versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 16:38:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(api): Allow divs and spans in HTML

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-11-22 19:12:52 +01:00
parent fa0d48b88d
commit 217d3c286d
No known key found for this signature in database
1 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
utils/sanitization.ts
View file

@ -81,6 +81,8 @@ export const sanitizeHtml = async (
source: ["src", "type"], source: ["src", "type"],
track: ["src", "label", "kind"], track: ["src", "label", "kind"],
input: ["type", "checked", "disabled", "class"], input: ["type", "checked", "disabled", "class"],
span: ["class", "translate"],
div: ["class"],
}, },
stripIgnoreTag: false, stripIgnoreTag: false,
escapeHtml: (unsafeHtml): string => escapeHtml: (unsafeHtml): string =>
@ -91,12 +93,9 @@ export const sanitizeHtml = async (
}); });
// Check text to only allow h-*, p-*, u-*, dt-*, e-*, mention, hashtag, ellipsis, invisible classes // Check text to only allow h-*, p-*, u-*, dt-*, e-*, mention, hashtag, ellipsis, invisible classes
const allowedClassesStart = ["h-", "p-", "u-", "dt-", "e-"];
const allowedClasses = [ const allowedClasses = [
"h-",
"p-",
"u-",
"dt-",
"e-",
"mention", "mention",
"hashtag", "hashtag",
"ellipsis", "ellipsis",
@ -111,8 +110,10 @@ export const sanitizeHtml = async (
for (const className of classes) { for (const className of classes) {
if ( if (
!allowedClasses.some((allowedClass) => !(
className.startsWith(allowedClass), allowedClassesStart.some((allowedClass) =>
className.startsWith(allowedClass),
) && allowedClasses.includes(className)
) )
) { ) {
element.removeAttribute("class"); element.removeAttribute("class");