{"version":3,"file":"ui/thirdparty/npm.angular-sanitize.4fde28ebd8f6f43e0200.js","mappings":"4EAKA,SAAUA,EAAQC,GAAU,aAa5B,IACIC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EAVAC,EAAkBX,EAAQY,SAAS,aA+pBvCZ,EAAQa,OAAO,aAAc,IAC1BC,SAAS,aA3hBZ,WACE,IAAIC,GAAsB,EACtBC,GAAa,EAEjBC,KAAKC,KAAO,CAAC,gBAAiB,SAASC,GAKrC,OAJAJ,GAAsB,EAClBC,GACFd,EAAOkB,EAAeC,GAEjB,SAASC,GACd,IAAIC,EAAM,GAIV,OAHAd,EAAWa,EAAMZ,EAAmBa,GAAK,SAASC,EAAKC,GACrD,OAAQ,WAAWC,KAAKP,EAAcK,EAAKC,GAC7C,KACOF,EAAII,KAAK,GAClB,CACF,GAiCAV,KAAKW,UAAY,SAASA,GACxB,OAAIvB,EAAUuB,IACZZ,EAAaY,EACNX,MAEAD,CAEX,EAiDAC,KAAKY,iBAAmB,SAASC,GAY/B,OAXKf,IACCX,EAAQ0B,KACVA,EAAW,CAACC,aAAcD,IAG5BE,EAAcX,EAAaS,EAAST,aACpCW,EAAcC,EAAcH,EAASI,kBACrCF,EAAcZ,EAAeU,EAASI,kBACtCF,EAAcZ,EAAeU,EAASC,eAGjCd,IACT,EAgCAA,KAAKkB,cAAgB,SAASC,GAI5B,OAHKrB,GACHb,EAAOmC,EAAYC,EAAWF,GAAO,IAEhCnB,IACT,EAMAhB,EAAOD,EAAQC,KACfC,EAASF,EAAQE,OACjBC,EAAUH,EAAQG,QAClBC,EAAUJ,EAAQI,QAClBC,EAAYL,EAAQK,UACpBC,EAAYN,EAAQuC,YACpBhC,EAAOP,EAAQO,KAEfE,EA0KA,SAAwBa,EAAMkB,GACxBlB,QACFA,EAAO,GACkB,iBAATA,IAChBA,EAAO,GAAKA,GAGd,IAAImB,EAAmBC,EAAoBpB,GAC3C,IAAKmB,EAAkB,MAAO,GAG9B,IAAIE,EAAe,EACnB,EAAG,CACD,GAAqB,IAAjBA,EACF,MAAMhC,EAAgB,SAAU,yDAElCgC,IAGArB,EAAOmB,EAAiBG,UACxBH,EAAmBC,EAAoBpB,EACzC,OAASA,IAASmB,EAAiBG,WAEnC,IAAIC,EAAOJ,EAAiBK,WAC5B,KAAOD,GAAM,CACX,OAAQA,EAAKE,UACX,KAAK,EACHP,EAAQQ,MAAMH,EAAKI,SAASC,cAAeC,EAAUN,EAAKO,aAC1D,MACF,KAAK,EACHZ,EAAQa,MAAMR,EAAKS,aAIvB,IAAIC,EACJ,MAAMA,EAAWV,EAAKC,cACE,IAAlBD,EAAKE,UACPP,EAAQgB,IAAIX,EAAKI,SAASC,eAE5BK,EAAWE,EAAiB,cAAeZ,KAEzC,KAAmB,MAAZU,IACLV,EAAOY,EAAiB,aAAcZ,MACzBJ,GACbc,EAAWE,EAAiB,cAAeZ,GACrB,IAAlBA,EAAKE,UACPP,EAAQgB,IAAIX,EAAKI,SAASC,eAKlCL,EAAOU,CACT,CAEA,KAAQV,EAAOJ,EAAiBK,YAC9BL,EAAiBiB,YAAYb,EAEjC,EAlOAnC,EA8QA,SAAgCa,EAAKoC,GACnC,IAAIC,GAAuB,EACvBC,EAAM5D,EAAKsB,EAAKA,EAAIuC,MACxB,MAAO,CACLd,MAAO,SAASe,EAAK3B,GACnB2B,EAAMzD,EAAUyD,IACXH,GAAwBI,EAAgBD,KAC3CH,EAAuBG,GAEpBH,IAA+C,IAAvBxC,EAAc2C,KACzCF,EAAI,KACJA,EAAIE,GACJ5D,EAAQiC,GAAO,SAAS6B,EAAOC,GAC7B,IAAIC,EAAO7D,EAAU4D,GACjBzC,EAAmB,QAARsC,GAA0B,QAATI,GAA6B,eAATA,GAC3B,IAArB9B,EAAW8B,KACO,IAAnBC,EAASD,KAAkBR,EAAaM,EAAOxC,KAChDoC,EAAI,KACJA,EAAIK,GACJL,EAAI,MACJA,EAAIQ,EAAeJ,IACnBJ,EAAI,KAER,IACAA,EAAI,KAER,EACAL,IAAK,SAASO,GACZA,EAAMzD,EAAUyD,GACXH,IAA+C,IAAvBxC,EAAc2C,KAAuC,IAAtB9B,EAAa8B,KACvEF,EAAI,MACJA,EAAIE,GACJF,EAAI,MAGFE,GAAOH,IACTA,GAAuB,EAE3B,EACAP,MAAO,SAASA,GACTO,GACHC,EAAIQ,EAAehB,GAEvB,EAEJ,EAzTA7C,EAAeT,EAAOuE,KAAKC,UAAUC,UAAyB,SAASC,GAErE,SAA8C,GAApCxD,KAAKyD,wBAAwBD,GACzC,EAGA,IAAIE,EAAwB,kCAE1BC,EAA0B,eASxB3C,EAAe4C,EAAY,0BAI3BC,EAA8BD,EAAY,kDAC1CE,EAA+BF,EAAY,SAC3CG,EAAyB9E,EAAO,CAAC,EACO6E,EACAD,GAGxCG,EAAgB/E,EAAO,CAAC,EAAG4E,EAA6BD,EAAY,wKAKpEK,EAAiBhF,EAAO,CAAC,EAAG6E,EAA8BF,EAAY,8JAQtExD,EAAcwD,EAAY,0NAK1Bb,EAAkBa,EAAY,gBAE9BzD,EAAgBlB,EAAO,CAAC,EACO+B,EACAgD,EACAC,EACAF,GAG/BZ,EAAWS,EAAY,yDAEvBM,EAAYN,EAAY,oTAQxBO,EAAWP,EAAY,kuCAcwD,GAE/ExC,EAAanC,EAAO,CAAC,EACOkE,EACAgB,EACAD,GAEhC,SAASN,EAAYQ,EAAKC,GACxB,OAAOhD,EAAW+C,EAAIE,MAAM,KAAMD,EACpC,CAEA,SAAShD,EAAWkD,EAAOF,GACzB,IAAcG,EAAVC,EAAM,CAAC,EACX,IAAKD,EAAI,EAAGA,EAAID,EAAMG,OAAQF,IAC5BC,EAAIJ,EAAgBhF,EAAUkF,EAAMC,IAAMD,EAAMC,KAAM,EAExD,OAAOC,CACT,CAEA,SAAS1D,EAAc4D,EAAaC,GAC9BA,GAAeA,EAAYF,QAC7BzF,EAAO0F,EAAatD,EAAWuD,GAEnC,CAOA,IAAInD,EAAoE,SAAU3C,EAAQ+F,GACxF,GAWA,WACE,IACE,QAASC,EAA8B,GACzC,CAAE,MAAOC,GACP,OAAO,CACT,CACF,CAjBIC,GACF,OAAOF,EAGT,IAAKD,IAAaA,EAASI,eACzB,MAAMvF,EAAgB,UAAW,uCAEnC,IAAIwF,EAAgBL,EAASI,eAAeE,mBAAmB,SAC3D3D,GAAoB0D,EAAcE,iBAAmBF,EAAcG,sBAAsBC,cAAc,QAC3G,OAuBA,SAA2CjF,GACzCmB,EAAiBG,UAAYtB,EAIzBwE,EAASU,cACXC,EAAmBhE,GAGrB,OAAOA,CACT,EAvBA,SAASsD,EAA8BzE,GAGrCA,EAAO,oBAAsBA,EAC7B,IACE,IAAIoF,GAAO,IAAI3G,EAAO4G,WAAYC,gBAAgBtF,EAAM,aAAaoF,KAErE,OADAA,EAAK5D,WAAW+D,SACTH,CACT,CAAE,MAAOV,GACP,MACF,CACF,CAaD,CA5CuE,CA4CrEjG,EAAQA,EAAO+F,UAyElB,SAAS3C,EAAUf,GAEjB,IADA,IAAI0E,EAAM,CAAC,EACFrB,EAAI,EAAGsB,EAAK3E,EAAMuD,OAAQF,EAAIsB,EAAItB,IAAK,CAC9C,IAAIuB,EAAO5E,EAAMqD,GACjBqB,EAAIE,EAAKC,MAAQD,EAAK/C,KACxB,CACA,OAAO6C,CACT,CAUA,SAASzC,EAAeJ,GACtB,OAAOA,EACLiD,QAAQ,KAAM,SACdA,QAAQvC,GAAuB,SAASV,GAGtC,MAAO,MAAyB,MAFvBA,EAAMkD,WAAW,GAEJ,QADZlD,EAAMkD,WAAW,GACqB,OAAU,OAAW,GACvE,IACAD,QAAQtC,GAAyB,SAASX,GACxC,MAAO,KAAOA,EAAMkD,WAAW,GAAK,GACtC,IACAD,QAAQ,KAAM,QACdA,QAAQ,KAAM,OAClB,CAmEA,SAAST,EAAmB5D,GAC1B,KAAOA,GAAM,CACX,GAAIA,EAAKE,WAAahD,EAAOuE,KAAK8C,aAEhC,IADA,IAAIhF,EAAQS,EAAKO,WACRqC,EAAI,EAAG4B,EAAIjF,EAAMuD,OAAQF,EAAI4B,EAAG5B,IAAK,CAC5C,IAAI6B,EAAWlF,EAAMqD,GACjB8B,EAAWD,EAASL,KAAK/D,cACZ,cAAbqE,GAAgE,IAApCA,EAASC,YAAY,OAAQ,KAC3D3E,EAAK4E,oBAAoBH,GACzB7B,IACA4B,IAEJ,CAGF,IAAI9D,EAAWV,EAAKC,WAChBS,GACFkD,EAAmBlD,GAGrBV,EAAOY,EAAiB,cAAeZ,EACzC,CACF,CAEA,SAASY,EAAiBiE,EAAU7E,GAElC,IAAIU,EAAWV,EAAK6E,GACpB,GAAInE,GAAY/C,EAAamH,KAAK9E,EAAMU,GACtC,MAAM5C,EAAgB,SAAU,gEAAiEkC,EAAK+E,WAAa/E,EAAKgF,WAE1H,OAAOtE,CACT,CACF,IAaGuE,KAAK,CAAEC,eAAgB,UAiI1B/H,EAAQa,OAAO,cAAcmH,OAAO,QAAS,CAAC,YAAa,SAASC,GAClE,IAAIC,EACE,4FACFC,EAAgB,YAEhBC,EAAcpI,EAAQY,SAAS,SAC/BP,EAAYL,EAAQK,UACpBgI,EAAarI,EAAQqI,WACrBC,EAAWtI,EAAQsI,SACnBC,EAAWvI,EAAQuI,SAEvB,OAAO,SAASC,EAAMC,EAAQrF,GAC5B,GAAY,MAARoF,GAAyB,KAATA,EAAa,OAAOA,EACxC,IAAKD,EAASC,GAAO,MAAMJ,EAAY,YAAa,oCAAqCI,GAYzF,IAVA,IAKIE,EAGAC,EACAlD,EATAmD,EACFP,EAAWjF,GAAcA,EACzBkF,EAASlF,GAAc,WAAgC,OAAOA,CAAW,EACzE,WAAqC,MAAO,CAAC,CAAE,EAG7CyF,EAAML,EACNlH,EAAO,GAGHoH,EAAQG,EAAIH,MAAMR,IAExBS,EAAMD,EAAM,GAEPA,EAAM,IAAOA,EAAM,KACtBC,GAAOD,EAAM,GAAK,UAAY,WAAaC,GAE7ClD,EAAIiD,EAAMI,MACVC,EAAQF,EAAIG,OAAO,EAAGvD,IACtBwD,EAAQN,EAAKD,EAAM,GAAGxB,QAAQiB,EAAe,KAC7CU,EAAMA,EAAIK,UAAUzD,EAAIiD,EAAM,GAAG/C,QAGnC,OADAoD,EAAQF,GACDZ,EAAU3G,EAAKK,KAAK,KAE3B,SAASoH,EAAQP,GApLrB,IAAsBnF,EAChB9B,EAoLKiH,GAGLlH,EAAKwC,MAxLWT,EAwLOmF,EAtLd9H,EADTa,EAAM,GAC2BhB,GAC9B8C,MAAMA,GACN9B,EAAII,KAAK,KAqLd,CAEA,SAASsH,EAAQN,EAAKH,GACpB,IAAItE,EAAKiF,EAAiBP,EAAaD,GAGvC,IAAKzE,KAFL5C,EAAKwC,KAAK,OAEEqF,EACV7H,EAAKwC,KAAKI,EAAM,KAAOiF,EAAejF,GAAO,MAG3C7D,EAAUoI,MAAa,WAAYU,IACrC7H,EAAKwC,KAAK,WACA2E,EACA,MAEZnH,EAAKwC,KAAK,SACA6E,EAAIzB,QAAQ,KAAM,UAClB,MACV6B,EAAQP,GACRlH,EAAKwC,KAAK,OACZ,CACF,CACF,GAGC,CAr3BD,CAq3BG/D,OAAQA,OAAOC,Q,kBC13BlB,EAAQ,OACRa,EAAOuI,QAAU,Y","sources":["webpack://apps/./node_modules/angular-sanitize/angular-sanitize.js","webpack://apps/./node_modules/angular-sanitize/index.js"],"sourcesContent":["/**\n * @license AngularJS v1.8.3\n * (c) 2010-2020 Google LLC. http://angularjs.org\n * License: MIT\n */\n(function(window, angular) {'use strict';\n\n/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\n * Any commits to this file should be reviewed with security in mind. *\n * Changes to this file can potentially create security vulnerabilities. *\n * An approval from 2 Core members with history of modifying *\n * this file is required. *\n * *\n * Does the change somehow allow for arbitrary javascript to be executed? *\n * Or allows for someone to change the prototype of built-in objects? *\n * Or gives undesired access to variables likes document or window? *\n * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */\n\nvar $sanitizeMinErr = angular.$$minErr('$sanitize');\nvar bind;\nvar extend;\nvar forEach;\nvar isArray;\nvar isDefined;\nvar lowercase;\nvar noop;\nvar nodeContains;\nvar htmlParser;\nvar htmlSanitizeWriter;\n\n/**\n * @ngdoc module\n * @name ngSanitize\n * @description\n *\n * The `ngSanitize` module provides functionality to sanitize HTML.\n *\n * See {@link ngSanitize.$sanitize `$sanitize`} for usage.\n */\n\n/**\n * @ngdoc service\n * @name $sanitize\n * @kind function\n *\n * @description\n * Sanitizes an html string by stripping all potentially dangerous tokens.\n *\n * The input is sanitized by parsing the HTML into tokens. All safe tokens (from a trusted URI list) are\n * then serialized back to a properly escaped HTML string. This means that no unsafe input can make\n * it into the returned string.\n *\n * The trusted URIs for URL sanitization of attribute values is configured using the functions\n * `aHrefSanitizationTrustedUrlList` and `imgSrcSanitizationTrustedUrlList` of {@link $compileProvider}.\n *\n * The input may also contain SVG markup if this is enabled via {@link $sanitizeProvider}.\n *\n * @param {string} html HTML input.\n * @returns {string} Sanitized HTML.\n *\n * @example\n \n \n \n
\n Snippet: \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n
DirectiveHowSourceRendered
ng-bind-htmlAutomatically uses $sanitize
<div ng-bind-html=\"snippet\">
</div>
ng-bind-htmlBypass $sanitize by explicitly trusting the dangerous value\n 
<div ng-bind-html=\"deliberatelyTrustDangerousSnippet()\">\n</div>
\n
ng-bindAutomatically escapes
<div ng-bind=\"snippet\">
</div>
\n
\n \n \n it('should sanitize the html snippet by default', function() {\n expect(element(by.css('#bind-html-with-sanitize div')).getAttribute('innerHTML')).\n toBe('

an html\\nclick here\\nsnippet

');\n });\n\n it('should inline raw snippet if bound to a trusted value', function() {\n expect(element(by.css('#bind-html-with-trust div')).getAttribute('innerHTML')).\n toBe(\"

