581 | } else {
|
| 582 | if (quoteStart === false) {
|
| 583 | if (c === "<") {
|
| 584 | rethtml += escapeHtml(html.slice(lastPos, currentPos));
|
| 585 | tagStart = currentPos;
|
| 586 | lastPos = currentPos;
|
| 587 | continue;
|
| 588 | }
|
| 589 | if (c === ">") {
|
| 590 | rethtml += escapeHtml(html.slice(lastPos, tagStart));
|
| 591 | currentHtml = html.slice(tagStart, currentPos + 1);
|
| 592 | currentTagName = getTagName(currentHtml);
|
| 593 | rethtml += onTag(
|
| 594 | tagStart,
|
| 595 | rethtml.length,
|
| 596 | currentTagName,
|
| 597 | currentHtml,
|
| 598 | isClosing(currentHtml)
|
| 599 | );
|
| 600 | lastPos = currentPos + 1;
|
| 601 | tagStart = false;
|
| 602 | continue;
|
| 603 | }
|
| 604 | if (c === '"' || c === "'") {
|
| 605 | var i = 1;
|
| 606 | var ic = html.charAt(currentPos - i);
|
| 607 |
|
| 608 | while (ic.trim() === "" || ic === "=") {
|
| 609 | if (ic === "=") {
|
| 610 | quoteStart = c;
|
| 611 | continue chariterator;
|
| 612 | }
|
| 613 | ic = html.charAt(currentPos - ++i);
|
| 614 | }
|
| 615 | }
|
| 616 | } else {
|
| 617 | if (c === quoteStart) {
|
| 618 | quoteStart = false;
|
| 619 | continue;
|
| 620 | }
|
| 621 | }
|
| 622 | }
|
| 623 | }
|
| 624 | if (lastPos < html.length) {
|
| 625 | rethtml += escapeHtml(html.substr(lastPos));
|
| 626 | }
|
| 627 |
|
| 628 | return rethtml;
|
| 629 | }
|
| 630 |
|
| 631 | var REGEXP_ILLEGAL_ATTR_NAME = /[^a-zA-Z0-9\\_:.-]/gim;
|
| 632 |
|
| 633 | |
| 634 | |
| 635 | |
| 636 | |
| 637 | |
| 638 | |
| 639 |
|
| 640 | function parseAttr(html, onAttr) {
|
| 641 | "use strict";
|
| 642 |
|
| 643 | var lastPos = 0;
|
| 644 | var lastMarkPos = 0;
|
| 645 | var retAttrs = [];
|
| 646 | var tmpName = false;
|
| 647 | var len = html.length;
|
| 648 |
|
| 649 | function addAttr(name, value) {
|
| 650 | name = _.trim(name);
|
| 651 | name = name.replace(REGEXP_ILLEGAL_ATTR_NAME, "").toLowerCase();
|
| 652 | if (name.length < 1) return;
|
| 653 | var ret = onAttr(name, value || "");
|
| 654 | if (ret) retAttrs.push(ret);
|
| 655 | }
|
| 656 |
|
| 657 |
|
| 658 | for (var i = 0; i < len; i++) {
|
| 659 | var c = html.charAt(i);
|
| 660 | var v, j;
|
| 661 | if (tmpName === false && c === "=") {
|
| 662 | tmpName = html.slice(lastPos, i);
|
| 663 | lastPos = i + 1;
|
| 664 | lastMarkPos = html.charAt(lastPos) === '"' || html.charAt(lastPos) === "'" ? lastPos : findNextQuotationMark(html, i + 1);
|
| 665 | continue;
|
| 666 | }
|
| 667 | if (tmpName !== false) {
|
| 668 | if (
|
| 669 | i === lastMarkPos
|
| 670 | ) {
|
| 671 | j = html.indexOf(c, i + 1);
|
| 672 | if (j === -1) {
|
| 673 | break;
|
| 674 | } else {
|
| 675 | v = _.trim(html.slice(lastMarkPos + 1, j));
|
| 676 | addAttr(tmpName, v);
|
| 677 | tmpName = false;
|
| 678 | i = j;
|
| 679 | lastPos = i + 1;
|
| 680 | continue;
|
| 681 | }
|
| 682 | }
|
| 683 | }
|
| 684 | if (/\s|\n|\t/.test(c)) {
|
| 685 | html = html.replace(/\s|\n|\t/g, " ");
|
| 686 | if (tmpName === false) {
|
| 687 | j = findNextEqual(html, i);
|
| 688 | if (j === -1) {
|
| 689 | v = _.trim(html.slice(lastPos, i));
|
| 690 | addAttr(v);
|
| 691 | tmpName = false;
|
| 692 | lastPos = i + 1;
|
| 693 | continue;
|
| 694 | } else {
|
| 695 | i = j - 1;
|
| 696 | continue;
|
| 697 | }
|
| 698 | } else {
|
| 699 | j = findBeforeEqual(html, i - 1);
|
| 700 | if (j === -1) {
|
| 701 | v = _.trim(html.slice(lastPos, i));
|
| 702 | v = stripQuoteWrap(v);
|
| 703 | addAttr(tmpName, v);
|
| 704 | tmpName = false;
|
| 705 | lastPos = i + 1;
|
| 706 | continue;
|
| 707 | } else {
|
| 708 | continue;
|
| 709 | }
|
| 710 | }
|
| 711 | }
|
| 712 | }
|
| 713 |
|
| 714 | if (lastPos < html.length) {
|
| 715 | if (tmpName === false) {
|
| 716 | addAttr(html.slice(lastPos));
|
| 717 | } else {
|
| 718 | addAttr(tmpName, stripQuoteWrap(_.trim(html.slice(lastPos))));
|
| 719 | }
|
| 720 | }
|
| 721 |
|
| 722 | return _.trim(retAttrs.join(" "));
|
| 723 | }
|
| 724 |
|
| 725 | function findNextEqual(str, i) {
|
| 726 | for (; i < str.length; i++) {
|
| 727 | var c = str[i];
|
| 728 | if (c === " ") continue;
|
| 729 | if (c === "=") return i;
|
| 730 | return -1;
|
| 731 | }
|
| 732 | }
|
| 733 |
|
| 734 | function findNextQuotationMark(str, i) {
|
| 735 | for (; i < str.length; i++) {
|
| 736 | var c = str[i];
|
| 737 | if (c === " ") continue;
|
| 738 | if (c === "'" || c === '"') return i;
|
| 739 | return -1;
|
| 740 | }
|
| 741 | }
|
| 742 |
|
| 743 | function findBeforeEqual(str, i) {
|
| 744 | for (; i > 0; i--) {
|
| 745 | var c = str[i];
|
| 746 | if (c === " ") continue;
