tfcconnection/.shadow-cljs/builds/app/dev/goog-js/goog.dom.safe.js

["^ ","~:resource-id",["~:shadow.build.classpath/resource","goog/dom/safe.js"],"~:js","goog.provide(\"goog.dom.safe\");\ngoog.provide(\"goog.dom.safe.InsertAdjacentHtmlPosition\");\ngoog.require(\"goog.asserts\");\ngoog.require(\"goog.asserts.dom\");\ngoog.require(\"goog.dom.asserts\");\ngoog.require(\"goog.functions\");\ngoog.require(\"goog.html.SafeHtml\");\ngoog.require(\"goog.html.SafeScript\");\ngoog.require(\"goog.html.SafeStyle\");\ngoog.require(\"goog.html.SafeUrl\");\ngoog.require(\"goog.html.TrustedResourceUrl\");\ngoog.require(\"goog.html.uncheckedconversions\");\ngoog.require(\"goog.string.Const\");\ngoog.require(\"goog.string.internal\");\ngoog.dom.safe.InsertAdjacentHtmlPosition = {AFTERBEGIN:\"afterbegin\", AFTEREND:\"afterend\", BEFOREBEGIN:\"beforebegin\", BEFOREEND:\"beforeend\"};\ngoog.dom.safe.insertAdjacentHtml = function(node, position, html) {\n  node.insertAdjacentHTML(position, goog.html.SafeHtml.unwrapTrustedHTML(html));\n};\ngoog.dom.safe.SET_INNER_HTML_DISALLOWED_TAGS_ = {\"MATH\":true, \"SCRIPT\":true, \"STYLE\":true, \"SVG\":true, \"TEMPLATE\":true};\ngoog.dom.safe.isInnerHtmlCleanupRecursive_ = goog.functions.cacheReturnValue(function() {\n  if (goog.DEBUG && typeof document === \"undefined\") {\n    return false;\n  }\n  var div = document.createElement(\"div\");\n  var childDiv = document.createElement(\"div\");\n  childDiv.appendChild(document.createElement(\"div\"));\n  div.appendChild(childDiv);\n  if (goog.DEBUG && !div.firstChild) {\n    return false;\n  }\n  var innerChild = div.firstChild.firstChild;\n  div.innerHTML = goog.html.SafeHtml.unwrapTrustedHTML(goog.html.SafeHtml.EMPTY);\n  return !innerChild.parentElement;\n});\ngoog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse = function(elem, html) {\n  if (goog.dom.safe.isInnerHtmlCleanupRecursive_()) {\n    while (elem.lastChild) {\n      elem.removeChild(elem.lastChild);\n    }\n  }\n  elem.innerHTML = goog.html.SafeHtml.unwrapTrustedHTML(html);\n};\ngoog.dom.safe.setInnerHtml = function(elem, html) {\n  if (goog.asserts.ENABLE_ASSERTS && elem.tagName) {\n    var tagName = elem.tagName.toUpperCase();\n    if (goog.dom.safe.SET_INNER_HTML_DISALLOWED_TAGS_[tagName]) {\n      throw new Error(\"goog.dom.safe.setInnerHtml cannot be used to set content of \" + elem.tagName + \".\");\n    }\n  }\n  goog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse(elem, html);\n};\ngoog.dom.safe.setInnerHtmlFromConstant = function(element, constHtml) {\n  goog.dom.safe.setInnerHtml(element, goog.html.uncheckedconversions.safeHtmlFromStringKnownToSatisfyTypeContract(goog.string.Const.from(\"Constant HTML to be immediatelly used.\"), goog.string.Const.unwrap(constHtml)));\n};\ngoog.dom.safe.setOuterHtml = function(elem, html) {\n  elem.outerHTML = goog.html.SafeHtml.unwrapTrustedHTML(html);\n};\ngoog.dom.safe.setFormElementAction = function(form, url) {\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  goog.asserts.dom.assertIsHtmlFormElement(form).action = goog.html.SafeUrl.unwrap(safeUrl);\n};\ngoog.dom.safe.setButtonFormAction = function(button, url) {\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  goog.asserts.dom.assertIsHtmlButtonElement(button).formAction = goog.html.SafeUrl.unwrap(safeUrl);\n};\ngoog.dom.safe.setInputFormAction = function(input, url) {\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  goog.asserts.dom.assertIsHtmlInputElement(input).formAction = goog.html.SafeUrl.unwrap(safeUrl);\n};\ngoog.dom.safe.setStyle = function(elem, style) {\n  elem.style.cssText = goog.html.SafeStyle.unwrap(style);\n};\ngoog.dom.safe.documentWrite = function(doc, html) {\n  doc.write(goog.html.SafeHtml.unwrapTrustedHTML(html));\n};\ngoog.dom.safe.setAnchorHref = function(anchor, url) {\n  goog.asserts.dom.assertIsHtmlAnchorElement(anchor);\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  anchor.href = goog.html.SafeUrl.unwrap(safeUrl);\n};\ngoog.dom.safe.setAudioSrc = function(audioElement, url) {\n  goog.asserts.dom.assertIsHtmlAudioElement(audioElement);\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  audioElement.src = goog.html.SafeUrl.unwrap(safeUrl);\n};\ngoog.dom.safe.setVideoSrc = function(videoElement, url) {\n  goog.asserts.dom.assertIsHtmlVideoElement(videoElement);\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  videoElement.src = goog.html.SafeUrl.unwrap(safeUrl);\n};\ngoog.dom.safe.setEmbedSrc = function(embed, url) {\n  goog.asserts.dom.assertIsHtmlEmbedElement(embed);\n  embed.src = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);\n};\ngoog.dom.safe.setFrameSrc = function(frame, url) {\n  goog.asserts.dom.assertIsHtmlFrameElement(frame);\n  frame.src = goog.html.TrustedResourceUrl.unwrap(url);\n};\ngoog.dom.safe.setIframeSrc = function(iframe, url) {\n  goog.asserts.dom.assertIsHtmlIFrameElement(iframe);\n  iframe.src = goog.html.TrustedResourceUrl.unwrap(url);\n};\ngoog.dom.safe.setIframeSrcdoc = function(iframe, html) {\n  goog.asserts.dom.assertIsHtmlIFrameElement(iframe);\n  iframe.srcdoc = goog.html.SafeHtml.unwrapTrustedHTML(html);\n};\ngoog.dom.safe.setLinkHrefAndRel = function(link, url, rel) {\n  goog.asserts.dom.assertIsHtmlLinkElement(link);\n  link.rel = rel;\n  if (goog.string.internal.caseInsensitiveContains(rel, \"stylesheet\")) {\n    goog.asserts.assert(url instanceof goog.html.TrustedResourceUrl, 'URL must be TrustedResourceUrl because \"rel\" contains \"stylesheet\"');\n    link.href = goog.html.TrustedResourceUrl.unwrap(url);\n    const win = link.ownerDocument && link.ownerDocument.defaultView;\n    const nonce = goog.dom.safe.getStyleNonce(win);\n    if (nonce) {\n      link.setAttribute(\"nonce\", nonce);\n    }\n  } else if (url instanceof goog.html.TrustedResourceUrl) {\n    link.href = goog.html.TrustedResourceUrl.unwrap(url);\n  } else if (url instanceof goog.html.SafeUrl) {\n    link.href = goog.html.SafeUrl.unwrap(url);\n  } else {\n    link.href = goog.html.SafeUrl.unwrap(goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url));\n  }\n};\ngoog.dom.safe.setObjectData = function(object, url) {\n  goog.asserts.dom.assertIsHtmlObjectElement(object);\n  object.data = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);\n};\ngoog.dom.safe.setScriptSrc = function(script, url) {\n  goog.asserts.dom.assertIsHtmlScriptElement(script);\n  goog.dom.safe.setNonceForScriptElement_(script);\n  script.src = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);\n};\ngoog.dom.safe.setScriptContent = function(script, content) {\n  goog.asserts.dom.assertIsHtmlScriptElement(script);\n  goog.dom.safe.setNonceForScriptElement_(script);\n  script.textContent = goog.html.SafeScript.unwrapTrustedScript(content);\n};\ngoog.dom.safe.setNonceForScriptElement_ = function(script) {\n  var win = script.ownerDocument && script.ownerDocument.defaultView;\n  const nonce = goog.dom.safe.getScriptNonce(win);\n  if (nonce) {\n    script.setAttribute(\"nonce\", nonce);\n  }\n};\ngoog.dom.safe.setLocationHref = function(loc, url) {\n  goog.dom.asserts.assertIsLocation(loc);\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  loc.href = goog.html.SafeUrl.unwrap(safeUrl);\n};\ngoog.dom.safe.assignLocation = function(loc, url) {\n  goog.dom.asserts.assertIsLocation(loc);\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  loc.assign(goog.html.SafeUrl.unwrap(safeUrl));\n};\ngoog.dom.safe.replaceLocation = function(loc, url) {\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  loc.replace(goog.html.SafeUrl.unwrap(safeUrl));\n};\ngoog.dom.safe.openInWindow = function(url, opt_openerWin, opt_name, opt_specs) {\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  var win = opt_openerWin || goog.global;\n  var name = opt_name instanceof goog.string.Const ? goog.string.Const.unwrap(opt_name) : opt_name || \"\";\n  if (opt_specs !== undefined) {\n    return win.open(goog.html.SafeUrl.unwrap(safeUrl), name, opt_specs);\n  } else {\n    return win.open(goog.html.SafeUrl.unwrap(safeUrl), name);\n  }\n};\ngoog.dom.safe.parseFromStringHtml = function(parser, html) {\n  return goog.dom.safe.parseFromString(parser, html, \"text/html\");\n};\ngoog.dom.safe.parseFromString = function(parser, content, type) {\n  return parser.parseFromString(goog.html.SafeHtml.unwrapTrustedHTML(content), type);\n};\ngoog.dom.safe.createImageFromBlob = function(blob) {\n  if (!/^image\\/.*/g.test(blob.type)) {\n    throw new Error(\"goog.dom.safe.createImageFromBlob only accepts MIME type image/.*.\");\n  }\n  var objectUrl = goog.global.URL.createObjectURL(blob);\n  var image = new goog.global.Image();\n  image.onload = function() {\n    goog.global.URL.revokeObjectURL(objectUrl);\n  };\n  image.src = objectUrl;\n  return image;\n};\ngoog.dom.safe.createContextualFragment = function(range, html) {\n  return range.createContextualFragment(goog.html.SafeHtml.unwrapTrustedHTML(html));\n};\ngoog.dom.safe.getScriptNonce = function(opt_window) {\n  return goog.dom.safe.getNonce_(\"script[nonce]\", opt_window);\n};\ngoog.dom.safe.getStyleNonce = function(opt_window) {\n  return goog.dom.safe.getNonce_('style[nonce],link[rel\\x3d\"stylesheet\"][nonce]', opt_window);\n};\ngoog.dom.safe.NONCE_PATTERN_ = /^[\\w+/_-]+[=]{0,2}$/;\ngoog.dom.safe.getNonce_ = function(selector, win) {\n  const doc = (win || goog.global).document;\n  if (!doc.querySelector) {\n    return \"\";\n  }\n  let el = doc.querySelector(selector);\n  if (el) {\n    const nonce = el[\"nonce\"] || el.getAttribute(\"nonce\");\n    if (nonce && goog.dom.safe.NONCE_PATTERN_.test(nonce)) {\n      return nonce;\n    }\n  }\n  return \"\";\n};\n","~:source","/**\n * @license\n * Copyright The Closure Library Authors.\n * SPDX-License-Identifier: Apache-2.0\n */\n\n/**\n * @fileoverview Type-safe wrappers for unsafe DOM APIs.\n *\n * This file provides type-safe wrappers for DOM APIs that can result in\n * cross-site scripting (XSS) vulnerabilities, if the API is supplied with\n * untrusted (attacker-controlled) input.  Instead of plain strings, the type\n * safe wrappers consume values of types from the goog.html package whose\n * contract promises that values are safe to use in the corresponding context.\n *\n * Hence, a program that exclusively uses the wrappers in this file (i.e., whose\n * only reference to security-sensitive raw DOM APIs are in this file) is\n * guaranteed to be free of XSS due to incorrect use of such DOM APIs (modulo\n * correctness of code that produces values of the respective goog.html types,\n * and absent code that violates type safety).\n *\n * For example, assigning to an element's .innerHTML property a string that is\n * derived (even partially) from untrusted input typically results in an XSS\n * vulnerability. The type-safe wrapper goog.dom.safe.setInnerHtml consumes a\n * value of type goog.html.SafeHtml, whose contract states that using its values\n * in a HTML context will not result in XSS. Hence a program that is free of\n * direct assignments to any element's innerHTML property (with the exception of\n * the assignment to .innerHTML in this file) is guaranteed to be free of XSS\n * due to assignment of untrusted strings to the innerHTML property.