X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=shared%2Fcore-utils%2Frenderer%2Fhtml.ts;h=c9757be85e393a9edd870228a4993c4e7b42ce9b;hb=3318147300b4f998adf728eb0a5a14a4c1829c51;hp=de4ad47ac8569c47d41f89f405fb2af34a273724;hpb=4024c44f9027a32809931de0692d40d001df721c;p=github%2FChocobozzz%2FPeerTube.git diff --git a/shared/core-utils/renderer/html.ts b/shared/core-utils/renderer/html.ts index de4ad47ac..c9757be85 100644 --- a/shared/core-utils/renderer/html.ts +++ b/shared/core-utils/renderer/html.ts @@ -1,25 +1,47 @@ -export const SANITIZE_OPTIONS = { - allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ], - allowedSchemes: [ 'http', 'https' ], - allowedAttributes: { - a: [ 'href', 'class', 'target', 'rel' ] - }, - transformTags: { - a: (tagName: string, attribs: any) => { - let rel = 'noopener noreferrer' - if (attribs.rel === 'me') rel += ' me' +export function getSanitizeOptions () { + return { + allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ], + allowedSchemes: [ 'http', 'https' ], + allowedAttributes: { + 'a': [ 'href', 'class', 'target', 'rel' ], + '*': [ 'data-*' ] + }, + transformTags: { + a: (tagName: string, attribs: any) => { + let rel = 'noopener noreferrer' + if (attribs.rel === 'me') rel += ' me' - return { - tagName, - attribs: Object.assign(attribs, { - target: '_blank', - rel - }) + return { + tagName, + attribs: Object.assign(attribs, { + target: '_blank', + rel + }) + } } } } } +export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[] = []) { + const base = getSanitizeOptions() + + return { + allowedTags: [ + ...base.allowedTags, + ...additionalAllowedTags, + 'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'img' + ], + allowedSchemes: base.allowedSchemes, + allowedAttributes: { + ...base.allowedAttributes, + + 'img': [ 'src', 'alt' ], + '*': [ 'data-*', 'style' ] + } + } +} + // Thanks: https://stackoverflow.com/a/12034334 export function escapeHTML (stringParam: string) { if (!stringParam) return ''