@anoki/fse-ui
Version:
FSE UI components library
10 lines (7 loc) • 13.3 kB
JavaScript
;Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const ue=require("./index.cjs628.js"),ge=require("./index.cjs629.js"),pe=require("./index.cjs630.js"),he=require("./index.cjs631.js"),me=require("./index.cjs632.js"),we=require("./index.cjs633.js");var N,X;function be(){if(X)return N;X=1;const Y=ue.__require(),B=ge.__require(),{isPlainObject:J}=pe.__require(),L=he.__require(),K=me.__require(),{parse:Q}=we.__require(),ee=["img","audio","video","picture","svg","object","map","iframe","embed"],te=["script","style"];function S(d,t){d&&Object.keys(d).forEach(function(w){t(d[w],w)})}function x(d,t){return{}.hasOwnProperty.call(d,t)}function U(d,t){const w=[];return S(d,function(i){t(i)&&w.push(i)}),w}function re(d){for(const t in d)if(x(d,t))return!1;return!0}function ne(d){return d.map(function(t){if(!t.url)throw new Error("URL missing");return t.url+(t.w?` ${t.w}w`:"")+(t.h?` ${t.h}h`:"")+(t.d?` ${t.d}x`:"")}).join(", ")}N=v;const se=/^[^\0\t\n\f\r /<=>]+$/;function v(d,t,w){if(d==null)return"";typeof d=="number"&&(d=d.toString());let i="",h="";function R(e,n){const r=this;this.tag=e,this.attribs=n||{},this.tagPosition=i.length,this.text="",this.openingTagLength=0,this.mediaChildren=[],this.updateParentNodeText=function(){if(g.length){const s=g[g.length-1];s.text+=r.text}},this.updateParentNodeMediaChildren=function(){g.length&&ee.includes(this.tag)&&g[g.length-1].mediaChildren.push(this.tag)}}t=Object.assign({},v.defaults,t),t.parser=Object.assign({},ie,t.parser);const q=function(e){return t.allowedTags===!1||(t.allowedTags||[]).indexOf(e)>-1};te.forEach(function(e){q(e)&&!t.allowVulnerableTags&&console.warn(`
⚠️ Your \`allowedTags\` option includes, \`${e}\`, which is inherently
vulnerable to XSS attacks. Please remove it from \`allowedTags\`.
Or, to disable this warning, add the \`allowVulnerableTags\` option
and ensure you are accounting for this risk.
`)});const le=t.nonTextTags||["script","style","textarea","option"];let f,k;t.allowedAttributes&&(f={},k={},S(t.allowedAttributes,function(e,n){f[n]=[];const r=[];e.forEach(function(s){typeof s=="string"&&s.indexOf("*")>=0?r.push(B(s).replace(/\\\*/g,".*")):f[n].push(s)}),r.length&&(k[n]=new RegExp("^("+r.join("|")+")$"))}));const C={},$={},_={};S(t.allowedClasses,function(e,n){if(f&&(x(f,n)||(f[n]=[]),f[n].push("class")),C[n]=e,Array.isArray(e)){const r=[];C[n]=[],_[n]=[],e.forEach(function(s){typeof s=="string"&&s.indexOf("*")>=0?r.push(B(s).replace(/\\\*/g,".*")):s instanceof RegExp?_[n].push(s):C[n].push(s)}),r.length&&($[n]=new RegExp("^("+r.join("|")+")$"))}});const D={};let z;S(t.transformTags,function(e,n){let r;typeof e=="function"?r=e:typeof e=="string"&&(r=v.simpleTransform(e)),n==="*"?z=r:D[n]=r});let m,g,O,E,A,P,H=!1;W();const F=new Y.Parser({onopentag:function(e,n){if(t.onOpenTag&&t.onOpenTag(e,n),t.enforceHtmlBoundary&&e==="html"&&W(),A){P++;return}const r=new R(e,n);g.push(r);let s=!1;const u=!!r.text;let p;if(x(D,e)&&(p=D[e](e,n),r.attribs=n=p.attribs,p.text!==void 0&&(r.innerText=p.text),e!==p.tagName&&(r.name=e=p.tagName,E[m]=p.tagName)),z&&(p=z(e,n),r.attribs=n=p.attribs,e!==p.tagName&&(r.name=e=p.tagName,E[m]=p.tagName)),(!q(e)||t.disallowedTagsMode==="recursiveEscape"&&!re(O)||t.nestingLimit!