an html\\n\" +\n \"click here\\n\" +\n \"snippet

\");\n });\n\n it('should escape snippet without any filter', function() {\n expect(element(by.css('#bind-default div')).getAttribute('innerHTML')).\n toBe(\"<p style=\\\"color:blue\\\">an html\\n\" +\n \"<em onmouseover=\\\"this.textContent='PWN3D!'\\\">click here</em>\\n\" +\n \"snippet</p>\");\n });\n\n it('should update', function() {\n element(by.model('snippet')).clear();\n element(by.model('snippet')).sendKeys('new text');\n expect(element(by.css('#bind-html-with-sanitize div')).getAttribute('innerHTML')).\n toBe('new text');\n expect(element(by.css('#bind-html-with-trust div')).getAttribute('innerHTML')).toBe(\n 'new text');\n expect(element(by.css('#bind-default div')).getAttribute('innerHTML')).toBe(\n \"new <b onclick=\\\"alert(1)\\\">text</b>\");\n });\n \n \n */\n\n\n/**\n * @ngdoc provider\n * @name $sanitizeProvider\n * @this\n *\n * @description\n * Creates and configures {@link $sanitize} instance.\n */\nfunction $SanitizeProvider() {\n var hasBeenInstantiated = false;\n var svgEnabled = false;\n\n this.$get = ['$$sanitizeUri', function($$sanitizeUri) {\n hasBeenInstantiated = true;\n if (svgEnabled) {\n extend(validElements, svgElements);\n }\n return function(html) {\n var buf = [];\n htmlParser(html, htmlSanitizeWriter(buf, function(uri, isImage) {\n return !/^unsafe:/.test($$sanitizeUri(uri, isImage));\n }));\n return buf.join('');\n };\n }];\n\n\n /**\n * @ngdoc method\n * @name $sanitizeProvider#enableSvg\n * @kind function\n *\n * @description\n * Enables a subset of svg to be supported by the sanitizer.\n *\n *
\n *

By enabling this setting without taking other precautions, you might expose your\n * application to click-hijacking attacks. In these attacks, sanitized svg elements could be positioned\n * outside of the containing element and be rendered over other elements on the page (e.g. a login\n * link). Such behavior can then result in phishing incidents.

\n *\n *

To protect against these, explicitly setup `overflow: hidden` css rule for all potential svg\n * tags within the sanitized content:

\n *\n *
\n *\n * 
\n   *   .rootOfTheIncludedContent svg {\n   *     overflow: hidden !important;\n   *   }\n   *
\n *
\n *\n * @param {boolean=} flag Enable or disable SVG support in the sanitizer.\n * @returns {boolean|$sanitizeProvider} Returns the currently configured value if called\n * without an argument or self for chaining otherwise.\n */\n this.enableSvg = function(enableSvg) {\n if (isDefined(enableSvg)) {\n svgEnabled = enableSvg;\n return this;\n } else {\n return svgEnabled;\n }\n };\n\n\n /**\n * @ngdoc method\n * @name $sanitizeProvider#addValidElements\n * @kind function\n *\n * @description\n * Extends the built-in lists of valid HTML/SVG elements, i.e. elements that are considered safe\n * and are not stripped off during sanitization. You can extend the following lists of elements:\n *\n * - `htmlElements`: A list of elements (tag names) to extend the current list of safe HTML\n * elements. HTML elements considered safe will not be removed during sanitization. All other\n * elements will be stripped off.\n *\n * - `htmlVoidElements`: This is similar to `htmlElements`, but marks the elements as\n * \"void elements\" (similar to HTML\n * [void elements](https://rawgit.com/w3c/html/html5.1-2/single-page.html#void-elements)). These\n * elements have no end tag and cannot have content.\n *\n * - `svgElements`: This is similar to `htmlElements`, but for SVG elements. This list is only\n * taken into account if SVG is {@link ngSanitize.$sanitizeProvider#enableSvg enabled} for\n * `$sanitize`.\n *\n *
\n * This method must be called during the {@link angular.Module#config config} phase. Once the\n * `$sanitize` service has been instantiated, this method has no effect.\n *
\n *\n *
\n * Keep in mind that extending the built-in lists of elements may expose your app to XSS or\n * other vulnerabilities. Be very mindful of the elements you add.\n *