|
| 747 | if (c === "=") return i;
|
| 748 | return -1;
|
| 749 | }
|
| 750 | }
|
| 751 |
|
| 752 | function isQuoteWrapString(text) {
|
| 753 | if (
|
| 754 | (text[0] === '"' && text[text.length - 1] === '"') ||
|
| 755 | (text[0] === "'" && text[text.length - 1] === "'")
|
| 756 | ) {
|
| 757 | return true;
|
| 758 | } else {
|
| 759 | return false;
|
| 760 | }
|
| 761 | }
|
| 762 |
|
| 763 | function stripQuoteWrap(text) {
|
| 764 | if (isQuoteWrapString(text)) {
|
| 765 | return text.substr(1, text.length - 2);
|
| 766 | } else {
|
| 767 | return text;
|
| 768 | }
|
| 769 | }
|
| 770 |
|
| 771 | exports.parseTag = parseTag;
|
| 772 | exports.parseAttr = parseAttr;
|
| 773 |
|
| 774 | },{"./util":4}],4:[function(require,module,exports){
|
| 775 | module.exports = {
|
| 776 | indexOf: function (arr, item) {
|
| 777 | var i, j;
|
| 778 | if (Array.prototype.indexOf) {
|
| 779 | return arr.indexOf(item);
|
| 780 | }
|
| 781 | for (i = 0, j = arr.length; i < j; i++) {
|
| 782 | if (arr[i] === item) {
|
| 783 | return i;
|
| 784 | }
|
| 785 | }
|
| 786 | return -1;
|
| 787 | },
|
| 788 | forEach: function (arr, fn, scope) {
|
| 789 | var i, j;
|
| 790 | if (Array.prototype.forEach) {
|
| 791 | return arr.forEach(fn, scope);
|
| 792 | }
|
| 793 | for (i = 0, j = arr.length; i < j; i++) {
|
| 794 | fn.call(scope, arr[i], i, arr);
|
| 795 | }
|
| 796 | },
|
| 797 | trim: function (str) {
|
| 798 | if (String.prototype.trim) {
|
| 799 | return str.trim();
|
| 800 | }
|
| 801 | return str.replace(/(^\s*)|(\s*$)/g, "");
|
| 802 | },
|
| 803 | spaceIndex: function (str) {
|
| 804 | var reg = /\s|\n|\t/;
|
| 805 | var match = reg.exec(str);
|
| 806 | return match ? match.index : -1;
|
| 807 | },
|
| 808 | };
|
| 809 |
|
| 810 | },{}],5:[function(require,module,exports){
|
| 811 | |
| 812 | |
| 813 | |
| 814 | |
| 815 |
|
| 816 |
|
| 817 | var FilterCSS = require("cssfilter").FilterCSS;
|
| 818 | var DEFAULT = require("./default");
|
| 819 | var parser = require("./parser");
|
| 820 | var parseTag = parser.parseTag;
|
| 821 | var parseAttr = parser.parseAttr;
|
| 822 | var _ = require("./util");
|
| 823 |
|
| 824 | |
| 825 | |
| 826 | |
| 827 | |
| 828 | |
| 829 |
|
| 830 | function isNull(obj) {
|
| 831 | return obj === undefined || obj === null;
|
| 832 | }
|
| 833 |
|
| 834 | |
| 835 | |
| 836 | |
| 837 | |
| 838 | |
| 839 | |
| 840 | |
| 841 |
|
| 842 | function getAttrs(html) {
|
| 843 | var i = _.spaceIndex(html);
|
| 844 | if (i === -1) {
|
| 845 | return {
|
| 846 | html: "",
|
| 847 | closing: html[html.length - 2] === "/",
|
| 848 | };
|
| 849 | }
|
| 850 | html = _.trim(html.slice(i + 1, -1));
|
| 851 | var isClosing = html[html.length - 1] === "/";
|
| 852 | if (isClosing) html = _.trim(html.slice(0, -1));
|
| 853 | return {
|
| 854 | html: html,
|
| 855 | closing: isClosing,
|
| 856 | };
|
| 857 | }
|
| 858 |
|
| 859 | |
| 860 | |
| 861 | |
| 862 | |
| 863 | |
| 864 |
|
| 865 | function shallowCopyObject(obj) {
|
| 866 | var ret = {};
|
| 867 | for (var i in obj) {
|
| 868 | ret[i] = obj[i];
|
| 869 | }
|
| 870 | return ret;
|
| 871 | }
|
| 872 |
|
| 873 | function keysToLowerCase(obj) {
|
| 874 | var ret = {};
|
| 875 | for (var i in obj) {
|
| 876 | if (Array.isArray(obj[i])) {
|
| 877 | ret[i.toLowerCase()] = obj[i].map(function (item) {
|
| 878 | return item.toLowerCase();
|
| 879 | });
|
| 880 | } else {
|
| 881 | ret[i.toLowerCase()] = obj[i];
|
| 882 | }
|
| 883 | }
|
| 884 | return ret;
|
| 885 | }
|
| 886 |
|
| 887 | |
| 888 | |
| 889 | |
| 890 | |
| 891 | |
| 892 | |
| 893 | |
| 894 | |
| 895 |
|
| 896 | function FilterXSS(options) {
|
| 897 | options = shallowCopyObject(options || {});
|
| 898 |
|
| 899 | if (options.stripIgnoreTag) {
|
| 900 | if (options.onIgnoreTag) {
|
| 901 | console.error(
|
| 902 | 'Notes: cannot use these two options "stripIgnoreTag" and "onIgnoreTag" at the same time'
|
| 903 | );
|
| 904 | }
|
| 905 | options.onIgnoreTag = DEFAULT.onIgnoreTagStripAll;
|
| 906 | }
|
| 907 | if (options.whiteList || options.allowList) {
|
| 908 | options.whiteList = keysToLowerCase(options.whiteList || options.allowList);
|
| 909 | } else {
|
| 910 | options.whiteList = DEFAULT.whiteList;
|
| 911 | }
|
| 912 |
|
| 913 | options.onTag = options.onTag || DEFAULT.onTag;
|
| 914 | options.onTagAttr = options.onTagAttr || DEFAULT.onTagAttr;
|
| 915 | options.onIgnoreTag = options.onIgnoreTag || DEFAULT.onIgnoreTag;
|
| 916 | options.onIgnoreTagAttr = options.onIgnoreTagAttr || DEFAULT.onIgnoreTagAttr;
|
