whitelist rdfa tags/attrs in html sanitizer

2023-05-12 14:59:45 -07:00
parent fb52d31090
commit 8599460702
2 changed files with 6 additions and 3 deletions
--- a/src/html-sanitize.ts
+++ b/src/html-sanitize.ts
@@ -8,6 +8,9 @@ export function sanitize_html(html: string, custom_elements?: CustomElementHandl
 	const { window } = new JSDOM('');
 	const dom_purify = createDOMPurify(window as any as Window);
 	return dom_purify.sanitize(html, {
-		CUSTOM_ELEMENT_HANDLING: custom_elements
+		CUSTOM_ELEMENT_HANDLING: custom_elements,
+		ALLOWED_TAGS: ['meta'],
+		ALLOWED_ATTR: ['typeof', 'property', 'content'],
+		ADD_URI_SAFE_ATTR: ['typeof']
 	});
 }