MCPcopy
hub / github.com/cure53/DOMPurify / _parseConfig

Function _parseConfig

src/purify.ts:631–960  ·  view source on GitHub ↗
(cfg: Config = {})

Source from the content-addressed store, hash-verified

629 */
630 // eslint-disable-next-line complexity
631 const _parseConfig = function (cfg: Config = {}): void {
632 if (CONFIG && CONFIG === cfg) {
633 return;
634 }
635
636 /* Shield configuration object from tampering */
637 if (!cfg || typeof cfg !== 'object') {
638 cfg = {};
639 }
640
641 /* Shield configuration object from prototype pollution */
642 cfg = clone(cfg);
643
644 PARSER_MEDIA_TYPE =
645 // eslint-disable-next-line unicorn/prefer-includes
646 SUPPORTED_PARSER_MEDIA_TYPES.indexOf(cfg.PARSER_MEDIA_TYPE) === -1
647 ? DEFAULT_PARSER_MEDIA_TYPE
648 : cfg.PARSER_MEDIA_TYPE;
649
650 // HTML tags and attributes are not case-sensitive, converting to lowercase. Keeping XHTML as is.
651 transformCaseFunc =
652 PARSER_MEDIA_TYPE === 'application/xhtml+xml'
653 ? stringToString
654 : stringToLowerCase;
655
656 /* Set configuration parameters */
657 ALLOWED_TAGS = _resolveSetOption(
658 cfg,
659 'ALLOWED_TAGS',
660 DEFAULT_ALLOWED_TAGS,
661 { transform: transformCaseFunc }
662 );
663 ALLOWED_ATTR = _resolveSetOption(
664 cfg,
665 'ALLOWED_ATTR',
666 DEFAULT_ALLOWED_ATTR,
667 { transform: transformCaseFunc }
668 );
669 ALLOWED_NAMESPACES = _resolveSetOption(
670 cfg,
671 'ALLOWED_NAMESPACES',
672 DEFAULT_ALLOWED_NAMESPACES,
673 { transform: stringToString }
674 );
675 URI_SAFE_ATTRIBUTES = _resolveSetOption(
676 cfg,
677 'ADD_URI_SAFE_ATTR',
678 DEFAULT_URI_SAFE_ATTRIBUTES,
679 { transform: transformCaseFunc, base: DEFAULT_URI_SAFE_ATTRIBUTES }
680 );
681 DATA_URI_TAGS = _resolveSetOption(
682 cfg,
683 'ADD_DATA_URI_TAGS',
684 DEFAULT_DATA_URI_TAGS,
685 { transform: transformCaseFunc, base: DEFAULT_DATA_URI_TAGS }
686 );
687 FORBID_CONTENTS = _resolveSetOption(
688 cfg,

Callers 1

createDOMPurifyFunction · 0.85

Calls 7

cloneFunction · 0.85
_resolveSetOptionFunction · 0.85
isRegexFunction · 0.85
addToSetFunction · 0.85
isRegexOrFunctionFunction · 0.85
_createTrustedHTMLFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…