| 917 | options.safeAttrValue = options.safeAttrValue || DEFAULT.safeAttrValue;
|
| 918 | options.escapeHtml = options.escapeHtml || DEFAULT.escapeHtml;
|
| 919 | this.options = options;
|
| 920 |
|
| 921 | if (options.css === false) {
|
| 922 | this.cssFilter = false;
|
| 923 | } else {
|
| 924 | options.css = options.css || {};
|
| 925 | this.cssFilter = new FilterCSS(options.css);
|
| 926 | }
|
| 927 | }
|
| 928 |
|
| 929 | |
| 930 | |
| 931 | |
| 932 | |
| 933 | |
| 934 |
|
| 935 | FilterXSS.prototype.process = function (html) {
|
| 936 |
|
| 937 | html = html || "";
|
| 938 | html = html.toString();
|
| 939 | if (!html) return "";
|
| 940 |
|
| 941 | var me = this;
|
| 942 | var options = me.options;
|
| 943 | var whiteList = options.whiteList;
|
| 944 | var onTag = options.onTag;
|
| 945 | var onIgnoreTag = options.onIgnoreTag;
|
| 946 | var onTagAttr = options.onTagAttr;
|
| 947 | var onIgnoreTagAttr = options.onIgnoreTagAttr;
|
| 948 | var safeAttrValue = options.safeAttrValue;
|
| 949 | var escapeHtml = options.escapeHtml;
|
| 950 | var cssFilter = me.cssFilter;
|
| 951 |
|
| 952 |
|
| 953 | if (options.stripBlankChar) {
|
| 954 | html = DEFAULT.stripBlankChar(html);
|
| 955 | }
|
| 956 |
|
| 957 |
|
| 958 | if (!options.allowCommentTag) {
|
| 959 | html = DEFAULT.stripCommentTag(html);
|
| 960 | }
|
| 961 |
|
| 962 |
|
| 963 | var stripIgnoreTagBody = false;
|
| 964 | if (options.stripIgnoreTagBody) {
|
| 965 | stripIgnoreTagBody = DEFAULT.StripTagBody(
|
| 966 | options.stripIgnoreTagBody,
|
| 967 | onIgnoreTag
|
| 968 | );
|
| 969 | onIgnoreTag = stripIgnoreTagBody.onIgnoreTag;
|
| 970 | }
|
| 971 |
|
| 972 | var retHtml = parseTag(
|
| 973 | html,
|
| 974 | function (sourcePosition, position, tag, html, isClosing) {
|
| 975 | var info = {
|
| 976 | sourcePosition: sourcePosition,
|
| 977 | position: position,
|
| 978 | isClosing: isClosing,
|
| 979 | isWhite: Object.prototype.hasOwnProperty.call(whiteList, tag),
|
| 980 | };
|
| 981 |
|
| 982 |
|
| 983 | var ret = onTag(tag, html, info);
|
| 984 | if (!isNull(ret)) return ret;
|
| 985 |
|
| 986 | if (info.isWhite) {
|
| 987 | if (info.isClosing) {
|
| 988 | return "</" + tag + ">";
|
| 989 | }
|
| 990 |
|
| 991 | var attrs = getAttrs(html);
|
| 992 | var whiteAttrList = whiteList[tag];
|
| 993 | var attrsHtml = parseAttr(attrs.html, function (name, value) {
|
| 994 |
|
| 995 | var isWhiteAttr = _.indexOf(whiteAttrList, name) !== -1;
|
| 996 | var ret = onTagAttr(tag, name, value, isWhiteAttr);
|
| 997 | if (!isNull(ret)) return ret;
|
| 998 |
|
| 999 | if (isWhiteAttr) {
|
| 1000 |
|
| 1001 | value = safeAttrValue(tag, name, value, cssFilter);
|
| 1002 | if (value) {
|
| 1003 | return name + '="' + value + '"';
|
| 1004 | } else {
|
| 1005 | return name;
|
| 1006 | }
|
| 1007 | } else {
|
| 1008 |
|
| 1009 | ret = onIgnoreTagAttr(tag, name, value, isWhiteAttr);
|
| 1010 | if (!isNull(ret)) return ret;
|
| 1011 | return;
|
| 1012 | }
|
| 1013 | });
|
| 1014 |
|
| 1015 |
|
| 1016 | html = "<" + tag;
|
| 1017 | if (attrsHtml) html += " " + attrsHtml;
|
| 1018 | if (attrs.closing) html += " /";
|
| 1019 | html += ">";
|
| 1020 | return html;
|
| 1021 | } else {
|
| 1022 |
|
| 1023 | ret = onIgnoreTag(tag, html, info);
|
| 1024 | if (!isNull(ret)) return ret;
|
| 1025 | return escapeHtml(html);
|
| 1026 | }
|
| 1027 | },
|
| 1028 | escapeHtml
|
| 1029 | );
|
| 1030 |
|
| 1031 |
|
| 1032 | if (stripIgnoreTagBody) {
|
| 1033 | retHtml = stripIgnoreTagBody.remove(retHtml);
|
| 1034 | }
|
| 1035 |
|
| 1036 | return retHtml;
|
| 1037 | };
|
| 1038 |
|
| 1039 | module.exports = FilterXSS;
|
| 1040 |
|
| 1041 | },{"./default":1,"./parser":3,"./util":4,"cssfilter":8}],6:[function(require,module,exports){
|
| 1042 | |
| 1043 | |
| 1044 | |
| 1045 | |
| 1046 |
|
| 1047 |
|
| 1048 | var DEFAULT = require('./default');
|
| 1049 | var parseStyle = require('./parser');
|
| 1050 | var _ = require('./util');
|
| 1051 |
|
| 1052 |
|
| 1053 | |
| 1054 | |
| 1055 | |
| 1056 | |
| 1057 | |
| 1058 |
|
| 1059 | function isNull (obj) {
|
| 1060 | return (obj === undefined || obj === null);
|
| 1061 | }
|
| 1062 |
|
| 1063 | |
| 1064 | |
| 1065 | |
| 1066 | |
| 1067 | |
| 1068 |
|
| 1069 | function shallowCopyObject (obj) {
|
| 1070 | var ret = {};
|
| 1071 | for (var i in obj) {
|
| 1072 | ret[i] = obj[i];
|
| 1073 | }
|
| 1074 | return ret;
|
| 1075 | }
|
| 1076 |
|
| 1077 | |
| 1078 | |
| 1079 | |
| 1080 | |
| 1081 | |
| 1082 | |
| 1083 | |
| 1084 | |
| 1085 |
|
| 1086 | function FilterCSS (options) {
|
| 1087 | options = shallowCopyObject(options || {});
|
| 1088 | options.whiteList = options.whiteList || DEFAULT.whiteList;
|
| 1089 | options.onAttr = options.onAttr || DEFAULT.onAttr;
|
| 1090 | options.onIgnoreAttr = options.onIgnoreAttr || DEFAULT.onIgnoreAttr;
|
| 1091 | options.safeAttrValue = options.safeAttrValue || DEFAULT.safeAttrValue;
|
| 1092 | this.options = options;
|
| 1093 | }
|
| 1094 |
|
| 1095 | FilterCSS.prototype.process = function (css) {
|
| 1096 |
|
| 1097 | css = css || '';
|
| 1098 | css = css.toString();
|
| 1099 | if (!css) return '';
|
| 1100 |
|
| 1101 | var me = this;
|
| 1102 | var options = me.options;
|
| 1103 | var whiteList = options.whiteList;
|
| 1104 | var onAttr = options.onAttr;
|
| 1105 | var onIgnoreAttr = options.onIgnoreAttr;
|
| 1106 | var safeAttrValue = options.safeAttrValue;
|
| 1107 |
|
| 1108 | var retCSS = parseStyle(css, function (sourcePosition, position, name, value, source) {
|
| 1109 |
|
| 1110 | var check = whiteList[name];
|
| 1111 | var isWhite = false;
|
| 1112 | if (check === true) isWhite = check;
|
| 1113 | else if (typeof check === 'function') isWhite = check(value);
|
| 1114 | else if (check instanceof RegExp) isWhite = check.test(value);
|
| 1115 | if (isWhite !== true) isWhite = false;
|
| 1116 |
|
| 1117 |
|
| 1118 | value = safeAttrValue(name, value);
|
| 1119 | if (!value) return;
|
| 1120 |
|
| 1121 | var opts = {
|
| 1122 | position: position,
|
| 1123 | sourcePosition: sourcePosition,
|
| 1124 | source: source,
|
| 1125 | isWhite: isWhite
|
| 1126 | };
|
| 1127 |
|
| 1128 | if (isWhite) {
|
| 1129 |
|
| 1130 | var ret = onAttr(name, value, opts);
|
| 1131 | if (isNull(ret)) {
|
| 1132 | return name + ':' + value;
|
| 1133 | } else {
|
| 1134 | return ret;
|
| 1135 | }
|
| 1136 |
|
| 1137 | } else {
|
| 1138 |
|
| 1139 | var ret = onIgnoreAttr(name, value, opts);
|
| 1140 | if (!isNull(ret)) {
|
| 1141 | return ret;
|
| 1142 | }
|
| 1143 |
|
| 1144 | }
|
| 1145 | });
|
| 1146 |
|
| 1147 | return retCSS;
|
| 1148 | };
|
| 1149 |
|
| 1150 |
|
| 1151 | module.exports = FilterCSS;
|
| 1152 |
|
| 1153 | },{"./default":7,"./parser":9,"./util":10}],7:[function(require,module,exports){
|
| 1154 | |
| 1155 | |
| 1156 | |
| 1157 | |
| 1158 |
|
| 1159 |
|
| 1160 | function getDefaultWhiteList () {
|
| 1161 |
|
| 1162 |
|
| 1163 |
|
| 1164 |
|
| 1165 |
|
| 1166 | var whiteList = {};
|
| 1167 |
|
| 1168 | whiteList['align-content'] = false;
|
| 1169 | whiteList['align-items'] = false;
|
| 1170 | whiteList['align-self'] = false;
|
| 1171 | whiteList['alignment-adjust'] = false;
|
| 1172 | whiteList['alignment-baseline'] = false;
|
| 1173 | whiteList['all'] = false;
|
| 1174 | whiteList['anchor-point'] = false;
|
| 1175 | whiteList['animation'] = false;
|
| 1176 | whiteList['animation-delay'] = false;
|
| 1177 | whiteList['animation-direction'] = false;
|
| 1178 | whiteList['animation-duration'] = false;
|
| 1179 | whiteList['animation-fill-mode'] = false;
|
| 1180 | whiteList['animation-iteration-count'] = false;
|
| 1181 | whiteList['animation-name'] = false;
|
| 1182 | whiteList['animation-play-state'] = false;
|
| 1183 | whiteList['animation-timing-function'] = false;
|
| 1184 | whiteList['azimuth'] = false;
|
| 1185 | whiteList['backface-visibility'] = false;
|
| 1186 | whiteList['background'] = true;
|
| 1187 | whiteList['background-attachment'] = true;
|
| 1188 | whiteList['background-clip'] = true;
|
| 1189 | whiteList['background-color'] = true;
|
| 1190 | whiteList['background-image'] = true;
|
| 1191 | whiteList['background-origin'] = true;
|
| 1192 | whiteList['background-position'] = true;
|
| 1193 | whiteList['background-repeat'] = true;
|
| 1194 | whiteList['background-size'] = true;
|
| 1195 | whiteList['baseline-shift'] = false;
|
| 1196 | whiteList['binding'] = false;
|
| 1197 | whiteList['bleed'] = false;
|
| 1198 | whiteList['bookmark-label'] = false;
|
| 1199 | whiteList['bookmark-level'] = false;
|
| 1200 | whiteList['bookmark-state'] = false;
|
| 1201 | whiteList['border'] = true;
|
| 1202 | whiteList['border-bottom'] = true;
|
| 1203 | whiteList['border-bottom-color'] = true;
|
| 1204 | whiteList['border-bottom-left-radius'] = true;
|
| 1205 | whiteList['border-bottom-right-radius'] = true;
|
| 1206 | whiteList['border-bottom-style'] = true;
|
| 1207 | whiteList['border-bottom-width'] = true;
|
| 1208 | whiteList['border-collapse'] = true;
|
| 1209 | whiteList['border-color'] = true;
|
| 1210 | whiteList['border-image'] = true;
|
| 1211 | whiteList['border-image-outset'] = true;
|
| 1212 | whiteList['border-image-repeat'] = true;