\n *\n * @param {Array|Object} elements - A list of valid HTML elements or an object with one or\n * more of the following properties:\n * - **htmlElements** - `{Array}` - A list of elements to extend the current list of\n * HTML elements.\n * - **htmlVoidElements** - `{Array}` - A list of elements to extend the current list of\n * void HTML elements; i.e. elements that do not have an end tag.\n * - **svgElements** - `{Array}` - A list of elements to extend the current list of SVG\n * elements. The list of SVG elements is only taken into account if SVG is\n * {@link ngSanitize.$sanitizeProvider#enableSvg enabled} for `$sanitize`.\n *\n * Passing an array (`[...]`) is equivalent to passing `{htmlElements: [...]}`.\n *\n * @return {$sanitizeProvider} Returns self for chaining.\n */\n this.addValidElements = function(elements) {\n if (!hasBeenInstantiated) {\n if (isArray(elements)) {\n elements = {htmlElements: elements};\n }\n\n addElementsTo(svgElements, elements.svgElements);\n addElementsTo(voidElements, elements.htmlVoidElements);\n addElementsTo(validElements, elements.htmlVoidElements);\n addElementsTo(validElements, elements.htmlElements);\n }\n\n return this;\n };\n\n\n /**\n * @ngdoc method\n * @name $sanitizeProvider#addValidAttrs\n * @kind function\n *\n * @description\n * Extends the built-in list of valid attributes, i.e. attributes that are considered safe and are\n * not stripped off during sanitization.\n *\n * **Note**:\n * The new attributes will not be treated as URI attributes, which means their values will not be\n * sanitized as URIs using `$compileProvider`'s\n * {@link ng.$compileProvider#aHrefSanitizationTrustedUrlList aHrefSanitizationTrustedUrlList} and\n * {@link ng.$compileProvider#imgSrcSanitizationTrustedUrlList imgSrcSanitizationTrustedUrlList}.\n *\n *
\n * This method must be called during the {@link angular.Module#config config} phase. Once the\n * `$sanitize` service has been instantiated, this method has no effect.\n *
\n *\n *
\n * Keep in mind that extending the built-in list of attributes may expose your app to XSS or\n * other vulnerabilities. Be very mindful of the attributes you add.\n *
\n *\n * @param {Array} attrs - A list of valid attributes.\n *\n * @returns {$sanitizeProvider} Returns self for chaining.\n */\n this.addValidAttrs = function(attrs) {\n if (!hasBeenInstantiated) {\n extend(validAttrs, arrayToMap(attrs, true));\n }\n return this;\n };\n\n //////////////////////////////////////////////////////////////////////////////////////////////////\n // Private stuff\n //////////////////////////////////////////////////////////////////////////////////////////////////\n\n bind = angular.bind;\n extend = angular.extend;\n forEach = angular.forEach;\n isArray = angular.isArray;\n isDefined = angular.isDefined;\n lowercase = angular.$$lowercase;\n noop = angular.noop;\n\n htmlParser = htmlParserImpl;\n htmlSanitizeWriter = htmlSanitizeWriterImpl;\n\n nodeContains = window.Node.prototype.contains || /** @this */ function(arg) {\n // eslint-disable-next-line no-bitwise\n return !!(this.compareDocumentPosition(arg) & 16);\n };\n\n // Regular Expressions for parsing tags and attributes\n var SURROGATE_PAIR_REGEXP = /[\\uD800-\\uDBFF][\\uDC00-\\uDFFF]/g,\n // Match everything outside of normal chars and \" (quote character)\n NON_ALPHANUMERIC_REGEXP = /([^#-~ |!])/g;\n\n\n // Good source of info about elements and attributes\n // http://dev.w3.org/html5/spec/Overview.html#semantics\n // http://simon.html5.org/html-elements\n\n // Safe Void Elements - HTML5\n // http://dev.w3.org/html5/spec/Overview.html#void-elements\n var voidElements = stringToMap('area,br,col,hr,img,wbr');\n\n // Elements that you can, intentionally, leave open (and which close themselves)\n // http://dev.w3.org/html5/spec/Overview.html#optional-tags\n var optionalEndTagBlockElements = stringToMap('colgroup,dd,dt,li,p,tbody,td,tfoot,th,thead,tr'),\n optionalEndTagInlineElements = stringToMap('rp,rt'),\n optionalEndTagElements = extend({},\n optionalEndTagInlineElements,\n optionalEndTagBlockElements);\n\n // Safe Block Elements - HTML5\n var blockElements = extend({}, optionalEndTagBlockElements, stringToMap('address,article,' +\n 'aside,blockquote,caption,center,del,dir,div,dl,figure,figcaption,footer,h1,h2,h3,h4,h5,' +\n 'h6,header,hgroup,hr,ins,map,menu,nav,ol,pre,section,table,ul'));\n\n // Inline Elements - HTML5\n var inlineElements = extend({}, optionalEndTagInlineElements, stringToMap('a,abbr,acronym,b,' +\n 'bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,q,ruby,rp,rt,s,' +\n 'samp,small,span,strike,strong,sub,sup,time,tt,u,var'));\n\n // SVG Elements\n // https://wiki.whatwg.org/wiki/Sanitization_rules#svg_Elements\n // Note: the elements animate,animateColor,animateMotion,animateTransform,set are intentionally omitted.