=null&&m>=t.nestingLimit)&&(s=!0,O[m]=!0,(t.disallowedTagsMode==="discard"||t.disallowedTagsMode==="completelyDiscard")&&le.indexOf(e)!==-1&&(A=!0,P=1)),m++,s){if(t.disallowedTagsMode==="discard"||t.disallowedTagsMode==="completelyDiscard"){if(r.innerText&&!u){const c=y(r.innerText);t.textFilter?i+=t.textFilter(c,e):i+=c,H=!0}return}h=i,i=""}i+="<"+e,e==="script"&&(t.allowedScriptHostnames||t.allowedScriptDomains)&&(r.innerText=""),s&&(t.disallowedTagsMode==="escape"||t.disallowedTagsMode==="recursiveEscape")&&t.preserveEscapedAttributes?S(n,function(c,l){i+=" "+l+'="'+y(c||"",!0)+'"'}):(!f||x(f,e)||f["*"])&&S(n,function(c,l){if(!se.test(l)){delete r.attribs[l];return}if(c===""&&!t.allowedEmptyAttributes.includes(l)&&(t.nonBooleanAttributes.includes(l)||t.nonBooleanAttributes.includes("*"))){delete r.attribs[l];return}let I=!1;if(!f||x(f,e)&&f[e].indexOf(l)!==-1||f["*"]&&f["*"].indexOf(l)!==-1||x(k,e)&&k[e].test(l)||k["*"]&&k["*"].test(l))I=!0;else if(f&&f[e]){for(const o of f[e])if(J(o)&&o.name&&o.name===l){I=!0;let a="";if(o.multiple===!0){const M=c.split(" ");for(const T of M)o.values.indexOf(T)!==-1&&(a===""?a=T:a+=" "+T)}else o.values.indexOf(c)>=0&&(a=c);c=a}}if(I){if(t.allowedSchemesAppliedToAttributes.indexOf(l)!==-1&&G(e,c)){delete r.attribs[l];return}if(e==="script"&&l==="src"){let o=!0;try{const a=V(c);if(t.allowedScriptHostnames||t.allowedScriptDomains){const M=(t.allowedScriptHostnames||[]).find(function(b){return b===a.url.hostname}),T=(t.allowedScriptDomains||[]).find(function(b){return a.url.hostname===b||a.url.hostname.endsWith(`.${b}`)});o=M||T}}catch{o=!1}if(!o){delete r.attribs[l];return}}if(e==="iframe"&&l==="src"){let o=!0;try{const a=V(c);if(a.isRelativeUrl)o=x(t,"allowIframeRelativeUrls")?t.allowIframeRelativeUrls:!t.allowedIframeHostnames&&!t.allowedIframeDomains;else if(t.allowedIframeHostnames||t.allowedIframeDomains){const M=(t.allowedIframeHostnames||[]).find(function(b){return b===a.url.hostname}),T=(t.allowedIframeDomains||[]).find(function(b){return a.url.hostname===b||a.url.hostname.endsWith(`.${b}`)});o=M||T}}catch{o=!1}if(!o){delete r.attribs[l];return}}if(l==="srcset")try{let o=K(c);if(o.forEach(function(a){G("srcset",a.url)&&(a.evil=!0)}),o=U(o,function(a){return!a.evil}),o.length)c=ne(U(o,function(a){return!a.evil})),r.attribs[l]=c;else{delete r.attribs[l];return}}catch{delete r.attribs[l];return}if(l==="class"){const o=C[e],a=C["*"],M=$[e],T=_[e],b=_["*"],de=$["*"],j=[M,de].concat(T,b).filter(function(fe){return fe});if(o&&a?c=Z(c,L(o,a),j):c=Z(c,o||a,j),!c.length){delete r.attribs[l];return}}if(l==="style"){if(t.parseStyleAttributes)try{const o=Q(e+" {"+c+"}",{map:!1}),a=oe(o,t.allowedStyles);if(c=ae(a),c.length===0){delete r.attribs[l];return}}catch{typeof window<"u"&&console.warn('Failed to parse "'+e+" {"+c+`}", If you're running this in a browser, we recommend to disable style parsing: options.parseStyleAttributes: false, since this only works in a node environment due to a postcss dependency, More info: https://github.com/apostrophecms/sanitize-html/issues/547`),delete r.attribs[l];return}else if(t.allowedStyles)throw new Error("allowedStyles option cannot be used together with parseStyleAttributes: false.")}i+=" "+l,c&&c.length?i+='="'+y(c,!0)+'"':t.allowedEmptyAttributes.includes(l)&&(i+='=""')}else delete r.attribs[l]}),t.selfClosing.indexOf(e)!