|
| 1213 | whiteList['border-image-slice'] = true;
|
| 1214 | whiteList['border-image-source'] = true;
|
| 1215 | whiteList['border-image-width'] = true;
|
| 1216 | whiteList['border-left'] = true;
|
| 1217 | whiteList['border-left-color'] = true;
|
| 1218 | whiteList['border-left-style'] = true;
|
| 1219 | whiteList['border-left-width'] = true;
|
| 1220 | whiteList['border-radius'] = true;
|
| 1221 | whiteList['border-right'] = true;
|
| 1222 | whiteList['border-right-color'] = true;
|
| 1223 | whiteList['border-right-style'] = true;
|
| 1224 | whiteList['border-right-width'] = true;
|
| 1225 | whiteList['border-spacing'] = true;
|
| 1226 | whiteList['border-style'] = true;
|
| 1227 | whiteList['border-top'] = true;
|
| 1228 | whiteList['border-top-color'] = true;
|
| 1229 | whiteList['border-top-left-radius'] = true;
|
| 1230 | whiteList['border-top-right-radius'] = true;
|
| 1231 | whiteList['border-top-style'] = true;
|
| 1232 | whiteList['border-top-width'] = true;
|
| 1233 | whiteList['border-width'] = true;
|
| 1234 | whiteList['bottom'] = false;
|
| 1235 | whiteList['box-decoration-break'] = true;
|
| 1236 | whiteList['box-shadow'] = true;
|
| 1237 | whiteList['box-sizing'] = true;
|
| 1238 | whiteList['box-snap'] = true;
|
| 1239 | whiteList['box-suppress'] = true;
|
| 1240 | whiteList['break-after'] = true;
|
| 1241 | whiteList['break-before'] = true;
|
| 1242 | whiteList['break-inside'] = true;
|
| 1243 | whiteList['caption-side'] = false;
|
| 1244 | whiteList['chains'] = false;
|
| 1245 | whiteList['clear'] = true;
|
| 1246 | whiteList['clip'] = false;
|
| 1247 | whiteList['clip-path'] = false;
|
| 1248 | whiteList['clip-rule'] = false;
|
| 1249 | whiteList['color'] = true;
|
| 1250 | whiteList['color-interpolation-filters'] = true;
|
| 1251 | whiteList['column-count'] = false;
|
| 1252 | whiteList['column-fill'] = false;
|
| 1253 | whiteList['column-gap'] = false;
|
| 1254 | whiteList['column-rule'] = false;
|
| 1255 | whiteList['column-rule-color'] = false;
|
| 1256 | whiteList['column-rule-style'] = false;
|
| 1257 | whiteList['column-rule-width'] = false;
|
| 1258 | whiteList['column-span'] = false;
|
| 1259 | whiteList['column-width'] = false;
|
| 1260 | whiteList['columns'] = false;
|
| 1261 | whiteList['contain'] = false;
|
| 1262 | whiteList['content'] = false;
|
| 1263 | whiteList['counter-increment'] = false;
|
| 1264 | whiteList['counter-reset'] = false;
|
| 1265 | whiteList['counter-set'] = false;
|
| 1266 | whiteList['crop'] = false;
|
| 1267 | whiteList['cue'] = false;
|
| 1268 | whiteList['cue-after'] = false;
|
| 1269 | whiteList['cue-before'] = false;
|
| 1270 | whiteList['cursor'] = false;
|
| 1271 | whiteList['direction'] = false;
|
| 1272 | whiteList['display'] = true;
|
| 1273 | whiteList['display-inside'] = true;
|
| 1274 | whiteList['display-list'] = true;
|
| 1275 | whiteList['display-outside'] = true;
|
| 1276 | whiteList['dominant-baseline'] = false;
|
| 1277 | whiteList['elevation'] = false;
|
| 1278 | whiteList['empty-cells'] = false;
|
| 1279 | whiteList['filter'] = false;
|
| 1280 | whiteList['flex'] = false;
|
| 1281 | whiteList['flex-basis'] = false;
|
| 1282 | whiteList['flex-direction'] = false;
|
| 1283 | whiteList['flex-flow'] = false;
|
| 1284 | whiteList['flex-grow'] = false;
|
| 1285 | whiteList['flex-shrink'] = false;
|
| 1286 | whiteList['flex-wrap'] = false;
|
| 1287 | whiteList['float'] = false;
|
| 1288 | whiteList['float-offset'] = false;
|
| 1289 | whiteList['flood-color'] = false;
|
| 1290 | whiteList['flood-opacity'] = false;
|
| 1291 | whiteList['flow-from'] = false;
|
| 1292 | whiteList['flow-into'] = false;
|
| 1293 | whiteList['font'] = true;
|
| 1294 | whiteList['font-family'] = true;
|
| 1295 | whiteList['font-feature-settings'] = true;
|
| 1296 | whiteList['font-kerning'] = true;
|
| 1297 | whiteList['font-language-override'] = true;
|
| 1298 | whiteList['font-size'] = true;
|
| 1299 | whiteList['font-size-adjust'] = true;
|
| 1300 | whiteList['font-stretch'] = true;
|
| 1301 | whiteList['font-style'] = true;
|
| 1302 | whiteList['font-synthesis'] = true;
|
| 1303 | whiteList['font-variant'] = true;
|
| 1304 | whiteList['font-variant-alternates'] = true;
|
| 1305 | whiteList['font-variant-caps'] = true;
|
| 1306 | whiteList['font-variant-east-asian'] = true;
|
| 1307 | whiteList['font-variant-ligatures'] = true;
|
| 1308 | whiteList['font-variant-numeric'] = true;
|
| 1309 | whiteList['font-variant-position'] = true;
|
| 1310 | whiteList['font-weight'] = true;
|
| 1311 | whiteList['grid'] = false;