\n */\n\ngoog.provide('goog.dom.safe');\ngoog.provide('goog.dom.safe.InsertAdjacentHtmlPosition');\n\ngoog.require('goog.asserts');\ngoog.require('goog.asserts.dom');\ngoog.require('goog.dom.asserts');\ngoog.require('goog.functions');\ngoog.require('goog.html.SafeHtml');\ngoog.require('goog.html.SafeScript');\ngoog.require('goog.html.SafeStyle');\ngoog.require('goog.html.SafeUrl');\ngoog.require('goog.html.TrustedResourceUrl');\ngoog.require('goog.html.uncheckedconversions');\ngoog.require('goog.string.Const');\ngoog.require('goog.string.internal');\n\n\n/** @enum {string} */\ngoog.dom.safe.InsertAdjacentHtmlPosition = {\n  AFTERBEGIN: 'afterbegin',\n  AFTEREND: 'afterend',\n  BEFOREBEGIN: 'beforebegin',\n  BEFOREEND: 'beforeend'\n};\n\n\n/**\n * Inserts known-safe HTML into a Node, at the specified position.\n * @param {!Node} node The node on which to call insertAdjacentHTML.\n * @param {!goog.dom.safe.InsertAdjacentHtmlPosition} position Position where\n *     to insert the HTML.\n * @param {!goog.html.SafeHtml} html The known-safe HTML to insert.\n */\ngoog.dom.safe.insertAdjacentHtml = function(node, position, html) {\n  'use strict';\n  node.insertAdjacentHTML(position, goog.html.SafeHtml.unwrapTrustedHTML(html));\n};\n\n\n/**\n * Tags not allowed in goog.dom.safe.setInnerHtml.\n * @private @const {!Object<string, boolean>}\n */\ngoog.dom.safe.SET_INNER_HTML_DISALLOWED_TAGS_ = {\n  'MATH': true,\n  'SCRIPT': true,\n  'STYLE': true,\n  'SVG': true,\n  'TEMPLATE': true\n};\n\n\n/**\n * Whether assigning to innerHTML results in a non-spec-compliant clean-up. Used\n * to define goog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse.\n *\n * <p>As mentioned in https://stackoverflow.com/questions/28741528, re-rendering\n * an element in IE by setting innerHTML causes IE to recursively disconnect all\n * parent/children connections that were in the previous contents of the\n * element. Unfortunately, this can unexpectedly result in confusing cases where\n * a function is run (typically asynchronously) on element that has since\n * disconnected from the DOM but assumes the presence of its children. A simple\n * workaround is to remove all children first. Testing on IE11 via\n * https://jsperf.com/innerhtml-vs-removechild/239, removeChild seems to be\n * ~10x faster than innerHTML='' for a large number of children (perhaps due\n * to the latter's recursive behavior), implying that this workaround would\n * not hurt performance and might actually improve it.\n * @return {boolean}\n * @private\n */\ngoog.dom.safe.isInnerHtmlCleanupRecursive_ =\n    goog.functions.cacheReturnValue(function() {\n      'use strict';\n      // `document` missing in some test frameworks.\n      if (goog.DEBUG && typeof document === 'undefined') {\n        return false;\n      }\n      // Create 3 nested <div>s without using innerHTML.\n      // We're not chaining the appendChilds in one call,  as this breaks\n      // in a DocumentFragment.\n      var div = document.createElement('div');\n      var childDiv = document.createElement('div');\n      childDiv.appendChild(document.createElement('div'));\n      div.appendChild(childDiv);\n      // `firstChild` is null in Google Js Test.\n      if (goog.DEBUG && !div.firstChild) {\n        return false;\n      }\n      var innerChild = div.firstChild.firstChild;\n      div.innerHTML =\n          goog.html.SafeHtml.unwrapTrustedHTML(goog.html.SafeHtml.EMPTY);\n      return !innerChild.parentElement;\n    });\n\n\n/**\n * Assigns HTML to an element's innerHTML property. Helper to use only here and\n * in soy.js.\n * @param {?Element|?ShadowRoot} elem The element whose innerHTML is to be\n *     assigned to.\n * @param {!goog.html.SafeHtml} html\n */\ngoog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse = function(elem, html) {\n  'use strict';\n  // See comment above goog.dom.safe.isInnerHtmlCleanupRecursive_.\n  if (goog.dom.safe.isInnerHtmlCleanupRecursive_()) {\n    while (elem.lastChild) {\n      elem.removeChild(elem.lastChild);\n    }\n  }\n  elem.innerHTML = goog.html.SafeHtml.unwrapTrustedHTML(html);\n};\n\n\n/**\n * Assigns known-safe HTML to an element's innerHTML property.\n * @param {!Element|!ShadowRoot} elem The element whose innerHTML is to be\n *     assigned to.\n * @param {!goog.html.SafeHtml} html The known-safe HTML to assign.\n * @throws {Error} If called with one of these tags: math, script, style, svg,\n *     template.\n */\ngoog.dom.safe.setInnerHtml = function(elem, html) {\n  'use strict';\n  if (goog.asserts.ENABLE_ASSERTS && /** @type {?} */ (elem).tagName) {\n    var tagName = /** @type {!Element} */ (elem).tagName.toUpperCase();\n    if (goog.dom.safe.SET_INNER_HTML_DISALLOWED_TAGS_[tagName]) {\n      throw new Error(\n          'goog.dom.safe.setInnerHtml cannot be used to set content of ' +\n          /** @type {!Element} */ (elem).tagName + '.');\n    }\n  }\n\n  goog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse(elem, html);\n};\n\n\n/**\n * Assigns constant HTML to an element's innerHTML property.\n * @param {!Element} element The element whose innerHTML is to be assigned to.\n * @param {!goog.string.Const} constHtml The known-safe HTML to assign.\n * @throws {!Error} If called with one of these tags: math, script, style, svg,\n *     template.\n */\ngoog.dom.safe.setInnerHtmlFromConstant = function(element, constHtml) {\n  'use strict';\n  goog.dom.safe.setInnerHtml(\n      element,\n      goog.html.uncheckedconversions\n          .safeHtmlFromStringKnownToSatisfyTypeContract(\n              goog.string.Const.from('Constant HTML to be immediatelly used.'),\n              goog.string.Const.unwrap(constHtml)));\n};\n\n\n/**\n * Assigns known-safe HTML to an element's outerHTML property.\n * @param {!Element} elem The element whose outerHTML is to be assigned to.\n * @param {!goog.html.SafeHtml} html The known-safe HTML to assign.\n */\ngoog.dom.safe.setOuterHtml = function(elem, html) {\n  'use strict';\n  elem.outerHTML = goog.html.SafeHtml.unwrapTrustedHTML(html);\n};\n\n\n/**\n * Safely assigns a URL a form element's action property.\n *\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\n * form's action property.  If url is of type string however, it is first\n * sanitized using goog.html.SafeUrl.sanitize.\n *\n * Example usage:\n *   goog.dom.safe.setFormElementAction(formEl, url);\n * which is a safe alternative to\n *   formEl.action = url;\n * The latter can result in XSS vulnerabilities if url is a\n * user-/attacker-controlled value.\n *\n * @param {!Element} form The form element whose action property\n *     is to be assigned to.\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\n * @return {void}\n * @see goog.html.SafeUrl#sanitize\n */\ngoog.dom.safe.setFormElementAction = function(form, url) {\n  'use strict';\n  /** @type {!goog.html.SafeUrl} */\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  goog.asserts.dom.assertIsHtmlFormElement(form).action =\n      goog.html.SafeUrl.unwrap(safeUrl);\n};\n\n/**\n * Safely assigns a URL to a button element's formaction property.\n *\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\n * button's formaction property.  If url is of type string however, it is first\n * sanitized using goog.html.SafeUrl.sanitize.\n *\n * Example usage:\n *   goog.dom.safe.setButtonFormAction(buttonEl, url);\n * which is a safe alternative to\n *   buttonEl.action = url;\n * The latter can result in XSS vulnerabilities if url is a\n * user-/attacker-controlled value.\n *\n * @param {!Element} button The button element whose action property\n *     is to be assigned to.\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\n * @return {void}\n * @see goog.html.SafeUrl#sanitize\n */\ngoog.dom.safe.setButtonFormAction = function(button, url) {\n  'use strict';\n  /** @type {!goog.html.SafeUrl} */\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  goog.asserts.dom.assertIsHtmlButtonElement(button).formAction =\n      goog.html.SafeUrl.unwrap(safeUrl);\n};\n/**\n * Safely assigns a URL to an input element's formaction property.\n *\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\n * input's formaction property.  If url is of type string however, it is first\n * sanitized using goog.html.SafeUrl.sanitize.\n *\n * Example usage:\n *   goog.dom.safe.setInputFormAction(inputEl, url);\n * which is a safe alternative to\n *   inputEl.action = url;\n * The latter can result in XSS vulnerabilities if url is a\n * user-/attacker-controlled value.\n *\n * @param {!Element} input The input element whose action property\n *     is to be assigned to.\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\n * @return {void}\n * @see goog.html.SafeUrl#sanitize\n */\ngoog.dom.safe.setInputFormAction = function(input, url) {\n  'use strict';\n  /** @type {!goog.html.SafeUrl} */\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  goog.asserts.dom.assertIsHtmlInputElement(input).formAction =\n      goog.html.SafeUrl.unwrap(safeUrl);\n};\n\n/**\n * Sets the given element's style property to the contents of the provided\n * SafeStyle object.\n * @param {!Element} elem\n * @param {!goog.html.SafeStyle} style\n * @return {void}\n */\ngoog.dom.safe.setStyle = function(elem, style) {\n  'use strict';\n  elem.style.cssText = goog.html.SafeStyle.unwrap(style);\n};\n\n\n/**\n * Writes known-safe HTML to a document.\n * @param {!Document} doc The document to be written to.\n * @param {!goog.html.SafeHtml} html The known-safe HTML to assign.\n * @return {void}\n */\ngoog.dom.safe.documentWrite = function(doc, html) {\n  'use strict';\n  doc.write(goog.html.SafeHtml.unwrapTrustedHTML(html));\n};\n\n\n/**\n * Safely assigns a URL to an anchor element's href property.\n *\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\n * anchor's href property.  If url is of type string however, it is first\n * sanitized using goog.html.SafeUrl.sanitize.\n *\n * Example usage:\n *   goog.dom.safe.setAnchorHref(anchorEl, url);\n * which is a safe alternative to\n *   anchorEl.href = url;\n * The latter can result in XSS vulnerabilities if url is a\n * user-/attacker-controlled value.\n *\n * @param {!HTMLAnchorElement} anchor The anchor element whose href property\n *     is to be assigned to.\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\n * @return {void}\n * @see goog.html.SafeUrl#sanitize\n */\ngoog.dom.safe.setAnchorHref = function(anchor, url) {\n  'use strict';\n  goog.asserts.dom.assertIsHtmlAnchorElement(anchor);\n  /** @type {!goog.html.SafeUrl} */\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  anchor.href = goog.html.SafeUrl.unwrap(safeUrl);\n};\n\n\n/**\n * Safely assigns a URL to a audio element's src property.\n *\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\n * audio's src property.  If url is of type string however, it is first\n * sanitized using goog.html.SafeUrl.sanitize.\n *\n * @param {!HTMLAudioElement} audioElement The audio element whose src property\n *     is to be assigned to.\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\n * @return {void}\n * @see goog.html.SafeUrl#sanitize\n */\ngoog.dom.safe.setAudioSrc = function(audioElement, url) {\n  'use strict';\n  goog.asserts.dom.assertIsHtmlAudioElement(audioElement);\n  /** @type {!goog.html.SafeUrl} */\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  audioElement.src = goog.html.SafeUrl.unwrap(safeUrl);\n};\n\n/**\n * Safely assigns a URL to a video element's src property.\n *\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\n * video's src property.  If url is of type string however, it is first\n * sanitized using goog.html.SafeUrl.sanitize.\n *\n * @param {!HTMLVideoElement} videoElement The video element whose src property\n *     is to be assigned to.