santitize, popup class

2021-10-28 19:15:02 +02:00
parent 24ac439fa1
commit 7fb13cf54b
7 changed files with 43 additions and 19 deletions
@@ -1,3 +1,5 @@
+const sanitizeHtml = require('sanitize-html');
+
 export class HtmlUtils {
    public static getElementByIdOrFail<T extends HTMLElement>(id: string): T {
        const elem = document.getElementById(id);
@@ -31,6 +33,20 @@ export class HtmlUtils {
        return p.innerHTML;
    }

+    public static sanitize(html : string) {
+        return sanitizeHtml(html, {
+          allowedAttributes: {
+            'span': ['style'],
+          },
+          allowedStyles: {
+            'span': {
+              'color': [/^#(0x)?[0-9a-f]+$/i, /^rgb\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*\)$/],
+              'font-size': [/^\d+(?:px|em|%)$/]
+            }
+          }
+        });
+      }
+
    public static urlify(text: string, style: string = ""): string {
        const urlRegex = /(https?:\/\/[^\s]+)/g;
        text = HtmlUtils.escapeHtml(text);