2022-05-28 02:41:40 +02:00
|
|
|
const sanitizeHtml = require('../libs/sanitizeHtml')
|
2022-08-31 01:20:35 +02:00
|
|
|
const {entities} = require("./htmlEntities");
|
2022-05-28 02:41:40 +02:00
|
|
|
|
|
|
|
function sanitize(html) {
|
|
|
|
const sanitizerOptions = {
|
|
|
|
allowedTags: [
|
2022-05-28 20:36:58 +02:00
|
|
|
'p', 'ol', 'ul', 'li', 'a', 'strong', 'em', 'del'
|
2022-05-28 02:41:40 +02:00
|
|
|
],
|
|
|
|
disallowedTagsMode: 'discard',
|
|
|
|
allowedAttributes: {
|
|
|
|
a: ['href', 'name', 'target']
|
|
|
|
},
|
2023-01-21 22:46:38 +01:00
|
|
|
allowedSchemes: ['http', 'https', 'mailto'],
|
2022-05-28 02:41:40 +02:00
|
|
|
allowProtocolRelative: false
|
|
|
|
}
|
|
|
|
|
|
|
|
return sanitizeHtml(html, sanitizerOptions)
|
|
|
|
}
|
|
|
|
module.exports.sanitize = sanitize
|
|
|
|
|
2022-08-31 01:20:35 +02:00
|
|
|
function stripAllTags(html, shouldDecodeEntities = true) {
|
2022-05-28 02:41:40 +02:00
|
|
|
const sanitizerOptions = {
|
|
|
|
allowedTags: [],
|
|
|
|
disallowedTagsMode: 'discard'
|
|
|
|
}
|
|
|
|
|
2022-08-31 01:20:35 +02:00
|
|
|
let sanitized = sanitizeHtml(html, sanitizerOptions)
|
|
|
|
return shouldDecodeEntities ? decodeHTMLEntities(sanitized) : sanitized
|
|
|
|
}
|
|
|
|
module.exports.stripAllTags = stripAllTags
|
|
|
|
|
|
|
|
function decodeHTMLEntities(strToDecode) {
|
2022-08-31 03:15:18 +02:00
|
|
|
return strToDecode.replace(/\&([^;]+);?/g, function (entity) {
|
2022-08-31 01:20:35 +02:00
|
|
|
if (entity in entities) {
|
|
|
|
return entities[entity]
|
|
|
|
}
|
|
|
|
return entity;
|
|
|
|
})
|
2022-05-28 02:41:40 +02:00
|
|
|
}
|