| 123456789101112131415161718192021222324252627282930313233343536373839404142 |
- const { JSDOM } = require('jsdom')
- const createDOMPurify = require('dompurify')
- module.exports = {
- async init(input, config) {
- if (config.safeHTML) {
- const window = new JSDOM('').window
- const DOMPurify = createDOMPurify(window)
- const allowedAttrs = ['v-pre', 'v-slot:tabs', 'v-slot:content', 'target']
- const allowedTags = ['tabset', 'template']
- if (config.allowDrawIoUnsafe) {
- allowedTags.push('foreignObject')
- DOMPurify.addHook('uponSanitizeElement', (elm) => {
- if (elm.querySelectorAll) {
- const breaks = elm.querySelectorAll('foreignObject br, foreignObject p')
- if (breaks && breaks.length) {
- for (let i = 0; i < breaks.length; i++) {
- breaks[i].parentNode.replaceChild(
- window.document.createElement('div'),
- breaks[i]
- )
- }
- }
- }
- })
- }
- if (config.allowIFrames) {
- allowedTags.push('iframe')
- allowedAttrs.push('allow')
- }
- input = DOMPurify.sanitize(input, {
- ADD_ATTR: allowedAttrs,
- ADD_TAGS: allowedTags
- })
- }
- return input
- }
- }
|
