feat: rip out sanitizer in favour of the one bundled in core

2025-10-03 21:21:41 +08:00 · 2020-09-29 13:49:30 -04:00 · 2020-09-29 13:49:30 -04:00 · d0c1d78973
commit d0c1d78973
parent 91964be528
3 changed files with 6 additions and 115 deletions
--- a/lib/migrator.js
+++ b/lib/migrator.js
@ -1,51 +1,16 @@
 'use strict';

+const posts = require.main.require('./src/posts');
+
 const MarkdownIt = require('markdown-it');
 const markdown = new MarkdownIt();
 const QuillDeltaToHtmlConverter = require('quill-delta-to-html').QuillDeltaToHtmlConverter;
 const isHtml = require('is-html');

-const sanitize = require('sanitize-html');
 const winston = require.main.require('winston');

 const Migrator = module.exports;

-Migrator.sanitizeConfig = {
-	allowedTags: ['span', 'a', 'pre', 'blockquote', 'small', 'em', 'strong',
-		'code', 'kbd', 'mark', 'address', 'cite', 'var', 'samp', 'dfn',
-		'sup', 'sub', 'b', 'i', 'u', 'del', 'ol', 'ul', 'li', 'dl',
-		'dt', 'dd', 'p', 'br', 'video', 'audio', 'source', 'iframe', 'embed',
-		'param', 'img', 'table', 'tbody', 'tfoot', 'thead', 'tr', 'td', 'th',
-		'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr',
-	],
-	allowedAttributes: {
-		a: ['href', 'hreflang', 'media', 'rel', 'target', 'type'],
-		img: ['alt', 'height', 'ismap', 'src', 'usemap', 'width'],
-		iframe: ['height', 'name', 'src', 'width'],
-		span: [],
-		video: ['autoplay', 'controls', 'height', 'loop', 'muted', 'poster', 'preload', 'src', 'width'],
-		audio: ['autoplay', 'controls', 'loop', 'muted', 'preload', 'src'],
-		embed: ['height', 'src', 'type', 'width'],
-		param: ['name', 'value'],
-		source: ['media', 'src', 'type'],
-	},
-	globalAttributes: ['accesskey', 'class', 'contenteditable', 'dir',
-		'draggable', 'dropzone', 'hidden', 'id', 'lang', 'spellcheck', 'style',
-		'tabindex', 'title', 'translate',
-	],
-};
-
-// Finish setup of sanitizehtml config
-for (var i = 0; i < Migrator.sanitizeConfig.allowedTags.length; i++) {
-	if (!Migrator.sanitizeConfig.allowedAttributes[Migrator.sanitizeConfig.allowedTags[i]]) {
-		Migrator.sanitizeConfig.allowedAttributes[Migrator.sanitizeConfig.allowedTags[i]] = [];
-	}
-
-	for (var j = 0; j < Migrator.sanitizeConfig.globalAttributes.length; j++) {
-		Migrator.sanitizeConfig.allowedAttributes[Migrator.sanitizeConfig.allowedTags[i]].push(Migrator.sanitizeConfig.globalAttributes[j]);
-	}
-}
-
 Migrator.detect = (postObj) => {
 	const isHtml = Migrator.isHtml(postObj);

@ -85,9 +50,7 @@ Migrator.toHtml = (content) => {
 			}
 		});

-		return sanitize(converter.convert(), {
-			allowedTags: Migrator.sanitizeConfig.allowedTags, allowedAttributes: Migrator.sanitizeConfig.allowedAttributes,
-		});
+		return posts.sanitize(converter.convert());
 	} catch (e) {
 		// Do nothing
 		winston.verbose('[plugin/composer-quill (toHtml)] Input not in expected format, skipping.');
--- a/package.json
+++ b/package.json
@ -33,7 +33,6 @@
    "quill": "^1.3.6",
    "quill-delta-to-html": "^0.12.0",
    "quill-magic-url": "^2.0.0",
-    "sanitize-html": "^1.20.1",
    "screenfull": "^5.0.0"
  },
  "husky": {
--- a/yarn.lock
+++ b/yarn.lock
@ -487,7 +487,7 @@ chalk@4.1.0, chalk@^4.0.0, chalk@^4.1.0:
    ansi-styles "^4.1.0"
    supports-color "^7.1.0"

