| 1 | (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){
|
| 2 | |
| 3 | |
| 4 | |
| 5 | |
| 6 |
|
| 7 |
|
| 8 | var FilterCSS = require("cssfilter").FilterCSS;
|
| 9 | var getDefaultCSSWhiteList = require("cssfilter").getDefaultWhiteList;
|
| 10 | var _ = require("./util");
|
| 11 |
|
| 12 | function getDefaultWhiteList() {
|
| 13 | return {
|
| 14 | a: ["target", "href", "title"],
|
| 15 | abbr: ["title"],
|
| 16 | address: [],
|
| 17 | area: ["shape", "coords", "href", "alt"],
|
| 18 | article: [],
|
| 19 | aside: [],
|
| 20 | audio: ["autoplay", "controls", "loop", "preload", "src"],
|
| 21 | b: [],
|
| 22 | bdi: ["dir"],
|
| 23 | bdo: ["dir"],
|
| 24 | big: [],
|
| 25 | blockquote: ["cite"],
|
| 26 | br: [],
|
| 27 | caption: [],
|
| 28 | center: [],
|
| 29 | cite: [],
|
| 30 | code: [],
|
| 31 | col: ["align", "valign", "span", "width"],
|
| 32 | colgroup: ["align", "valign", "span", "width"],
|
| 33 | dd: [],
|
| 34 | del: ["datetime"],
|
| 35 | details: ["open"],
|
| 36 | div: [],
|
| 37 | dl: [],
|
| 38 | dt: [],
|
| 39 | em: [],
|
| 40 | font: ["color", "size", "face"],
|
| 41 | footer: [],
|
| 42 | h1: [],
|
| 43 | h2: [],
|
| 44 | h3: [],
|
| 45 | h4: [],
|
| 46 | h5: [],
|
| 47 | h6: [],
|
| 48 | header: [],
|
| 49 | hr: [],
|
| 50 | i: [],
|
| 51 | img: ["src", "alt", "title", "width", "height"],
|
| 52 | ins: ["datetime"],
|
| 53 | li: [],
|
| 54 | mark: [],
|
| 55 | nav: [],
|
| 56 | ol: [],
|
| 57 | p: [],
|
| 58 | pre: [],
|
| 59 | s: [],
|
| 60 | section: [],
|
| 61 | small: [],
|
| 62 | span: [],
|
| 63 | sub: [],
|
| 64 | sup: [],
|
| 65 | strong: [],
|
| 66 | table: ["width", "border", "align", "valign"],
|
| 67 | tbody: ["align", "valign"],
|
| 68 | td: ["width", "rowspan", "colspan", "align", "valign"],
|
| 69 | tfoot: ["align", "valign"],
|
| 70 | th: ["width", "rowspan", "colspan", "align", "valign"],
|
| 71 | thead: ["align", "valign"],
|
| 72 | tr: ["rowspan", "align", "valign"],
|
| 73 | tt: [],
|
| 74 | u: [],
|
| 75 | ul: [],
|
| 76 | video: ["autoplay", "controls", "loop", "preload", "src", "height", "width"]
|
| 77 | };
|
| 78 | }
|
| 79 |
|
| 80 | var defaultCSSFilter = new FilterCSS();
|
| 81 |
|
| 82 | |
| 83 | |
| 84 | |
| 85 | |
| 86 | |
| 87 | |
| 88 | |
| 89 |
|
| 90 | function onTag(tag, html, options) {
|
| 91 |
|
| 92 | }
|
| 93 |
|
| 94 | |
| 95 | |
| 96 | |
| 97 | |
| 98 | |
| 99 | |
| 100 | |
| 101 |
|
| 102 | function onIgnoreTag(tag, html, options) {
|
| 103 |
|
| 104 | }
|
| 105 |
|
| 106 | |
| 107 | |
| 108 | |
| 109 | |
| 110 | |
| 111 | |
| 112 | |
| 113 |
|
| 114 | function onTagAttr(tag, name, value) {
|
| 115 |
|
| 116 | }
|
| 117 |
|
| 118 | |
| 119 | |
| 120 | |
| 121 | |
| 122 | |
| 123 | |
| 124 | |
| 125 |
|
| 126 | function onIgnoreTagAttr(tag, name, value) {
|
| 127 |
|
| 128 | }
|
| 129 |
|
| 130 | |
| 131 | |
| 132 | |
| 133 | |
| 134 |
|
| 135 | function escapeHtml(html) {
|
| 136 | return html.replace(REGEXP_LT, "<").replace(REGEXP_GT, ">");
|
| 137 | }
|
| 138 |
|
| 139 | |
| 140 | |
| 141 | |
| 142 | |
| 143 | |
| 144 | |
| 145 | |
| 146 | |
| 147 |
|
| 148 | function safeAttrValue(tag, name, value, cssFilter) {
|
| 149 |
|
| 150 | value = friendlyAttrValue(value);
|
| 151 |
|
| 152 | if (name === "href" || name === "src") {
|
| 153 |
|
| 154 |
|
| 155 | value = _.trim(value);
|
| 156 | if (value === "#") return "#";
|
| 157 | if (
|
| 158 | !(
|
| 159 | value.substr(0, 7) === "http://" ||
|
| 160 | value.substr(0, 8) === "https://" ||
|
| 161 | value.substr(0, 7) === "mailto:" ||
|
| 162 | value.substr(0, 4) === "tel:" ||
|
| 163 | value[0] === "#" ||
|
| 164 | value[0] === "/"
|
| 165 | )
|
| 166 | ) {
|
| 167 | return "";
|
| 168 | }
|
| 169 | } else if (name === "background") {
|
| 170 |
|
| 171 |
|
| 172 | REGEXP_DEFAULT_ON_TAG_ATTR_4.lastIndex = 0;
|
| 173 | if (REGEXP_DEFAULT_ON_TAG_ATTR_4.test(value)) {
|
| 174 | return "";
|
| 175 | }
|
| 176 | } else if (name === "style") {
|
| 177 |
|
| 178 | REGEXP_DEFAULT_ON_TAG_ATTR_7.lastIndex = 0;
|
| 179 | if (REGEXP_DEFAULT_ON_TAG_ATTR_7.test(value)) {
|
| 180 | return "";
|
| 181 | }
|
| 182 |
|
| 183 | REGEXP_DEFAULT_ON_TAG_ATTR_8.lastIndex = 0;
|
| 184 | if (REGEXP_DEFAULT_ON_TAG_ATTR_8.test(value)) {
|
| 185 | REGEXP_DEFAULT_ON_TAG_ATTR_4.lastIndex = 0;
|
| 186 | if (REGEXP_DEFAULT_ON_TAG_ATTR_4.test(value)) {
|
| 187 | return "";
|
| 188 | }
|
| 189 | }
|
| 190 | if (cssFilter !== false) {
|
| 191 | cssFilter = cssFilter || defaultCSSFilter;
|
| 192 | value = cssFilter.process(value);
|
| 193 | }
|
| 194 | }
|
| 195 |
|
| 196 |
|
| 197 | value = escapeAttrValue(value);
|
| 198 | return value;
|
| 199 | }
|
| 200 |
|
| 201 |
|
| 202 | var REGEXP_LT = /</g;
|
| 203 | var REGEXP_GT = />/g;
|
| 204 | var REGEXP_QUOTE = /"/g;
|
| 205 | var REGEXP_QUOTE_2 = /"/g;
|
| 206 | var REGEXP_ATTR_VALUE_1 = /&#([a-zA-Z0-9]*);?/gim;
|
| 207 | var REGEXP_ATTR_VALUE_COLON = /:?/gim;
|
| 208 | var REGEXP_ATTR_VALUE_NEWLINE = /&newline;?/gim;
|
| 209 | var REGEXP_DEFAULT_ON_TAG_ATTR_3 = /\/\*|\*\//gm;
|
| 210 | var REGEXP_DEFAULT_ON_TAG_ATTR_4 = /((j\s*a\s*v\s*a|v\s*b|l\s*i\s*v\s*e)\s*s\s*c\s*r\s*i\s*p\s*t\s*|m\s*o\s*c\s*h\s*a)\:/gi;
|
| 211 | var REGEXP_DEFAULT_ON_TAG_ATTR_5 = /^[\s"'`]*(d\s*a\s*t\s*a\s*)\:/gi;
|
| 212 | var REGEXP_DEFAULT_ON_TAG_ATTR_6 = /^[\s"'`]*(d\s*a\s*t\s*a\s*)\:\s*image\//gi;
|
| 213 | var REGEXP_DEFAULT_ON_TAG_ATTR_7 = /e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n\s*\(.*/gi;
|
| 214 | var REGEXP_DEFAULT_ON_TAG_ATTR_8 = /u\s*r\s*l\s*\(.*/gi;
|
| 215 |
|
| 216 | |
| 217 | |
| 218 | |
| 219 | |
| 220 | |
| 221 |
|
| 222 | function escapeQuote(str) {
|
| 223 | return str.replace(REGEXP_QUOTE, """);
|
| 224 | }
|
| 225 |
|
| 226 | |
| 227 | |
| 228 | |
| 229 | |
| 230 | |
| 231 |
|
| 232 | function unescapeQuote(str) {
|
| 233 | return str.replace(REGEXP_QUOTE_2, '"');
|
| 234 | }
|
| 235 |
|
| 236 | |
| 237 | |
| 238 | |
| 239 | |
| 240 | |
| 241 |
|
| 242 | function escapeHtmlEntities(str) {
|
| 243 | return str.replace(REGEXP_ATTR_VALUE_1, function replaceUnicode(str, code) {
|
| 244 | return code[0] === "x" || code[0] === "X"
