mirror of
https://github.com/Cockatrice/Cockatrice.git
synced 2026-04-27 07:48:01 -07:00
586f23cfa9
* add unit tests for websocket events * add unit tests for KeepAliveService, clean up keepAlive termination flow * put keepAlive command in protobuf service and expose thru webClient * secure wss * rename files tsx to ts * add localhost support for ws/wss connection Co-authored-by: Jeremy Letto <jeremy.letto@datasite.com>
51 lines
No EOL
1.4 KiB
TypeScript
51 lines
No EOL
1.4 KiB
TypeScript
import $ from "jquery";
|
|
|
|
export function sanitizeHtml(msg: string): string {
|
|
const $div = $("<div>").html(msg);
|
|
const whitelist = {
|
|
tags: "br,a,img,center,b,font",
|
|
attrs: ["href","color"],
|
|
href: ["http://","https://","ftp://","//"]
|
|
};
|
|
|
|
// remove all tags, attributes, and href protocols except some
|
|
enforceTagWhitelist($div, whitelist.tags);
|
|
enforceAttrWhitelist($div, whitelist.attrs);
|
|
enforceHrefWhitelist($div, whitelist.href);
|
|
|
|
return $div.html();
|
|
}
|
|
|
|
function enforceTagWhitelist($el: JQuery<HTMLElement>, tags: string): void {
|
|
$el.find("*").not(tags).each(function() {
|
|
$(this).replaceWith(this.innerHTML);
|
|
});
|
|
}
|
|
|
|
function enforceAttrWhitelist($el: JQuery<HTMLElement>, attrs: string[]): void {
|
|
$el.find("*").each(function() {
|
|
var attributes = this.attributes;
|
|
var i = attributes.length;
|
|
while( i-- ) {
|
|
var attr = attributes[i];
|
|
if( $.inArray(attr.name,attrs) === -1 )
|
|
this.removeAttributeNode(attr);
|
|
}
|
|
});
|
|
}
|
|
|
|
function enforceHrefWhitelist($el: JQuery<HTMLElement>, hrefs: string[]): void {
|
|
$el.find("[href]").each(function() {
|
|
const $_el = $(this);
|
|
const attributeValue = $_el.attr("href");
|
|
|
|
for (let protocol in hrefs) {
|
|
if (attributeValue.indexOf(hrefs[protocol]) === 0) {
|
|
$_el.attr("target", "_blank");
|
|
return;
|
|
}
|
|
}
|
|
|
|
$_el.removeAttr("href");
|
|
});
|
|
} |