-chalk@^2.0.0, chalk@^2.4.2:
+chalk@^2.0.0:
  version "2.4.2"
  resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424"
  integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==
@ -770,20 +770,6 @@ doctrine@^3.0.0:
  dependencies:
    esutils "^2.0.2"

-dom-serializer@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-1.0.1.tgz#79695eb49af3cd8abc8d93a73da382deb1ca0795"
-  integrity sha512-1Aj1Qy3YLbdslkI75QEOfdp9TkQ3o8LRISAzxOibjBs/xWwr1WxZFOQphFkZuepHFGo+kB8e5FVJSS0faAJ4Rw==
-  dependencies:
-    domelementtype "^2.0.1"
-    domhandler "^3.0.0"
-    entities "^2.0.0"
-
-domelementtype@^2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-2.0.1.tgz#1f8bdfe91f5a78063274e803b4bdcedf6e94f94d"
-  integrity sha512-5HOHUDsYZWV8FGWN0Njbr/Rn7f/eWSQi1v7+HsUVwXgn8nWWlL64zKDkS0n8ZmQ3mlWOMuXOnR+7Nx/5tMO5AQ==
-
 domexception@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/domexception/-/domexception-1.0.1.tgz#937442644ca6a31261ef36e3ec677fe805582c90"
@ -791,22 +777,6 @@ domexception@^1.0.1:
  dependencies:
    webidl-conversions "^4.0.2"

-domhandler@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-3.0.0.tgz#51cd13efca31da95bbb0c5bee3a48300e333b3e9"
-  integrity sha512-eKLdI5v9m67kbXQbJSNn1zjh0SDzvzWVWtX+qEI3eMjZw8daH9k8rlj1FZY9memPwjiskQFbe7vHVVJIAqoEhw==
-  dependencies:
-    domelementtype "^2.0.1"
-
-domutils@^2.0.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/domutils/-/domutils-2.2.0.tgz#f3ce1610af5c30280bde1b71f84b018b958f32cf"
-  integrity sha512-0haAxVr1PR0SqYwCH7mxMpHZUwjih9oPPedqpR/KufsnxPyZ9dyVw1R5093qnJF3WXSbjBkdzRWLw/knJV/fAg==
-  dependencies:
-    dom-serializer "^1.0.1"
-    domelementtype "^2.0.1"
-    domhandler "^3.0.0"
-
 dot-prop@^5.1.0:
  version "5.2.0"
  resolved "https://registry.yarnpkg.com/dot-prop/-/dot-prop-5.2.0.tgz#c34ecc29556dc45f1f4c22697b6f4904e0cc4fcb"
@ -846,7 +816,7 @@ enquirer@^2.3.5, enquirer@^2.3.6:
  dependencies:
    ansi-colors "^4.1.1"

-entities@^2.0.0, entities@~2.0.0:
+entities@~2.0.0:
  version "2.0.3"
  resolved "https://registry.yarnpkg.com/entities/-/entities-2.0.3.tgz#5c487e5742ab93c15abb5da22759b8590ec03b7f"
  integrity sha512-MyoZ0jgnLvB2X3Lg5HqpFmn1kybDiIfEQmKzTb5apr51Rb+T3KdmMiqa70T+bhGnyv7bQ6WMj2QMHpGMmlrUYQ==
@ -1373,16 +1343,6 @@ html-tags@^3.0.0:
  resolved "https://registry.yarnpkg.com/html-tags/-/html-tags-3.1.0.tgz#7b5e6f7e665e9fb41f30007ed9e0d41e97fb2140"
  integrity sha512-1qYz89hW3lFDEazhjW0yVAV87lw8lVkrJocr72XmBkMKsoSVJCQx3W8BXsC7hO2qAt8BoVjYjtAcZ9perqGnNg==