|
| 245 | ? String.fromCharCode(parseInt(code.substr(1), 16))
|
| 246 | : String.fromCharCode(parseInt(code, 10));
|
| 247 | });
|
| 248 | }
|
| 249 |
|
| 250 | |
| 251 | |
| 252 | |
| 253 | |
| 254 | |
| 255 |
|
| 256 | function escapeDangerHtml5Entities(str) {
|
| 257 | return str
|
| 258 | .replace(REGEXP_ATTR_VALUE_COLON, ":")
|
| 259 | .replace(REGEXP_ATTR_VALUE_NEWLINE, " ");
|
| 260 | }
|
| 261 |
|
| 262 | |
| 263 | |
| 264 | |
| 265 | |
| 266 | |
| 267 |
|
| 268 | function clearNonPrintableCharacter(str) {
|
| 269 | var str2 = "";
|
| 270 | for (var i = 0, len = str.length; i < len; i++) {
|
| 271 | str2 += str.charCodeAt(i) < 32 ? " " : str.charAt(i);
|
| 272 | }
|
| 273 | return _.trim(str2);
|
| 274 | }
|
| 275 |
|
| 276 | |
| 277 | |
| 278 | |
| 279 | |
| 280 | |
| 281 |
|
| 282 | function friendlyAttrValue(str) {
|
| 283 | str = unescapeQuote(str);
|
| 284 | str = escapeHtmlEntities(str);
|
| 285 | str = escapeDangerHtml5Entities(str);
|
| 286 | str = clearNonPrintableCharacter(str);
|
| 287 | return str;
|
| 288 | }
|
| 289 |
|
| 290 | |
| 291 | |
| 292 | |
| 293 | |
| 294 | |
| 295 |
|
| 296 | function escapeAttrValue(str) {
|
| 297 | str = escapeQuote(str);
|
| 298 | str = escapeHtml(str);
|
| 299 | return str;
|
| 300 | }
|
| 301 |
|
| 302 | |
| 303 | |
| 304 |
|
| 305 | function onIgnoreTagStripAll() {
|
| 306 | return "";
|
| 307 | }
|
| 308 |
|
| 309 | |
| 310 | |
| 311 | |
| 312 | |
| 313 | |
| 314 | |
| 315 |
|
| 316 | function StripTagBody(tags, next) {
|
| 317 | if (typeof next !== "function") {
|
| 318 | next = function() {};
|
| 319 | }
|
| 320 |
|
| 321 | var isRemoveAllTag = !Array.isArray(tags);
|
| 322 | function isRemoveTag(tag) {
|
| 323 | if (isRemoveAllTag) return true;
|
| 324 | return _.indexOf(tags, tag) !== -1;
|
| 325 | }
|
| 326 |
|
| 327 | var removeList = [];
|
| 328 | var posStart = false;
|
| 329 |
|
| 330 | return {
|
| 331 | onIgnoreTag: function(tag, html, options) {
|
| 332 | if (isRemoveTag(tag)) {
|
| 333 | if (options.isClosing) {
|
| 334 | var ret = "[/removed]";
|
| 335 | var end = options.position + ret.length;
|
| 336 | removeList.push([
|
| 337 | posStart !== false ? posStart : options.position,
|
| 338 | end
|
| 339 | ]);
|
| 340 | posStart = false;
|
| 341 | return ret;
|
| 342 | } else {
|
| 343 | if (!posStart) {
|
| 344 | posStart = options.position;
|
| 345 | }
|
| 346 | return "[removed]";
|
| 347 | }
|
| 348 | } else {
|
| 349 | return next(tag, html, options);
|
| 350 | }
|
| 351 | },
|
| 352 | remove: function(html) {
|
| 353 | var rethtml = "";
|
| 354 | var lastPos = 0;
|
| 355 | _.forEach(removeList, function(pos) {
|
| 356 | rethtml += html.slice(lastPos, pos[0]);
|
| 357 | lastPos = pos[1];
|
| 358 | });
|
| 359 | rethtml += html.slice(lastPos);
|
| 360 | return rethtml;
|
| 361 | }
|
| 362 | };
|
| 363 | }
|
| 364 |
|
| 365 | |
| 366 | |
| 367 | |
| 368 | |
| 369 | |
| 370 |
|
| 371 | function stripCommentTag(html) {
|
| 372 | return html.replace(STRIP_COMMENT_TAG_REGEXP, "");
|
| 373 | }
|
| 374 | var STRIP_COMMENT_TAG_REGEXP = /<!--[\s\S]*?-->/g;
|
| 375 |
|
| 376 | |
| 377 | |
| 378 | |
| 379 | |
| 380 | |
| 381 |
|
| 382 | function stripBlankChar(html) {
|
| 383 | var chars = html.split("");
|
| 384 | chars = chars.filter(function(char) {
|
| 385 | var c = char.charCodeAt(0);
|
| 386 | if (c === 127) return false;
|
| 387 | if (c <= 31) {
|
| 388 | if (c === 10 || c === 13) return true;
|
| 389 | return false;
|
| 390 | }
|
| 391 | return true;
|
| 392 | });
|
| 393 | return chars.join("");
|
| 394 | }
|
| 395 |
|
| 396 | exports.whiteList = getDefaultWhiteList();
|
| 397 | exports.getDefaultWhiteList = getDefaultWhiteList;
|
| 398 | exports.onTag = onTag;
|
| 399 | exports.onIgnoreTag = onIgnoreTag;
|
| 400 | exports.onTagAttr = onTagAttr;
|
| 401 | exports.onIgnoreTagAttr = onIgnoreTagAttr;
|
| 402 | exports.safeAttrValue = safeAttrValue;
|
| 403 | exports.escapeHtml = escapeHtml;
|
| 404 | exports.escapeQuote = escapeQuote;
|
| 405 | exports.unescapeQuote = unescapeQuote;
|
| 406 | exports.escapeHtmlEntities = escapeHtmlEntities;
|
| 407 | exports.escapeDangerHtml5Entities = escapeDangerHtml5Entities;
|
| 408 | exports.clearNonPrintableCharacter = clearNonPrintableCharacter;
|
| 409 | exports.friendlyAttrValue = friendlyAttrValue;
|
| 410 | exports.escapeAttrValue = escapeAttrValue;
|
| 411 | exports.onIgnoreTagStripAll = onIgnoreTagStripAll;
|
| 412 | exports.StripTagBody = StripTagBody;
|
| 413 | exports.stripCommentTag = stripCommentTag;
|
| 414 | exports.stripBlankChar = stripBlankChar;
|
| 415 | exports.cssFilter = defaultCSSFilter;
|
| 416 | exports.getDefaultCSSWhiteList = getDefaultCSSWhiteList;
|
| 417 |
|
| 418 | },{"./util":4,"cssfilter":8}],2:[function(require,module,exports){
|
| 419 | |
| 420 | |
| 421 | |
| 422 | |
| 423 |
|
| 424 |
|
| 425 | var DEFAULT = require("./default");
|
| 426 | var parser = require("./parser");
|
| 427 | var FilterXSS = require("./xss");
|
| 428 |
|
| 429 | |
| 430 | |
| 431 | |
| 432 | |
| 433 | |
| 434 | |
| 435 |
|
| 436 | function filterXSS(html, options) {
|
| 437 | var xss = new FilterXSS(options);
|
| 438 | return xss.process(html);
|
| 439 | }
|
| 440 |
|
| 441 | exports = module.exports = filterXSS;
|
| 442 | exports.FilterXSS = FilterXSS;
|
| 443 | for (var i in DEFAULT) exports[i] = DEFAULT[i];
|
| 444 | for (var i in parser) exports[i] = parser[i];
|
| 445 |
|
| 446 |
|
| 447 | if (typeof window !== "undefined") {
|
| 448 | window.filterXSS = module.exports;
|
| 449 | }
|
| 450 |
|
| 451 |
|
| 452 | function isWorkerEnv() {
|
| 453 | return typeof self !== 'undefined' && typeof DedicatedWorkerGlobalScope !== 'undefined' && self instanceof DedicatedWorkerGlobalScope;
|
| 454 | }
|
| 455 | if (isWorkerEnv()) {
|
| 456 | self.filterXSS = module.exports;
|
| 457 | }
|
| 458 |
|
| 459 | },{"./default":1,"./parser":3,"./xss":5}],3:[function(require,module,exports){
|
| 460 | |
| 461 | |
| 462 | |
| 463 | |
| 464 |
|
| 465 |
|
| 466 | var _ = require("./util");
|
| 467 |
|
| 468 | |
| 469 | |
| 470 | |
| 471 | |
| 472 | |
| 473 |