|
| 1312 | whiteList['grid-area'] = false;
|
| 1313 | whiteList['grid-auto-columns'] = false;
|
| 1314 | whiteList['grid-auto-flow'] = false;
|
| 1315 | whiteList['grid-auto-rows'] = false;
|
| 1316 | whiteList['grid-column'] = false;
|
| 1317 | whiteList['grid-column-end'] = false;
|
| 1318 | whiteList['grid-column-start'] = false;
|
| 1319 | whiteList['grid-row'] = false;
|
| 1320 | whiteList['grid-row-end'] = false;
|
| 1321 | whiteList['grid-row-start'] = false;
|
| 1322 | whiteList['grid-template'] = false;
|
| 1323 | whiteList['grid-template-areas'] = false;
|
| 1324 | whiteList['grid-template-columns'] = false;
|
| 1325 | whiteList['grid-template-rows'] = false;
|
| 1326 | whiteList['hanging-punctuation'] = false;
|
| 1327 | whiteList['height'] = true;
|
| 1328 | whiteList['hyphens'] = false;
|
| 1329 | whiteList['icon'] = false;
|
| 1330 | whiteList['image-orientation'] = false;
|
| 1331 | whiteList['image-resolution'] = false;
|
| 1332 | whiteList['ime-mode'] = false;
|
| 1333 | whiteList['initial-letters'] = false;
|
| 1334 | whiteList['inline-box-align'] = false;
|
| 1335 | whiteList['justify-content'] = false;
|
| 1336 | whiteList['justify-items'] = false;
|
| 1337 | whiteList['justify-self'] = false;
|
| 1338 | whiteList['left'] = false;
|
| 1339 | whiteList['letter-spacing'] = true;
|
| 1340 | whiteList['lighting-color'] = true;
|
| 1341 | whiteList['line-box-contain'] = false;
|
| 1342 | whiteList['line-break'] = false;
|
| 1343 | whiteList['line-grid'] = false;
|
| 1344 | whiteList['line-height'] = false;
|
| 1345 | whiteList['line-snap'] = false;
|
| 1346 | whiteList['line-stacking'] = false;
|
| 1347 | whiteList['line-stacking-ruby'] = false;
|
| 1348 | whiteList['line-stacking-shift'] = false;
|
| 1349 | whiteList['line-stacking-strategy'] = false;
|
| 1350 | whiteList['list-style'] = true;
|
| 1351 | whiteList['list-style-image'] = true;
|
| 1352 | whiteList['list-style-position'] = true;
|
| 1353 | whiteList['list-style-type'] = true;
|
| 1354 | whiteList['margin'] = true;
|
| 1355 | whiteList['margin-bottom'] = true;
|
| 1356 | whiteList['margin-left'] = true;
|
| 1357 | whiteList['margin-right'] = true;
|
| 1358 | whiteList['margin-top'] = true;
|
| 1359 | whiteList['marker-offset'] = false;
|
| 1360 | whiteList['marker-side'] = false;
|
| 1361 | whiteList['marks'] = false;
|
| 1362 | whiteList['mask'] = false;
|
| 1363 | whiteList['mask-box'] = false;
|
| 1364 | whiteList['mask-box-outset'] = false;
|
| 1365 | whiteList['mask-box-repeat'] = false;
|
| 1366 | whiteList['mask-box-slice'] = false;
|
| 1367 | whiteList['mask-box-source'] = false;
|
| 1368 | whiteList['mask-box-width'] = false;
|
| 1369 | whiteList['mask-clip'] = false;
|
| 1370 | whiteList['mask-image'] = false;
|
| 1371 | whiteList['mask-origin'] = false;
|
| 1372 | whiteList['mask-position'] = false;
|
| 1373 | whiteList['mask-repeat'] = false;
|
| 1374 | whiteList['mask-size'] = false;
|
| 1375 | whiteList['mask-source-type'] = false;
|
| 1376 | whiteList['mask-type'] = false;
|
| 1377 | whiteList['max-height'] = true;
|
| 1378 | whiteList['max-lines'] = false;
|
| 1379 | whiteList['max-width'] = true;
|
| 1380 | whiteList['min-height'] = true;
|
| 1381 | whiteList['min-width'] = true;
|
| 1382 | whiteList['move-to'] = false;
|
| 1383 | whiteList['nav-down'] = false;
|
| 1384 | whiteList['nav-index'] = false;
|
| 1385 | whiteList['nav-left'] = false;
|
| 1386 | whiteList['nav-right'] = false;
|
| 1387 | whiteList['nav-up'] = false;
|
| 1388 | whiteList['object-fit'] = false;
|
| 1389 | whiteList['object-position'] = false;
|
| 1390 | whiteList['opacity'] = false;
|
| 1391 | whiteList['order'] = false;
|
| 1392 | whiteList['orphans'] = false;
|
| 1393 | whiteList['outline'] = false;
|
| 1394 | whiteList['outline-color'] = false;
|
| 1395 | whiteList['outline-offset'] = false;
|
| 1396 | whiteList['outline-style'] = false;
|
| 1397 | whiteList['outline-width'] = false;
|
| 1398 | whiteList['overflow'] = false;
|
| 1399 | whiteList['overflow-wrap'] = false;
|
| 1400 | whiteList['overflow-x'] = false;
|
| 1401 | whiteList['overflow-y'] = false;
|
| 1402 | whiteList['padding'] = true;
|
| 1403 | whiteList['padding-bottom'] = true;
|
| 1404 | whiteList['padding-left'] = true;
|
| 1405 | whiteList['padding-right'] = true;
|
| 1406 | whiteList['padding-top'] = true;
|
| 1407 | whiteList['page'] = false;
|
| 1408 | whiteList['page-break-after'] = false;
|
| 1409 | whiteList['page-break-before'] = false;
|
| 1410 | whiteList['page-break-inside'] = false;
|
