From 2b9dc165cd03ce48b93784ded566d12ed882fcfc Mon Sep 17 00:00:00 2001
From: JannisX11 <jannis4236@gmail.com>
Date: Tue, 24 Jan 2023 19:05:25 +0100
Subject: [PATCH] Implement dom purify

---
 index.html                   |  1 +
 js/interface/about.js        |  1 +
 js/interface/dialog.js       |  6 +++---
 js/interface/start_screen.js | 17 +++++++++--------
 js/plugin_loader.js          |  3 ++-
 js/util.js                   | 22 +++++-----------------
 js/validator.js              |  4 ++--
 lib/purify.min.js            |  2 ++
 8 files changed, 25 insertions(+), 31 deletions(-)
 create mode 100644 lib/purify.min.js

diff --git a/index.html b/index.html
index 4f4996c2..65dbd9d6 100644
--- a/index.html
+++ b/index.html
@@ -74,6 +74,7 @@
 		<script src="lib/lzutf8.js"></script>
 		<script src="lib/peer.min.js"></script>
 		<script src="lib/marked.min.js"></script>
+		<script src="lib/purify.min.js"></script>
 		<script src="lib/spectrum.js"></script>
 		<script src="lib/color-picker.min.js"></script>
 		<script src="lib/three.min.js"></script>
diff --git a/js/interface/about.js b/js/interface/about.js
index 7c27991a..00801f63 100644
--- a/js/interface/about.js
+++ b/js/interface/about.js
@@ -116,6 +116,7 @@ BARS.defineActions(() => {
 								<li><a class="open-in-browser" href="https://github.com/eligrey/FileSaver.js">FileSaver.js</a></li>
 								<li><a class="open-in-browser" href="https://peerjs.com">PeerJS</a></li>
 								<li><a class="open-in-browser" href="https://github.com/markedjs/marked">Marked</a></li>
+								<li><a class="open-in-browser" href="https://github.com/cure53/DOMPurify">DOMPurify</a></li>
 								<li><a class="open-in-browser" href="https://prismjs.com">Prism</a></li>
 								<li><a class="open-in-browser" href="https://github.com/akalverboer/canvas2apng">Canvas2APNG</a></li>
 								<li><a class="open-in-browser" href="https://github.com/koca/vue-prism-editor">Vue Prism Editor</a></li>
diff --git a/js/interface/dialog.js b/js/interface/dialog.js
index ffb6d9ec..98cf628a 100644
--- a/js/interface/dialog.js
+++ b/js/interface/dialog.js
@@ -116,7 +116,7 @@ function buildForm(dialog) {
 
 
 				case 'info':
-					data.text = marked(tl(data.text))
+					data.text = pureMarked(tl(data.text))
 					bar.append(`<p>${data.text}</p>`)
 					bar.addClass('small_text')
 					break;
@@ -328,7 +328,7 @@ function buildLines(dialog) {
 			dialog.uses_wide_inputs = true;
 			dialog_content.append(bar)
 		} else {
-			dialog_content.append(l)
+			dialog_content.append(DOMPurify.sanitize(l))
 		}
 	})
 }
@@ -877,7 +877,7 @@ window.MessageBox = class MessageBox extends Dialog {
 
 		if (options.message) {
 			content.append($('<div class="dialog_bar markdown" style="height: auto; min-height: 56px; margin-bottom: 16px;">'+
-				marked(tl(options.message))+
+				pureMarked(tl(options.message))+
 			'</div></div>')[0]);
 		}
 		if (options.icon) {
diff --git a/js/interface/start_screen.js b/js/interface/start_screen.js
index 2f094bfe..72e67bf1 100644
--- a/js/interface/start_screen.js
+++ b/js/interface/start_screen.js
@@ -35,7 +35,7 @@ function addStartScreenSection(id, data) {
 			if (data.graphic.aspect_ratio) left.css('aspect-ratio', data.graphic.aspect_ratio);
 		}
 		if (data.graphic.description) {
-			let content = $(marked(data.graphic.description));
+			let content = $(pureMarked(data.graphic.description));
 			content.addClass('start_screen_graphic_description')
