projects / arvados-workbench2.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
21026: <msg here> Arvados-DCO-1.1-Signed-off-by: Lisa Knox <lisa.knox@curii.com>
[arvados-workbench2.git] / src / common / html-sanitize.ts
diff --git a/src/common/html-sanitize.ts b/src/common/html-sanitize.ts
new file mode 100644 (file)
index 0000000..9c1ac55
--- /dev/null
+++ b/src/common/html-sanitize.ts
@@ -0,0 +1,53 @@
+// Copyright (C) The Arvados Authors. All rights reserved.
+//
+// SPDX-License-Identifier: AGPL-3.0
+
+import DOMPurify from 'dompurify';
+
+type TDomPurifyConfig = {
+    ALLOWED_TAGS: string[];
+    ALLOWED_ATTR: string[];
+};
+
+const domPurifyConfig: TDomPurifyConfig = {
+    ALLOWED_TAGS: [
+        'a',
+        'b',
+        'blockquote',
+        'br',
+        'code',
+        'del',
+        'dd',
+        'dl',
+        'dt',
+        'em',
+        'h1',
+        'h2',
+        'h3',
+        'h4',
+        'h5',
+        'h6',
+        'hr',
+        'i',
+        'img',
+        'kbd',
+        'li',
+        'ol',
+        'p',
+        'pre',
+        's',
+        'del',
+        'strong',
+        'sub',
+        'sup',
+        'ul',
+    ],
+    ALLOWED_ATTR: ['src', 'width', 'height', 'href', 'alt', 'title'],
+};
+
+export const sanitizeHTML = (dirtyInput: string): string => {
+    console.log('dirty ->',dirtyInput);
+    const clean = DOMPurify.sanitize(dirtyInput, domPurifyConfig);
+    console.log('clean =>',clean);
+    return clean;
+};