muerwre/vault-frontend
1
0
Fork 0
mirror of https://github.com/muerwre/vault-frontend.git synced 2025-04-24 20:36:40 +07:00
Code Packages Activity Actions

added insane to sanitize html

Browse source
This commit is contained in:
Fedor Katurov 2021-02-24 17:55:23 +07:00
parent 165039c177
commit b58ddba328
6 changed files with 93 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

1
package.json
View file

@ -14,6 +14,7 @@
"connected-react-router": "^6.5.2", "connected-react-router": "^6.5.2",
"date-fns": "^2.4.1", "date-fns": "^2.4.1",
"flexbin": "^0.2.0", "flexbin": "^0.2.0",
"insane": "^2.6.2",
"marked": "^2.0.0", "marked": "^2.0.0",
"node-sass": "4.14.1", "node-sass": "4.14.1",
"photoswipe": "^4.1.3", "photoswipe": "^4.1.3",

20
src/components/comment/CommentTextBlock/styles.module.scss
View file

@ -29,14 +29,14 @@
color: $wisegreen; color: $wisegreen;
} }
&:last-child { //&:last-child {
p { // p {
&::after { // &::after {
content: ''; // content: '';
display: inline-flex; // display: inline-flex;
height: 1em; // height: 1em;
width: 150px; // width: 150px;
} // }
} // }
} //}
} }

4
src/utils/dom.ts
View file

@ -95,14 +95,14 @@ export const getURL = (file: Partial<IFile>, size?: typeof PRESETS[keyof typeof
}; };
export const formatText = pipe( export const formatText = pipe(
formatTextSanitizeTags,
formatTextSanitizeYoutube, formatTextSanitizeYoutube,
formatTextComments, formatTextComments,
formatTextTodos, formatTextTodos,
formatExclamations, formatExclamations,
formatTextDash, formatTextDash,
formatTextMarkdown, formatTextMarkdown,
formatTextClickableUsernames formatTextClickableUsernames,
formatTextSanitizeTags
); );
export const formatTextParagraphs = (text: string): string => (text && formatText(text)) || null; export const formatTextParagraphs = (text: string): string => (text && formatText(text)) || null;

4
src/utils/formatText.ts
View file

@ -1,4 +1,5 @@
import marked from 'marked'; import marked from 'marked';
import { stripHTMLTags } from '~/utils/stripHTMLTags';
/** /**
* Cleans youtube urls * Cleans youtube urls
@ -12,8 +13,7 @@ export const formatTextSanitizeYoutube = (text: string): string =>
/** /**
* Removes HTML tags * Removes HTML tags
*/ */
export const formatTextSanitizeTags = (text: string): string => export const formatTextSanitizeTags = (text: string): string => stripHTMLTags(text);
text.replace(/</g, '&lt;').replace(/>/g, '&gt;');
/** /**
* Returns clickable usernames * Returns clickable usernames

60
src/utils/stripHTMLTags.ts Normal file
View file

@ -0,0 +1,60 @@
import insane from 'insane';
const INSANE_OPTIONS = {
allowedAttributes: {
a: ['href', 'name', 'target'],
img: ['src'],
},
allowedClasses: {
span: ['grey'],
},
allowedSchemes: ['http', 'https', 'mailto', 'ssh', 'ftp', 'tg'],
allowedTags: [
'a',
'article',
'b',
'blockquote',
'br',
'caption',
'code',
'del',
'details',
'div',
'em',
'h1',
'h2',
'h3',
'h4',
'h5',
'h6',
'hr',
'i',
'img',
'ins',
'kbd',
'li',
'main',
'ol',
'p',
'pre',
'section',
'span',
'strike',
'strong',
'sub',
'summary',
'sup',
'table',
'tbody',
'td',
'th',
'thead',
'tr',
'u',
'ul',
],
filter: null,
transformText: null,
};
export const stripHTMLTags = (text: string) => insane(text, INSANE_OPTIONS);

18
yarn.lock
View file

@ -2309,6 +2309,11 @@ assign-symbols@^1.0.0:
resolved "https://registry.yarnpkg.com/assign-symbols/-/assign-symbols-1.0.0.tgz#59667f41fadd4f20ccbc2bb96b8d4f7f78ec0367" resolved "https://registry.yarnpkg.com/assign-symbols/-/assign-symbols-1.0.0.tgz#59667f41fadd4f20ccbc2bb96b8d4f7f78ec0367"
integrity sha1-WWZ/QfrdTyDMvCu5a41Pf3jsA2c= integrity sha1-WWZ/QfrdTyDMvCu5a41Pf3jsA2c=
assignment@2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/assignment/-/assignment-2.0.0.tgz#ffd17b21bf5d6b22e777b989681a815456a3dd3e"
integrity sha1-/9F7Ib9dayLnd7mJaBqBVFaj3T4=
ast-types-flow@0.0.7, ast-types-flow@^0.0.7: ast-types-flow@0.0.7, ast-types-flow@^0.0.7:
version "0.0.7" version "0.0.7"
resolved "https://registry.yarnpkg.com/ast-types-flow/-/ast-types-flow-0.0.7.tgz#f70b735c6bca1a5c9c22d982c3e39e7feba3bdad" resolved "https://registry.yarnpkg.com/ast-types-flow/-/ast-types-flow-0.0.7.tgz#f70b735c6bca1a5c9c22d982c3e39e7feba3bdad"
@ -5405,6 +5410,11 @@ hash.js@^1.0.0, hash.js@^1.0.3:
inherits "^2.0.3" inherits "^2.0.3"
minimalistic-assert "^1.0.1" minimalistic-assert "^1.0.1"
he@0.5.0:
version "0.5.0"
resolved "https://registry.yarnpkg.com/he/-/he-0.5.0.tgz#2c05ffaef90b68e860f3fd2b54ef580989277ee2"
integrity sha1-LAX/rvkLaOhg8/0rVO9YCYknfuI=
he@^1.2.0: he@^1.2.0:
version "1.2.0" version "1.2.0"
resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f" resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f"
@ -5784,6 +5794,14 @@ inquirer@^7.0.0:
strip-ansi "^6.0.0" strip-ansi "^6.0.0"
through "^2.3.6" through "^2.3.6"
insane@^2.6.2:
version "2.6.2"
resolved "https://registry.yarnpkg.com/insane/-/insane-2.6.2.tgz#c2ab68bb3e006ab451560d1b446917329c0a8120"
integrity sha1-wqtouz4AarRRVg0bRGkXMpwKgSA=
dependencies:
assignment "2.0.0"
he "0.5.0"
internal-ip@^4.3.0: internal-ip@^4.3.0:
version "4.3.0" version "4.3.0"
resolved "https://registry.yarnpkg.com/internal-ip/-/internal-ip-4.3.0.tgz#845452baad9d2ca3b69c635a137acb9a0dad0907" resolved "https://registry.yarnpkg.com/internal-ip/-/internal-ip-4.3.0.tgz#845452baad9d2ca3b69c635a137acb9a0dad0907"