shared/core-utils/renderer/html.ts

   1 export function getDefaultSanitizeOptions () {
   2   return {
   3     allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
   4     allowedSchemes: [ 'http', 'https' ],
   5     allowedAttributes: {
   6       'a': [ 'href', 'class', 'target', 'rel' ],
   7       '*': [ 'data-*' ]
   8     },
   9     transformTags: {
  10       a: (tagName: string, attribs: any) => {
  11         let rel = 'noopener noreferrer'
  12         if (attribs.rel === 'me') rel += ' me'
  13
  14         return {
  15           tagName,
  16           attribs: Object.assign(attribs, {
  17             target: '_blank',
  18             rel
  19           })
  20         }
  21       }
  22     }
  23   }
  24 }
  25
  26 export function getTextOnlySanitizeOptions () {
  27   return {
  28     allowedTags: [] as string[]
  29   }
  30 }
  31
  32 export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[] = []) {
  33   const base = getDefaultSanitizeOptions()
  34
  35   return {
  36     allowedTags: [
  37       ...base.allowedTags,
  38       ...additionalAllowedTags,
  39       'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'img'
  40     ],
  41     allowedSchemes: base.allowedSchemes,
  42     allowedAttributes: {
  43       ...base.allowedAttributes,
  44
  45       'img': [ 'src', 'alt' ],
  46       '*': [ 'data-*', 'style' ]
  47     }
  48   }
  49 }
  50
  51 // Thanks: https://stackoverflow.com/a/12034334
  52 export function escapeHTML (stringParam: string) {
  53   if (!stringParam) return ''
  54
  55   const entityMap = {
  56     '&': '&amp;',
  57     '<': '&lt;',
  58     '>': '&gt;',
  59     '"': '&quot;',
  60     '\'': '&#39;',
  61     '/': '&#x2F;',
  62     '`': '&#x60;',
  63     '=': '&#x3D;'
  64   }
  65
  66   return String(stringParam).replace(/[&<>"'`=/]/g, s => entityMap[s])
  67 }