Skip to content
Snippets Groups Projects
Select Git revision
  • develop default protected
  • 1356-update-packages
  • 1303-failing-to-refetch-federated-tracks
  • 1108-remove-jwt-and-switch-to-oauth-for-ui-auth
  • set-sast-config-2
  • set-sast-config-1
  • master
  • tracemallocmiddleware
  • 1299-encoding-problem-in-rss-feeds
  • 1346-selectoreventloop-required-instead-got-uvloop-loop
  • 1278-embed-isn-t-available-in-the-front-end-for-channel-tracks
  • 1311-feedparser-requires-update-to-accomodate-python-3-9
  • 1.0.1
  • 1121-download
  • plugins-v3
  • plugins-v2
  • plugins
  • 1.1.1
  • 1.1
  • 1.1-rc2
  • 1.1-rc1
  • 1.0.1
  • 1.0
  • 1.0-rc1
  • 0.21.2
  • 0.21.1
  • 0.21
  • 0.21-rc2
  • 0.21-rc1
  • 0.20.1
  • 0.20.0
  • 0.20.0-rc1
  • 0.19.1
  • 0.19.0
  • 0.19.0-rc2
  • 0.19.0-rc1
  • 0.18.3
37 results

sanitize.js

Blame
    • Forked from funkwhale / funkwhale
    4964 commits behind the upstream repository.
    sanitize.js 683 B 
    import sanitizeHtml from "sanitize-html"

const allowedTags = [
  "h3",
  "h4",
  "h5",
  "h6",
  "blockquote",
  "p",
  "a",
  "ul",
  "ol",
  "nl",
  "li",
  "b",
  "i",
  "strong",
  "em",
  "strike",
  "code",
  "hr",
  "br",
  "div",
  "table",
  "thead",
  "caption",
  "tbody",
  "tr",
  "th",
  "td",
  "pre",
]
const allowedAttributes = {
  a: ["href", "name", "target"],
  // We don't currently allow img itself by default, but this
  // would make sense if we did. You could add srcset here,
  // and if you do the URL is checked for safety
  img: ["src"]
}

export default function sanitize(input) {
  return sanitizeHtml(input, {allowedAttributes, allowedAttributes})
}