ui: Update DOMPurify to version 3.2.0

src/ui/app/static/libs/purify/src/attrs.js

@@ -1,371 +0,0 @@
-import { freeze } from './utils.js';
-
-export const html = freeze([
-  'accept',
-  'action',
-  'align',
-  'alt',
-  'autocapitalize',
-  'autocomplete',
-  'autopictureinpicture',
-  'autoplay',
-  'background',
-  'bgcolor',
-  'border',
-  'capture',
-  'cellpadding',
-  'cellspacing',
-  'checked',
-  'cite',
-  'class',
-  'clear',
-  'color',
-  'cols',
-  'colspan',
-  'controls',
-  'controlslist',
-  'coords',
-  'crossorigin',
-  'datetime',
-  'decoding',
-  'default',
-  'dir',
-  'disabled',
-  'disablepictureinpicture',
-  'disableremoteplayback',
-  'download',
-  'draggable',
-  'enctype',
-  'enterkeyhint',
-  'face',
-  'for',
-  'headers',
-  'height',
-  'hidden',
-  'high',
-  'href',
-  'hreflang',
-  'id',
-  'inputmode',
-  'integrity',
-  'ismap',
-  'kind',
-  'label',
-  'lang',
-  'list',
-  'loading',
-  'loop',
-  'low',
-  'max',
-  'maxlength',
-  'media',
-  'method',
-  'min',
-  'minlength',
-  'multiple',
-  'muted',
-  'name',
-  'nonce',
-  'noshade',
-  'novalidate',
-  'nowrap',
-  'open',
-  'optimum',
-  'pattern',
-  'placeholder',
-  'playsinline',
-  'popover',
-  'popovertarget',
-  'popovertargetaction',
-  'poster',
-  'preload',
-  'pubdate',
-  'radiogroup',
-  'readonly',
-  'rel',
-  'required',
-  'rev',
-  'reversed',
-  'role',
-  'rows',
-  'rowspan',
-  'spellcheck',
-  'scope',
-  'selected',
-  'shape',
-  'size',
-  'sizes',
-  'span',
-  'srclang',
-  'start',
-  'src',
-  'srcset',
-  'step',
-  'style',
-  'summary',
-  'tabindex',
-  'title',
-  'translate',
-  'type',
-  'usemap',
-  'valign',
-  'value',
-  'width',
-  'wrap',
-  'xmlns',
-  'slot',
-]);
-
-export const svg = freeze([
-  'accent-height',
-  'accumulate',
-  'additive',
-  'alignment-baseline',
-  'amplitude',
-  'ascent',
-  'attributename',
-  'attributetype',
-  'azimuth',
-  'basefrequency',
-  'baseline-shift',
-  'begin',
-  'bias',
-  'by',
-  'class',
-  'clip',
-  'clippathunits',
-  'clip-path',
-  'clip-rule',
-  'color',
-  'color-interpolation',
-  'color-interpolation-filters',
-  'color-profile',
-  'color-rendering',
-  'cx',
-  'cy',
-  'd',
-  'dx',
-  'dy',
-  'diffuseconstant',
-  'direction',
-  'display',
-  'divisor',
-  'dur',
-  'edgemode',
-  'elevation',
-  'end',
-  'exponent',
-  'fill',
-  'fill-opacity',
-  'fill-rule',
-  'filter',
-  'filterunits',
-  'flood-color',
-  'flood-opacity',
-  'font-family',
-  'font-size',
-  'font-size-adjust',
-  'font-stretch',
-  'font-style',
-  'font-variant',
-  'font-weight',
-  'fx',
-  'fy',
-  'g1',
-  'g2',
-  'glyph-name',
-  'glyphref',
-  'gradientunits',
-  'gradienttransform',
-  'height',
-  'href',
-  'id',
-  'image-rendering',
-  'in',
-  'in2',
-  'intercept',
-  'k',
-  'k1',
