From 46533b271192014f386a92de877a39ca662aaf34 Mon Sep 17 00:00:00 2001 From: ian Date: Sun, 18 Sep 2022 23:55:24 +0800 Subject: [PATCH] Add disallowedTagsMode option --- README.md | 10 +++++++++- src/index.ts | 8 +++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 83ee8f1..1554739 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Defaults to no path to omit. Example: `articles.content,website.rawHtml` -### +### Customize which HTML tags are allowed Add the `EXT_SANITIZE_HTML_ALLOWED_TAGS` environment variable with the `` separated by commas. @@ -37,6 +37,14 @@ Defaults to `undefined`, using the defaults from `sanitize-html`. Example: `a,b,i,em,strong` +### Customize the action taken for disallowed tags + +Add the `EXT_SANITIZE_HTML_DISALLOWED_TAGS_MODE` environment variable with `discard`, `escape` or `recursiveEscape`. + +Defaults to `undefined`, using the defaults from `sanitize-html`. + +Example: `escape` + ## License GPLv3 License. See the [LICENSE](LICENSE) file. diff --git a/src/index.ts b/src/index.ts index 9cb8cbc..21dbf96 100644 --- a/src/index.ts +++ b/src/index.ts @@ -22,6 +22,12 @@ export default defineHook(({ filter }) => { ? process.env.EXT_SANITIZE_HTML_ALLOWED_TAGS.split(',') : undefined; + const disallowedTagsMode = process.env.EXT_SANITIZE_HTML_DISALLOWED_TAGS_MODE + ? ['discard', 'escape', 'recursiveEscape'].includes(process.env.EXT_SANITIZE_HTML_DISALLOWED_TAGS_MODE) + ? (process.env.EXT_SANITIZE_HTML_DISALLOWED_TAGS_MODE as sanitizeHtml.DisallowedTagsModes) + : undefined + : undefined; + for (const eventScope of eventScopes) { filter(eventScope, runSanitize); } @@ -47,7 +53,7 @@ export default defineHook(({ filter }) => { function sanitize(val: any) { switch (typeof val) { case 'string': - return sanitizeHtml(val, { allowedTags }); + return sanitizeHtml(val, { allowedTags, disallowedTagsMode }); case 'object': if (Array.isArray(val)) { for (let i = 0; i < val.length; i++) {