From 22426b0be265e351fc70d2861463d76a2338a35a Mon Sep 17 00:00:00 2001 From: Chris O'Hara Date: Thu, 21 Jul 2016 12:47:53 +1000 Subject: [PATCH 1/2] Rewrite trim() to use rtrim() + ltrim() --- src/lib/trim.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/lib/trim.js b/src/lib/trim.js index f4f8fe004..8b08f1ddf 100644 --- a/src/lib/trim.js +++ b/src/lib/trim.js @@ -1,7 +1,6 @@ -import assertString from './util/assertString'; +import rtrim from './rtrim'; +import ltrim from './ltrim'; export default function trim(str, chars) { - assertString(str); - const pattern = chars ? new RegExp(`^[${chars}]+|[${chars}]+$`, 'g') : /^\s+|\s+$/g; - return str.replace(pattern, ''); + return rtrim(ltrim(str, chars), chars); } From 057d3b05c316a7c51bdeb3f8e0439fe2ed1b4295 Mon Sep 17 00:00:00 2001 From: Chris O'Hara Date: Thu, 21 Jul 2016 12:58:41 +1000 Subject: [PATCH 2/2] Rewrite rtrim() to avoid a regex DoS --- lib/rtrim.js | 10 ++++++++-- lib/trim.js | 12 +++++++----- src/lib/rtrim.js | 10 ++++++++-- test/sanitizers.js | 15 ++++++++++++--- validator.js | 14 +++++++++----- validator.min.js | 2 +- 6 files changed, 45 insertions(+), 18 deletions(-) diff --git a/lib/rtrim.js b/lib/rtrim.js index 2fefab396..fa6d8e15d 100644 --- a/lib/rtrim.js +++ b/lib/rtrim.js @@ -13,7 +13,13 @@ function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { de function rtrim(str, chars) { (0, _assertString2.default)(str); - var pattern = chars ? new RegExp('[' + chars + ']+$', 'g') : /\s+$/g; - return str.replace(pattern, ''); + var pattern = chars ? new RegExp('[' + chars + ']') : /\s/; + + var idx = str.length - 1; + while (idx >= 0 && pattern.test(str[idx])) { + idx--; + } + + return idx < str.length ? str.substr(0, idx + 1) : str; } module.exports = exports['default']; \ No newline at end of file diff --git a/lib/trim.js b/lib/trim.js index babda38e0..cb945d450 100644 --- a/lib/trim.js +++ b/lib/trim.js @@ -5,15 +5,17 @@ Object.defineProperty(exports, "__esModule", { }); exports.default = trim; -var _assertString = require('./util/assertString'); +var _rtrim = require('./rtrim'); -var _assertString2 = _interopRequireDefault(_assertString); +var _rtrim2 = _interopRequireDefault(_rtrim); + +var _ltrim = require('./ltrim'); + +var _ltrim2 = _interopRequireDefault(_ltrim); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } function trim(str, chars) { - (0, _assertString2.default)(str); - var pattern = chars ? new RegExp('^[' + chars + ']+|[' + chars + ']+$', 'g') : /^\s+|\s+$/g; - return str.replace(pattern, ''); + return (0, _rtrim2.default)((0, _ltrim2.default)(str, chars), chars); } module.exports = exports['default']; \ No newline at end of file diff --git a/src/lib/rtrim.js b/src/lib/rtrim.js index 4938566bc..9045bb72e 100644 --- a/src/lib/rtrim.js +++ b/src/lib/rtrim.js @@ -2,6 +2,12 @@ import assertString from './util/assertString'; export default function rtrim(str, chars) { assertString(str); - const pattern = chars ? new RegExp(`[${chars}]+$`, 'g') : /\s+$/g; - return str.replace(pattern, ''); + const pattern = chars ? new RegExp(`[${chars}]`) : /\s/; + + let idx = str.length - 1; + while (idx >= 0 && pattern.test(str[idx])) { + idx--; + } + + return idx < str.length ? str.substr(0, idx + 1) : str; } diff --git a/test/sanitizers.js b/test/sanitizers.js index 644164b1f..8e295d805 100644 --- a/test/sanitizers.js +++ b/test/sanitizers.js @@ -53,17 +53,26 @@ describe('Sanitizers', function () { it('should trim whitespace', function () { test({ sanitizer: 'trim', - expect: { ' \r\n\tfoo \r\n\t ': 'foo' }, + expect: { + ' \r\n\tfoo \r\n\t ': 'foo', + ' \r': '', + }, }); test({ sanitizer: 'ltrim', - expect: { ' \r\n\tfoo \r\n\t ': 'foo \r\n\t ' }, + expect: { + ' \r\n\tfoo \r\n\t ': 'foo \r\n\t ', + ' \t \n': '', + }, }); test({ sanitizer: 'rtrim', - expect: { ' \r\n\tfoo \r\n\t ': ' \r\n\tfoo' }, + expect: { + ' \r\n\tfoo \r\n\t ': ' \r\n\tfoo', + ' \r\n \t': '', + }, }); }); diff --git a/validator.js b/validator.js index fba30d820..7a2d8daa4 100644 --- a/validator.js +++ b/validator.js @@ -1001,14 +1001,18 @@ function rtrim(str, chars) { assertString(str); - var pattern = chars ? new RegExp('[' + chars + ']+$', 'g') : /\s+$/g; - return str.replace(pattern, ''); + var pattern = chars ? new RegExp('[' + chars + ']') : /\s/; + + var idx = str.length - 1; + while (idx >= 0 && pattern.test(str[idx])) { + idx--; + } + + return idx < str.length ? str.substr(0, idx + 1) : str; } function trim(str, chars) { - assertString(str); - var pattern = chars ? new RegExp('^[' + chars + ']+|[' + chars + ']+$', 'g') : /^\s+|\s+$/g; - return str.replace(pattern, ''); + return rtrim(ltrim(str, chars), chars); } function escape(str) { diff --git a/validator.min.js b/validator.min.js index 058b2ff7f..73684f921 100644 --- a/validator.min.js +++ b/validator.min.js @@ -20,4 +20,4 @@ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):e.validator=t()}(this,function(){"use strict";function e(e){if("string"!=typeof e)throw new TypeError("This library (validator.js) validates strings only")}function t(t){return e(t),t=Date.parse(t),isNaN(t)?null:new Date(t)}function r(t){return e(t),parseFloat(t)}function n(t,r){return e(t),parseInt(t,r||10)}function i(t,r){return e(t),r?"1"===t||"true"===t:"0"!==t&&"false"!==t&&""!==t}function o(t,r){return e(t),t===r}function a(e){return"object"===("undefined"==typeof e?"undefined":fe(e))&&null!==e?e="function"==typeof e.toString?e.toString():"[object Object]":(null===e||"undefined"==typeof e||isNaN(e)&&!e.length)&&(e=""),String(e)}function u(t,r){return e(t),t.indexOf(a(r))>=0}function s(t,r,n){return e(t),"[object RegExp]"!==Object.prototype.toString.call(r)&&(r=new RegExp(r,n)),r.test(t)}function l(){var e=arguments.length<=0||void 0===arguments[0]?{}:arguments[0],t=arguments[1];for(var r in t)"undefined"==typeof e[r]&&(e[r]=t[r]);return e}function f(t,r){e(t);var n=void 0,i=void 0;"object"===("undefined"==typeof r?"undefined":fe(r))?(n=r.min||0,i=r.max):(n=arguments[1],i=arguments[2]);var o=encodeURI(t).split(/%..|./).length-1;return o>=n&&("undefined"==typeof i||o<=i)}function d(t,r){e(t),r=l(r,de),r.allow_trailing_dot&&"."===t[t.length-1]&&(t=t.substring(0,t.length-1));var n=t.split(".");if(r.require_tld){var i=n.pop();if(!n.length||!/^([a-z\u00a1-\uffff]{2,}|xn[a-z0-9-]{2,})$/i.test(i))return!1}for(var o,a=0;au)return!1;if("::"===t)return!0;"::"===t.substr(0,2)?