rebase on oct-10-2023

wp/wp-content/plugins/wordfence/js/admin.1695657196.js

@@ -3068,6 +3068,23 @@
 					}
 				});
 			},
+			
+			acknowledgeAdminUser: function (issueID) {
+				var self = this;
+				this.ajax('wordfence_acknowledgeAdminUser', {
+					issueID: issueID
+				}, function(res) {
+					if (res.ok) {
+						self.loadIssues(function() {
+							self.colorboxModal((self.isSmallScreen ? '300px' : '400px'), __("Successfully acknowledged admin"), sprintf(__("The admin user %s will no longer show up in future scans."), res.user_login));
+						});
+					} else if (res.errorMsg) {
+						self.loadIssues(function() {
+							WFAD.colorboxError(res.errorMsg, res.tokenInvalid);
+						});
+					}
+				});
+			},
 
 			windowHasFocus: function() {
 				if (typeof document.hasFocus === 'function') {
@@ -3997,7 +4014,6 @@ jQuery.fn.wfCircularProgress = function(options) {
 	};
 }(jQuery, document, window));
 
-/*! @source http://purl.eligrey.com/github/FileSaver.js/blob/master/FileSaver.js */
-var saveAs=saveAs||function(e){"use strict";if(typeof e==="undefined"||typeof navigator!=="undefined"&&/MSIE [1-9]\./.test(navigator.userAgent)){return}var t=e.document,n=function(){return e.URL||e.webkitURL||e},r=t.createElementNS("http://www.w3.org/1999/xhtml","a"),o="download"in r,i=function(e){var t=new MouseEvent("click");e.dispatchEvent(t)},a=/constructor/i.test(e.HTMLElement),f=/CriOS\/[\d]+/.test(navigator.userAgent),u=function(t){(e.setImmediate||e.setTimeout)(function(){throw t},0)},d="application/octet-stream",s=1e3*40,c=function(e){var t=function(){if(typeof e==="string"){n().revokeObjectURL(e)}else{e.remove()}};setTimeout(t,s)},l=function(e,t,n){t=[].concat(t);var r=t.length;while(r--){var o=e["on"+t[r]];if(typeof o==="function"){try{o.call(e,n||e)}catch(i){u(i)}}}},p=function(e){if(/^\s*(?:text\/\S*|application\/xml|\S*\/\S*\+xml)\s*;.*charset\s*=\s*utf-8/i.test(e.type)){return new Blob([String.fromCharCode(65279),e],{type:e.type})}return e},v=function(t,u,s){if(!s){t=p(t)}var v=this,w=t.type,m=w===d,y,h=function(){l(v,"writestart progress write writeend".split(" "))},S=function(){if((f||m&&a)&&e.FileReader){var r=new FileReader;r.onloadend=function(){var t=f?r.result:r.result.replace(/^data:[^;]*;/,"data:attachment/file;");var n=e.open(t,"_blank");if(!n)e.location.href=t;t=undefined;v.readyState=v.DONE;h()};r.readAsDataURL(t);v.readyState=v.INIT;return}if(!y){y=n().createObjectURL(t)}if(m){e.location.href=y}else{var o=e.open(y,"_blank");if(!o){e.location.href=y}}v.readyState=v.DONE;h();c(y)};v.readyState=v.INIT;if(o){y=n().createObjectURL(t);setTimeout(function(){r.href=y;r.download=u;i(r);h();c(y);v.readyState=v.DONE});return}S()},w=v.prototype,m=function(e,t,n){return new v(e,t||e.name||"download",n)};if(typeof navigator!=="undefined"&&navigator.msSaveOrOpenBlob){return function(e,t,n){t=t||e.name||"download";if(!n){e=p(e)}return navigator.msSaveOrOpenBlob(e,t)}}w.abort=function(){};w.readyState=w.INIT=0;w.WRITING=1;w.DONE=2;w.error=w.onwritestart=w.onprogress=w.onwrite=w.onabort=w.onerror=w.onwriteend=null;return m}(typeof self!=="undefined"&&self||typeof window!=="undefined"&&window||this.content);if(typeof module!=="undefined"&&module.exports){module.exports.saveAs=saveAs}else if(typeof define!=="undefined"&&define!==null&&define.amd!==null){define([],function(){return saveAs})}
+/*! @source https://github.com/eligrey/FileSaver.js/blob/master/dist/FileSaver.min.js */
 