| 1411 | whiteList['page-policy'] = false;
|
| 1412 | whiteList['pause'] = false;
|
| 1413 | whiteList['pause-after'] = false;
|
| 1414 | whiteList['pause-before'] = false;
|
| 1415 | whiteList['perspective'] = false;
|
| 1416 | whiteList['perspective-origin'] = false;
|
| 1417 | whiteList['pitch'] = false;
|
| 1418 | whiteList['pitch-range'] = false;
|
| 1419 | whiteList['play-during'] = false;
|
| 1420 | whiteList['position'] = false;
|
| 1421 | whiteList['presentation-level'] = false;
|
| 1422 | whiteList['quotes'] = false;
|
| 1423 | whiteList['region-fragment'] = false;
|
| 1424 | whiteList['resize'] = false;
|
| 1425 | whiteList['rest'] = false;
|
| 1426 | whiteList['rest-after'] = false;
|
| 1427 | whiteList['rest-before'] = false;
|
| 1428 | whiteList['richness'] = false;
|
| 1429 | whiteList['right'] = false;
|
| 1430 | whiteList['rotation'] = false;
|
| 1431 | whiteList['rotation-point'] = false;
|
| 1432 | whiteList['ruby-align'] = false;
|
| 1433 | whiteList['ruby-merge'] = false;
|
| 1434 | whiteList['ruby-position'] = false;
|
| 1435 | whiteList['shape-image-threshold'] = false;
|
| 1436 | whiteList['shape-outside'] = false;
|
| 1437 | whiteList['shape-margin'] = false;
|
| 1438 | whiteList['size'] = false;
|
| 1439 | whiteList['speak'] = false;
|
| 1440 | whiteList['speak-as'] = false;
|
| 1441 | whiteList['speak-header'] = false;
|
| 1442 | whiteList['speak-numeral'] = false;
|
| 1443 | whiteList['speak-punctuation'] = false;
|
| 1444 | whiteList['speech-rate'] = false;
|
| 1445 | whiteList['stress'] = false;
|
| 1446 | whiteList['string-set'] = false;
|
| 1447 | whiteList['tab-size'] = false;
|
| 1448 | whiteList['table-layout'] = false;
|
| 1449 | whiteList['text-align'] = true;
|
| 1450 | whiteList['text-align-last'] = true;
|
| 1451 | whiteList['text-combine-upright'] = true;
|
| 1452 | whiteList['text-decoration'] = true;
|
| 1453 | whiteList['text-decoration-color'] = true;
|
| 1454 | whiteList['text-decoration-line'] = true;
|
| 1455 | whiteList['text-decoration-skip'] = true;
|
| 1456 | whiteList['text-decoration-style'] = true;
|
| 1457 | whiteList['text-emphasis'] = true;
|
| 1458 | whiteList['text-emphasis-color'] = true;
|
| 1459 | whiteList['text-emphasis-position'] = true;
|
| 1460 | whiteList['text-emphasis-style'] = true;
|
| 1461 | whiteList['text-height'] = true;
|
| 1462 | whiteList['text-indent'] = true;
|
| 1463 | whiteList['text-justify'] = true;
|
| 1464 | whiteList['text-orientation'] = true;
|
| 1465 | whiteList['text-overflow'] = true;
|
| 1466 | whiteList['text-shadow'] = true;
|
| 1467 | whiteList['text-space-collapse'] = true;
|
| 1468 | whiteList['text-transform'] = true;
|
| 1469 | whiteList['text-underline-position'] = true;
|
| 1470 | whiteList['text-wrap'] = true;
|
| 1471 | whiteList['top'] = false;
|
| 1472 | whiteList['transform'] = false;
|
| 1473 | whiteList['transform-origin'] = false;
|
| 1474 | whiteList['transform-style'] = false;
|
| 1475 | whiteList['transition'] = false;
|
| 1476 | whiteList['transition-delay'] = false;
|
| 1477 | whiteList['transition-duration'] = false;
|
| 1478 | whiteList['transition-property'] = false;
|
| 1479 | whiteList['transition-timing-function'] = false;
|
| 1480 | whiteList['unicode-bidi'] = false;
|
| 1481 | whiteList['vertical-align'] = false;
|
| 1482 | whiteList['visibility'] = false;
|
| 1483 | whiteList['voice-balance'] = false;
|
| 1484 | whiteList['voice-duration'] = false;
|
| 1485 | whiteList['voice-family'] = false;
|
| 1486 | whiteList['voice-pitch'] = false;
|
| 1487 | whiteList['voice-range'] = false;
|
| 1488 | whiteList['voice-rate'] = false;
|
| 1489 | whiteList['voice-stress'] = false;
|
| 1490 | whiteList['voice-volume'] = false;
|
| 1491 | whiteList['volume'] = false;
|
| 1492 | whiteList['white-space'] = false;
|
| 1493 | whiteList['widows'] = false;
|
| 1494 | whiteList['width'] = true;
|
| 1495 | whiteList['will-change'] = false;
|
| 1496 | whiteList['word-break'] = true;
|
| 1497 | whiteList['word-spacing'] = true;
|
| 1498 | whiteList['word-wrap'] = true;
|
| 1499 | whiteList['wrap-flow'] = false;
|
| 1500 | whiteList['wrap-through'] = false;
|
| 1501 | whiteList['writing-mode'] = false;
|
| 1502 | whiteList['z-index'] = false;
|
| 1503 |
|
| 1504 | return whiteList;
|
| 1505 | }
|
| 1506 |
|
| 1507 |
|
| 1508 | |
| 1509 | |
| 1510 | |
| 1511 | |
| 1512 | |
| 1513 | |
| 1514 | |
| 1515 |
|
| 1516 | function onAttr (name, value, options) {
|
| 1517 |
|
| 1518 | }
|
| 1519 |
|
| 1520 | |
| 1521 | |
| 1522 | |
| 1523 | |
| 1524 | |
| 1525 | |
| 1526 | |
| 1527 |
|
