From 2c40dd31f32edffcc8f1da7bea53b14589c5d2ad Mon Sep 17 00:00:00 2001
From: dakkar <dakkar@thenautilus.net>
Date: Tue, 7 May 2024 20:19:52 +0000
Subject: laxer HTML sanitisation for admin-controlled text - fixes #447

---
 packages/frontend/src/scripts/sanitize-html.ts | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 packages/frontend/src/scripts/sanitize-html.ts

(limited to 'packages/frontend/src/scripts')

diff --git a/packages/frontend/src/scripts/sanitize-html.ts b/packages/frontend/src/scripts/sanitize-html.ts
new file mode 100644
index 0000000000..6e1a46c746
--- /dev/null
+++ b/packages/frontend/src/scripts/sanitize-html.ts
@@ -0,0 +1,18 @@
+/*
+ * SPDX-FileCopyrightText: dakkar and other Sharkey contributors
+ * SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+import original from 'sanitize-html';
+
+export default function sanitizeHtml(str: string | null): string | null {
+	if (str == null) return str;
+	return original(str, {
+		allowedTags: original.defaults.allowedTags.concat(['img', 'audio', 'video', 'center', 'details', 'summary']),
+		allowedAttributes: {
+			...original.defaults.allowedAttributes,
+			a: original.defaults.allowedAttributes.a.concat(['style']),
+			img: original.defaults.allowedAttributes.img.concat(['style']),
+		},
+	});
+}
-- 
cgit v1.2.3-freya