mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-15 15:39:40 +02:00
5e05c532a2
- credits: fix mobile import paths (./operations → ../operations) - feedback: fix createFeedbackService import (./feedback → ./api), recover missing types.ts from git history - help: add package files (were untracked after consolidation) - Update lockfile after package restructuring All packages pass tsc --noEmit (excluding expected .svelte imports). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
53 lines
843 B
TypeScript
53 lines
843 B
TypeScript
/**
|
|
* HTML Sanitization
|
|
* Prevents XSS when rendering Markdown-generated HTML via {@html}
|
|
*/
|
|
|
|
import DOMPurify from 'isomorphic-dompurify';
|
|
|
|
/**
|
|
* Sanitize HTML content to prevent XSS attacks.
|
|
* Allows safe HTML tags commonly used in help content (headings, lists, links, etc.)
|
|
*/
|
|
export function sanitizeHtml(html: string): string {
|
|
return DOMPurify.sanitize(html, {
|
|
ALLOWED_TAGS: [
|
|
'h1',
|
|
'h2',
|
|
'h3',
|
|
'h4',
|
|
'h5',
|
|
'h6',
|
|
'p',
|
|
'br',
|
|
'hr',
|
|
'ul',
|
|
'ol',
|
|
'li',
|
|
'a',
|
|
'strong',
|
|
'b',
|
|
'em',
|
|
'i',
|
|
'code',
|
|
'pre',
|
|
'blockquote',
|
|
'table',
|
|
'thead',
|
|
'tbody',
|
|
'tr',
|
|
'th',
|
|
'td',
|
|
'mark',
|
|
'kbd',
|
|
'img',
|
|
'span',
|
|
'div',
|
|
'dl',
|
|
'dt',
|
|
'dd',
|
|
],
|
|
ALLOWED_ATTR: ['href', 'target', 'rel', 'src', 'alt', 'title', 'class', 'id'],
|
|
ADD_ATTR: ['target'],
|
|
});
|
|
}
|