(i.shift(),i.shift(),o=!0):"::"===t.substr(t.length-2)&&(i.pop(),i.pop(),o=!0);for(var s=0;s0&&s=1:i.length===u}return!1}function p(t,r){if(e(t),!t||t.length>=2083||/\s/.test(t))return!1;if(0===t.indexOf("mailto:"))return!1;r=l(r,xe);var n=void 0,i=void 0,o=void 0,a=void 0,u=void 0,s=void 0,f=void 0;if(f=t.split("#"),t=f.shift(),f=t.split("?"),t=f.shift(),f=t.split("://"),f.length>1){if(n=f.shift(),r.require_valid_protocol&&r.protocols.indexOf(n)===-1)return!1}else{if(r.require_protocol)return!1;r.allow_protocol_relative_urls&&"//"===t.substr(0,2)&&(f[0]=t.substr(2))}return t=f.join("://"),f=t.split("/"),t=f.shift(),f=t.split("@"),!(f.length>1&&(i=f.shift(),i.indexOf(":")>=0&&i.split(":").length>2))&&(a=f.join("@"),f=a.split(":"),o=f.shift(),!(f.length&&(s=f.join(":"),u=parseInt(s,10),!/^[0-9]+$/.test(s)||u<=0||u>65535))&&(!(!g(o)&&!d(o,r)&&"localhost"!==o)&&((!r.host_whitelist||r.host_whitelist.indexOf(o)!==-1)&&(!r.host_blacklist||r.host_blacklist.indexOf(o)===-1))))}function F(t){return e(t),Ae.test(t)}function v(t){return e(t),["true","false","1","0"].indexOf(t)>=0}function _(t){var r=arguments.length<=1||void 0===arguments[1]?"en-US":arguments[1];if(e(t),r in me)return me[r].test(t);throw new Error("Invalid locale '"+r+"'")}function h(t){var r=arguments.length<=1||void 0===arguments[1]?"en-US":arguments[1];if(e(t),r in we)return we[r].test(t);throw new Error("Invalid locale '"+r+"'")}function $(t){return e(t),Se.test(t)}function x(t){return e(t),t===t.toLowerCase()}function A(t){return e(t),t===t.toUpperCase()}function m(t){return e(t),Ie.test(t)}function w(t){return e(t),Oe.test(t)}function b(t){return e(t),Ce.test(t)}function y(t){return e(t),Oe.test(t)&&Ce.test(t)}function D(t){return e(t),Ne.test(t)}function Z(t){return e(t),Ue.test(t)}function E(t,r){e(t),r=r||{};var n=r.hasOwnProperty("allow_leading_zeroes")&&r.allow_leading_zeroes?Re:ze,i=!r.hasOwnProperty("min")||t>=r.min,o=!r.hasOwnProperty("max")||t<=r.max;return n.test(t)&&i&&o}function S(t,r){return e(t),r=r||{},""!==t&&"."!==t&&(je.test(t)&&(!r.hasOwnProperty("min")||t>=r.min)&&(!r.hasOwnProperty("max")||t<=r.max))}function I(t){return e(t),""!==t&&Le.test(t)}function O(t){return e(t),Be.test(t)}function C(t,n){return e(t),r(t)%parseInt(n,10)===0}function N(t){return e(t),Pe.test(t)}function U(t){e(t);try{var r=JSON.parse(t);return!!r&&"object"===("undefined"==typeof r?"undefined":fe(r))}catch(e){}return!1}function z(t){return e(t),0===t.length}function R(t,r){e(t);var n=void 0,i=void 0;"object"===("undefined"==typeof r?"undefined":fe(r))?(n=r.min||0,i=r.max):(n=arguments[1],i=arguments[2]);var o=t.match(/[\uD800-\uDBFF][\uDC00-\uDFFF]/g)||[],a=t.length-o.length;return a>=n&&("undefined"==typeof i||a<=i)}function j(t){var r=arguments.length<=1||void 0===arguments[1]?"all":arguments[1];e(t);var n=qe[r];return n&&n.test(t)}function L(t){return e(t),O(t)&&24===t.length}function B(t){return e(t),Te.test(t)}function P(e){var t=e.match(Te),r=void 0,n=void 0,i=void 0,o=void 0;if(t){if(r=t[21],!r)return t[12]?null:0;if("z"===r||"Z"===r)return 0;n=t[22],r.indexOf(":")!==-1?(i=parseInt(t[23],10),o=parseInt(t[24],10)):(i=0,o=parseInt(t[23],10))}else{if(e=e.toLowerCase(),r=e.match(/(?:\s|gmt\s*)(-|\+)(\d{1,4})(\s|$)/),!r)return e.indexOf("gmt")!==-1?0:null;n=r[1];var a=r[2];3===a.length&&(a="0"+a),a.length<=2?