\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\n * @return {void}\n * @see goog.html.SafeUrl#sanitize\n */\ngoog.dom.safe.setVideoSrc = function(videoElement, url) {\n  'use strict';\n  goog.asserts.dom.assertIsHtmlVideoElement(videoElement);\n  /** @type {!goog.html.SafeUrl} */\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  videoElement.src = goog.html.SafeUrl.unwrap(safeUrl);\n};\n\n/**\n * Safely assigns a URL to an embed element's src property.\n *\n * Example usage:\n *   goog.dom.safe.setEmbedSrc(embedEl, url);\n * which is a safe alternative to\n *   embedEl.src = url;\n * The latter can result in loading untrusted code unless it is ensured that\n * the URL refers to a trustworthy resource.\n *\n * @param {!HTMLEmbedElement} embed The embed element whose src property\n *     is to be assigned to.\n * @param {!goog.html.TrustedResourceUrl} url The URL to assign.\n */\ngoog.dom.safe.setEmbedSrc = function(embed, url) {\n  'use strict';\n  goog.asserts.dom.assertIsHtmlEmbedElement(embed);\n  embed.src = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);\n};\n\n\n/**\n * Safely assigns a URL to a frame element's src property.\n *\n * Example usage:\n *   goog.dom.safe.setFrameSrc(frameEl, url);\n * which is a safe alternative to\n *   frameEl.src = url;\n * The latter can result in loading untrusted code unless it is ensured that\n * the URL refers to a trustworthy resource.\n *\n * @param {!HTMLFrameElement} frame The frame element whose src property\n *     is to be assigned to.\n * @param {!goog.html.TrustedResourceUrl} url The URL to assign.\n * @return {void}\n */\ngoog.dom.safe.setFrameSrc = function(frame, url) {\n  'use strict';\n  goog.asserts.dom.assertIsHtmlFrameElement(frame);\n  frame.src = goog.html.TrustedResourceUrl.unwrap(url);\n};\n\n\n/**\n * Safely assigns a URL to an iframe element's src property.\n *\n * Example usage:\n *   goog.dom.safe.setIframeSrc(iframeEl, url);\n * which is a safe alternative to\n *   iframeEl.src = url;\n * The latter can result in loading untrusted code unless it is ensured that\n * the URL refers to a trustworthy resource.\n *\n * @param {!HTMLIFrameElement} iframe The iframe element whose src property\n *     is to be assigned to.\n * @param {!goog.html.TrustedResourceUrl} url The URL to assign.\n * @return {void}\n */\ngoog.dom.safe.setIframeSrc = function(iframe, url) {\n  'use strict';\n  goog.asserts.dom.assertIsHtmlIFrameElement(iframe);\n  iframe.src = goog.html.TrustedResourceUrl.unwrap(url);\n};\n\n\n/**\n * Safely assigns HTML to an iframe element's srcdoc property.\n *\n * Example usage:\n *   goog.dom.safe.setIframeSrcdoc(iframeEl, safeHtml);\n * which is a safe alternative to\n *   iframeEl.srcdoc = html;\n * The latter can result in loading untrusted code.\n *\n * @param {!HTMLIFrameElement} iframe The iframe element whose srcdoc property\n *     is to be assigned to.\n * @param {!goog.html.SafeHtml} html The HTML to assign.\n * @return {void}\n */\ngoog.dom.safe.setIframeSrcdoc = function(iframe, html) {\n  'use strict';\n  goog.asserts.dom.assertIsHtmlIFrameElement(iframe);\n  iframe.srcdoc = goog.html.SafeHtml.unwrapTrustedHTML(html);\n};\n\n\n/**\n * Safely sets a link element's href and rel properties. Whether or not\n * the URL assigned to href has to be a goog.html.TrustedResourceUrl\n * depends on the value of the rel property. If rel contains \"stylesheet\"\n * then a TrustedResourceUrl is required.\n *\n * Example usage:\n *   goog.dom.safe.setLinkHrefAndRel(linkEl, url, 'stylesheet');\n * which is a safe alternative to\n *   linkEl.rel = 'stylesheet';\n *   linkEl.href = url;\n * The latter can result in loading untrusted code unless it is ensured that\n * the URL refers to a trustworthy resource.\n *\n * @param {!HTMLLinkElement} link The link element whose href property\n *     is to be assigned to.\n * @param {string|!goog.html.SafeUrl|!goog.html.TrustedResourceUrl} url The URL\n *     to assign to the href property. Must be a TrustedResourceUrl if the\n *     value assigned to rel contains \"stylesheet\". A string value is\n *     sanitized with goog.html.SafeUrl.sanitize.\n * @param {string} rel The value to assign to the rel property.\n * @return {void}\n * @throws {Error} if rel contains \"stylesheet\" and url is not a\n *     TrustedResourceUrl\n * @see goog.html.SafeUrl#sanitize\n */\ngoog.dom.safe.setLinkHrefAndRel = function(link, url, rel) {\n  'use strict';\n  goog.asserts.dom.assertIsHtmlLinkElement(link);\n  link.rel = rel;\n  if (goog.string.internal.caseInsensitiveContains(rel, 'stylesheet')) {\n    goog.asserts.assert(\n        url instanceof goog.html.TrustedResourceUrl,\n        'URL must be TrustedResourceUrl because \"rel\" contains \"stylesheet\"');\n    link.href = goog.html.TrustedResourceUrl.unwrap(url);\n    const win = link.ownerDocument && link.ownerDocument.defaultView;\n    const nonce = goog.dom.safe.getStyleNonce(win);\n    if (nonce) {\n      link.setAttribute('nonce', nonce);\n    }\n  } else if (url instanceof goog.html.TrustedResourceUrl) {\n    link.href = goog.html.TrustedResourceUrl.unwrap(url);\n  } else if (url instanceof goog.html.SafeUrl) {\n    link.href = goog.html.SafeUrl.unwrap(url);\n  } else {  // string\n    // SafeUrl.sanitize must return legitimate SafeUrl when passed a string.\n    link.href = goog.html.SafeUrl.unwrap(\n        goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url));\n  }\n};\n\n\n/**\n * Safely assigns a URL to an object element's data property.\n *\n * Example usage:\n *   goog.dom.safe.setObjectData(objectEl, url);\n * which is a safe alternative to\n *   objectEl.data = url;\n * The latter can result in loading untrusted code unless setit is ensured that\n * the URL refers to a trustworthy resource.\n *\n * @param {!HTMLObjectElement} object The object element whose data property\n *     is to be assigned to.\n * @param {!goog.html.TrustedResourceUrl} url The URL to assign.\n * @return {void}\n */\ngoog.dom.safe.setObjectData = function(object, url) {\n  'use strict';\n  goog.asserts.dom.assertIsHtmlObjectElement(object);\n  object.data = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);\n};\n\n\n/**\n * Safely assigns a URL to a script element's src property.\n *\n * Example usage:\n *   goog.dom.safe.setScriptSrc(scriptEl, url);\n * which is a safe alternative to\n *   scriptEl.src = url;\n * The latter can result in loading untrusted code unless it is ensured that\n * the URL refers to a trustworthy resource.\n *\n * @param {!HTMLScriptElement} script The script element whose src property\n *     is to be assigned to.\n * @param {!goog.html.TrustedResourceUrl} url The URL to assign.\n * @return {void}\n */\ngoog.dom.safe.setScriptSrc = function(script, url) {\n  'use strict';\n  goog.asserts.dom.assertIsHtmlScriptElement(script);\n  goog.dom.safe.setNonceForScriptElement_(script);\n  script.src = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);\n};\n\n\n/**\n * Safely assigns a value to a script element's content.\n *\n * Example usage:\n *   goog.dom.safe.setScriptContent(scriptEl, content);\n * which is a safe alternative to\n *   scriptEl.text = content;\n * The latter can result in executing untrusted code unless it is ensured that\n * the code is loaded from a trustworthy resource.\n *\n * @param {!HTMLScriptElement} script The script element whose content is being\n *     set.\n * @param {!goog.html.SafeScript} content The content to assign.\n * @return {void}\n */\ngoog.dom.safe.setScriptContent = function(script, content) {\n  'use strict';\n  goog.asserts.dom.assertIsHtmlScriptElement(script);\n  goog.dom.safe.setNonceForScriptElement_(script);\n  script.textContent = goog.html.SafeScript.unwrapTrustedScript(content);\n};\n\n\n/**\n * Set nonce-based CSPs to dynamically created scripts.\n * @param {!HTMLScriptElement} script The script element whose nonce value\n *     is to be calculated\n * @private\n */\ngoog.dom.safe.setNonceForScriptElement_ = function(script) {\n  'use strict';\n  var win = script.ownerDocument && script.ownerDocument.defaultView;\n  const nonce = goog.dom.safe.getScriptNonce(win);\n  if (nonce) {\n    script.setAttribute('nonce', nonce);\n  }\n};\n\n\n/**\n * Safely assigns a URL to a Location object's href property.\n *\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\n * loc's href property.  If url is of type string however, it is first sanitized\n * using goog.html.SafeUrl.sanitize.\n *\n * Example usage:\n *   goog.dom.safe.setLocationHref(document.location, redirectUrl);\n * which is a safe alternative to\n *   document.location.href = redirectUrl;\n * The latter can result in XSS vulnerabilities if redirectUrl is a\n * user-/attacker-controlled value.\n *\n * @param {!Location} loc The Location object whose href property is to be\n *     assigned to.\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\n * @return {void}\n * @see goog.html.SafeUrl#sanitize\n\n */\ngoog.dom.safe.setLocationHref = function(loc, url) {\n  'use strict';\n  goog.dom.asserts.assertIsLocation(loc);\n  /** @type {!goog.html.SafeUrl} */\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  loc.href = goog.html.SafeUrl.unwrap(safeUrl);\n};\n\n/**\n * Safely assigns the URL of a Location object.\n *\n * If url is of type goog.html.SafeUrl, its value is unwrapped and\n * passed to Location#assign. If url is of type string however, it is\n * first sanitized using goog.html.SafeUrl.sanitize.\n *\n * Example usage:\n *   goog.dom.safe.assignLocation(document.location, newUrl);\n * which is a safe alternative to\n *   document.location.assign(newUrl);\n * The latter can result in XSS vulnerabilities if newUrl is a\n * user-/attacker-controlled value.\n *\n * This has the same behaviour as setLocationHref, however some test\n * mock Location.assign instead of a property assignment.\n *\n * @param {!Location} loc The Location object which is to be assigned.\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\n * @return {void}\n * @see goog.html.SafeUrl#sanitize\n */\ngoog.dom.safe.assignLocation = function(loc, url) {\n  'use strict';\n  goog.dom.asserts.assertIsLocation(loc);\n  /** @type {!goog.html.SafeUrl} */\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  loc.assign(goog.html.SafeUrl.unwrap(safeUrl));\n};\n\n\n/**\n * Safely replaces the URL of a Location object.\n *\n * If url is of type goog.html.SafeUrl, its value is unwrapped and\n * passed to Location#replace. If url is of type string however, it is\n * first sanitized using goog.html.SafeUrl.sanitize.\n *\n * Example usage:\n *   goog.dom.safe.replaceLocation(document.location, newUrl);\n * which is a safe alternative to\n *   document.location.replace(newUrl);\n * The latter can result in XSS vulnerabilities if newUrl is a\n * user-/attacker-controlled value.\n *\n * @param {!Location} loc The Location object which is to be replaced.\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\n * @return {void}\n * @see goog.html.SafeUrl#sanitize\n */\ngoog.dom.safe.replaceLocation = function(loc, url) {\n  'use strict';\n  /** @type {!goog.html.SafeUrl} */\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  loc.replace(goog.html.SafeUrl.unwrap(safeUrl));\n};\n\n\n/**\n * Safely opens a URL in a new window (via window.open).\n *\n * If url is of type goog.html.SafeUrl, its value is unwrapped and passed in to\n * window.open.  If url is of type string however, it is first sanitized\n * using goog.html.SafeUrl.sanitize.\n *\n * Note that this function does not prevent leakages via the referer that is\n * sent by window.open. It is advised to only use this to open 1st party URLs.\n *\n * Example usage:\n *   goog.dom.safe.openInWindow(url);\n * which is a safe alternative to\n *   window.open(url);\n * The latter can result in XSS vulnerabilities if url is a\n * user-/attacker-controlled value.