james/yarr
4
0
Fork 0
mirror of https://github.com/nkanaev/yarr.git synced 2025-10-30 22:43:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

handle invalid feeds

Browse Source
This commit is contained in:
Nazar Kanaev
2020-09-08 22:36:41 +01:00
parent da0626df4e
commit 996bcdc90d
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
assets/javascripts/app.js
View File

@@ -22,6 +22,9 @@ var debounce = function(callback, wait) {
} }
var sanitize = function(content, base) { var sanitize = function(content, base) {
// NOTE: `item.link` is not always a valid url
try { new URL(base) } catch(err) { base = null }
var sanitizer = new DOMPurify var sanitizer = new DOMPurify
sanitizer.addHook('afterSanitizeAttributes', function(node) { sanitizer.addHook('afterSanitizeAttributes', function(node) {
// set all elements owning target to target=_blank // set all elements owning target to target=_blank
@@ -32,9 +35,9 @@ var sanitize = function(content, base) {
node.setAttribute('xlink:show', 'new') node.setAttribute('xlink:show', 'new')
// set absolute urls // set absolute urls
if (node.attributes.href && node.attributes.href.value) if (base && node.attributes.href && node.attributes.href.value)
node.href = new URL(node.attributes.href.value, base).toString() node.href = new URL(node.attributes.href.value, base).toString()
if (node.attributes.src && node.attributes.src.value) if (base && node.attributes.src && node.attributes.src.value)
node.src = new URL(node.attributes.src.value, base).toString() node.src = new URL(node.attributes.src.value, base).toString()
}) })
return sanitizer.sanitize(content, {FORBID_TAGS: ['style'], FORBID_ATTR: ['style', 'class']}) return sanitizer.sanitize(content, {FORBID_TAGS: ['style'], FORBID_ATTR: ['style', 'class']})