 			content.css({
 				'color': data.graphic.text_color || '#ffffff',
@@ -47,7 +47,7 @@ function addStartScreenSection(id, data) {
 		var right = $('<div class="start_screen_right"></div>')
 		obj.append(right)
 		data.text.forEach(line => {
-			var content = line.text ? marked(tl(line.text)) : '';
+			var content = line.text ? pureMarked(tl(line.text)) : '';
 			switch (line.type) {
 				case 'h1': var tag = 'h1'; break;
 				case 'h2': var tag = 'h3'; break;
@@ -55,7 +55,7 @@ function addStartScreenSection(id, data) {
 				case 'list':
 					var tag = 'ul class="list_style"';
 					line.list.forEach(string => {
-						content += `<li>${marked(tl(string))}</li>`;
+						content += `<li>${pureMarked(tl(string))}</li>`;
 					})
 					break;
 				case 'button': var tag = 'button'; break;
@@ -269,6 +269,7 @@ onVueSetup(function() {
 			openLink(link) {
 				Blockbench.openLink(link);
 			},
+			pureMarked,
 			tl
 		},
 		computed: {
@@ -351,11 +352,11 @@ onVueSetup(function() {
 									<template v-for="item in viewed_format.format_page.content">
 
 										<img v-if="item.type == 'image'" :src="item.source" :width="item.width" :height="item.height">
-										<h2 v-else-if="item.type == 'h2'" class="markdown" v-html="marked(item.text.replace(/\\n/g, '\\n\\n'))"></h2>
-										<h3 v-else-if="item.type == 'h3'" class="markdown" v-html="marked(item.text.replace(/\\n/g, '\\n\\n'))"></h3>
-										<h4 v-else-if="item.type == 'h4'" class="markdown" v-html="marked(item.text.replace(/\\n/g, '\\n\\n'))"></h4>
-										<label v-else-if="item.type == 'label'" class="markdown" v-html="marked(item.text.replace(/\\n/g, '\\n\\n'))"></label>
-										<p v-else class="markdown" v-html="marked((item.text || item).replace(/\\n/g, '\\n\\n'))"></p>
+										<h2 v-else-if="item.type == 'h2'" class="markdown" v-html="pureMarked(item.text.replace(/\\n/g, '\\n\\n'))"></h2>
+										<h3 v-else-if="item.type == 'h3'" class="markdown" v-html="pureMarked(item.text.replace(/\\n/g, '\\n\\n'))"></h3>
+										<h4 v-else-if="item.type == 'h4'" class="markdown" v-html="pureMarked(item.text.replace(/\\n/g, '\\n\\n'))"></h4>
+										<label v-else-if="item.type == 'label'" class="markdown" v-html="pureMarked(item.text.replace(/\\n/g, '\\n\\n'))"></label>
+										<p v-else class="markdown" v-html="pureMarked((item.text || item).replace(/\\n/g, '\\n\\n'))"></p>
 									</template>
 								</content>
 
diff --git a/js/plugin_loader.js b/js/plugin_loader.js
index 62183ad8..f2860d7b 100644
--- a/js/plugin_loader.js
+++ b/js/plugin_loader.js
@@ -565,6 +565,7 @@ BARS.defineActions(function() {
 					}
 				},
 				getIconNode: Blockbench.getIconNode,
+				pureMarked,
 				tl
 			},
 			template: `
@@ -595,7 +596,7 @@ BARS.defineActions(function() {
 
 							<div class="author">{{ tl('dialog.plugins.author', [plugin.author]) }}</div>
 							<div class="description">{{ plugin.description }}</div>
-							<div v-if="plugin.expanded" class="about markdown" v-html="marked(plugin.about.replace(/\\n/g, '\\n\\n'))"><button>a</button></div>
+							<div v-if="plugin.expanded" class="about markdown" v-html="pureMarked(plugin.about.replace(/\\n/g, '\\n\\n'))"><button>a</button></div>
 							<div v-if="plugin.expanded" v-on:click="plugin.toggleInfo()" style="text-decoration: underline;">${tl('dialog.plugins.show_less')}</div>
 							<ul class="plugin_tag_list">
