watermanagement-backend-prod/node_modules/xss/lib/default.js

/**
 * default settings
 *
 * @author Zongmin Lei<leizongmin@gmail.com>
 */

var FilterCSS = require("cssfilter").FilterCSS;
var getDefaultCSSWhiteList = require("cssfilter").getDefaultWhiteList;
var _ = require("./util");

function getDefaultWhiteList() {
  return {
    a: ["target", "href", "title"],
    abbr: ["title"],
    address: [],
    area: ["shape", "coords", "href", "alt"],
    article: [],
    aside: [],
    audio: [
      "autoplay",
      "controls",
      "crossorigin",
      "loop",
      "muted",
      "preload",
      "src",
    ],
    b: [],
    bdi: ["dir"],
    bdo: ["dir"],
    big: [],
    blockquote: ["cite"],
    br: [],
    caption: [],
    center: [],
    cite: [],
    code: [],
    col: ["align", "valign", "span", "width"],
    colgroup: ["align", "valign", "span", "width"],
    dd: [],
    del: ["datetime"],
    details: ["open"],
    div: [],
    dl: [],
    dt: [],
    em: [],
    figcaption: [],
    figure: [],
    font: ["color", "size", "face"],
    footer: [],
    h1: [],
    h2: [],
    h3: [],
    h4: [],
    h5: [],
    h6: [],
    header: [],
    hr: [],
    i: [],
    img: ["src", "alt", "title", "width", "height"],
    ins: ["datetime"],
    li: [],
    mark: [],
    nav: [],
    ol: [],
    p: [],
    pre: [],
    s: [],
    section: [],
    small: [],
    span: [],
    sub: [],
    summary: [],
    sup: [],
    strong: [],
    strike: [],
    table: ["width", "border", "align", "valign"],
    tbody: ["align", "valign"],
    td: ["width", "rowspan", "colspan", "align", "valign"],
    tfoot: ["align", "valign"],
    th: ["width", "rowspan", "colspan", "align", "valign"],
    thead: ["align", "valign"],
    tr: ["rowspan", "align", "valign"],
    tt: [],
    u: [],
    ul: [],
    video: [
      "autoplay",
      "controls",
      "crossorigin",
      "loop",
      "muted",
      "playsinline",
      "poster",
      "preload",
      "src",
      "height",
      "width",
    ],
  };
}

var defaultCSSFilter = new FilterCSS();

/**
 * default onTag function
 *
 * @param {String} tag
 * @param {String} html
 * @param {Object} options
 * @return {String}
 */
function onTag(tag, html, options) {
  // do nothing
}

/**
 * default onIgnoreTag function
 *
 * @param {String} tag
 * @param {String} html
 * @param {Object} options
 * @return {String}
 */
function onIgnoreTag(tag, html, options) {
  // do nothing
}

/**
 * default onTagAttr function
 *
 * @param {String} tag
 * @param {String} name
 * @param {String} value
 * @return {String}
 */
function onTagAttr(tag, name, value) {
  // do nothing
}

/**
 * default onIgnoreTagAttr function
 *
 * @param {String} tag
 * @param {String} name
 * @param {String} value
 * @return {String}
 */
function onIgnoreTagAttr(tag, name, value) {
  // do nothing
}

/**
 * default escapeHtml function
 *
 * @param {String} html
 */
function escapeHtml(html) {
  return html.replace(REGEXP_LT, "&lt;").replace(REGEXP_GT, "&gt;");
}

