]>
Commit | Line | Data |
---|---|---|
1 | export function getDefaultSanitizeOptions () { | |
2 | return { | |
3 | allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ], | |
4 | allowedSchemes: [ 'http', 'https' ], | |
5 | allowedAttributes: { | |
6 | 'a': [ 'href', 'class', 'target', 'rel' ], | |
7 | '*': [ 'data-*' ] | |
8 | }, | |
9 | transformTags: { | |
10 | a: (tagName: string, attribs: any) => { | |
11 | let rel = 'noopener noreferrer' | |
12 | if (attribs.rel === 'me') rel += ' me' | |
13 | ||
14 | return { | |
15 | tagName, | |
16 | attribs: Object.assign(attribs, { | |
17 | target: '_blank', | |
18 | rel | |
19 | }) | |
20 | } | |
21 | } | |
22 | } | |
23 | } | |
24 | } | |
25 | ||
26 | export function getTextOnlySanitizeOptions () { | |
27 | return { | |
28 | allowedTags: [] as string[] | |
29 | } | |
30 | } | |
31 | ||
32 | export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[] = []) { | |
33 | const base = getDefaultSanitizeOptions() | |
34 | ||
35 | return { | |
36 | allowedTags: [ | |
37 | ...base.allowedTags, | |
38 | ...additionalAllowedTags, | |
39 | 'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'img' | |
40 | ], | |
41 | allowedSchemes: [ | |
42 | ...base.allowedSchemes, | |
43 | ||
44 | 'mailto' | |
45 | ], | |
46 | allowedAttributes: { | |
47 | ...base.allowedAttributes, | |
48 | ||
49 | 'img': [ 'src', 'alt' ], | |
50 | '*': [ 'data-*', 'style' ] | |
51 | } | |
52 | } | |
53 | } | |
54 | ||
55 | // Thanks: https://stackoverflow.com/a/12034334 | |
56 | export function escapeHTML (stringParam: string) { | |
57 | if (!stringParam) return '' | |
58 | ||
59 | const entityMap: { [id: string ]: string } = { | |
60 | '&': '&', | |
61 | '<': '<', | |
62 | '>': '>', | |
63 | '"': '"', | |
64 | '\'': ''', | |
65 | '/': '/', | |
66 | '`': '`', | |
67 | '=': '=' | |
68 | } | |
69 | ||
70 | return String(stringParam).replace(/[&<>"'`=/]/g, s => entityMap[s]) | |
71 | } |