\n *\n * @param {string|!goog.html.SafeUrl} url The URL to open.\n * @param {Window=} opt_openerWin Window of which to call the .open() method.\n *     Defaults to the global window.\n * @param {!goog.string.Const|string=} opt_name Name of the window to open in.\n *     Can be _top, etc as allowed by window.open(). This accepts string for\n *     legacy reasons. Pass goog.string.Const if possible.\n * @param {string=} opt_specs Comma-separated list of specifications, same as\n *     in window.open().\n * @return {Window} Window the url was opened in.\n */\ngoog.dom.safe.openInWindow = function(url, opt_openerWin, opt_name, opt_specs) {\n  'use strict';\n  /** @type {!goog.html.SafeUrl} */\n  var safeUrl;\n  if (url instanceof goog.html.SafeUrl) {\n    safeUrl = url;\n  } else {\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\n  }\n  var win = opt_openerWin || goog.global;\n  // If opt_name is undefined, simply passing that in to open() causes IE to\n  // reuse the current window instead of opening a new one. Thus we pass '' in\n  // instead, which according to spec opens a new window. See\n  // https://html.spec.whatwg.org/multipage/browsers.html#dom-open .\n  var name = opt_name instanceof goog.string.Const ?\n      goog.string.Const.unwrap(opt_name) :\n      opt_name || '';\n  // Do not pass opt_specs to window.open unless it was provided by the caller.\n  // IE11 will use it as a signal to open a new window rather than a new tab\n  // (even if it is undefined).\n  if (opt_specs !== undefined) {\n    return win.open(goog.html.SafeUrl.unwrap(safeUrl), name, opt_specs);\n  } else {\n    return win.open(goog.html.SafeUrl.unwrap(safeUrl), name);\n  }\n};\n\n\n/**\n * Parses the HTML as 'text/html'.\n * @param {!DOMParser} parser\n * @param {!goog.html.SafeHtml} html The HTML to be parsed.\n * @return {!Document}\n */\ngoog.dom.safe.parseFromStringHtml = function(parser, html) {\n  'use strict';\n  return goog.dom.safe.parseFromString(parser, html, 'text/html');\n};\n\n\n/**\n * Parses the string.\n * @param {!DOMParser} parser\n * @param {!goog.html.SafeHtml} content Note: We don't have a special type for\n *     XML or SVG supported by this function so we use SafeHtml.\n * @param {string} type\n * @return {!Document}\n */\ngoog.dom.safe.parseFromString = function(parser, content, type) {\n  'use strict';\n  return parser.parseFromString(\n      goog.html.SafeHtml.unwrapTrustedHTML(content), type);\n};\n\n\n/**\n * Safely creates an HTMLImageElement from a Blob.\n *\n * Example usage:\n *     goog.dom.safe.createImageFromBlob(blob);\n * which is a safe alternative to\n *     image.src = createObjectUrl(blob)\n * The latter can result in executing malicious same-origin scripts from a bad\n * Blob.\n * @param {!Blob} blob The blob to create the image from.\n * @return {!HTMLImageElement} The image element created from the blob.\n * @throws {!Error} If called with a Blob with a MIME type other than image/.*.\n */\ngoog.dom.safe.createImageFromBlob = function(blob) {\n  'use strict';\n  // Any image/* MIME type is accepted as safe.\n  if (!/^image\\/.*/g.test(blob.type)) {\n    throw new Error(\n        'goog.dom.safe.createImageFromBlob only accepts MIME type image/.*.');\n  }\n  var objectUrl = goog.global.URL.createObjectURL(blob);\n  var image = new goog.global.Image();\n  image.onload = function() {\n    'use strict';\n    goog.global.URL.revokeObjectURL(objectUrl);\n  };\n  image.src = objectUrl;\n  return image;\n};\n\n/**\n * Creates a DocumentFragment by parsing html in the context of a Range.\n * @param {!Range} range The Range object starting from the context node to\n * create a fragment in.\n * @param {!goog.html.SafeHtml} html HTML to create a fragment from.\n * @return {?DocumentFragment}\n */\ngoog.dom.safe.createContextualFragment = function(range, html) {\n  'use strict';\n  return range.createContextualFragment(\n      goog.html.SafeHtml.unwrapTrustedHTML(html));\n};\n\n/**\n * Returns CSP script nonce, if set for any <script> tag.\n * @param {?Window=} opt_window The window context used to retrieve the nonce.\n *     Defaults to global context.\n * @return {string} CSP nonce or empty string if no nonce is present.\n */\ngoog.dom.safe.getScriptNonce = function(opt_window) {\n  return goog.dom.safe.getNonce_('script[nonce]', opt_window);\n};\n\n/**\n * Returns CSP style nonce, if set for any <style> or <link rel=\"stylesheet\">\n * tag.\n * @param {?Window=} opt_window The window context used to retrieve the nonce.\n *     Defaults to global context.\n * @return {string} CSP nonce or empty string if no nonce is present.\n */\ngoog.dom.safe.getStyleNonce = function(opt_window) {\n  return goog.dom.safe.getNonce_(\n      'style[nonce],link[rel=\"stylesheet\"][nonce]', opt_window);\n};\n\n/**\n * According to the CSP3 spec a nonce must be a valid base64 string.\n * @see https://www.w3.org/TR/CSP3/#grammardef-base64-value\n * @private @const\n */\ngoog.dom.safe.NONCE_PATTERN_ = /^[\\w+/_-]+[=]{0,2}$/;\n\n/**\n * Returns CSP nonce, if set for any tag of given type.\n * @param {string} selector Selector for locating the element with nonce.\n * @param {?Window=} win The window context used to retrieve the nonce.\n * @return {string} CSP nonce or empty string if no nonce is present.\n * @private\n */\ngoog.dom.safe.getNonce_ = function(selector, win) {\n  const doc = (win || goog.global).document;\n  if (!doc.querySelector) {\n    return '';\n  }\n  let el = doc.querySelector(selector);\n  if (el) {\n    // Try to get the nonce from the IDL property first, because browsers that\n    // implement additional nonce protection features (currently only Chrome) to\n    // prevent nonce stealing via CSS do not expose the nonce via attributes.\n    // See https://github.com/whatwg/html/issues/2369\n    const nonce = el['nonce'] || el.getAttribute('nonce');\n    if (nonce && goog.dom.safe.NONCE_PATTERN_.test(nonce)) {\n      return nonce;\n    }\n  }\n  return '';\n};\n","~:compiled-at",1684858197918,"~:source-map-json","{\n\"version\":3,\n\"file\":\"goog.dom.safe.js\",\n\"lineCount\":263,\n\"mappings\":\"AA+BAA,IAAKC,CAAAA,OAAL,CAAa,eAAb,CAAA;AACAD,IAAKC,CAAAA,OAAL,CAAa,0CAAb,CAAA;AAEAD,IAAKE,CAAAA,OAAL,CAAa,cAAb,CAAA;AACAF,IAAKE,CAAAA,OAAL,CAAa,kBAAb,CAAA;AACAF,IAAKE,CAAAA,OAAL,CAAa,kBAAb,CAAA;AACAF,IAAKE,CAAAA,OAAL,CAAa,gBAAb,CAAA;AACAF,IAAKE,CAAAA,OAAL,CAAa,oBAAb,CAAA;AACAF,IAAKE,CAAAA,OAAL,CAAa,sBAAb,CAAA;AACAF,IAAKE,CAAAA,OAAL,CAAa,qBAAb,CAAA;AACAF,IAAKE,CAAAA,OAAL,CAAa,mBAAb,CAAA;AACAF,IAAKE,CAAAA,OAAL,CAAa,8BAAb,CAAA;AACAF,IAAKE,CAAAA,OAAL,CAAa,gCAAb,CAAA;AACAF,IAAKE,CAAAA,OAAL,CAAa,mBAAb,CAAA;AACAF,IAAKE,CAAAA,OAAL,CAAa,sBAAb,CAAA;AAIAF,IAAKG,CAAAA,GAAIC,CAAAA,IAAKC,CAAAA,0BAAd,GAA2C,CACzCC,WAAY,YAD6B,EAEzCC,SAAU,UAF+B,EAGzCC,YAAa,aAH4B,EAIzCC,UAAW,WAJ8B,CAA3C;AAeAT,IAAKG,CAAAA,GAAIC,CAAAA,IAAKM,CAAAA,kBAAd,GAAmCC,QAAQ,CAACC,IAAD,EAAOC,QAAP,EAAiBC,IAAjB,CAAuB;AAEhEF,MAAKG,CAAAA,kBAAL,CAAwBF,QAAxB,EAAkCb,IAAKc,CAAAA,IAAKE,CAAAA,QAASC,CAAAA,iBAAnB,CAAqCH,IAArC,CAAlC,CAAA;AAFgE,CAAlE;AAUAd,IAAKG,CAAAA,GAAIC,CAAAA,IAAKc,CAAAA,+BAAd,GAAgD,CAC9C,OAAQ,IADsC,EAE9C,SAAU,IAFoC,EAG9C,QAAS,IAHqC,EAI9C,MAAO,IAJuC,EAK9C,WAAY,IALkC,CAAhD;AA2BAlB,IAAKG,CAAAA,GAAIC,CAAAA,IAAKe,CAAAA,4BAAd,GACInB,IAAKoB,CAAAA,SAAUC,CAAAA,gBAAf,CAAgC,QAAQ,EAAG;AAGzC,MAAIrB,IAAKsB,CAAAA,KAAT,IAAkB,MAAOC,SAAzB,KAAsC,WAAtC;AACE,WAAO,KAAP;AADF;AAMA,MAAIC,MAAMD,QAASE,CAAAA,aAAT,CAAuB,KAAvB,CAAV;AACA,MAAIC,WAAWH,QAASE,CAAAA,aAAT,CAAuB,KAAvB,CAAf;AACAC,UAASC,CAAAA,WAAT,CAAqBJ,QAASE,CAAAA,aAAT,CAAuB,KAAvB,CAArB,CAAA;AACAD,KAAIG,CAAAA,WAAJ,CAAgBD,QAAhB,CAAA;AAEA,MAAI1B,IAAKsB,CAAAA,KAAT,IAAkB,CAACE,GAAII,CAAAA,UAAvB;AACE,WAAO,KAAP;AADF;AAGA,MAAIC,aAAaL,GAAII,CAAAA,UAAWA,CAAAA,UAAhC;AACAJ,KAAIM,CAAAA,SAAJ,GACI9B,IAAKc,CAAAA,IAAKE,CAAAA,QAASC,CAAAA,iBAAnB,CAAqCjB,IAAKc,CAAAA,IAAKE,CAAAA,QAASe,CAAAA,KAAxD,CADJ;AAEA,SAAO,CAACF,UAAWG,CAAAA,aAAnB;AApByC,CAA3C,CADJ;AAgCAhC,IAAKG,CAAAA,GAAIC,CAAAA,IAAK6B,CAAAA,gCAAd,GAAiDC,QAAQ,CAACC,IAAD,EAAOrB,IAAP,CAAa;AAGpE,MAAId,IAAKG,CAAAA,GAAIC,CAAAA,IAAKe,CAAAA,4BAAd,EAAJ;AACE,WAAOgB,IAAKC,CAAAA,SAAZ;AACED,UAAKE,CAAAA,WAAL,CAAiBF,IAAKC,CAAAA,SAAtB,CAAA;AADF;AADF;AAKAD,MAAKL,CAAAA,SAAL,GAAiB9B,IAAKc,CAAAA,IAAKE,CAAAA,QAASC,CAAAA,iBAAnB,CAAqCH,IAArC,CAAjB;AARoE,CAAtE;AAoBAd,IAAKG,CAAAA,GAAIC,CAAAA,IAAKkC,CAAAA,YAAd,GAA6BC,QAAQ,CAACJ,IAAD,EAAOrB,IAAP,CAAa;AAEhD,MAAId,IAAKwC,CAAAA,OAAQC,CAAAA,cAAjB,IAAqDN,IAAMO,CAAAA,OAA3D,CAAoE;AAClE,QAAIA,UAAmCP,IAAMO,CAAAA,OAAQC,CAAAA,WAAf,EAAtC;AACA,QAAI3C,IAAKG,CAAAA,GAAIC,CAAAA,IAAKc,CAAAA,+BAAd,CAA8CwB,OAA9C,CAAJ;AACE,YAAM,IAAIE,KAAJ,CACF,8DADE,GAEuBT,IAAMO,CAAAA,OAF7B,GAEuC,GAFvC,CAAN;AADF;AAFkE;AASpE1C,MAAKG,CAAAA,GAAIC,CAAAA,IAAK6B,CAAAA,gCAAd,CAA+CE,IAA/C,EAAqDrB,IAArD,CAAA;AAXgD,CAAlD;AAsBAd,IAAKG,CAAAA,GAAIC,CAAAA,IAAKyC,CAAAA,wBAAd,GAAyCC,QAAQ,CAACC,OAAD,EAAUC,SAAV,CAAqB;AAEpEhD,MAAKG,CAAAA,GAAIC,CAAAA,IAAKkC,CAAAA,YAAd,CACIS,OADJ,EAEI/C,IAAKc,CAAAA,IAAKmC,CAAAA,oBACLC,CAAAA,4CADL,CAEQlD,IAAKmD,CAAAA,MAAOC,CAAAA,KAAMC,CAAAA,IAAlB,CAAuB,wCAAvB,CAFR,EAGQrD,IAAKmD,CAAAA,MAAOC,CAAAA,KAAME,CAAAA,MAAlB,CAAyBN,SAAzB,CAHR,CAFJ,CAAA;AAFoE,CAAtE;AAgBAhD,IAAKG,CAAAA,GAAIC,CAAAA,IAAKmD,CAAAA,YAAd,GAA6BC,QAAQ,CAACrB,IAAD,EAAOrB,IAAP,CAAa;AAEhDqB,MAAKsB,CAAAA,SAAL,GAAiBzD,IAAKc,CAAAA,IAAKE,CAAAA,QAASC,CAAAA,iBAAnB,CAAqCH,IAArC,CAAjB;AAFgD,CAAlD;AA0BAd,IAAKG,CAAAA,GAAIC,CAAAA,IAAKsD,CAAAA,oBAAd,GAAqCC,QAAQ,CAACC,IAAD,EAAOC,GAAP,CAAY;AAGvD,MAAIC,OAAJ;AACA,MAAID,GAAJ,YAAmB7D,IAAKc,CAAAA,IAAKiD,CAAAA,OAA7B;AACED,WAAA,GAAUD,GAAV;AADF;AAGEC,WAAA,GAAU9D,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQC,CAAAA,oCAAlB,CAAuDH,GAAvD,CAAV;AAHF;AAKA7D,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAI8D,CAAAA,uBAAjB,CAAyCL,IAAzC,CAA+CM,CAAAA,MAA/C,GACIlE,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQT,CAAAA,MAAlB,CAAyBQ,OAAzB,CADJ;AATuD,CAAzD;AAiCA9D,IAAKG,CAAAA,GAAIC,CAAAA,IAAK+D,CAAAA,mBAAd,GAAoCC,QAAQ,CAACC,MAAD,EAASR,GAAT,CAAc;AAGxD,MAAIC,OAAJ;AACA,MAAID,GAAJ,YAAmB7D,IAAKc,CAAAA,IAAKiD,CAAAA,OAA7B;AACED,WAAA,GAAUD,GAAV;AADF;AAGEC,WAAA,GAAU9D,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQC,CAAAA,oCAAlB,CAAuDH,GAAvD,CAAV;AAHF;AAKA7D,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAImE,CAAAA,yBAAjB,CAA2CD,MAA3C,CAAmDE,CAAAA,UAAnD,GACIvE,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQT,CAAAA,MAAlB,CAAyBQ,OAAzB,CADJ;AATwD,CAA1D;AAgCA9D,IAAKG,CAAAA,GAAIC,CAAAA,IAAKoE,CAAAA,kBAAd,GAAmCC,QAAQ,CAACC,KAAD,EAAQb,GAAR,CAAa;AAGtD,MAAIC,OAAJ;AACA,MAAID,GAAJ,YAAmB7D,IAAKc,CAAAA,IAAKiD,CAAAA,OAA7B;AACED,WAAA,GAAUD,GAAV;AADF;AAGEC,WAAA,GAAU9D,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQC,CAAAA,oCAAlB,CAAuDH,GAAvD,CAAV;AAHF;AAKA7D,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAIwE,CAAAA,wBAAjB,CAA0CD,KAA1C,CAAiDH,CAAAA,UAAjD,GACIvE,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQT,CAAAA,MAAlB,CAAyBQ,OAAzB,CADJ;AATsD,CAAxD;AAoBA9D,IAAKG,CAAAA,GAAIC,CAAAA,IAAKwE,CAAAA,QAAd,GAAyBC,QAAQ,CAAC1C,IAAD,EAAO2C,KAAP,CAAc;AAE7C3C,MAAK2C,CAAAA,KAAMC,CAAAA,OAAX,GAAqB/E,IAAKc,CAAAA,IAAKkE,CAAAA,SAAU1B,CAAAA,MAApB,CAA2BwB,KAA3B,CAArB;AAF6C,CAA/C;AAYA9E,IAAKG,CAAAA,GAAIC,CAAAA,IAAK6E,CAAAA,aAAd,GAA8BC,QAAQ,CAACC,GAAD,EAAMrE,IAAN,CAAY;AAEhDqE,KAAIC,CAAAA,KAAJ,CAAUpF,IAAKc,CAAAA,IAAKE,CAAAA,QAASC,CAAAA,iBAAnB,CAAqCH,IAArC,CAAV,CAAA;AAFgD,CAAlD;AA0BAd,IAAKG,CAAAA,GAAIC,CAAAA,IAAKiF,CAAAA,aAAd,GAA8BC,QAAQ,CAACC,MAAD,EAAS1B,GAAT,CAAc;AAElD7D,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAIqF,CAAAA,yBAAjB,CAA2CD,MAA3C,CAAA;AAEA,MAAIzB,OAAJ;AACA,MAAID,GAAJ,YAAmB7D,IAAKc,CAAAA,IAAKiD,CAAAA,OAA7B;AACED,WAAA,GAAUD,GAAV;AADF;AAGEC,WAAA,GAAU9D,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQC,CAAAA,oCAAlB,CAAuDH,GAAvD,CAAV;AAHF;AAKA0B,QAAOE,CAAAA,IAAP,GAAczF,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQT,CAAAA,MAAlB,CAAyBQ,OAAzB,CAAd;AAVkD,CAApD;AA2BA9D,IAAKG,CAAAA,GAAIC,CAAAA,IAAKsF,CAAAA,WAAd,GAA4BC,QAAQ,CAACC,YAAD,EAAe/B,GAAf,CAAoB;AAEtD7D,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAI0F,CAAAA,wBAAjB,CAA0CD,YAA1C,CAAA;AAEA,MAAI9B,OAAJ;AACA,MAAID,GAAJ,YAAmB7D,IAAKc,CAAAA,IAAKiD,CAAAA,OAA7B;AACED,WAAA,GAAUD,GAAV;AADF;AAGEC,WAAA,GAAU9D,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQC,CAAAA,oCAAlB,CAAuDH,GAAvD,CAAV;AAHF;AAKA+B,cAAaE,CAAAA,GAAb,GAAmB9F,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQT,CAAAA,MAAlB,CAAyBQ,OAAzB,CAAnB;AAVsD,CAAxD;AA0BA9D,IAAKG,CAAAA,GAAIC,CAAAA,IAAK2F,CAAAA,WAAd,GAA4BC,QAAQ,CAACC,YAAD,EAAepC,GAAf,CAAoB;AAEtD7D,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAI+F,CAAAA,wBAAjB,CAA0CD,YAA1C,CAAA;AAEA,MAAInC,OAAJ;AACA,MAAID,GAAJ,YAAmB7D,IAAKc,CAAAA,IAAKiD,CAAAA,OAA7B;AACED,WAAA,GAAUD,GAAV;AADF;AAGEC,WAAA,GAAU9D,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQC,CAAAA,oCAAlB,CAAuDH,GAAvD,CAAV;AAHF;AAKAoC,cAAaH,CAAAA,GAAb,GAAmB9F,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQT,CAAAA,MAAlB,CAAyBQ,OAAzB,CAAnB;AAVsD,CAAxD;AA2BA9D,IAAKG,CAAAA,GAAIC,CAAAA,IAAK+F,CAAAA,WAAd,GAA4BC,QAAQ,CAACC,KAAD,EAAQxC,GAAR,CAAa;AAE/C7D,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAImG,CAAAA,wBAAjB,CAA0CD,KAA1C,CAAA;AACAA,OAAMP,CAAAA,GAAN,GAAY9F,IAAKc,CAAAA,IAAKyF,CAAAA,kBAAmBC,CAAAA,sBAA7B,CAAoD3C,GAApD,CAAZ;AAH+C,CAAjD;AAsBA7D,IAAKG,CAAAA,GAAIC,CAAAA,IAAKqG,CAAAA,WAAd,GAA4BC,QAAQ,CAACC,KAAD,EAAQ9C,GAAR,CAAa;AAE/C7D,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAIyG,CAAAA,wBAAjB,CAA0CD,KAA1C,CAAA;AACAA,OAAMb,CAAAA,GAAN,GAAY9F,IAAKc,CAAAA,IAAKyF,CAAAA,kBAAmBjD,CAAAA,MAA7B,CAAoCO,GAApC,CAAZ;AAH+C,CAAjD;AAsBA7D,IAAKG,CAAAA,GAAIC,CAAAA,IAAKyG,CAAAA,YAAd,GAA6BC,QAAQ,CAACC,MAAD,EAASlD,GAAT,CAAc;AAEjD7D,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAI6G,CAAAA,yBAAjB,CAA2CD,MAA3C,CAAA;AACAA,QAAOjB,CAAAA,GAAP,GAAa9F,IAAKc,CAAAA,IAAKyF,CAAAA,kBAAmBjD,CAAAA,MAA7B,CAAoCO,GAApC,CAAb;AAHiD,CAAnD;AAqBA7D,IAAKG,CAAAA,GAAIC,CAAAA,IAAK6G,CAAAA,eAAd,GAAgCC,QAAQ,CAACH,MAAD,EAASjG,IAAT,CAAe;AAErDd,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAI6G,CAAAA,yBAAjB,CAA2CD,MAA3C,CAAA;AACAA,QAAOI,CAAAA,MAAP,GAAgBnH,IAAKc,CAAAA,IAAKE,CAAAA,QAASC,CAAAA,iBAAnB,CAAqCH,IAArC,CAAhB;AAHqD,CAAvD;AAiCAd,IAAKG,CAAAA,GAAIC,CAAAA,IAAKgH,CAAAA,iBAAd,GAAkCC,QAAQ,CAACC,IAAD,EAAOzD,GAAP,EAAY0D,GAAZ,CAAiB;AAEzDvH,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAIqH,CAAAA,uBAAjB,CAAyCF,IAAzC,CAAA;AACAA,MAAKC,CAAAA,GAAL,GAAWA,GAAX;AACA,MAAIvH,IAAKmD,CAAAA,MAAOsE,CAAAA,QAASC,CAAAA,uBAArB,CAA6CH,GAA7C,EAAkD,YAAlD,CAAJ,CAAqE;AACnEvH,QAAKwC,CAAAA,OAAQmF,CAAAA,MAAb,CACI9D,GADJ,YACmB7D,IAAKc,CAAAA,IAAKyF,CAAAA,kBAD7B,EAEI,oEAFJ,CAAA;AAGAe,QAAK7B,CAAAA,IAAL,GAAYzF,IAAKc,CAAAA,IAAKyF,CAAAA,kBAAmBjD,CAAAA,MAA7B,CAAoCO,GAApC,CAAZ;AACA,UAAM+D,MAAMN,IAAKO,CAAAA,aAAXD,IAA4BN,IAAKO,CAAAA,aAAcC,CAAAA,WAArD;AACA,UAAMC,QAAQ/H,IAAKG,CAAAA,GAAIC,CAAAA,IAAK4H,CAAAA,aAAd,CAA4BJ,GAA5B,CAAd;AACA,QAAIG,KAAJ;AACET,UAAKW,CAAAA,YAAL,CAAkB,OAAlB,EAA2BF,KAA3B,CAAA;AADF;AAPmE,GAArE,KAUO,KAAIlE,GAAJ,YAAmB7D,IAAKc,CAAAA,IAAKyF,CAAAA,kBAA7B;AACLe,QAAK7B,CAAAA,IAAL,GAAYzF,IAAKc,CAAAA,IAAKyF,CAAAA,kBAAmBjD,CAAAA,MAA7B,CAAoCO,GAApC,CAAZ;AADK,QAEA,KAAIA,GAAJ,YAAmB7D,IAAKc,CAAAA,IAAKiD,CAAAA,OAA7B;AACLuD,QAAK7B,CAAAA,IAAL,GAAYzF,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQT,CAAAA,MAAlB,CAAyBO,GAAzB,CAAZ;AADK;AAILyD,QAAK7B,CAAAA,IAAL,GAAYzF,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQT,CAAAA,MAAlB,CACRtD,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQC,CAAAA,oCAAlB,CAAuDH,GAAvD,CADQ,CAAZ;AAJK;AAhBkD,CAA3D;AAyCA7D,IAAKG,CAAAA,GAAIC,CAAAA,IAAK8H,CAAAA,aAAd,GAA8BC,QAAQ,CAACC,MAAD,EAASvE,GAAT,CAAc;AAElD7D,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAIkI,CAAAA,yBAAjB,CAA2CD,MAA3C,CAAA;AACAA,QAAOE,CAAAA,IAAP,GAActI,IAAKc,CAAAA,IAAKyF,CAAAA,kBAAmBC,CAAAA,sBAA7B,CAAoD3C,GAApD,CAAd;AAHkD,CAApD;AAsBA7D,IAAKG,CAAAA,GAAIC,CAAAA,IAAKmI,CAAAA,YAAd,GAA6BC,QAAQ,CAACC,MAAD,EAAS5E,GAAT,CAAc;AAEjD7D,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAIuI,CAAAA,yBAAjB,CAA2CD,MAA3C,CAAA;AACAzI,MAAKG,CAAAA,GAAIC,CAAAA,IAAKuI,CAAAA,yBAAd,CAAwCF,MAAxC,CAAA;AACAA,QAAO3C,CAAAA,GAAP,GAAa9F,IAAKc,CAAAA,IAAKyF,CAAAA,kBAAmBC,CAAAA,sBAA7B,CAAoD3C,GAApD,CAAb;AAJiD,CAAnD;AAuBA7D,IAAKG,CAAAA,GAAIC,CAAAA,IAAKwI,CAAAA,gBAAd,GAAiCC,QAAQ,CAACJ,MAAD,EAASK,OAAT,CAAkB;AAEzD9I,MAAKwC,CAAAA,OAAQrC,CAAAA,GAAIuI,CAAAA,yBAAjB,CAA2CD,MAA3C,CAAA;AACAzI,MAAKG,CAAAA,GAAIC,CAAAA,IAAKuI,CAAAA,yBAAd,CAAwCF,MAAxC,CAAA;AACAA,QAAOM,CAAAA,WAAP,GAAqB/I,IAAKc,CAAAA,IAAKkI,CAAAA,UAAWC,CAAAA,mBAArB,CAAyCH,OAAzC,CAArB;AAJyD,CAA3D;AAcA9I,IAAKG,CAAAA,GAAIC,CAAAA,IAAKuI,CAAAA,yBAAd,GAA0CO,QAAQ,CAACT,MAAD,CAAS;AAEzD,MAAIb,MAAMa,MAAOZ,CAAAA,aAAbD,IAA8Ba,MAAOZ,CAAAA,aAAcC,CAAAA,WAAvD;AACA,QAAMC,QAAQ/H,IAAKG,CAAAA,GAAIC,CAAAA,IAAK+I,CAAAA,cAAd,CAA6BvB,GAA7B,CAAd;AACA,MAAIG,KAAJ;AACEU,UAAOR,CAAAA,YAAP,CAAoB,OAApB,EAA6BF,KAA7B,CAAA;AADF;AAJyD,CAA3D;AA+BA/H,IAAKG,CAAAA,GAAIC,CAAAA,IAAKgJ,CAAAA,eAAd,GAAgCC,QAAQ,CAACC,GAAD,EAAMzF,GAAN,CAAW;AAEjD7D,MAAKG,CAAAA,GAAIqC,CAAAA,OAAQ+G,CAAAA,gBAAjB,CAAkCD,GAAlC,CAAA;AAEA,MAAIxF,OAAJ;AACA,MAAID,GAAJ,YAAmB7D,IAAKc,CAAAA,IAAKiD,CAAAA,OAA7B;AACED,WAAA,GAAUD,GAAV;AADF;AAGEC,WAAA,GAAU9D,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQC,CAAAA,oCAAlB,CAAuDH,GAAvD,CAAV;AAHF;AAKAyF,KAAI7D,CAAAA,IAAJ,GAAWzF,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQT,CAAAA,MAAlB,CAAyBQ,OAAzB,CAAX;AAViD,CAAnD;AAmCA9D,IAAKG,CAAAA,GAAIC,CAAAA,IAAKoJ,CAAAA,cAAd,GAA+BC,QAAQ,CAACH,GAAD,EAAMzF,GAAN,CAAW;AAEhD7D,MAAKG,CAAAA,GAAIqC,CAAAA,OAAQ+G,CAAAA,gBAAjB,CAAkCD,GAAlC,CAAA;AAEA,MAAIxF,OAAJ;AACA,MAAID,GAAJ,YAAmB7D,IAAKc,CAAAA,IAAKiD,CAAAA,OAA7B;AACED,WAAA,GAAUD,GAAV;AADF;AAGEC,WAAA,GAAU9D,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQC,CAAAA,oCAAlB,CAAuDH,GAAvD,CAAV;AAHF;AAKAyF,KAAII,CAAAA,MAAJ,CAAW1J,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQT,CAAAA,MAAlB,CAAyBQ,OAAzB,CAAX,CAAA;AAVgD,CAAlD;AAiCA9D,IAAKG,CAAAA,GAAIC,CAAAA,IAAKuJ,CAAAA,eAAd,GAAgCC,QAAQ,CAACN,GAAD,EAAMzF,GAAN,CAAW;AAGjD,MAAIC,OAAJ;AACA,MAAID,GAAJ,YAAmB7D,IAAKc,CAAAA,IAAKiD,CAAAA,OAA7B;AACED,WAAA,GAAUD,GAAV;AADF;AAGEC,WAAA,GAAU9D,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQC,CAAAA,oCAAlB,CAAuDH,GAAvD,CAAV;AAHF;AAKAyF,KAAIO,CAAAA,OAAJ,CAAY7J,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQT,CAAAA,MAAlB,CAAyBQ,OAAzB,CAAZ,CAAA;AATiD,CAAnD;AAwCA9D,IAAKG,CAAAA,GAAIC,CAAAA,IAAK0J,CAAAA,YAAd,GAA6BC,QAAQ,CAAClG,GAAD,EAAMmG,aAAN,EAAqBC,QAArB,EAA+BC,SAA/B,CAA0C;AAG7E,MAAIpG,OAAJ;AACA,MAAID,GAAJ,YAAmB7D,IAAKc,CAAAA,IAAKiD,CAAAA,OAA7B;AACED,WAAA,GAAUD,GAAV;AADF;AAGEC,WAAA,GAAU9D,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQC,CAAAA,oCAAlB,CAAuDH,GAAvD,CAAV;AAHF;AAKA,MAAI+D,MAAMoC,aAANpC,IAAuB5H,IAAKmK,CAAAA,MAAhC;AAKA,MAAIC,OAAOH,QAAA,YAAoBjK,IAAKmD,CAAAA,MAAOC,CAAAA,KAAhC,GACPpD,IAAKmD,CAAAA,MAAOC,CAAAA,KAAME,CAAAA,MAAlB,CAAyB2G,QAAzB,CADO,GAEPA,QAFO,IAEK,EAFhB;AAMA,MAAIC,SAAJ,KAAkBG,SAAlB;AACE,WAAOzC,GAAI0C,CAAAA,IAAJ,CAAStK,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQT,CAAAA,MAAlB,CAAyBQ,OAAzB,CAAT,EAA4CsG,IAA5C,EAAkDF,SAAlD,CAAP;AADF;AAGE,WAAOtC,GAAI0C,CAAAA,IAAJ,CAAStK,IAAKc,CAAAA,IAAKiD,CAAAA,OAAQT,CAAAA,MAAlB,CAAyBQ,OAAzB,CAAT,EAA4CsG,IAA5C,CAAP;AAHF;AApB6E,CAA/E;AAkCApK,IAAKG,CAAAA,GAAIC,CAAAA,IAAKmK,CAAAA,mBAAd,GAAoCC,QAAQ,CAACC,MAAD,EAAS3J,IAAT,CAAe;AAEzD,SAAOd,IAAKG,CAAAA,GAAIC,CAAAA,IAAKsK,CAAAA,eAAd,CAA8BD,MAA9B,EAAsC3J,IAAtC,EAA4C,WAA5C,CAAP;AAFyD,CAA3D;AAcAd,IAAKG,CAAAA,GAAIC,CAAAA,IAAKsK,CAAAA,eAAd,GAAgCC,QAAQ,CAACF,MAAD,EAAS3B,OAAT,EAAkB8B,IAAlB,CAAwB;AAE9D,SAAOH,MAAOC,CAAAA,eAAP,CACH1K,IAAKc,CAAAA,IAAKE,CAAAA,QAASC,CAAAA,iBAAnB,CAAqC6H,OAArC,CADG,EAC4C8B,IAD5C,CAAP;AAF8D,CAAhE;AAoBA5K,IAAKG,CAAAA,GAAIC,CAAAA,IAAKyK,CAAAA,mBAAd,GAAoCC,QAAQ,CAACC,IAAD,CAAO;AAGjD,MAAI,CAAC,aAAcC,CAAAA,IAAd,CAAmBD,IAAKH,CAAAA,IAAxB,CAAL;AACE,UAAM,IAAIhI,KAAJ,CACF,oEADE,CAAN;AADF;AAIA,MAAIqI,YAAYjL,IAAKmK,CAAAA,MAAOe,CAAAA,GAAIC,CAAAA,eAAhB,CAAgCJ,IAAhC,CAAhB;AACA,MAAIK,QAAQ,IAAIpL,IAAKmK,CAAAA,MAAOkB,CAAAA,KAAhB,EAAZ;AACAD,OAAME,CAAAA,MAAN,GAAeC,QAAQ,EAAG;AAExBvL,QAAKmK,CAAAA,MAAOe,CAAAA,GAAIM,CAAAA,eAAhB,CAAgCP,SAAhC,CAAA;AAFwB,GAA1B;AAIAG,OAAMtF,CAAAA,GAAN,GAAYmF,SAAZ;AACA,SAAOG,KAAP;AAdiD,CAAnD;AAwBApL,IAAKG,CAAAA,GAAIC,CAAAA,IAAKqL,CAAAA,wBAAd,GAAyCC,QAAQ,CAACC,KAAD,EAAQ7K,IAAR,CAAc;AAE7D,SAAO6K,KAAMF,CAAAA,wBAAN,CACHzL,IAAKc,CAAAA,IAAKE,CAAAA,QAASC,CAAAA,iBAAnB,CAAqCH,IAArC,CADG,CAAP;AAF6D,CAA/D;AAYAd,IAAKG,CAAAA,GAAIC,CAAAA,IAAK+I,CAAAA,cAAd,GAA+ByC,QAAQ,CAACC,UAAD,CAAa;AAClD,SAAO7L,IAAKG,CAAAA,GAAIC,CAAAA,IAAK0L,CAAAA,SAAd,CAAwB,eAAxB,EAAyCD,UAAzC,CAAP;AADkD,CAApD;AAWA7L,IAAKG,CAAAA,GAAIC,CAAAA,IAAK4H,CAAAA,aAAd,GAA8B+D,QAAQ,CAACF,UAAD,CAAa;AACjD,SAAO7L,IAAKG,CAAAA,GAAIC,CAAAA,IAAK0L,CAAAA,SAAd,CACH,+CADG,EAC2CD,UAD3C,CAAP;AADiD,CAAnD;AAUA7L,IAAKG,CAAAA,GAAIC,CAAAA,IAAK4L,CAAAA,cAAd,GAA+B,qBAA/B;AASAhM,IAAKG,CAAAA,GAAIC,CAAAA,IAAK0L,CAAAA,SAAd,GAA0BG,QAAQ,CAACC,QAAD,EAAWtE,GAAX,CAAgB;AAChD,QAAMzC,MAA2B5D,CAApBqG,GAAoBrG,IAAbvB,IAAKmK,CAAAA,MAAQ5I,EAAAA,QAAjC;AACA,MAAI,CAAC4D,GAAIgH,CAAAA,aAAT;AACE,WAAO,EAAP;AADF;AAGA,MAAIC,KAAKjH,GAAIgH,CAAAA,aAAJ,CAAkBD,QAAlB,CAAT;AACA,MAAIE,EAAJ,CAAQ;AAKN,UAAMrE,QAAQqE,EAAA,CAAG,OAAH,CAARrE,IAAuBqE,EAAGC,CAAAA,YAAH,CAAgB,OAAhB,CAA7B;AACA,QAAItE,KAAJ,IAAa/H,IAAKG,CAAAA,GAAIC,CAAAA,IAAK4L,CAAAA,cAAehB,CAAAA,IAA7B,CAAkCjD,KAAlC,CAAb;AACE,aAAOA,KAAP;AADF;AANM;AAUR,SAAO,EAAP;AAhBgD,CAAlD;;\",\n\"sources\":[\"goog/dom/safe.js\"],\n\"sourcesContent\":[\"/**\\n * @license\\n * Copyright The Closure Library Authors.\\n * SPDX-License-Identifier: Apache-2.0\\n */\\n\\n/**\\n * @fileoverview Type-safe wrappers for unsafe DOM APIs.\\n *\\n * This file provides type-safe wrappers for DOM APIs that can result in\\n * cross-site scripting (XSS) vulnerabilities, if the API is supplied with\\n * untrusted (attacker-controlled) input.  Instead of plain strings, the type\\n * safe wrappers consume values of types from the goog.html package whose\\n * contract promises that values are safe to use in the corresponding context.\\n *\\n * Hence, a program that exclusively uses the wrappers in this file (i.e., whose\\n * only reference to security-sensitive raw DOM APIs are in this file) is\\n * guaranteed to be free of XSS due to incorrect use of such DOM APIs (modulo\\n * correctness of code that produces values of the respective goog.html types,\\n * and absent code that violates type safety).\\n *\\n * For example, assigning to an element's .innerHTML property a string that is\\n * derived (even partially) from untrusted input typically results in an XSS\\n * vulnerability. The type-safe wrapper goog.dom.safe.setInnerHtml consumes a\\n * value of type goog.html.SafeHtml, whose contract states that using its values\\n * in a HTML context will not result in XSS. Hence a program that is free of\\n * direct assignments to any element's innerHTML property (with the exception of\\n * the assignment to .innerHTML in this file) is guaranteed to be free of XSS\\n * due to assignment of untrusted strings to the innerHTML property.\\n */\\n\\ngoog.provide('goog.dom.safe');\\ngoog.provide('goog.dom.safe.InsertAdjacentHtmlPosition');\\n\\ngoog.require('goog.asserts');\\ngoog.require('goog.asserts.dom');\\ngoog.require('goog.dom.asserts');\\ngoog.require('goog.functions');\\ngoog.require('goog.html.SafeHtml');\\ngoog.require('goog.html.SafeScript');\\ngoog.require('goog.html.SafeStyle');\\ngoog.require('goog.html.SafeUrl');\\ngoog.require('goog.html.TrustedResourceUrl');\\ngoog.require('goog.html.uncheckedconversions');\\ngoog.require('goog.string.Const');\\ngoog.require('goog.string.internal');\\n\\n\\n/** @enum {string} */\\ngoog.dom.safe.InsertAdjacentHtmlPosition = {\\n  AFTERBEGIN: 'afterbegin',\\n  AFTEREND: 'afterend',\\n  BEFOREBEGIN: 'beforebegin',\\n  BEFOREEND: 'beforeend'\\n};\\n\\n\\n/**\\n * Inserts known-safe HTML into a Node, at the specified position.