 								<li v-for="tag in plugin.tags" :class="getTagClass(tag)" :key="tag" @click="search_term = tag;">{{tag}}</li>
diff --git a/js/util.js b/js/util.js
index 21190de8..15dcdd0f 100644
--- a/js/util.js
+++ b/js/util.js
@@ -93,6 +93,11 @@ Condition.mutuallyExclusive = function(a, b) {
 	return false;
 }
 
+function pureMarked(input) {
+	let dom = marked(input);
+	return DOMPurify.sanitize(dom);
+}
+
 class oneLiner {
 	constructor(data) {
 		if (data !== undefined) {
@@ -155,23 +160,6 @@ function removeEventListeners(el, events, func, option) {
 	})
 }
 
-//Jquery
-$.fn.deepest = function() {
-	if (!this.length) return this;
-	var opts = []
-	this.each((i, node) => {
-		var i = 0;
-		var obj = $(node)
-		while (obj.parent().get(0) instanceof HTMLBodyElement === false) {
-			obj = obj.parent()
-			i++;
-		}
-		opts.push({depth: i, o: node})
-	})
-	opts.sort((a, b) => (a.depth < b.depth));
-	return $(opts[0].o)
-}
-
 //Math
 function guid() {
 	function s4() {
diff --git a/js/validator.js b/js/validator.js
index 00baa1e6..26915056 100644
--- a/js/validator.js
+++ b/js/validator.js
@@ -52,14 +52,14 @@ const Validator = {
 					},
 					methods: {
 						getIconNode: Blockbench.getIconNode,
-						marked
+						pureMarked
 					},
 					template: `
 						<template>
 							<ul>
 								<li v-for="problem in problems" class="validator_dialog_problem" :class="problem.error ? 'validator_error' : 'validator_warning'" :key="problem.message">
 									<i class="material-icons">{{ problem.error ? 'error' : 'warning' }}</i>
-									<span class="markdown" v-html="marked(problem.message.replace(/\\n/g, '\\n\\n'))"></span>
+									<span class="markdown" v-html="pureMarked(problem.message.replace(/\\n/g, '\\n\\n'))"></span>
 									<template v-if="problem.buttons">
 										<div v-for="button in problem.buttons" class="tool" :title="button.name" @click="button.click($event)">
 											<div class="icon_wrapper plugin_icon normal" v-html="getIconNode(button.icon, button.color).outerHTML"></div>
diff --git a/lib/purify.min.js b/lib/purify.min.js
new file mode 100644
index 00000000..69f94875
--- /dev/null
+++ b/lib/purify.min.js
@@ -0,0 +1,2 @@
+/*! @license DOMPurify 3.0.0 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/3.0.0/LICENSE */
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).DOMPurify=t()}(this,(function(){"use strict";function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(t)}function t(e,n){return t=Object.setPrototypeOf||function(e,t){return e.__proto__=t,e},t(e,n)}function n(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(e){return!1}}function r(e,o,a){return r=n()?Reflect.construct:function(e,n,r){var o=[null];o.push.apply(o,n);var a=new(Function.bind.apply(e,o));return r&&t(a,r.prototype),a},r.apply(null,arguments)}function o(e,t){return function(e){if(Array.isArray(e))return e}(e)||function(e,t){var n=null==e?null:"undefined"!=typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(null==n)return;var r,o,a=[],i=!0,l=!1;try{for(n=n.call(e);!(i=(r=n.next()).done)&&(a.push(r.value),!t||a.length!==t);i=!0);}catch(e){l=!0,o=e}finally{try{i||null==n.return||n.return()}finally{if(l)throw o}}return a}(e,t)||i(e,t)||function(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function a(e){return function(e){if(Array.isArray(e))return l(e)}(e)||function(e){if("undefined"!=typeof Symbol&&null!=e[Symbol.iterator]||null!