-!function(t){"use strict";if(t.URL=t.URL||t.webkitURL,t.Blob&&t.URL)try{return void new Blob}catch(e){}var n=t.BlobBuilder||t.WebKitBlobBuilder||t.MozBlobBuilder||function(t){var e=function(t){return Object.prototype.toString.call(t).match(/^\[object\s(.*)\]$/)[1]},n=function(){this.data=[]},o=function(t,e,n){this.data=t,this.size=t.length,this.type=e,this.encoding=n},i=n.prototype,a=o.prototype,r=t.FileReaderSync,c=function(t){this.code=this[this.name=t]},l="NOT_FOUND_ERR SECURITY_ERR ABORT_ERR NOT_READABLE_ERR ENCODING_ERR NO_MODIFICATION_ALLOWED_ERR INVALID_STATE_ERR SYNTAX_ERR".split(" "),s=l.length,u=t.URL||t.webkitURL||t,d=u.createObjectURL,f=u.revokeObjectURL,R=u,p=t.btoa,h=t.atob,b=t.ArrayBuffer,g=t.Uint8Array,w=/^[\w-]+:\/*\[?[\w\.:-]+\]?(?::[0-9]+)?/;for(o.fake=a.fake=!0;s--;)c.prototype[l[s]]=s+1;return u.createObjectURL||(R=t.URL=function(t){var e,n=document.createElementNS("http://www.w3.org/1999/xhtml","a");return n.href=t,"origin"in n||("data:"===n.protocol.toLowerCase()?n.origin=null:(e=t.match(w),n.origin=e&&e[1])),n}),R.createObjectURL=function(t){var e,n=t.type;return null===n&&(n="application/octet-stream"),t instanceof o?(e="data:"+n,"base64"===t.encoding?e+";base64,"+t.data:"URI"===t.encoding?e+","+decodeURIComponent(t.data):p?e+";base64,"+p(t.data):e+","+encodeURIComponent(t.data)):d?d.call(u,t):void 0},R.revokeObjectURL=function(t){"data:"!==t.substring(0,5)&&f&&f.call(u,t)},i.append=function(t){var n=this.data;if(g&&(t instanceof b||t instanceof g)){for(var i="",a=new g(t),l=0,s=a.length;s>l;l++)i+=String.fromCharCode(a[l]);n.push(i)}else if("Blob"===e(t)||"File"===e(t)){if(!r)throw new c("NOT_READABLE_ERR");var u=new r;n.push(u.readAsBinaryString(t))}else t instanceof o?"base64"===t.encoding&&h?n.push(h(t.data)):"URI"===t.encoding?n.push(decodeURIComponent(t.data)):"raw"===t.encoding&&n.push(t.data):("string"!=typeof t&&(t+=""),n.push(unescape(encodeURIComponent(t))))},i.getBlob=function(t){return arguments.length||(t=null),new o(this.data.join(""),t,"raw")},i.toString=function(){return"[object BlobBuilder]"},a.slice=function(t,e,n){var i=arguments.length;return 3>i&&(n=null),new o(this.data.slice(t,i>1?e:this.data.length),n,this.encoding)},a.toString=function(){return"[object Blob]"},a.close=function(){this.size=0,delete this.data},n}(t);t.Blob=function(t,e){var o=e?e.type||"":"",i=new n;if(t)for(var a=0,r=t.length;r>a;a++)Uint8Array&&t[a]instanceof Uint8Array?i.append(t[a].buffer):i.append(t[a]);var c=i.getBlob(o);return!c.slice&&c.webkitSlice&&(c.slice=c.webkitSlice),c};var o=Object.getPrototypeOf||function(t){return t.__proto__};t.Blob.prototype=o(new t.Blob)}("undefined"!=typeof self&&self||"undefined"!=typeof window&&window||this.content||this);
+(function(a,b){if("function"==typeof define&&define.amd)define([],b);else if("undefined"!=typeof exports)b();else{b(),a.FileSaver={exports:{}}.exports}})(this,function(){"use strict";function b(a,b){return"undefined"==typeof b?b={autoBom:!1}:"object"!=typeof b&&(console.warn("Deprecated: Expected third argument to be a object"),b={autoBom:!b}),b.autoBom&&/^\s*(?:text\/\S*|application\/xml|\S*\/\S*\+xml)\s*;.*charset\s*=\s*utf-8/i.test(a.type)?new Blob(["\uFEFF",a],{type:a.type}):a}function c(a,b,c){var d=new XMLHttpRequest;d.open("GET",a),d.responseType="blob",d.onload=function(){g(d.response,b,c)},d.onerror=function(){console.error("could not download file")},d.send()}function d(a){var b=new XMLHttpRequest;b.open("HEAD",a,!1);try{b.send()}catch(a){}return 200<=b.status&&299>=b.status}function e(a){try{a.dispatchEvent(new MouseEvent("click"))}catch(c){var b=document.createEvent("MouseEvents");b.initMouseEvent("click",!0,!0,window,0,0,0,80,20,!1,!1,!1,!1,0,null),a.dispatchEvent(b)}}var f="object"==typeof window&&window.window===window?window:"object"==typeof self&&self.self===self?self:"object"==typeof global&&global.global===global?global:void 0,a=/Macintosh/.test(navigator.userAgent)&&/AppleWebKit/.test(navigator.userAgent)&&!/Safari/.test(navigator.userAgent),g=f.saveAs||("object"!=typeof window||window!==f?function(){}:"download"in HTMLAnchorElement.prototype&&!a?function(b,g,h){var i=f.URL||f.webkitURL,j=document.createElement("a");g=g||b.name||"download",j.download=g,j.rel="noopener","string"==typeof b?(j.href=b,j.origin===location.origin?e(j):d(j.href)?c(b,g,h):e(j,j.target="_blank")):(j.href=i.createObjectURL(b),setTimeout(function(){i.revokeObjectURL(j.href)},4E4),setTimeout(function(){e(j)},0))}:"msSaveOrOpenBlob"in navigator?function(f,g,h){if(g=g||f.name||"download","string"!=typeof f)navigator.msSaveOrOpenBlob(b(f,h),g);else if(d(f))c(f,g,h);else{var i=document.createElement("a");i.href=f,i.target="_blank",setTimeout(function(){e(i)})}}:function(b,d,e,g){if(g=g||open("","_blank"),g&&(g.document.title=g.document.body.innerText="downloading..."),"string"==typeof b)return c(b,d,e);var h="application/octet-stream"===b.type,i=/constructor/i.test(f.HTMLElement)||f.safari,j=/CriOS\/[\d]+/.test(navigator.userAgent);if((j||h&&i||a)&&"undefined"!=typeof FileReader){var k=new FileReader;k.onloadend=function(){var a=k.result;a=j?a:a.replace(/^data:[^;]*;/,"data:attachment/file;"),g?g.location.href=a:location=a,g=null},k.readAsDataURL(b)}else{var l=f.URL||f.webkitURL,m=l.createObjectURL(b);g?g.location=m:location.href=m,g=null,setTimeout(function(){l.revokeObjectURL(m)},4E4)}});f.saveAs=g.saveAs=g,"undefined"!=typeof module&&(module.exports=g)});

