Merge branch 'dompurify' into 'main'
sanitize-html -> isomorphic-dompurify See merge request soapbox-pub/ditto!289
This commit is contained in:
commit
40d2ed1f0a
|
@ -43,6 +43,7 @@
|
||||||
"hono": "https://deno.land/x/hono@v3.10.1/mod.ts",
|
"hono": "https://deno.land/x/hono@v3.10.1/mod.ts",
|
||||||
"hono/middleware": "https://deno.land/x/hono@v3.10.1/middleware.ts",
|
"hono/middleware": "https://deno.land/x/hono@v3.10.1/middleware.ts",
|
||||||
"iso-639-1": "npm:iso-639-1@2.1.15",
|
"iso-639-1": "npm:iso-639-1@2.1.15",
|
||||||
|
"isomorphic-dompurify": "npm:isomorphic-dompurify@^2.11.0",
|
||||||
"kysely": "npm:kysely@^0.27.3",
|
"kysely": "npm:kysely@^0.27.3",
|
||||||
"kysely_deno_postgres": "https://deno.land/x/kysely_deno_postgres@v0.4.0/mod.ts",
|
"kysely_deno_postgres": "https://deno.land/x/kysely_deno_postgres@v0.4.0/mod.ts",
|
||||||
"linkify-plugin-hashtag": "npm:linkify-plugin-hashtag@^4.1.1",
|
"linkify-plugin-hashtag": "npm:linkify-plugin-hashtag@^4.1.1",
|
||||||
|
|
|
@ -1,6 +1,4 @@
|
||||||
import 'deno-safe-fetch';
|
import 'deno-safe-fetch';
|
||||||
// @deno-types="npm:@types/sanitize-html@2.9.0"
|
|
||||||
export { default as sanitizeHtml } from 'npm:sanitize-html@^2.11.0';
|
|
||||||
export {
|
export {
|
||||||
type ParsedSignature,
|
type ParsedSignature,
|
||||||
pemToPublicKey,
|
pemToPublicKey,
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
import TTLCache from '@isaacs/ttlcache';
|
import TTLCache from '@isaacs/ttlcache';
|
||||||
import Debug from '@soapbox/stickynotes/debug';
|
import Debug from '@soapbox/stickynotes/debug';
|
||||||
|
import DOMPurify from 'isomorphic-dompurify';
|
||||||
import { unfurl } from 'unfurl.js';
|
import { unfurl } from 'unfurl.js';
|
||||||
|
|
||||||
import { sanitizeHtml } from '@/deps.ts';
|
|
||||||
import { Time } from '@/utils/time.ts';
|
import { Time } from '@/utils/time.ts';
|
||||||
import { fetchWorker } from '@/workers/fetch.ts';
|
import { fetchWorker } from '@/workers/fetch.ts';
|
||||||
|
|
||||||
|
@ -44,11 +44,9 @@ async function unfurlCard(url: string, signal: AbortSignal): Promise<PreviewCard
|
||||||
provider_name: oEmbed?.provider_name || '',
|
provider_name: oEmbed?.provider_name || '',
|
||||||
provider_url: oEmbed?.provider_url || '',
|
provider_url: oEmbed?.provider_url || '',
|
||||||
// @ts-expect-error `html` does in fact exist on oEmbed.
|
// @ts-expect-error `html` does in fact exist on oEmbed.
|
||||||
html: sanitizeHtml(oEmbed?.html || '', {
|
html: DOMPurify.sanitize(oEmbed?.html || '', {
|
||||||
allowedTags: ['iframe'],
|
ALLOWED_TAGS: ['iframe'],
|
||||||
allowedAttributes: {
|
ALLOWED_ATTR: ['src', 'width', 'height', 'frameborder', 'allowfullscreen'],
|
||||||
iframe: ['width', 'height', 'src', 'frameborder', 'allowfullscreen'],
|
|
||||||
},
|
|
||||||
}),
|
}),
|
||||||
width: ((oEmbed && oEmbed.type !== 'link') ? oEmbed.width : 0) || 0,
|
width: ((oEmbed && oEmbed.type !== 'link') ? oEmbed.width : 0) || 0,
|
||||||
height: ((oEmbed && oEmbed.type !== 'link') ? oEmbed.height : 0) || 0,
|
height: ((oEmbed && oEmbed.type !== 'link') ? oEmbed.height : 0) || 0,
|
||||||
|
|
Loading…
Reference in New Issue