=e["@@iterator"])return Array.from(e)}(e)||i(e)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function i(e,t){if(e){if("string"==typeof e)return l(e,t);var n=Object.prototype.toString.call(e).slice(8,-1);return"Object"===n&&e.constructor&&(n=e.constructor.name),"Map"===n||"Set"===n?Array.from(e):"Arguments"===n||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?l(e,t):void 0}}function l(e,t){(null==t||t>e.length)&&(t=e.length);for(var n=0,r=new Array(t);n<t;n++)r[n]=e[n];return r}var c=Object.setPrototypeOf,u=Object.isFrozen,s=Object.getPrototypeOf,m=Object.getOwnPropertyDescriptor,f=Object.freeze,p=Object.seal,d=Object.create,h="undefined"!=typeof Reflect&&Reflect,g=h.apply,y=h.construct;g||(g=function(e,t,n){return e.apply(t,n)}),f||(f=function(e){return e}),p||(p=function(e){return e}),y||(y=function(e,t){return r(e,a(t))});var b,v=O(Array.prototype.forEach),T=O(Array.prototype.pop),N=O(Array.prototype.push),A=O(String.prototype.toLowerCase),E=O(String.prototype.toString),w=O(String.prototype.match),S=O(String.prototype.replace),x=O(String.prototype.indexOf),_=O(String.prototype.trim),k=O(RegExp.prototype.test),D=(b=TypeError,function(){for(var e=arguments.length,t=new Array(e),n=0;n<e;n++)t[n]=arguments[n];return y(b,t)});function O(e){return function(t){for(var n=arguments.length,r=new Array(n>1?n-1:0),o=1;o<n;o++)r[o-1]=arguments[o];return g(e,t,r)}}function R(e,t,n){n=n||A,c&&c(e,null);for(var r=t.length;r--;){var o=t[r];if("string"==typeof o){var a=n(o);a!==o&&(u(t)||(t[r]=a),o=a)}e[o]=!0}return e}function C(e){for(var t=d(null),n=0,r=Object.entries(e);n<r.length;n++){var a=o(r[n],2),i=a[0],l=a[1];t[i]=l}return t}function L(e,t){for(;null!==e;){var n=m(e,t);if(n){if(n.get)return O(n.get);if("function"==typeof n.value)return O(n.value)}e=s(e)}return function(e){return console.warn("fallback value for",e),null}}var M=f(["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dialog","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","picture","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr"]),I=f(["svg","a","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","style","switch","symbol","text","textpath","title","tref","tspan","view","vkern"]),U=f(["feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feDistantLight","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feImage","feMerge","feMergeNode","feMorphology","feOffset","fePointLight","feSpecularLighting","feSpotLight","feTile","feTurbulence"]),F=f(["animate","color-profile","cursor","discard","fedropshadow","font-face","font-face-format","font-face-name","font-face-src","font-face-uri","foreignobject","hatch","hatchpath","mesh","meshgradient","meshpatch","meshrow","missing-glyph","script","set","solidcolor","unknown","use"]),z=f(["math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmultiscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mspace","msqrt","mstyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover"]),H=f(["maction","maligngroup","malignmark","mlongdiv","mscarries","mscarry","msgroup","mstack","msline","msrow","semantics","annotation","annotation-xml","mprescripts","none"]),P=f(["#text"]),j=f(["accept","action","align","alt","autocapitalize","autocomplete","autopictureinpicture","autoplay","background","bgcolor","border","capture","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","controls","controlslist","coords","crossorigin","datetime","decoding","default","dir","disabled","disablepictureinpicture","disableremoteplayback","download","draggable","enctype","enterkeyhint","face","for","headers","height","hidden","high","href","hreflang","id","inputmode","integrity","ismap","kind","label","lang","list","loading","loop","low","max","maxlength","media","method","min","minlength","multiple","muted","name","nonce","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","playsinline","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","sizes","span","srclang","start","src","srcset","step","style","summary","tabindex","title","translate","type","usemap","valign","value","width","xmlns","slot"]),B=f(["accent-height","accumulate","additive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","class","clip","clippathunits","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","filterunits","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","height","href","id","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lang","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","media","method","mode","min","name","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","preserveaspectratio","primitiveunits","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","startoffset","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","style","surfacescale","systemlanguage","tabindex","targetx","targety","transform","transform-origin","text-anchor","text-decoration","text-rendering","textlength","type","u1","u2","unicode","values","viewbox","visibility","version","vert-adv-y","vert-origin-x","vert-origin-y","width","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","xmlns","y","y1","y2","z","zoomandpan"]),G=f(["accent","accentunder","align","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","dir","display","displaystyle","encoding","fence","frame","height","href","id","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","width","xmlns"]),W=f(["xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]),q=p(/\{\{[\w\W]*|[\w\W]*\}\}/gm),Y=p(/<%[\w\W]*|[\w\W]*%>/gm),$=p(/\${[\w\W]*}/gm),K=p(/^data-[\-\w.\u00B7-\uFFFF]/),V=p(/^aria-[\-\w]+$/),X=p(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),Z=p(/^(?:\w+script|data):/i),J=p(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),Q=p(/^html$/i),ee=function(){return"undefined"==typeof window?null:window},te=function(t,n){if("object"!==e(t)||"function"!=typeof t.createPolicy)return null;var r=null,o="data-tt-policy-suffix";n.currentScript&&n.currentScript.hasAttribute(o)&&(r=n.currentScript.getAttribute(o));var a="dompurify"+(r?"#"+r:"");try{return t.createPolicy(a,{createHTML:function(e){return e},createScriptURL:function(e){return e}})}catch(e){return console.warn("TrustedTypes policy "+a+" could not be created."),null}};var ne=function t(){var n=arguments.length>0&&void 0!==arguments[0]?arguments[0]:ee(),r=function(e){return t(e)};if(r.version="3.0.0",r.removed=[],!n||!n.document||9!==n.document.nodeType)return r.isSupported=!1,r;var o=n.document,i=n.document,l=n.DocumentFragment,c=n.HTMLTemplateElement,u=n.Node,s=n.Element,m=n.NodeFilter,p=n.NamedNodeMap,d=void 0===p?n.NamedNodeMap||n.MozNamedAttrMap:p,h=n.HTMLFormElement,g=n.DOMParser,y=n.trustedTypes,b=s.prototype,O=L(b,"cloneNode"),ne=L(b,"nextSibling"),re=L(b,"childNodes"),oe=L(b,"parentNode");if("function"==typeof c){var ae=i.createElement("template");ae.content&&ae.content.ownerDocument&&(i=ae.content.ownerDocument)}var ie=te(y,o),le=ie?ie.createHTML(""):"",ce=i,ue=ce.implementation,se=ce.createNodeIterator,me=ce.createDocumentFragment,fe=ce.getElementsByTagName,pe=o.importNode,de={};r.isSupported="function"==typeof oe&&ue&&void 0!