5 files changed, 78 insertions, 17 deletions
diff --git a/shared/core-utils/miscs/http-methods.ts b/shared/core-utils/miscs/http-methods.ts
new file mode 100644
index 000000000..1cfa458b9
--- /dev/null
+++ b/shared/core-utils/miscs/http-methods.ts
@@ -0,0 +1,21 @@
+/** HTTP request method to indicate the desired action to be performed for a given resource. */
+export enum HttpMethod {
+  /** The CONNECT method establishes a tunnel to the server identified by the target resource. */
+  CONNECT = 'CONNECT',
+  /** The DELETE method deletes the specified resource. */
+  DELETE = 'DELETE',
+  /** The GET method requests a representation of the specified resource. Requests using GET should only retrieve data. */
+  GET = 'GET',
+  /** The HEAD method asks for a response identical to that of a GET request, but without the response body. */
+  HEAD = 'HEAD',
+  /** The OPTIONS method is used to describe the communication options for the target resource. */
+  OPTIONS = 'OPTIONS',
+  /** The PATCH method is used to apply partial modifications to a resource. */
+  PATCH = 'PATCH',
+  /** The POST method is used to submit an entity to the specified resource */
+  POST = 'POST',
+  /** The PUT method replaces all current representations of the target resource with the request payload. */
+  PUT = 'PUT',
+  /** The TRACE method performs a message loop-back test along the path to the target resource. */
+  TRACE = 'TRACE'
+}
diff --git a/shared/core-utils/miscs/index.ts b/shared/core-utils/miscs/index.ts
index 898fd4791..251df1de2 100644
--- a/shared/core-utils/miscs/index.ts
+++ b/shared/core-utils/miscs/index.ts
@@ -2,3 +2,4 @@ export * from './date'
 export * from './miscs'
 export * from './types'
 export * from './http-error-codes'
+export * from './http-methods'
diff --git a/shared/core-utils/miscs/miscs.ts b/shared/core-utils/miscs/miscs.ts
index 71703faac..4780ca922 100644
--- a/shared/core-utils/miscs/miscs.ts
+++ b/shared/core-utils/miscs/miscs.ts
@@ -28,9 +28,24 @@ function isCatchable (value: any) {
  return value && typeof value.catch === 'function'
 }
+function sortObjectComparator (key: string, order: 'asc' | 'desc') {
+  return (a: any, b: any) => {
+    if (a[key] < b[key]) {
+      return order === 'asc' ? -1 : 1
+    }
+    if (a[key] > b[key]) {
+      return order === 'asc' ? 1 : -1
+    }
+    return 0
+  }
+}
 export {
  randomInt,
  compareSemVer,
  isPromise,
-  isCatchable
+  isCatchable,
+  sortObjectComparator
 }
diff --git a/shared/core-utils/miscs/types.ts b/shared/core-utils/miscs/types.ts
index bb64dc830..bd2a97b98 100644
--- a/shared/core-utils/miscs/types.ts
+++ b/shared/core-utils/miscs/types.ts
@@ -6,6 +6,10 @@ export type FunctionPropertyNames<T> = {
 export type FunctionProperties<T> = Pick<T, FunctionPropertyNames<T>>
+export type AttributesOnly<T> = {
+  [K in keyof T]: T[K] extends Function ? never : T[K]
+}
 export type PickWith<T, KT extends keyof T, V> = {
  [P in KT]: T[P] extends V ? V : never
 }
diff --git a/shared/core-utils/renderer/html.ts b/shared/core-utils/renderer/html.ts
index de4ad47ac..bbf8b3fbd 100644
--- a/shared/core-utils/renderer/html.ts
+++ b/shared/core-utils/renderer/html.ts
@@ -1,25 +1,45 @@
-export const SANITIZE_OPTIONS = {
+export function getSanitizeOptions () {
-  allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
+  return {
-  allowedSchemes: [ 'http', 'https' ],
+    allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
-  allowedAttributes: {
+    allowedSchemes: [ 'http', 'https' ],
-    a: [ 'href', 'class', 'target', 'rel' ]
+    allowedAttributes: {
-  },
+      'a': [ 'href', 'class', 'target', 'rel' ],
-  transformTags: {
+      '*': [ 'data-*' ]
-    a: (tagName: string, attribs: any) => {
+    },
-      let rel = 'noopener noreferrer'
+    transformTags: {
-      if (attribs.rel === 'me') rel += ' me'
+      a: (tagName: string, attribs: any) => {
+        let rel = 'noopener noreferrer'
+        if (attribs.rel === 'me') rel += ' me'
-      return {
+        return {
-        tagName,
+          tagName,
-        attribs: Object.assign(attribs, {
+          attribs: Object.assign(attribs, {
-          target: '_blank',
+            target: '_blank',
-          rel
+            rel
-        })
+          })
+        }
      }
    }
  }
 }
+export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[] = []) {
+  const base = getSanitizeOptions()
+  return {
+    allowedTags: [
+      ...base.allowedTags,
+      ...additionalAllowedTags,
+      'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6'
+    ],
+    allowedSchemes: base.allowedSchemes,
+    allowedAttributes: {
+      ...base.allowedAttributes,
+      '*': [ 'data-*', 'style' ]
+    }
+  }
+}
 // Thanks: https://stackoverflow.com/a/12034334
 export function escapeHTML (stringParam: string) {
  if (!stringParam) return ''

