rss-tracker/src/utils/htmlSanitizer.js at master · ShlomoCode/rss-tracker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
const sanitizeHtml = require('sanitize-html');

const allowedTags = [
    'a',
    'b',
    'blockquote',
    'br',
    'caption',
    'code',
    'col',
    'div',
    'h1',
    'h2',
    'h3',
    'h4',
    'h5',
    'h6',
    'i',
    'img',
    'li',
    'ol',
    'p',
    'pre',
    'q',
    's',
    'small',
    'span',
    'strike',
    'strong',
    'sub',
    'sup',
    'ul',
    'iframe',
    'figcaption',
    'figure'
];

const allowedAttributes = {
    a: ['href', 'title'],
    img: ['src'],
    iframe: ['src']
};

module.exports = (html) => {
    return sanitizeHtml(html, {
        allowedTags,
        allowedAttributes,
        allowedSchemes: ['http', 'https', 'mailto'],
        allowedSchemesByTag: {},
        allowedSchemesAppliedToAttributes: ['href', 'src'],
        allowProtocolRelative: false,
        allowedIframeHostnames: ['www.youtube.com']
    });
};