==ue.createHTMLDocument;var he,ge,ye=q,be=Y,ve=$,Te=K,Ne=V,Ae=Z,Ee=J,we=X,Se=null,xe=R({},[].concat(a(M),a(I),a(U),a(z),a(P))),_e=null,ke=R({},[].concat(a(j),a(B),a(G),a(W))),De=Object.seal(Object.create(null,{tagNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},attributeNameCheck:{writable:!0,configurable:!1,enumerable:!0,value:null},allowCustomizedBuiltInElements:{writable:!0,configurable:!1,enumerable:!0,value:!1}})),Oe=null,Re=null,Ce=!0,Le=!0,Me=!1,Ie=!1,Ue=!1,Fe=!1,ze=!1,He=!1,Pe=!1,je=!1,Be=!0,Ge=!1,We="user-content-",qe=!0,Ye=!1,$e={},Ke=null,Ve=R({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","noscript","plaintext","script","style","svg","template","thead","title","video","xmp"]),Xe=null,Ze=R({},["audio","video","img","source","image","track"]),Je=null,Qe=R({},["alt","class","for","id","label","name","pattern","placeholder","role","summary","title","value","style","xmlns"]),et="http://www.w3.org/1998/Math/MathML",tt="http://www.w3.org/2000/svg",nt="http://www.w3.org/1999/xhtml",rt=nt,ot=!1,at=null,it=R({},[et,tt,nt],E),lt=["application/xhtml+xml","text/html"],ct="text/html",ut=null,st=i.createElement("form"),mt=function(e){return e instanceof RegExp||e instanceof Function},ft=function(t){ut&&ut===t||(t&&"object"===e(t)||(t={}),t=C(t),he=he=-1===lt.indexOf(t.PARSER_MEDIA_TYPE)?ct:t.PARSER_MEDIA_TYPE,ge="application/xhtml+xml"===he?E:A,Se="ALLOWED_TAGS"in t?R({},t.ALLOWED_TAGS,ge):xe,_e="ALLOWED_ATTR"in t?R({},t.ALLOWED_ATTR,ge):ke,at="ALLOWED_NAMESPACES"in t?R({},t.ALLOWED_NAMESPACES,E):it,Je="ADD_URI_SAFE_ATTR"in t?R(C(Qe),t.ADD_URI_SAFE_ATTR,ge):Qe,Xe="ADD_DATA_URI_TAGS"in t?R(C(Ze),t.ADD_DATA_URI_TAGS,ge):Ze,Ke="FORBID_CONTENTS"in t?R({},t.FORBID_CONTENTS,ge):Ve,Oe="FORBID_TAGS"in t?R({},t.FORBID_TAGS,ge):{},Re="FORBID_ATTR"in t?R({},t.FORBID_ATTR,ge):{},$e="USE_PROFILES"in t&&t.USE_PROFILES,Ce=!1!==t.ALLOW_ARIA_ATTR,Le=!1!==t.ALLOW_DATA_ATTR,Me=t.ALLOW_UNKNOWN_PROTOCOLS||!1,Ie=t.SAFE_FOR_TEMPLATES||!1,Ue=t.WHOLE_DOCUMENT||!1,He=t.RETURN_DOM||!1,Pe=t.RETURN_DOM_FRAGMENT||!1,je=t.RETURN_TRUSTED_TYPE||!1,ze=t.FORCE_BODY||!1,Be=!1!==t.SANITIZE_DOM,Ge=t.SANITIZE_NAMED_PROPS||!1,qe=!1!==t.KEEP_CONTENT,Ye=t.IN_PLACE||!1,we=t.ALLOWED_URI_REGEXP||we,rt=t.NAMESPACE||nt,t.CUSTOM_ELEMENT_HANDLING&&mt(t.CUSTOM_ELEMENT_HANDLING.tagNameCheck)&&(De.tagNameCheck=t.CUSTOM_ELEMENT_HANDLING.tagNameCheck),t.CUSTOM_ELEMENT_HANDLING&&mt(t.CUSTOM_ELEMENT_HANDLING.attributeNameCheck)&&(De.attributeNameCheck=t.CUSTOM_ELEMENT_HANDLING.attributeNameCheck),t.CUSTOM_ELEMENT_HANDLING&&"boolean"==typeof t.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements&&(De.allowCustomizedBuiltInElements=t.CUSTOM_ELEMENT_HANDLING.allowCustomizedBuiltInElements),Ie&&(Le=!1),Pe&&(He=!0),$e&&(Se=R({},a(P)),_e=[],!0===$e.html&&(R(Se,M),R(_e,j)),!0===$e.svg&&(R(Se,I),R(_e,B),R(_e,W)),!0===$e.svgFilters&&(R(Se,U),R(_e,B),R(_e,W)),!0===$e.mathMl&&(R(Se,z),R(_e,G),R(_e,W))),t.ADD_TAGS&&(Se===xe&&(Se=C(Se)),R(Se,t.ADD_TAGS,ge)),t.ADD_ATTR&&(_e===ke&&(_e=C(_e)),R(_e,t.ADD_ATTR,ge)),t.ADD_URI_SAFE_ATTR&&R(Je,t.ADD_URI_SAFE_ATTR,ge),t.FORBID_CONTENTS&&(Ke===Ve&&(Ke=C(Ke)),R(Ke,t.FORBID_CONTENTS,ge)),qe&&(Se["#text"]=!0),Ue&&R(Se,["html","head","body"]),Se.table&&(R(Se,["tbody"]),delete