Merge branch 'dompurify' into 'main'

sanitize-html -> isomorphic-dompurify

See merge request soapbox-pub/ditto!289
This commit is contained in:
Alex Gleason 2024-05-21 17:47:55 +00:00
commit 40d2ed1f0a
3 changed files with 5 additions and 8 deletions

View File

@ -43,6 +43,7 @@
"hono": "https://deno.land/x/hono@v3.10.1/mod.ts", "hono": "https://deno.land/x/hono@v3.10.1/mod.ts",
"hono/middleware": "https://deno.land/x/hono@v3.10.1/middleware.ts", "hono/middleware": "https://deno.land/x/hono@v3.10.1/middleware.ts",
"iso-639-1": "npm:iso-639-1@2.1.15", "iso-639-1": "npm:iso-639-1@2.1.15",
"isomorphic-dompurify": "npm:isomorphic-dompurify@^2.11.0",
"kysely": "npm:kysely@^0.27.3", "kysely": "npm:kysely@^0.27.3",
"kysely_deno_postgres": "https://deno.land/x/kysely_deno_postgres@v0.4.0/mod.ts", "kysely_deno_postgres": "https://deno.land/x/kysely_deno_postgres@v0.4.0/mod.ts",
"linkify-plugin-hashtag": "npm:linkify-plugin-hashtag@^4.1.1", "linkify-plugin-hashtag": "npm:linkify-plugin-hashtag@^4.1.1",

View File

@ -1,6 +1,4 @@
import 'deno-safe-fetch'; import 'deno-safe-fetch';
// @deno-types="npm:@types/sanitize-html@2.9.0"
export { default as sanitizeHtml } from 'npm:sanitize-html@^2.11.0';
export { export {
type ParsedSignature, type ParsedSignature,
pemToPublicKey, pemToPublicKey,

View File

@ -1,8 +1,8 @@
import TTLCache from '@isaacs/ttlcache'; import TTLCache from '@isaacs/ttlcache';
import Debug from '@soapbox/stickynotes/debug'; import Debug from '@soapbox/stickynotes/debug';
import DOMPurify from 'isomorphic-dompurify';
import { unfurl } from 'unfurl.js'; import { unfurl } from 'unfurl.js';
import { sanitizeHtml } from '@/deps.ts';
import { Time } from '@/utils/time.ts'; import { Time } from '@/utils/time.ts';
import { fetchWorker } from '@/workers/fetch.ts'; import { fetchWorker } from '@/workers/fetch.ts';
@ -44,11 +44,9 @@ async function unfurlCard(url: string, signal: AbortSignal): Promise<PreviewCard
provider_name: oEmbed?.provider_name || '', provider_name: oEmbed?.provider_name || '',
provider_url: oEmbed?.provider_url || '', provider_url: oEmbed?.provider_url || '',
// @ts-expect-error `html` does in fact exist on oEmbed. // @ts-expect-error `html` does in fact exist on oEmbed.
html: sanitizeHtml(oEmbed?.html || '', { html: DOMPurify.sanitize(oEmbed?.html || '', {
allowedTags: ['iframe'], ALLOWED_TAGS: ['iframe'],
allowedAttributes: { ALLOWED_ATTR: ['src', 'width', 'height', 'frameborder', 'allowfullscreen'],
iframe: ['width', 'height', 'src', 'frameborder', 'allowfullscreen'],
},
}), }),
width: ((oEmbed && oEmbed.type !== 'link') ? oEmbed.width : 0) || 0, width: ((oEmbed && oEmbed.type !== 'link') ? oEmbed.width : 0) || 0,
height: ((oEmbed && oEmbed.type !== 'link') ? oEmbed.height : 0) || 0, height: ((oEmbed && oEmbed.type !== 'link') ? oEmbed.height : 0) || 0,