100 lines
1.9 KiB
TypeScript
100 lines
1.9 KiB
TypeScript
import { filterXSS, IFilterXSSOptions } from 'xss';
|
|
|
|
// https://github.com/leizongmin/js-xss
|
|
const options: IFilterXSSOptions = {
|
|
stripIgnoreTag: true,
|
|
whiteList: {
|
|
a: ['target', 'href', 'title'],
|
|
abbr: ['title'],
|
|
address: [],
|
|
area: ['shape', 'coords', 'href', 'alt'],
|
|
article: [],
|
|
aside: [],
|
|
audio: [
|
|
'autoplay',
|
|
'controls',
|
|
'crossorigin',
|
|
'loop',
|
|
'muted',
|
|
'preload',
|
|
'src',
|
|
],
|
|
b: [],
|
|
bdi: ['dir'],
|
|
bdo: ['dir'],
|
|
big: [],
|
|
blockquote: ['cite'],
|
|
br: [],
|
|
caption: [],
|
|
center: [],
|
|
cite: [],
|
|
code: [],
|
|
col: ['align', 'valign', 'span', 'width'],
|
|
colgroup: ['align', 'valign', 'span', 'width'],
|
|
dd: [],
|
|
del: ['datetime'],
|
|
details: ['open'],
|
|
div: [],
|
|
dl: [],
|
|
dt: [],
|
|
em: [],
|
|
figcaption: [],
|
|
figure: [],
|
|
font: ['color', 'size', 'face'],
|
|
footer: [],
|
|
h1: [],
|
|
h2: [],
|
|
h3: [],
|
|
h4: [],
|
|
h5: [],
|
|
h6: [],
|
|
header: [],
|
|
hr: [],
|
|
i: [],
|
|
img: ['src', 'alt', 'title', 'width', 'height'],
|
|
ins: ['datetime'],
|
|
li: [],
|
|
mark: [],
|
|
nav: [],
|
|
ol: [],
|
|
p: [],
|
|
pre: [],
|
|
s: [],
|
|
section: [],
|
|
small: [],
|
|
span: [],
|
|
sub: [],
|
|
summary: [],
|
|
sup: [],
|
|
strong: [],
|
|
strike: [],
|
|
table: ['width', 'border', 'align', 'valign'],
|
|
tbody: ['align', 'valign'],
|
|
td: ['width', 'rowspan', 'colspan', 'align', 'valign'],
|
|
tfoot: ['align', 'valign'],
|
|
th: ['width', 'rowspan', 'colspan', 'align', 'valign'],
|
|
thead: ['align', 'valign'],
|
|
tr: ['rowspan', 'align', 'valign'],
|
|
tt: [],
|
|
u: [],
|
|
ul: [],
|
|
video: [
|
|
'autoplay',
|
|
'controls',
|
|
'crossorigin',
|
|
'loop',
|
|
'muted',
|
|
'playsinline',
|
|
'poster',
|
|
'preload',
|
|
'src',
|
|
'height',
|
|
'width',
|
|
],
|
|
},
|
|
};
|
|
|
|
export default function sanitize(html: string) {
|
|
return filterXSS(html, options);
|
|
}
|