Skip to content

Commit 0242b59

Browse files
reeshika-hreeshika-h
committed
chore: final changes done
1 parent b78c9da commit 0242b59

File tree

2 files changed

+41
-40
lines changed

2 files changed

+41
-40
lines changed

src/helper/sanitize.ts

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,16 @@
11

2-
type AllowedTags = 'p' | 'a' | 'strong' | 'em' | 'ul' | 'ol' | 'li';
3-
type AllowedAttributes = 'href' | 'title' | 'target' | 'alt' | 'src';
2+
type AllowedTags = 'p' | 'a' | 'strong' | 'em' | 'ul' | 'ol' | 'li' | 'h1' | 'h2' | 'h3' | 'h4' | 'h5' | 'h6' | 'sub' | 'u' | 'table' | 'thead' | 'tbody' | 'tr' | 'th' | 'td' | 'span'|'fragment'|'strike'|'sup'|'br';
3+
type AllowedAttributes = 'href' | 'title' | 'target' | 'alt' | 'src' | 'class' | 'id' | 'style';
44

5-
export function sanitizeHTML(input: string, allowedTags: AllowedTags[] = ['p', 'a', 'strong', 'em', 'ul', 'ol', 'li'], allowedAttributes: AllowedAttributes[] = ['href', 'title', 'target']): string {
5+
export function sanitizeHTML(input: string, allowedTags: AllowedTags[] = ['p', 'a', 'strong', 'em', 'ul', 'ol', 'li', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'sub', 'u', 'table', 'thead', 'tbody', 'tr', 'th', 'td', 'span','fragment','sup','strike','br'], allowedAttributes: AllowedAttributes[] = ['href', 'title', 'target', 'alt', 'src', 'class', 'id', 'style']): string {
66
// Regular expression to find and remove all HTML tags except the allowed ones
7-
const sanitized = input.replace(/<\/?([a-z][a-z0-9]*)\b[^>]*>?/gi, (match, tag) => {
7+
const sanitized = input.replace(/<\/?([a-z][a-z0-9]*)\b[^<>]*>/gi, (match, tag) => {
88
return allowedTags.includes(tag.toLowerCase()) ? match : '';
99
});
1010

1111
// Regular expression to remove all attributes except the allowed ones
12-
const cleaned = sanitized.replace(/\s([a-z:]+)=['"][^'"]*['"]/gi, (match, attribute) => {
12+
const cleaned = sanitized.replace(/\s([a-z:]+)=['"][^'"]*['"]/gi
13+
, (match, attribute) => {
1314
return allowedAttributes.includes(attribute.toLowerCase()) ? match : '';
1415
});
1516

src/options/default-node-options.ts

Lines changed: 35 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -9,70 +9,70 @@ export const defaultNodeOption: RenderOption = {
99
return ``
1010
},
1111
[NodeType.PARAGRAPH]:(node: Node, next: Next) => {
12-
return `<p${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</p>`
12+
return `<p${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</p>`
1313
},
1414
[NodeType.LINK]:(node: Node, next: Next) => {
1515
const sanitizedHref = sanitizeHTML(node.attrs.href || node.attrs.url);
1616
if (node.attrs.target) {
17-
return `<a${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``} href="${sanitizedHref}" target="${node.attrs.target}">${next(node.children)}</a>`
17+
return `<a${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``} href="${sanitizedHref}" target="${node.attrs.target}">${sanitizeHTML(next(node.children))}</a>`
1818
}
19-
return `<a${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``} href="${sanitizedHref}">${next(node.children)}</a>`
19+
return `<a${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``} href="${sanitizedHref}">${sanitizeHTML(next(node.children))}</a>`
2020
},
2121
[NodeType.IMAGE]:(node: Node, next: Next) => {
2222
const sanitizedSrc = sanitizeHTML(node.attrs.src || node.attrs.url);
23-
return `<img${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``} src="${sanitizedSrc}" />${next(node.children)}`
23+
return `<img${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``} src="${sanitizedSrc}" />${sanitizeHTML(next(node.children))}`
2424
},
2525
[NodeType.EMBED]:(node: Node, next: Next) => {
2626
const sanitizedSrc = sanitizeHTML(node.attrs.src || node.attrs.url);
27-
return `<iframe${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``} src="${sanitizedSrc}">${next(node.children)}</iframe>`
27+
return `<iframe${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``} src="${sanitizedSrc}">${sanitizeHTML(next(node.children))}</iframe>`
2828
},
2929
[NodeType.HEADING_1]:(node: Node, next: Next) => {
30-
return `<h1${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</h1>`
30+
return `<h1${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</h1>`
3131
},
3232
[NodeType.HEADING_2]:(node: Node, next: Next) => {
33-
return `<h2${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</h2>`
33+
return `<h2${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</h2>`
3434
},
3535
[NodeType.HEADING_3]:(node: Node, next: Next) => {
36-
return `<h3${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</h3>`
36+
return `<h3${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</h3>`
3737
},
3838
[NodeType.HEADING_4]:(node: Node, next: Next) => {
39-
return `<h4${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</h4>`
39+
return `<h4${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</h4>`
4040
},
4141
[NodeType.HEADING_5]:(node: Node, next: Next) => {
42-
return `<h5${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</h5>`
42+
return `<h5${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</h5>`
4343
},
4444
[NodeType.HEADING_6]:(node: Node, next: Next) => {
45-
return `<h6${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</h6>`
45+
return `<h6${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</h6>`
4646
},
4747
[NodeType.ORDER_LIST]:(node: Node, next: Next) => {
48-
return `<ol${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</ol>`
48+
return `<ol${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</ol>`
4949
},
5050
[NodeType.FRAGMENT]:(node: Node, next: Next) => {
51-
return `<fragment>${next(node.children)}</fragment>`
51+
return `<fragment>${sanitizeHTML(next(node.children))}</fragment>`
5252
},
5353
[NodeType.UNORDER_LIST]:(node: Node, next: Next) => {
54-
return `<ul${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</ul>`
54+
return `<ul${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</ul>`
5555
},
5656
[NodeType.LIST_ITEM]:(node: Node, next: Next) => {
57-
return `<li${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</li>`
57+
return `<li${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</li>`
5858
},
5959
[NodeType.HR]:(node: Node, next: Next) => {
6060
return `<hr>`
6161
},
6262
[NodeType.TABLE]:(node: Node, next: Next) => {
63-
return `<table${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</table>`
63+
return `<table${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</table>`
6464
},
6565
[NodeType.TABLE_HEADER]:(node: Node, next: Next) => {
66-
return `<thead${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</thead>`
66+
return `<thead${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</thead>`
6767
},
6868
[NodeType.TABLE_BODY]:(node: Node, next: Next) => {
69-
return `<tbody${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</tbody>`
69+
return `<tbody${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</tbody>`
7070
},
7171
[NodeType.TABLE_FOOTER]:(node: Node, next: Next) => {
72-
return `<tfoot${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</tfoot>`
72+
return `<tfoot${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</tfoot>`
7373
},
7474
[NodeType.TABLE_ROW]:(node: Node, next: Next) => {
75-
return `<tr${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</tr>`
75+
return `<tr${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</tr>`
7676
},
7777
[NodeType.TABLE_HEAD]:(node: Node, next: Next) => {
7878
if (node.attrs.void) return '';
@@ -82,7 +82,7 @@ export const defaultNodeOption: RenderOption = {
8282
`${node.attrs.colSpan ? ` colspan="${node.attrs.colSpan}"` : ``}` +
8383
`${node.attrs.style ? ` style="${node.attrs.style}"` : ``}`+
8484
`${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}`+
85-
`${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}` +
85+
`${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}` +
8686
`</th>`
8787
},
8888
[NodeType.TABLE_DATA]:(node: Node, next: Next) => {
@@ -93,52 +93,52 @@ export const defaultNodeOption: RenderOption = {
9393
`${node.attrs.colSpan ? ` colspan="${node.attrs.colSpan}"` : ``}` +
9494
`${node.attrs.style ? ` style="${node.attrs.style}"` : ``}`+
9595
`${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}`+
96-
`${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}` +
96+
`${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}` +
9797
`</td>`
9898
},
9999
[NodeType.BLOCK_QUOTE]:(node: Node, next: Next) => {
100-
return `<blockquote${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</blockquote>`
100+
return `<blockquote${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</blockquote>`
101101
},
102102
[NodeType.CODE]:(node: Node, next: Next) => {
103-
return `<code${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${next(node.children)}</code>`
103+
return `<code${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``}>${sanitizeHTML(next(node.children))}</code>`
104104
},
105105

