mirror of
https://activitypub.software/TransFem-org/Sharkey
synced 2024-12-22 16:30:13 +00:00
laxer HTML sanitisation for admin-controlled text - fixes #447
This commit is contained in:
parent
9de4e3c7aa
commit
2c40dd31f3
4 changed files with 21 additions and 3 deletions
|
@ -65,7 +65,7 @@ SPDX-License-Identifier: AGPL-3.0-only
|
||||||
import { computed, ref } from 'vue';
|
import { computed, ref } from 'vue';
|
||||||
import { instance } from '@/instance.js';
|
import { instance } from '@/instance.js';
|
||||||
import { i18n } from '@/i18n.js';
|
import { i18n } from '@/i18n.js';
|
||||||
import sanitizeHtml from 'sanitize-html';
|
import sanitizeHtml from '@/scripts/sanitize-html.js';
|
||||||
import MkButton from '@/components/MkButton.vue';
|
import MkButton from '@/components/MkButton.vue';
|
||||||
import MkFolder from '@/components/MkFolder.vue';
|
import MkFolder from '@/components/MkFolder.vue';
|
||||||
import MkSwitch from '@/components/MkSwitch.vue';
|
import MkSwitch from '@/components/MkSwitch.vue';
|
||||||
|
|
|
@ -56,7 +56,7 @@ SPDX-License-Identifier: AGPL-3.0-only
|
||||||
<script lang="ts" setup>
|
<script lang="ts" setup>
|
||||||
import { ref } from 'vue';
|
import { ref } from 'vue';
|
||||||
import * as Misskey from 'misskey-js';
|
import * as Misskey from 'misskey-js';
|
||||||
import sanitizeHtml from 'sanitize-html';
|
import sanitizeHtml from '@/scripts/sanitize-html.js';
|
||||||
import XSigninDialog from '@/components/MkSigninDialog.vue';
|
import XSigninDialog from '@/components/MkSigninDialog.vue';
|
||||||
import XSignupDialog from '@/components/MkSignupDialog.vue';
|
import XSignupDialog from '@/components/MkSignupDialog.vue';
|
||||||
import MkButton from '@/components/MkButton.vue';
|
import MkButton from '@/components/MkButton.vue';
|
||||||
|
|
|
@ -130,7 +130,7 @@ SPDX-License-Identifier: AGPL-3.0-only
|
||||||
</template>
|
</template>
|
||||||
|
|
||||||
<script lang="ts" setup>
|
<script lang="ts" setup>
|
||||||
import sanitizeHtml from 'sanitize-html';
|
import sanitizeHtml from '@/scripts/sanitize-html.js';
|
||||||
import { computed, watch, ref } from 'vue';
|
import { computed, watch, ref } from 'vue';
|
||||||
import * as Misskey from 'misskey-js';
|
import * as Misskey from 'misskey-js';
|
||||||
import XEmojis from './about.emojis.vue';
|
import XEmojis from './about.emojis.vue';
|
||||||
|
|
18
packages/frontend/src/scripts/sanitize-html.ts
Normal file
18
packages/frontend/src/scripts/sanitize-html.ts
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
/*
|
||||||
|
* SPDX-FileCopyrightText: dakkar and other Sharkey contributors
|
||||||
|
* SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
*/
|
||||||
|
|
||||||
|
import original from 'sanitize-html';
|
||||||
|
|
||||||
|
export default function sanitizeHtml(str: string | null): string | null {
|
||||||
|
if (str == null) return str;
|
||||||
|
return original(str, {
|
||||||
|
allowedTags: original.defaults.allowedTags.concat(['img', 'audio', 'video', 'center', 'details', 'summary']),
|
||||||
|
allowedAttributes: {
|
||||||
|
...original.defaults.allowedAttributes,
|
||||||
|
a: original.defaults.allowedAttributes.a.concat(['style']),
|
||||||
|
img: original.defaults.allowedAttributes.img.concat(['style']),
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
Loading…
Reference in a new issue