1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
/*global _ */
'use strict';
define(['lib/html-sanitizer'], function (htmlSanitizer) {
var tagAndAttributeWhitelist = {
'p': ['style'],
'div': ['style'],
'a': ['href', 'style'],
'span': ['style'],
'font': ['face', 'size', 'style'],
'img': ['title'],
'em': [],
'b': [],
'strong': ['style'],
'table': ['style'],
'tr': ['style'],
'td': ['style'],
'th': ['style'],
'tbody': ['style'],
'thead': ['style'],
'dt': ['style'],
'dd': ['style'],
'dl': ['style'],
'h1': ['style'],
'h2': ['style'],
'h3': ['style'],
'h4': ['style'],
'h5': ['style'],
'h6': ['style'],
'br': [],
'blockquote': ['style'],
'label': ['style'],
'form': ['style'],
'ol': ['style'],
'ul': ['style'],
'li': ['style'],
'input': ['style', 'type', 'name', 'value']
};
function filterAllowedAttributes (tagName, attributes) {
var i, attributesAndValues = [];
for (i = 0; i < attributes.length; i++) {
if (tagAndAttributeWhitelist[tagName] &&
_.contains(tagAndAttributeWhitelist[tagName], attributes[i])) {
attributesAndValues.push(attributes[i]);
attributesAndValues.push(attributes[i+1]);
}
};
return attributesAndValues;
};
function tagPolicy (tagName, attributes) {
if (!tagAndAttributeWhitelist[tagName]) {
return null;
}
return {
tagName: tagName,
attribs: filterAllowedAttributes(tagName, attributes)
};
}
return {
tagPolicy: tagPolicy,
sanitize: htmlSanitizer.html.sanitizeWithPolicy
};
});
|