==-1?i+=" />":(i+=">",r.innerText&&!u&&!t.textFilter&&(i+=y(r.innerText),H=!0)),s&&(i=h+y(i),h=""),r.openingTagLength=i.length-r.tagPosition},ontext:function(e){if(A)return;const n=g[g.length-1];let r;if(n&&(r=n.tag,e=n.innerText!==void 0?n.innerText:e),t.disallowedTagsMode==="completelyDiscard"&&!q(r))e="";else if((t.disallowedTagsMode==="discard"||t.disallowedTagsMode==="completelyDiscard")&&(r==="script"||r==="style"))i+=e;else if(!H){const s=y(e,!1);t.textFilter?i+=t.textFilter(s,r):i+=s}if(g.length){const s=g[g.length-1];s.text+=e}},onclosetag:function(e,n){if(t.onCloseTag&&t.onCloseTag(e,n),A)if(P--,!P)A=!1;else return;const r=g.pop();if(!r)return;if(r.tag!==e){g.push(r);return}A=t.enforceHtmlBoundary?e==="html":!1,m--;const s=O[m];if(s){if(delete O[m],t.disallowedTagsMode==="discard"||t.disallowedTagsMode==="completelyDiscard"){r.updateParentNodeText();return}h=i,i=""}if(E[m]&&(e=E[m],delete E[m]),t.exclusiveFilter){const u=t.exclusiveFilter(r);if(u==="excludeTag"){s&&(i=h,h=""),i=i.substring(0,r.tagPosition)+i.substring(r.tagPosition+r.openingTagLength);return}else if(u){i=i.substring(0,r.tagPosition);return}}if(r.updateParentNodeMediaChildren(),r.updateParentNodeText(),t.selfClosing.indexOf(e)!==-1||n&&!q(e)&&["escape","recursiveEscape"].indexOf(t.disallowedTagsMode)>=0){s&&(i=h,h="");return}i+="</"+e+">",s&&(i=h+y(i),h=""),H=!1}},t.parser);if(F.write(d),F.end(),t.disallowedTagsMode==="escape"||t.disallowedTagsMode==="recursiveEscape"){const e=F.endIndex;if(e!=null&&e>=0&&e<d.length){const n=d.substring(e);i+=y(n)}else(e==null||e<0)&&d.length>0&&i===""&&(i=y(d))}return i;function W(){i="",m=0,g=[],O={},E={},A=!1,P=0}function y(e,n){return typeof e!="string"&&(e=e+""),t.parser.decodeEntities&&(e=e.replace(/&/g,"&").replace(/</g,"<").replace(/>/g,">"),n&&(e=e.replace(/"/g,"""))),e=e.replace(/&(?![a-zA-Z0-9#]{1,20};)/g,"&").replace(/</g,"<").replace(/>/g,">"),n&&(e=e.replace(/"/g,""")),e}function G(e,n){for(n=n.replace(/[\x00-\x20]+/g,"");;){const u=n.indexOf("<!--");if(u===-1)break;const p=n.indexOf("-->",u+4);if(p===-1)break;n=n.substring(0,u)+n.substring(p+3)}const r=n.match(/^([a-zA-Z][a-zA-Z0-9.\-+]*):/);if(!r)return n.match(/^[/\\]{2}/)?!t.allowProtocolRelative:!1;const s=r[1].toLowerCase();return x(t.allowedSchemesByTag,e)?t.allowedSchemesByTag[e].indexOf(s)===-1:!t.allowedSchemes||t.allowedSchemes.indexOf(s)===-1}function V(e){if(e=e.replace(/^(\w+:)?\s*[\\/]\s*[\\/]/,"$1//"),e.startsWith("relative:"))throw new Error("relative: exploit attempt");let n="relative://relative-site";for(let u=0;u<100;u++)n+=`/${u}`;const r=new URL(e,n);return{isRelativeUrl:r&&r.hostname==="relative-site"&&r.protocol==="relative:",url:r}}function oe(e,n){if(!n)return e;const r=e.nodes[0];let s;return n[r.selector]&&n["*"]?s=L(n[r.selector],n["*"]):s=n[r.selector]||n["*"],s&&(e.nodes[0].nodes=r.nodes.reduce(ce(s),[])),e}function ae(e){return e.nodes[0].nodes.reduce(function(n,r){return n.push(`${r.prop}:${r.value}${r.important?" !important":""}`),n},[]).join(";")}function ce(e){return function(n,r){return x(e,r.prop)&&e[r.prop].some(function(u){return u.test(r.value)})&&n.push(r),n}}function Z(e,n,r){return n?(e=e.split(/\s+/),e.filter(function(s){return n.indexOf(s)!