(i=0,o=parseInt(a,10)):(i=parseInt(a.slice(0,2),10),o=parseInt(a.slice(2,4),10))}return(60*i+o)*("-"===n?1:-1)}function q(t){e(t);var r=new Date(Date.parse(t));if(isNaN(r))return!1;var n=P(t);if(null!==n){var i=r.getTimezoneOffset()-n;r=new Date(r.getTime()+6e4*i)}var o=String(r.getDate()),a=void 0,u=void 0,s=void 0;return!(u=t.match(/(^|[^:\d])[23]\d([^:\d]|$)/g))||(a=u.map(function(e){return e.match(/\d+/g)[0]}).join("/"),s=String(r.getFullYear()).slice(-2),a===o||a===s||(a===""+o/s||a===""+s/o))}function T(r){var n=arguments.length<=1||void 0===arguments[1]?String(new Date):arguments[1];e(r);var i=t(n),o=t(r);return!!(o&&i&&o>i)}function H(r){var n=arguments.length<=1||void 0===arguments[1]?String(new Date):arguments[1];e(r);var i=t(n),o=t(r);return!!(o&&i&&o=0}return"object"===("undefined"==typeof r?"undefined":fe(r))?r.hasOwnProperty(t):!(!r||"function"!=typeof r.indexOf)&&r.indexOf(t)>=0}function W(t){e(t);var r=t.replace(/[^0-9]+/g,"");if(!He.test(r))return!1;for(var n=0,i=void 0,o=void 0,a=void 0,u=r.length-1;u>=0;u--)i=r.substring(u,u+1),o=parseInt(i,10),a?(o*=2,n+=o>=10?o%10+1:o):n+=o,a=!a;return!(n%10!==0||!r)}function Y(t){if(e(t),!Me.test(t))return!1;for(var r=t.replace(/[A-Z]/g,function(e){return parseInt(e,36)}),n=0,i=void 0,o=void 0,a=!0,u=r.length-2;u>=0;u--)i=r.substring(u,u+1),o=parseInt(i,10),a?(o*=2,n+=o>=10?o+1:o):n+=o,a=!a;return parseInt(t.substr(t.length-1),10)===(1e4-n)%10}function G(t){var r=arguments.length<=1||void 0===arguments[1]?"":arguments[1];if(e(t),r=String(r),!r)return G(t,10)||G(t,13);var n=t.replace(/[\s-]+/g,""),i=0,o=void 0;if("10"===r){if(!We.test(n))return!1;for(o=0;o<9;o++)i+=(o+1)*n.charAt(o);if(i+="X"===n.charAt(9)?100:10*n.charAt(9),i%11===0)return!!n}else if("13"===r){if(!Ye.test(n))return!1;for(o=0;o<12;o++)i+=Ge[o%2]*n.charAt(o);if(n.charAt(12)-(10-i%10)%10===0)return!!n}return!1}function K(t,r){return e(t),r in Ke&&Ke[r].test(t)}function Q(e){var t="(\\"+e.symbol.replace(/\./g,"\\.")+")"+(e.require_symbol?"":"?"),r="-?",n="[1-9]\\d*",i="[1-9]\\d{0,2}(\\"+e.thousands_separator+"\\d{3})*",o=["0",n,i],a="("+o.join("|")+")?",u="(\\"+e.decimal_separator+"\\d{2})?",s=a+u;return e.allow_negatives&&!e.parens_for_negatives&&(e.negative_sign_after_digits?s+=r:e.negative_sign_before_digits&&(s=r+s)),e.allow_negative_sign_placeholder?s="( (?!\\-))?"+s:e.allow_space_after_symbol?s=" ?"+s:e.allow_space_after_digits&&(s+="( (?!$))?"),e.symbol_after_digits?s+=t:s=t+s,e.allow_negatives&&(e.parens_for_negatives?s="(\\("+s+"\\)|"+s+")":e.negative_sign_before_digits||e.negative_sign_after_digits||(s=r+s)),new RegExp("^(?!-? )(?=.*\\d)"+s+"$")}function k(t,r){return e(t),r=l(r,Qe),Q(r).test(t)}function J(t){e(t);var r=t.length;if(!r||r%4!==0||ke.test(t))return!1;var n=t.indexOf("=");return n===-1||n===r-1||n===r-2&&"="===t[r-1]}function V(t){return e(t),Je.test(t)}function X(t,r){e(t);var n=r?new RegExp("^["+r+"]+","g"):/^\s+/g;return t.replace(n,"")}function ee(t,r){e(t);var n=r?new RegExp("["+r+"]+$","g"):/\s+$/g;return t.replace(n,"")}function te(t,r){e(t);var n=r?new RegExp("^["+r+"]+|["+r+"]+$","g"):/^\s+|\s+$/g;return t.replace(n,"")}function re(t){return e(t),t.replace(/&/g,"&").replace(/"/g,""").replace(/'/g,"'").replace(//g,">").replace(/\//g,"/").replace(/`/g,"`")}function ne(t){return e(t),t.replace(/&/g,"&").replace(/"/g,'"').replace(/'/g,"'").replace(/</g,"<").replace(/>/g,">").replace(///g,"/").replace(/`/g,"`")}function ie(t,r){return e(t),t.replace(new RegExp("["+r+"]+","g"),"")}function oe(t,r){e(t);var n=r?"