-htmlparser2@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-4.1.0.tgz#9a4ef161f2e4625ebf7dfbe6c0a2f52d18a59e78"
-  integrity sha512-4zDq1a1zhE4gQso/c5LP1OtrhYTncXNSpvJYtWJBtXAETPlMfi3IFNjGuQbYLuVY4ZR0QMqRVvo4Pdy9KLyP8Q==
-  dependencies:
-    domelementtype "^2.0.1"
-    domhandler "^3.0.0"
-    domutils "^2.0.0"
-    entities "^2.0.0"
-
 http-signature@~1.2.0:
  version "1.2.0"
  resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1"
@ -2249,11 +2209,6 @@ parse-json@^5.0.0:
    json-parse-even-better-errors "^2.3.0"
    lines-and-columns "^1.1.6"

-parse-srcset@^1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/parse-srcset/-/parse-srcset-1.0.2.tgz#f2bd221f6cc970a938d88556abc589caaaa2bde1"
-  integrity sha1-8r0iH2zJcKk42IVWq8WJyqqiveE=
-
 parse5@4.0.0:
  version "4.0.0"
  resolved "https://registry.yarnpkg.com/parse5/-/parse5-4.0.0.tgz#6d78656e3da8d78b4ec0b906f7c08ef1dfe3f608"
@ -2342,15 +2297,6 @@ pn@^1.1.0:
  resolved "https://registry.yarnpkg.com/pn/-/pn-1.1.0.tgz#e2f4cef0e219f463c179ab37463e4e1ecdccbafb"
  integrity sha512-2qHaIQr2VLRFoxe2nASzsV6ef4yOOH+Fi9FBOVH6cqeSgUnoyySPZkxzLuzd+RYOQTRpROA0ztTMqxROKSb/nA==

-postcss@^7.0.27:
-  version "7.0.32"
-  resolved "https://registry.yarnpkg.com/postcss/-/postcss-7.0.32.tgz#4310d6ee347053da3433db2be492883d62cec59d"
-  integrity sha512-03eXong5NLnNCD05xscnGKGDZ98CyzoqPSMjOe6SuoQY7Z2hIj0Ld1g/O/UQRuOle2aRtiIRDg9tDcTGAkLfKw==
-  dependencies:
-    chalk "^2.4.2"
-    source-map "^0.6.1"
-    supports-color "^6.1.0"
-
 prelude-ls@^1.2.1:
  version "1.2.1"
  resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.2.1.tgz#debc6489d7a6e6b0e7611888cec880337d316396"
@ -2647,16 +2593,6 @@ safe-buffer@~5.1.0, safe-buffer@~5.1.1:
  resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
  integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==

-sanitize-html@^1.20.1:
-  version "1.27.4"
-  resolved "https://registry.yarnpkg.com/sanitize-html/-/sanitize-html-1.27.4.tgz#3864e7562fc708cefabcb0d51bbacde3411504cb"
-  integrity sha512-VvY1hxVvMXzSos/LzqeBl9/KYu3mkEOtl5NMwz6jER318dSHDCig0AOjZOtnoCwAC3HMs9LhfWkPCmQGttb4ng==
-  dependencies:
-    htmlparser2 "^4.1.0"
-    lodash "^4.17.15"
-    parse-srcset "^1.0.2"
-    postcss "^7.0.27"
-
 sax@^1.2.4:
  version "1.2.4"
  resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9"
@ -2748,7 +2684,7 @@ slice-ansi@^4.0.0:
    astral-regex "^2.0.0"
    is-fullwidth-code-point "^3.0.0"

-source-map@^0.6.1, source-map@~0.6.1:
+source-map@~0.6.1:
  version "0.6.1"
  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.6.1.tgz#74722af32e9614e9c287a8d0bbde48b5e2f1a263"
  integrity sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==
@ -2921,13 +2857,6 @@ supports-color@^5.3.0:
  dependencies:
    has-flag "^3.0.0"

-supports-color@^6.1.0:
-  version "6.1.0"
-  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-6.1.0.tgz#0764abc69c63d5ac842dd4867e8d025e880df8f3"
-  integrity sha512-qe1jfm1Mg7Nq/NSh6XE24gPXROEVsWHxC1LIx//XNlD9iw7YZQGjZNjYN7xGaEG6iKdA8EtNFW6R0gjnVXp+wQ==
-  dependencies:
-    has-flag "^3.0.0"
-
 supports-color@^7.1.0:
  version "7.2.0"
  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-7.2.0.tgz#1b7dcdcb32b8138801b3e478ba6a51caa89648da"