shared/core-utils/renderer/html.ts

   1 export function getSanitizeOptions () {
   2   return {
   3     allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
   4     allowedSchemes: [ 'http', 'https' ],
   5     allowedAttributes: {
   6       'a': [ 'href', 'class', 'target', 'rel' ],
   7       '*': [ 'data-*' ]
   8     },
   9     transformTags: {
  10       a: (tagName: string, attribs: any) => {
  11         let rel = 'noopener noreferrer'
  12         if (attribs.rel === 'me') rel += ' me'
  13
  14         return {
  15           tagName,
  16           attribs: Object.assign(attribs, {
  17             target: '_blank',
  18             rel
  19           })
  20         }
  21       }
  22     }
  23   }
  24 }
  25
  26 export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[] = []) {
  27   const base = getSanitizeOptions()
  28
  29   return {
  30     allowedTags: [
  31       ...base.allowedTags,
  32       ...additionalAllowedTags,
  33       'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'img'
  34     ],
  35     allowedSchemes: base.allowedSchemes,
  36     allowedAttributes: {
  37       ...base.allowedAttributes,
  38
  39       'img': [ 'src', 'alt' ],
  40       '*': [ 'data-*', 'style' ]
  41     }
  42   }
  43 }
  44
  45 // Thanks: https://stackoverflow.com/a/12034334
  46 export function escapeHTML (stringParam: string) {
  47   if (!stringParam) return ''
  48
  49   const entityMap = {
  50     '&': '&amp;',
  51     '<': '&lt;',
  52     '>': '&gt;',
  53     '"': '&quot;',
  54     '\'': '&#39;',
  55     '/': '&#x2F;',
  56     '`': '&#x60;',
  57     '=': '&#x3D;'
  58   }
  59
  60   return String(stringParam).replace(/[&<>"'`=/]/g, s => entityMap[s])
  61 }