/**
 * default safeAttrValue function
 *
 * @param {String} tag
 * @param {String} name
 * @param {String} value
 * @param {Object} cssFilter
 * @return {String}
 */
function safeAttrValue(tag, name, value, cssFilter) {
  // unescape attribute value firstly
  value = friendlyAttrValue(value);

  if (name === "href" || name === "src") {
    // filter `href` and `src` attribute
    // only allow the value that starts with `http://` | `https://` | `mailto:` | `/` | `#`
    value = _.trim(value);
    if (value === "#") return "#";
    if (
      !(
        value.substr(0, 7) === "http://" ||
        value.substr(0, 8) === "https://" ||
        value.substr(0, 7) === "mailto:" ||
        value.substr(0, 4) === "tel:" ||
        value.substr(0, 11) === "data:image/" ||
        value.substr(0, 6) === "ftp://" ||
        value.substr(0, 2) === "./" ||
        value.substr(0, 3) === "../" ||
        value[0] === "#" ||
        value[0] === "/"
      )
    ) {
      return "";
    }
  } else if (name === "background") {
    // filter `background` attribute (maybe no use)
    // `javascript:`
    REGEXP_DEFAULT_ON_TAG_ATTR_4.lastIndex = 0;
    if (REGEXP_DEFAULT_ON_TAG_ATTR_4.test(value)) {
      return "";
    }
  } else if (name === "style") {
    // `expression()`
    REGEXP_DEFAULT_ON_TAG_ATTR_7.lastIndex = 0;
    if (REGEXP_DEFAULT_ON_TAG_ATTR_7.test(value)) {
      return "";
    }
    // `url()`
    REGEXP_DEFAULT_ON_TAG_ATTR_8.lastIndex = 0;
    if (REGEXP_DEFAULT_ON_TAG_ATTR_8.test(value)) {
      REGEXP_DEFAULT_ON_TAG_ATTR_4.lastIndex = 0;
      if (REGEXP_DEFAULT_ON_TAG_ATTR_4.test(value)) {
        return "";
      }
    }
    if (cssFilter !== false) {
      cssFilter = cssFilter || defaultCSSFilter;
      value = cssFilter.process(value);
    }
  }

  // escape `<>"` before returns
  value = escapeAttrValue(value);
  return value;
}

// RegExp list
var REGEXP_LT = /</g;
var REGEXP_GT = />/g;
var REGEXP_QUOTE = /"/g;
var REGEXP_QUOTE_2 = /&quot;/g;
var REGEXP_ATTR_VALUE_1 = /&#([a-zA-Z0-9]*);?/gim;
var REGEXP_ATTR_VALUE_COLON = /&colon;?/gim;
var REGEXP_ATTR_VALUE_NEWLINE = /&newline;?/gim;
// var REGEXP_DEFAULT_ON_TAG_ATTR_3 = /\/\*|\*\//gm;
var REGEXP_DEFAULT_ON_TAG_ATTR_4 =
  /((j\s*a\s*v\s*a|v\s*b|l\s*i\s*v\s*e)\s*s\s*c\s*r\s*i\s*p\s*t\s*|m\s*o\s*c\s*h\s*a):/gi;
// var REGEXP_DEFAULT_ON_TAG_ATTR_5 = /^[\s"'`]*(d\s*a\s*t\s*a\s*)\:/gi;
// var REGEXP_DEFAULT_ON_TAG_ATTR_6 = /^[\s"'`]*(d\s*a\s*t\s*a\s*)\:\s*image\//gi;
var REGEXP_DEFAULT_ON_TAG_ATTR_7 =
  /e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n\s*\(.*/gi;
var REGEXP_DEFAULT_ON_TAG_ATTR_8 = /u\s*r\s*l\s*\(.*/gi;

/**
 * escape double quote
 *
 * @param {String} str
 * @return {String} str
 */
function escapeQuote(str) {
  return str.replace(REGEXP_QUOTE, "&quot;");
}

/**
 * unescape double quote
 *
 * @param {String} str
 * @return {String} str
 */
function unescapeQuote(str) {
  return str.replace(REGEXP_QUOTE_2, '"');
}

/**
 * escape html entities
 *
 * @param {String} str
 * @return {String}
 */
function escapeHtmlEntities(str) {
  return str.replace(REGEXP_ATTR_VALUE_1, function replaceUnicode(str, code) {
    return code[0] === "x" || code[0] === "X"
      ? String.fromCharCode(parseInt(code.substr(1), 16))
      : String.fromCharCode(parseInt(code, 10));
  });
}