\\x00-\\x09\\x0B\\x0C\\x0E-\\x1F\\x7F":"\\x00-\\x1F\\x7F";return ie(t,n)}function ae(t,r){return e(t),t.replace(new RegExp("[^"+r+"]+","g"),"")}function ue(t,r){e(t);for(var n=t.length-1;n>=0;n--)if(r.indexOf(t[n])===-1)return!1;return!0}function se(e,t){if(t=l(t,Ve),!c(e))return!1;var r=e.split("@",2);if(r[1]=r[1].toLowerCase(),"gmail.com"===r[1]||"googlemail.com"===r[1]){if(t.remove_extension&&(r[0]=r[0].split("+")[0]),t.remove_dots&&(r[0]=r[0].replace(/\./g,"")),!r[0].length)return!1;r[0]=r[0].toLowerCase(),r[1]="gmail.com"}else t.lowercase&&(r[0]=r[0].toLowerCase());return r.join("@")}for(var le,fe="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol?"symbol":typeof e},de={require_tld:!0,allow_underscores:!1,allow_trailing_dot:!1},ce={allow_display_name:!1,allow_utf8_local_part:!0,require_tld:!0},ge=/^[a-z\d!#\$%&'\*\+\-\/=\?\^_`{\|}~\.\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]+[a-z\d!#\$%&'\*\+\-\/=\?\^_`{\|}~\.\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF\s]*<(.+)>$/i,pe=/^[a-z\d!#\$%&'\*\+\-\/=\?\^_`{\|}~]+$/i,Fe=/^([\s\x01-\x08\x0b\x0c\x0e-\x1f\x7f\x21\x23-\x5b\x5d-\x7e]|(\\[\x01-\x09\x0b\x0c\x0d-\x7f]))*$/i,ve=/^[a-z\d!#\$%&'\*\+\-\/=\?\^_`{\|}~\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]+$/i,_e=/^([\s\x01-\x08\x0b\x0c\x0e-\x1f\x7f\x21\x23-\x5b\x5d-\x7e\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]|(\\[\x01-\x09\x0b\x0c\x0d-\x7f\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]))*$/i,he=/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/,$e=/^[0-9A-F]{1,4}$/i,xe={protocols:["http","https","ftp"],require_tld:!0,require_protocol:!1,require_valid_protocol:!0,allow_underscores:!1,allow_trailing_dot:!1,allow_protocol_relative_urls:!1},Ae=/^([0-9a-fA-F][0-9a-fA-F]:){5}([0-9a-fA-F][0-9a-fA-F])$/,me={"en-US":/^[A-Z]+$/i,"cs-CZ":/^[A-ZÁČĎÉĚÍŇÓŘŠŤÚŮÝŽ]+$/i,"de-DE":/^[A-ZÄÖÜß]+$/i,"es-ES":/^[A-ZÁÉÍÑÓÚÜ]+$/i,"fr-FR":/^[A-ZÀÂÆÇÉÈÊËÏÎÔŒÙÛÜŸ]+$/i,"nl-NL":/^[A-ZÉËÏÓÖÜ]+$/i,"hu-HU":/^[A-ZÁÉÍÓÖŐÚÜŰ]+$/i,"pl-PL":/^[A-ZĄĆĘŚŁŃÓŻŹ]+$/i,"pt-PT":/^[A-ZÃÁÀÂÇÉÊÍÕÓÔÚÜ]+$/i,"ru-RU":/^[А-ЯЁа-яё]+$/i,"tr-TR":/^[A-ZÇĞİıÖŞÜ]+$/i,ar:/^[ءآأؤإئابةتثجحخدذرزسشصضطظعغفقكلمنهوىيًٌٍَُِّْٰ]+$/},we={"en-US":/^[0-9A-Z]+$/i,"cs-CZ":/^[0-9A-ZÁČĎÉĚÍŇÓŘŠŤÚŮÝŽ]+$/i,"de-DE":/^[0-9A-ZÄÖÜß]+$/i,"es-ES":/^[0-9A-ZÁÉÍÑÓÚÜ]+$/i,"fr-FR":/^[0-9A-ZÀÂÆÇÉÈÊËÏÎÔŒÙÛÜŸ]+$/i,"hu-HU":/^[0-9A-ZÁÉÍÓÖŐÚÜŰ]+$/i,"nl-NL":/^[0-9A-ZÉËÏÓÖÜ]+$/i,"pl-PL":/^[0-9A-ZĄĆĘŚŁŃÓŻŹ]+$/i,"pt-PT":/^[0-9A-ZÃÁÀÂÇÉÊÍÕÓÔÚÜ]+$/i,"ru-RU":/^[0-9А-ЯЁа-яё]+$/i,"tr-TR":/^[0-9A-ZÇĞİıÖŞÜ]+$/i,ar:/^[٠١٢٣٤٥٦٧٨٩0-9ءآأؤإئابةتثجحخدذرزسشصضطظعغفقكلمنهوىيًٌٍَُِّْٰ]+$/},be=["AU","GB","HK","IN","NZ","ZA","ZM"],ye=0;ye=0}function s(t,r,n){return e(t),"[object RegExp]"!==Object.prototype.toString.call(r)&&(r=new RegExp(r,n)),r.test(t)}function l(){var e=arguments.length<=0||void 0===arguments[0]?{}:arguments[0],t=arguments[1];for(var r in t)"undefined"==typeof e[r]&&(e[r]=t[r]);return e}function f(t,r){e(t);var n=void 0,i=void 0;"object"===("undefined"==typeof r?"undefined":fe(r))?