1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
/*
* Copyright (c) 2014 ThoughtWorks, Inc.
*
* Pixelated is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Pixelated is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
*/
/*global _ */
'use strict';
define(['lib/html-sanitizer'], function (htmlSanitizer) {
var tagAndAttributeWhitelist = {
'p': ['style'],
'div': ['style'],
'a': ['href', 'style'],
'span': ['style'],
'font': ['face', 'size', 'style'],
'img': ['title'],
'em': [],
'b': [],
'strong': ['style'],
'table': ['style'],
'tr': ['style'],
'td': ['style'],
'th': ['style'],
'tbody': ['style'],
'thead': ['style'],
'dt': ['style'],
'dd': ['style'],
'dl': ['style'],
'h1': ['style'],
'h2': ['style'],
'h3': ['style'],
'h4': ['style'],
'h5': ['style'],
'h6': ['style'],
'br': [],
'blockquote': ['style'],
'label': ['style'],
'form': ['style'],
'ol': ['style'],
'ul': ['style'],
'li': ['style'],
'input': ['style', 'type', 'name', 'value']
};
function filterAllowedAttributes (tagName, attributes) {
var i, attributesAndValues = [];
for (i = 0; i < attributes.length; i++) {
if (tagAndAttributeWhitelist[tagName] &&
_.contains(tagAndAttributeWhitelist[tagName], attributes[i])) {
attributesAndValues.push(attributes[i]);
attributesAndValues.push(attributes[i+1]);
}
};
return attributesAndValues;
};
function tagPolicy (tagName, attributes) {
if (!tagAndAttributeWhitelist[tagName]) {
return null;
}
return {
tagName: tagName,
attribs: filterAllowedAttributes(tagName, attributes)
};
}
return {
tagPolicy: tagPolicy,
sanitize: htmlSanitizer.html.sanitizeWithPolicy
};
});
|