-  'k2',
-  'k3',
-  'k4',
-  'kerning',
-  'keypoints',
-  'keysplines',
-  'keytimes',
-  'lang',
-  'lengthadjust',
-  'letter-spacing',
-  'kernelmatrix',
-  'kernelunitlength',
-  'lighting-color',
-  'local',
-  'marker-end',
-  'marker-mid',
-  'marker-start',
-  'markerheight',
-  'markerunits',
-  'markerwidth',
-  'maskcontentunits',
-  'maskunits',
-  'max',
-  'mask',
-  'media',
-  'method',
-  'mode',
-  'min',
-  'name',
-  'numoctaves',
-  'offset',
-  'operator',
-  'opacity',
-  'order',
-  'orient',
-  'orientation',
-  'origin',
-  'overflow',
-  'paint-order',
-  'path',
-  'pathlength',
-  'patterncontentunits',
-  'patterntransform',
-  'patternunits',
-  'points',
-  'preservealpha',
-  'preserveaspectratio',
-  'primitiveunits',
-  'r',
-  'rx',
-  'ry',
-  'radius',
-  'refx',
-  'refy',
-  'repeatcount',
-  'repeatdur',
-  'restart',
-  'result',
-  'rotate',
-  'scale',
-  'seed',
-  'shape-rendering',
-  'slope',
-  'specularconstant',
-  'specularexponent',
-  'spreadmethod',
-  'startoffset',
-  'stddeviation',
-  'stitchtiles',
-  'stop-color',
-  'stop-opacity',
-  'stroke-dasharray',
-  'stroke-dashoffset',
-  'stroke-linecap',
-  'stroke-linejoin',
-  'stroke-miterlimit',
-  'stroke-opacity',
-  'stroke',
-  'stroke-width',
-  'style',
-  'surfacescale',
-  'systemlanguage',
-  'tabindex',
-  'tablevalues',
-  'targetx',
-  'targety',
-  'transform',
-  'transform-origin',
-  'text-anchor',
-  'text-decoration',
-  'text-rendering',
-  'textlength',
-  'type',
-  'u1',
-  'u2',
-  'unicode',
-  'values',
-  'viewbox',
-  'visibility',
-  'version',
-  'vert-adv-y',
-  'vert-origin-x',
-  'vert-origin-y',
-  'width',
-  'word-spacing',
-  'wrap',
-  'writing-mode',
-  'xchannelselector',
-  'ychannelselector',
-  'x',
-  'x1',
-  'x2',
-  'xmlns',
-  'y',
-  'y1',
-  'y2',
-  'z',
-  'zoomandpan',
-]);
-
-export const mathMl = freeze([
-  'accent',
-  'accentunder',
-  'align',
-  'bevelled',
-  'close',
-  'columnsalign',
-  'columnlines',
-  'columnspan',
-  'denomalign',
-  'depth',
-  'dir',
-  'display',
-  'displaystyle',
-  'encoding',
-  'fence',
-  'frame',
-  'height',
-  'href',
-  'id',
-  'largeop',
-  'length',
-  'linethickness',
-  'lspace',
-  'lquote',
-  'mathbackground',
-  'mathcolor',
-  'mathsize',
-  'mathvariant',
-  'maxsize',
-  'minsize',
-  'movablelimits',
-  'notation',
-  'numalign',
-  'open',
-  'rowalign',
-  'rowlines',
-  'rowspacing',
-  'rowspan',
-  'rspace',
-  'rquote',
-  'scriptlevel',
-  'scriptminsize',
-  'scriptsizemultiplier',
-  'selection',
-  'separator',
-  'separators',
-  'stretchy',
-  'subscriptshift',
-  'supscriptshift',
-  'symmetric',
-  'voffset',
-  'width',
-  'xmlns',
-]);
-
-export const xml = freeze([
-  'xlink:href',
-  'xml:id',
-  'xlink:title',
-  'xml:space',
-  'xmlns:xlink',
-]);

