mirror of https://github.com/rancher/dashboard.git
54 lines
1.2 KiB
JavaScript
54 lines
1.2 KiB
JavaScript
import DOMPurify from 'dompurify';
|
|
import { uniq } from '@shell/utils/array';
|
|
|
|
const ALLOWED_TAGS = [
|
|
'code',
|
|
'li',
|
|
'a',
|
|
'p',
|
|
'b',
|
|
'br',
|
|
'ul',
|
|
'pre',
|
|
'span',
|
|
'div',
|
|
'i',
|
|
'em',
|
|
'strong',
|
|
'h1',
|
|
'h2',
|
|
'h3',
|
|
'h4',
|
|
'h5',
|
|
'h6',
|
|
'table',
|
|
'thead',
|
|
'tr',
|
|
'th',
|
|
'tbody',
|
|
'td',
|
|
'blockquote'
|
|
];
|
|
|
|
// Allow 'A' tags to keep the target=_blank attribute if they have it
|
|
DOMPurify.addHook('uponSanitizeAttribute', (node, data) => {
|
|
if (node.tagName === 'A' && data.attrName === 'target' && data.attrValue === '_blank') {
|
|
data.forceKeepAttr = true;
|
|
}
|
|
});
|
|
|
|
// Ensure if an 'A' tag has target=_blank that we add noopener, noreferrer and nofollow to the 'rel' attribute
|
|
DOMPurify.addHook('afterSanitizeAttributes', (node) => {
|
|
if (node.tagName === 'A' && node?.target === '_blank') {
|
|
const rel = ['noopener', 'noreferrer', 'nofollow'];
|
|
const existingRel = node.rel?.length ? node.rel.split(' ') : [];
|
|
const combined = uniq([...rel, ...existingRel]);
|
|
|
|
node.setAttribute('rel', combined.join(' '));
|
|
}
|
|
});
|
|
|
|
export const purifyHTML = (value, options = { ALLOWED_TAGS }) => {
|
|
return DOMPurify.sanitize(value, options);
|
|
};
|