1 files changed, 36 insertions, 16 deletions

diff --git a/shared/core-utils/renderer/html.ts b/shared/core-utils/renderer/html.ts
index de4ad47ac..bbf8b3fbd 100644
--- a/shared/core-utils/renderer/html.ts
+++ b/shared/core-utils/renderer/html.ts
@@ -1,25 +1,45 @@
-export const SANITIZE_OPTIONS = {
-  allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
-  allowedSchemes: [ 'http', 'https' ],
-  allowedAttributes: {
-    a: [ 'href', 'class', 'target', 'rel' ]
-  },
-  transformTags: {
-    a: (tagName: string, attribs: any) => {
-      let rel = 'noopener noreferrer'
-      if (attribs.rel === 'me') rel += ' me'
+export function getSanitizeOptions () {
+  return {
+    allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
+    allowedSchemes: [ 'http', 'https' ],
+    allowedAttributes: {
+      'a': [ 'href', 'class', 'target', 'rel' ],
+      '*': [ 'data-*' ]
+    },
+    transformTags: {
+      a: (tagName: string, attribs: any) => {
+        let rel = 'noopener noreferrer'
+        if (attribs.rel === 'me') rel += ' me'
 
-      return {
-        tagName,
-        attribs: Object.assign(attribs, {
-          target: '_blank',
-          rel
-        })
+        return {
+          tagName,
+          attribs: Object.assign(attribs, {
+            target: '_blank',
+            rel
+          })
+        }
       }
     }
   }
 }
 
+export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[] = []) {
+  const base = getSanitizeOptions()
+
+  return {
+    allowedTags: [
+      ...base.allowedTags,
+      ...additionalAllowedTags,
+      'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6'
+    ],
+    allowedSchemes: base.allowedSchemes,
+    allowedAttributes: {
+      ...base.allowedAttributes,
+      '*': [ 'data-*', 'style' ]
+    }
+  }
+}
+
 // Thanks: https://stackoverflow.com/a/12034334
 export function escapeHTML (stringParam: string) {
   if (!stringParam) return ''