\\n * @param {!Node} node The node on which to call insertAdjacentHTML.\\n * @param {!goog.dom.safe.InsertAdjacentHtmlPosition} position Position where\\n *     to insert the HTML.\\n * @param {!goog.html.SafeHtml} html The known-safe HTML to insert.\\n */\\ngoog.dom.safe.insertAdjacentHtml = function(node, position, html) {\\n  'use strict';\\n  node.insertAdjacentHTML(position, goog.html.SafeHtml.unwrapTrustedHTML(html));\\n};\\n\\n\\n/**\\n * Tags not allowed in goog.dom.safe.setInnerHtml.\\n * @private @const {!Object<string, boolean>}\\n */\\ngoog.dom.safe.SET_INNER_HTML_DISALLOWED_TAGS_ = {\\n  'MATH': true,\\n  'SCRIPT': true,\\n  'STYLE': true,\\n  'SVG': true,\\n  'TEMPLATE': true\\n};\\n\\n\\n/**\\n * Whether assigning to innerHTML results in a non-spec-compliant clean-up. Used\\n * to define goog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse.\\n *\\n * <p>As mentioned in https://stackoverflow.com/questions/28741528, re-rendering\\n * an element in IE by setting innerHTML causes IE to recursively disconnect all\\n * parent/children connections that were in the previous contents of the\\n * element. Unfortunately, this can unexpectedly result in confusing cases where\\n * a function is run (typically asynchronously) on element that has since\\n * disconnected from the DOM but assumes the presence of its children. A simple\\n * workaround is to remove all children first. Testing on IE11 via\\n * https://jsperf.com/innerhtml-vs-removechild/239, removeChild seems to be\\n * ~10x faster than innerHTML='' for a large number of children (perhaps due\\n * to the latter's recursive behavior), implying that this workaround would\\n * not hurt performance and might actually improve it.\\n * @return {boolean}\\n * @private\\n */\\ngoog.dom.safe.isInnerHtmlCleanupRecursive_ =\\n    goog.functions.cacheReturnValue(function() {\\n      'use strict';\\n      // `document` missing in some test frameworks.\\n      if (goog.DEBUG && typeof document === 'undefined') {\\n        return false;\\n      }\\n      // Create 3 nested <div>s without using innerHTML.\\n      // We're not chaining the appendChilds in one call,  as this breaks\\n      // in a DocumentFragment.\\n      var div = document.createElement('div');\\n      var childDiv = document.createElement('div');\\n      childDiv.appendChild(document.createElement('div'));\\n      div.appendChild(childDiv);\\n      // `firstChild` is null in Google Js Test.\\n      if (goog.DEBUG && !div.firstChild) {\\n        return false;\\n      }\\n      var innerChild = div.firstChild.firstChild;\\n      div.innerHTML =\\n          goog.html.SafeHtml.unwrapTrustedHTML(goog.html.SafeHtml.EMPTY);\\n      return !innerChild.parentElement;\\n    });\\n\\n\\n/**\\n * Assigns HTML to an element's innerHTML property. Helper to use only here and\\n * in soy.js.\\n * @param {?Element|?ShadowRoot} elem The element whose innerHTML is to be\\n *     assigned to.\\n * @param {!goog.html.SafeHtml} html\\n */\\ngoog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse = function(elem, html) {\\n  'use strict';\\n  // See comment above goog.dom.safe.isInnerHtmlCleanupRecursive_.\\n  if (goog.dom.safe.isInnerHtmlCleanupRecursive_()) {\\n    while (elem.lastChild) {\\n      elem.removeChild(elem.lastChild);\\n    }\\n  }\\n  elem.innerHTML = goog.html.SafeHtml.unwrapTrustedHTML(html);\\n};\\n\\n\\n/**\\n * Assigns known-safe HTML to an element's innerHTML property.\\n * @param {!Element|!ShadowRoot} elem The element whose innerHTML is to be\\n *     assigned to.\\n * @param {!goog.html.SafeHtml} html The known-safe HTML to assign.\\n * @throws {Error} If called with one of these tags: math, script, style, svg,\\n *     template.\\n */\\ngoog.dom.safe.setInnerHtml = function(elem, html) {\\n  'use strict';\\n  if (goog.asserts.ENABLE_ASSERTS && /** @type {?} */ (elem).tagName) {\\n    var tagName = /** @type {!Element} */ (elem).tagName.toUpperCase();\\n    if (goog.dom.safe.SET_INNER_HTML_DISALLOWED_TAGS_[tagName]) {\\n      throw new Error(\\n          'goog.dom.safe.setInnerHtml cannot be used to set content of ' +\\n          /** @type {!Element} */ (elem).tagName + '.');\\n    }\\n  }\\n\\n  goog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse(elem, html);\\n};\\n\\n\\n/**\\n * Assigns constant HTML to an element's innerHTML property.\\n * @param {!Element} element The element whose innerHTML is to be assigned to.\\n * @param {!goog.string.Const} constHtml The known-safe HTML to assign.\\n * @throws {!Error} If called with one of these tags: math, script, style, svg,\\n *     template.\\n */\\ngoog.dom.safe.setInnerHtmlFromConstant = function(element, constHtml) {\\n  'use strict';\\n  goog.dom.safe.setInnerHtml(\\n      element,\\n      goog.html.uncheckedconversions\\n          .safeHtmlFromStringKnownToSatisfyTypeContract(\\n              goog.string.Const.from('Constant HTML to be immediatelly used.'),\\n              goog.string.Const.unwrap(constHtml)));\\n};\\n\\n\\n/**\\n * Assigns known-safe HTML to an element's outerHTML property.\\n * @param {!Element} elem The element whose outerHTML is to be assigned to.\\n * @param {!goog.html.SafeHtml} html The known-safe HTML to assign.\\n */\\ngoog.dom.safe.setOuterHtml = function(elem, html) {\\n  'use strict';\\n  elem.outerHTML = goog.html.SafeHtml.unwrapTrustedHTML(html);\\n};\\n\\n\\n/**\\n * Safely assigns a URL a form element's action property.\\n *\\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\\n * form's action property.  If url is of type string however, it is first\\n * sanitized using goog.html.SafeUrl.sanitize.\\n *\\n * Example usage:\\n *   goog.dom.safe.setFormElementAction(formEl, url);\\n * which is a safe alternative to\\n *   formEl.action = url;\\n * The latter can result in XSS vulnerabilities if url is a\\n * user-/attacker-controlled value.\\n *\\n * @param {!Element} form The form element whose action property\\n *     is to be assigned to.\\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\\n * @return {void}\\n * @see goog.html.SafeUrl#sanitize\\n */\\ngoog.dom.safe.setFormElementAction = function(form, url) {\\n  'use strict';\\n  /** @type {!goog.html.SafeUrl} */\\n  var safeUrl;\\n  if (url instanceof goog.html.SafeUrl) {\\n    safeUrl = url;\\n  } else {\\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\\n  }\\n  goog.asserts.dom.assertIsHtmlFormElement(form).action =\\n      goog.html.SafeUrl.unwrap(safeUrl);\\n};\\n\\n/**\\n * Safely assigns a URL to a button element's formaction property.\\n *\\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\\n * button's formaction property.  If url is of type string however, it is first\\n * sanitized using goog.html.SafeUrl.sanitize.\\n *\\n * Example usage:\\n *   goog.dom.safe.setButtonFormAction(buttonEl, url);\\n * which is a safe alternative to\\n *   buttonEl.action = url;\\n * The latter can result in XSS vulnerabilities if url is a\\n * user-/attacker-controlled value.\\n *\\n * @param {!Element} button The button element whose action property\\n *     is to be assigned to.\\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\\n * @return {void}\\n * @see goog.html.SafeUrl#sanitize\\n */\\ngoog.dom.safe.setButtonFormAction = function(button, url) {\\n  'use strict';\\n  /** @type {!goog.html.SafeUrl} */\\n  var safeUrl;\\n  if (url instanceof goog.html.SafeUrl) {\\n    safeUrl = url;\\n  } else {\\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\\n  }\\n  goog.asserts.dom.assertIsHtmlButtonElement(button).formAction =\\n      goog.html.SafeUrl.unwrap(safeUrl);\\n};\\n/**\\n * Safely assigns a URL to an input element's formaction property.\\n *\\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\\n * input's formaction property.  If url is of type string however, it is first\\n * sanitized using goog.html.SafeUrl.sanitize.\\n *\\n * Example usage:\\n *   goog.dom.safe.setInputFormAction(inputEl, url);\\n * which is a safe alternative to\\n *   inputEl.action = url;\\n * The latter can result in XSS vulnerabilities if url is a\\n * user-/attacker-controlled value.\\n *\\n * @param {!Element} input The input element whose action property\\n *     is to be assigned to.\\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\\n * @return {void}\\n * @see goog.html.SafeUrl#sanitize\\n */\\ngoog.dom.safe.setInputFormAction = function(input, url) {\\n  'use strict';\\n  /** @type {!goog.html.SafeUrl} */\\n  var safeUrl;\\n  if (url instanceof goog.html.SafeUrl) {\\n    safeUrl = url;\\n  } else {\\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\\n  }\\n  goog.asserts.dom.assertIsHtmlInputElement(input).formAction =\\n      goog.html.SafeUrl.unwrap(safeUrl);\\n};\\n\\n/**\\n * Sets the given element's style property to the contents of the provided\\n * SafeStyle object.\\n * @param {!Element} elem\\n * @param {!goog.html.SafeStyle} style\\n * @return {void}\\n */\\ngoog.dom.safe.setStyle = function(elem, style) {\\n  'use strict';\\n  elem.style.cssText = goog.html.SafeStyle.unwrap(style);\\n};\\n\\n\\n/**\\n * Writes known-safe HTML to a document.\\n * @param {!Document} doc The document to be written to.\\n * @param {!goog.html.SafeHtml} html The known-safe HTML to assign.\\n * @return {void}\\n */\\ngoog.dom.safe.documentWrite = function(doc, html) {\\n  'use strict';\\n  doc.write(goog.html.SafeHtml.unwrapTrustedHTML(html));\\n};\\n\\n\\n/**\\n * Safely assigns a URL to an anchor element's href property.\\n *\\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\\n * anchor's href property.  If url is of type string however, it is first\\n * sanitized using goog.html.SafeUrl.sanitize.\\n *\\n * Example usage:\\n *   goog.dom.safe.setAnchorHref(anchorEl, url);\\n * which is a safe alternative to\\n *   anchorEl.href = url;\\n * The latter can result in XSS vulnerabilities if url is a\\n * user-/attacker-controlled value.\\n *\\n * @param {!HTMLAnchorElement} anchor The anchor element whose href property\\n *     is to be assigned to.\\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\\n * @return {void}\\n * @see goog.html.SafeUrl#sanitize\\n */\\ngoog.dom.safe.setAnchorHref = function(anchor, url) {\\n  'use strict';\\n  goog.asserts.dom.assertIsHtmlAnchorElement(anchor);\\n  /** @type {!goog.html.SafeUrl} */\\n  var safeUrl;\\n  if (url instanceof goog.html.SafeUrl) {\\n    safeUrl = url;\\n  } else {\\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\\n  }\\n  anchor.href = goog.html.SafeUrl.unwrap(safeUrl);\\n};\\n\\n\\n/**\\n * Safely assigns a URL to a audio element's src property.\\n *\\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\\n * audio's src property.  If url is of type string however, it is first\\n * sanitized using goog.html.SafeUrl.sanitize.\\n *\\n * @param {!HTMLAudioElement} audioElement The audio element whose src property\\n *     is to be assigned to.\\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\\n * @return {void}\\n * @see goog.html.SafeUrl#sanitize\\n */\\ngoog.dom.safe.setAudioSrc = function(audioElement, url) {\\n  'use strict';\\n  goog.asserts.dom.assertIsHtmlAudioElement(audioElement);\\n  /** @type {!goog.html.SafeUrl} */\\n  var safeUrl;\\n  if (url instanceof goog.html.SafeUrl) {\\n    safeUrl = url;\\n  } else {\\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\\n  }\\n  audioElement.src = goog.html.SafeUrl.unwrap(safeUrl);\\n};\\n\\n/**\\n * Safely assigns a URL to a video element's src property.