==-1||r.some(function(u){return u.test(s)})}).join(" ")):e}}const ie={decodeEntities:!0};return v.defaults={allowedTags:["address","article","aside","footer","header","h1","h2","h3","h4","h5","h6","hgroup","main","nav","section","blockquote","dd","div","dl","dt","figcaption","figure","hr","li","menu","ol","p","pre","ul","a","abbr","b","bdi","bdo","br","cite","code","data","dfn","em","i","kbd","mark","q","rb","rp","rt","rtc","ruby","s","samp","small","span","strong","sub","sup","time","u","var","wbr","caption","col","colgroup","table","tbody","td","tfoot","th","thead","tr"],nonBooleanAttributes:["abbr","accept","accept-charset","accesskey","action","allow","alt","as","autocapitalize","autocomplete","blocking","charset","cite","class","color","cols","colspan","content","contenteditable","coords","crossorigin","data","datetime","decoding","dir","dirname","download","draggable","enctype","enterkeyhint","fetchpriority","for","form","formaction","formenctype","formmethod","formtarget","headers","height","hidden","high","href","hreflang","http-equiv","id","imagesizes","imagesrcset","inputmode","integrity","is","itemid","itemprop","itemref","itemtype","kind","label","lang","list","loading","low","max","maxlength","media","method","min","minlength","name","nonce","optimum","pattern","ping","placeholder","popover","popovertarget","popovertargetaction","poster","preload","referrerpolicy","rel","rows","rowspan","sandbox","scope","shape","size","sizes","slot","span","spellcheck","src","srcdoc","srclang","srcset","start","step","style","tabindex","target","title","translate","type","usemap","value","width","wrap","onauxclick","onafterprint","onbeforematch","onbeforeprint","onbeforeunload","onbeforetoggle","onblur","oncancel","oncanplay","oncanplaythrough","onchange","onclick","onclose","oncontextlost","oncontextmenu","oncontextrestored","oncopy","oncuechange","oncut","ondblclick","ondrag","ondragend","ondragenter","ondragleave","ondragover","ondragstart","ondrop","ondurationchange","onemptied","onended","onerror","onfocus","onformdata","onhashchange","oninput","oninvalid","onkeydown","onkeypress","onkeyup","onlanguagechange","onload","onloadeddata","onloadedmetadata","onloadstart","onmessage","onmessageerror","onmousedown","onmouseenter","onmouseleave","onmousemove","onmouseout","onmouseover","onmouseup","onoffline","ononline","onpagehide","onpageshow","onpaste","onpause","onplay","onplaying","onpopstate","onprogress","onratechange","onreset","onresize","onrejectionhandled","onscroll","onscrollend","onsecuritypolicyviolation","onseeked","onseeking","onselect","onslotchange","onstalled","onstorage","onsubmit","onsuspend","ontimeupdate","ontoggle","onunhandledrejection","onunload","onvolumechange","onwaiting","onwheel"],disallowedTagsMode:"discard",allowedAttributes:{a:["href","name","target"],img:["src","srcset","alt","title","width","height","loading"]},allowedEmptyAttributes:["alt"],selfClosing:["img","br","hr","area","base","basefont","input","link","meta"],allowedSchemes:["http","https","ftp","mailto","tel"],allowedSchemesByTag:{},allowedSchemesAppliedToAttributes:["href","src","cite"],allowProtocolRelative:!0,enforceHtmlBoundary:!1,parseStyleAttributes:!0,preserveEscapedAttributes:!1},v.simpleTransform=function(d,t,w){return w=w===void 0?!0:w,t=t||{},function(i,h){let R;if(w)for(R in t)h[R]=t[R];else h=t;return{tagName:d,attribs:h}}},N}exports.__require=be;
//# sourceMappingURL=index.cjs627.js.map