whitelist rdfa tags/attrs in html sanitizer

2023-05-12 14:59:45 -07:00 · 2023-05-12 14:59:45 -07:00 · 8599460702
commit 8599460702
parent fb52d31090
2 changed files with 6 additions and 3 deletions
--- a/src/breadcrumb-nav.ts
+++ b/src/breadcrumb-nav.ts
@ -41,10 +41,10 @@ export function breadcrumb_nav_ext(renderer: marked.Renderer, opts: MarkdownOpti
 		},
 		renderer(token: BreadcrumbNavToken) {
 			return `<nav aria-label="breadcrumbs" ${token.attrs.html_attrs.join(' ')}>\n`
-				+ `\t<ol vocab="https://schema.org/" typeof="BreadcrumbList">\n`
+				+ `\t<ol typeof="https://schema.org/BreadcrumbList">\n`
 				+ '\t\t'
 					+ token.items.map((tokens, index) =>{ 
-						let item = '<li property="itemListElement" typeof="ListItem">\n';
+						let item = '<li property="itemListElement" typeof="https://schema.org/ListItem">\n';

 						if (index) {
 							item += '\t\t\t<span class="separator" aria-hidden="true">/</span>\n';
--- a/src/html-sanitize.ts
+++ b/src/html-sanitize.ts
@ -8,6 +8,9 @@ export function sanitize_html(html: string, custom_elements?: CustomElementHandl
 	const { window } = new JSDOM('');
 	const dom_purify = createDOMPurify(window as any as Window);
 	return dom_purify.sanitize(html, {
-		CUSTOM_ELEMENT_HANDLING: custom_elements
+		CUSTOM_ELEMENT_HANDLING: custom_elements,
+		ALLOWED_TAGS: ['meta'],
+		ALLOWED_ATTR: ['typeof', 'property', 'content'],
+		ADD_URI_SAFE_ATTR: ['typeof']
 	});
 }