diff --git a/shared/core-utils/miscs/http-methods.ts b/shared/core-utils/miscs/http-methods.ts new file mode 100644 index 000000000..1cfa458b9 --- /dev/null +++ b/shared/core-utils/miscs/http-methods.ts
@@ -0,0 +1,21 @@
		1	/** HTTP request method to indicate the desired action to be performed for a given resource. */
		2	export enum HttpMethod {
		3	/** The CONNECT method establishes a tunnel to the server identified by the target resource. */
		4	CONNECT = 'CONNECT',
		5	/** The DELETE method deletes the specified resource. */
		6	DELETE = 'DELETE',
		7	/** The GET method requests a representation of the specified resource. Requests using GET should only retrieve data. */
		8	GET = 'GET',
		9	/** The HEAD method asks for a response identical to that of a GET request, but without the response body. */
		10	HEAD = 'HEAD',
		11	/** The OPTIONS method is used to describe the communication options for the target resource. */
		12	OPTIONS = 'OPTIONS',
		13	/** The PATCH method is used to apply partial modifications to a resource. */
		14	PATCH = 'PATCH',
		15	/** The POST method is used to submit an entity to the specified resource */
		16	POST = 'POST',
		17	/** The PUT method replaces all current representations of the target resource with the request payload. */
		18	PUT = 'PUT',
		19	/** The TRACE method performs a message loop-back test along the path to the target resource. */
		20	TRACE = 'TRACE'
		21	}


diff --git a/shared/core-utils/miscs/index.ts b/shared/core-utils/miscs/index.ts index 898fd4791..251df1de2 100644 --- a/shared/core-utils/miscs/index.ts +++ b/shared/core-utils/miscs/index.ts
@@ -2,3 +2,4 @@ export * from './date'
2	export * from './miscs'	2	export * from './miscs'
3	export * from './types'	3	export * from './types'
4	export * from './http-error-codes'	4	export * from './http-error-codes'
		5	export * from './http-methods'


