Merge pull request #185 from codex-team/sanitizer

sanitize improvements
2024-06-26 09:20:07 +02:00 · 2017-04-23 01:29:14 +03:00 · 2017-04-23 01:29:14 +03:00 · 79dfa8cbe7
parent bff230e7c7 aadde64fbe
commit 79dfa8cbe7
10 changed files with 48 additions and 23 deletions
--- a/codex-editor.js
+++ b/codex-editor.js
--- a/codex-editor.js.map
+++ b/codex-editor.js.map
--- a/example.html
+++ b/example.html
@ -20,8 +20,7 @@
 <script src="codex-editor.js?v=108"></script>
 <link rel="stylesheet" href="codex-editor.css?v=11000">

-
-<script src="plugins/paragraph/paragraph.js"></script>
+<script src="plugins/paragraph/paragraph.js?v=100"></script>
 <link rel="stylesheet" href="plugins/paragraph/paragraph.css">

 <script src="plugins/header/header.js"></script>
@ -62,11 +61,6 @@
        holderId : "codex-editor",
        initialBlockPlugin : 'paragraph',
        hideToolbar: false,
-        sanitizer : {
-            tags : {
-                p : {}
-            }
-        },
        tools : {
            paragraph: {
                type: 'paragraph',
--- a/modules/callbacks.js
+++ b/modules/callbacks.js
@ -3,7 +3,7 @@
 * @description Module works with editor added Elements
 *
 * @author Codex Team
- * @version 1.3.12
+ * @version 1.4.0
 */

 module.exports = (function (callbacks) {
@ -933,7 +933,6 @@ module.exports = (function (callbacks) {

        /** Temporary DIV that is used to work with childs as arrays item */
        var div     = editor.draw.node('DIV', '', {}),
-            cleaner = new editor.sanitizer.init(),
            cleanData,
            fragment;

@ -942,7 +941,7 @@ module.exports = (function (callbacks) {

        if ( htmlData.trim() != '' ) {

-            cleanData = cleaner.clean(htmlData);
+            cleanData = editor.sanitizer.clean(htmlData);
            div.innerHTML = cleanData;

        } else {
--- a/modules/sanitizer.js
+++ b/modules/sanitizer.js
@ -48,14 +48,38 @@ module.exports = (function (sanitizer) {

    sanitizer.Config = Config;

-    sanitizer.init = function () {
+    /**
+     *
+     * @param userCustomConfig
+     * @returns {*}
+     * @private
+     *
+     * @description If developer uses editor's API, then he can customize sane restrictions.
+     * Or, sane config can be defined globally in editors initialization. That config will be used everywhere
+     * At least, if there is no config overrides, that API uses BASIC Default configation
+     */
+    let init_ = function (userCustomConfig) {

-        let configuration = Config.CUSTOM || Config.BASIC;
+        let configuration = userCustomConfig || Config.CUSTOM || Config.BASIC;

        return new janitor(configuration);

    };

+    /**
+     * Cleans string from unwanted tags
+     * @protected
+     * @param {String} dirtyString - taint string
+     * @param {Object} customConfig - allowed tags
+     */
+    sanitizer.clean = function(dirtyString, customConfig) {
+
+        let janitorInstance = init_(customConfig);
+
+        return janitorInstance.clean(dirtyString);
+
+    };
+
    return sanitizer;

 })({});
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "codex.editor",
-  "version": "1.6.2",
+  "version": "1.6.3",
  "description": "Codex Editor. Native JS, based on API and Open Source",
  "main": "index.js",
  "scripts": {
--- a/plugins/paragraph/paragraph.js
+++ b/plugins/paragraph/paragraph.js
@ -80,10 +80,22 @@ var paragraph = (function(paragraph_plugin) {
     */
    paragraph_plugin.save = function (blockContent){

-        var wrappedText = codex.editor.content.wrapTextWithParagraphs(blockContent.innerHTML);
+        var wrappedText = codex.editor.content.wrapTextWithParagraphs(blockContent.innerHTML),
+            sanitizerConfig = {
+                tags : {
+                    p : {},
+                    a: {
+                        href: true,
+                        target: '_blank',
+                        rel: 'nofollow'
+                    },
+                    i: {},
+                    b: {},
+                }
+            };

        var data = {
-            "text": wrappedText,
+            "text": codex.editor.sanitizer.clean(wrappedText, sanitizerConfig),
            "format": "html",
            "introText": '<<same>>'
        };
--- a/webpack.config.js
+++ b/webpack.config.js
@ -26,7 +26,6 @@ var ExtractTextWebpackPlugin    = require('extract-text-webpack-plugin');
 module.exports = {

    entry: {
-        "whatwg-fetch": "whatwg-fetch",
        "codex-editor": "./codex"
    },
    output: {
@ -37,7 +36,7 @@ module.exports = {
    watch: true,

    watchOptions: {
-        aggregateTimeOut: 100
+        aggregateTimeOut: 50
    },

    devtool: NODE_ENV == 'development' ? "source-map" : null,
--- a/whatwg-fetch.js
+++ b/whatwg-fetch.js
--- a/whatwg-fetch.js.map
+++ b/whatwg-fetch.js.map