|
| 474 | function getTagName(html) {
|
| 475 | var i = _.spaceIndex(html);
|
| 476 | if (i === -1) {
|
| 477 | var tagName = html.slice(1, -1);
|
| 478 | } else {
|
| 479 | var tagName = html.slice(1, i + 1);
|
| 480 | }
|
| 481 | tagName = _.trim(tagName).toLowerCase();
|
| 482 | if (tagName.slice(0, 1) === "/") tagName = tagName.slice(1);
|
| 483 | if (tagName.slice(-1) === "/") tagName = tagName.slice(0, -1);
|
| 484 | return tagName;
|
| 485 | }
|
| 486 |
|
| 487 | |
| 488 | |
| 489 | |
| 490 | |
| 491 | |
| 492 |
|
| 493 | function isClosing(html) {
|
| 494 | return html.slice(0, 2) === "</";
|
| 495 | }
|
| 496 |
|
| 497 | |
| 498 | |
| 499 | |
| 500 | |
| 501 | |
| 502 | |
| 503 | |
| 504 |
|
| 505 | function parseTag(html, onTag, escapeHtml) {
|
| 506 | "user strict";
|
| 507 |
|
| 508 | var rethtml = "";
|
| 509 | var lastPos = 0;
|
| 510 | var tagStart = false;
|
| 511 | var quoteStart = false;
|
| 512 | var currentPos = 0;
|
| 513 | var len = html.length;
|
| 514 | var currentTagName = "";
|
| 515 | var currentHtml = "";
|
| 516 |
|
| 517 | for (currentPos = 0; currentPos < len; currentPos++) {
|
| 518 | var c = html.charAt(currentPos);
|
| 519 | if (tagStart === false) {
|
| 520 | if (c === "<") {
|
| 521 | tagStart = currentPos;
|
| 522 | continue;
|
| 523 | }
|
| 524 | } else {
|
| 525 | if (quoteStart === false) {
|
| 526 | if (c === "<") {
|
| 527 | rethtml += escapeHtml(html.slice(lastPos, currentPos));
|
| 528 | tagStart = currentPos;
|
| 529 | lastPos = currentPos;
|
| 530 | continue;
|
| 531 | }
|
| 532 | if (c === ">") {
|
| 533 | rethtml += escapeHtml(html.slice(lastPos, tagStart));
|
| 534 | currentHtml = html.slice(tagStart, currentPos + 1);
|
| 535 | currentTagName = getTagName(currentHtml);
|
| 536 | rethtml += onTag(
|
| 537 | tagStart,
|
| 538 | rethtml.length,
|
| 539 | currentTagName,
|
| 540 | currentHtml,
|
| 541 | isClosing(currentHtml)
|
| 542 | );
|
| 543 | lastPos = currentPos + 1;
|
| 544 | tagStart = false;
|
| 545 | continue;
|
| 546 | }
|
| 547 | if ((c === '"' || c === "'") && html.charAt(currentPos - 1) === "=") {
|
| 548 | quoteStart = c;
|
| 549 | continue;
|
| 550 | }
|
| 551 | } else {
|
| 552 | if (c === quoteStart) {
|
| 553 | quoteStart = false;
|
| 554 | continue;
|
| 555 | }
|
| 556 | }
|
| 557 | }
|
| 558 | }
|
| 559 | if (lastPos < html.length) {
|
| 560 | rethtml += escapeHtml(html.substr(lastPos));
|
| 561 | }
|
| 562 |
|
| 563 | return rethtml;
|
| 564 | }
|
| 565 |
|
| 566 | var REGEXP_ILLEGAL_ATTR_NAME = /[^a-zA-Z0-9_:\.\-]/gim;
|
| 567 |
|
| 568 | |
| 569 | |
| 570 | |
| 571 | |
| 572 | |
| 573 | |
| 574 |
|
| 575 | function parseAttr(html, onAttr) {
|
| 576 | "user strict";
|
| 577 |
|
| 578 | var lastPos = 0;
|
| 579 | var retAttrs = [];
|
| 580 | var tmpName = false;
|
| 581 | var len = html.length;
|
| 582 |
|
| 583 | function addAttr(name, value) {
|
| 584 | name = _.trim(name);
|
| 585 | name = name.replace(REGEXP_ILLEGAL_ATTR_NAME, "").toLowerCase();
|
| 586 | if (name.length < 1) return;
|
| 587 | var ret = onAttr(name, value || "");
|
| 588 | if (ret) retAttrs.push(ret);
|
| 589 | }
|
| 590 |
|
| 591 |
|
| 592 | for (var i = 0; i < len; i++) {
|
| 593 | var c = html.charAt(i);
|
| 594 | var v, j;
|
| 595 | if (tmpName === false && c === "=") {
|
| 596 | tmpName = html.slice(lastPos, i);
|
| 597 | lastPos = i + 1;
|
| 598 | continue;
|
| 599 | }
|
| 600 | if (tmpName !== false) {
|
| 601 | if (
|
| 602 | i === lastPos &&
|
| 603 | (c === '"' || c === "'") &&
|
| 604 | html.charAt(i - 1) === "="
|
| 605 | ) {
|
| 606 | j = html.indexOf(c, i + 1);
|
| 607 | if (j === -1) {
|
| 608 | break;
|
| 609 | } else {
|
| 610 | v = _.trim(html.slice(lastPos + 1, j));
|
| 611 | addAttr(tmpName, v);
|
| 612 | tmpName = false;
|
| 613 | i = j;
|
| 614 | lastPos = i + 1;
|
| 615 | continue;
|
| 616 | }
|
| 617 | }
|
| 618 | }
|
| 619 | if (/\s|\n|\t/.test(c)) {
|
| 620 | html = html.replace(/\s|\n|\t/g, " ");
|
| 621 | if (tmpName === false) {
|
| 622 | j = findNextEqual(html, i);
|
| 623 | if (j === -1) {
|
| 624 | v = _.trim(html.slice(lastPos, i));
|
| 625 | addAttr(v);
|
| 626 | tmpName = false;
|
| 627 | lastPos = i + 1;
|
| 628 | continue;
|
| 629 | } else {
|
| 630 | i = j - 1;
|
| 631 | continue;
|
| 632 | }
|
| 633 | } else {
|
| 634 | j = findBeforeEqual(html, i - 1);
|
| 635 | if (j === -1) {
|
| 636 | v = _.trim(html.slice(lastPos, i));
|
| 637 | v = stripQuoteWrap(v);
|
| 638 | addAttr(tmpName, v);
|
| 639 | tmpName = false;
|
| 640 | lastPos = i + 1;
|
| 641 | continue;
|
| 642 | } else {
|
| 643 | continue;
|
| 644 | }
|
| 645 | }
|
| 646 | }
|
| 647 | }
|
| 648 |
|
| 649 | if (lastPos < html.length) {
|
| 650 | if (tmpName === false) {
|
| 651 | addAttr(html.slice(lastPos));
|
| 652 | } else {
|
| 653 | addAttr(tmpName, stripQuoteWrap(_.trim(html.slice(lastPos))));
|
| 654 | }
|
| 655 | }
|
| 656 |
|
| 657 | return _.trim(retAttrs.join(" "));
|
| 658 | }
|
| 659 |
|
| 660 | function findNextEqual(str, i) {
|
| 661 | for (; i < str.length; i++) {
|
| 662 | var c = str[i];
|
| 663 | if (c === " ") continue;
|
| 664 | if (c === "=") return i;
|
| 665 | return -1;
|
| 666 | }
|
| 667 | }
|
| 668 |
|
| 669 | function findBeforeEqual(str, i) {
|
| 670 | for (; i > 0; i--) {
|
| 671 | var c = str[i];
|
| 672 | if (c === " ") continue;
|
| 673 | if (c === "=") return i;
|
| 674 | return -1;
|
| 675 | }
|
| 676 | }
|
| 677 |
|
| 678 | function isQuoteWrapString(text) {
|
| 679 | if (
|
| 680 | (text[0] === '"' && text[text.length - 1] === '"') ||
|
| 681 | (text[0] === "'" && text[text.length - 1] === "'")
|
| 682 | ) {
|
| 683 | return true;
|
| 684 | } else {
|
| 685 | return false;
|
| 686 | }
|
| 687 | }
|
| 688 |
|
| 689 | function stripQuoteWrap(text) {
|
| 690 | if (isQuoteWrapString(text)) {
|
| 691 | return text.substr(1, text.length - 2);
|
| 692 | } else {
|
| 693 | return text;
|
| 694 | }
|
| 695 | }
|
| 696 |
|
| 697 | exports.parseTag = parseTag;
|
| 698 | exports.parseAttr = parseAttr;
|
| 699 |
|
| 700 | },{"./util":4}],4:[function(require,module,exports){
|
| 701 | module.exports = {