/**
 * escape html5 new danger entities
 *
 * @param {String} str
 * @return {String}
 */
function escapeDangerHtml5Entities(str) {
  return str
    .replace(REGEXP_ATTR_VALUE_COLON, ":")
    .replace(REGEXP_ATTR_VALUE_NEWLINE, " ");
}

/**
 * clear nonprintable characters
 *
 * @param {String} str
 * @return {String}
 */
function clearNonPrintableCharacter(str) {
  var str2 = "";
  for (var i = 0, len = str.length; i < len; i++) {
    str2 += str.charCodeAt(i) < 32 ? " " : str.charAt(i);
  }
  return _.trim(str2);
}

/**
 * get friendly attribute value
 *
 * @param {String} str
 * @return {String}
 */
function friendlyAttrValue(str) {
  str = unescapeQuote(str);
  str = escapeHtmlEntities(str);
  str = escapeDangerHtml5Entities(str);
  str = clearNonPrintableCharacter(str);
  return str;
}

/**
 * unescape attribute value
 *
 * @param {String} str
 * @return {String}
 */
function escapeAttrValue(str) {
  str = escapeQuote(str);
  str = escapeHtml(str);
  return str;
}

/**
 * `onIgnoreTag` function for removing all the tags that are not in whitelist
 */
function onIgnoreTagStripAll() {
  return "";
}

/**
 * remove tag body
 * specify a `tags` list, if the tag is not in the `tags` list then process by the specify function (optional)
 *
 * @param {array} tags
 * @param {function} next
 */
function StripTagBody(tags, next) {
  if (typeof next !== "function") {
    next = function () {};
  }

  var isRemoveAllTag = !Array.isArray(tags);
  function isRemoveTag(tag) {
    if (isRemoveAllTag) return true;
    return _.indexOf(tags, tag) !== -1;
  }

  var removeList = [];
  var posStart = false;

  return {
    onIgnoreTag: function (tag, html, options) {
      if (isRemoveTag(tag)) {
        if (options.isClosing) {
          var ret = "[/removed]";
          var end = options.position + ret.length;
          removeList.push([
            posStart !== false ? posStart : options.position,
            end,
          ]);
          posStart = false;
          return ret;
        } else {
          if (!posStart) {
            posStart = options.position;
          }
          return "[removed]";
        }
      } else {
        return next(tag, html, options);
      }
    },
    remove: function (html) {
      var rethtml = "";
      var lastPos = 0;
      _.forEach(removeList, function (pos) {
        rethtml += html.slice(lastPos, pos[0]);
        lastPos = pos[1];
      });
      rethtml += html.slice(lastPos);
      return rethtml;
    },
  };
}

/**
 * remove html comments
 *
 * @param {String} html
 * @return {String}
 */
function stripCommentTag(html) {
  var retHtml = "";
  var lastPos = 0;
  while (lastPos < html.length) {
    var i = html.indexOf("<!--", lastPos);
    if (i === -1) {
      retHtml += html.slice(lastPos);
      break;
    }
    retHtml += html.slice(lastPos, i);
    var j = html.indexOf("-->", i);
    if (j === -1) {
      break;
    }
    lastPos = j + 3;
  }
  return retHtml;
}

/**
 * remove invisible characters
 *
 * @param {String} html
 * @return {String}
 */
function stripBlankChar(html) {
  var chars = html.split("");
  chars = chars.filter(function (char) {
    var c = char.charCodeAt(0);
    if (c === 127) return false;
    if (c <= 31) {
      if (c === 10 || c === 13) return true;
      return false;
    }
    return true;
  });
  return chars.join("");
}

exports.whiteList = getDefaultWhiteList();
exports.getDefaultWhiteList = getDefaultWhiteList;
exports.onTag = onTag;
exports.onIgnoreTag = onIgnoreTag;
exports.onTagAttr = onTagAttr;
exports.onIgnoreTagAttr = onIgnoreTagAttr;
exports.safeAttrValue = safeAttrValue;
exports.escapeHtml = escapeHtml;
exports.escapeQuote = escapeQuote;
exports.unescapeQuote = unescapeQuote;
exports.escapeHtmlEntities = escapeHtmlEntities;
exports.escapeDangerHtml5Entities = escapeDangerHtml5Entities;
exports.clearNonPrintableCharacter = clearNonPrintableCharacter;
exports.friendlyAttrValue = friendlyAttrValue;
exports.escapeAttrValue = escapeAttrValue;
exports.onIgnoreTagStripAll = onIgnoreTagStripAll;
exports.StripTagBody = StripTagBody;
exports.stripCommentTag = stripCommentTag;
exports.stripBlankChar = stripBlankChar;
exports.cssFilter = defaultCSSFilter;
exports.getDefaultCSSWhiteList = getDefaultCSSWhiteList;
Removed multer 3 years ago			`/**`
			`* default settings`
			`*`
			`* @author Zongmin Lei<leizongmin@gmail.com>`
			`*/`

			`var FilterCSS = require("cssfilter").FilterCSS;`
			`var getDefaultCSSWhiteList = require("cssfilter").getDefaultWhiteList;`
			`var _ = require("./util");`

			`function getDefaultWhiteList() {`
			`return {`
			`a: ["target", "href", "title"],`
			`abbr: ["title"],`
			`address: [],`
			`area: ["shape", "coords", "href", "alt"],`
			`article: [],`
			`aside: [],`
			`audio: [`
			`"autoplay",`
			`"controls",`
			`"crossorigin",`
			`"loop",`
			`"muted",`
			`"preload",`
			`"src",`
			`],`
			`b: [],`
			`bdi: ["dir"],`
			`bdo: ["dir"],`
			`big: [],`
			`blockquote: ["cite"],`
			`br: [],`
			`caption: [],`
			`center: [],`
			`cite: [],`
			`code: [],`
			`col: ["align", "valign", "span", "width"],`
			`colgroup: ["align", "valign", "span", "width"],`
			`dd: [],`
			`del: ["datetime"],`
			`details: ["open"],`
			`div: [],`
			`dl: [],`
			`dt: [],`
			`em: [],`
			`figcaption: [],`
			`figure: [],`
			`font: ["color", "size", "face"],`
			`footer: [],`
			`h1: [],`
			`h2: [],`
			`h3: [],`
			`h4: [],`
			`h5: [],`
			`h6: [],`
			`header: [],`
			`hr: [],`
			`i: [],`
			`img: ["src", "alt", "title", "width", "height"],`
			`ins: ["datetime"],`
			`li: [],`
			`mark: [],`
			`nav: [],`
			`ol: [],`
			`p: [],`
			`pre: [],`
			`s: [],`
			`section: [],`
			`small: [],`
			`span: [],`
			`sub: [],`
			`summary: [],`
			`sup: [],`
			`strong: [],`
			`strike: [],`
			`table: ["width", "border", "align", "valign"],`
			`tbody: ["align", "valign"],`
			`td: ["width", "rowspan", "colspan", "align", "valign"],`
			`tfoot: ["align", "valign"],`
			`th: ["width", "rowspan", "colspan", "align", "valign"],`
			`thead: ["align", "valign"],`
			`tr: ["rowspan", "align", "valign"],`
			`tt: [],`
			`u: [],`
			`ul: [],`
			`video: [`
			`"autoplay",`
			`"controls",`
			`"crossorigin",`
			`"loop",`
			`"muted",`
			`"playsinline",`
			`"poster",`
			`"preload",`
			`"src",`
			`"height",`
			`"width",`
			`],`
			`};`
			`}`

			`var defaultCSSFilter = new FilterCSS();`

			`/**`
			`* default onTag function`
			`*`
			`* @param {String} tag`
			`* @param {String} html`
			`* @param {Object} options`
			`* @return {String}`
			`*/`
			`function onTag(tag, html, options) {`
			`// do nothing`
			`}`

