Copyright (c) 2017 The Go Authors. All rights reserved. Use of this source code is governed by a BSD-style license that can be found in the LICENSE file or at https://developers.google.com/open-source/licenses/bsd

package safehtml

import (
	
	
)
https://infra.spec.whatwg.org/#ascii-whitespace ASCII whitespace is U+0009 TAB, U+000A LF, U+000C FF, U+000D CR, or U+0020 SPACE.
var asciiWhitespace [256]bool
Metacharacters that affect parsing of srcset values.
var srcsetMetachars [256]bool

func () {
	asciiWhitespace['\t'] = true
	asciiWhitespace[' '] = true
	asciiWhitespace['\n'] = true
	asciiWhitespace['\f'] = true
	asciiWhitespace['\r'] = true

	srcsetMetachars['\t'] = true
	srcsetMetachars[' '] = true
	srcsetMetachars['\n'] = true
	srcsetMetachars['\f'] = true
	srcsetMetachars['\r'] = true
	srcsetMetachars[','] = true
}
URLSetSanitized returns a safe srcset by individually vetting each substring that specifies a URL. https://html.spec.whatwg.org/multipage/images.html#srcset-attributes
func ( string) URLSet {
	var  bytes.Buffer
Consume one image candidate
		var ,  string
		_,  = consumeIn(, asciiWhitespace)
		,  = consumeNotIn(, asciiWhitespace)
		_,  = consumeIn(, asciiWhitespace)
		,  = consumeNotIn(, srcsetMetachars)
		_,  = consumeIn(, asciiWhitespace)
Append sanitized content onto buffer.
		if len() != 0 && isSafeURL() && isOptionalSrcMetadataWellFormed() {
The space before the comma is necessary because a comma adjacent to a URL will attach to it.
				.WriteString(" , ")
URL may contain commas. Disambiguate.
			appendURLToSet(, &)
			if len() != 0 {
				.WriteByte(' ')
				.WriteString()
			}
		}
Consume any trailing comma
		if len() == 0 || [0] != ',' {
			break
		}
		 = [1:]
	}

	if .Len() == 0 {
		return URLSet{InnocuousURL}
	}

	return URLSet{.String()}
}
appendURLToSet appends a URL so that it does not start or end with a comma https://html.spec.whatwg.org/multipage/images.html#srcset-attributes parsing step 2 which says: """ A valid non-empty URL that does not start or end with a U+002C COMMA character (,), referencing a non-interactive, optionally animated, image resource that is neither paged nor scripted """ Simply replacing all commas would break data:image/png;base64,IMAGECONTENT Note: This breaks data URLs with empty content since they end with a comma. We could handle that case by appending a '#'.
func ( string,  *bytes.Buffer) {
	 := len()
	,  := 0, 
	if [] == ',' {
		.WriteString("%2c")
		++
	}
	 := false
	if  <  && [-1] == ',' {
		 = true
		--
	}
	.WriteString([:])
	if  {
		.WriteString("%2c")
	}
}
consumeNotIn uses bytes in str as bit indices in mask to find the least index >= left whose byte corresponds to a zero bit.
func ( string,  [256]bool) (,  string) {
	,  := 0, len()
	for ;  < ; ++ {
		if [[]] {
			return [0:], [:]
		}
	}
	return , ""
}
consumeIn is like consumeNotIn but treats mask as inverted.
func ( string,  [256]bool) (,  string) {
	for ,  := 0, len();  < ; ++ {
		if ![[]] {
			return [0:], [:]
		}
	}
	return , ""
}
isOptionalSrcMetadataWellFormed is true when its input is empty and when it is a floating point number optionally followed by an ASCII letter.
srcset for both image candidates (<img srcset>) and the proposal for script allow a number and an optional letter afterwards.
	 := len()
Metadata is optional
		return true
	}
	 := 
	if  := [-1] | 32; 'a' <=  &&  <= 'z' {
		 = [0 : -1]
This overmatches html.spec.whatwg.org/multipage/common-microsyntaxes.html#valid-floating-point-number but is sufficient.
	,  := strconv.ParseFloat(, 64)
	return  == nil
}
URLSet corresponds to the value of a srcset attribute outside a TrustedResourceURL context.
We declare a URLSet not as a string but as a struct wrapping a string to prevent construction of URL values through string conversion.
	str string
}
String returns the string content of a URLSet
func ( URLSet) () string {
	return .str