diff --git a/shared/core-utils/miscs/miscs.ts b/shared/core-utils/miscs/miscs.ts index 71703faac..4780ca922 100644 --- a/shared/core-utils/miscs/miscs.ts +++ b/shared/core-utils/miscs/miscs.ts
@@ -28,9 +28,24 @@ function isCatchable (value: any) {
28	return value && typeof value.catch === 'function'	28	return value && typeof value.catch === 'function'
29	}	29	}
30		30
		31	function sortObjectComparator (key: string, order: 'asc' \| 'desc') {
		32	return (a: any, b: any) => {
		33	if (a[key] < b[key]) {
		34	return order === 'asc' ? -1 : 1
		35	}
		36
		37	if (a[key] > b[key]) {
		38	return order === 'asc' ? 1 : -1
		39	}
		40
		41	return 0
		42	}
		43	}
		44
31	export {	45	export {
32	randomInt,	46	randomInt,
33	compareSemVer,	47	compareSemVer,
34	isPromise,	48	isPromise,
35	isCatchable	49	isCatchable,
		50	sortObjectComparator
36	}	51	}


diff --git a/shared/core-utils/miscs/types.ts b/shared/core-utils/miscs/types.ts index bb64dc830..bd2a97b98 100644 --- a/shared/core-utils/miscs/types.ts +++ b/shared/core-utils/miscs/types.ts
@@ -6,6 +6,10 @@ export type FunctionPropertyNames<T> = {
6		6
7	export type FunctionProperties<T> = Pick<T, FunctionPropertyNames<T>>	7	export type FunctionProperties<T> = Pick<T, FunctionPropertyNames<T>>
8		8
		9	export type AttributesOnly<T> = {
		10	[K in keyof T]: T[K] extends Function ? never : T[K]
		11	}
		12
9	export type PickWith<T, KT extends keyof T, V> = {	13	export type PickWith<T, KT extends keyof T, V> = {
10	[P in KT]: T[P] extends V ? V : never	14	[P in KT]: T[P] extends V ? V : never
11	}	15	}


diff --git a/shared/core-utils/renderer/html.ts b/shared/core-utils/renderer/html.ts index de4ad47ac..bbf8b3fbd 100644 --- a/shared/core-utils/renderer/html.ts +++ b/shared/core-utils/renderer/html.ts
@@ -1,25 +1,45 @@
1	export const SANITIZE_OPTIONS = {	1	export function getSanitizeOptions () {
2	allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],	2	return {
3	allowedSchemes: [ 'http', 'https' ],	3	allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
4	allowedAttributes: {	4	allowedSchemes: [ 'http', 'https' ],
5	a: [ 'href', 'class', 'target', 'rel' ]	5	allowedAttributes: {
6	},	6	'a': [ 'href', 'class', 'target', 'rel' ],
7	transformTags: {	7	'': [ 'data-' ]
8	a: (tagName: string, attribs: any) => {	8	},
9	let rel = 'noopener noreferrer'	9	transformTags: {
10	if (attribs.rel === 'me') rel += ' me'	10	a: (tagName: string, attribs: any) => {
		11	let rel = 'noopener noreferrer'
		12	if (attribs.rel === 'me') rel += ' me'
11		13
12	return {	14	return {
13	tagName,	15	tagName,
14	attribs: Object.assign(attribs, {	16	attribs: Object.assign(attribs, {
15	target: '_blank',	17	target: '_blank',
16	rel	18	rel
17	})	19	})
		20	}
18	}	21	}
19	}	22	}
20	}	23	}
21	}	24	}
22		25
		26	export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[] = []) {
		27	const base = getSanitizeOptions()
		28
		29	return {
		30	allowedTags: [
		31	...base.allowedTags,
		32	...additionalAllowedTags,
		33	'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6'
		34	],
		35	allowedSchemes: base.allowedSchemes,
		36	allowedAttributes: {
		37	...base.allowedAttributes,
		38	'': [ 'data-', 'style' ]
		39	}
		40	}
		41	}
		42
23	// Thanks: https://stackoverflow.com/a/12034334	43	// Thanks: https://stackoverflow.com/a/12034334
24	export function escapeHTML (stringParam: string) {	44	export function escapeHTML (stringParam: string) {
25	if (!stringParam) return ''	45	if (!stringParam) return ''