src/ui/app/static/libs/purify/src/license_header

@@ -1 +0,0 @@
-/*! @license DOMPurify VERSION | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/VERSION/LICENSE */

src/ui/app/static/libs/purify/src/regexp.js

@@ -1,17 +0,0 @@
-import { seal } from './utils.js';
-
-// eslint-disable-next-line unicorn/better-regex
-export const MUSTACHE_EXPR = seal(/\{\{[\w\W]*|[\w\W]*\}\}/gm); // Specify template detection regex for SAFE_FOR_TEMPLATES mode
-export const ERB_EXPR = seal(/<%[\w\W]*|[\w\W]*%>/gm);
-export const TMPLIT_EXPR = seal(/\${[\w\W]*}/gm);
-export const DATA_ATTR = seal(/^data-[\-\w.\u00B7-\uFFFF]/); // eslint-disable-line no-useless-escape
-export const ARIA_ATTR = seal(/^aria-[\-\w]+$/); // eslint-disable-line no-useless-escape
-export const IS_ALLOWED_URI = seal(
-  /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|sms|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i // eslint-disable-line no-useless-escape
-);
-export const IS_SCRIPT_OR_DATA = seal(/^(?:\w+script|data):/i);
-export const ATTR_WHITESPACE = seal(
-  /[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g // eslint-disable-line no-control-regex
-);
-export const DOCTYPE_NAME = seal(/^html$/i);
-export const CUSTOM_ELEMENT = seal(/^[a-z][.\w]*(-[.\w]+)+$/i);

src/ui/app/static/libs/purify/src/tags.js

@@ -1,280 +0,0 @@
-import { freeze } from './utils.js';
-
-export const html = freeze([
-  'a',
-  'abbr',
-  'acronym',
-  'address',
-  'area',
-  'article',
-  'aside',
-  'audio',
-  'b',
-  'bdi',
-  'bdo',
-  'big',
-  'blink',
-  'blockquote',
-  'body',
-  'br',
-  'button',
-  'canvas',
-  'caption',
-  'center',
-  'cite',
-  'code',
-  'col',
-  'colgroup',
-  'content',
-  'data',
-  'datalist',
-  'dd',
-  'decorator',
-  'del',
-  'details',
-  'dfn',
-  'dialog',
-  'dir',
-  'div',
-  'dl',
-  'dt',
-  'element',
-  'em',
-  'fieldset',
-  'figcaption',
-  'figure',
-  'font',
-  'footer',
-  'form',
-  'h1',
-  'h2',
-  'h3',
-  'h4',
-  'h5',
-  'h6',
-  'head',
-  'header',
-  'hgroup',
-  'hr',
-  'html',
-  'i',
-  'img',
-  'input',
-  'ins',
-  'kbd',
-  'label',
-  'legend',
-  'li',
-  'main',
-  'map',
-  'mark',
-  'marquee',
-  'menu',
-  'menuitem',
-  'meter',
-  'nav',
-  'nobr',
-  'ol',
-  'optgroup',
-  'option',
-  'output',
-  'p',
-  'picture',
-  'pre',
-  'progress',
-  'q',
-  'rp',
-  'rt',
-  'ruby',
-  's',
-  'samp',
-  'section',
-  'select',
-  'shadow',
-  'small',
-  'source',
-  'spacer',
-  'span',
-  'strike',
-  'strong',
-  'style',
-  'sub',
-  'summary',
-  'sup',
-  'table',
-  'tbody',
-  'td',
-  'template',
-  'textarea',
-  'tfoot',
-  'th',
-  'thead',
