UNPKG

phx-node

Version:

PHX NODE

51 lines 2.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.PHXEmailRenderToHTML = exports.PHXAllowTags = void 0; const liquidjs_1 = require("liquidjs"); const PHXAllowTags = (html) => { const allowedTags = ["p", "b", "i", "a", "br"]; const tagRegex = /<\/?([a-zA-Z0-9]+)(\s[^>]*)?>/g; let match; while ((match = tagRegex.exec(html)) !== null) { const [_fullMatch, tagName, attrs] = match; const lowerTag = tagName.toLowerCase(); if (_fullMatch.startsWith("</")) continue; if (!allowedTags.includes(lowerTag)) { throw new Error(`Tag <${lowerTag}> is not allowed`); } if (attrs && /class\s*=|style\s*=|on[a-z]+\s*=/i.test(attrs)) { throw new Error(`Tag <${lowerTag}> contains forbidden attributes (class/style/event)`); } if (lowerTag === "a") { console.log("hrefMatch", attrs); const cleanedAttrs = attrs === null || attrs === void 0 ? void 0 : attrs.trim(); const hrefMatch = cleanedAttrs === null || cleanedAttrs === void 0 ? void 0 : cleanedAttrs.match(/\bhref\s*=\s*(?:"[^"]*"|'[^']*'|[^\s>]+)/i); if (!hrefMatch) { throw new Error(`<a> tag must have valid href`); } } if (attrs && lowerTag !== "a") { const cleanedAttrs = attrs.trim(); if (cleanedAttrs) { throw new Error(`Tag <${lowerTag}> should not have attributes`); } } } return html; }; exports.PHXAllowTags = PHXAllowTags; const PHXEmailRenderToHTML = (html, obj) => { const htmlSanitize = (0, exports.PHXAllowTags)(html); const validatedValue = {}; for (const [key, value] of Object.entries(obj)) { validatedValue[key] = (0, exports.PHXAllowTags)(value); } const liquid = new liquidjs_1.Liquid({ strictVariables: true, strictFilters: true, }); return liquid.parseAndRenderSync(htmlSanitize, validatedValue); }; exports.PHXEmailRenderToHTML = PHXEmailRenderToHTML; //# sourceMappingURL=email-render-to-HTML.js.map