X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/359be27e63987690c6e14813c763ea349f4a9534..66088cabf30c5291ad8894e7009d9c9af466c158:/services/workbench2/src/common/html-sanitize.ts

diff --git a/services/workbench2/src/common/html-sanitize.ts b/services/workbench2/src/common/html-sanitize.ts
new file mode 100644
index 0000000000..e7c66f11e7
--- /dev/null
+++ b/services/workbench2/src/common/html-sanitize.ts
@@ -0,0 +1,51 @@
+// Copyright (C) The Arvados Authors. All rights reserved.
+//
+// SPDX-License-Identifier: AGPL-3.0
+
+import DOMPurify from 'dompurify';
+
+type TDomPurifyConfig = {
+    ALLOWED_TAGS: string[];
+    ALLOWED_ATTR: string[];
+};
+
+const domPurifyConfig: TDomPurifyConfig = {
+    ALLOWED_TAGS: [
+        'a',
+        'b',
+        'blockquote',
+        'br',
+        'code',
+        'del',
+        'dd',
+        'dl',
+        'dt',
+        'em',
+        'h1',
+        'h2',
+        'h3',
+        'h4',
+        'h5',
+        'h6',
+        'hr',
+        'i',
+        'img',
+        'kbd',
+        'li',
+        'ol',
+        'p',
+        'pre',
+        's',
+        'del',
+        'section',
+        'span',
+        'strong',
+        'sub',
+        'sup',
+        'ul',
+    ],
+    ALLOWED_ATTR: ['src', 'width', 'height', 'href', 'alt', 'title', 'style' ],
+};
+
+export const sanitizeHTML = (dirtyString: string): string => DOMPurify.sanitize(dirtyString, domPurifyConfig);
+