|
| 702 | indexOf: function(arr, item) {
|
| 703 | var i, j;
|
| 704 | if (Array.prototype.indexOf) {
|
| 705 | return arr.indexOf(item);
|
| 706 | }
|
| 707 | for (i = 0, j = arr.length; i < j; i++) {
|
| 708 | if (arr[i] === item) {
|
| 709 | return i;
|
| 710 | }
|
| 711 | }
|
| 712 | return -1;
|
| 713 | },
|
| 714 | forEach: function(arr, fn, scope) {
|
| 715 | var i, j;
|
| 716 | if (Array.prototype.forEach) {
|
| 717 | return arr.forEach(fn, scope);
|
| 718 | }
|
| 719 | for (i = 0, j = arr.length; i < j; i++) {
|
| 720 | fn.call(scope, arr[i], i, arr);
|
| 721 | }
|
| 722 | },
|
| 723 | trim: function(str) {
|
| 724 | if (String.prototype.trim) {
|
| 725 | return str.trim();
|
| 726 | }
|
| 727 | return str.replace(/(^\s*)|(\s*$)/g, "");
|
| 728 | },
|
| 729 | spaceIndex: function(str) {
|
| 730 | var reg = /\s|\n|\t/;
|
| 731 | var match = reg.exec(str);
|
| 732 | return match ? match.index : -1;
|
| 733 | }
|
| 734 | };
|
| 735 |
|
| 736 | },{}],5:[function(require,module,exports){
|
| 737 | |
| 738 | |
| 739 | |
| 740 | |
| 741 |
|
| 742 |
|
| 743 | var FilterCSS = require("cssfilter").FilterCSS;
|
| 744 | var DEFAULT = require("./default");
|
| 745 | var parser = require("./parser");
|
| 746 | var parseTag = parser.parseTag;
|
| 747 | var parseAttr = parser.parseAttr;
|
| 748 | var _ = require("./util");
|
| 749 |
|
| 750 | |
| 751 | |
| 752 | |
| 753 | |
| 754 | |
| 755 |
|
| 756 | function isNull(obj) {
|
| 757 | return obj === undefined || obj === null;
|
| 758 | }
|
| 759 |
|
| 760 | |
| 761 | |
| 762 | |
| 763 | |
| 764 | |
| 765 | |
| 766 | |
| 767 |
|
| 768 | function getAttrs(html) {
|
| 769 | var i = _.spaceIndex(html);
|
| 770 | if (i === -1) {
|
| 771 | return {
|
| 772 | html: "",
|
| 773 | closing: html[html.length - 2] === "/"
|
| 774 | };
|
| 775 | }
|
| 776 | html = _.trim(html.slice(i + 1, -1));
|
| 777 | var isClosing = html[html.length - 1] === "/";
|
| 778 | if (isClosing) html = _.trim(html.slice(0, -1));
|
| 779 | return {
|
| 780 | html: html,
|
| 781 | closing: isClosing
|
| 782 | };
|
| 783 | }
|
| 784 |
|
| 785 | |
| 786 | |
| 787 | |
| 788 | |
| 789 | |
| 790 |
|
| 791 | function shallowCopyObject(obj) {
|
| 792 | var ret = {};
|
| 793 | for (var i in obj) {
|
| 794 | ret[i] = obj[i];
|
| 795 | }
|
| 796 | return ret;
|
| 797 | }
|
| 798 |
|
| 799 | |
| 800 | |
| 801 | |
| 802 | |
| 803 | |
| 804 | |
| 805 | |
| 806 | |
| 807 |
|
| 808 | function FilterXSS(options) {
|
| 809 | options = shallowCopyObject(options || {});
|
| 810 |
|
| 811 | if (options.stripIgnoreTag) {
|
| 812 | if (options.onIgnoreTag) {
|
| 813 | console.error(
|
| 814 | 'Notes: cannot use these two options "stripIgnoreTag" and "onIgnoreTag" at the same time'
|
| 815 | );
|
| 816 | }
|
| 817 | options.onIgnoreTag = DEFAULT.onIgnoreTagStripAll;
|
| 818 | }
|
| 819 |
|
| 820 | options.whiteList = options.whiteList || DEFAULT.whiteList;
|
| 821 | options.onTag = options.onTag || DEFAULT.onTag;
|
| 822 | options.onTagAttr = options.onTagAttr || DEFAULT.onTagAttr;
|
| 823 | options.onIgnoreTag = options.onIgnoreTag || DEFAULT.onIgnoreTag;
|
| 824 | options.onIgnoreTagAttr = options.onIgnoreTagAttr || DEFAULT.onIgnoreTagAttr;
|
| 825 | options.safeAttrValue = options.safeAttrValue || DEFAULT.safeAttrValue;
|
| 826 | options.escapeHtml = options.escapeHtml || DEFAULT.escapeHtml;
|
| 827 | this.options = options;
|
| 828 |
|
| 829 | if (options.css === false) {
|
| 830 | this.cssFilter = false;
|
| 831 | } else {
|
| 832 | options.css = options.css || {};
|
| 833 | this.cssFilter = new FilterCSS(options.css);
|
| 834 | }
|
| 835 | }
|
| 836 |
|
| 837 | |
| 838 | |
| 839 | |
| 840 | |
| 841 | |
| 842 |
|
| 843 | FilterXSS.prototype.process = function(html) {
|
| 844 |
|
| 845 | html = html || "";
|
| 846 | html = html.toString();
|
| 847 | if (!html) return "";
|
| 848 |
|
| 849 | var me = this;
|
| 850 | var options = me.options;
|
| 851 | var whiteList = options.whiteList;
|
| 852 | var onTag = options.onTag;
|
| 853 | var onIgnoreTag = options.onIgnoreTag;
|
| 854 | var onTagAttr = options.onTagAttr;
|
| 855 | var onIgnoreTagAttr = options.onIgnoreTagAttr;
|
| 856 | var safeAttrValue = options.safeAttrValue;
|
| 857 | var escapeHtml = options.escapeHtml;
|
| 858 | var cssFilter = me.cssFilter;
|
| 859 |
|
| 860 |
|
| 861 | if (options.stripBlankChar) {
|
| 862 | html = DEFAULT.stripBlankChar(html);
|
| 863 | }
|
| 864 |
|
| 865 |
|
| 866 | if (!options.allowCommentTag) {
|
| 867 | html = DEFAULT.stripCommentTag(html);
|
| 868 | }
|
| 869 |
|
| 870 |
|
| 871 | var stripIgnoreTagBody = false;
|
| 872 | if (options.stripIgnoreTagBody) {
|
| 873 | var stripIgnoreTagBody = DEFAULT.StripTagBody(
|
| 874 | options.stripIgnoreTagBody,
|
| 875 | onIgnoreTag
|
| 876 | );
|
| 877 | onIgnoreTag = stripIgnoreTagBody.onIgnoreTag;
|
| 878 | }
|
| 879 |
|
| 880 | var retHtml = parseTag(
|
| 881 | html,
|
| 882 | function(sourcePosition, position, tag, html, isClosing) {
|
| 883 | var info = {
|
| 884 | sourcePosition: sourcePosition,
|
| 885 | position: position,
|
| 886 | isClosing: isClosing,
|
| 887 | isWhite: whiteList.hasOwnProperty(tag)
|
| 888 | };
|
| 889 |
|
| 890 |
|
| 891 | var ret = onTag(tag, html, info);
|
| 892 | if (!isNull(ret)) return ret;
|
| 893 |
|
| 894 | if (info.isWhite) {
|
| 895 | if (info.isClosing) {
|
| 896 | return "</" + tag + ">";
|
| 897 | }
|
| 898 |
|
| 899 | var attrs = getAttrs(html);
|
| 900 | var whiteAttrList = whiteList[tag];
|
| 901 | var attrsHtml = parseAttr(attrs.html, function(name, value) {
|
| 902 |
|
| 903 | var isWhiteAttr = _.indexOf(whiteAttrList, name) !== -1;
|
| 904 | var ret = onTagAttr(tag, name, value, isWhiteAttr);
|
| 905 | if (!isNull(ret)) return ret;
|
| 906 |
|
| 907 | if (isWhiteAttr) {
|
| 908 |
|
| 909 | value = safeAttrValue(tag, name, value, cssFilter);
|
| 910 | if (value) {
|
| 911 | return name + '="' + value + '"';
|
| 912 | } else {
|
| 913 | return name;
|
| 914 | }
|
| 915 | } else {
|
| 916 |
|
| 917 | var ret = onIgnoreTagAttr(tag, name, value, isWhiteAttr);
|
| 918 | if (!isNull(ret)) return ret;
