Top 10 Examples of "sanitize-html in functional component" in JavaScript
Dive into secure and efficient coding practices with our curated list of the top 10 examples showcasing 'sanitize-html' in functional components in JavaScript. Our advanced machine learning engine meticulously scans each line of code, cross-referencing millions of open source libraries to ensure your implementation is not just functional, but also robust and secure. Elevate your React applications to new heights by mastering the art of handling side effects, API calls, and asynchronous operations with confidence and precision.
}
// Strip out HTML comments. "JS-DOS" bug.
text = text.replace(/|$)/g, '(html comment removed: $1)')
let renderedText = html ? text : remarkable.render(text)
// Embed videos, link mentions and hashtags, etc...
if(renderedText) renderedText = HtmlReady(renderedText).html
// Complete removal of javascript and other dangerous tags..
// The must remain as close as possible to dangerouslySetInnerHTML
let cleanText = renderedText
if (this.props.allowDangerousHTML === true) {
console.log('WARN\tMarkdownViewer rendering unsanitized content')
} else {
cleanText = sanitize(renderedText, sanitizeConfig({large, highQualityPost, noImage: noImage && allowNoImage}))
}
if(/<\s*script/ig.test(cleanText)) {
// Not meant to be complete checking, just a secondary trap and red flag (code can change)
console.error('Refusing to render script tag in post text', cleanText)
return <div></div>
}
const noImageActive = cleanText.indexOf(noImageText) !== -1
// In addition to inserting the youtube compoennt, this allows react to compare separately preventing excessive re-rendering.
let idx = 0
const sections = []
// HtmlReady inserts ~~~ embed:${id} type ~~~
for(let section of cleanText.split('~~~ embed:')) {// emoji unicode characters.
const emojiPlaceholderRegEx = new RegExp(':.+?:', 'g');
const matches = attrs.message.match(emojiPlaceholderRegEx, 'g');
if (matches) {
matches.forEach(match => {
const emoji = getEmojiByName(match);
if (emoji && emoji.char) {
attrs.message = attrs.message.replace(match, emoji.char);
}
});
}
// sanitize the message
attrs.message = sanitizeHtml(attrs.message);
// Generate a processed message with changes to the message that are specific to our UI.
attrs.processedMessage = processMessage(attrs.message);
} else {
// The processedMessage is automatically derived from the message and should not
// be set directly.
delete attrs.processedMessage;
}
return super.set(attrs, opts);
}public static sanitize(html: string) {
return sanitizeHtml(html, {
// TODO: add all of these below.. to allowedAttributes.
allowedTags: [ 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote',
'cite', 'p', 'a', 'ul', 'ol', 'nl', 'li', 'b', 'i',
'strong', 'em', 'strike', 'code', 'hr', 'br', 'div',
'table', 'thead', 'caption', 'tbody', 'tr', 'th',
'td', 'pre', 'iframe' ],
allowedAttributes: {
'pre': ["style"],
'ul': ["style"],
'ol': ["style"],
'li': ["style"],
'ni': ["style"],
'code': ["style"],function clean(dirty) {
if (!dirty) {
return dirty
}
// Convert embeds to a-tags
dirty = embedToAnchor(dirty)
dirty = linkifyHtml(dirty)
dirty = sanitizeHtml(dirty, {
allowedTags: [
'iframe',
'img',
'p',
'h3',
'h4',
'br',
'hr',
'b',
'i',
'em',
'strong',
'a',
'pre',
'ul',
'li',gfm: true,
breaks: true,
sanitize: false,
highlight: (code, language) => highlightCodeSafe(code, language),
})
return sanitize(
rendered,
options.plainText
? { allowedTags: [], allowedAttributes: {} }
: {
// Defaults: https://sourcegraph.com/github.com/punkave/sanitize-html@90aac2665011be6fa21a8864d21c604ee984294f/-/blob/src/index.js#L571-589
// Allow highligh.js styles, e.g.