\n // They can potentially allow for arbitrary javascript to be executed. See #11290\n var svgElements = stringToMap('circle,defs,desc,ellipse,font-face,font-face-name,font-face-src,g,glyph,' +\n 'hkern,image,linearGradient,line,marker,metadata,missing-glyph,mpath,path,polygon,polyline,' +\n 'radialGradient,rect,stop,svg,switch,text,title,tspan');\n\n // Blocked Elements (will be stripped)\n var blockedElements = stringToMap('script,style');\n\n var validElements = extend({},\n voidElements,\n blockElements,\n inlineElements,\n optionalEndTagElements);\n\n //Attributes that have href and hence need to be sanitized\n var uriAttrs = stringToMap('background,cite,href,longdesc,src,xlink:href,xml:base');\n\n var htmlAttrs = stringToMap('abbr,align,alt,axis,bgcolor,border,cellpadding,cellspacing,class,clear,' +\n 'color,cols,colspan,compact,coords,dir,face,headers,height,hreflang,hspace,' +\n 'ismap,lang,language,nohref,nowrap,rel,rev,rows,rowspan,rules,' +\n 'scope,scrolling,shape,size,span,start,summary,tabindex,target,title,type,' +\n 'valign,value,vspace,width');\n\n // SVG attributes (without \"id\" and \"name\" attributes)\n // https://wiki.whatwg.org/wiki/Sanitization_rules#svg_Attributes\n var svgAttrs = stringToMap('accent-height,accumulate,additive,alphabetic,arabic-form,ascent,' +\n 'baseProfile,bbox,begin,by,calcMode,cap-height,class,color,color-rendering,content,' +\n 'cx,cy,d,dx,dy,descent,display,dur,end,fill,fill-rule,font-family,font-size,font-stretch,' +\n 'font-style,font-variant,font-weight,from,fx,fy,g1,g2,glyph-name,gradientUnits,hanging,' +\n 'height,horiz-adv-x,horiz-origin-x,ideographic,k,keyPoints,keySplines,keyTimes,lang,' +\n 'marker-end,marker-mid,marker-start,markerHeight,markerUnits,markerWidth,mathematical,' +\n 'max,min,offset,opacity,orient,origin,overline-position,overline-thickness,panose-1,' +\n 'path,pathLength,points,preserveAspectRatio,r,refX,refY,repeatCount,repeatDur,' +\n 'requiredExtensions,requiredFeatures,restart,rotate,rx,ry,slope,stemh,stemv,stop-color,' +\n 'stop-opacity,strikethrough-position,strikethrough-thickness,stroke,stroke-dasharray,' +\n 'stroke-dashoffset,stroke-linecap,stroke-linejoin,stroke-miterlimit,stroke-opacity,' +\n 'stroke-width,systemLanguage,target,text-anchor,to,transform,type,u1,u2,underline-position,' +\n 'underline-thickness,unicode,unicode-range,units-per-em,values,version,viewBox,visibility,' +\n 'width,widths,x,x-height,x1,x2,xlink:actuate,xlink:arcrole,xlink:role,xlink:show,xlink:title,' +\n 'xlink:type,xml:base,xml:lang,xml:space,xmlns,xmlns:xlink,y,y1,y2,zoomAndPan', true);\n\n var validAttrs = extend({},\n uriAttrs,\n svgAttrs,\n htmlAttrs);\n\n function stringToMap(str, lowercaseKeys) {\n return arrayToMap(str.split(','), lowercaseKeys);\n }\n\n function arrayToMap(items, lowercaseKeys) {\n var obj = {}, i;\n for (i = 0; i < items.length; i++) {\n obj[lowercaseKeys ? lowercase(items[i]) : items[i]] = true;\n }\n return obj;\n }\n\n function addElementsTo(elementsMap, newElements) {\n if (newElements && newElements.length) {\n extend(elementsMap, arrayToMap(newElements));\n }\n }\n\n /**\n * Create an inert document that contains the dirty HTML that needs sanitizing.\n * We use the DOMParser API by default and fall back to createHTMLDocument if DOMParser is not\n * available.\n */\n var getInertBodyElement /* function(html: string): HTMLBodyElement */ = (function(window, document) {\n if (isDOMParserAvailable()) {\n return getInertBodyElement_DOMParser;\n }\n\n if (!document || !document.implementation) {\n throw $sanitizeMinErr('noinert', 'Can\\'t create an inert html document');\n }\n var inertDocument = document.implementation.createHTMLDocument('inert');\n var inertBodyElement = (inertDocument.documentElement || inertDocument.getDocumentElement()).querySelector('body');\n return getInertBodyElement_InertDocument;\n\n function isDOMParserAvailable() {\n try {\n return !!getInertBodyElement_DOMParser('');\n } catch (e) {\n return false;\n }\n }\n\n function getInertBodyElement_DOMParser(html) {\n // We add this dummy element to ensure that the rest of the content is parsed as expected\n // e.g. leading whitespace is maintained and tags like `` do not get hoisted to the `` tag.