|
| 919 | return;
|
| 920 | }
|
| 921 | });
|
| 922 |
|
| 923 |
|
| 924 | var html = "<" + tag;
|
| 925 | if (attrsHtml) html += " " + attrsHtml;
|
| 926 | if (attrs.closing) html += " /";
|
| 927 | html += ">";
|
| 928 | return html;
|
| 929 | } else {
|
| 930 |
|
| 931 | var ret = onIgnoreTag(tag, html, info);
|
| 932 | if (!isNull(ret)) return ret;
|
| 933 | return escapeHtml(html);
|
| 934 | }
|
| 935 | },
|
| 936 | escapeHtml
|
| 937 | );
|
| 938 |
|
| 939 |
|
| 940 | if (stripIgnoreTagBody) {
|
| 941 | retHtml = stripIgnoreTagBody.remove(retHtml);
|
| 942 | }
|
| 943 |
|
| 944 | return retHtml;
|
| 945 | };
|
| 946 |
|
| 947 | module.exports = FilterXSS;
|
| 948 |
|
| 949 | },{"./default":1,"./parser":3,"./util":4,"cssfilter":8}],6:[function(require,module,exports){
|
| 950 | |
| 951 | |
| 952 | |
| 953 | |
| 954 |
|
| 955 |
|
| 956 | var DEFAULT = require('./default');
|
| 957 | var parseStyle = require('./parser');
|
| 958 | var _ = require('./util');
|
| 959 |
|
| 960 |
|
| 961 | |
| 962 | |
| 963 | |
| 964 | |
| 965 | |
| 966 |
|
| 967 | function isNull (obj) {
|
| 968 | return (obj === undefined || obj === null);
|
| 969 | }
|
| 970 |
|
| 971 | |
| 972 | |
| 973 | |
| 974 | |
| 975 | |
| 976 |
|
| 977 | function shallowCopyObject (obj) {
|
| 978 | var ret = {};
|
| 979 | for (var i in obj) {
|
| 980 | ret[i] = obj[i];
|
| 981 | }
|
| 982 | return ret;
|
| 983 | }
|
| 984 |
|
| 985 | |
| 986 | |
| 987 | |
| 988 | |
| 989 | |
| 990 | |
| 991 | |
| 992 | |
| 993 |
|
| 994 | function FilterCSS (options) {
|
| 995 | options = shallowCopyObject(options || {});
|
| 996 | options.whiteList = options.whiteList || DEFAULT.whiteList;
|
| 997 | options.onAttr = options.onAttr || DEFAULT.onAttr;
|
| 998 | options.onIgnoreAttr = options.onIgnoreAttr || DEFAULT.onIgnoreAttr;
|
| 999 | options.safeAttrValue = options.safeAttrValue || DEFAULT.safeAttrValue;
|
| 1000 | this.options = options;
|
| 1001 | }
|
| 1002 |
|
| 1003 | FilterCSS.prototype.process = function (css) {
|
| 1004 |
|
| 1005 | css = css || '';
|
| 1006 | css = css.toString();
|
| 1007 | if (!css) return '';
|
| 1008 |
|
| 1009 | var me = this;
|
| 1010 | var options = me.options;
|
| 1011 | var whiteList = options.whiteList;
|
| 1012 | var onAttr = options.onAttr;
|
| 1013 | var onIgnoreAttr = options.onIgnoreAttr;
|
| 1014 | var safeAttrValue = options.safeAttrValue;
|
| 1015 |
|
| 1016 | var retCSS = parseStyle(css, function (sourcePosition, position, name, value, source) {
|
| 1017 |
|
| 1018 | var check = whiteList[name];
|
| 1019 | var isWhite = false;
|
| 1020 | if (check === true) isWhite = check;
|
| 1021 | else if (typeof check === 'function') isWhite = check(value);
|
| 1022 | else if (check instanceof RegExp) isWhite = check.test(value);
|
| 1023 | if (isWhite !== true) isWhite = false;
|
| 1024 |
|
| 1025 |
|
| 1026 | value = safeAttrValue(name, value);
|
| 1027 | if (!value) return;
|
| 1028 |
|
| 1029 | var opts = {
|
| 1030 | position: position,
|
| 1031 | sourcePosition: sourcePosition,
|
| 1032 | source: source,
|
| 1033 | isWhite: isWhite
|
| 1034 | };
|
| 1035 |
|
| 1036 | if (isWhite) {
|
| 1037 |
|
| 1038 | var ret = onAttr(name, value, opts);
|
| 1039 | if (isNull(ret)) {
|
| 1040 | return name + ':' + value;
|
| 1041 | } else {
|
| 1042 | return ret;
|
| 1043 | }
|
| 1044 |
|
| 1045 | } else {
|
| 1046 |
|
| 1047 | var ret = onIgnoreAttr(name, value, opts);
|
| 1048 | if (!isNull(ret)) {
|
| 1049 | return ret;
|
| 1050 | }
|
| 1051 |
|
| 1052 | }
|
| 1053 | });
|
| 1054 |
|
| 1055 | return retCSS;
|
| 1056 | };
|
| 1057 |
|
| 1058 |
|
| 1059 | module.exports = FilterCSS;
|
| 1060 |
|
| 1061 | },{"./default":7,"./parser":9,"./util":10}],7:[function(require,module,exports){
|
| 1062 | |
| 1063 | |
| 1064 | |
| 1065 | |
| 1066 |
|
| 1067 |
|
| 1068 | function getDefaultWhiteList () {
|
| 1069 |
|
| 1070 |
|
| 1071 |
|
| 1072 |
|
| 1073 |
|
| 1074 | var whiteList = {};
|
| 1075 |
|
| 1076 | whiteList['align-content'] = false;
|
| 1077 | whiteList['align-items'] = false;
|
| 1078 | whiteList['align-self'] = false;
|
| 1079 | whiteList['alignment-adjust'] = false;
|
| 1080 | whiteList['alignment-baseline'] = false;
|
| 1081 | whiteList['all'] = false;
|
| 1082 | whiteList['anchor-point'] = false;
|
| 1083 | whiteList['animation'] = false;
|
| 1084 | whiteList['animation-delay'] = false;
|
| 1085 | whiteList['animation-direction'] = false;
|
| 1086 | whiteList['animation-duration'] = false;
|
| 1087 | whiteList['animation-fill-mode'] = false;
|
| 1088 | whiteList['animation-iteration-count'] = false;
|
| 1089 | whiteList['animation-name'] = false;
|
| 1090 | whiteList['animation-play-state'] = false;
|
| 1091 | whiteList['animation-timing-function'] = false;
|
| 1092 | whiteList['azimuth'] = false;
|
| 1093 | whiteList['backface-visibility'] = false;
|
| 1094 | whiteList['background'] = true;
|
| 1095 | whiteList['background-attachment'] = true;
|
| 1096 | whiteList['background-clip'] = true;
|
| 1097 | whiteList['background-color'] = true;
|
| 1098 | whiteList['background-image'] = true;
|
| 1099 | whiteList['background-origin'] = true;
|
| 1100 | whiteList['background-position'] = true;
|
| 1101 | whiteList['background-repeat'] = true;
|
| 1102 | whiteList['background-size'] = true;
|
| 1103 | whiteList['baseline-shift'] = false;
|
| 1104 | whiteList['binding'] = false;
|
| 1105 | whiteList['bleed'] = false;
|
| 1106 | whiteList['bookmark-label'] = false;
|
| 1107 | whiteList['bookmark-level'] = false;
|
| 1108 | whiteList['bookmark-state'] = false;
|
| 1109 | whiteList['border'] = true;
|
| 1110 | whiteList['border-bottom'] = true;
|
| 1111 | whiteList['border-bottom-color'] = true;
|
| 1112 | whiteList['border-bottom-left-radius'] = true;
|
| 1113 | whiteList['border-bottom-right-radius'] = true;
|
| 1114 | whiteList['border-bottom-style'] = true;
|
| 1115 | whiteList['border-bottom-width'] = true;
|
| 1116 | whiteList['border-collapse'] = true;
|
| 1117 | whiteList['border-color'] = true;
|
| 1118 | whiteList['border-image'] = true;
|
| 1119 | whiteList['border-image-outset'] = true;
