Merge branch 'dompurify' into 'main'
sanitize-html -> isomorphic-dompurify See merge request soapbox-pub/ditto!289
This commit is contained in:
commit
40d2ed1f0a
|
@ -43,6 +43,7 @@
|
|||
"hono": "https://deno.land/x/hono@v3.10.1/mod.ts",
|
||||
"hono/middleware": "https://deno.land/x/hono@v3.10.1/middleware.ts",
|
||||
"iso-639-1": "npm:iso-639-1@2.1.15",
|
||||
"isomorphic-dompurify": "npm:isomorphic-dompurify@^2.11.0",
|
||||
"kysely": "npm:kysely@^0.27.3",
|
||||
"kysely_deno_postgres": "https://deno.land/x/kysely_deno_postgres@v0.4.0/mod.ts",
|
||||
"linkify-plugin-hashtag": "npm:linkify-plugin-hashtag@^4.1.1",
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
import 'deno-safe-fetch';
|
||||
// @deno-types="npm:@types/sanitize-html@2.9.0"
|
||||
export { default as sanitizeHtml } from 'npm:sanitize-html@^2.11.0';
|
||||
export {
|
||||
type ParsedSignature,
|
||||
pemToPublicKey,
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
import TTLCache from '@isaacs/ttlcache';
|
||||
import Debug from '@soapbox/stickynotes/debug';
|
||||
import DOMPurify from 'isomorphic-dompurify';
|
||||
import { unfurl } from 'unfurl.js';
|
||||
|
||||
import { sanitizeHtml } from '@/deps.ts';
|
||||
import { Time } from '@/utils/time.ts';
|
||||
import { fetchWorker } from '@/workers/fetch.ts';
|
||||
|
||||
|
@ -44,11 +44,9 @@ async function unfurlCard(url: string, signal: AbortSignal): Promise<PreviewCard
|
|||
provider_name: oEmbed?.provider_name || '',
|
||||
provider_url: oEmbed?.provider_url || '',
|
||||
// @ts-expect-error `html` does in fact exist on oEmbed.
|
||||
html: sanitizeHtml(oEmbed?.html || '', {
|
||||
allowedTags: ['iframe'],
|
||||
allowedAttributes: {
|
||||
iframe: ['width', 'height', 'src', 'frameborder', 'allowfullscreen'],
|
||||
},
|
||||
html: DOMPurify.sanitize(oEmbed?.html || '', {
|
||||
ALLOWED_TAGS: ['iframe'],
|
||||
ALLOWED_ATTR: ['src', 'width', 'height', 'frameborder', 'allowfullscreen'],
|
||||
}),
|
||||
width: ((oEmbed && oEmbed.type !== 'link') ? oEmbed.width : 0) || 0,
|
||||
height: ((oEmbed && oEmbed.type !== 'link') ? oEmbed.height : 0) || 0,
|
||||
|
|
Loading…
Reference in New Issue