versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(api): Allow disabled checkbox inputs in rich text

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-11-19 11:20:24 +01:00
parent 32f71b3adf
commit dc8a64355a
No known key found for this signature in database
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
utils/sanitization.ts
View file

@ -79,6 +79,7 @@ export const sanitizeHtml = async (
audio: ["class", "src", "controls"], audio: ["class", "src", "controls"],
source: ["src", "type"], source: ["src", "type"],
track: ["src", "label", "kind"], track: ["src", "label", "kind"],
input: ["type", "checked", "disabled", "class"],
}, },
stripIgnoreTag: false, stripIgnoreTag: false,
escapeHtml: (unsafeHtml): string => escapeHtml: (unsafeHtml): string =>
@ -99,6 +100,7 @@ export const sanitizeHtml = async (
"hashtag", "hashtag",
"ellipsis", "ellipsis",
"invisible", "invisible",
"task-list-item-checkbox",
]; ];
return await new HTMLRewriter() return await new HTMLRewriter()
@ -117,6 +119,17 @@ export const sanitizeHtml = async (
} }
}, },
}) })
// Only allow disabled checkbox input
.on("input", {
element(element): void {
if (
element.getAttribute("type") === "checkbox" &&
element.getAttribute("disabled") === null
) {
element.removeAttribute("type");
}
},
})
.transform(new Response(sanitizedHtml)) .transform(new Response(sanitizedHtml))
.text(); .text();
}; };