|
| 1120 | whiteList['border-image-repeat'] = true;
|
| 1121 | whiteList['border-image-slice'] = true;
|
| 1122 | whiteList['border-image-source'] = true;
|
| 1123 | whiteList['border-image-width'] = true;
|
| 1124 | whiteList['border-left'] = true;
|
| 1125 | whiteList['border-left-color'] = true;
|
| 1126 | whiteList['border-left-style'] = true;
|
| 1127 | whiteList['border-left-width'] = true;
|
| 1128 | whiteList['border-radius'] = true;
|
| 1129 | whiteList['border-right'] = true;
|
| 1130 | whiteList['border-right-color'] = true;
|
| 1131 | whiteList['border-right-style'] = true;
|
| 1132 | whiteList['border-right-width'] = true;
|
| 1133 | whiteList['border-spacing'] = true;
|
| 1134 | whiteList['border-style'] = true;
|
| 1135 | whiteList['border-top'] = true;
|
| 1136 | whiteList['border-top-color'] = true;
|
| 1137 | whiteList['border-top-left-radius'] = true;
|
| 1138 | whiteList['border-top-right-radius'] = true;
|
| 1139 | whiteList['border-top-style'] = true;
|
| 1140 | whiteList['border-top-width'] = true;
|
| 1141 | whiteList['border-width'] = true;
|
| 1142 | whiteList['bottom'] = false;
|
| 1143 | whiteList['box-decoration-break'] = true;
|
| 1144 | whiteList['box-shadow'] = true;
|
| 1145 | whiteList['box-sizing'] = true;
|
| 1146 | whiteList['box-snap'] = true;
|
| 1147 | whiteList['box-suppress'] = true;
|
| 1148 | whiteList['break-after'] = true;
|
| 1149 | whiteList['break-before'] = true;
|
| 1150 | whiteList['break-inside'] = true;
|
| 1151 | whiteList['caption-side'] = false;
|
| 1152 | whiteList['chains'] = false;
|
| 1153 | whiteList['clear'] = true;
|
| 1154 | whiteList['clip'] = false;
|
| 1155 | whiteList['clip-path'] = false;
|
| 1156 | whiteList['clip-rule'] = false;
|
| 1157 | whiteList['color'] = true;
|
| 1158 | whiteList['color-interpolation-filters'] = true;
|
| 1159 | whiteList['column-count'] = false;
|
| 1160 | whiteList['column-fill'] = false;
|
| 1161 | whiteList['column-gap'] = false;
|
| 1162 | whiteList['column-rule'] = false;
|
| 1163 | whiteList['column-rule-color'] = false;
|
| 1164 | whiteList['column-rule-style'] = false;
|
| 1165 | whiteList['column-rule-width'] = false;
|
| 1166 | whiteList['column-span'] = false;
|
| 1167 | whiteList['column-width'] = false;
|
| 1168 | whiteList['columns'] = false;
|
| 1169 | whiteList['contain'] = false;
|
| 1170 | whiteList['content'] = false;
|
| 1171 | whiteList['counter-increment'] = false;
|
| 1172 | whiteList['counter-reset'] = false;
|
| 1173 | whiteList['counter-set'] = false;
|
| 1174 | whiteList['crop'] = false;
|
| 1175 | whiteList['cue'] = false;
|
| 1176 | whiteList['cue-after'] = false;
|
| 1177 | whiteList['cue-before'] = false;
|
| 1178 | whiteList['cursor'] = false;
|
| 1179 | whiteList['direction'] = false;
|
| 1180 | whiteList['display'] = true;
|
| 1181 | whiteList['display-inside'] = true;
|
| 1182 | whiteList['display-list'] = true;
|
| 1183 | whiteList['display-outside'] = true;
|
| 1184 | whiteList['dominant-baseline'] = false;
|
| 1185 | whiteList['elevation'] = false;
|
| 1186 | whiteList['empty-cells'] = false;
|
| 1187 | whiteList['filter'] = false;
|
| 1188 | whiteList['flex'] = false;
|
| 1189 | whiteList['flex-basis'] = false;
|
| 1190 | whiteList['flex-direction'] = false;
|
| 1191 | whiteList['flex-flow'] = false;
|
| 1192 | whiteList['flex-grow'] = false;
|
| 1193 | whiteList['flex-shrink'] = false;
|
| 1194 | whiteList['flex-wrap'] = false;
|
| 1195 | whiteList['float'] = false;
|
| 1196 | whiteList['float-offset'] = false;
|
| 1197 | whiteList['flood-color'] = false;
|
| 1198 | whiteList['flood-opacity'] = false;
|
| 1199 | whiteList['flow-from'] = false;
|
| 1200 | whiteList['flow-into'] = false;
|
| 1201 | whiteList['font'] = true;
|
| 1202 | whiteList['font-family'] = true;
|
| 1203 | whiteList['font-feature-settings'] = true;
|
| 1204 | whiteList['font-kerning'] = true;
|
| 1205 | whiteList['font-language-override'] = true;
|
| 1206 | whiteList['font-size'] = true;
|
| 1207 | whiteList['font-size-adjust'] = true;
|
| 1208 | whiteList['font-stretch'] = true;
|
| 1209 | whiteList['font-style'] = true;
|
| 1210 | whiteList['font-synthesis'] = true;
|
| 1211 | whiteList['font-variant'] = true;
|
| 1212 | whiteList['font-variant-alternates'] = true;
|
| 1213 | whiteList['font-variant-caps'] = true;
|
| 1214 | whiteList['font-variant-east-asian'] = true;
|
| 1215 | whiteList['font-variant-ligatures'] = true;
|
| 1216 | whiteList['font-variant-numeric'] = true;
|
| 1217 | whiteList['font-variant-position'] = true;
|
| 1218 | whiteList['font-weight'] = true;
|
| 1219 | whiteList['grid'] = false;
|
| 1220 | whiteList['grid-area'] = false;
|
| 1221 | whiteList['grid-auto-columns'] = false;
|
| 1222 | whiteList['grid-auto-flow'] = false;
|
| 1223 | whiteList['grid-auto-rows'] = false;
|
| 1224 | whiteList['grid-column'] = false;
|
| 1225 | whiteList['grid-column-end'] = false;
|
| 1226 | whiteList['grid-column-start'] = false;
|
| 1227 | whiteList['grid-row'] = false;
|
| 1228 | whiteList['grid-row-end'] = false;
|
| 1229 | whiteList['grid-row-start'] = false;
|
| 1230 | whiteList['grid-template'] = false;
|
| 1231 | whiteList['grid-template-areas'] = false;
|
| 1232 | whiteList['grid-template-columns'] = false;
|
| 1233 | whiteList['grid-template-rows'] = false;
|
| 1234 | whiteList['hanging-punctuation'] = false;
|
| 1235 | whiteList['height'] = true;
|
| 1236 | whiteList['hyphens'] = false;
|
| 1237 | whiteList['icon'] = false;
|
| 1238 | whiteList['image-orientation'] = false;
|
| 1239 | whiteList['image-resolution'] = false;
|
| 1240 | whiteList['ime-mode'] = false;
|
| 1241 | whiteList['initial-letters'] = false;
|
| 1242 | whiteList['inline-box-align'] = false;
|
| 1243 | whiteList['justify-content'] = false;
|
| 1244 | whiteList['justify-items'] = false;
|
| 1245 | whiteList['justify-self'] = false;
|
| 1246 | whiteList['left'] = false;
|
| 1247 | whiteList['letter-spacing'] = true;
|
| 1248 | whiteList['lighting-color'] = true;
|
| 1249 | whiteList['line-box-contain'] = false;
|
| 1250 | whiteList['line-break'] = false;
|
