add lisp packages

lisp/emacs-application-framework/app/mermaid/node_modules/@braintree/sanitize-url/.nvmrc

@@ -0,0 +1 @@
+v10

lisp/emacs-application-framework/app/mermaid/node_modules/@braintree/sanitize-url/.travis.yml

@@ -0,0 +1,11 @@
+language: node_js
+node_js:
+- '10'
+- '8'
+- '6'
+notifications:
+  email: false
+  slack:
+    on_success: change
+    on_failure: always
+    secure: FOoKp3SODsHrEGTfalon3CKa+mMkwubDBqJgyD1sp8Lwalnt7macevxy1v4zCjjdhJ7sGDxinFJ017oCsZbmJi9FhbFF270yFaGUo8emPedpigpAbmu4faCTyZ+/ndwIErF0QXmG6nn7M3GVlQE9vefdDDUTa4YUOXKhRkScnSR1lxSEMjGNR2Ffu1rsEjqbVNWtaJE7Vi/6g8QNOdYg/CPQYGuthNs+dbNssqSwBSJgHiwR4fx8HBa7fDJKYbiVWTBo6m3PnrQe+I4V5RsJ4FEC+paqXKYRjrLMgwChomMdippBQqwqUy9/v8Hr2o1Muu18K8FERYpD9BEFe6gQt4+y69biWgqWo/ciYSZoo9cMEmo6dleaN1mPu/s/gfb59lEV1GYCqkwEBHuypMSlySr6XWK1yVhzT12yAj3rI7irLX7va/Fzy2nCExYBUwaQgenPGXZLbEEMoXR1Tmuc5WSXGKZlApDPDcut3vZvbVSo8VH0q1BaDMjyD/kYOEaYwpjlfmFvdHHZarO8rRDrpaMBT1grHc7O3s3TyJMUF1UBjkbX/lt0NSubZouufEKWfzGb59WWbhz/4Kkv9QmcYHTDnrxi87Py+BW8+yyen3jxgPBeYwO/ELkNyPx4Xh5CsJsHwJvqGJkyaYJDOCTCRUZhkqqPO71xVQGHurdRvqs=

lisp/emacs-application-framework/app/mermaid/node_modules/@braintree/sanitize-url/CHANGELOG.md

@@ -0,0 +1,27 @@
+CHANGELOG
+=========
+
+## 3.1.0
+* Trim whitespace from urls
+
+## 3.0.0
+
+_breaking changes_
+
+* Replace blank strings with about:blank
+* Replace null values with about:blank
+
+## 2.1.0
+* Allow relative urls to be sanitized
+
+## 2.0.2
+* Sanitize malicious URLs that begin with `\s`
+
+## 2.0.1
+* Sanitize malicious URLs that begin with %20
+
+## 2.0.0
+* sanitize data: urls
+
+## 1.0.0
+* sanitize javascript: urls

lisp/emacs-application-framework/app/mermaid/node_modules/@braintree/sanitize-url/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Braintree
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

lisp/emacs-application-framework/app/mermaid/node_modules/@braintree/sanitize-url/README.md

@@ -0,0 +1,21 @@
+# sanitize-url
+
+## Installation
+
+```sh
+npm install -S @braintree/sanitize-url
+```
+
+## Usage
+
+```js
+var sanitizeUrl = require('@braintree/sanitize-url').sanitizeUrl;
+
+sanitizeUrl('https://example.com'); // 'https://example.com'
+sanitizeUrl('http://example.com'); // 'http://example.com'
+sanitizeUrl('mailto:hello@example.com'); // 'mailto:hello@example.com'
+
+sanitizeUrl('javascript:alert(document.domain)'); // 'about:blank'
+sanitizeUrl('jAvasCrIPT:alert(document.domain)'); // 'about:blank'
+sanitizeUrl(decodeURIComponent('JaVaScRiP%0at:alert(document.domain)')); // 'about:blank'
+```

lisp/emacs-application-framework/app/mermaid/node_modules/@braintree/sanitize-url/index.js

@@ -0,0 +1,41 @@
+'use strict';
+
+var invalidPrototcolRegex = /^(%20|\s)*(javascript|data)/im;
+var ctrlCharactersRegex = /[^\x20-\x7E]/gmi;
+var urlSchemeRegex = /^([^:]+):/gm;
+var relativeFirstCharacters = ['.', '/']
+
+function isRelativeUrl(url) {
+  return relativeFirstCharacters.indexOf(url[0]) > -1;
+}
+
+function sanitizeUrl(url) {
+  if (!url) {
+    return 'about:blank';
+  }
+
+  var urlScheme, urlSchemeParseResults;
+  var sanitizedUrl = url.replace(ctrlCharactersRegex, '').trim();
+
+  if (isRelativeUrl(sanitizedUrl)) {
+    return sanitizedUrl;
+  }
+
+  urlSchemeParseResults = sanitizedUrl.match(urlSchemeRegex);
+
+  if (!urlSchemeParseResults) {
+    return 'about:blank';
+  }
+
+  urlScheme = urlSchemeParseResults[0];
+
+  if (invalidPrototcolRegex.test(urlScheme)) {
+    return 'about:blank';
+  }
+
+  return sanitizedUrl;
+}
+
+module.exports = {
+  sanitizeUrl: sanitizeUrl
+};

lisp/emacs-application-framework/app/mermaid/node_modules/@braintree/sanitize-url/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "@braintree/sanitize-url",
+  "version": "3.1.0",
+  "description": "A url sanitizer",
+  "main": "index.js",
+  "author": "",
+  "scripts": {
+    "test": "mocha"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/braintree/sanitize-url.git"
+  },
+  "keywords": [],
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/braintree/sanitize-url/issues"
+  },
+  "homepage": "https://github.com/braintree/sanitize-url#readme",
+  "devDependencies": {
+    "chai": "^4.1.0",
+    "mocha": "^3.5.0"
+  }
+}

lisp/emacs-application-framework/app/mermaid/node_modules/@braintree/sanitize-url/test/test.js