// <span class="hljs-keyword">
// <code class="language-javascript">
allowedTags: [...without(sanitize.defaults.allowedTags, 'iframe'), 'h1', 'h2', 'span', 'img'],
allowedAttributes: {
...sanitize.defaults.allowedAttributes,
span: ['class'],
code: ['class'],
h1: ['id'],
h2: ['id'],
h3: ['id'],
h4: ['id'],
h5: ['id'],
h6: ['id'],
},
}
)
}
</code></span>router.put('/:id/:comment_id/:reply_id', checkForumThreadCommentReplyOwnership, asyncMiddleware(async (req, res) => {
const foundReply = await forumThreadCommentReply.findById(req.params.reply_id).exec();
if (foundReply.disabled) {
req.flash('error', 'You cannot edit a deleted reply.');
res.redirect('back');
return;
}
foundReply.text = sanitizeHtml(req.body.reply.text, {
allowedTags: sanitizeHtml.defaults.allowedTags.concat(sanitizeHtmlAllowedTagsForumThread),
allowedAttributes: sanitizeHtmlAllowedAttributesForumThread,
});
foundReply.edited = true;
foundReply.timeLastEdit = new Date();
await foundReply.save();
// forumThread.findById(req.params.id)
const foundForumThreadComment = await forumThreadComment.findById(req.params.comment_id).populate('replies').exec();
foundForumThreadComment.markModified('replies');
// update time last edited
foundForumThreadComment.timeLastEdit = new Date();
await foundForumThreadComment.save();
// forumThread.findById(req.params.id)
const foundForumThread = await forumThread.findById(req.params.id).populate('comments').exec();
foundForumThread.markModified('comments');const _ = require('lodash');
const store = require('seneca-postgresql-store');
const storeQuery = require('seneca-store-query');
const dgram = require('dgram');
const service = 'cp-dojos-service';
const log = require('cp-logs-lib')({ name: service, level: 'warn' });
const sanitizeHtml = require('sanitize-html');
config.log = log.log;
// logger creates a circular JSON
if (process.env.NODE_ENV !== 'production') {
seneca.log.info('using config', JSON.stringify(config, null, 4));
}
seneca.options(config);
seneca.options.sanitizeTextArea = {
allowedTags: sanitizeHtml.defaults.allowedTags.concat(['img']),
allowedAttributes: _.assign({}, sanitizeHtml.defaults.allowedAttributes, {
/**
* Allowing everything here since within ckeditor you have the option of setting the following:
*
* * styles such as border, width, and height.
* * alt text
*
* However ng-bind-html strips the style tag, so you won't actually see custom styling.
*/
img: ['*']
})
};
seneca.decorate('customValidatorLogFormatter', require('./lib/custom-validator-log-formatter'));
seneca.use(store, config['postgresql-store']);
seneca.use(storeQuery);
if (process.env.MAILDEV_ENABLED === 'true') {visibility: [CssProp.VISIBILITY],
volume: [CssProp.VOLUME],
'white-space': [CssProp.WHITE_SPACE],
width: [CssProp.WIDTH],
'word-break': [CssProp.WORD_BREAK],
'word-spacing': [CssProp.WORD_SPACING],
'word-wrap': [CssProp.WORD_WRAP],
'z-index': [CssProp.Z_INDEX],
zoom: [CssProp.ZOOM]
}
},
transformTags: {
// Set the "rel" attribute for <a> tags to "nofollow".
a: sanitize.simpleTransform('a', { rel: 'nofollow' }),
// Set the "disabled" attribute for <input> tags.
input: sanitize.simpleTransform('input', { disabled: 'disabled' })
},
allowedSchemesByTag: {
// Allow 'attachment:' img src (used for markdown cell attachments).
img: sanitize.defaults.allowedSchemes.concat(['attachment'])
},
// Override of the default option, so we can skip 'src' attribute validation.
// 'src' Attributes are validated to be URIs, which does not allow for embedded (image) data.
// Since embedded data is no longer deemed to be a threat, validation can be skipped.
// See https://github.com/jupyterlab/jupyterlab/issues/5183
allowedSchemesAppliedToAttributes: ['href', 'cite']
};
}
/**
* The default instance of an `ISanitizer` meant for use by user code.
*/</a>// custom ones first:
font: [ 'color' ], // custom to matrix
a: [ 'href', 'name', 'target' ], // remote target: custom to matrix
// We don't currently allow img itself by default, but this
// would make sense if we did
img: [ 'src' ],
},
// Lots of these won't come up by default because we don't allow them
selfClosing: [ 'img', 'br', 'hr', 'area', 'base', 'basefont', 'input', 'link', 'meta' ],
// URL schemes we permit
allowedSchemes: [ 'http', 'https', 'ftp', 'mailto' ],
allowedSchemesByTag: {},
transformTags: { // custom to matrix
// add blank targets to all hyperlinks
'a': sanitizeHtml.simpleTransform('a', { target: '_blank'} )
},
};
module.exports = {
bodyToHtml: function(content, searchTerm) {
var originalBody = content.body;
var body;
if (searchTerm) {
var lastOffset = 0;
var bodyList = [];
var k = 0;
var offset;
// XXX: rather than searching for the search term in the body,
// we should be looking at the match delimiters returned by the FTS engineimport * as sanitize from 'sanitize-html';
let options: sanitize.IOptions = {
allowedTags: sanitize.defaults.allowedTags.concat('h1', 'h2', 'img'),
allowedAttributes: {
'a': sanitize.defaults.allowedAttributes['a'].concat('rel'),
'img': ['src', 'height', 'width', 'alt']
},
transformTags: {
'a': sanitize.simpleTransform('a', { 'rel': 'nofollow' }),
'img': (tagName: string, attribs: sanitize.Attributes) => {
let img = { tagName, attribs };
img.attribs['alt'] = 'transformed' ;
return img;
}
},
exclusiveFilter: function(frame: sanitize.IFrame) {
return frame.tag === 'a' && !frame.text.trim();
}
};