wp/wp-content/plugins/wordfence/js/admin.liveTraffic.1695657196.js

@@ -428,11 +428,11 @@
 				case 'blocked:waf':
 					var data = self.actionData();
 					if (typeof data === 'object') {
-						var paramKey = WFAD.base64_decode(data.paramKey);
-						var paramValue = WFAD.base64_decode(data.paramValue);
+						var paramKey = data.paramKey ? WFAD.base64_decode(data.paramKey) : null;
+						var paramValue = data.paramKey ? WFAD.base64_decode(data.paramValue) : null;
 						// var category = data.category;
 
-						var matches = paramKey.match(/([a-z0-9_]+\.[a-z0-9_]+)(?:\[(.+?)\](.*))?/i);
+						var matches = paramKey !== null && paramKey.match(/([a-z0-9_]+\.[a-z0-9_]+)(?:\[(.+?)\](.*))?/i);
 						desc = self.actionDescription();
 						if (matches) {
 							switch (matches[1]) {

wp/wp-content/plugins/wordfence/js/jquery.tools.min.1685552791.js

@@ -1,15 +0,0 @@
-/*!
- * jQuery Tools v1.2.6 - The missing UI library for the Web
- * 
- * tooltip/tooltip.js
- * tooltip/tooltip.dynamic.js
- * tooltip/tooltip.slide.js
- * 
- * NO COPYRIGHTS OR LICENSES. DO WHAT YOU LIKE.
- * 
- * http://flowplayer.org/tools/
- * 
- */
-(function(a){a.tools=a.tools||{version:"v1.2.6"},a.tools.tooltip={conf:{effect:"toggle",fadeOutSpeed:"fast",predelay:0,delay:30,opacity:1,tip:0,fadeIE:!1,position:["top","center"],offset:[0,0],relative:!1,cancelDefault:!0,events:{def:"mouseenter,mouseleave",input:"focus,blur",widget:"focus mouseenter,blur mouseleave",tooltip:"mouseenter,mouseleave"},layout:"<div/>",tipClass:"tooltip"},addEffect:function(a,c,d){b[a]=[c,d]}};var b={toggle:[function(a){var b=this.getConf(),c=this.getTip(),d=b.opacity;d<1&&c.css({opacity:d}),c.show(),a.call()},function(a){this.getTip().hide(),a.call()}],fade:[function(b){var c=this.getConf();!a.browser.msie||c.fadeIE?this.getTip().fadeTo(c.fadeInSpeed,c.opacity,b):(this.getTip().show(),b())},function(b){var c=this.getConf();!a.browser.msie||c.fadeIE?this.getTip().fadeOut(c.fadeOutSpeed,b):(this.getTip().hide(),b())}]};function c(b,c,d){var e=d.relative?b.position().top:b.offset().top,f=d.relative?b.position().left:b.offset().left,g=d.position[0];e-=c.outerHeight()-d.offset[0],f+=b.outerWidth()+d.offset[1],/iPad/i.test(navigator.userAgent)&&(e-=a(window).scrollTop());var h=c.outerHeight()+b.outerHeight();g=="center"&&(e+=h/2),g=="bottom"&&(e+=h),g=d.position[1];var i=c.outerWidth()+b.outerWidth();g=="center"&&(f-=i/2),g=="left"&&(f-=i);return{top:e,left:f}}function d(d,e){var f=this,g=d.add(f),h,i=0,j=0,k=d.attr("title"),l=d.attr("data-tooltip"),m=b[e.effect],n,o=d.is(":input"),p=o&&d.is(":checkbox, :radio, select, :button, :submit"),q=d.attr("type"),r=e.events[q]||e.events[o?p?"widget":"input":"def"];if(!m)throw"Nonexistent effect \""+e.effect+"\"";r=r.split(/,\s*/);if(r.length!=2)throw"Tooltip: bad events configuration for "+q;d.bind(r[0],function(a){clearTimeout(i),e.predelay?j=setTimeout(function(){f.show(a)},e.predelay):f.show(a)}).bind(r[1],function(a){clearTimeout(j),e.delay?i=setTimeout(function(){f.hide(a)},e.delay):f.hide(a)}),k&&e.cancelDefault&&(d.removeAttr("title"),d.data("title",k)),a.extend(f,{show:function(b){if(!h){l?h=a(l):e.tip?h=a(e.tip).eq(0):k?h=a(e.layout).addClass(e.tipClass).appendTo(document.body).hide().append(k):(h=d.next(),h.length||(h=d.parent().next()));if(!h.length)throw"Cannot find tooltip for "+d}if(f.isShown())return f;h.stop(!0,!0);var o=c(d,h,e);e.tip&&h.html(d.data("title")),b=a.Event(),b.type="onBeforeShow",g.trigger(b,[o]);if(b.isDefaultPrevented())return f;o=c(d,h,e),h.css({position:"absolute",top:o.top,left:o.left}),n=!0,m[0].call(f,function(){b.type="onShow",n="full",g.trigger(b)});var p=e.events.tooltip.split(/,\s*/);h.data("__set")||(h.unbind(p[0]).bind(p[0],function(){clearTimeout(i),clearTimeout(j)}),p[1]&&!d.is("input:not(:checkbox, :radio), textarea")&&h.unbind(p[1]).bind(p[1],function(a){a.relatedTarget!