From dc8a64355a7faa4e8b6199568ecfdb33a825a6cc Mon Sep 17 00:00:00 2001
From: Jesse Wierzbinski <contact@cpluspatch.com>
Date: Tue, 19 Nov 2024 11:20:24 +0100
Subject: [PATCH] feat(api): :sparkles: Allow disabled checkbox inputs in rich
 text

---
 utils/sanitization.ts | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/utils/sanitization.ts b/utils/sanitization.ts
index a283ede6..34532b67 100644
--- a/utils/sanitization.ts
+++ b/utils/sanitization.ts
@@ -79,6 +79,7 @@ export const sanitizeHtml = async (
             audio: ["class", "src", "controls"],
             source: ["src", "type"],
             track: ["src", "label", "kind"],
+            input: ["type", "checked", "disabled", "class"],
         },
         stripIgnoreTag: false,
         escapeHtml: (unsafeHtml): string =>
@@ -99,6 +100,7 @@ export const sanitizeHtml = async (
         "hashtag",
         "ellipsis",
         "invisible",
+        "task-list-item-checkbox",
     ];
 
     return await new HTMLRewriter()
@@ -117,6 +119,17 @@ export const sanitizeHtml = async (
                 }
             },
         })
+        // Only allow disabled checkbox input
+        .on("input", {
+            element(element): void {
+                if (
+                    element.getAttribute("type") === "checkbox" &&
+                    element.getAttribute("disabled") === null
+                ) {
+                    element.removeAttribute("type");
+                }
+            },
+        })
         .transform(new Response(sanitizedHtml))
         .text();
 };