Oe.tbody),f&&f(t),ut=t)},pt=R({},["mi","mo","mn","ms","mtext"]),dt=R({},["foreignobject","desc","title","annotation-xml"]),ht=R({},["title","style","font","a","script"]),gt=R({},I);R(gt,U),R(gt,F);var yt=R({},z);R(yt,H);var bt=function(e){var t=oe(e);t&&t.tagName||(t={namespaceURI:rt,tagName:"template"});var n=A(e.tagName),r=A(t.tagName);return!!at[e.namespaceURI]&&(e.namespaceURI===tt?t.namespaceURI===nt?"svg"===n:t.namespaceURI===et?"svg"===n&&("annotation-xml"===r||pt[r]):Boolean(gt[n]):e.namespaceURI===et?t.namespaceURI===nt?"math"===n:t.namespaceURI===tt?"math"===n&&dt[r]:Boolean(yt[n]):e.namespaceURI===nt?!(t.namespaceURI===tt&&!dt[r])&&(!(t.namespaceURI===et&&!pt[r])&&(!yt[n]&&(ht[n]||!gt[n]))):!("application/xhtml+xml"!==he||!at[e.namespaceURI]))},vt=function(e){N(r.removed,{element:e});try{e.parentNode.removeChild(e)}catch(t){e.remove()}},Tt=function(e,t){try{N(r.removed,{attribute:t.getAttributeNode(e),from:t})}catch(e){N(r.removed,{attribute:null,from:t})}if(t.removeAttribute(e),"is"===e&&!_e[e])if(He||Pe)try{vt(t)}catch(e){}else try{t.setAttribute(e,"")}catch(e){}},Nt=function(e){var t,n;if(ze)e="<remove></remove>"+e;else{var r=w(e,/^[\r\n\t ]+/);n=r&&r[0]}"application/xhtml+xml"===he&&rt===nt&&(e='<html xmlns="http://www.w3.org/1999/xhtml"><head></head><body>'+e+"</body></html>");var o=ie?ie.createHTML(e):e;if(rt===nt)try{t=(new g).parseFromString(o,he)}catch(e){}if(!t||!t.documentElement){t=ue.createDocument(rt,"template",null);try{t.documentElement.innerHTML=ot?le:o}catch(e){}}var a=t.body||t.documentElement;return e&&n&&a.insertBefore(i.createTextNode(n),a.childNodes[0]||null),rt===nt?fe.call(t,Ue?"html":"body")[0]:Ue?t.documentElement:a},At=function(e){return se.call(e.ownerDocument||e,e,m.SHOW_ELEMENT|m.SHOW_COMMENT|m.SHOW_TEXT,null,!1)},Et=function(e){return e instanceof h&&("string"!=typeof e.nodeName||"string"!=typeof e.textContent||"function"!=typeof e.removeChild||!(e.attributes instanceof d)||"function"!=typeof e.removeAttribute||"function"!=typeof e.setAttribute||"string"!=typeof e.namespaceURI||"function"!=typeof e.insertBefore||"function"!=typeof e.hasChildNodes)},wt=function(t){return"object"===e(u)?t instanceof u:t&&"object"===e(t)&&"number"==typeof t.nodeType&&"string"==typeof t.nodeName},St=function(e,t,n){de[e]&&v(de[e],(function(e){e.call(r,t,n,ut)}))},xt=function(e){var t;if(St("beforeSanitizeElements",e,null),Et(e))return vt(e),!0;var n=ge(e.nodeName);if(St("uponSanitizeElement",e,{tagName:n,allowedTags:Se}),e.hasChildNodes()&&!wt(e.firstElementChild)&&(!wt(e.content)||!wt(e.content.firstElementChild))&&k(/<[/\w]/g,e.innerHTML)&&k(/<[/\w]/g,e.textContent))return vt(e),!0;if(!Se[n]||Oe[n]){if(!Oe[n]&&kt(n)){if(De.tagNameCheck instanceof RegExp&&k(De.tagNameCheck,n))return!1;if(De.tagNameCheck instanceof Function&&De.tagNameCheck(n))return!1}if(qe&&!Ke[n]){var o=oe(e)||e.parentNode,a=re(e)||e.childNodes;if(a&&o)for(var i=a.length-1;i>=0;--i)o.insertBefore(O(a[i],!0),ne(e))}return vt(e),!0}return e instanceof s&&!bt(e)?(vt(e),!0):"noscript"!==n&&"noembed"!==n||!k(/<\/no(script|embed)/i,e.innerHTML)?(Ie&&3===e.nodeType&&(t=e.textContent,t=S(t,ye," "),t=S(t,be," "),t=S(t,ve," "),e.textContent!==t&&(N(r.removed,{element:e.cloneNode()}),e.textContent=t)),St("afterSanitizeElements",e,null),!1):(vt(e),!0)},_t=function(e,t,n){if(Be&&("id"===t||"name"===t)&&(n in i||n in st))return!1;if(Le&&!Re[t]&&k(Te,t));else if(Ce&&k(Ne,t));else if(!_e[t]||Re[t]){if(!