mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-06 02:44:33 +03:00
359fcb0756
refs https://github.com/TryGhost/Ghost/issues/9724 - extract html sanitisation into a Koenig helper `{{sanitise-html}}` (all markdown handling will eventually move into Koenig too) - render sanitised html in the html card
28 lines
964 B
JavaScript
28 lines
964 B
JavaScript
/* global html_sanitize */
|
|
import cajaSanitizers from 'ghost-admin/utils/caja-sanitizers';
|
|
import {assign} from '@ember/polyfills';
|
|
import {helper} from '@ember/component/helper';
|
|
import {htmlSafe} from '@ember/string';
|
|
import {isArray} from '@ember/array';
|
|
|
|
export function sanitizeHtml(params, options = {}) {
|
|
let html = isArray(params) ? params[0] : params;
|
|
|
|
options = assign({replaceJS: true}, options);
|
|
|
|
// replace script and iFrame
|
|
if (options.replaceJS) {
|
|
html = html.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,
|
|
'<pre class="js-embed-placeholder">Embedded JavaScript</pre>');
|
|
html = html.replace(/<iframe\b[^<]*(?:(?!<\/iframe>)<[^<]*)*<\/iframe>/gi,
|
|
'<pre class="iframe-embed-placeholder">Embedded iFrame</pre>');
|
|
}
|
|
|
|
// sanitize html
|
|
html = html_sanitize(html, cajaSanitizers.url, cajaSanitizers.id);
|
|
|
|
return htmlSafe(html);
|
|
}
|
|
|
|
export default helper(sanitizeHtml);
|