\\n *\\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\\n * video's src property.  If url is of type string however, it is first\\n * sanitized using goog.html.SafeUrl.sanitize.\\n *\\n * @param {!HTMLVideoElement} videoElement The video element whose src property\\n *     is to be assigned to.\\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\\n * @return {void}\\n * @see goog.html.SafeUrl#sanitize\\n */\\ngoog.dom.safe.setVideoSrc = function(videoElement, url) {\\n  'use strict';\\n  goog.asserts.dom.assertIsHtmlVideoElement(videoElement);\\n  /** @type {!goog.html.SafeUrl} */\\n  var safeUrl;\\n  if (url instanceof goog.html.SafeUrl) {\\n    safeUrl = url;\\n  } else {\\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\\n  }\\n  videoElement.src = goog.html.SafeUrl.unwrap(safeUrl);\\n};\\n\\n/**\\n * Safely assigns a URL to an embed element's src property.\\n *\\n * Example usage:\\n *   goog.dom.safe.setEmbedSrc(embedEl, url);\\n * which is a safe alternative to\\n *   embedEl.src = url;\\n * The latter can result in loading untrusted code unless it is ensured that\\n * the URL refers to a trustworthy resource.\\n *\\n * @param {!HTMLEmbedElement} embed The embed element whose src property\\n *     is to be assigned to.\\n * @param {!goog.html.TrustedResourceUrl} url The URL to assign.\\n */\\ngoog.dom.safe.setEmbedSrc = function(embed, url) {\\n  'use strict';\\n  goog.asserts.dom.assertIsHtmlEmbedElement(embed);\\n  embed.src = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);\\n};\\n\\n\\n/**\\n * Safely assigns a URL to a frame element's src property.\\n *\\n * Example usage:\\n *   goog.dom.safe.setFrameSrc(frameEl, url);\\n * which is a safe alternative to\\n *   frameEl.src = url;\\n * The latter can result in loading untrusted code unless it is ensured that\\n * the URL refers to a trustworthy resource.\\n *\\n * @param {!HTMLFrameElement} frame The frame element whose src property\\n *     is to be assigned to.\\n * @param {!goog.html.TrustedResourceUrl} url The URL to assign.\\n * @return {void}\\n */\\ngoog.dom.safe.setFrameSrc = function(frame, url) {\\n  'use strict';\\n  goog.asserts.dom.assertIsHtmlFrameElement(frame);\\n  frame.src = goog.html.TrustedResourceUrl.unwrap(url);\\n};\\n\\n\\n/**\\n * Safely assigns a URL to an iframe element's src property.\\n *\\n * Example usage:\\n *   goog.dom.safe.setIframeSrc(iframeEl, url);\\n * which is a safe alternative to\\n *   iframeEl.src = url;\\n * The latter can result in loading untrusted code unless it is ensured that\\n * the URL refers to a trustworthy resource.\\n *\\n * @param {!HTMLIFrameElement} iframe The iframe element whose src property\\n *     is to be assigned to.\\n * @param {!goog.html.TrustedResourceUrl} url The URL to assign.\\n * @return {void}\\n */\\ngoog.dom.safe.setIframeSrc = function(iframe, url) {\\n  'use strict';\\n  goog.asserts.dom.assertIsHtmlIFrameElement(iframe);\\n  iframe.src = goog.html.TrustedResourceUrl.unwrap(url);\\n};\\n\\n\\n/**\\n * Safely assigns HTML to an iframe element's srcdoc property.\\n *\\n * Example usage:\\n *   goog.dom.safe.setIframeSrcdoc(iframeEl, safeHtml);\\n * which is a safe alternative to\\n *   iframeEl.srcdoc = html;\\n * The latter can result in loading untrusted code.\\n *\\n * @param {!HTMLIFrameElement} iframe The iframe element whose srcdoc property\\n *     is to be assigned to.\\n * @param {!goog.html.SafeHtml} html The HTML to assign.\\n * @return {void}\\n */\\ngoog.dom.safe.setIframeSrcdoc = function(iframe, html) {\\n  'use strict';\\n  goog.asserts.dom.assertIsHtmlIFrameElement(iframe);\\n  iframe.srcdoc = goog.html.SafeHtml.unwrapTrustedHTML(html);\\n};\\n\\n\\n/**\\n * Safely sets a link element's href and rel properties. Whether or not\\n * the URL assigned to href has to be a goog.html.TrustedResourceUrl\\n * depends on the value of the rel property. If rel contains \\\"stylesheet\\\"\\n * then a TrustedResourceUrl is required.\\n *\\n * Example usage:\\n *   goog.dom.safe.setLinkHrefAndRel(linkEl, url, 'stylesheet');\\n * which is a safe alternative to\\n *   linkEl.rel = 'stylesheet';\\n *   linkEl.href = url;\\n * The latter can result in loading untrusted code unless it is ensured that\\n * the URL refers to a trustworthy resource.\\n *\\n * @param {!HTMLLinkElement} link The link element whose href property\\n *     is to be assigned to.\\n * @param {string|!goog.html.SafeUrl|!goog.html.TrustedResourceUrl} url The URL\\n *     to assign to the href property. Must be a TrustedResourceUrl if the\\n *     value assigned to rel contains \\\"stylesheet\\\". A string value is\\n *     sanitized with goog.html.SafeUrl.sanitize.\\n * @param {string} rel The value to assign to the rel property.\\n * @return {void}\\n * @throws {Error} if rel contains \\\"stylesheet\\\" and url is not a\\n *     TrustedResourceUrl\\n * @see goog.html.SafeUrl#sanitize\\n */\\ngoog.dom.safe.setLinkHrefAndRel = function(link, url, rel) {\\n  'use strict';\\n  goog.asserts.dom.assertIsHtmlLinkElement(link);\\n  link.rel = rel;\\n  if (goog.string.internal.caseInsensitiveContains(rel, 'stylesheet')) {\\n    goog.asserts.assert(\\n        url instanceof goog.html.TrustedResourceUrl,\\n        'URL must be TrustedResourceUrl because \\\"rel\\\" contains \\\"stylesheet\\\"');\\n    link.href = goog.html.TrustedResourceUrl.unwrap(url);\\n    const win = link.ownerDocument && link.ownerDocument.defaultView;\\n    const nonce = goog.dom.safe.getStyleNonce(win);\\n    if (nonce) {\\n      link.setAttribute('nonce', nonce);\\n    }\\n  } else if (url instanceof goog.html.TrustedResourceUrl) {\\n    link.href = goog.html.TrustedResourceUrl.unwrap(url);\\n  } else if (url instanceof goog.html.SafeUrl) {\\n    link.href = goog.html.SafeUrl.unwrap(url);\\n  } else {  // string\\n    // SafeUrl.sanitize must return legitimate SafeUrl when passed a string.\\n    link.href = goog.html.SafeUrl.unwrap(\\n        goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url));\\n  }\\n};\\n\\n\\n/**\\n * Safely assigns a URL to an object element's data property.\\n *\\n * Example usage:\\n *   goog.dom.safe.setObjectData(objectEl, url);\\n * which is a safe alternative to\\n *   objectEl.data = url;\\n * The latter can result in loading untrusted code unless setit is ensured that\\n * the URL refers to a trustworthy resource.\\n *\\n * @param {!HTMLObjectElement} object The object element whose data property\\n *     is to be assigned to.\\n * @param {!goog.html.TrustedResourceUrl} url The URL to assign.\\n * @return {void}\\n */\\ngoog.dom.safe.setObjectData = function(object, url) {\\n  'use strict';\\n  goog.asserts.dom.assertIsHtmlObjectElement(object);\\n  object.data = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);\\n};\\n\\n\\n/**\\n * Safely assigns a URL to a script element's src property.\\n *\\n * Example usage:\\n *   goog.dom.safe.setScriptSrc(scriptEl, url);\\n * which is a safe alternative to\\n *   scriptEl.src = url;\\n * The latter can result in loading untrusted code unless it is ensured that\\n * the URL refers to a trustworthy resource.\\n *\\n * @param {!HTMLScriptElement} script The script element whose src property\\n *     is to be assigned to.\\n * @param {!goog.html.TrustedResourceUrl} url The URL to assign.\\n * @return {void}\\n */\\ngoog.dom.safe.setScriptSrc = function(script, url) {\\n  'use strict';\\n  goog.asserts.dom.assertIsHtmlScriptElement(script);\\n  goog.dom.safe.setNonceForScriptElement_(script);\\n  script.src = goog.html.TrustedResourceUrl.unwrapTrustedScriptURL(url);\\n};\\n\\n\\n/**\\n * Safely assigns a value to a script element's content.\\n *\\n * Example usage:\\n *   goog.dom.safe.setScriptContent(scriptEl, content);\\n * which is a safe alternative to\\n *   scriptEl.text = content;\\n * The latter can result in executing untrusted code unless it is ensured that\\n * the code is loaded from a trustworthy resource.\\n *\\n * @param {!HTMLScriptElement} script The script element whose content is being\\n *     set.\\n * @param {!goog.html.SafeScript} content The content to assign.\\n * @return {void}\\n */\\ngoog.dom.safe.setScriptContent = function(script, content) {\\n  'use strict';\\n  goog.asserts.dom.assertIsHtmlScriptElement(script);\\n  goog.dom.safe.setNonceForScriptElement_(script);\\n  script.textContent = goog.html.SafeScript.unwrapTrustedScript(content);\\n};\\n\\n\\n/**\\n * Set nonce-based CSPs to dynamically created scripts.\\n * @param {!HTMLScriptElement} script The script element whose nonce value\\n *     is to be calculated\\n * @private\\n */\\ngoog.dom.safe.setNonceForScriptElement_ = function(script) {\\n  'use strict';\\n  var win = script.ownerDocument && script.ownerDocument.defaultView;\\n  const nonce = goog.dom.safe.getScriptNonce(win);\\n  if (nonce) {\\n    script.setAttribute('nonce', nonce);\\n  }\\n};\\n\\n\\n/**\\n * Safely assigns a URL to a Location object's href property.\\n *\\n * If url is of type goog.html.SafeUrl, its value is unwrapped and assigned to\\n * loc's href property.  If url is of type string however, it is first sanitized\\n * using goog.html.SafeUrl.sanitize.\\n *\\n * Example usage:\\n *   goog.dom.safe.setLocationHref(document.location, redirectUrl);\\n * which is a safe alternative to\\n *   document.location.href = redirectUrl;\\n * The latter can result in XSS vulnerabilities if redirectUrl is a\\n * user-/attacker-controlled value.\\n *\\n * @param {!Location} loc The Location object whose href property is to be\\n *     assigned to.\\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\\n * @return {void}\\n * @see goog.html.SafeUrl#sanitize\\n\\n */\\ngoog.dom.safe.setLocationHref = function(loc, url) {\\n  'use strict';\\n  goog.dom.asserts.assertIsLocation(loc);\\n  /** @type {!goog.html.SafeUrl} */\\n  var safeUrl;\\n  if (url instanceof goog.html.SafeUrl) {\\n    safeUrl = url;\\n  } else {\\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\\n  }\\n  loc.href = goog.html.SafeUrl.unwrap(safeUrl);\\n};\\n\\n/**\\n * Safely assigns the URL of a Location object.\\n *\\n * If url is of type goog.html.SafeUrl, its value is unwrapped and\\n * passed to Location#assign. If url is of type string however, it is\\n * first sanitized using goog.html.SafeUrl.sanitize.\\n *\\n * Example usage:\\n *   goog.dom.safe.assignLocation(document.location, newUrl);\\n * which is a safe alternative to\\n *   document.location.assign(newUrl);\\n * The latter can result in XSS vulnerabilities if newUrl is a\\n * user-/attacker-controlled value.\\n *\\n * This has the same behaviour as setLocationHref, however some test\\n * mock Location.assign instead of a property assignment.\\n *\\n * @param {!Location} loc The Location object which is to be assigned.\\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\\n * @return {void}\\n * @see goog.html.SafeUrl#sanitize\\n */\\ngoog.dom.safe.assignLocation = function(loc, url) {\\n  'use strict';\\n  goog.dom.asserts.assertIsLocation(loc);\\n  /** @type {!goog.html.SafeUrl} */\\n  var safeUrl;\\n  if (url instanceof goog.html.SafeUrl) {\\n    safeUrl = url;\\n  } else {\\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\\n  }\\n  loc.assign(goog.html.SafeUrl.unwrap(safeUrl));\\n};\\n\\n\\n/**\\n * Safely replaces the URL of a Location object.\\n *\\n * If url is of type goog.html.SafeUrl, its value is unwrapped and\\n * passed to Location#replace. If url is of type string however, it is\\n * first sanitized using goog.html.SafeUrl.sanitize.