diff options
author | Chocobozzz <me@florianbigard.com> | 2020-11-17 14:34:09 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2020-11-17 14:34:09 +0100 |
commit | 9ff36c2d70956d2775d207c7809adb6fe7f2f2a5 (patch) | |
tree | c9058f8210d9674b69307c4f7c5ccde85a1ba597 /client/src/app | |
parent | 9afb5c10e5935e667e33219bdbd775e9ed1b4330 (diff) | |
download | PeerTube-9ff36c2d70956d2775d207c7809adb6fe7f2f2a5.tar.gz PeerTube-9ff36c2d70956d2775d207c7809adb6fe7f2f2a5.tar.zst PeerTube-9ff36c2d70956d2775d207c7809adb6fe7f2f2a5.zip |
Refactor markdown/sanitize html code
Diffstat (limited to 'client/src/app')
-rw-r--r-- | client/src/app/core/renderer/html-renderer.service.ts | 23 | ||||
-rw-r--r-- | client/src/app/core/renderer/markdown.service.ts | 32 |
2 files changed, 14 insertions, 41 deletions
diff --git a/client/src/app/core/renderer/html-renderer.service.ts b/client/src/app/core/renderer/html-renderer.service.ts index 302d92ed9..1fe91b96b 100644 --- a/client/src/app/core/renderer/html-renderer.service.ts +++ b/client/src/app/core/renderer/html-renderer.service.ts | |||
@@ -1,5 +1,6 @@ | |||
1 | import { Injectable } from '@angular/core' | 1 | import { Injectable } from '@angular/core' |
2 | import { LinkifierService } from './linkifier.service' | 2 | import { LinkifierService } from './linkifier.service' |
3 | import { SANITIZE_OPTIONS } from '@shared/core-utils/renderer/html' | ||
3 | 4 | ||
4 | @Injectable() | 5 | @Injectable() |
5 | export class HtmlRendererService { | 6 | export class HtmlRendererService { |
@@ -25,27 +26,7 @@ export class HtmlRendererService { | |||
25 | // Convert possible markdown to html | 26 | // Convert possible markdown to html |
26 | const html = this.linkifier.linkify(text) | 27 | const html = this.linkifier.linkify(text) |
27 | 28 | ||
28 | return this.sanitizeHtml(html, { | 29 | return this.sanitizeHtml(html, SANITIZE_OPTIONS) |
29 | allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ], | ||
30 | allowedSchemes: [ 'http', 'https' ], | ||
31 | allowedAttributes: { | ||
32 | 'a': [ 'href', 'class', 'target', 'rel' ] | ||
33 | }, | ||
34 | transformTags: { | ||
35 | a: (tagName, attribs) => { | ||
36 | let rel = 'noopener noreferrer' | ||
37 | if (attribs.rel === 'me') rel += ' me' | ||
38 | |||
39 | return { | ||
40 | tagName, | ||
41 | attribs: Object.assign(attribs, { | ||
42 | target: '_blank', | ||
43 | rel | ||
44 | }) | ||
45 | } | ||
46 | } | ||
47 | } | ||
48 | }) | ||
49 | } | 30 | } |
50 | 31 | ||
51 | private async loadSanitizeHtml () { | 32 | private async loadSanitizeHtml () { |
diff --git a/client/src/app/core/renderer/markdown.service.ts b/client/src/app/core/renderer/markdown.service.ts index 0e5c2ed75..0fde3f99d 100644 --- a/client/src/app/core/renderer/markdown.service.ts +++ b/client/src/app/core/renderer/markdown.service.ts | |||
@@ -1,6 +1,13 @@ | |||
1 | import * as MarkdownIt from 'markdown-it' | 1 | import * as MarkdownIt from 'markdown-it' |
2 | import { buildVideoLink } from 'src/assets/player/utils' | 2 | import { buildVideoLink } from 'src/assets/player/utils' |
3 | import { Injectable } from '@angular/core' | 3 | import { Injectable } from '@angular/core' |
4 | import { | ||
5 | COMPLETE_RULES, | ||
6 | ENHANCED_RULES, | ||
7 | ENHANCED_WITH_HTML_RULES, | ||
8 | TEXT_RULES, | ||
9 | TEXT_WITH_HTML_RULES | ||
10 | } from '@shared/core-utils/renderer/markdown' | ||
4 | import { HtmlRendererService } from './html-renderer.service' | 11 | import { HtmlRendererService } from './html-renderer.service' |
5 | 12 | ||
6 | type MarkdownParsers = { | 13 | type MarkdownParsers = { |
@@ -25,21 +32,6 @@ type MarkdownParserConfigs = { | |||
25 | 32 | ||
26 | @Injectable() | 33 | @Injectable() |
27 | export class MarkdownService { | 34 | export class MarkdownService { |
28 | static TEXT_RULES = [ | ||
29 | 'linkify', | ||
30 | 'autolink', | ||
31 | 'emphasis', | ||
32 | 'link', | ||
33 | 'newline', | ||
34 | 'list' | ||
35 | ] | ||
36 | static TEXT_WITH_HTML_RULES = MarkdownService.TEXT_RULES.concat([ 'html_inline', 'html_block' ]) | ||
37 | |||
38 | static ENHANCED_RULES = MarkdownService.TEXT_RULES.concat([ 'image' ]) | ||
39 | static ENHANCED_WITH_HTML_RULES = MarkdownService.TEXT_WITH_HTML_RULES.concat([ 'image' ]) | ||
40 | |||
41 | static COMPLETE_RULES = MarkdownService.ENHANCED_WITH_HTML_RULES.concat([ 'block', 'inline', 'heading', 'paragraph' ]) | ||
42 | |||
43 | private markdownParsers: MarkdownParsers = { | 35 | private markdownParsers: MarkdownParsers = { |
44 | textMarkdownIt: null, | 36 | textMarkdownIt: null, |
45 | textWithHTMLMarkdownIt: null, | 37 | textWithHTMLMarkdownIt: null, |
@@ -48,13 +40,13 @@ export class MarkdownService { | |||
48 | completeMarkdownIt: null | 40 | completeMarkdownIt: null |
49 | } | 41 | } |
50 | private parsersConfig: MarkdownParserConfigs = { | 42 | private parsersConfig: MarkdownParserConfigs = { |
51 | textMarkdownIt: { rules: MarkdownService.TEXT_RULES, html: false }, | 43 | textMarkdownIt: { rules: TEXT_RULES, html: false }, |
52 | textWithHTMLMarkdownIt: { rules: MarkdownService.TEXT_WITH_HTML_RULES, html: true, escape: true }, | 44 | textWithHTMLMarkdownIt: { rules: TEXT_WITH_HTML_RULES, html: true, escape: true }, |
53 | 45 | ||
54 | enhancedMarkdownIt: { rules: MarkdownService.ENHANCED_RULES, html: false }, | 46 | enhancedMarkdownIt: { rules: ENHANCED_RULES, html: false }, |
55 | enhancedWithHTMLMarkdownIt: { rules: MarkdownService.ENHANCED_WITH_HTML_RULES, html: true, escape: true }, | 47 | enhancedWithHTMLMarkdownIt: { rules: ENHANCED_WITH_HTML_RULES, html: true, escape: true }, |
56 | 48 | ||
57 | completeMarkdownIt: { rules: MarkdownService.COMPLETE_RULES, html: true } | 49 | completeMarkdownIt: { rules: COMPLETE_RULES, html: true } |
58 | } | 50 | } |
59 | 51 | ||
60 | constructor (private htmlRenderer: HtmlRendererService) {} | 52 | constructor (private htmlRenderer: HtmlRendererService) {} |