mirror of
https://github.com/ajnart/homarr.git
synced 2025-11-10 15:35:55 +01:00
✨ Add dangerous html content to rss (#885)
This commit is contained in:
Manuel
GitHub
@@ -70,6 +70,7 @@
|
|||||||
"sabnzbd-api": "^1.5.0",
|
"sabnzbd-api": "^1.5.0",
|
||||||
"uuid": "^9.0.0",
|
"uuid": "^9.0.0",
|
||||||
"xml-js": "^1.6.11",
|
"xml-js": "^1.6.11",
|
||||||
|
"xss": "^1.0.14",
|
||||||
"yarn": "^1.22.19",
|
"yarn": "^1.22.19",
|
||||||
"zod": "^3.21.4",
|
"zod": "^3.21.4",
|
||||||
"zustand": "^4.3.7"
|
"zustand": "^4.3.7"
|
||||||
|
|||||||
@@ -10,6 +10,12 @@
|
|||||||
},
|
},
|
||||||
"refreshInterval": {
|
"refreshInterval": {
|
||||||
"label": "Refresh interval (in minutes)"
|
"label": "Refresh interval (in minutes)"
|
||||||
|
},
|
||||||
|
"dangerousAllowSanitizedItemContent": {
|
||||||
|
"label": "Dangerous: Allow sanitized item content"
|
||||||
|
},
|
||||||
|
"settings.textLinesClamp": {
|
||||||
|
"label": "Text lines clamp"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"card": {
|
"card": {
|
||||||
|
|||||||
@@ -1,7 +1,8 @@
|
|||||||
|
import xss from 'xss';
|
||||||
import { NextApiRequest, NextApiResponse } from 'next';
|
import { NextApiRequest, NextApiResponse } from 'next';
|
||||||
import Consola from 'consola';
|
import Consola from 'consola';
|
||||||
import { getCookie } from 'cookies-next';
|
import { getCookie } from 'cookies-next';
|
||||||
import { decode } from 'html-entities';
|
import { decode, encode } from 'html-entities';
|
||||||
import Parser from 'rss-parser';
|
import Parser from 'rss-parser';
|
||||||
import { z } from 'zod';
|
import { z } from 'zod';
|
||||||
|
|
||||||
@@ -58,10 +59,13 @@ export const Get = async (request: NextApiRequest, response: NextApiResponse) =>
|
|||||||
const orderedFeed = {
|
const orderedFeed = {
|
||||||
...feed,
|
...feed,
|
||||||
items: feed.items
|
items: feed.items
|
||||||
.map((item: { title: any; content: any }) => ({
|
.map((item: { title: string; content: string; 'content:encoded': string }) => ({
|
||||||
...item,
|
...item,
|
||||||
title: item.title ? decode(item.title) : undefined,
|
title: item.title ? decode(item.title) : undefined,
|
||||||
content: decode(item.content),
|
content: processItemContent(
|
||||||
|
item['content:encoded'] ?? item.content,
|
||||||
|
rssWidget.properties.dangerousAllowSanitizedItemContent
|
||||||
|
),
|
||||||
enclosure: createEnclosure(item),
|
enclosure: createEnclosure(item),
|
||||||
link: createLink(item),
|
link: createLink(item),
|
||||||
}))
|
}))
|
||||||
@@ -81,6 +85,40 @@ export const Get = async (request: NextApiRequest, response: NextApiResponse) =>
|
|||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const processItemContent = (content: string, dangerousAllowSanitizedItemContent: boolean) => {
|
||||||
|
if (dangerousAllowSanitizedItemContent) {
|
||||||
|
return xss(content, {
|
||||||
|
allowList: {
|
||||||
|
p: [],
|
||||||
|
h1: [],
|
||||||
|
h2: [],
|
||||||
|
h3: [],
|
||||||
|
h4: [],
|
||||||
|
h5: [],
|
||||||
|
h6: [],
|
||||||
|
a: ['href'],
|
||||||
|
b: [],
|
||||||
|
strong: [],
|
||||||
|
i: [],
|
||||||