\\n *\\n * Example usage:\\n *   goog.dom.safe.replaceLocation(document.location, newUrl);\\n * which is a safe alternative to\\n *   document.location.replace(newUrl);\\n * The latter can result in XSS vulnerabilities if newUrl is a\\n * user-/attacker-controlled value.\\n *\\n * @param {!Location} loc The Location object which is to be replaced.\\n * @param {string|!goog.html.SafeUrl} url The URL to assign.\\n * @return {void}\\n * @see goog.html.SafeUrl#sanitize\\n */\\ngoog.dom.safe.replaceLocation = function(loc, url) {\\n  'use strict';\\n  /** @type {!goog.html.SafeUrl} */\\n  var safeUrl;\\n  if (url instanceof goog.html.SafeUrl) {\\n    safeUrl = url;\\n  } else {\\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\\n  }\\n  loc.replace(goog.html.SafeUrl.unwrap(safeUrl));\\n};\\n\\n\\n/**\\n * Safely opens a URL in a new window (via window.open).\\n *\\n * If url is of type goog.html.SafeUrl, its value is unwrapped and passed in to\\n * window.open.  If url is of type string however, it is first sanitized\\n * using goog.html.SafeUrl.sanitize.\\n *\\n * Note that this function does not prevent leakages via the referer that is\\n * sent by window.open. It is advised to only use this to open 1st party URLs.\\n *\\n * Example usage:\\n *   goog.dom.safe.openInWindow(url);\\n * which is a safe alternative to\\n *   window.open(url);\\n * The latter can result in XSS vulnerabilities if url is a\\n * user-/attacker-controlled value.\\n *\\n * @param {string|!goog.html.SafeUrl} url The URL to open.\\n * @param {Window=} opt_openerWin Window of which to call the .open() method.\\n *     Defaults to the global window.\\n * @param {!goog.string.Const|string=} opt_name Name of the window to open in.\\n *     Can be _top, etc as allowed by window.open(). This accepts string for\\n *     legacy reasons. Pass goog.string.Const if possible.\\n * @param {string=} opt_specs Comma-separated list of specifications, same as\\n *     in window.open().\\n * @return {Window} Window the url was opened in.\\n */\\ngoog.dom.safe.openInWindow = function(url, opt_openerWin, opt_name, opt_specs) {\\n  'use strict';\\n  /** @type {!goog.html.SafeUrl} */\\n  var safeUrl;\\n  if (url instanceof goog.html.SafeUrl) {\\n    safeUrl = url;\\n  } else {\\n    safeUrl = goog.html.SafeUrl.sanitizeJavascriptUrlAssertUnchanged(url);\\n  }\\n  var win = opt_openerWin || goog.global;\\n  // If opt_name is undefined, simply passing that in to open() causes IE to\\n  // reuse the current window instead of opening a new one. Thus we pass '' in\\n  // instead, which according to spec opens a new window. See\\n  // https://html.spec.whatwg.org/multipage/browsers.html#dom-open .\\n  var name = opt_name instanceof goog.string.Const ?\\n      goog.string.Const.unwrap(opt_name) :\\n      opt_name || '';\\n  // Do not pass opt_specs to window.open unless it was provided by the caller.\\n  // IE11 will use it as a signal to open a new window rather than a new tab\\n  // (even if it is undefined).\\n  if (opt_specs !== undefined) {\\n    return win.open(goog.html.SafeUrl.unwrap(safeUrl), name, opt_specs);\\n  } else {\\n    return win.open(goog.html.SafeUrl.unwrap(safeUrl), name);\\n  }\\n};\\n\\n\\n/**\\n * Parses the HTML as 'text/html'.\\n * @param {!DOMParser} parser\\n * @param {!goog.html.SafeHtml} html The HTML to be parsed.\\n * @return {!Document}\\n */\\ngoog.dom.safe.parseFromStringHtml = function(parser, html) {\\n  'use strict';\\n  return goog.dom.safe.parseFromString(parser, html, 'text/html');\\n};\\n\\n\\n/**\\n * Parses the string.\\n * @param {!DOMParser} parser\\n * @param {!goog.html.SafeHtml} content Note: We don't have a special type for\\n *     XML or SVG supported by this function so we use SafeHtml.\\n * @param {string} type\\n * @return {!Document}\\n */\\ngoog.dom.safe.parseFromString = function(parser, content, type) {\\n  'use strict';\\n  return parser.parseFromString(\\n      goog.html.SafeHtml.unwrapTrustedHTML(content), type);\\n};\\n\\n\\n/**\\n * Safely creates an HTMLImageElement from a Blob.\\n *\\n * Example usage:\\n *     goog.dom.safe.createImageFromBlob(blob);\\n * which is a safe alternative to\\n *     image.src = createObjectUrl(blob)\\n * The latter can result in executing malicious same-origin scripts from a bad\\n * Blob.\\n * @param {!Blob} blob The blob to create the image from.\\n * @return {!HTMLImageElement} The image element created from the blob.\\n * @throws {!Error} If called with a Blob with a MIME type other than image/.*.\\n */\\ngoog.dom.safe.createImageFromBlob = function(blob) {\\n  'use strict';\\n  // Any image/* MIME type is accepted as safe.\\n  if (!/^image\\\\/.*/g.test(blob.type)) {\\n    throw new Error(\\n        'goog.dom.safe.createImageFromBlob only accepts MIME type image/.*.');\\n  }\\n  var objectUrl = goog.global.URL.createObjectURL(blob);\\n  var image = new goog.global.Image();\\n  image.onload = function() {\\n    'use strict';\\n    goog.global.URL.revokeObjectURL(objectUrl);\\n  };\\n  image.src = objectUrl;\\n  return image;\\n};\\n\\n/**\\n * Creates a DocumentFragment by parsing html in the context of a Range.\\n * @param {!Range} range The Range object starting from the context node to\\n * create a fragment in.\\n * @param {!goog.html.SafeHtml} html HTML to create a fragment from.\\n * @return {?DocumentFragment}\\n */\\ngoog.dom.safe.createContextualFragment = function(range, html) {\\n  'use strict';\\n  return range.createContextualFragment(\\n      goog.html.SafeHtml.unwrapTrustedHTML(html));\\n};\\n\\n/**\\n * Returns CSP script nonce, if set for any <script> tag.\\n * @param {?Window=} opt_window The window context used to retrieve the nonce.\\n *     Defaults to global context.\\n * @return {string} CSP nonce or empty string if no nonce is present.\\n */\\ngoog.dom.safe.getScriptNonce = function(opt_window) {\\n  return goog.dom.safe.getNonce_('script[nonce]', opt_window);\\n};\\n\\n/**\\n * Returns CSP style nonce, if set for any <style> or <link rel=\\\"stylesheet\\\">\\n * tag.\\n * @param {?Window=} opt_window The window context used to retrieve the nonce.\\n *     Defaults to global context.\\n * @return {string} CSP nonce or empty string if no nonce is present.\\n */\\ngoog.dom.safe.getStyleNonce = function(opt_window) {\\n  return goog.dom.safe.getNonce_(\\n      'style[nonce],link[rel=\\\"stylesheet\\\"][nonce]', opt_window);\\n};\\n\\n/**\\n * According to the CSP3 spec a nonce must be a valid base64 string.\\n * @see https://www.w3.org/TR/CSP3/#grammardef-base64-value\\n * @private @const\\n */\\ngoog.dom.safe.NONCE_PATTERN_ = /^[\\\\w+/_-]+[=]{0,2}$/;\\n\\n/**\\n * Returns CSP nonce, if set for any tag of given type.\\n * @param {string} selector Selector for locating the element with nonce.\\n * @param {?Window=} win The window context used to retrieve the nonce.\\n * @return {string} CSP nonce or empty string if no nonce is present.\\n * @private\\n */\\ngoog.dom.safe.getNonce_ = function(selector, win) {\\n  const doc = (win || goog.global).document;\\n  if (!doc.querySelector) {\\n    return '';\\n  }\\n  let el = doc.querySelector(selector);\\n  if (el) {\\n    // Try to get the nonce from the IDL property first, because browsers that\\n    // implement additional nonce protection features (currently only Chrome) to\\n    // prevent nonce stealing via CSS do not expose the nonce via attributes.\\n    // See https://github.com/whatwg/html/issues/2369\\n    const nonce = el['nonce'] || el.getAttribute('nonce');\\n    if (nonce && goog.dom.safe.NONCE_PATTERN_.test(nonce)) {\\n      return nonce;\\n    }\\n  }\\n  return '';\\n};\\n\"],\n\"names\":[\"goog\",\"provide\",\"require\",\"dom\",\"safe\",\"InsertAdjacentHtmlPosition\",\"AFTERBEGIN\",\"AFTEREND\",\"BEFOREBEGIN\",\"BEFOREEND\",\"insertAdjacentHtml\",\"goog.dom.safe.insertAdjacentHtml\",\"node\",\"position\",\"html\",\"insertAdjacentHTML\",\"SafeHtml\",\"unwrapTrustedHTML\",\"SET_INNER_HTML_DISALLOWED_TAGS_\",\"isInnerHtmlCleanupRecursive_\",\"functions\",\"cacheReturnValue\",\"DEBUG\",\"document\",\"div\",\"createElement\",\"childDiv\",\"appendChild\",\"firstChild\",\"innerChild\",\"innerHTML\",\"EMPTY\",\"parentElement\",\"unsafeSetInnerHtmlDoNotUseOrElse\",\"goog.dom.safe.unsafeSetInnerHtmlDoNotUseOrElse\",\"elem\",\"lastChild\",\"removeChild\",\"setInnerHtml\",\"goog.dom.safe.setInnerHtml\",\"asserts\",\"ENABLE_ASSERTS\",\"tagName\",\"toUpperCase\",\"Error\",\"setInnerHtmlFromConstant\",\"goog.dom.safe.setInnerHtmlFromConstant\",\"element\",\"constHtml\",\"uncheckedconversions\",\"safeHtmlFromStringKnownToSatisfyTypeContract\",\"string\",\"Const\",\"from\",\"unwrap\",\"setOuterHtml\",\"goog.dom.safe.setOuterHtml\",\"outerHTML\",\"setFormElementAction\",\"goog.dom.safe.setFormElementAction\",\"form\",\"url\",\"safeUrl\",\"SafeUrl\",\"sanitizeJavascriptUrlAssertUnchanged\",\"assertIsHtmlFormElement\",\"action\",\"setButtonFormAction\",\"goog.dom.safe.setButtonFormAction\",\"button\",\"assertIsHtmlButtonElement\",\"formAction\",\"setInputFormAction\",\"goog.dom.safe.setInputFormAction\",\"input\",\"assertIsHtmlInputElement\",\"setStyle\",\"goog.dom.safe.setStyle\",\"style\",\"cssText\",\"SafeStyle\",\"documentWrite\",\"goog.dom.safe.documentWrite\",\"doc\",\"write\",\"setAnchorHref\",\"goog.dom.safe.setAnchorHref\",\"anchor\",\"assertIsHtmlAnchorElement\",\"href\",\"setAudioSrc\",\"goog.dom.safe.setAudioSrc\",\"audioElement\",\"assertIsHtmlAudioElement\",\"src\",\"setVideoSrc\",\"goog.dom.safe.setVideoSrc\",\"videoElement\",\"assertIsHtmlVideoElement\",\"setEmbedSrc\",\"goog.dom.safe.setEmbedSrc\",\"embed\",\"assertIsHtmlEmbedElement\",\"TrustedResourceUrl\",\"unwrapTrustedScriptURL\",\"setFrameSrc\",\"goog.dom.safe.setFrameSrc\",\"frame\",\"assertIsHtmlFrameElement\",\"setIframeSrc\",\"goog.dom.safe.setIframeSrc\",\"iframe\",\"assertIsHtmlIFrameElement\",\"setIframeSrcdoc\",\"goog.dom.safe.setIframeSrcdoc\",\"srcdoc\",\"setLinkHrefAndRel\",\"goog.dom.safe.setLinkHrefAndRel\",\"link\",\"rel\",\"assertIsHtmlLinkElement\",\"internal\",\"caseInsensitiveContains\",\"assert\",\"win\",\"ownerDocument\",\"defaultView\",\"nonce\",\"getStyleNonce\",\"setAttribute\",\"setObjectData\",\"goog.dom.safe.setObjectData\",\"object\",\"assertIsHtmlObjectElement\",\"data\",\"setScriptSrc\",\"goog.dom.safe.setScriptSrc\",\"script\",\"assertIsHtmlScriptElement\",\"setNonceForScriptElement_\",\"setScriptContent\",\"goog.dom.safe.setScriptContent\",\"content\",\"textContent\",\"SafeScript\",\"unwrapTrustedScript\",\"goog.dom.safe.setNonceForScriptElement_\",\"getScriptNonce\",\"setLocationHref\",\"goog.dom.safe.setLocationHref\",\"loc\",\"assertIsLocation\",\"assignLocation\",\"goog.dom.safe.assignLocation\",\"assign\",\"replaceLocation\",\"goog.dom.safe.replaceLocation\",\"replace\",\"openInWindow\",\"goog.dom.safe.openInWindow\",\"opt_openerWin\",\"opt_name\",\"opt_specs\",\"global\",\"name\",\"undefined\",\"open\",\"parseFromStringHtml\",\"goog.dom.safe.parseFromStringHtml\",\"parser\",\"parseFromString\",\"goog.dom.safe.parseFromString\",\"type\",\"createImageFromBlob\",\"goog.dom.safe.createImageFromBlob\",\"blob\",\"test\",\"objectUrl\",\"URL\",\"createObjectURL\",\"image\",\"Image\",\"onload\",\"image.onload\",\"revokeObjectURL\",\"createContextualFragment\",\"goog.dom.safe.createContextualFragment\",\"range\",\"goog.dom.safe.getScriptNonce\",\"opt_window\",\"getNonce_\",\"goog.dom.safe.getStyleNonce\",\"NONCE_PATTERN_\",\"goog.dom.safe.getNonce_\",\"selector\",\"querySelector\",\"el\",\"getAttribute\"]\n}\n"]