=d[0]&&d.trigger(r[1].split(" ")[0])}),e.tip||h.data("__set",!0));return f},hide:function(c){if(!h||!f.isShown())return f;c=a.Event(),c.type="onBeforeHide",g.trigger(c);if(!c.isDefaultPrevented()){n=!1,b[e.effect][1].call(f,function(){c.type="onHide",g.trigger(c)});return f}},isShown:function(a){return a?n=="full":n},getConf:function(){return e},getTip:function(){return h},getTrigger:function(){return d}}),a.each("onHide,onBeforeShow,onShow,onBeforeHide".split(","),function(b,c){a.isFunction(e[c])&&a(f).bind(c,e[c]),f[c]=function(b){b&&a(f).bind(c,b);return f}})}a.fn.tooltip=function(b){var c=this.data("tooltip");if(c)return c;b=a.extend(!0,{},a.tools.tooltip.conf,b),typeof b.position=="string"&&(b.position=b.position.split(/,?\s/)),this.each(function(){c=new d(a(this),b),a(this).data("tooltip",c)});return b.api?c:this}})(jQuery);
-(function(a){var b=a.tools.tooltip;b.dynamic={conf:{classNames:"top right bottom left"}};function c(b){var c=a(window),d=c.width()+c.scrollLeft(),e=c.height()+c.scrollTop();return[b.offset().top<=c.scrollTop(),d<=b.offset().left+b.width(),e<=b.offset().top+b.height(),c.scrollLeft()>=b.offset().left]}function d(a){var b=a.length;while(b--)if(a[b])return!1;return!0}a.fn.dynamic=function(e){typeof e=="number"&&(e={speed:e}),e=a.extend({},b.dynamic.conf,e);var f=a.extend(!0,{},e),g=e.classNames.split(/\s/),h;this.each(function(){var b=a(this).tooltip().onBeforeShow(function(b,e){var i=this.getTip(),j=this.getConf();h||(h=[j.position[0],j.position[1],j.offset[0],j.offset[1],a.extend({},j)]),a.extend(j,h[4]),j.position=[h[0],h[1]],j.offset=[h[2],h[3]],i.css({visibility:"hidden",position:"absolute",top:e.top,left:e.left}).show();var k=a.extend(!0,{},f),l=c(i);if(!d(l)){l[2]&&(a.extend(j,k.top),j.position[0]="top",i.addClass(g[0])),l[3]&&(a.extend(j,k.right),j.position[1]="right",i.addClass(g[1])),l[0]&&(a.extend(j,k.bottom),j.position[0]="bottom",i.addClass(g[2])),l[1]&&(a.extend(j,k.left),j.position[1]="left",i.addClass(g[3]));if(l[0]||l[2])j.offset[0]*=-1;if(l[1]||l[3])j.offset[1]*=-1}i.css({visibility:"visible"}).hide()});b.onBeforeShow(function(){var a=this.getConf(),b=this.getTip();setTimeout(function(){a.position=[h[0],h[1]],a.offset=[h[2],h[3]]},0)}),b.onHide(function(){var a=this.getTip();a.removeClass(e.classNames)}),ret=b});return e.api?ret:this}})(jQuery);
-(function(a){var b=a.tools.tooltip;a.extend(b.conf,{direction:"up",bounce:!1,slideOffset:10,slideInSpeed:200,slideOutSpeed:200,slideFade:!a.browser.msie});var c={up:["-","top"],down:["+","top"],left:["-","left"],right:["+","left"]};b.addEffect("slide",function(a){var b=this.getConf(),d=this.getTip(),e=b.slideFade?{opacity:b.opacity}:{},f=c[b.direction]||c.up;e[f[1]]=f[0]+"="+b.slideOffset,b.slideFade&&d.css({opacity:0}),d.show().animate(e,b.slideInSpeed,a)},function(b){var d=this.getConf(),e=d.slideOffset,f=d.slideFade?{opacity:0}:{},g=c[d.direction]||c.up,h=""+g[0];d.bounce&&(h=h=="+"?"-":"+"),f[g[1]]=h+"="+e,this.getTip().animate(f,d.slideOutSpeed,function(){a(this).hide(),b.call()})})})(jQuery);

