Browse Source

Refactor markdown/sanitize html code

pull/3323/head
Chocobozzz 1 week ago
parent
commit
9ff36c2d70
No known key found for this signature in database GPG Key ID: 583A612D890159BE
7 changed files with 67 additions and 70 deletions
  1. +2
    -21
      client/src/app/core/renderer/html-renderer.service.ts
  2. +12
    -20
      client/src/app/core/renderer/markdown.service.ts
  3. +3
    -29
      server/lib/emailer.ts
  4. +4
    -0
      shared/core-utils/index.ts
  5. +21
    -0
      shared/core-utils/renderer/html.ts
  6. +2
    -0
      shared/core-utils/renderer/index.ts
  7. +23
    -0
      shared/core-utils/renderer/markdown.ts

+ 2
- 21
client/src/app/core/renderer/html-renderer.service.ts View File

@@ -1,5 +1,6 @@
import { Injectable } from '@angular/core'
import { LinkifierService } from './linkifier.service'
import { SANITIZE_OPTIONS } from '@shared/core-utils/renderer/html'

@Injectable()
export class HtmlRendererService {
@@ -25,27 +26,7 @@ export class HtmlRendererService {
// Convert possible markdown to html
const html = this.linkifier.linkify(text)

return this.sanitizeHtml(html, {
allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
allowedSchemes: [ 'http', 'https' ],
allowedAttributes: {
'a': [ 'href', 'class', 'target', 'rel' ]
},
transformTags: {
a: (tagName, attribs) => {
let rel = 'noopener noreferrer'
if (attribs.rel === 'me') rel += ' me'

return {
tagName,
attribs: Object.assign(attribs, {
target: '_blank',
rel
})
}
}
}
})
return this.sanitizeHtml(html, SANITIZE_OPTIONS)
}

private async loadSanitizeHtml () {


+ 12
- 20
client/src/app/core/renderer/markdown.service.ts View File

@@ -1,6 +1,13 @@
import * as MarkdownIt from 'markdown-it'
import { buildVideoLink } from 'src/assets/player/utils'
import { Injectable } from '@angular/core'
import {
COMPLETE_RULES,
ENHANCED_RULES,
ENHANCED_WITH_HTML_RULES,
TEXT_RULES,
TEXT_WITH_HTML_RULES
} from '@shared/core-utils/renderer/markdown'
import { HtmlRendererService } from './html-renderer.service'

type MarkdownParsers = {
@@ -25,21 +32,6 @@ type MarkdownParserConfigs = {

@Injectable()
export class MarkdownService {
static TEXT_RULES = [
'linkify',
'autolink',
'emphasis',
'link',
'newline',
'list'
]
static TEXT_WITH_HTML_RULES = MarkdownService.TEXT_RULES.concat([ 'html_inline', 'html_block' ])

static ENHANCED_RULES = MarkdownService.TEXT_RULES.concat([ 'image' ])
static ENHANCED_WITH_HTML_RULES = MarkdownService.TEXT_WITH_HTML_RULES.concat([ 'image' ])

static COMPLETE_RULES = MarkdownService.ENHANCED_WITH_HTML_RULES.concat([ 'block', 'inline', 'heading', 'paragraph' ])

private markdownParsers: MarkdownParsers = {
textMarkdownIt: null,
textWithHTMLMarkdownIt: null,
@@ -48,13 +40,13 @@ export class MarkdownService {
completeMarkdownIt: null
}
private parsersConfig: MarkdownParserConfigs = {
textMarkdownIt: { rules: MarkdownService.TEXT_RULES, html: false },
textWithHTMLMarkdownIt: { rules: MarkdownService.TEXT_WITH_HTML_RULES, html: true, escape: true },
textMarkdownIt: { rules: TEXT_RULES, html: false },
textWithHTMLMarkdownIt: { rules: TEXT_WITH_HTML_RULES, html: true, escape: true },

enhancedMarkdownIt: { rules: MarkdownService.ENHANCED_RULES, html: false },
enhancedWithHTMLMarkdownIt: { rules: MarkdownService.ENHANCED_WITH_HTML_RULES, html: true, escape: true },
enhancedMarkdownIt: { rules: ENHANCED_RULES, html: false },
enhancedWithHTMLMarkdownIt: { rules: ENHANCED_WITH_HTML_RULES, html: true, escape: true },