\n html = '' + html;\n try {\n var body = new window.DOMParser().parseFromString(html, 'text/html').body;\n body.firstChild.remove();\n return body;\n } catch (e) {\n return undefined;\n }\n }\n\n function getInertBodyElement_InertDocument(html) {\n inertBodyElement.innerHTML = html;\n\n // Support: IE 9-11 only\n // strip custom-namespaced attributes on IE<=11\n if (document.documentMode) {\n stripCustomNsAttrs(inertBodyElement);\n }\n\n return inertBodyElement;\n }\n })(window, window.document);\n\n /**\n * @example\n * htmlParser(htmlString, {\n * start: function(tag, attrs) {},\n * end: function(tag) {},\n * chars: function(text) {},\n * comment: function(text) {}\n * });\n *\n * @param {string} html string\n * @param {object} handler\n */\n function htmlParserImpl(html, handler) {\n if (html === null || html === undefined) {\n html = '';\n } else if (typeof html !== 'string') {\n html = '' + html;\n }\n\n var inertBodyElement = getInertBodyElement(html);\n if (!inertBodyElement) return '';\n\n //mXSS protection\n var mXSSAttempts = 5;\n do {\n if (mXSSAttempts === 0) {\n throw $sanitizeMinErr('uinput', 'Failed to sanitize html because the input is unstable');\n }\n mXSSAttempts--;\n\n // trigger mXSS if it is going to happen by reading and writing the innerHTML\n html = inertBodyElement.innerHTML;\n inertBodyElement = getInertBodyElement(html);\n } while (html !== inertBodyElement.innerHTML);\n\n var node = inertBodyElement.firstChild;\n while (node) {\n switch (node.nodeType) {\n case 1: // ELEMENT_NODE\n handler.start(node.nodeName.toLowerCase(), attrToMap(node.attributes));\n break;\n case 3: // TEXT NODE\n handler.chars(node.textContent);\n break;\n }\n\n var nextNode;\n if (!(nextNode = node.firstChild)) {\n if (node.nodeType === 1) {\n handler.end(node.nodeName.toLowerCase());\n }\n nextNode = getNonDescendant('nextSibling', node);\n if (!nextNode) {\n while (nextNode == null) {\n node = getNonDescendant('parentNode', node);\n if (node === inertBodyElement) break;\n nextNode = getNonDescendant('nextSibling', node);\n if (node.nodeType === 1) {\n handler.end(node.nodeName.toLowerCase());\n }\n }\n }\n }\n node = nextNode;\n }\n\n while ((node = inertBodyElement.firstChild)) {\n inertBodyElement.removeChild(node);\n }\n }\n\n function attrToMap(attrs) {\n var map = {};\n for (var i = 0, ii = attrs.length; i < ii; i++) {\n var attr = attrs[i];\n map[attr.name] = attr.value;\n }\n return map;\n }\n\n\n /**\n * Escapes all potentially dangerous characters, so that the\n * resulting string can be safely inserted into attribute or\n * element text.\n * @param value\n * @returns {string} escaped text\n */\n function encodeEntities(value) {\n return value.\n replace(/&/g, '&').\n replace(SURROGATE_PAIR_REGEXP, function(value) {\n var hi = value.charCodeAt(0);\n var low = value.charCodeAt(1);\n return '&#' + (((hi - 0xD800) * 0x400) + (low - 0xDC00) + 0x10000) + ';';\n }).\n replace(NON_ALPHANUMERIC_REGEXP, function(value) {\n return '&#' + value.charCodeAt(0) + ';';\n }).\n replace(//g, '>');\n }\n\n /**\n * create an HTML/XML writer which writes to buffer\n * @param {Array} buf use buf.join('') to get out sanitized html string\n * @returns {object} in the form of {\n * start: function(tag, attrs) {},\n * end: function(tag) {},\n * chars: function(text) {},\n * comment: function(text) {}\n * }\n */\n function htmlSanitizeWriterImpl(buf, uriValidator) {\n var ignoreCurrentElement = false;\n var out = bind(buf, buf.push);\n return {\n start: function(tag, attrs) {\n tag = lowercase(tag);\n if (!ignoreCurrentElement && blockedElements[tag]) {\n ignoreCurrentElement = tag;\n }\n if (!ignoreCurrentElement && validElements[tag] === true) {\n out('<');\n out(tag);\n forEach(attrs, function(value, key) {\n var lkey = lowercase(key);\n var isImage = (tag === 'img' && lkey === 'src') || (lkey === 'background');\n if (validAttrs[lkey] === true &&\n (uriAttrs[lkey] !== true || uriValidator(value, isImage))) {\n out(' ');\n out(key);\n out('=\"');\n out(encodeEntities(value));\n out('\"');\n }\n });\n out('>');\n }\n },\n end: function(tag) {\n tag = lowercase(tag);\n if (!ignoreCurrentElement && validElements[tag] === true && voidElements[tag] !== true) {\n out('');\n }\n // eslint-disable-next-line eqeqeq\n if (tag == ignoreCurrentElement) {\n ignoreCurrentElement = false;\n }\n },\n chars: function(chars) {\n if (!ignoreCurrentElement) {\n out(encodeEntities(chars));\n }\n }\n };\n }\n\n\n /**\n * When IE9-11 comes across an unknown namespaced attribute e.g. 