summaryrefslogtreecommitdiff
path: root/web-ui/app/js/helpers/sanitizer.js
diff options
context:
space:
mode:
Diffstat (limited to 'web-ui/app/js/helpers/sanitizer.js')
-rw-r--r--web-ui/app/js/helpers/sanitizer.js32
1 files changed, 25 insertions, 7 deletions
diff --git a/web-ui/app/js/helpers/sanitizer.js b/web-ui/app/js/helpers/sanitizer.js
index eea1f0f7..443e8602 100644
--- a/web-ui/app/js/helpers/sanitizer.js
+++ b/web-ui/app/js/helpers/sanitizer.js
@@ -23,6 +23,16 @@ define(['DOMPurify', 'he'], function (DOMPurify, he) {
*/
var sanitizer = {};
+ sanitizer.whitelist = [{
+ // highlight tag open
+ pre: '<em class="search-highlight">',
+ post: '<em class="search-highlight">'
+ }, {
+ // highlight tag close
+ pre: '&#x3C;&#x2F;&#x65;&#x6D;&#x3E;',
+ post: '</em>'
+ }];
+
/**
* Adds html line breaks to a plaintext with line breaks (incl carriage return)
*
@@ -55,16 +65,24 @@ define(['DOMPurify', 'he'], function (DOMPurify, he) {
};
/**
- * Runs a given dirty body through he, thereby encoding everything
- * as HTML entities.
- *
- * @param {string} dirtyBody The unsanitized string
- * @return {string} Safe-to-display HTML string
- */
+ * Runs a given dirty body through he, thereby encoding everything
+ * as HTML entities.
+ *
+ * @param {string} dirtyBody The unsanitized string
+ * @return {string} Safe-to-display HTML string
+ */
sanitizer.purifyText = function (dirtyBody) {
- return he.encode(dirtyBody, {
+ var escapedBody = he.encode(dirtyBody, {
encodeEverything: true
});
+
+ this.whitelist.forEach(function(entry) {
+ while (escapedBody.indexOf(entry.pre) > -1) {
+ escapedBody = escapedBody.replace(entry.pre, entry.post);
+ }
+ });
+
+ return escapedBody;
};
/**