From 9ff36c2d70956d2775d207c7809adb6fe7f2f2a5 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 17 Nov 2020 14:34:09 +0100 Subject: Refactor markdown/sanitize html code --- .../src/app/core/renderer/html-renderer.service.ts | 23 ++-------------- client/src/app/core/renderer/markdown.service.ts | 32 ++++++++-------------- server/lib/emailer.ts | 32 ++-------------------- shared/core-utils/index.ts | 4 +++ shared/core-utils/renderer/html.ts | 21 ++++++++++++++ shared/core-utils/renderer/index.ts | 2 ++ shared/core-utils/renderer/markdown.ts | 23 ++++++++++++++++ 7 files changed, 67 insertions(+), 70 deletions(-) create mode 100644 shared/core-utils/renderer/html.ts create mode 100644 shared/core-utils/renderer/index.ts create mode 100644 shared/core-utils/renderer/markdown.ts diff --git a/client/src/app/core/renderer/html-renderer.service.ts b/client/src/app/core/renderer/html-renderer.service.ts index 302d92ed9..1fe91b96b 100644 --- a/client/src/app/core/renderer/html-renderer.service.ts +++ b/client/src/app/core/renderer/html-renderer.service.ts @@ -1,5 +1,6 @@ import { Injectable } from '@angular/core' import { LinkifierService } from './linkifier.service' +import { SANITIZE_OPTIONS } from '@shared/core-utils/renderer/html' @Injectable() export class HtmlRendererService { @@ -25,27 +26,7 @@ export class HtmlRendererService { // Convert possible markdown to html const html = this.linkifier.linkify(text) - return this.sanitizeHtml(html, { - allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ], - allowedSchemes: [ 'http', 'https' ], - allowedAttributes: { - 'a': [ 'href', 'class', 'target', 'rel' ] - }, - transformTags: { - a: (tagName, attribs) => { - let rel = 'noopener noreferrer' - if (attribs.rel === 'me') rel += ' me' - - return { - tagName, - attribs: Object.assign(attribs, { - target: '_blank', - rel - }) - } - } - } - }) + return this.sanitizeHtml(html, SANITIZE_OPTIONS) } private async loadSanitizeHtml () { diff --git a/client/src/app/core/renderer/markdown.service.ts b/client/src/app/core/renderer/markdown.service.ts index 0e5c2ed75..0fde3f99d 100644 --- a/client/src/app/core/renderer/markdown.service.ts +++ b/client/src/app/core/renderer/markdown.service.ts @@ -1,6 +1,13 @@ import * as MarkdownIt from 'markdown-it' import { buildVideoLink } from 'src/assets/player/utils' import { Injectable } from '@angular/core' +import { + COMPLETE_RULES, + ENHANCED_RULES, + ENHANCED_WITH_HTML_RULES, + TEXT_RULES, + TEXT_WITH_HTML_RULES +} from '@shared/core-utils/renderer/markdown' import { HtmlRendererService } from './html-renderer.service' type MarkdownParsers = { @@ -25,21 +32,6 @@ type MarkdownParserConfigs = { @Injectable() export class MarkdownService { - static TEXT_RULES = [ - 'linkify', - 'autolink', - 'emphasis', - 'link', - 'newline', - 'list' - ] - static TEXT_WITH_HTML_RULES = MarkdownService.TEXT_RULES.concat([ 'html_inline', 'html_block' ]) - - static ENHANCED_RULES = MarkdownService.TEXT_RULES.concat([ 'image' ]) - static ENHANCED_WITH_HTML_RULES = MarkdownService.TEXT_WITH_HTML_RULES.concat([ 'image' ]) - - static COMPLETE_RULES = MarkdownService.ENHANCED_WITH_HTML_RULES.concat([ 'block', 'inline', 'heading', 'paragraph' ]) - private markdownParsers: MarkdownParsers = { textMarkdownIt: null, textWithHTMLMarkdownIt: null, @@ -48,13 +40,13 @@ export class MarkdownService { completeMarkdownIt: null } private parsersConfig: MarkdownParserConfigs = { - textMarkdownIt: { rules: MarkdownService.TEXT_RULES, html: false }, - textWithHTMLMarkdownIt: { rules: MarkdownService.TEXT_WITH_HTML_RULES, html: true, escape: true }, + textMarkdownIt: { rules: TEXT_RULES, html: false }, + textWithHTMLMarkdownIt: { rules: TEXT_WITH_HTML_RULES, html: true, escape: true }, - enhancedMarkdownIt: { rules: MarkdownService.ENHANCED_RULES, html: false }, - enhancedWithHTMLMarkdownIt: { rules: MarkdownService.ENHANCED_WITH_HTML_RULES, html: true, escape: true }, + enhancedMarkdownIt: { rules: ENHANCED_RULES, html: false }, + enhancedWithHTMLMarkdownIt: { rules: ENHANCED_WITH_HTML_RULES, html: true, escape: true }, - completeMarkdownIt: { rules: MarkdownService.COMPLETE_RULES, html: true } + completeMarkdownIt: { rules: COMPLETE_RULES, html: true } } constructor (private htmlRenderer: HtmlRendererService) {} diff --git a/server/lib/emailer.ts b/server/lib/emailer.ts index 40f278608..650a3c090 100644 --- a/server/lib/emailer.ts +++ b/server/lib/emailer.ts @@ -5,6 +5,7 @@ import { join } from 'path' import { VideoChannelModel } from '@server/models/video/video-channel' import { MVideoBlacklistLightVideo, MVideoBlacklistVideo } from '@server/types/models/video/video-blacklist' import { MVideoImport, MVideoImportVideo } from '@server/types/models/video/video-import' +import { SANITIZE_OPTIONS, TEXT_WITH_HTML_RULES } from '@shared/core-utils' import { AbuseState, EmailPayload, UserAbuse } from '@shared/models' import { SendEmailOptions } from '../../shared/models/server/emailer.model' import { isTestInstance, root } from '../helpers/core-utils' @@ -20,14 +21,7 @@ const markdownItEmoji = require('markdown-it-emoji/light') const MarkdownItClass = require('markdown-it') const markdownIt = new MarkdownItClass('default', { linkify: true, breaks: true, html: true }) -markdownIt.enable([ - 'linkify', - 'autolink', - 'emphasis', - 'link', - 'newline', - 'list' -]) +markdownIt.enable(TEXT_WITH_HTML_RULES) markdownIt.use(markdownItEmoji) @@ -39,27 +33,7 @@ const toSafeHtml = text => { const html = markdownIt.render(textWithLineFeed) // Convert to safe Html - return sanitizeHtml(html, { - allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ], - allowedSchemes: [ 'http', 'https' ], - allowedAttributes: { - a: [ 'href', 'class', 'target', 'rel' ] - }, - transformTags: { - a: (tagName, attribs) => { - let rel = 'noopener noreferrer' - if (attribs.rel === 'me') rel += ' me' - - return { - tagName, - attribs: Object.assign(attribs, { - target: '_blank', - rel - }) - } - } - } - }) + return sanitizeHtml(html, SANITIZE_OPTIONS) } const Email = require('email-templates') diff --git a/shared/core-utils/index.ts b/shared/core-utils/index.ts index 54e233522..42d7cab1d 100644 --- a/shared/core-utils/index.ts +++ b/shared/core-utils/index.ts @@ -1,3 +1,7 @@ +export * from './abuse' +export * from './i18n' export * from './logs' export * from './miscs' export * from './plugins' +export * from './renderer' +export * from './users' diff --git a/shared/core-utils/renderer/html.ts b/shared/core-utils/renderer/html.ts new file mode 100644 index 000000000..37ae5147c --- /dev/null +++ b/shared/core-utils/renderer/html.ts @@ -0,0 +1,21 @@ +export const SANITIZE_OPTIONS = { + allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ], + allowedSchemes: [ 'http', 'https' ], + allowedAttributes: { + a: [ 'href', 'class', 'target', 'rel' ] + }, + transformTags: { + a: (tagName, attribs) => { + let rel = 'noopener noreferrer' + if (attribs.rel === 'me') rel += ' me' + + return { + tagName, + attribs: Object.assign(attribs, { + target: '_blank', + rel + }) + } + } + } +} diff --git a/shared/core-utils/renderer/index.ts b/shared/core-utils/renderer/index.ts new file mode 100644 index 000000000..0ad29d782 --- /dev/null +++ b/shared/core-utils/renderer/index.ts @@ -0,0 +1,2 @@ +export * from './markdown' +export * from './html' diff --git a/shared/core-utils/renderer/markdown.ts b/shared/core-utils/renderer/markdown.ts new file mode 100644 index 000000000..dff746d87 --- /dev/null +++ b/shared/core-utils/renderer/markdown.ts @@ -0,0 +1,23 @@ +export const TEXT_RULES = [ + 'linkify', + 'autolink', + 'emphasis', + 'link', + 'newline', + 'list' +] + +export const TEXT_WITH_HTML_RULES = TEXT_RULES.concat([ + 'html_inline', + 'html_block' +]) + +export const ENHANCED_RULES = TEXT_RULES.concat([ 'image' ]) +export const ENHANCED_WITH_HTML_RULES = TEXT_WITH_HTML_RULES.concat([ 'image' ]) + +export const COMPLETE_RULES = ENHANCED_WITH_HTML_RULES.concat([ + 'block', + 'inline', + 'heading', + 'paragraph' +]) -- cgit v1.2.3