'xlink:foo' it adds 'xmlns:ns1' attribute to declare\n * ns1 namespace and prefixes the attribute with 'ns1' (e.g. 'ns1:xlink:foo'). This is undesirable since we don't want\n * to allow any of these custom attributes. This method strips them all.\n *\n * @param node Root element to process\n */\n function stripCustomNsAttrs(node) {\n while (node) {\n if (node.nodeType === window.Node.ELEMENT_NODE) {\n var attrs = node.attributes;\n for (var i = 0, l = attrs.length; i < l; i++) {\n var attrNode = attrs[i];\n var attrName = attrNode.name.toLowerCase();\n if (attrName === 'xmlns:ns1' || attrName.lastIndexOf('ns1:', 0) === 0) {\n node.removeAttributeNode(attrNode);\n i--;\n l--;\n }\n }\n }\n\n var nextNode = node.firstChild;\n if (nextNode) {\n stripCustomNsAttrs(nextNode);\n }\n\n node = getNonDescendant('nextSibling', node);\n }\n }\n\n function getNonDescendant(propName, node) {\n // An element is clobbered if its `propName` property points to one of its descendants\n var nextNode = node[propName];\n if (nextNode && nodeContains.call(node, nextNode)) {\n throw $sanitizeMinErr('elclob', 'Failed to sanitize html because the element is clobbered: {0}', node.outerHTML || node.outerText);\n }\n return nextNode;\n }\n}\n\nfunction sanitizeText(chars) {\n var buf = [];\n var writer = htmlSanitizeWriter(buf, noop);\n writer.chars(chars);\n return buf.join('');\n}\n\n\n// define ngSanitize module and register $sanitize service\nangular.module('ngSanitize', [])\n .provider('$sanitize', $SanitizeProvider)\n .info({ angularVersion: '1.8.3' });\n\n/**\n * @ngdoc filter\n * @name linky\n * @kind function\n *\n * @description\n * Finds links in text input and turns them into html links. Supports `http/https/ftp/sftp/mailto` and\n * plain email address links.\n *\n * Requires the {@link ngSanitize `ngSanitize`} module to be installed.\n *\n * @param {string} text Input text.\n * @param {string} [target] Window (`_blank|_self|_parent|_top`) or named frame to open links in.\n * @param {object|function(url)} [attributes] Add custom attributes to the link element.\n *\n * Can be one of:\n *\n * - `object`: A map of attributes\n * - `function`: Takes the url as a parameter and returns a map of attributes\n *\n * If the map of attributes contains a value for `target`, it overrides the value of\n * the target parameter.\n *\n *\n * @returns {string} Html-linkified and {@link $sanitize sanitized} text.\n *\n * @usage\n \n *\n * @example\n \n \n
\n Snippet: \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n
FilterSourceRendered
linky filter\n 
<div ng-bind-html=\"snippet | linky\">
</div>
\n 		\n
\n
linky target\n 
<div ng-bind-html=\"snippetWithSingleURL | linky:'_blank'\">
</div>
\n 		\n
\n
linky custom attributes\n 
<div ng-bind-html=\"snippetWithSingleURL | linky:'_self':{rel: 'nofollow'}\">
</div>
\n 		\n
\n
no filter
<div ng-bind=\"snippet\">
</div>
\n \n \n angular.module('linkyExample', ['ngSanitize'])\n .controller('ExampleController', ['$scope', function($scope) {\n $scope.snippet =\n 'Pretty text with some links:\\n' +\n 'http://angularjs.org/,\\n' +\n 'mailto:us@somewhere.org,\\n' +\n 'another@somewhere.org,\\n' +\n 'and one more: ftp://127.0.0.1/.';\n $scope.snippetWithSingleURL = 'http://angularjs.org/';\n }]);\n \n \n it('should linkify the snippet with urls', function() {\n expect(element(by.id('linky-filter')).element(by.binding('snippet | linky')).getText()).\n toBe('Pretty text with some links: http://angularjs.org/, us@somewhere.org, ' +\n 'another@somewhere.org, and one more: ftp://127.0.0.1/.');\n expect(element.all(by.css('#linky-filter a')).count()).toEqual(4);\n });\n\n it('should not linkify snippet without the linky filter', function() {\n expect(element(by.id('escaped-html')).element(by.binding('snippet')).getText()).\n toBe('Pretty text with some links: http://angularjs.org/, mailto:us@somewhere.org, ' +\n 'another@somewhere.org, and one more: ftp://127.0.0.1/.');\n expect(element.all(by.css('#escaped-html a')).count()).toEqual(0);\n });\n\n it('should update', function() {\n element(by.model('snippet')).clear();\n element(by.model('snippet')).sendKeys('new http://link.');\n expect(element(by.id('linky-filter')).element(by.binding('snippet | linky')).getText()).