1 line
1.4 KiB
JavaScript
1 line
1.4 KiB
JavaScript
import{parseFragment,serialize}from"parse5";import sanitizeHTML from"sanitize-html";import{ALLOWED_HTML_ATTRIBUTES,TRUSTED_IFRAME_DOMAINS}from"../../common/constants.mjs";export function cleanHTML(t){const e=parseFragment(t);return sanitizeHTML(serialize(e),{allowedTags:["header","main","section","article","aside","nav","footer","div","address","h1","h2","h3","h4","h5","h6","hr","br","p","blockquote","summary","details","span","code","pre","a","label","abbr","cite","mark","q","ruby","rp","rt","small","time","dfn","sub","sup","strong","em","b","i","u","s","del","ins","ol","ul","li","dl","dd","dt","table","thead","tbody","tfoot","tr","th","td","col","colgroup","form","input","select","option","button","datalist","fieldset","legend","meter","optgroup","progress","textarea","figure","figcaption","caption","img","video","map","area","track","picture","source","audio","iframe"],allowedAttributes:ALLOWED_HTML_ATTRIBUTES,allowedSchemes:["http","https","data","mailto"],transformTags:{"*":sanitizeTooltips,iframe:sanitizeIframes}})}function sanitizeIframes(t,e){const a=URL.parseSafe(e.src),r=a?.hostname;return TRUSTED_IFRAME_DOMAINS.some((t=>r===t||r?.endsWith(`.${t}`)))?delete e.sandbox:e.sandbox="allow-scripts allow-forms",{tagName:"iframe",attribs:e}}function sanitizeTooltips(t,e){return e["data-tooltip"]&&(e["data-tooltip"]=cleanHTML(e["data-tooltip"])),{tagName:t,attribs:e}}export function stripTags(t){return t.replace(/<[^>]+>/g,"")} |