wp/wp-content/plugins/wordfence/js/wfdropdown.1695657196.js

@@ -1,8 +1,8 @@
 /* ========================================================================
- * Bootstrap: dropdown.js v3.3.7 (adapted to WF prefix)
- * http://getbootstrap.com/javascript/#dropdowns
+ * Bootstrap: dropdown.js v3.4.1 (adapted to WF prefix)
+ * https://getbootstrap.com/docs/3.4/javascript/#dropdowns
  * ========================================================================
- * Copyright 2011-2016 Twitter, Inc.
+ * Copyright 2011-2019 Twitter, Inc.
  * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
  * ======================================================================== */
 
@@ -19,7 +19,7 @@
 		$(element).on('click.bs.wf-dropdown', this.toggle)
 	}
 
-	WFDropdown.VERSION = '3.3.7'
+	WFDropdown.VERSION = '3.4.1'
 
 	function getParent($this) {
 		var selector = $this.attr('data-target')
@@ -29,7 +29,7 @@
 			selector = selector && /#[A-Za-z]/.test(selector) && selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7
 		}
 
-		var $parent = selector && $(selector)
+		var $parent = selector !== '#' ? $(document).find(selector) : null
 
 		return $parent && $parent.length ? $parent : $this.parent()
 	}
@@ -127,7 +127,7 @@
 	// DROPDOWN PLUGIN DEFINITION
 	// ==========================
 
-	function Plugin(option) {
+	function WFPlugin(option) {
 		return this.each(function () {
 			var $this = $(this)
 			var data  = $this.data('bs.wf-dropdown')
@@ -139,7 +139,7 @@
 
 	var old = $.fn.wfdropdown
 
-	$.fn.wfdropdown             = Plugin
+	$.fn.wfdropdown             = WFPlugin
 	$.fn.wfdropdown.Constructor = WFDropdown
 
 

wp/wp-content/plugins/wordfence/js/wfonboarding.1695657196.js

@@ -31,6 +31,25 @@
 			context.find('#wf-onboarding-consent-input').prop('checked', false);
 		});
 