			`/**`
			`* default onIgnoreTag function`
			`*`
			`* @param {String} tag`
			`* @param {String} html`
			`* @param {Object} options`
			`* @return {String}`
			`*/`
			`function onIgnoreTag(tag, html, options) {`
			`// do nothing`
			`}`

			`/**`
			`* default onTagAttr function`
			`*`
			`* @param {String} tag`
			`* @param {String} name`
			`* @param {String} value`
			`* @return {String}`
			`*/`
			`function onTagAttr(tag, name, value) {`
			`// do nothing`
			`}`

			`/**`
			`* default onIgnoreTagAttr function`
			`*`
			`* @param {String} tag`
			`* @param {String} name`
			`* @param {String} value`
			`* @return {String}`
			`*/`
			`function onIgnoreTagAttr(tag, name, value) {`
			`// do nothing`
			`}`

			`/**`
			`* default escapeHtml function`
			`*`
			`* @param {String} html`
			`*/`
			`function escapeHtml(html) {`
			`return html.replace(REGEXP_LT, "<").replace(REGEXP_GT, ">");`
			`}`

			`/**`
			`* default safeAttrValue function`
			`*`
			`* @param {String} tag`
			`* @param {String} name`
			`* @param {String} value`
			`* @param {Object} cssFilter`
			`* @return {String}`
			`*/`
			`function safeAttrValue(tag, name, value, cssFilter) {`
			`// unescape attribute value firstly`
			`value = friendlyAttrValue(value);`

			`if (name === "href" \|\| name === "src") {`
			// filter `href` and `src` attribute
			// only allow the value that starts with `http://` \| `https://` \| `mailto:` \| `/` \| `#`
			`value = _.trim(value);`
			`if (value === "#") return "#";`
			`if (`
			`!(`
			`value.substr(0, 7) === "http://" \|\|`
			`value.substr(0, 8) === "https://" \|\|`
			`value.substr(0, 7) === "mailto:" \|\|`
			`value.substr(0, 4) === "tel:" \|\|`
			`value.substr(0, 11) === "data:image/" \|\|`
			`value.substr(0, 6) === "ftp://" \|\|`
			`value.substr(0, 2) === "./" \|\|`
			`value.substr(0, 3) === "../" \|\|`
			`value[0] === "#" \|\|`
			`value[0] === "/"`
			`)`
			`) {`
			`return "";`
			`}`
			`} else if (name === "background") {`
			// filter `background` attribute (maybe no use)
			// `javascript:`
			`REGEXP_DEFAULT_ON_TAG_ATTR_4.lastIndex = 0;`
			`if (REGEXP_DEFAULT_ON_TAG_ATTR_4.test(value)) {`
			`return "";`
			`}`
			`} else if (name === "style") {`
			// `expression()`
			`REGEXP_DEFAULT_ON_TAG_ATTR_7.lastIndex = 0;`
			`if (REGEXP_DEFAULT_ON_TAG_ATTR_7.test(value)) {`
			`return "";`
			`}`
			// `url()`
			`REGEXP_DEFAULT_ON_TAG_ATTR_8.lastIndex = 0;`
			`if (REGEXP_DEFAULT_ON_TAG_ATTR_8.test(value)) {`
			`REGEXP_DEFAULT_ON_TAG_ATTR_4.lastIndex = 0;`
			`if (REGEXP_DEFAULT_ON_TAG_ATTR_4.test(value)) {`
			`return "";`
			`}`
			`}`
			`if (cssFilter !== false) {`
			`cssFilter = cssFilter \|\| defaultCSSFilter;`
			`value = cssFilter.process(value);`
			`}`
			`}`

			// escape `<>"` before returns
			`value = escapeAttrValue(value);`
			`return value;`
			`}`

