feat(api): ✨ Allow disabled checkbox inputs in rich text

2025-12-06 08:28:19 +01:00 · 2024-11-19 11:20:24 +01:00 · 2024-11-19 11:20:24 +01:00 · dc8a64355a
parent 32f71b3adf
commit dc8a64355a
1 changed files with 13 additions and 0 deletions
--- a/utils/sanitization.ts
+++ b/utils/sanitization.ts
@ -79,6 +79,7 @@ export const sanitizeHtml = async (
            audio: ["class", "src", "controls"],
            source: ["src", "type"],
            track: ["src", "label", "kind"],
+            input: ["type", "checked", "disabled", "class"],
        },
        stripIgnoreTag: false,
        escapeHtml: (unsafeHtml): string =>
@ -99,6 +100,7 @@ export const sanitizeHtml = async (
        "hashtag",
        "ellipsis",
        "invisible",
+        "task-list-item-checkbox",
    ];

    return await new HTMLRewriter()
@ -117,6 +119,17 @@ export const sanitizeHtml = async (
                }
            },
        })
+        // Only allow disabled checkbox input
+        .on("input", {
+            element(element): void {
+                if (
+                    element.getAttribute("type") === "checkbox" &&
+                    element.getAttribute("disabled") === null
+                ) {
+                    element.removeAttribute("type");
+                }
+            },
+        })
        .transform(new Response(sanitizedHtml))
        .text();
 };