(n=r.min||0,i=r.max):(n=arguments[1],i=arguments[2]);var o=encodeURI(t).split(/%..|./).length-1;return o>=n&&("undefined"==typeof i||o<=i)}function d(t,r){e(t),r=l(r,de),r.allow_trailing_dot&&"."===t[t.length-1]&&(t=t.substring(0,t.length-1));var n=t.split(".");if(r.require_tld){var i=n.pop();if(!n.length||!/^([a-z\u00a1-\uffff]{2,}|xn[a-z0-9-]{2,})$/i.test(i))return!1}for(var o,a=0;au)return!1;if("::"===t)return!0;"::"===t.substr(0,2)?(i.shift(),i.shift(),o=!0):"::"===t.substr(t.length-2)&&(i.pop(),i.pop(),o=!0);for(var s=0;s0&&s=1:i.length===u}return!1}function p(t,r){if(e(t),!t||t.length>=2083||/\s/.test(t))return!1;if(0===t.indexOf("mailto:"))return!1;r=l(r,$e);var n=void 0,i=void 0,o=void 0,a=void 0,u=void 0,s=void 0,f=void 0;if(f=t.split("#"),t=f.shift(),f=t.split("?"),t=f.shift(),f=t.split("://"),f.length>1){if(n=f.shift(),r.require_valid_protocol&&r.protocols.indexOf(n)===-1)return!1}else{if(r.require_protocol)return!1;r.allow_protocol_relative_urls&&"//"===t.substr(0,2)&&(f[0]=t.substr(2))}return t=f.join("://"),f=t.split("/"),t=f.shift(),f=t.split("@"),!(f.length>1&&(i=f.shift(),i.indexOf(":")>=0&&i.split(":").length>2))&&(a=f.join("@"),f=a.split(":"),o=f.shift(),!(f.length&&(s=f.join(":"),u=parseInt(s,10),!/^[0-9]+$/.test(s)||u<=0||u>65535))&&(!(!g(o)&&!d(o,r)&&"localhost"!==o)&&((!r.host_whitelist||r.host_whitelist.indexOf(o)!==-1)&&(!r.host_blacklist||r.host_blacklist.indexOf(o)===-1))))}function F(t){return e(t),Ae.test(t)}function v(t){return e(t),["true","false","1","0"].indexOf(t)>=0}function _(t){var r=arguments.length<=1||void 0===arguments[1]?"en-US":arguments[1];if(e(t),r in me)return me[r].test(t);throw new Error("Invalid locale '"+r+"'")}function h(t){var r=arguments.length<=1||void 0===arguments[1]?"en-US":arguments[1];if(e(t),r in we)return we[r].test(t);throw new Error("Invalid locale '"+r+"'")}function x(t){return e(t),Ee.test(t)}function $(t){return e(t),t===t.toLowerCase()}function A(t){return e(t),t===t.toUpperCase()}function m(t){return e(t),Ie.test(t)}function w(t){return e(t),Oe.test(t)}function b(t){return e(t),Ce.test(t)}function y(t){return e(t),Oe.test(t)&&Ce.test(t)}function D(t){return e(t),Ne.test(t)}function Z(t){return e(t),Ue.test(t)}function S(t,r){e(t),r=r||{};var n=r.hasOwnProperty("allow_leading_zeroes")&&r.allow_leading_zeroes?Re:ze,i=!r.hasOwnProperty("min")||t>=r.min,o=!r.hasOwnProperty("max")||t<=r.max;return n.test(t)&&i&&o}function E(t,r){return e(t),r=r||{},""!==t&&"."!==t&&(je.test(t)&&(!r.hasOwnProperty("min")||t>=r.min)&&(!r.hasOwnProperty("max")||t<=r.max))}function I(t){return e(t),""!==t&&Le.test(t)}function O(t){return e(t),Be.test(t)}function C(t,n){return e(t),r(t)%parseInt(n,10)===0}function N(t){return e(t),Pe.test(t)}function U(t){e(t);try{var r=JSON.parse(t);return!!r&&"object"===("undefined"==typeof r?"undefined":fe(r))}catch(e){}return!1}function z(t){return e(t),0===t.length}function R(t,r){e(t);var n=void 0,i=void 0;"object"===("undefined"==typeof r?"undefined":fe(r))?