versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-03-13 05:49:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(api): Reimplement HTML sanitization

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-05-02 13:25:32 -10:00
parent cac726ac1b
commit febddc2a8b
No known key found for this signature in database
4 changed files with 123 additions and 126 deletions
Download patch file Download diff file Expand all files Collapse all files

19
utils/sanitization.ts
View file

@ -1,10 +1,14 @@
import { config } from "config-manager";
// import { sanitize } from "isomorphic-dompurify";
import type DOMPurify from "dompurify";
import createDomPurify from "dompurify";
import { Window } from "happy-dom";
export const sanitizeHtml = async (html: string) => {
// TEMP: Allow all tags and attributes
return html;
/* const sanitizedHtml = sanitize(html, {
const window = new Window();
// @ts-expect-error Mismatch between types, but they're okay i swear
const purifier = createDomPurify(window);
export const sanitizeHtml = async (html: string, extraConfig?: DOMPurify.Config) => {
const sanitizedHtml = purifier.sanitize(html, {
ALLOWED_TAGS: [
"a",
"p",
@ -40,7 +44,8 @@ export const sanitizeHtml = async (html: string) => {
USE_PROFILES: {
mathMl: true,
},
});
...extraConfig,
}) as string;
// Check text to only allow h-*, p-*, u-*, dt-*, e-*, mention, hashtag, ellipsis, invisible classes
const allowedClasses = [
@ -72,5 +77,5 @@ export const sanitizeHtml = async (html: string) => {
},
})
.transform(new Response(sanitizedHtml))
.text(); */
.text();
};