aljaz/ditto
1
0
Fork 0
mirror of https://github.com/aljazceru/ditto.git synced 2026-01-06 23:24:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

sanitize-html -> isomorphic-dompurify

Browse Source
This commit is contained in:
Alex Gleason
2024-05-21 12:44:54 -05:00
parent 9582ce87ba
commit d4a029b35b
3 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/utils/unfurl.ts
View File

@@ -1,8 +1,8 @@
import TTLCache from '@isaacs/ttlcache';
import Debug from '@soapbox/stickynotes/debug';
import DOMPurify from 'isomorphic-dompurify';
import { unfurl } from 'unfurl.js';
import { sanitizeHtml } from '@/deps.ts';
import { Time } from '@/utils/time.ts';
import { fetchWorker } from '@/workers/fetch.ts';
@@ -44,11 +44,9 @@ async function unfurlCard(url: string, signal: AbortSignal): Promise<PreviewCard
provider_name: oEmbed?.provider_name || '',
provider_url: oEmbed?.provider_url || '',
// @ts-expect-error `html` does in fact exist on oEmbed.
html: sanitizeHtml(oEmbed?.html || '', {
allowedTags: ['iframe'],
allowedAttributes: {
iframe: ['width', 'height', 'src', 'frameborder', 'allowfullscreen'],
},
html: DOMPurify.sanitize(oEmbed?.html || '', {
ALLOWED_TAGS: ['iframe'],
ALLOWED_ATTR: ['src', 'width', 'height', 'frameborder', 'allowfullscreen'],
}),
width: ((oEmbed && oEmbed.type !== 'link') ? oEmbed.width : 0) || 0,
height: ((oEmbed && oEmbed.type !== 'link') ? oEmbed.height : 0) || 0,