@@ -0,0 +1,98 @@
+'use strict';
+
+var expect = require('chai').expect;
+var sanitizeUrl = require('../').sanitizeUrl;
+
+describe('sanitizeUrl', function () {
+  it('replaces javascript urls with about:blank', function () {
+    expect(sanitizeUrl('javascript:alert(document.domain)')).to.equal('about:blank');
+  });
+
+  it('disregards capitalization for JavaScript urls', function () {
+    expect(sanitizeUrl('jAvasCrIPT:alert(document.domain)')).to.equal('about:blank');
+  });
+
+  it('ignores ctrl characters in javascript urls', function () {
+    expect(sanitizeUrl(decodeURIComponent('JaVaScRiP%0at:alert(document.domain)'))).to.equal('about:blank');
+  });
+
+  it('replaces javascript urls with about:blank when javascript url begins with %20', function () {
+    expect(sanitizeUrl('%20%20%20%20javascript:alert(document.domain)')).to.equal('about:blank');
+  });
+
+  it('replaces javascript urls with about:blank when javascript url begins with \s', function () {
+    expect(sanitizeUrl('    javascript:alert(document.domain)')).to.equal('about:blank');
+  });
+
+  it('does not replace javascript: if it is not in the scheme of the URL', function () {
+    expect(sanitizeUrl('http://example.com#myjavascript:foo')).to.equal('http://example.com#myjavascript:foo');
+  });
+
+  it('replaces data urls with about:blank', function () {
+    expect(sanitizeUrl('data:text/html;base64,PH%3Cscript%3Ealert(document.domain)%3C/script%3E')).to.equal('about:blank');
+  });
+
+  it('replaces data urls with about:blank when data url begins with %20', function () {
+    expect(sanitizeUrl('%20%20%20%20data:text/html;base64,PH%3Cscript%3Ealert(document.domain)%3C/script%3E')).to.equal('about:blank');
+  });
+
+  it('replaces data urls with about:blank when data url begins with \s', function () {
+    expect(sanitizeUrl('    data:text/html;base64,PH%3Cscript%3Ealert(document.domain)%3C/script%3E')).to.equal('about:blank');
+  });
+
+  it('disregards capitalization for data urls', function () {
+    expect(sanitizeUrl('dAtA:text/html;base64,PH%3Cscript%3Ealert(document.domain)%3C/script%3E')).to.equal('about:blank');
+  });
+
+  it('ignores ctrl characters in data urls', function () {
+    expect(sanitizeUrl(decodeURIComponent('dat%0aa:text/html;base64,PH%3Cscript%3Ealert(document.domain)%3C/script%3E'))).to.equal('about:blank');
+  });
+
+  it('does not alter http URLs', function () {
+    expect(sanitizeUrl('http://example.com/path/to:something')).to.equal('http://example.com/path/to:something');
+  });
+
+  it('does not alter http URLs with ports', function () {
+    expect(sanitizeUrl('http://example.com:4567/path/to:something')).to.equal('http://example.com:4567/path/to:something');
+  });
+
+  it('does not alter https URLs', function () {
+    expect(sanitizeUrl('https://example.com')).to.equal('https://example.com');
+  });
+
+  it('does not alter https URLs with ports', function () {
+    expect(sanitizeUrl('https://example.com:4567/path/to:something')).to.equal('https://example.com:4567/path/to:something');
+  });
+
+  it('does not alter relative-path reference URLs', function () {
+    expect(sanitizeUrl('./path/to/my.json')).to.equal('./path/to/my.json');
+  });
+
+  it('does not alter absolute-path reference URLs', function () {
+    expect(sanitizeUrl('/path/to/my.json')).to.equal('/path/to/my.json');
+  });
+
+  it('does not alter network-path relative URLs', function () {
+    expect(sanitizeUrl('//google.com/robots.txt')).to.equal('//google.com/robots.txt');
+  });
+
+  it('does not alter deep-link urls', function () {
+    expect(sanitizeUrl('com.braintreepayments.demo://example')).to.equal('com.braintreepayments.demo://example');
+  });
+
+  it('does not alter mailto urls', function () {
+      expect(sanitizeUrl('mailto:test@example.com?subject=hello+world')).to.equal('mailto:test@example.com?subject=hello+world');
+  });
+
+  it('replaces blank urls with about:blank', function () {
+    expect(sanitizeUrl('')).to.equal('about:blank');
+  });
+
+  it('replaces null values with about:blank', function () {
+    expect(sanitizeUrl(null)).to.equal('about:blank');
+  });
+
+  it('removes whitespace from urls', function () {
+    expect(sanitizeUrl('   http://example.com/path/to:something    ')).to.equal('http://example.com/path/to:something');
+  });
+});