			`// RegExp list`
			`var REGEXP_LT = /</g;`
			`var REGEXP_GT = />/g;`
			`var REGEXP_QUOTE = /"/g;`
			`var REGEXP_QUOTE_2 = /"/g;`
			`var REGEXP_ATTR_VALUE_1 = /&#([a-zA-Z0-9]*);?/gim;`
			`var REGEXP_ATTR_VALUE_COLON = /&colon;?/gim;`
			`var REGEXP_ATTR_VALUE_NEWLINE = /&newline;?/gim;`
			`// var REGEXP_DEFAULT_ON_TAG_ATTR_3 = /\/\\|\\//gm;`
			`var REGEXP_DEFAULT_ON_TAG_ATTR_4 =`
			`/((j\sa\sv\sa\|v\sb\|l\si\sv\se)\ss\sc\sr\si\sp\st\s\|m\so\sc\sh\sa):/gi;`
			// var REGEXP_DEFAULT_ON_TAG_ATTR_5 = /^[\s"'`](d\sa\st\sa\s*)\:/gi;
			// var REGEXP_DEFAULT_ON_TAG_ATTR_6 = /^[\s"'`](d\sa\st\sa\s)\:\simage\//gi;
			`var REGEXP_DEFAULT_ON_TAG_ATTR_7 =`
			`/e\sx\sp\sr\se\ss\ss\si\so\sn\s\(.*/gi;`
			`var REGEXP_DEFAULT_ON_TAG_ATTR_8 = /u\sr\sl\s\(./gi;`

			`/**`
			`* escape double quote`
			`*`
			`* @param {String} str`
			`* @return {String} str`
			`*/`
			`function escapeQuote(str) {`
			`return str.replace(REGEXP_QUOTE, """);`
			`}`

			`/**`
			`* unescape double quote`
			`*`
			`* @param {String} str`
			`* @return {String} str`
			`*/`
			`function unescapeQuote(str) {`
			`return str.replace(REGEXP_QUOTE_2, '"');`
			`}`

			`/**`
			`* escape html entities`
			`*`
			`* @param {String} str`
			`* @return {String}`
			`*/`
			`function escapeHtmlEntities(str) {`
			`return str.replace(REGEXP_ATTR_VALUE_1, function replaceUnicode(str, code) {`
			`return code[0] === "x" \|\| code[0] === "X"`
			`? String.fromCharCode(parseInt(code.substr(1), 16))`
			`: String.fromCharCode(parseInt(code, 10));`
			`});`
			`}`

			`/**`
			`* escape html5 new danger entities`
			`*`
			`* @param {String} str`
			`* @return {String}`
			`*/`
			`function escapeDangerHtml5Entities(str) {`
			`return str`
			`.replace(REGEXP_ATTR_VALUE_COLON, ":")`
			`.replace(REGEXP_ATTR_VALUE_NEWLINE, " ");`
			`}`

			`/**`
			`* clear nonprintable characters`
			`*`
			`* @param {String} str`
			`* @return {String}`
			`*/`
			`function clearNonPrintableCharacter(str) {`
			`var str2 = "";`
			`for (var i = 0, len = str.length; i < len; i++) {`
			`str2 += str.charCodeAt(i) < 32 ? " " : str.charAt(i);`
			`}`
			`return _.trim(str2);`
			`}`

			`/**`
			`* get friendly attribute value`
			`*`
			`* @param {String} str`
			`* @return {String}`
			`*/`
			`function friendlyAttrValue(str) {`
			`str = unescapeQuote(str);`
			`str = escapeHtmlEntities(str);`
			`str = escapeDangerHtml5Entities(str);`
			`str = clearNonPrintableCharacter(str);`
			`return str;`
			`}`

			`/**`
			`* unescape attribute value`
			`*`
			`* @param {String} str`
			`* @return {String}`
			`*/`
			`function escapeAttrValue(str) {`
			`str = escapeQuote(str);`
			`str = escapeHtml(str);`
			`return str;`
			`}`

			`/**`
			* `onIgnoreTag` function for removing all the tags that are not in whitelist
			`*/`
			`function onIgnoreTagStripAll() {`
			`return "";`
			`}`