-  'time',
-  'tr',
-  'track',
-  'tt',
-  'u',
-  'ul',
-  'var',
-  'video',
-  'wbr',
-]);
-
-// SVG
-export const svg = freeze([
-  'svg',
-  'a',
-  'altglyph',
-  'altglyphdef',
-  'altglyphitem',
-  'animatecolor',
-  'animatemotion',
-  'animatetransform',
-  'circle',
-  'clippath',
-  'defs',
-  'desc',
-  'ellipse',
-  'filter',
-  'font',
-  'g',
-  'glyph',
-  'glyphref',
-  'hkern',
-  'image',
-  'line',
-  'lineargradient',
-  'marker',
-  'mask',
-  'metadata',
-  'mpath',
-  'path',
-  'pattern',
-  'polygon',
-  'polyline',
-  'radialgradient',
-  'rect',
-  'stop',
-  'style',
-  'switch',
-  'symbol',
-  'text',
-  'textpath',
-  'title',
-  'tref',
-  'tspan',
-  'view',
-  'vkern',
-]);
-
-export const svgFilters = freeze([
-  'feBlend',
-  'feColorMatrix',
-  'feComponentTransfer',
-  'feComposite',
-  'feConvolveMatrix',
-  'feDiffuseLighting',
-  'feDisplacementMap',
-  'feDistantLight',
-  'feDropShadow',
-  'feFlood',
-  'feFuncA',
-  'feFuncB',
-  'feFuncG',
-  'feFuncR',
-  'feGaussianBlur',
-  'feImage',
-  'feMerge',
-  'feMergeNode',
-  'feMorphology',
-  'feOffset',
-  'fePointLight',
-  'feSpecularLighting',
-  'feSpotLight',
-  'feTile',
-  'feTurbulence',
-]);
-
-// List of SVG elements that are disallowed by default.
-// We still need to know them so that we can do namespace
-// checks properly in case one wants to add them to
-// allow-list.
-export const svgDisallowed = freeze([
-  'animate',
-  'color-profile',
-  'cursor',
-  'discard',
-  'font-face',
-  'font-face-format',
-  'font-face-name',
-  'font-face-src',
-  'font-face-uri',
-  'foreignobject',
-  'hatch',
-  'hatchpath',
-  'mesh',
-  'meshgradient',
-  'meshpatch',
-  'meshrow',
-  'missing-glyph',
-  'script',
-  'set',
-  'solidcolor',
-  'unknown',
-  'use',
-]);
-
-export const mathMl = freeze([
-  'math',
-  'menclose',
-  'merror',
-  'mfenced',
-  'mfrac',
-  'mglyph',
-  'mi',
-  'mlabeledtr',
-  'mmultiscripts',
-  'mn',
-  'mo',
-  'mover',
-  'mpadded',
-  'mphantom',
-  'mroot',
-  'mrow',
-  'ms',
-  'mspace',
-  'msqrt',
-  'mstyle',
-  'msub',
-  'msup',
-  'msubsup',
-  'mtable',
-  'mtd',
-  'mtext',
-  'mtr',
-  'munder',
-  'munderover',
-  'mprescripts',
-]);
-
-// Similarly to SVG, we want to know all MathML elements,
-// even those that we disallow by default.
-export const mathMlDisallowed = freeze([
-  'maction',
-  'maligngroup',
-  'malignmark',
-  'mlongdiv',
-  'mscarries',
-  'mscarry',
-  'msgroup',
-  'mstack',
-  'msline',
-  'msrow',
-  'semantics',
-  'annotation',
-  'annotation-xml',
-  'mprescripts',
-  'none',
-]);
-
-export const text = freeze(['#text']);

