shared/core-utils/renderer/html.ts

   1 export function getDefaultSanitizeOptions () {
   2   return {
   3     allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
   4     allowedSchemes: [ 'http', 'https' ],
   5     allowedAttributes: {
   6       'a': [ 'href', 'class', 'target', 'rel' ],
   7       '*': [ 'data-*' ]
   8     },
   9     transformTags: {
  10       a: (tagName: string, attribs: any) => {
  11         let rel = 'noopener noreferrer'
  12         if (attribs.rel === 'me') rel += ' me'
  13
  14         return {
  15           tagName,
  16           attribs: Object.assign(attribs, {
  17             target: '_blank',
  18             rel
  19           })
  20         }
  21       }
  22     }
  23   }
  24 }
  25
  26 export function getTextOnlySanitizeOptions () {
  27   return {
  28     allowedTags: [] as string[]
  29   }
  30 }
  31
  32 export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[] = []) {
  33   const base = getDefaultSanitizeOptions()
  34
  35   return {
  36     allowedTags: [
  37       ...base.allowedTags,
  38       ...additionalAllowedTags,
  39       'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'img'
  40     ],
  41     allowedSchemes: [
  42       ...base.allowedSchemes,
  43
  44       'mailto'
  45     ],
  46     allowedAttributes: {
  47       ...base.allowedAttributes,
  48
  49       'img': [ 'src', 'alt' ],
  50       '*': [ 'data-*', 'style' ]
  51     }
  52   }
  53 }
  54
  55 // Thanks: https://stackoverflow.com/a/12034334
  56 export function escapeHTML (stringParam: string) {
  57   if (!stringParam) return ''
  58
  59   const entityMap = {
  60     '&': '&amp;',
  61     '<': '&lt;',
  62     '>': '&gt;',
  63     '"': '&quot;',
  64     '\'': '&#39;',
  65     '/': '&#x2F;',
  66     '`': '&#x60;',
  67     '=': '&#x3D;'
  68   }
  69
  70   return String(stringParam).replace(/[&<>"'`=/]/g, s => entityMap[s])
  71 }