Sanitize oembed html
This commit is contained in:
parent
74024e36b6
commit
265a97a191
|
@ -34,3 +34,5 @@ export { default as mime } from 'npm:mime@^3.0.0';
|
||||||
export { unfurl } from 'npm:unfurl.js@^6.3.2';
|
export { unfurl } from 'npm:unfurl.js@^6.3.2';
|
||||||
export { default as TTLCache } from 'npm:@isaacs/ttlcache@^1.4.0';
|
export { default as TTLCache } from 'npm:@isaacs/ttlcache@^1.4.0';
|
||||||
export { default as uuid62 } from 'npm:uuid62@^1.0.2';
|
export { default as uuid62 } from 'npm:uuid62@^1.0.2';
|
||||||
|
// @deno-types="npm:@types/sanitize-html@2.9.0"
|
||||||
|
export { default as sanitizeHtml } from 'npm:sanitize-html@^2.10.0';
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
import { findReplyTag, lodash, nip19, TTLCache, unfurl, z } from '@/deps.ts';
|
import { findReplyTag, lodash, nip19, sanitizeHtml, TTLCache, unfurl, z } from '@/deps.ts';
|
||||||
import { type Event } from '@/event.ts';
|
import { type Event } from '@/event.ts';
|
||||||
import { emojiTagSchema, filteredArray, type MetaContent, parseMetaContent } from '@/schema.ts';
|
import { emojiTagSchema, filteredArray, type MetaContent, parseMetaContent } from '@/schema.ts';
|
||||||
|
|
||||||
|
@ -211,7 +211,12 @@ async function unfurlCard(url: string): Promise<PreviewCard | null> {
|
||||||
provider_name: result.oEmbed?.provider_name || '',
|
provider_name: result.oEmbed?.provider_name || '',
|
||||||
provider_url: result.oEmbed?.provider_url || '',
|
provider_url: result.oEmbed?.provider_url || '',
|
||||||
// @ts-expect-error `html` does in fact exist on oEmbed.
|
// @ts-expect-error `html` does in fact exist on oEmbed.
|
||||||
html: result.oEmbed?.html || '',
|
html: sanitizeHtml(result.oEmbed?.html || '', {
|
||||||
|
allowedTags: ['iframe'],
|
||||||
|
allowedAttributes: {
|
||||||
|
iframe: ['width', 'height', 'src', 'frameborder', 'allowfullscreen'],
|
||||||
|
},
|
||||||
|
}),
|
||||||
width: result.oEmbed?.width || 0,
|
width: result.oEmbed?.width || 0,
|
||||||
height: result.oEmbed?.height || 0,
|
height: result.oEmbed?.height || 0,
|
||||||
image: result.oEmbed?.thumbnails?.[0].url || result.open_graph.images?.[0].url || null,
|
image: result.oEmbed?.thumbnails?.[0].url || result.open_graph.images?.[0].url || null,
|
||||||
|
|
Loading…
Reference in New Issue