wikijs-fork/server/modules/rendering/html-security/renderer.js

53 lines
1.9 KiB
JavaScript
Raw Normal View History

2019-12-12 04:35:54 +00:00
const xss = require('xss')
2018-09-16 04:35:03 +00:00
2019-12-12 04:35:54 +00:00
module.exports = {
async init(input, config) {
if (config.safeHTML) {
input = xss(input, {
whiteList: {
...xss.whiteList,
a: ['class', 'id', 'href', 'style', 'target', 'title'],
blockquote: ['class', 'id', 'style'],
code: ['class', 'style'],
details: ['class', 'style'],
div: ['class', 'id', 'style'],
em: ['class', 'style'],
2020-02-27 06:17:24 +00:00
figcaption: ['class', 'style'],
figure: ['class', 'style'],
h1: ['class', 'id', 'style'],
h2: ['class', 'id', 'style'],
h3: ['class', 'id', 'style'],
h4: ['class', 'id', 'style'],
h5: ['class', 'id', 'style'],
h6: ['class', 'id', 'style'],
2020-04-17 17:04:56 +00:00
i: ['class', 'style'],
img: ['alt', 'class', 'draggable', 'height', 'src', 'style', 'width'],
2020-03-21 16:49:25 +00:00
input: ['class', 'disabled', 'type', 'checked', 'id'],
2020-02-08 21:11:35 +00:00
kbd: ['class'],
2020-03-21 16:49:25 +00:00
label: ['class', 'id', 'for'],
li: ['class', 'style'],
2020-01-11 00:48:16 +00:00
mark: ['class', 'style'],
ol: ['class', 'style'],
p: ['class', 'style'],
path: ['d', 'style'],
pre: ['class', 'style'],
section: ['class', 'style'],
span: ['class', 'style', 'aria-hidden'],
strong: ['class', 'style'],
summary: ['class', 'style'],
svg: ['width', 'height', 'viewbox', 'preserveaspectratio', 'style'],
table: ['border', 'class', 'id', 'style', 'width'],
tbody: ['class', 'style'],
td: ['align', 'class', 'colspan', 'rowspan', 'style', 'valign'],
th: ['align', 'class', 'colspan', 'rowspan', 'style', 'valign'],
thead: ['class', 'style'],
tr: ['class', 'rowspan', 'style', 'align', 'valign'],
ul: ['class', 'style']
},
css: false
2019-12-12 04:35:54 +00:00
})
}
return input
2018-09-16 04:35:03 +00:00
}
}