src/ui/app/static/libs/purify/src/utils.js

@@ -1,226 +0,0 @@
-const {
-  entries,
-  setPrototypeOf,
-  isFrozen,
-  getPrototypeOf,
-  getOwnPropertyDescriptor,
-} = Object;
-
-let { freeze, seal, create } = Object; // eslint-disable-line import/no-mutable-exports
-let { apply, construct } = typeof Reflect !== 'undefined' && Reflect;
-
-if (!freeze) {
-  freeze = function (x) {
-    return x;
-  };
-}
-
-if (!seal) {
-  seal = function (x) {
-    return x;
-  };
-}
-
-if (!apply) {
-  apply = function (fun, thisValue, args) {
-    return fun.apply(thisValue, args);
-  };
-}
-
-if (!construct) {
-  construct = function (Func, args) {
-    return new Func(...args);
-  };
-}
-
-const arrayForEach = unapply(Array.prototype.forEach);
-const arrayIndexOf = unapply(Array.prototype.indexOf);
-const arrayPop = unapply(Array.prototype.pop);
-const arrayPush = unapply(Array.prototype.push);
-const arraySlice = unapply(Array.prototype.slice);
-
-const stringToLowerCase = unapply(String.prototype.toLowerCase);
-const stringToString = unapply(String.prototype.toString);
-const stringMatch = unapply(String.prototype.match);
-const stringReplace = unapply(String.prototype.replace);
-const stringIndexOf = unapply(String.prototype.indexOf);
-const stringTrim = unapply(String.prototype.trim);
-
-const objectHasOwnProperty = unapply(Object.prototype.hasOwnProperty);
-
-const regExpTest = unapply(RegExp.prototype.test);
-
-const typeErrorCreate = unconstruct(TypeError);
-
-/**
- * Creates a new function that calls the given function with a specified thisArg and arguments.
- *
- * @param {Function} func - The function to be wrapped and called.
- * @returns {Function} A new function that calls the given function with a specified thisArg and arguments.
- */
-function unapply(func) {
-  return (thisArg, ...args) => apply(func, thisArg, args);
-}
-
-/**
- * Creates a new function that constructs an instance of the given constructor function with the provided arguments.
- *
- * @param {Function} func - The constructor function to be wrapped and called.
- * @returns {Function} A new function that constructs an instance of the given constructor function with the provided arguments.
- */
-function unconstruct(func) {
-  return (...args) => construct(func, args);
-}
-
-/**
- * Add properties to a lookup table
- *
- * @param {Object} set - The set to which elements will be added.
- * @param {Array} array - The array containing elements to be added to the set.
- * @param {Function} transformCaseFunc - An optional function to transform the case of each element before adding to the set.
- * @returns {Object} The modified set with added elements.
- */
-function addToSet(set, array, transformCaseFunc = stringToLowerCase) {
-  if (setPrototypeOf) {
-    // Make 'in' and truthy checks like Boolean(set.constructor)
-    // independent of any properties defined on Object.prototype.
-    // Prevent prototype setters from intercepting set as a this value.
-    setPrototypeOf(set, null);
-  }
-
-  let l = array.length;
-  while (l--) {
-    let element = array[l];
-    if (typeof element === 'string') {
-      const lcElement = transformCaseFunc(element);
-      if (lcElement !== element) {
-        // Config presets (e.g. tags.js, attrs.js) are immutable.
-        if (!isFrozen(array)) {
-          array[l] = lcElement;
-        }
-
-        element = lcElement;
-      }
-    }
-
-    set[element] = true;
-  }
-
-  return set;
-}
-
-/**
- * Clean up an array to harden against CSPP
- *
- * @param {Array} array - The array to be cleaned.
- * @returns {Array} The cleaned version of the array
- */
-function cleanArray(array) {
-  for (let index = 0; index < array.length; index++) {
-    const isPropertyExist = objectHasOwnProperty(array, index);
-
-    if (!isPropertyExist) {
-      array[index] = null;
-    }
-  }
-
-  return array;
-}
-
-/**
- * Shallow clone an object
- *
- * @param {Object} object - The object to be cloned.
- * @returns {Object} A new object that copies the original.
- */
-function clone(object) {
-  const newObject = create(null);
-
-  for (const [property, value] of entries(object)) {
-    const isPropertyExist = objectHasOwnProperty(object, property);
-
-    if (isPropertyExist) {
-      if (Array.isArray(value)) {
-        newObject[property] = cleanArray(value);
-      } else if (
-        value &&
-        typeof value === 'object' &&
-        value.constructor === Object
-      ) {
-        newObject[property] = clone(value);
-      } else {
-        newObject[property] = value;
-      }
-    }
-  }
-
-  return newObject;
-}
-
-/**
- * This method automatically checks if the prop is function or getter and behaves accordingly.
- *
- * @param {Object} object - The object to look up the getter function in its prototype chain.
- * @param {String} prop - The property name for which to find the getter function.
- * @returns {Function} The getter function found in the prototype chain or a fallback function.
- */
-function lookupGetter(object, prop) {
-  while (object !== null) {
-    const desc = getOwnPropertyDescriptor(object, prop);
-
-    if (desc) {
-      if (desc.get) {
-        return unapply(desc.get);
-      }
-
-      if (typeof desc.value === 'function') {
-        return unapply(desc.value);
-      }
-    }
-
-    object = getPrototypeOf(object);
-  }
-
-  function fallbackValue() {
-    return null;
-  }
-
-  return fallbackValue;
-}
-
-export {
-  // Array
-  arrayForEach,
-  arrayIndexOf,
-  arrayPop,
-  arrayPush,
-  arraySlice,
-  // Object
-  entries,
-  freeze,
-  getPrototypeOf,
-  getOwnPropertyDescriptor,
-  isFrozen,
-  setPrototypeOf,
-  seal,
-  clone,
-  create,
-  objectHasOwnProperty,
-  // RegExp
-  regExpTest,
-  // String
-  stringIndexOf,
-  stringMatch,
-  stringReplace,
-  stringToLowerCase,
-  stringToString,
-  stringTrim,
-  // Errors
-  typeErrorCreate,
-  // Other
-  lookupGetter,
-  addToSet,
-  // Reflect
-  unapply,
-  unconstruct,
-};