added insane to sanitize html

src/utils/dom.ts

@@ -95,14 +95,14 @@ export const getURL = (file: Partial<IFile>, size?: typeof PRESETS[keyof typeof
 };
 
 export const formatText = pipe(
-  formatTextSanitizeTags,
   formatTextSanitizeYoutube,
   formatTextComments,
   formatTextTodos,
   formatExclamations,
   formatTextDash,
   formatTextMarkdown,
-  formatTextClickableUsernames
+  formatTextClickableUsernames,
+  formatTextSanitizeTags
 );
 
 export const formatTextParagraphs = (text: string): string => (text && formatText(text)) || null;

src/utils/formatText.ts

@@ -1,4 +1,5 @@
 import marked from 'marked';
+import { stripHTMLTags } from '~/utils/stripHTMLTags';
 
 /**
  * Cleans youtube urls
@@ -12,8 +13,7 @@ export const formatTextSanitizeYoutube = (text: string): string =>
 /**
  * Removes HTML tags
  */
-export const formatTextSanitizeTags = (text: string): string =>
-  text.replace(/</g, '&lt;').replace(/>/g, '&gt;');
+export const formatTextSanitizeTags = (text: string): string => stripHTMLTags(text);
 
 /**
  * Returns clickable usernames

src/utils/stripHTMLTags.ts

@@ -0,0 +1,60 @@
+import insane from 'insane';
+
+const INSANE_OPTIONS = {
+  allowedAttributes: {
+    a: ['href', 'name', 'target'],
+    img: ['src'],
+  },
+  allowedClasses: {
+    span: ['grey'],
+  },
+  allowedSchemes: ['http', 'https', 'mailto', 'ssh', 'ftp', 'tg'],
+  allowedTags: [
+    'a',
+    'article',
+    'b',
+    'blockquote',
+    'br',
+    'caption',
+    'code',
+    'del',
+    'details',
+    'div',
+    'em',
+    'h1',
+    'h2',
+    'h3',
+    'h4',
+    'h5',
+    'h6',
+    'hr',
+    'i',
+    'img',
+    'ins',
+    'kbd',
+    'li',
+    'main',
+    'ol',
+    'p',
+    'pre',
+    'section',
+    'span',
+    'strike',
+    'strong',
+    'sub',
+    'summary',
+    'sup',
+    'table',
+    'tbody',
+    'td',
+    'th',
+    'thead',
+    'tr',
+    'u',
+    'ul',
+  ],
+  filter: null,
+  transformText: null,
+};
+
+export const stripHTMLTags = (text: string) => insane(text, INSANE_OPTIONS);