completeMarkdownIt: { rules: MarkdownService.COMPLETE_RULES, html: true }
completeMarkdownIt: { rules: COMPLETE_RULES, html: true }
}

constructor (private htmlRenderer: HtmlRendererService) {}


+ 3
- 29
server/lib/emailer.ts View File

@@ -5,6 +5,7 @@ import { join } from 'path'
import { VideoChannelModel } from '@server/models/video/video-channel'
import { MVideoBlacklistLightVideo, MVideoBlacklistVideo } from '@server/types/models/video/video-blacklist'
import { MVideoImport, MVideoImportVideo } from '@server/types/models/video/video-import'
import { SANITIZE_OPTIONS, TEXT_WITH_HTML_RULES } from '@shared/core-utils'
import { AbuseState, EmailPayload, UserAbuse } from '@shared/models'
import { SendEmailOptions } from '../../shared/models/server/emailer.model'
import { isTestInstance, root } from '../helpers/core-utils'
@@ -20,14 +21,7 @@ const markdownItEmoji = require('markdown-it-emoji/light')
const MarkdownItClass = require('markdown-it')
const markdownIt = new MarkdownItClass('default', { linkify: true, breaks: true, html: true })

markdownIt.enable([
'linkify',
'autolink',
'emphasis',
'link',
'newline',
'list'
])
markdownIt.enable(TEXT_WITH_HTML_RULES)

markdownIt.use(markdownItEmoji)

@@ -39,27 +33,7 @@ const toSafeHtml = text => {
const html = markdownIt.render(textWithLineFeed)

// Convert to safe Html
return sanitizeHtml(html, {
allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
allowedSchemes: [ 'http', 'https' ],
allowedAttributes: {
a: [ 'href', 'class', 'target', 'rel' ]
},
transformTags: {
a: (tagName, attribs) => {
let rel = 'noopener noreferrer'
if (attribs.rel === 'me') rel += ' me'

return {
tagName,
attribs: Object.assign(attribs, {
target: '_blank',
rel
})
}
}
}
})
return sanitizeHtml(html, SANITIZE_OPTIONS)
}

const Email = require('email-templates')


+ 4
- 0
shared/core-utils/index.ts View File

@@ -1,3 +1,7 @@
export * from './abuse'
export * from './i18n'
export * from './logs'
export * from './miscs'
export * from './plugins'
export * from './renderer'
export * from './users'

+ 21
- 0
shared/core-utils/renderer/html.ts View File

@@ -0,0 +1,21 @@
export const SANITIZE_OPTIONS = {
allowedTags: [ 'a', 'p', 'span', 'br', 'strong', 'em', 'ul', 'ol', 'li' ],
allowedSchemes: [ 'http', 'https' ],
allowedAttributes: {
a: [ 'href', 'class', 'target', 'rel' ]
},
transformTags: {
a: (tagName, attribs) => {
let rel = 'noopener noreferrer'
if (attribs.rel === 'me') rel += ' me'

return {
tagName,
attribs: Object.assign(attribs, {
target: '_blank',
rel
})
}
}
}
}

+ 2
- 0
shared/core-utils/renderer/index.ts View File

@@ -0,0 +1,2 @@
export * from './markdown'
export * from './html'

+ 23
- 0
shared/core-utils/renderer/markdown.ts View File

@@ -0,0 +1,23 @@
export const TEXT_RULES = [
'linkify',
'autolink',
'emphasis',
'link',
'newline',
'list'
]

export const TEXT_WITH_HTML_RULES = TEXT_RULES.concat([
'html_inline',
'html_block'
])

export const ENHANCED_RULES = TEXT_RULES.concat([ 'image' ])
export const ENHANCED_WITH_HTML_RULES = TEXT_WITH_HTML_RULES.concat([ 'image' ])

export const COMPLETE_RULES = ENHANCED_WITH_HTML_RULES.concat([
'block',
'inline',
'heading',
'paragraph'
])

Loading…
Cancel
Save