2021-05-27 15:59:55 +02:00
|
|
|
export function getSanitizeOptions () {
|
|
|
|
return {
|
|
|
|
allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
|
|
|
|
allowedSchemes: [ 'http', 'https' ],
|
|
|
|
allowedAttributes: {
|
|
|
|
'a': [ 'href', 'class', 'target', 'rel' ],
|
|
|
|
'*': [ 'data-*' ]
|
|
|
|
},
|
|
|
|
transformTags: {
|
|
|
|
a: (tagName: string, attribs: any) => {
|
|
|
|
let rel = 'noopener noreferrer'
|
|
|
|
if (attribs.rel === 'me') rel += ' me'
|
2020-11-17 14:34:09 +01:00
|
|
|
|
2021-05-27 15:59:55 +02:00
|
|
|
return {
|
|
|
|
tagName,
|
|
|
|
attribs: Object.assign(attribs, {
|
|
|
|
target: '_blank',
|
|
|
|
rel
|
|
|
|
})
|
|
|
|
}
|
2020-11-17 14:34:09 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2021-03-31 08:32:05 +02:00
|
|
|
|
2021-05-27 15:59:55 +02:00
|
|
|
export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[] = []) {
|
|
|
|
const base = getSanitizeOptions()
|
|
|
|
|
|
|
|
return {
|
|
|
|
allowedTags: [
|
|
|
|
...base.allowedTags,
|
|
|
|
...additionalAllowedTags,
|
2021-06-25 15:10:39 +02:00
|
|
|
'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'img'
|
2021-05-27 15:59:55 +02:00
|
|
|
],
|
|
|
|
allowedSchemes: base.allowedSchemes,
|
|
|
|
allowedAttributes: {
|
|
|
|
...base.allowedAttributes,
|
2021-06-25 15:10:39 +02:00
|
|
|
|
|
|
|
'img': [ 'src', 'alt' ],
|
2021-05-27 15:59:55 +02:00
|
|
|
'*': [ 'data-*', 'style' ]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-03-31 08:32:05 +02:00
|
|
|
// Thanks: https://stackoverflow.com/a/12034334
|
|
|
|
export function escapeHTML (stringParam: string) {
|
|
|
|
if (!stringParam) return ''
|
|
|
|
|
|
|
|
const entityMap = {
|
|
|
|
'&': '&',
|
|
|
|
'<': '<',
|
|
|
|
'>': '>',
|
|
|
|
'"': '"',
|
|
|
|
'\'': ''',
|
|
|
|
'/': '/',
|
|
|
|
'`': '`',
|
|
|
|
'=': '='
|
|
|
|
}
|
|
|
|
|
|
|
|
return String(stringParam).replace(/[&<>"'`=/]/g, s => entityMap[s])
|
|
|
|
}
|