(n=r.min||0,i=r.max):(n=arguments[1],i=arguments[2]);var o=t.match(/[\uD800-\uDBFF][\uDC00-\uDFFF]/g)||[],a=t.length-o.length;return a>=n&&("undefined"==typeof i||a<=i)}function j(t){var r=arguments.length<=1||void 0===arguments[1]?"all":arguments[1];e(t);var n=qe[r];return n&&n.test(t)}function L(t){return e(t),O(t)&&24===t.length}function B(t){return e(t),Te.test(t)}function P(e){var t=e.match(Te),r=void 0,n=void 0,i=void 0,o=void 0;if(t){if(r=t[21],!r)return t[12]?null:0;if("z"===r||"Z"===r)return 0;n=t[22],r.indexOf(":")!==-1?(i=parseInt(t[23],10),o=parseInt(t[24],10)):(i=0,o=parseInt(t[23],10))}else{if(e=e.toLowerCase(),r=e.match(/(?:\s|gmt\s*)(-|\+)(\d{1,4})(\s|$)/),!r)return e.indexOf("gmt")!==-1?0:null;n=r[1];var a=r[2];3===a.length&&(a="0"+a),a.length<=2?(i=0,o=parseInt(a,10)):(i=parseInt(a.slice(0,2),10),o=parseInt(a.slice(2,4),10))}return(60*i+o)*("-"===n?1:-1)}function q(t){e(t);var r=new Date(Date.parse(t));if(isNaN(r))return!1;var n=P(t);if(null!==n){var i=r.getTimezoneOffset()-n;r=new Date(r.getTime()+6e4*i)}var o=String(r.getDate()),a=void 0,u=void 0,s=void 0;return!(u=t.match(/(^|[^:\d])[23]\d([^:\d]|$)/g))||(a=u.map(function(e){return e.match(/\d+/g)[0]}).join("/"),s=String(r.getFullYear()).slice(-2),a===o||a===s||(a===""+o/s||a===""+s/o))}function T(r){var n=arguments.length<=1||void 0===arguments[1]?String(new Date):arguments[1];e(r);var i=t(n),o=t(r);return!!(o&&i&&o>i)}function H(r){var n=arguments.length<=1||void 0===arguments[1]?String(new Date):arguments[1];e(r);var i=t(n),o=t(r);return!!(o&&i&&o=0}return"object"===("undefined"==typeof r?"undefined":fe(r))?r.hasOwnProperty(t):!(!r||"function"!=typeof r.indexOf)&&r.indexOf(t)>=0}function W(t){e(t);var r=t.replace(/[^0-9]+/g,"");if(!He.test(r))return!1;for(var n=0,i=void 0,o=void 0,a=void 0,u=r.length-1;u>=0;u--)i=r.substring(u,u+1),o=parseInt(i,10),a?(o*=2,n+=o>=10?o%10+1:o):n+=o,a=!a;return!(n%10!==0||!r)}function Y(t){if(e(t),!Me.test(t))return!1;for(var r=t.replace(/[A-Z]/g,function(e){return parseInt(e,36)}),n=0,i=void 0,o=void 0,a=!0,u=r.length-2;u>=0;u--)i=r.substring(u,u+1),o=parseInt(i,10),a?(o*=2,n+=o>=10?o+1:o):n+=o,a=!a;return parseInt(t.substr(t.length-1),10)===(1e4-n)%10}function G(t){var r=arguments.length<=1||void 0===arguments[1]?"":arguments[1];if(e(t),r=String(r),!r)return G(t,10)||G(t,13);var n=t.replace(/[\s-]+/g,""),i=0,o=void 0;if("10"===r){if(!We.test(n))return!1;for(o=0;o<9;o++)i+=(o+1)*n.charAt(o);if(i+="X"===n.charAt(9)?100:10*n.charAt(9),i%11===0)return!!n}else if("13"===r){if(!Ye.test(n))return!1;for(o=0;o<12;o++)i+=Ge[o%2]*n.charAt(o);if(n.charAt(12)-(10-i%10)%10===0)return!!n}return!1}function K(t,r){return e(t),r in Ke&&Ke[r].test(t)}function Q(e){var t="(\\"+e.symbol.replace(/\./g,"\\.")+")"+(e.require_symbol?"":"?"),r="-?",n="[1-9]\\d*",i="[1-9]\\d{0,2}(\\"+e.thousands_separator+"\\d{3})*",o=["0",n,i],a="("+o.join("|")+")?",u="(\\"+e.decimal_separator+"\\d{2})?",s=a+u;return e.allow_negatives&&!e.parens_for_negatives&&(e.negative_sign_after_digits?s+=r:e.negative_sign_before_digits&&(s=r+s)),e.allow_negative_sign_placeholder?s="( (?!\\-))?"+s:e.allow_space_after_symbol?s=" ?"+s:e.allow_space_after_digits&&(s+="( (?!$))?"),e.symbol_after_digits?s+=t:s=t+s,e.allow_negatives&&(e.parens_for_negatives?s="(\\("+s+"\\)|"+s+")":e.negative_sign_before_digits||e.negative_sign_after_digits||(s=r+s)),new RegExp("^(?!-? )(?=.*\\d)"+s+"$")}function k(t,r){return e(t),r=l(r,Qe),Q(r).test(t)}function J(t){e(t);var r=t.length;if(!r||r%4!