UNPKG

@formio/core

Version:

The core Form.io renderering framework.

github.com/formio/core

formio/core

65 lines (64 loc) 2.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.sanitize = void 0; var dompurify_1 = __importDefault(require("dompurify")); var DOMPurify = null; var getDOMPurify = function () { if (DOMPurify) { return DOMPurify; } if (window) { DOMPurify = (0, dompurify_1.default)(window); return DOMPurify; } return null; }; /** * Sanitize an html string. * * @param string * @returns {*} */ function sanitize(string, options) { var dompurify = getDOMPurify(); if (!dompurify) { console.log('DOMPurify unable to sanitize the contents.'); return string; } // Dompurify configuration var sanitizeOptions = { ADD_ATTR: ['ref', 'target', 'within'], USE_PROFILES: { html: true } }; // Add attrs if (options.sanitizeConfig && Array.isArray(options.sanitizeConfig.addAttr) && options.sanitizeConfig.addAttr.length > 0) { options.sanitizeConfig.addAttr.forEach(function (attr) { sanitizeOptions.ADD_ATTR.push(attr); }); } // Add tags if (options.sanitizeConfig && Array.isArray(options.sanitizeConfig.addTags) && options.sanitizeConfig.addTags.length > 0) { sanitizeOptions.ADD_TAGS = options.sanitizeConfig.addTags; } // Allow tags if (options.sanitizeConfig && Array.isArray(options.sanitizeConfig.allowedTags) && options.sanitizeConfig.allowedTags.length > 0) { sanitizeOptions.ALLOWED_TAGS = options.sanitizeConfig.allowedTags; } // Allow attributes if (options.sanitizeConfig && Array.isArray(options.sanitizeConfig.allowedAttrs) && options.sanitizeConfig.allowedAttrs.length > 0) { sanitizeOptions.ALLOWED_ATTR = options.sanitizeConfig.allowedAttrs; } // Allowd URI Regex if (options.sanitizeConfig && options.sanitizeConfig.allowedUriRegex) { sanitizeOptions.ALLOWED_URI_REGEXP = options.sanitizeConfig.allowedUriRegex; } // Allow to extend the existing array of elements that are safe for URI-like values if (options.sanitizeConfig && Array.isArray(options.sanitizeConfig.addUriSafeAttr) && options.sanitizeConfig.addUriSafeAttr.length > 0) { sanitizeOptions.ADD_URI_SAFE_ATTR = options.sanitizeConfig.addUriSafeAttr; } return dompurify.sanitize(string, sanitizeOptions); } exports.sanitize = sanitize;