]||[],e[s]||[]);for(const e of i)pe(e,n)||t.removeAttribute(e.nodeName)}return i.body.innerHTML}(t,this._config.allowList,this._config.sanitizeFn):t}_resolvePossibleFunction(t){return v(t,[this])}_putElementInTemplate(t,e){if(this._config.html)return e.innerHTML="",void e.append(t);e.textContent=t.textContent}}const Ae=new Set(["sanitize","allowList","sanitizeFn"]),Ee="fade",Ce="show",Te=".modal",ke="hide.bs.modal",Se="hover",Le="focus",Oe={AUTO:"auto",TOP:"top",RIGHT:p()?"left":"right",BOTTOM:"...

regExp.length; i < len; i++) {\n    if (regExp[i].test(attrName)) {\n      return true\n    }\n  }\n\n  return false\n}\n\nexport function sanitizeHtml(unsafeHtml, whiteList, sanitizeFn) {\n  if (unsafeHtml.length === 0) {\n    return unsafeHtml\n  }\n\n  if (sanitizeFn && typeof sanitizeFn === 'function') {\n    return sanitizeFn(unsafeHtml)\n  }\n\n  const domParser = new window.DOMParser()\n  const createdDocument = domParser.parseFromString(unsafeHtml, 'text/html')\n  const whitelistKeys = Object.keys(whiteList)\n...

e.js'\nimport Config from './config.js'\nimport { DefaultAllowlist, sanitizeHtml } from './sanitizer.js'\nimport { execute, getElement, isElement } from './index.js'\n\n/**\n * Constants\n */\n\nconst NAME = 'TemplateFactory'\n\nconst Default = {\n  allowList: DefaultAllowlist,\n  content: {}, // { selector : text ,  selector2 : text2 , }\n  extraClass: '',\n  html: false,\n  sanitize: true,\n  sanitizeFn: null,\n  template: '<div></div>'\n}\n\nconst DefaultType = {\n  allowList: 'object',\n  content:...

        if (logger.isDebugEnabled()) {
            logger.debug("MarkdownRenderer initialized with commonmark and OWASP sanitizer");
        }
    }

    /**
     * Renders markdown text to sanitized HTML.
     *
     * @param markdown the markdown text to render
     * @return sanitized HTML string
     */
    public String render(final String markdown) {
        if (markdown == null || markdown.isEmpty()) {

|(e=a(e));var g=function(){var b=a(this),c=b.val();a.split(b.attr("data-sanitize"),function(a){if(!(a in d))throw new Error('Use of unknown sanitize command "'+a+'"');c=d[a](c,b,f)}),b.val(c).trigger("keyup.validation")};e.each(function(){var b=a(this);f.sanitizeAll&&b.find("input,textarea").not(c).each(function(){var b=a(this),c=b.attr("data-sanitize")||"";b.attr("data-sanitize",f.sanitizeAll+" "+c)}),b.find("[data-sanitize]").unbind("blur.sanitation",g).bind("blur.sanitation",g),a(function(){b...

        return redirect(getClass()); // no-op
    }

    /**
     * Sanitizes a filename by removing path traversal sequences and whitespace.
     *
     * @param filename the filename to sanitize
     * @return the sanitized filename
     */
    public static String sanitizeFilename(final String filename) {

        // Test that custom sessionId is sanitized
        Crawler.Options options = new Crawler.Options();
        options.sessionId = "test-session-123";

        // Simulate what process() does - sanitize sessionId
        if (options.sessionId != null) {
            options.sessionId = options.sessionId.replaceAll("-", "_");
        }

        // Check that sessionId was sanitized (hyphens replaced with underscores)

     */
    function scrollToBottom() {
        elements.chatMessages.scrollTop(elements.chatMessages[0].scrollHeight);
    }

    /**
     * Render Markdown text to sanitized HTML.
     * Policy is aligned with server-side MarkdownRenderer (OWASP sanitizer).
     */
    var markdownDomPurifyInitialized = false;
    var markdownSanitizeConfig = {
        ALLOWED_TAGS: ['h1','h2','h3','h4','h5','h6',

e=e.toString()))throw S("dirty is not a string, aborting")}if(!o.isSupported)return e;if(Fe||Tt(t),o.removed=[],"string"==typeof e&&(qe=!1),qe){if(e.nodeName){const t=ft(e.nodeName);if(!Ne[t]||Oe[t])throw S("root node is forbidden and cannot be sanitized in-place")}}else if(e instanceof D)n=bt("\x3c!----\x3e"),r=n.ownerDocument.importNode(e,!0),r.nodeType===J&&"BODY"===r.nodeName||"HTML"===r.nodeName?n=r:n.appendChild(r);else{if(!Be&&!Ue&&!Pe&&-1===e.indexOf("<"))return le&&We?le.createHTML(e):e...

            return text;
        }
        return text.replaceAll("<[^>]+>", "");
    }

    /**
     * Sanitizes document content by escaping delimiter-like sequences
     * to prevent boundary spoofing in LLM prompts.
     *
     * @param text the text to sanitize
     * @return the sanitized text with delimiter sequences escaped
     */
    protected String sanitizeDocumentContent(final String text) {