shared/core-utils/renderer/html.ts

   1 export function getSanitizeOptions () {
   2   return {
   3     allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
   4     allowedSchemes: [ 'http', 'https' ],
   5     allowedAttributes: {
   6       'a': [ 'href', 'class', 'target', 'rel' ],
   7       '*': [ 'data-*' ]
   8     },
   9     transformTags: {
  10       a: (tagName: string, attribs: any) => {
  11         let rel = 'noopener noreferrer'
  12         if (attribs.rel === 'me') rel += ' me'
  13
  14         return {
  15           tagName,
  16           attribs: Object.assign(attribs, {
  17             target: '_blank',
  18             rel
  19           })
  20         }
  21       }
  22     }
  23   }
  24 }
  25
  26 export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[] = []) {
  27   const base = getSanitizeOptions()
  28
  29   return {
  30     allowedTags: [
  31       ...base.allowedTags,
  32       ...additionalAllowedTags,
  33       'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6'
  34     ],
  35     allowedSchemes: base.allowedSchemes,
  36     allowedAttributes: {
  37       ...base.allowedAttributes,
  38       '*': [ 'data-*', 'style' ]
  39     }
  40   }
  41 }
  42
  43 // Thanks: https://stackoverflow.com/a/12034334
  44 export function escapeHTML (stringParam: string) {
  45   if (!stringParam) return ''
  46
  47   const entityMap = {
  48     '&': '&amp;',
  49     '<': '&lt;',
  50     '>': '&gt;',
  51     '"': '&quot;',
  52     '\'': '&#39;',
  53     '/': '&#x2F;',
  54     '`': '&#x60;',
  55     '=': '&#x3D;'
  56   }
  57
  58   return String(stringParam).replace(/[&<>"'`=/]/g, s => entityMap[s])
  59 }