\n toBe('new http://link.');\n expect(element.all(by.css('#linky-filter a')).count()).toEqual(1);\n expect(element(by.id('escaped-html')).element(by.binding('snippet')).getText())\n .toBe('new http://link.');\n });\n\n it('should work with the target property', function() {\n expect(element(by.id('linky-target')).\n element(by.binding(\"snippetWithSingleURL | linky:'_blank'\")).getText()).\n toBe('http://angularjs.org/');\n expect(element(by.css('#linky-target a')).getAttribute('target')).toEqual('_blank');\n });\n\n it('should optionally add custom attributes', function() {\n expect(element(by.id('linky-custom-attributes')).\n element(by.binding(\"snippetWithSingleURL | linky:'_self':{rel: 'nofollow'}\")).getText()).\n toBe('http://angularjs.org/');\n expect(element(by.css('#linky-custom-attributes a')).getAttribute('rel')).toEqual('nofollow');\n });\n \n \n */\nangular.module('ngSanitize').filter('linky', ['$sanitize', function($sanitize) {\n var LINKY_URL_REGEXP =\n /((s?ftp|https?):\\/\\/|(www\\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\\S*[^\\s.;,(){}<>\"\\u201d\\u2019]/i,\n MAILTO_REGEXP = /^mailto:/i;\n\n var linkyMinErr = angular.$$minErr('linky');\n var isDefined = angular.isDefined;\n var isFunction = angular.isFunction;\n var isObject = angular.isObject;\n var isString = angular.isString;\n\n return function(text, target, attributes) {\n if (text == null || text === '') return text;\n if (!isString(text)) throw linkyMinErr('notstring', 'Expected string but received: {0}', text);\n\n var attributesFn =\n isFunction(attributes) ? attributes :\n isObject(attributes) ? function getAttributesObject() {return attributes;} :\n function getEmptyAttributesObject() {return {};};\n\n var match;\n var raw = text;\n var html = [];\n var url;\n var i;\n while ((match = raw.match(LINKY_URL_REGEXP))) {\n // We can not end in these as they are sometimes found at the end of the sentence\n url = match[0];\n // if we did not match ftp/http/www/mailto then assume mailto\n if (!match[2] && !match[4]) {\n url = (match[3] ? 'http://' : 'mailto:') + url;\n }\n i = match.index;\n addText(raw.substr(0, i));\n addLink(url, match[0].replace(MAILTO_REGEXP, ''));\n raw = raw.substring(i + match[0].length);\n }\n addText(raw);\n return $sanitize(html.join(''));\n\n function addText(text) {\n if (!text) {\n return;\n }\n html.push(sanitizeText(text));\n }\n\n function addLink(url, text) {\n var key, linkAttributes = attributesFn(url);\n html.push('');\n addText(text);\n html.push('');\n }\n };\n}]);\n\n\n})(window, window.angular);\n","require('./angular-sanitize');\nmodule.exports = 'ngSanitize';\n"],"names":["window","angular","bind","extend","forEach","isArray","isDefined","lowercase","noop","nodeContains","htmlParser","htmlSanitizeWriter","$sanitizeMinErr","$$minErr","module","provider","hasBeenInstantiated","svgEnabled","this","$get","$$sanitizeUri","validElements","svgElements","html","buf","uri","isImage","test","join","enableSvg","addValidElements","elements","htmlElements","addElementsTo","voidElements","htmlVoidElements","addValidAttrs","attrs","validAttrs","arrayToMap","$$lowercase","handler","inertBodyElement","getInertBodyElement","mXSSAttempts","innerHTML","node","firstChild","nodeType","start","nodeName","toLowerCase","attrToMap","attributes","chars","textContent","nextNode","end","getNonDescendant","removeChild","uriValidator","ignoreCurrentElement","out","push","tag","blockedElements","value","key","lkey","uriAttrs","encodeEntities","Node","prototype","contains","arg","compareDocumentPosition","SURROGATE_PAIR_REGEXP","NON_ALPHANUMERIC_REGEXP","stringToMap","optionalEndTagBlockElements","optionalEndTagInlineElements","optionalEndTagElements","blockElements","inlineElements","htmlAttrs","svgAttrs","str","lowercaseKeys","split","items","i","obj","length","elementsMap","newElements","document","getInertBodyElement_DOMParser","e","isDOMParserAvailable","implementation","inertDocument","createHTMLDocument","documentElement","getDocumentElement","querySelector","documentMode","stripCustomNsAttrs","body","DOMParser","parseFromString","remove","map","ii","attr","name","replace","charCodeAt","ELEMENT_NODE","l","attrNode","attrName","lastIndexOf","removeAttributeNode","propName","call","outerHTML","outerText","info","angularVersion","filter","$sanitize","LINKY_URL_REGEXP","MAILTO_REGEXP","linkyMinErr","isFunction","isObject","isString","text","target","match","url","attributesFn","raw","index","addText","substr","addLink","substring","linkAttributes","exports"],"sourceRoot":""}