diff options
Diffstat (limited to 'app/assets/javascripts/static_site_editor/rich_content_editor/services/sanitize_html.js')
-rw-r--r-- | app/assets/javascripts/static_site_editor/rich_content_editor/services/sanitize_html.js | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/app/assets/javascripts/static_site_editor/rich_content_editor/services/sanitize_html.js b/app/assets/javascripts/static_site_editor/rich_content_editor/services/sanitize_html.js new file mode 100644 index 00000000000..486d88466b7 --- /dev/null +++ b/app/assets/javascripts/static_site_editor/rich_content_editor/services/sanitize_html.js @@ -0,0 +1,22 @@ +import createSanitizer from 'dompurify'; +import { getURLOrigin } from '~/lib/utils/url_utility'; +import { ALLOWED_VIDEO_ORIGINS } from '../constants'; + +const sanitizer = createSanitizer(window); +const ADD_TAGS = ['iframe']; + +sanitizer.addHook('uponSanitizeElement', (node) => { + if (node.tagName !== 'IFRAME') { + return; + } + + const origin = getURLOrigin(node.getAttribute('src')); + + if (!ALLOWED_VIDEO_ORIGINS.includes(origin)) { + node.remove(); + } +}); + +const sanitize = (content) => sanitizer.sanitize(content, { ADD_TAGS }); + +export default sanitize; |