Add more to buns purify
All checks were successful
Code quality checks / biome (push) Successful in 9s
All checks were successful
Code quality checks / biome (push) Successful in 9s
This commit is contained in:
parent
c867c57a26
commit
bafdfb47f9
GPG key ID:
8F553AA4320FC711
1 changed files with 28 additions and 4 deletions
|
|
@ -1,6 +1,5 @@
|
|||
import { redisTtl } from "@config/environment";
|
||||
import { fetch } from "bun";
|
||||
import { redis } from "bun";
|
||||
import { fetch, redis } from "bun";
|
||||
import { marked } from "marked";
|
||||
|
||||
const routeDef: RouteDef = {
|
||||
|
|
@ -22,10 +21,35 @@ async function addLazyLoading(html: string): Promise<string> {
|
|||
|
||||
async function sanitizeHtml(html: string): Promise<string> {
|
||||
return new HTMLRewriter()
|
||||
.on("script, iframe, object, embed, link[rel=import]", {
|
||||
.on(
|
||||
"script, iframe, object, embed, link[rel=import], svg, math, base, meta[http-equiv='refresh']",
|
||||
{
|
||||
element(el) {
|
||||
el.remove();
|
||||
},
|
||||
},
|
||||
)
|
||||
.on("*", {
|
||||
element(el) {
|
||||
for (const [name, value] of el.attributes) {
|
||||
const lowerName = name.toLowerCase();
|
||||
const lowerValue = value.toLowerCase();
|
||||
|
||||
if (lowerName.startsWith("on")) {
|
||||
el.removeAttribute(name);
|
||||
}
|
||||
|
||||
if (
|
||||
(lowerName === "href" ||
|
||||
lowerName === "src" ||
|
||||
lowerName === "action") &&
|
||||
(lowerValue.startsWith("javascript:") ||
|
||||
lowerValue.startsWith("data:"))
|
||||
) {
|
||||
el.removeAttribute(name);
|
||||
}
|
||||
}
|
||||
},
|
||||
})
|
||||
.on("img", {
|
||||
element(el) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue