]>
Commit | Line | Data |
---|---|---|
1 | export function getDefaultSanitizeOptions () { | |
2 | return { | |
3 | allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ], | |
4 | allowedSchemes: [ 'http', 'https' ], | |
5 | allowedAttributes: { | |
6 | 'a': [ 'href', 'class', 'target', 'rel' ], | |
7 | '*': [ 'data-*' ] | |
8 | }, | |
9 | transformTags: { | |
10 | a: (tagName: string, attribs: any) => { | |
11 | let rel = 'noopener noreferrer' | |
12 | if (attribs.rel === 'me') rel += ' me' | |
13 | ||
14 | return { | |
15 | tagName, | |
16 | attribs: Object.assign(attribs, { | |
17 | target: '_blank', | |
18 | rel | |
19 | }) | |
20 | } | |
21 | } | |
22 | } | |
23 | } | |
24 | } | |
25 | ||
26 | export function getTextOnlySanitizeOptions () { | |
27 | return { | |
28 | allowedTags: [] as string[] | |
29 | } | |
30 | } | |
31 | ||
32 | export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[] = []) { | |
33 | const base = getDefaultSanitizeOptions() | |
34 | ||
35 | return { | |
36 | allowedTags: [ | |
37 | ...base.allowedTags, | |
38 | ...additionalAllowedTags, | |
39 | 'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'img' | |
40 | ], | |
41 | allowedSchemes: base.allowedSchemes, | |
42 | allowedAttributes: { | |
43 | ...base.allowedAttributes, | |
44 | ||
45 | 'img': [ 'src', 'alt' ], | |
46 | '*': [ 'data-*', 'style' ] | |
47 | } | |
48 | } | |
49 | } | |
50 | ||
51 | // Thanks: https://stackoverflow.com/a/12034334 | |
52 | export function escapeHTML (stringParam: string) { | |
53 | if (!stringParam) return '' | |
54 | ||
55 | const entityMap = { | |
56 | '&': '&', | |
57 | '<': '<', | |
58 | '>': '>', | |
59 | '"': '"', | |
60 | '\'': ''', | |
61 | '/': '/', | |
62 | '`': '`', | |
63 | '=': '=' | |
64 | } | |
65 | ||
66 | return String(stringParam).replace(/[&<>"'`=/]/g, s => entityMap[s]) | |
67 | } |