[github/Chocobozzz/PeerTube.git] / shared / core-utils / renderer / html.ts

export function getDefaultSanitizeOptions () {
  return {
    allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
    allowedSchemes: [ 'http', 'https' ],
    allowedAttributes: {
      'a': [ 'href', 'class', 'target', 'rel' ],
      '*': [ 'data-*' ]
    },
    transformTags: {
      a: (tagName: string, attribs: any) => {
        let rel = 'noopener noreferrer'
        if (attribs.rel === 'me') rel += ' me'

        return {
          tagName,
          attribs: Object.assign(attribs, {
            target: '_blank',
            rel
          })
        }
      }
    }
  }
}

export function getTextOnlySanitizeOptions () {
  return {
    allowedTags: [] as string[]
  }
}

export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[] = []) {
  const base = getDefaultSanitizeOptions()

  return {
    allowedTags: [
      ...base.allowedTags,
      ...additionalAllowedTags,
      'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'img'
    ],
    allowedSchemes: base.allowedSchemes,
    allowedAttributes: {
      ...base.allowedAttributes,

      'img': [ 'src', 'alt' ],
      '*': [ 'data-*', 'style' ]
    }
  }
}

// Thanks: https://stackoverflow.com/a/12034334
export function escapeHTML (stringParam: string) {
  if (!stringParam) return ''

  const entityMap = {
    '&': '&amp;',
    '<': '&lt;',
    '>': '&gt;',
    '"': '&quot;',
    '\'': '&#39;',
    '/': '&#x2F;',
    '`': '&#x60;',
    '=': '&#x3D;'
  }

  return String(stringParam).replace(/[&<>"'`=/]/g, s => entityMap[s])
}
Commit	Line	Data
c68e2b2d	1	export function getDefaultSanitizeOptions () {
2539932e C	2	return {
	3	allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
	4	allowedSchemes: [ 'http', 'https' ],
	5	allowedAttributes: {
	6	'a': [ 'href', 'class', 'target', 'rel' ],
	7	'': [ 'data-' ]
	8	},
	9	transformTags: {
	10	a: (tagName: string, attribs: any) => {
	11	let rel = 'noopener noreferrer'
	12	if (attribs.rel === 'me') rel += ' me'
9ff36c2d	13
2539932e C	14	return {
	15	tagName,
	16	attribs: Object.assign(attribs, {
	17	target: '_blank',
	18	rel
	19	})
	20	}
9ff36c2d C	21	}
	22	}
	23	}
	24	}
4097c6d6	25
c68e2b2d C	26	export function getTextOnlySanitizeOptions () {
	27	return {
	28	allowedTags: [] as string[]
	29	}
	30	}
	31
2539932e	32	export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[] = []) {
c68e2b2d	33	const base = getDefaultSanitizeOptions()
2539932e C	34
	35	return {
	36	allowedTags: [
	37	...base.allowedTags,
	38	...additionalAllowedTags,
0d25c594	39	'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'img'
2539932e C	40	],
	41	allowedSchemes: base.allowedSchemes,
	42	allowedAttributes: {
	43	...base.allowedAttributes,
0d25c594 C	44
0d25c594 C	45	'img': [ 'src', 'alt' ],
2539932e C	46	'': [ 'data-', 'style' ]
	47	}
	48	}
	49	}
	50
4097c6d6 TP	51	// Thanks: https://stackoverflow.com/a/12034334
	52	export function escapeHTML (stringParam: string) {
	53	if (!stringParam) return ''
	54
	55	const entityMap = {
	56	'&': '&',
	57	'<': '<',
	58	'>': '>',
	59	'"': '"',
	60	'\'': ''',
	61	'/': '/',
	62	'`': '`',
	63	'=': '='
	64	}
	65
	66	return String(stringParam).replace(/[&<>"'`=/]/g, s => entityMap[s])
	67	}