+		var subscriptionOptionSelector = '.wf-onboarding-subscription-options li';
+		function handleSubscriptionOptionClick(event) {
+			var target = $(event.target);
+			target.parent().find('li').removeClass('wf-active').attr('aria-checked', 'false');
+			target.addClass('wf-active').attr('aria-checked', 'true');
+			event.stopPropagation();
+		};
+		$(subscriptionOptionSelector).on('click', handleSubscriptionOptionClick);
+		$(document).on('click', subscriptionOptionSelector, handleSubscriptionOptionClick);
+
+		$(document).on('keyup keydown', subscriptionOptionSelector, function (event) {
+			if (event.which == 32) {
+				event.preventDefault();
+				event.stopPropagation();
+				if (event.type == 'keyup')
+					$(event.target).trigger('click');
+			}
+		});
+
 		$(document).on('submit', '.wf-onboarding-form', function(event) {
 			event.preventDefault();
 			var context = $(this);
@@ -47,7 +66,16 @@
 			};
 			var email = context.find('#wf-onboarding-email-input').val();
 			var licenseKey = context.find('#wf-onboarding-license-input').val();
-			var subscribe = context.find('#wf-onboarding-subscribe-input').prop('checked');
+			var subscriptionWarning = context.find('.wf-onboarding-subscription-option-required').hide();
+			var subscribe = false;
+			if (context.find('.wf-onboarding-subscription-options:visible').length) {
+				var subscriptionOption = context.find(subscriptionOptionSelector).filter('.wf-active');
+				if (!subscriptionOption.length) {
+					subscriptionWarning.show();
+					return enable(false);
+				}
+				subscribe = !!parseInt(subscriptionOption.data('value'));
+			}
 			var consent = context.find('#wf-onboarding-consent-input').prop('checked');
 			if (!consent)
 				return enable(false);

wp/wp-content/plugins/wordfence/js/wfpopover.1695657196.js

@@ -1,15 +1,146 @@
 /* ========================================================================
- * Bootstrap: wftooltip.js v3.3.7 and wfpopover.js v3.3.7 (adapted to wf prefix)
- * http://getbootstrap.com/javascript/#wfpopovers
+ * Bootstrap: tooltip.js v3.4.1 and wfpopover.js v3.4.1 (adapted to WF prefix)
+ * https://getbootstrap.com/docs/3.4/javascript/#tooltip
+ * Inspired by the original jQuery.tipsy by Jason Frame
  * ========================================================================
- * Copyright 2011-2016 Twitter, Inc.
+ * Copyright 2011-2019 Twitter, Inc.
  * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
  * ======================================================================== */
 
-
 +function ($) {
 	'use strict';
 
+	var DISALLOWED_ATTRIBUTES = ['sanitize', 'whiteList', 'sanitizeFn']
+
+	var uriAttrs = [
+		'background',
+		'cite',
+		'href',
+		'itemtype',
+		'longdesc',
+		'poster',
+		'src',
+		'xlink:href'
+	]
+
+	var ARIA_ATTRIBUTE_PATTERN = /^aria-[\w-]*$/i
+
+	var DefaultWhitelist = {
+		// Global attributes allowed on any supplied element below.
+		'*': ['class', 'dir', 'id', 'lang', 'role', ARIA_ATTRIBUTE_PATTERN],
+		a: ['target', 'href', 'title', 'rel'],
+		area: [],
+		b: [],
+		br: [],
+		col: [],
+		code: [],
+		div: [],
+		em: [],
+		hr: [],
+		h1: [],
+		h2: [],
+		h3: [],
+		h4: [],
+		h5: [],
+		h6: [],
+		i: [],
+		img: ['src', 'alt', 'title', 'width', 'height'],
+		li: [],
+		ol: [],
+		p: [],
+		pre: [],
+		s: [],
+		small: [],
+		span: [],
+		sub: [],
+		sup: [],
+		strong: [],
+		u: [],
+		ul: []
+	}
+
+	/**
+	 * A pattern that recognizes a commonly useful subset of URLs that are safe.
+	 *
+	 * Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts
+	 */
+	var SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^&:/?#]*(?:[/?#]|$))/gi
+
+	/**
+	 * A pattern that matches safe data URLs. Only matches image, video and audio types.
+	 *
+	 * Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts
+	 */
+	var DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[a-z0-9+/]+=*$/i
+
+	function allowedAttribute(attr, allowedAttributeList) {
+		var attrName = attr.nodeName.toLowerCase()
+
+		if ($.inArray(attrName, allowedAttributeList) !== -1) {
+			if ($.inArray(attrName, uriAttrs) !== -1) {
+				return Boolean(attr.nodeValue.match(SAFE_URL_PATTERN) || attr.nodeValue.match(DATA_URL_PATTERN))
+			}
+
+			return true
+		}
+
+		var regExp = $(allowedAttributeList).filter(function (index, value) {
+			return value instanceof RegExp
+		})
+
+		// Check if a regular expression validates the attribute.
+		for (var i = 0, l = regExp.length; i < l; i++) {
+			if (attrName.match(regExp[i])) {
+				return true
+			}
+		}
+
+		return false
+	}
+
+	function sanitizeHtml(unsafeHtml, whiteList, sanitizeFn) {
+		if (unsafeHtml.length === 0) {
+			return unsafeHtml
+		}
+
+		if (sanitizeFn && typeof sanitizeFn === 'function') {
+			return sanitizeFn(unsafeHtml)
+		}
+
+		// IE 8 and below don't support createHTMLDocument
+		if (!document.implementation || !document.implementation.createHTMLDocument) {
+			return unsafeHtml
+		}
+
+		var createdDocument = document.implementation.createHTMLDocument('sanitization')
+		createdDocument.body.innerHTML = unsafeHtml
+
+		var whitelistKeys = $.map(whiteList, function (el, i) { return i })
+		var elements = $(createdDocument.body).find('*')
+
+		for (var i = 0, len = elements.length; i < len; i++) {
+			var el = elements[i]
+			var elName = el.nodeName.toLowerCase()
+
+			if ($.inArray(elName, whitelistKeys) === -1) {
+				el.parentNode.removeChild(el)
+
+				continue
+			}
+
+			var attributeList = $.map(el.attributes, function (el) { return el })
+			var whitelistedAttributes = [].concat(whiteList['*'] || [], whiteList[elName] || [])
+
+			for (var j = 0, len2 = attributeList.length; j < len2; j++) {
+				if (!allowedAttribute(attributeList[j], whitelistedAttributes)) {
+					el.removeAttribute(attributeList[j].nodeName)
+				}
+			}
+		}
+
+		return createdDocument.body.innerHTML
+	}
+
 	// TOOLTIP PUBLIC CLASS DEFINITION
 	// ===============================
 
