sync/lib/customembed.js

const allowed = ["iframe", "object", "param", "embed"];
const tag_re = /<\s*\/?\s*([a-z]+)(\s*([a-z]+)\s*=\s*('[^']*'|"[^"]*"|[^"'>]*))*\s*>/ig;

function filter(str) {
    if (typeof str !== "string") {
        return "";
    }

    str = str.replace(tag_re, function (match, tag) {
        if(!~allowed.indexOf(tag.toLowerCase())) {
            return match.replace("<", "&lt;").replace(">", "&gt;");
        }
        return match;
    });
    str = str.replace(/(\bon\w*\s*=\s*('[^']*'|"[^"]"|[^\s><]*))/ig, function () {
        return "";
    });

    return str.substring(0, 20000);
}

exports.filter = filter;
Forgot to add file 2013-08-03 11:50:41 -04:00			`const allowed = ["iframe", "object", "param", "embed"];`
			`const tag_re = /<\s\/?\s([a-z]+)(\s([a-z]+)\s=\s('[^']'\|"[^"]"\|[^"'>]))\s>/ig;`

			`function filter(str) {`
Fixes 2014-02-18 21:56:54 -06:00			`if (typeof str !== "string") {`
			`return "";`
			`}`

Forgot to add file 2013-08-03 11:50:41 -04:00			`str = str.replace(tag_re, function (match, tag) {`
			`if(!~allowed.indexOf(tag.toLowerCase())) {`
			`return match.replace("<", "<").replace(">", ">");`
			`}`
			`return match;`
			`});`
			`str = str.replace(/(\bon\w\s=\s('[^']'\|"[^"]"\|[^\s><]*))/ig, function () {`
			`return "";`
			`});`
Fixes 2014-02-18 21:56:54 -06:00
			`return str.substring(0, 20000);`
Forgot to add file 2013-08-03 11:50:41 -04:00			`}`

			`exports.filter = filter;`