(kt(e)&&(De.tagNameCheck instanceof RegExp&&k(De.tagNameCheck,e)||De.tagNameCheck instanceof Function&&De.tagNameCheck(e))&&(De.attributeNameCheck instanceof RegExp&&k(De.attributeNameCheck,t)||De.attributeNameCheck instanceof Function&&De.attributeNameCheck(t))||"is"===t&&De.allowCustomizedBuiltInElements&&(De.tagNameCheck instanceof RegExp&&k(De.tagNameCheck,n)||De.tagNameCheck instanceof Function&&De.tagNameCheck(n))))return!1}else if(Je[t]);else if(k(we,S(n,Ee,"")));else if("src"!==t&&"xlink:href"!==t&&"href"!==t||"script"===e||0!==x(n,"data:")||!Xe[e]){if(Me&&!k(Ae,S(n,Ee,"")));else if(n)return!1}else;return!0},kt=function(e){return e.indexOf("-")>0},Dt=function(t){var n,o,a,i;St("beforeSanitizeAttributes",t,null);var l=t.attributes;if(l){var c={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:_e};for(i=l.length;i--;){var u=n=l[i],s=u.name,m=u.namespaceURI;if(o="value"===s?n.value:_(n.value),a=ge(s),c.attrName=a,c.attrValue=o,c.keepAttr=!0,c.forceKeepAttr=void 0,St("uponSanitizeAttribute",t,c),o=c.attrValue,!c.forceKeepAttr&&(Tt(s,t),c.keepAttr))if(k(/\/>/i,o))Tt(s,t);else{Ie&&(o=S(o,ye," "),o=S(o,be," "),o=S(o,ve," "));var f=ge(t.nodeName);if(_t(f,a,o)){if(!Ge||"id"!==a&&"name"!==a||(Tt(s,t),o=We+o),ie&&"object"===e(y)&&"function"==typeof y.getAttributeType)if(m);else switch(y.getAttributeType(f,a)){case"TrustedHTML":o=ie.createHTML(o);break;case"TrustedScriptURL":o=ie.createScriptURL(o)}try{m?t.setAttributeNS(m,s,o):t.setAttribute(s,o),T(r.removed)}catch(e){}}}}St("afterSanitizeAttributes",t,null)}},Ot=function e(t){var n,r=At(t);for(St("beforeSanitizeShadowDOM",t,null);n=r.nextNode();)St("uponSanitizeShadowNode",n,null),xt(n)||(n.content instanceof l&&e(n.content),Dt(n));St("afterSanitizeShadowDOM",t,null)};return r.sanitize=function(e){var t,n,a,i,c=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};if((ot=!e)&&(e="\x3c!--\x3e"),"string"!=typeof e&&!wt(e)){if("function"!=typeof e.toString)throw D("toString is not a function");if("string"!=typeof(e=e.toString()))throw D("dirty is not a string, aborting")}if(!r.isSupported)return e;if(Fe||ft(c),r.removed=[],"string"==typeof e&&(Ye=!1),Ye){if(e.nodeName){var s=ge(e.nodeName);if(!Se[s]||Oe[s])throw D("root node is forbidden and cannot be sanitized in-place")}}else if(e instanceof u)1===(n=(t=Nt("\x3c!----\x3e")).ownerDocument.importNode(e,!0)).nodeType&&"BODY"===n.nodeName||"HTML"===n.nodeName?t=n:t.appendChild(n);else{if(!He&&!Ie&&!Ue&&-1===e.indexOf("<"))return ie&&je?ie.createHTML(e):e;if(!(t=Nt(e)))return He?null:je?le:""}t&&ze&&vt(t.firstChild);for(var m=At(Ye?e:t);a=m.nextNode();)xt(a)||(a.content instanceof l&&Ot(a.content),Dt(a));if(Ye)return e;if(He){if(Pe)for(i=me.call(t.ownerDocument);t.firstChild;)i.appendChild(t.firstChild);else i=t;return _e.shadowroot&&(i=pe.call(o,i,!0)),i}var f=Ue?t.outerHTML:t.innerHTML;return Ue&&Se["!doctype"]&&t.ownerDocument&&t.ownerDocument.doctype&&t.ownerDocument.doctype.name&&k(Q,t.ownerDocument.doctype.name)&&(f="<!DOCTYPE "+t.ownerDocument.doctype.name+">\n"+f),Ie&&(f=S(f,ye," "),f=S(f,be," "),f=S(f,ve," ")),ie&&je?ie.createHTML(f):f},r.setConfig=function(e){ft(e),Fe=!0},r.clearConfig=function(){ut=null,Fe=!1},r.isValidAttribute=function(e,t,n){ut||ft({});var r=ge(e),o=ge(t);return _t(r,o,n)},r.addHook=function(e,t){"function"==typeof t&&(de[e]=de[e]||[],N(de[e],t))},r.removeHook=function(e){if(de[e])return T(de[e])},r.removeHooks=function(e){de[e]&&(de[e]=[])},r.removeAllHooks=function(){de={}},r}();return ne}));