bb-inspired
Version:
Core library for BB-inspired NestJS backend
121 lines • 4.67 kB
JavaScript
"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var SanitizationPipe_1;
Object.defineProperty(exports, "__esModule", { value: true });
exports.SanitizationPipe = void 0;
const common_1 = require("@nestjs/common");
const logger_1 = require("../utils/logger");
const DOMPurify = require("dompurify");
const jsdom_1 = require("jsdom");
let SanitizationPipe = SanitizationPipe_1 = class SanitizationPipe {
constructor(options = {}) {
this.options = options;
this.logger = new logger_1.AppLogger(SanitizationPipe_1.name);
this.options = {
stripAllTags: false,
sanitizeMode: 'strict',
...options,
};
const { window } = new jsdom_1.JSDOM('');
this.window = window;
this.purify = DOMPurify(window);
this.configurePurify();
}
transform(value, metadata) {
if (value === null || value === undefined) {
return value;
}
if (typeof value === 'string') {
return this.sanitizeString(value);
}
else if (Array.isArray(value)) {
return this.sanitizeArray(value);
}
else if (typeof value === 'object') {
return this.sanitizeObject(value);
}
return value;
}
sanitizeString(value) {
if (this.options.stripAllTags) {
return this.purify.sanitize(value, { ALLOWED_TAGS: [] });
}
return this.purify.sanitize(value);
}
sanitizeArray(array) {
return array.map(item => {
if (typeof item === 'string') {
return this.sanitizeString(item);
}
else if (Array.isArray(item)) {
return this.sanitizeArray(item);
}
else if (item !== null && typeof item === 'object') {
return this.sanitizeObject(item);
}
return item;
});
}
sanitizeObject(obj) {
const sanitized = {};
Object.keys(obj).forEach(key => {
const value = obj[key];
if (typeof value === 'string') {
sanitized[key] = this.sanitizeString(value);
}
else if (Array.isArray(value)) {
sanitized[key] = this.sanitizeArray(value);
}
else if (value !== null && typeof value === 'object') {
sanitized[key] = this.sanitizeObject(value);
}
else {
sanitized[key] = value;
}
});
return sanitized;
}
configurePurify() {
const config = {};
if (this.options.sanitizeMode === 'strict') {
config.ALLOWED_TAGS = ['b', 'i', 'em', 'strong', 'p', 'br'];
config.ALLOWED_ATTR = [];
}
else if (this.options.sanitizeMode === 'moderate') {
config.ALLOWED_TAGS = [
'b', 'i', 'em', 'strong', 'p', 'br', 'ul', 'ol', 'li',
'h1', 'h2', 'h3', 'h4', 'span', 'div', 'hr', 'a'
];
config.ALLOWED_ATTR = ['href', 'class', 'style', 'target'];
}
else if (this.options.sanitizeMode === 'basic') {
}
if (this.options.allowedTags) {
config.ALLOWED_TAGS = this.options.allowedTags;
}
if (this.options.allowedAttributes) {
config.ALLOWED_ATTR = [];
Object.keys(this.options.allowedAttributes).forEach(tag => {
config.ALLOWED_ATTR = [
...config.ALLOWED_ATTR,
...this.options.allowedAttributes[tag],
];
});
}
this.purify.setConfig(config);
}
};
exports.SanitizationPipe = SanitizationPipe;
exports.SanitizationPipe = SanitizationPipe = SanitizationPipe_1 = __decorate([
(0, common_1.Injectable)(),
__metadata("design:paramtypes", [Object])
], SanitizationPipe);
//# sourceMappingURL=sanitization.pipe.js.map