@@ -25,7 +156,7 @@
 		this.init('wftooltip', element, options)
 	}
 
-	WFTooltip.VERSION  = '3.3.7'
+	WFTooltip.VERSION  = '3.4.1'
 
 	WFTooltip.TRANSITION_DURATION = 150
 
@@ -42,7 +173,10 @@
 		viewport: {
 			selector: 'body',
 			padding: 0
-		}
+		},
+		sanitize : true,
+		sanitizeFn : null,
+		whiteList : DefaultWhitelist
 	}
 
 	WFTooltip.prototype.init = function (type, element, options) {
@@ -50,7 +184,7 @@
 		this.type      = type
 		this.$element  = $(element)
 		this.options   = this.getOptions(options)
-		this.$viewport = this.options.viewport && $($.isFunction(this.options.viewport) ? this.options.viewport.call(this, this.$element) : (this.options.viewport.selector || this.options.viewport))
+		this.$viewport = this.options.viewport && $(document).find($.isFunction(this.options.viewport) ? this.options.viewport.call(this, this.$element) : (this.options.viewport.selector || this.options.viewport))
 		this.inState   = { click: false, hover: false, focus: false }
 
 		if (this.$element[0] instanceof document.constructor && !this.options.selector) {
@@ -83,7 +217,15 @@
 	}
 
 	WFTooltip.prototype.getOptions = function (options) {
-		options = $.extend({}, this.getDefaults(), this.$element.data(), options)
+		var dataAttributes = this.$element.data()
+
+		for (var dataAttr in dataAttributes) {
+			if (dataAttributes.hasOwnProperty(dataAttr) && $.inArray(dataAttr, DISALLOWED_ATTRIBUTES) !== -1) {
+				delete dataAttributes[dataAttr]
+			}
+		}
+
+		options = $.extend({}, this.getDefaults(), dataAttributes, options)
 
 		if (options.delay && typeof options.delay == 'number') {
 			options.delay = {
@@ -92,6 +234,10 @@
 			}
 		}
 
+		if (options.sanitize) {
+			options.template = sanitizeHtml(options.template, options.whiteList, options.sanitizeFn)
+		}
+
 		return options
 	}
 
@@ -120,7 +266,7 @@
 		}
 
 		if (self.tip().hasClass('wf-in') || self.hoverState == 'wf-in') {
-			self.hoverState = 'in'
+			self.hoverState = 'wf-in'
 			return
 		}
 
@@ -203,7 +349,7 @@
 				.addClass(placement)
 				.data('bs.' + this.type, this)
 
-			this.options.container ? $tip.appendTo(this.options.container) : $tip.insertAfter(this.$element)
+			this.options.container ? $tip.appendTo($(document).find(this.options.container)) : $tip.insertAfter(this.$element)
 			this.$element.trigger('inserted.bs.' + this.type)
 
 			var pos          = this.getPosition()
@@ -215,10 +361,10 @@
 				var viewportDim = this.getPosition(this.$viewport)
 
 				placement = placement == 'wf-bottom' && pos.bottom + actualHeight > viewportDim.bottom ? 'wf-top'    :
-							placement == 'wf-top'    && pos.top    - actualHeight < viewportDim.top    ? 'wf-bottom' :
-							placement == 'wf-right'  && pos.right  + actualWidth  > viewportDim.width  ? 'wf-left'   :
+					placement == 'wf-top'    && pos.top    - actualHeight < viewportDim.top    ? 'wf-bottom' :
+						placement == 'wf-right'  && pos.right  + actualWidth  > viewportDim.width  ? 'wf-left'   :
 							placement == 'wf-left'   && pos.left   - actualWidth  < viewportDim.left   ? 'wf-right'  :
-							placement
+								placement
 
