/*!
 * VisualEditor HTML sanitization utilities.
 *
 * @copyright See AUTHORS.txt
 */

/* global DOMPurify */

/**
 * Parse some user HTML into a sanitized node list, making it safe to load on the page
 *
 * @param {string} html
 * @param {boolean} [returnDocument] For internal use only (if true, return whole document)
 * @return {NodeList|HTMLDocument} Sanitized node list (or HTML document, for internal use only)
 */
ve.sanitizeHtml = function ( html, returnDocument ) {
	// TODO: Move MW-specific rules to ve-mw
	const addTags = [ 'figure-inline' ],
		addAttrs = [
			'srcset',
			// RDFa
			'about', 'rel', 'resource', 'property', 'content', 'datatype', 'typeof'
		];
	const options = {
		ADD_TAGS: addTags,
		ADD_ATTR: addAttrs,
		ADD_URI_SAFE_ATTR: addAttrs,
		FORBID_TAGS: [ 'style' ]
	};
	if ( !returnDocument ) {
		options.FORCE_BODY = true;
		options.RETURN_DOM_FRAGMENT = true;
		return DOMPurify.sanitize( html, options ).childNodes;
	}
	options.RETURN_DOM = true;
	return DOMPurify.sanitize( html, options ).ownerDocument;
};

/**
 * Parse some user HTML into a sanitized HTML document, making it safe to load on the page
 *
 * @param {string} html
 * @return {HTMLDocument}
 */
ve.sanitizeHtmlToDocument = function ( html ) {
	return ve.sanitizeHtml( html, true );
};

/**
 * Set an element attribute to a specific value if it is safe
 *
 * @param {HTMLElement} element Element
 * @param {string} attr Attribute
 * @param {string} val Value
 * @param {string} [fallbackVal] Optional fallback value if val is unsafe (will also be safety-checked)
 */
ve.setAttributeSafe = function ( element, attr, val, fallbackVal ) {
	if ( DOMPurify.isValidAttribute( element.tagName, attr, val ) ) {
		element.setAttribute( attr, val );
	} else if ( fallbackVal !== undefined && DOMPurify.isValidAttribute( element.tagName, attr, fallbackVal ) ) {
		element.setAttribute( attr, fallbackVal );
	}
};