106106
['reference']:(node: Node, next: Next) => {
107107
if (node.attrs.type === 'asset') {
108-
return `<img${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${node.attrs['class-name']}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``} src="${node.attrs['asset-link']}" />`
108+
return `<img${node.attrs.style ? ` style="${node.attrs.style}"` : ``}${node.attrs['class-name'] ? ` class="${sanitizeHTML(node.attrs['class-name'])}"` : ``}${node.attrs.id ? ` id="${node.attrs.id}"` : ``} src="${sanitizeHTML(node.attrs['asset-link'])}" />`
109109
}
110110
return ``
111111
},
112112
['default']:(node: Node, next: Next) => {
113-
return next(node.children)
113+
return sanitizeHTML(next(node.children))
114114
},
115115

116116
[MarkType.BOLD]:(text: string) => {
117-
return `<strong>${text}</strong>`
117+
return `<strong>${sanitizeHTML(text)}</strong>`
118118
},
119119
[MarkType.ITALIC]:(text: string) => {
120-
return `<em>${text}</em>`
120+
return `<em>${sanitizeHTML(text)}</em>`
121121
},
122122
[MarkType.UNDERLINE]:(text: string) => {
123-
return `<u>${text}</u>`
123+
return `<u>${sanitizeHTML(text)}</u>`
124124
},
125125
[MarkType.STRIKE_THROUGH]:(text: string) => {
126-
return `<strike>${text}</strike>`
126+
return `<strike>${sanitizeHTML(text)}</strike>`
127127
},
128128
[MarkType.INLINE_CODE]:(text: string) => {
129-
return `<span>${text}</span>`
129+
return `<span>${sanitizeHTML(text)}</span>`
130130
},
131131
[MarkType.SUBSCRIPT]:(text: string) => {
132-
return `<sub>${text}</sub>`
132+
return `<sub>${sanitizeHTML(text)}</sub>`
133133
},
134134
[MarkType.SUPERSCRIPT]:(text: string) => {
135-
return `<sup>${text}</sup>`
135+
return `<sup>${sanitizeHTML(text)}</sup>`
136136
},
137137
[MarkType.BREAK]:(text: string) => {
138-
return `<br />${text}`
138+
return `<br />${sanitizeHTML(text)}`
139139
},
140140
[MarkType.CLASSNAME_OR_ID]:(text: string, classname: string, id:string) => {
141-
return `<span${classname ? ` class="${classname}"` : ``}${id ? ` id="${id}"` : ``}>${text}</span>`
141+
return `<span${classname ? ` class="${classname}"` : ``}${id ? ` id="${id}"` : ``}>${sanitizeHTML(text)}</span>`
142142
}
143143

144144
}

0 commit comments

Comments
 (0)