| 1251 | whiteList['line-grid'] = false;
|
| 1252 | whiteList['line-height'] = false;
|
| 1253 | whiteList['line-snap'] = false;
|
| 1254 | whiteList['line-stacking'] = false;
|
| 1255 | whiteList['line-stacking-ruby'] = false;
|
| 1256 | whiteList['line-stacking-shift'] = false;
|
| 1257 | whiteList['line-stacking-strategy'] = false;
|
| 1258 | whiteList['list-style'] = true;
|
| 1259 | whiteList['list-style-image'] = true;
|
| 1260 | whiteList['list-style-position'] = true;
|
| 1261 | whiteList['list-style-type'] = true;
|
| 1262 | whiteList['margin'] = true;
|
| 1263 | whiteList['margin-bottom'] = true;
|
| 1264 | whiteList['margin-left'] = true;
|
| 1265 | whiteList['margin-right'] = true;
|
| 1266 | whiteList['margin-top'] = true;
|
| 1267 | whiteList['marker-offset'] = false;
|
| 1268 | whiteList['marker-side'] = false;
|
| 1269 | whiteList['marks'] = false;
|
| 1270 | whiteList['mask'] = false;
|
| 1271 | whiteList['mask-box'] = false;
|
| 1272 | whiteList['mask-box-outset'] = false;
|
| 1273 | whiteList['mask-box-repeat'] = false;
|
| 1274 | whiteList['mask-box-slice'] = false;
|
| 1275 | whiteList['mask-box-source'] = false;
|
| 1276 | whiteList['mask-box-width'] = false;
|
| 1277 | whiteList['mask-clip'] = false;
|
| 1278 | whiteList['mask-image'] = false;
|
| 1279 | whiteList['mask-origin'] = false;
|
| 1280 | whiteList['mask-position'] = false;
|
| 1281 | whiteList['mask-repeat'] = false;
|
| 1282 | whiteList['mask-size'] = false;
|
| 1283 | whiteList['mask-source-type'] = false;
|
| 1284 | whiteList['mask-type'] = false;
|
| 1285 | whiteList['max-height'] = true;
|
| 1286 | whiteList['max-lines'] = false;
|
| 1287 | whiteList['max-width'] = true;
|
| 1288 | whiteList['min-height'] = true;
|
| 1289 | whiteList['min-width'] = true;
|
| 1290 | whiteList['move-to'] = false;
|
| 1291 | whiteList['nav-down'] = false;
|
| 1292 | whiteList['nav-index'] = false;
|
| 1293 | whiteList['nav-left'] = false;
|
| 1294 | whiteList['nav-right'] = false;
|
| 1295 | whiteList['nav-up'] = false;
|
| 1296 | whiteList['object-fit'] = false;
|
| 1297 | whiteList['object-position'] = false;
|
| 1298 | whiteList['opacity'] = false;
|
| 1299 | whiteList['order'] = false;
|
| 1300 | whiteList['orphans'] = false;
|
| 1301 | whiteList['outline'] = false;
|
| 1302 | whiteList['outline-color'] = false;
|
| 1303 | whiteList['outline-offset'] = false;
|
| 1304 | whiteList['outline-style'] = false;
|
| 1305 | whiteList['outline-width'] = false;
|
| 1306 | whiteList['overflow'] = false;
|
| 1307 | whiteList['overflow-wrap'] = false;
|
| 1308 | whiteList['overflow-x'] = false;
|
| 1309 | whiteList['overflow-y'] = false;
|
| 1310 | whiteList['padding'] = true;
|
| 1311 | whiteList['padding-bottom'] = true;
|
| 1312 | whiteList['padding-left'] = true;
|
| 1313 | whiteList['padding-right'] = true;
|
| 1314 | whiteList['padding-top'] = true;
|
| 1315 | whiteList['page'] = false;
|
| 1316 | whiteList['page-break-after'] = false;
|
| 1317 | whiteList['page-break-before'] = false;
|
| 1318 | whiteList['page-break-inside'] = false;
|
| 1319 | whiteList['page-policy'] = false;
|
| 1320 | whiteList['pause'] = false;
|
| 1321 | whiteList['pause-after'] = false;
|
| 1322 | whiteList['pause-before'] = false;
|
| 1323 | whiteList['perspective'] = false;
|
| 1324 | whiteList['perspective-origin'] = false;
|
| 1325 | whiteList['pitch'] = false;
|
| 1326 | whiteList['pitch-range'] = false;
|
| 1327 | whiteList['play-during'] = false;
|
| 1328 | whiteList['position'] = false;
|
| 1329 | whiteList['presentation-level'] = false;
|
| 1330 | whiteList['quotes'] = false;
|
| 1331 | whiteList['region-fragment'] = false;
|
| 1332 | whiteList['resize'] = false;
|
| 1333 | whiteList['rest'] = false;
|
| 1334 | whiteList['rest-after'] = false;
|
| 1335 | whiteList['rest-before'] = false;
|
| 1336 | whiteList['richness'] = false;
|
| 1337 | whiteList['right'] = false;
|
| 1338 | whiteList['rotation'] = false;
|
| 1339 | whiteList['rotation-point'] = false;
|
| 1340 | whiteList['ruby-align'] = false;
|
| 1341 | whiteList['ruby-merge'] = false;
|
| 1342 | whiteList['ruby-position'] = false;
|
| 1343 | whiteList['shape-image-threshold'] = false;
|
| 1344 | whiteList['shape-outside'] = false;
|
| 1345 | whiteList['shape-margin'] = false;
|
| 1346 | whiteList['size'] = false;
|
| 1347 | whiteList['speak'] = false;
|
| 1348 | whiteList['speak-as'] = false;
|
| 1349 | whiteList['speak-header'] = false;
|
| 1350 | whiteList['speak-numeral'] = false;
|
| 1351 | whiteList['speak-punctuation'] = false;
|
| 1352 | whiteList['speech-rate'] = false;
|
| 1353 | whiteList['stress'] = false;
|
| 1354 | whiteList['string-set'] = false;
|
| 1355 | whiteList['tab-size'] = false;
|
| 1356 | whiteList['table-layout'] = false;
|
| 1357 | whiteList['text-align'] = true;
|
| 1358 | whiteList['text-align-last'] = true;
|
| 1359 | whiteList['text-combine-upright'] = true;
|
| 1360 | whiteList['text-decoration'] = true;
|
| 1361 | whiteList['text-decoration-color'] = true;
|
| 1362 | whiteList['text-decoration-line'] = true;
|
| 1363 | whiteList['text-decoration-skip'] = true;
|
| 1364 | whiteList['text-decoration-style'] = true;
|
| 1365 | whiteList['text-emphasis'] = true;
|
| 1366 | whiteList['text-emphasis-color'] = true;
|
| 1367 | whiteList['text-emphasis-position'] = true;
|
| 1368 | whiteList['text-emphasis-style'] = true;
|
| 1369 | whiteList['text-height'] = true;
|
| 1370 | whiteList['text-indent'] = true;
|
| 1371 | whiteList['text-justify'] = true;
|
| 1372 | whiteList['text-orientation'] = true;
|
| 1373 | whiteList['text-overflow'] = true;
|
| 1374 | whiteList['text-shadow'] = true;
|
| 1375 | whiteList['text-space-collapse'] = true;
|
| 1376 | whiteList['text-transform'] = true;
|
| 1377 | whiteList['text-underline-position'] = true;
|
| 1378 | whiteList['text-wrap'] = true;
|
| 1379 | whiteList['top'] = false;
|
| 1380 | whiteList['transform'] = false;
|
| 1381 | whiteList['transform-origin'] = false;
|
| 1382 | whiteList['transform-style'] = false;
|
| 1383 | whiteList['transition'] = false;
|
| 1384 | whiteList['transition-delay'] = false;
