matty/ncd-fe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add DOMPurify

Browse Source
This commit is contained in:
Alex Gleason
2024-01-17 12:21:19 -06:00
parent e281fbade9
commit 4aa6fdb4dd
7 changed files with 34 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/schemas/account.ts
View File

@@ -1,3 +1,4 @@
import * as DOMPurify from 'dompurify';
import escapeTextContentForBrowser from 'escape-html';
import z from 'zod';
@@ -112,7 +113,7 @@ const transformAccount = <T extends TransformableAccount>({ pleroma, other_setti
const newFields = fields.map((field) => ({
...field,
name_emojified: emojify(escapeTextContentForBrowser(field.name), customEmojiMap),
name_emojified: DOMPurify.sanitize(emojify(escapeTextContentForBrowser(field.name), customEmojiMap), { USE_PROFILES: { html: true } }),
value_emojified: emojify(field.value, customEmojiMap),
value_plain: unescapeHTML(field.value),
}));
@@ -130,7 +131,7 @@ const transformAccount = <T extends TransformableAccount>({ pleroma, other_setti
avatar_static: account.avatar_static || account.avatar,
discoverable: account.discoverable || account.source?.pleroma?.discoverable || false,
display_name: displayName,
display_name_html: emojify(escapeTextContentForBrowser(displayName), customEmojiMap),
display_name_html: DOMPurify.sanitize(emojify(escapeTextContentForBrowser(displayName), customEmojiMap), { USE_PROFILES: { html: true } }),
domain,
fields: newFields,
fqn: account.fqn || (account.acct.includes('@') ? account.acct : `${account.acct}@${domain}`),
@@ -138,7 +139,7 @@ const transformAccount = <T extends TransformableAccount>({ pleroma, other_setti
moderator: pleroma?.is_moderator || false,
local: pleroma?.is_local !== undefined ? pleroma.is_local : account.acct.split('@')[1] === undefined,
location: account.location || pleroma?.location || other_settings?.location || '',
note_emojified: emojify(account.note, customEmojiMap),
note_emojified: DOMPurify.sanitize(emojify(account.note, customEmojiMap), { USE_PROFILES: { html: true } }),
pleroma: (() => {
if (!pleroma) return undefined;
const { relationship, ...rest } = pleroma;

3
src/schemas/poll.ts
View File

@@ -1,3 +1,4 @@
import * as DOMPurify from 'dompurify';
import escapeTextContentForBrowser from 'escape-html';
import { z } from 'zod';
@@ -30,7 +31,7 @@ const pollSchema = z.object({
const emojifiedOptions = poll.options.map((option) => ({
...option,
title_emojified: emojify(escapeTextContentForBrowser(option.title), emojiMap),
title_emojified: DOMPurify.sanitize(emojify(escapeTextContentForBrowser(option.title), emojiMap), { ALLOWED_TAGS: [] }),
}));
// If the user has votes, they have certainly voted.