			`/**`
			`* remove tag body`
			* specify a `tags` list, if the tag is not in the `tags` list then process by the specify function (optional)
			`*`
			`* @param {array} tags`
			`* @param {function} next`
			`*/`
			`function StripTagBody(tags, next) {`
			`if (typeof next !== "function") {`
			`next = function () {};`
			`}`

			`var isRemoveAllTag = !Array.isArray(tags);`
			`function isRemoveTag(tag) {`
			`if (isRemoveAllTag) return true;`
			`return _.indexOf(tags, tag) !== -1;`
			`}`

			`var removeList = [];`
			`var posStart = false;`

			`return {`
			`onIgnoreTag: function (tag, html, options) {`
			`if (isRemoveTag(tag)) {`
			`if (options.isClosing) {`
			`var ret = "[/removed]";`
			`var end = options.position + ret.length;`
			`removeList.push([`
			`posStart !== false ? posStart : options.position,`
			`end,`
			`]);`
			`posStart = false;`
			`return ret;`
			`} else {`
			`if (!posStart) {`
			`posStart = options.position;`
			`}`
			`return "[removed]";`
			`}`
			`} else {`
			`return next(tag, html, options);`
			`}`
			`},`
			`remove: function (html) {`
			`var rethtml = "";`
			`var lastPos = 0;`
			`_.forEach(removeList, function (pos) {`
			`rethtml += html.slice(lastPos, pos[0]);`
			`lastPos = pos[1];`
			`});`
			`rethtml += html.slice(lastPos);`
			`return rethtml;`
			`},`
			`};`
			`}`

			`/**`
			`* remove html comments`
			`*`
			`* @param {String} html`
			`* @return {String}`
			`*/`
			`function stripCommentTag(html) {`
			`var retHtml = "";`
			`var lastPos = 0;`
			`while (lastPos < html.length) {`
			`var i = html.indexOf("<!--", lastPos);`
			`if (i === -1) {`
			`retHtml += html.slice(lastPos);`
			`break;`
			`}`
			`retHtml += html.slice(lastPos, i);`
			`var j = html.indexOf("-->", i);`
			`if (j === -1) {`
			`break;`
			`}`
			`lastPos = j + 3;`
			`}`
			`return retHtml;`
			`}`

			`/**`
			`* remove invisible characters`
			`*`
			`* @param {String} html`
			`* @return {String}`
			`*/`
			`function stripBlankChar(html) {`
			`var chars = html.split("");`
			`chars = chars.filter(function (char) {`
			`var c = char.charCodeAt(0);`
			`if (c === 127) return false;`
			`if (c <= 31) {`
			`if (c === 10 \|\| c === 13) return true;`
			`return false;`
			`}`
			`return true;`
			`});`
			`return chars.join("");`
			`}`

			`exports.whiteList = getDefaultWhiteList();`
			`exports.getDefaultWhiteList = getDefaultWhiteList;`
			`exports.onTag = onTag;`
			`exports.onIgnoreTag = onIgnoreTag;`
			`exports.onTagAttr = onTagAttr;`
			`exports.onIgnoreTagAttr = onIgnoreTagAttr;`
			`exports.safeAttrValue = safeAttrValue;`
			`exports.escapeHtml = escapeHtml;`
			`exports.escapeQuote = escapeQuote;`
			`exports.unescapeQuote = unescapeQuote;`
			`exports.escapeHtmlEntities = escapeHtmlEntities;`
			`exports.escapeDangerHtml5Entities = escapeDangerHtml5Entities;`
			`exports.clearNonPrintableCharacter = clearNonPrintableCharacter;`
			`exports.friendlyAttrValue = friendlyAttrValue;`
			`exports.escapeAttrValue = escapeAttrValue;`
			`exports.onIgnoreTagStripAll = onIgnoreTagStripAll;`
			`exports.StripTagBody = StripTagBody;`
			`exports.stripCommentTag = stripCommentTag;`
			`exports.stripBlankChar = stripBlankChar;`
			`exports.cssFilter = defaultCSSFilter;`
			`exports.getDefaultCSSWhiteList = getDefaultCSSWhiteList;`