 				$tip
 					.removeClass(orgPlacement)
@@ -305,7 +451,16 @@
 		var $tip  = this.tip()
 		var title = this.getTitle()
 
-		$tip.find('.wftooltip-inner')[this.options.html ? 'html' : 'text'](title)
+		if (this.options.html) {
+			if (this.options.sanitize) {
+				title = sanitizeHtml(title, this.options.whiteList, this.options.sanitizeFn)
+			}
+
+			$tip.find('.wftooltip-inner').html(title)
+		} else {
+			$tip.find('.wftooltip-inner').text(title)
+		}
+
 		$tip.removeClass('wf-fade wf-in wf-top wf-bottom wf-left wf-right')
 	}
 
@@ -328,7 +483,7 @@
 
 		if (e.isDefaultPrevented()) return
 
-		$tip.removeClass('in')
+		$tip.removeClass('wf-in')
 
 		$.support.transition && $tip.hasClass('wf-fade') ?
 			$tip
@@ -375,7 +530,7 @@
 
 	WFTooltip.prototype.getCalculatedOffset = function (placement, pos, actualWidth, actualHeight) {
 		return placement == 'wf-bottom' ? { top: pos.top + pos.height,   left: pos.left + pos.width / 2 - actualWidth / 2 } :
-				placement == 'wf-top'    ? { top: pos.top - actualHeight, left: pos.left + pos.width / 2 - actualWidth / 2 } :
+			placement == 'wf-top'    ? { top: pos.top - actualHeight, left: pos.left + pos.width / 2 - actualWidth / 2 } :
 				placement == 'wf-left'   ? { top: pos.top + pos.height / 2 - actualHeight / 2, left: pos.left - actualWidth } :
 					/* placement == 'wf-right' */ { top: pos.top + pos.height / 2 - actualHeight / 2, left: pos.left + pos.width }
 
@@ -486,11 +641,14 @@
 		})
 	}
 
+	WFTooltip.prototype.sanitizeHtml = function (unsafeHtml) {
+		return sanitizeHtml(unsafeHtml, this.options.whiteList, this.options.sanitizeFn)
+	}
 
 	// TOOLTIP PLUGIN DEFINITION
 	// =========================
 
-	function Plugin(option) {
+	function WFPlugin(option) {
 		return this.each(function () {
 			var $this   = $(this)
 			var data    = $this.data('bs.wftooltip')
@@ -504,7 +662,7 @@
 
 	var old = $.fn.wftooltip
 
-	$.fn.wftooltip             = Plugin
+	$.fn.wftooltip             = WFPlugin
 	$.fn.wftooltip.Constructor = WFTooltip
 
 
@@ -523,7 +681,7 @@
 		this.init('wfpopover', element, options)
 	}
 
-	WFPopover.VERSION  = '3.3.7'
+	WFPopover.VERSION  = '3.4.1'
 
 	WFPopover.DEFAULTS = $.extend({}, $.fn.wftooltip.Constructor.DEFAULTS, {
 		placement: 'wf-right',
@@ -549,10 +707,25 @@
 		var title   = this.getTitle()
 		var content = this.getContent()
 
-		$tip.find('.wfpopover-title')[this.options.html ? 'html' : 'text'](title)
-		$tip.find('.wfpopover-content').children().detach().end()[ // we use append for html objects to maintain js events
-			this.options.html ? (typeof content == 'string' ? 'html' : 'append') : 'text'
-			](content)
+		if (this.options.html) {
+			var typeContent = typeof content
+
+			if (this.options.sanitize) {
+				title = this.sanitizeHtml(title)
+
+				if (typeContent === 'string') {
+					content = this.sanitizeHtml(content)
+				}
+			}
+
+			$tip.find('.wfpopover-title').html(title)
+			$tip.find('.wfpopover-content').children().detach().end()[
+				typeContent === 'string' ? 'html' : 'append'
+				](content)
+		} else {
+			$tip.find('.wfpopover-title').text(title)
+			$tip.find('.wfpopover-content').children().detach().end().text(content)
+		}
 
 		$tip.removeClass('wf-fade wf-top wf-bottom wf-left wf-right wf-in')
 
@@ -583,7 +756,7 @@
 	// POPOVER PLUGIN DEFINITION
 	// =========================
 
-	function Plugin(option) {
+	function WFPlugin(option) {
 		return this.each(function () {
 			var $this   = $(this)
 			var data    = $this.data('bs.wfpopover')
@@ -597,7 +770,7 @@
 
 	var old = $.fn.wfpopover
 
-	$.fn.wfpopover             = Plugin
+	$.fn.wfpopover             = WFPlugin
 	$.fn.wfpopover.Constructor = WFPopover