| 1528 | function onIgnoreAttr (name, value, options) {
|
| 1529 |
|
| 1530 | }
|
| 1531 |
|
| 1532 | var REGEXP_URL_JAVASCRIPT = /javascript\s*\:/img;
|
| 1533 |
|
| 1534 | |
| 1535 | |
| 1536 | |
| 1537 | |
| 1538 | |
| 1539 | |
| 1540 |
|
| 1541 | function safeAttrValue(name, value) {
|
| 1542 | if (REGEXP_URL_JAVASCRIPT.test(value)) return '';
|
| 1543 | return value;
|
| 1544 | }
|
| 1545 |
|
| 1546 |
|
| 1547 | exports.whiteList = getDefaultWhiteList();
|
| 1548 | exports.getDefaultWhiteList = getDefaultWhiteList;
|
| 1549 | exports.onAttr = onAttr;
|
| 1550 | exports.onIgnoreAttr = onIgnoreAttr;
|
| 1551 | exports.safeAttrValue = safeAttrValue;
|
| 1552 |
|
| 1553 | },{}],8:[function(require,module,exports){
|
| 1554 | |
| 1555 | |
| 1556 | |
| 1557 | |
| 1558 |
|
| 1559 |
|
| 1560 | var DEFAULT = require('./default');
|
| 1561 | var FilterCSS = require('./css');
|
| 1562 |
|
| 1563 |
|
| 1564 | |
| 1565 | |
| 1566 | |
| 1567 | |
| 1568 | |
| 1569 | |
| 1570 |
|
| 1571 | function filterCSS (html, options) {
|
| 1572 | var xss = new FilterCSS(options);
|
| 1573 | return xss.process(html);
|
| 1574 | }
|
| 1575 |
|
| 1576 |
|
| 1577 |
|
| 1578 | exports = module.exports = filterCSS;
|
| 1579 | exports.FilterCSS = FilterCSS;
|
| 1580 | for (var i in DEFAULT) exports[i] = DEFAULT[i];
|
| 1581 |
|
| 1582 |
|
| 1583 | if (typeof window !== 'undefined') {
|
| 1584 | window.filterCSS = module.exports;
|
| 1585 | }
|
| 1586 |
|
| 1587 | },{"./css":6,"./default":7}],9:[function(require,module,exports){
|
| 1588 | |
| 1589 | |
| 1590 | |
| 1591 | |
| 1592 |
|
| 1593 |
|
| 1594 | var _ = require('./util');
|
| 1595 |
|
| 1596 |
|
| 1597 | |
| 1598 | |
| 1599 | |
| 1600 | |
| 1601 | |
| 1602 | |
| 1603 | |
| 1604 |
|
| 1605 | function parseStyle (css, onAttr) {
|
| 1606 | css = _.trimRight(css);
|
| 1607 | if (css[css.length - 1] !== ';') css += ';';
|
| 1608 | var cssLength = css.length;
|
| 1609 | var isParenthesisOpen = false;
|
| 1610 | var lastPos = 0;
|
| 1611 | var i = 0;
|
| 1612 | var retCSS = '';
|
| 1613 |
|
| 1614 | function addNewAttr () {
|
| 1615 |
|
| 1616 | if (!isParenthesisOpen) {
|
| 1617 | var source = _.trim(css.slice(lastPos, i));
|
| 1618 | var j = source.indexOf(':');
|
| 1619 | if (j !== -1) {
|
| 1620 | var name = _.trim(source.slice(0, j));
|
| 1621 | var value = _.trim(source.slice(j + 1));
|
| 1622 |
|
| 1623 | if (name) {
|
| 1624 | var ret = onAttr(lastPos, retCSS.length, name, value, source);
|
| 1625 | if (ret) retCSS += ret + '; ';
|
| 1626 | }
|
| 1627 | }
|
| 1628 | }
|
| 1629 | lastPos = i + 1;
|
| 1630 | }
|
| 1631 |
|
| 1632 | for (; i < cssLength; i++) {
|
| 1633 | var c = css[i];
|
| 1634 | if (c === '/' && css[i + 1] === '*') {
|
| 1635 |
|
| 1636 | var j = css.indexOf('*/', i + 2);
|
| 1637 |
|
| 1638 | if (j === -1) break;
|
| 1639 |
|
| 1640 | i = j + 1;
|
| 1641 | lastPos = i + 1;
|
| 1642 | isParenthesisOpen = false;
|
| 1643 | } else if (c === '(') {
|
| 1644 | isParenthesisOpen = true;
|
| 1645 | } else if (c === ')') {
|
| 1646 | isParenthesisOpen = false;
|
| 1647 | } else if (c === ';') {
|
| 1648 | if (isParenthesisOpen) {
|
| 1649 |
|
| 1650 | } else {
|
| 1651 | addNewAttr();
|
| 1652 | }
|
| 1653 | } else if (c === '\n') {
|
| 1654 | addNewAttr();
|
| 1655 | }
|
| 1656 | }
|
| 1657 |
|
| 1658 | return _.trim(retCSS);
|
| 1659 | }
|
| 1660 |
|
| 1661 | module.exports = parseStyle;
|
| 1662 |
|
| 1663 | },{"./util":10}],10:[function(require,module,exports){
|
| 1664 | module.exports = {
|
| 1665 | indexOf: function (arr, item) {
|
| 1666 | var i, j;
|
| 1667 | if (Array.prototype.indexOf) {
|
| 1668 | return arr.indexOf(item);
|
| 1669 | }
|
| 1670 | for (i = 0, j = arr.length; i < j; i++) {
|
| 1671 | if (arr[i] === item) {
|
| 1672 | return i;
|
| 1673 | }
|
| 1674 | }
|
| 1675 | return -1;
|
| 1676 | },
|
| 1677 | forEach: function (arr, fn, scope) {
|
| 1678 | var i, j;
|
| 1679 | if (Array.prototype.forEach) {
|
| 1680 | return arr.forEach(fn, scope);
|
| 1681 | }
|
| 1682 | for (i = 0, j = arr.length; i < j; i++) {
|
| 1683 | fn.call(scope, arr[i], i, arr);
|
| 1684 | }
|
| 1685 | },
|
| 1686 | trim: function (str) {
|
| 1687 | if (String.prototype.trim) {
|
| 1688 | return str.trim();
|
| 1689 | }
|
| 1690 | return str.replace(/(^\s*)|(\s*$)/g, '');
|
| 1691 | },
|
| 1692 | trimRight: function (str) {
|
| 1693 | if (String.prototype.trimRight) {
|
| 1694 | return str.trimRight();
|
| 1695 | }
|
| 1696 | return str.replace(/(\s*$)/g, '');
|
| 1697 | }
|
| 1698 | };
|
| 1699 |
|
| 1700 | },{}]},{},[2]);
|