audiobookshelf/server/utils/htmlSanitizer.js

const sanitizeHtml = require('../libs/sanitizeHtml')
const { entities } = require('./htmlEntities')

function sanitize(html) {
  const sanitizerOptions = {
    allowedTags: ['p', 'ol', 'ul', 'li', 'a', 'strong', 'em', 'del', 'br', 'b', 'i'],
    disallowedTagsMode: 'discard',
    allowedAttributes: {
      a: ['href', 'name', 'target']
    },
    allowedSchemes: ['http', 'https', 'mailto'],
    allowProtocolRelative: false
  }

  return sanitizeHtml(html, sanitizerOptions)
}
module.exports.sanitize = sanitize

function stripAllTags(html, shouldDecodeEntities = true) {
  const sanitizerOptions = {
    allowedTags: [],
    disallowedTagsMode: 'discard'
  }

  let sanitized = sanitizeHtml(html, sanitizerOptions)
  return shouldDecodeEntities ? decodeHTMLEntities(sanitized) : sanitized
}
module.exports.stripAllTags = stripAllTags

function decodeHTMLEntities(strToDecode) {
  return strToDecode.replace(/\&([^;]+);?/g, function (entity) {
    if (entity in entities) {
      return entities[entity]
    }
    return entity
  })
}
Add:HTML sanitizer lib to support html in podcasts and replace strip html lib 2022-05-28 02:41:40 +02:00			`const sanitizeHtml = require('../libs/sanitizeHtml')`
Support rich text book descriptions 2025-01-22 07:53:23 +01:00			`const { entities } = require('./htmlEntities')`
Add:HTML sanitizer lib to support html in podcasts and replace strip html lib 2022-05-28 02:41:40 +02:00
			`function sanitize(html) {`
			`const sanitizerOptions = {`
Support rich text book descriptions 2025-01-22 07:53:23 +01:00			`allowedTags: ['p', 'ol', 'ul', 'li', 'a', 'strong', 'em', 'del', 'br', 'b', 'i'],`
Add:HTML sanitizer lib to support html in podcasts and replace strip html lib 2022-05-28 02:41:40 +02:00			`disallowedTagsMode: 'discard',`
			`allowedAttributes: {`
			`a: ['href', 'name', 'target']`
			`},`
Fix mailto links not working in podcast show notes. 2023-01-21 22:46:38 +01:00			`allowedSchemes: ['http', 'https', 'mailto'],`
Add:HTML sanitizer lib to support html in podcasts and replace strip html lib 2022-05-28 02:41:40 +02:00			`allowProtocolRelative: false`
			`}`

			`return sanitizeHtml(html, sanitizerOptions)`
			`}`
			`module.exports.sanitize = sanitize`

Ability to decode HTML Entities when all tags are stripped. Fixes #929 2022-08-31 01:20:35 +02:00			`function stripAllTags(html, shouldDecodeEntities = true) {`
Add:HTML sanitizer lib to support html in podcasts and replace strip html lib 2022-05-28 02:41:40 +02:00			`const sanitizerOptions = {`
			`allowedTags: [],`
			`disallowedTagsMode: 'discard'`
			`}`

Ability to decode HTML Entities when all tags are stripped. Fixes #929 2022-08-31 01:20:35 +02:00			`let sanitized = sanitizeHtml(html, sanitizerOptions)`
			`return shouldDecodeEntities ? decodeHTMLEntities(sanitized) : sanitized`
			`}`
			`module.exports.stripAllTags = stripAllTags`

			`function decodeHTMLEntities(strToDecode) {`
Optional match on ending ; 2022-08-31 03:15:18 +02:00			`return strToDecode.replace(/\&([^;]+);?/g, function (entity) {`
Ability to decode HTML Entities when all tags are stripped. Fixes #929 2022-08-31 01:20:35 +02:00			`if (entity in entities) {`
			`return entities[entity]`
			`}`
Support rich text book descriptions 2025-01-22 07:53:23 +01:00			`return entity`
Ability to decode HTML Entities when all tags are stripped. Fixes #929 2022-08-31 01:20:35 +02:00			`})`
Add:HTML sanitizer lib to support html in podcasts and replace strip html lib 2022-05-28 02:41:40 +02:00			`}`