versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(api): Allow divs and spans in HTML

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-11-22 19:12:52 +01:00
parent fa0d48b88d
commit 217d3c286d
No known key found for this signature in database
1 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
utils/sanitization.ts
View file

@ -81,6 +81,8 @@ export const sanitizeHtml = async (
source: ["src", "type"],
track: ["src", "label", "kind"],
input: ["type", "checked", "disabled", "class"],
span: ["class", "translate"],
div: ["class"],
},
stripIgnoreTag: false,
escapeHtml: (unsafeHtml): string =>
@ -91,12 +93,9 @@ export const sanitizeHtml = async (
});
// Check text to only allow h-*, p-*, u-*, dt-*, e-*, mention, hashtag, ellipsis, invisible classes
const allowedClassesStart = ["h-", "p-", "u-", "dt-", "e-"];
const allowedClasses = [
"h-",
"p-",
"u-",
"dt-",
"e-",
"mention",
"hashtag",
"ellipsis",
@ -111,8 +110,10 @@ export const sanitizeHtml = async (
for (const className of classes) {
if (
!allowedClasses.some((allowedClass) =>
className.startsWith(allowedClass),
!(
allowedClassesStart.some((allowedClass) =>
className.startsWith(allowedClass),
) && allowedClasses.includes(className)
)
) {
element.removeAttribute("class");