whitelist rdfa tags/attrs in html sanitizer
This commit is contained in:
parent
fb52d31090
commit
8599460702
GPG Key ID:
E8F2FC44BAA3357A
@ -41,10 +41,10 @@ export function breadcrumb_nav_ext(renderer: marked.Renderer, opts: MarkdownOpti
|
|||||||
},
|
},
|
||||||
renderer(token: BreadcrumbNavToken) {
|
renderer(token: BreadcrumbNavToken) {
|
||||||
return `<nav aria-label="breadcrumbs" ${token.attrs.html_attrs.join(' ')}>\n`
|
return `<nav aria-label="breadcrumbs" ${token.attrs.html_attrs.join(' ')}>\n`
|
||||||
+ `\t<ol vocab="https://schema.org/" typeof="BreadcrumbList">\n`
|
+ `\t<ol typeof="https://schema.org/BreadcrumbList">\n`
|
||||||
+ '\t\t'
|
+ '\t\t'
|
||||||
+ token.items.map((tokens, index) =>{
|
+ token.items.map((tokens, index) =>{
|
||||||
let item = '<li property="itemListElement" typeof="ListItem">\n';
|
let item = '<li property="itemListElement" typeof="https://schema.org/ListItem">\n';
|
||||||
|
|
||||||
if (index) {
|
if (index) {
|
||||||
item += '\t\t\t<span class="separator" aria-hidden="true">/</span>\n';
|
item += '\t\t\t<span class="separator" aria-hidden="true">/</span>\n';
|
||||||
|
|||||||
@ -8,6 +8,9 @@ export function sanitize_html(html: string, custom_elements?: CustomElementHandl
|
|||||||
const { window } = new JSDOM('');
|
const { window } = new JSDOM('');
|
||||||
const dom_purify = createDOMPurify(window as any as Window);
|
const dom_purify = createDOMPurify(window as any as Window);
|
||||||
return dom_purify.sanitize(html, {
|
return dom_purify.sanitize(html, {
|
||||||
CUSTOM_ELEMENT_HANDLING: custom_elements
|
CUSTOM_ELEMENT_HANDLING: custom_elements,
|
||||||
|
ALLOWED_TAGS: ['meta'],
|
||||||
|
ALLOWED_ATTR: ['typeof', 'property', 'content'],
|
||||||
|
ADD_URI_SAFE_ATTR: ['typeof']
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user