diff --git a/package-lock.json b/package-lock.json index 506d5a4..5d4c8d0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -23,6 +23,7 @@ "markdown-it-anchor": "9.2.0", "markdown-it-footnote": "4.0.0", "minisearch": "7.1.1", + "sanitize-html": "2.13.1", "truncate-html": "1.1.2", "youtube-video-element": "^1.1.6" }, @@ -3438,7 +3439,6 @@ "version": "4.3.1", "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==", - "dev": true, "license": "MIT", "engines": { "node": ">=0.10.0" @@ -4543,6 +4543,15 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/is-plain-object": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", + "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/is-unicode-supported": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-2.1.0.tgz", @@ -6076,6 +6085,12 @@ "integrity": "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q==", "license": "MIT" }, + "node_modules/parse-srcset": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/parse-srcset/-/parse-srcset-1.0.2.tgz", + "integrity": "sha512-/2qh0lav6CmI15FzA3i/2Bzk2zCgQhGMkvhOhKNcBVQ1ldgpbfiNTVslmooUmWJcADi1f1kIeynbDRVzNlfR6Q==", + "license": "MIT" + }, "node_modules/parse5": { "version": "7.2.1", "resolved": "https://registry.npmjs.org/parse5/-/parse5-7.2.1.tgz", @@ -6846,6 +6861,32 @@ "dev": true, "license": "MIT" }, + "node_modules/sanitize-html": { + "version": "2.13.1", + "resolved": "https://registry.npmjs.org/sanitize-html/-/sanitize-html-2.13.1.tgz", + "integrity": "sha512-ZXtKq89oue4RP7abL9wp/9URJcqQNABB5GGJ2acW1sdO8JTVl92f4ygD7Yc9Ze09VAZhnt2zegeU0tbNsdcLYg==", + "license": "MIT", + "dependencies": { + "deepmerge": "^4.2.2", + "escape-string-regexp": "^4.0.0", + "htmlparser2": "^8.0.0", + "is-plain-object": "^5.0.0", + "parse-srcset": "^1.0.2", + "postcss": "^8.3.11" + } + }, + "node_modules/sanitize-html/node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/sax": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/sax/-/sax-1.4.1.tgz", diff --git a/package.json b/package.json index ef05b34..2b1a263 100644 --- a/package.json +++ b/package.json @@ -31,6 +31,7 @@ "markdown-it-anchor": "9.2.0", "markdown-it-footnote": "4.0.0", "minisearch": "7.1.1", + "sanitize-html": "2.13.1", "truncate-html": "1.1.2", "youtube-video-element": "^1.1.6" }, diff --git a/src/pages/feeds/all.xml.js b/src/pages/feeds/all.xml.js index 4feff89..b6d1ddf 100644 --- a/src/pages/feeds/all.xml.js +++ b/src/pages/feeds/all.xml.js @@ -1,6 +1,7 @@ import rss from "@astrojs/rss"; import { fetchGlobals } from "@utils/data/globals.js"; import { fetchActivity } from "@utils/data/activity.js"; +import { sanitizeContent, md } from "@utils/helpers/general.js"; export const prerender = true; @@ -17,7 +18,7 @@ export async function GET() { title: item.feed.title, pubDate: item.feed.date, link: item.feed.url, - description: item.feed.description, + content: sanitizeContent(md(item.feed.description)), })), }); } diff --git a/src/pages/feeds/books.xml.js b/src/pages/feeds/books.xml.js index 9caeff6..c61e7b1 100644 --- a/src/pages/feeds/books.xml.js +++ b/src/pages/feeds/books.xml.js @@ -1,7 +1,7 @@ import rss from "@astrojs/rss"; import { fetchGlobals } from "@utils/data/globals.js"; import { fetchBooks } from "@utils/data/books.js"; -import { escapeHtml, md } from "@utils/helpers/general.js"; +import { sanitizeContent, md } from "@utils/helpers/general.js"; export const prerender = true; @@ -18,7 +18,7 @@ export async function GET() { title: book.feed.title, pubDate: book.feed.date, link: book.feed.url, - description: escapeHtml(md(book.feed.description)), + content: sanitizeContent(md(book.feed.description)), })), }); } diff --git a/src/pages/feeds/links.xml.js b/src/pages/feeds/links.xml.js index a5b232f..be5af5f 100644 --- a/src/pages/feeds/links.xml.js +++ b/src/pages/feeds/links.xml.js @@ -18,7 +18,7 @@ export async function GET() { title: link.feed.title, pubDate: link.feed.date, link: link.feed.url, - description: link.feed.description, + content: link.feed.description, })), }); } diff --git a/src/pages/feeds/movies.xml.js b/src/pages/feeds/movies.xml.js index 3975351..245dfa2 100644 --- a/src/pages/feeds/movies.xml.js +++ b/src/pages/feeds/movies.xml.js @@ -1,7 +1,7 @@ import rss from "@astrojs/rss"; import { fetchGlobals } from "@utils/data/globals.js"; import { fetchMovies } from "@utils/data/movies.js"; -import { escapeHtml, md } from "@utils/helpers/general.js"; +import { sanitizeContent, md } from "@utils/helpers/general.js"; export const prerender = true; @@ -18,7 +18,7 @@ export async function GET() { title: movie.feed.title, pubDate: movie.feed.date, link: movie.feed.url, - description: escapeHtml(md(movie.feed.description)), + content: sanitizeContent(md(movie.feed.description)), })), }); } diff --git a/src/pages/feeds/posts.xml.js b/src/pages/feeds/posts.xml.js index c3214cf..e1ea21a 100644 --- a/src/pages/feeds/posts.xml.js +++ b/src/pages/feeds/posts.xml.js @@ -1,7 +1,7 @@ import rss from "@astrojs/rss"; import { fetchGlobals } from "@utils/data/globals.js"; import { fetchAllPosts } from "@utils/data/posts.js"; -import { escapeHtml, md } from "@utils/helpers/general.js"; +import { htmlToText, sanitizeContent, md } from "@utils/helpers/general.js"; export const prerender = true; @@ -18,7 +18,8 @@ export async function GET() { title: post.feed.title, pubDate: post.feed.date, link: post.feed.url, - description: escapeHtml(md(post.feed.description)), + description: htmlToText(md(post.feed.description)), + content: sanitizeContent(md(post.feed.content)), })), }); } diff --git a/src/utils/helpers/general.js b/src/utils/helpers/general.js index 42840b9..81b7ac8 100644 --- a/src/utils/helpers/general.js +++ b/src/utils/helpers/general.js @@ -1,5 +1,6 @@ import { convert } from "html-to-text"; import { format } from "date-fns-tz"; +import sanitizeHtml from "sanitize-html"; import markdownIt from "markdown-it"; import markdownItAnchor from "markdown-it-anchor"; import markdownItFootnote from "markdown-it-footnote"; @@ -60,19 +61,29 @@ export const htmlToText = (html) => ], }); -export const escapeHtml = (input) => - typeof input === "string" - ? input.replace(/[&<>"']/g, (char) => { - const map = { - "&": "&", - "<": "<", - ">": ">", - '"': """, - "'": "'", - }; - return map[char]; - }) - : ""; +export const sanitizeContent = (html) => + sanitizeHtml(html, { + allowedTags: [ + "p", + "ul", + "ol", + "li", + "strong", + "em", + "a", + "img", + "blockquote", + "pre", + "code", + "h1", + "h2", + "h3", + ], + allowedAttributes: { + a: ["href"], + img: ["src", "alt"], + }, + }); // markdown const markdown = markdownIt({