synapse-react-client/dist/utils/functions/SanitizeHtmlUtils.js

[](https://badge.fury.io/js/synapse-react-client) [](https://github.com/prettier/prettie

import s, { clearWindow as p, removeAllHooks as g } from "isomorphic-dompurify";
import f from "xss";
const { safeAttrValue: m, escapeAttrValue: u } = f, n = {
  a: ["target", "href", "title", "rel"],
  abbr: ["title"],
  address: [],
  area: ["shape", "coords", "href", "alt"],
  article: [],
  aside: [],
  audio: ["autoplay", "controls", "loop", "preload", "src"],
  b: [],
  bdi: ["dir"],
  bdo: ["dir"],
  big: [],
  blockquote: ["cite"],
  body: [],
  br: [],
  button: ["class"],
  caption: [],
  center: [],
  cite: [],
  code: [],
  col: ["align", "valign", "span", "width"],
  colgroup: ["align", "valign", "span", "width"],
  dd: [],
  del: ["datetime"],
  details: ["open"],
  div: ["class"],
  dl: [],
  dt: [],
  em: [],
  font: ["color", "size", "face"],
  footer: [],
  g: [],
  h1: ["toc"],
  h2: ["toc"],
  h3: ["toc"],
  h4: ["toc"],
  h5: ["toc"],
  h6: ["toc"],
  head: [],
  header: [],
  hr: [],
  html: [],
  i: [],
  img: ["src", "alt", "title", "width", "height"],
  ins: ["datetime"],
  li: ["class"],
  mark: [],
  nav: [],
  noscript: [],
  ol: ["class"],
  p: [],
  pre: [],
  s: [],
  section: [],
  small: [],
  span: ["data-widgetparams", "data-widget-type", "class", "id"],
  sub: [],
  summary: [],
  sup: [],
  strong: [],
  svg: [],
  table: ["width", "border", "align", "valign", "class"],
  tbody: ["align", "valign"],
  td: ["width", "rowspan", "colspan", "align", "valign", "style"],
  tfoot: ["align", "valign"],
  th: ["width", "rowspan", "colspan", "align", "valign", "class", "style"],
  thead: ["class", "align", "valign"],
  tr: ["rowspan", "align", "valign"],
  tt: [],
  u: [],
  ul: ["class"],
  video: ["autoplay", "controls", "loop", "preload", "src", "height", "width"]
}, L = {
  whiteList: n,
  stripIgnoreTagBody: !0,
  // filter out all tags not in the whitelist
  allowCommentTag: !1,
  css: {
    whiteList: {
      // SWC-7015 - Allow text-align property in style attr to support GFM table syntax
      // The 'style' attribute is used to set text alignment for table cells, so explicitly allow it here
      "text-align": !0
    }
  },
  onIgnoreTag: function(a, t, e) {
    if (a === "!doctype")
      return t;
  },
  safeAttrValue: function(a, t, e, i) {
    return e = m(a, t, e, i), a === "img" && t === "src" && !(e && (e.startsWith("data:image/") || e.startsWith("http"))) ? "" : (e = u(e), e);
  }
}, h = Object.keys(n), w = [
  ...new Set(
    Object.values(n).flat()
    // Flatten all attributes into a single array
  )
], y = {
  "text-align": !0
}, b = /^(https?:|data:image\/)/, r = {
  ALLOWED_TAGS: h,
  ALLOWED_ATTR: w,
  KEEP_CONTENT: !0,
  RETURN_DOM_FRAGMENT: !1,
  RETURN_TRUSTED_TYPE: !1
};
function E() {
  s.setConfig(r), s.addHook("uponSanitizeAttribute", (a, t) => {
    const { attrName: e, attrValue: i } = t;
    if (a.nodeName.toLowerCase() === "img" && e === "src" && (b.test(i) || (t.keepAttr = !1)), e === "data-widgetparams" || e === "data-widget-type")
      t.attrValue = i;
    else if (e === "style") {
      const l = i.split(";").map((o) => o.trim()).filter((o) => {
        const [c] = o.split(":").map((d) => d.trim());
        return y[c] || !1;
      }).join("; ");
      t.attrValue = l;
    } else
      t.attrValue = s.sanitize(i, r);
  }), s.addHook("uponSanitizeElement", (a, t) => {
    t.tagName === "!doctype" && a.parentNode && a.parentNode.insertBefore(
      document.implementation.createDocumentType("html", "", ""),
      a
    );
  });
}
function N(a) {
  E();
  const t = s.sanitize(a, r);
  return p(), g(), t;
}
export {
  N as sanitize,
  L as xssOptions
};
//# sourceMappingURL=SanitizeHtmlUtils.js.map