==0||ke.test(t))return!1;var n=t.indexOf("=");return n===-1||n===r-1||n===r-2&&"="===t[r-1]}function V(t){return e(t),Je.test(t)}function X(t,r){e(t);var n=r?new RegExp("^["+r+"]+","g"):/^\s+/g;return t.replace(n,"")}function ee(t,r){e(t);for(var n=r?new RegExp("["+r+"]"):/\s/,i=t.length-1;i>=0&&n.test(t[i]);)i--;return i/g,">").replace(/\//g,"/").replace(/`/g,"`")}function ne(t){return e(t),t.replace(/&/g,"&").replace(/"/g,'"').replace(/'/g,"'").replace(/</g,"<").replace(/>/g,">").replace(///g,"/").replace(/`/g,"`")}function ie(t,r){return e(t),t.replace(new RegExp("["+r+"]+","g"),"")}function oe(t,r){e(t);var n=r?"\\x00-\\x09\\x0B\\x0C\\x0E-\\x1F\\x7F":"\\x00-\\x1F\\x7F";return ie(t,n)}function ae(t,r){return e(t),t.replace(new RegExp("[^"+r+"]+","g"),"")}function ue(t,r){e(t);for(var n=t.length-1;n>=0;n--)if(r.indexOf(t[n])===-1)return!1;return!0}function se(e,t){if(t=l(t,Ve),!c(e))return!1;var r=e.split("@",2);if(r[1]=r[1].toLowerCase(),"gmail.com"===r[1]||"googlemail.com"===r[1]){if(t.remove_extension&&(r[0]=r[0].split("+")[0]),t.remove_dots&&(r[0]=r[0].replace(/\./g,"")),!r[0].length)return!1;r[0]=r[0].toLowerCase(),r[1]="gmail.com"}else t.lowercase&&(r[0]=r[0].toLowerCase());return r.join("@")}for(var le,fe="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol?"symbol":typeof e},de={require_tld:!0,allow_underscores:!1,allow_trailing_dot:!1},ce={allow_display_name:!1,allow_utf8_local_part:!0,require_tld:!0},ge=/^[a-z\d!#\$%&'\*\+\-\/=\?\^_`{\|}~\.\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]+[a-z\d!#\$%&'\*\+\-\/=\?\^_`{\|}~\.\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF\s]*<(.+)>$/i,pe=/^[a-z\d!#\$%&'\*\+\-\/=\?\^_`{\|}~]+$/i,Fe=/^([\s\x01-\x08\x0b\x0c\x0e-\x1f\x7f\x21\x23-\x5b\x5d-\x7e]|(\\[\x01-\x09\x0b\x0c\x0d-\x7f]))*$/i,ve=/^[a-z\d!#\$%&'\*\+\-\/=\?\^_`{\|}~\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]+$/i,_e=/^([\s\x01-\x08\x0b\x0c\x0e-\x1f\x7f\x21\x23-\x5b\x5d-\x7e\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]|(\\[\x01-\x09\x0b\x0c\x0d-\x7f\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]))*$/i,he=/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/,xe=/^[0-9A-F]{1,4}$/i,$e={protocols:["http","https","ftp"],require_tld:!0,require_protocol:!1,require_valid_protocol:!0,allow_underscores:!1,allow_trailing_dot:!1,allow_protocol_relative_urls:!1},Ae=/^([0-9a-fA-F][0-9a-fA-F]:){5}([0-9a-fA-F][0-9a-fA-F])$/,me={"en-US":/^[A-Z]+$/i,"cs-CZ":/^[A-ZÁČĎÉĚÍŇÓŘŠŤÚŮÝŽ]+$/i,"de-DE":/^[A-ZÄÖÜß]+$/i,"es-ES":/^[A-ZÁÉÍÑÓÚÜ]+$/i,"fr-FR":/^[A-ZÀÂÆÇÉÈÊËÏÎÔŒÙÛÜŸ]+$/i,"nl-NL":/^[A-ZÉËÏÓÖÜ]+$/i,"hu-HU":/^[A-ZÁÉÍÓÖŐÚÜŰ]+$/i,"pl-PL":/^[A-ZĄĆĘŚŁŃÓŻŹ]+$/i,"pt-PT":/^[A-ZÃÁÀÂÇÉÊÍÕÓÔÚÜ]+$/i,"ru-RU":/^[А-ЯЁа-яё]+$/i,"tr-TR":/^[A-ZÇĞİıÖŞÜ]+$/i,ar:/^[ءآأؤإئابةتثجحخدذرزسشصضطظعغفقكلمنهوىيًٌٍَُِّْٰ]+$/},we={"en-US":/^[0-9A-Z]+$/i,"cs-CZ":/^[0-9A-ZÁČĎÉĚÍŇÓŘŠŤÚŮÝŽ]+$/i,"de-DE":/^[0-9A-ZÄÖÜß]+$/i,"es-ES":/^[0-9A-ZÁÉÍÑÓÚÜ]+$/i,"fr-FR":/^[0-9A-ZÀÂÆÇÉÈÊËÏÎÔŒÙÛÜŸ]+$/i,"hu-HU":/^[0-9A-ZÁÉÍÓÖŐÚÜŰ]+$/i,"nl-NL":/^[0-9A-ZÉËÏÓÖÜ]+$/i,"pl-PL":/^[0-9A-ZĄĆĘŚŁŃÓŻŹ]+$/i,"pt-PT":/^[0-9A-ZÃÁÀÂÇÉÊÍÕÓÔÚÜ]+$/i,"ru-RU":/^[0-9А-ЯЁа-яё]+$/i,"tr-TR":/^[0-9A-ZÇĞİıÖŞÜ]+$/i,ar:/^[٠١٢٣٤٥٦٧٨٩0-9ءآأؤإئابةتثجحخدذرزسشصضطظعغفقكلمنهوىيًٌٍَُِّْٰ]+$/},be=["AU","GB","HK","IN","NZ","ZA","ZM"],ye=0;ye