|
| 1385 | whiteList['transition-duration'] = false;
|
| 1386 | whiteList['transition-property'] = false;
|
| 1387 | whiteList['transition-timing-function'] = false;
|
| 1388 | whiteList['unicode-bidi'] = false;
|
| 1389 | whiteList['vertical-align'] = false;
|
| 1390 | whiteList['visibility'] = false;
|
| 1391 | whiteList['voice-balance'] = false;
|
| 1392 | whiteList['voice-duration'] = false;
|
| 1393 | whiteList['voice-family'] = false;
|
| 1394 | whiteList['voice-pitch'] = false;
|
| 1395 | whiteList['voice-range'] = false;
|
| 1396 | whiteList['voice-rate'] = false;
|
| 1397 | whiteList['voice-stress'] = false;
|
| 1398 | whiteList['voice-volume'] = false;
|
| 1399 | whiteList['volume'] = false;
|
| 1400 | whiteList['white-space'] = false;
|
| 1401 | whiteList['widows'] = false;
|
| 1402 | whiteList['width'] = true;
|
| 1403 | whiteList['will-change'] = false;
|
| 1404 | whiteList['word-break'] = true;
|
| 1405 | whiteList['word-spacing'] = true;
|
| 1406 | whiteList['word-wrap'] = true;
|
| 1407 | whiteList['wrap-flow'] = false;
|
| 1408 | whiteList['wrap-through'] = false;
|
| 1409 | whiteList['writing-mode'] = false;
|
| 1410 | whiteList['z-index'] = false;
|
| 1411 |
|
| 1412 | return whiteList;
|
| 1413 | }
|
| 1414 |
|
| 1415 |
|
| 1416 | |
| 1417 | |
| 1418 | |
| 1419 | |
| 1420 | |
| 1421 | |
| 1422 | |
| 1423 |
|
| 1424 | function onAttr (name, value, options) {
|
| 1425 |
|
| 1426 | }
|
| 1427 |
|
| 1428 | |
| 1429 | |
| 1430 | |
| 1431 | |
| 1432 | |
| 1433 | |
| 1434 | |
| 1435 |
|
| 1436 | function onIgnoreAttr (name, value, options) {
|
| 1437 |
|
| 1438 | }
|
| 1439 |
|
| 1440 | var REGEXP_URL_JAVASCRIPT = /javascript\s*\:/img;
|
| 1441 |
|
| 1442 | |
| 1443 | |
| 1444 | |
| 1445 | |
| 1446 | |
| 1447 | |
| 1448 |
|
| 1449 | function safeAttrValue(name, value) {
|
| 1450 | if (REGEXP_URL_JAVASCRIPT.test(value)) return '';
|
| 1451 | return value;
|
| 1452 | }
|
| 1453 |
|
| 1454 |
|
| 1455 | exports.whiteList = getDefaultWhiteList();
|
| 1456 | exports.getDefaultWhiteList = getDefaultWhiteList;
|
| 1457 | exports.onAttr = onAttr;
|
| 1458 | exports.onIgnoreAttr = onIgnoreAttr;
|
| 1459 | exports.safeAttrValue = safeAttrValue;
|
| 1460 |
|
| 1461 | },{}],8:[function(require,module,exports){
|
| 1462 | |
| 1463 | |
| 1464 | |
| 1465 | |
| 1466 |
|
| 1467 |
|
| 1468 | var DEFAULT = require('./default');
|
| 1469 | var FilterCSS = require('./css');
|
| 1470 |
|
| 1471 |
|
| 1472 | |
| 1473 | |
| 1474 | |
| 1475 | |
| 1476 | |
| 1477 | |
| 1478 |
|
| 1479 | function filterCSS (html, options) {
|
| 1480 | var xss = new FilterCSS(options);
|
| 1481 | return xss.process(html);
|
| 1482 | }
|
| 1483 |
|
| 1484 |
|
| 1485 |
|
| 1486 | exports = module.exports = filterCSS;
|
| 1487 | exports.FilterCSS = FilterCSS;
|
| 1488 | for (var i in DEFAULT) exports[i] = DEFAULT[i];
|
| 1489 |
|
| 1490 |
|
| 1491 | if (typeof window !== 'undefined') {
|
| 1492 | window.filterCSS = module.exports;
|
| 1493 | }
|
| 1494 |
|
| 1495 | },{"./css":6,"./default":7}],9:[function(require,module,exports){
|
| 1496 | |
| 1497 | |
| 1498 | |
| 1499 | |
| 1500 |
|
| 1501 |
|
| 1502 | var _ = require('./util');
|
| 1503 |
|
| 1504 |
|
| 1505 | |
| 1506 | |
| 1507 | |
| 1508 | |
| 1509 | |
| 1510 | |
| 1511 | |
| 1512 |
|
| 1513 | function parseStyle (css, onAttr) {
|
| 1514 | css = _.trimRight(css);
|
| 1515 | if (css[css.length - 1] !== ';') css += ';';
|
| 1516 | var cssLength = css.length;
|
| 1517 | var isParenthesisOpen = false;
|
| 1518 | var lastPos = 0;
|
| 1519 | var i = 0;
|
| 1520 | var retCSS = '';
|
| 1521 |
|
| 1522 | function addNewAttr () {
|
| 1523 |
|
| 1524 | if (!isParenthesisOpen) {
|
| 1525 | var source = _.trim(css.slice(lastPos, i));
|
| 1526 | var j = source.indexOf(':');
|
| 1527 | if (j !== -1) {
|
| 1528 | var name = _.trim(source.slice(0, j));
|
| 1529 | var value = _.trim(source.slice(j + 1));
|
| 1530 |
|
| 1531 | if (name) {
|
| 1532 | var ret = onAttr(lastPos, retCSS.length, name, value, source);
|
| 1533 | if (ret) retCSS += ret + '; ';
|
| 1534 | }
|
| 1535 | }
|
| 1536 | }
|
| 1537 | lastPos = i + 1;
|
| 1538 | }
|
| 1539 |
|
| 1540 | for (; i < cssLength; i++) {
|
| 1541 | var c = css[i];
|
| 1542 | if (c === '/' && css[i + 1] === '*') {
|
| 1543 |
|
| 1544 | var j = css.indexOf('*/', i + 2);
|
| 1545 |
|
| 1546 | if (j === -1) break;
|
| 1547 |
|
| 1548 | i = j + 1;
|
| 1549 | lastPos = i + 1;
|
| 1550 | isParenthesisOpen = false;
|
| 1551 | } else if (c === '(') {
|
| 1552 | isParenthesisOpen = true;
|
| 1553 | } else if (c === ')') {
|
| 1554 | isParenthesisOpen = false;
|
| 1555 | } else if (c === ';') {
|
| 1556 | if (isParenthesisOpen) {
|
| 1557 |
|
| 1558 | } else {
|
| 1559 | addNewAttr();
|
| 1560 | }
|
| 1561 | } else if (c === '\n') {
|
| 1562 | addNewAttr();
|
| 1563 | }
|
| 1564 | }
|
| 1565 |
|
| 1566 | return _.trim(retCSS);
|
| 1567 | }
|
| 1568 |
|
| 1569 | module.exports = parseStyle;
|
| 1570 |
|
| 1571 | },{"./util":10}],10:[function(require,module,exports){
|
| 1572 | module.exports = {
|
| 1573 | indexOf: function (arr, item) {
|
| 1574 | var i, j;
|
| 1575 | if (Array.prototype.indexOf) {
|
| 1576 | return arr.indexOf(item);
|
| 1577 | }
|
| 1578 | for (i = 0, j = arr.length; i < j; i++) {
|
| 1579 | if (arr[i] === item) {
|
| 1580 | return i;
|
| 1581 | }
|
| 1582 | }
|
| 1583 | return -1;
|
| 1584 | },
|
| 1585 | forEach: function (arr, fn, scope) {
|
| 1586 | var i, j;
|
| 1587 | if (Array.prototype.forEach) {
|
| 1588 | return arr.forEach(fn, scope);
|
| 1589 | }
|
| 1590 | for (i = 0, j = arr.length; i < j; i++) {
|
| 1591 | fn.call(scope, arr[i], i, arr);
|
| 1592 | }
|
| 1593 | },
|
| 1594 | trim: function (str) {
|
| 1595 | if (String.prototype.trim) {
|
| 1596 | return str.trim();
|
| 1597 | }
|
| 1598 | return str.replace(/(^\s*)|(\s*$)/g, '');
|
| 1599 | },
|
| 1600 | trimRight: function (str) {
|
| 1601 | if (String.prototype.trimRight) {
|
| 1602 | return str.trimRight();
|
| 1603 | }
|
| 1604 | return str.replace(/(\s*$)/g, '');
|
| 1605 | }
|
| 1606 | };
|
| 1607 |
|
| 1608 | },{}]},{},[2]);
|