|
em: [],
|
||||||
|
img: ['src', 'width', 'height'],
|
||||||
|
br: [],
|
||||||
|
small: [],
|
||||||
|
ul: [],
|
||||||
|
li: [],
|
||||||
|
ol: [],
|
||||||
|
figure: [],
|
||||||
|
svg: [],
|
||||||
|
code: [],
|
||||||
|
mark: [],
|
||||||
|
blockquote: [],
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
return encode(content);
|
||||||
|
};
|
||||||
|
|
||||||
const createLink = (item: any) => {
|
const createLink = (item: any) => {
|
||||||
if (item.link) {
|
if (item.link) {
|
||||||
return item.link;
|
return item.link;
|
||||||
|
|||||||
@@ -1,4 +1,3 @@
|
|||||||
import Link from 'next/link';
|
|
||||||
import {
|
import {
|
||||||
ActionIcon,
|
ActionIcon,
|
||||||
Badge,
|
Badge,
|
||||||
@@ -19,6 +18,7 @@ import { IconClock, IconRefresh, IconRss } from '@tabler/icons-react';
|
|||||||
import { useQuery } from '@tanstack/react-query';
|
import { useQuery } from '@tanstack/react-query';
|
||||||
import dayjs from 'dayjs';
|
import dayjs from 'dayjs';
|
||||||
import { useTranslation } from 'next-i18next';
|
import { useTranslation } from 'next-i18next';
|
||||||
|
import Link from 'next/link';
|
||||||
|
|
||||||
import { defineWidget } from '../helper';
|
import { defineWidget } from '../helper';
|
||||||
import { IWidget } from '../widgets';
|
import { IWidget } from '../widgets';
|
||||||
@@ -38,6 +38,17 @@ const definition = defineWidget({
|
|||||||
max: 300,
|
max: 300,
|
||||||
step: 15,
|
step: 15,
|
||||||
},
|
},
|
||||||
|
dangerousAllowSanitizedItemContent: {
|
||||||
|
type: 'switch',
|
||||||
|
defaultValue: false,
|
||||||
|
},
|
||||||
|
textLinesClamp: {
|
||||||
|
type: 'slider',
|
||||||
|
defaultValue: 5,
|
||||||
|
min: 1,
|
||||||
|
max: 50,
|
||||||
|
step: 1,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
gridstack: {
|
gridstack: {
|
||||||
minWidth: 2,
|
minWidth: 2,
|
||||||
@@ -141,10 +152,10 @@ function RssTile({ widget }: RssTileProps) {
|
|||||||
)}
|
)}
|
||||||
|
|
||||||
<Flex gap="xs">
|
<Flex gap="xs">
|
||||||
{item.enclosure && (
|
{item.enclosure && item.enclosure.url && (
|
||||||
<MediaQuery query="(max-width: 1200px)" styles={{ display: 'none' }}>
|
<MediaQuery query="(max-width: 1200px)" styles={{ display: 'none' }}>
|
||||||
<Image
|
<Image
|
||||||
src={item.enclosure?.url ?? undefined}
|
src={item.enclosure.url ?? undefined}
|
||||||
width={140}
|
width={140}
|
||||||
height={140}
|
height={140}
|
||||||
radius="md"
|
radius="md"
|
||||||
@@ -162,9 +173,13 @@ function RssTile({ widget }: RssTileProps) {
|
|||||||
)}
|
)}
|
||||||
|
|
||||||
<Text lineClamp={2}>{item.title}</Text>
|
<Text lineClamp={2}>{item.title}</Text>
|
||||||
<Text color="dimmed" size="xs" lineClamp={3}>
|
<Text
|
||||||
{item.content}
|
className={classes.itemContent}
|
||||||
</Text>
|
color="dimmed"
|
||||||
|
size="xs"
|
||||||
|
lineClamp={widget.properties.textLinesClamp}
|
||||||
|
dangerouslySetInnerHTML={{ __html: item.content }}
|
||||||
|
/>
|
||||||
|
|
||||||
{item.pubDate && (
|
{item.pubDate && (
|
||||||
<InfoDisplay title={feed.feed.title} date={formatDate(item.pubDate)} />
|
<InfoDisplay title={feed.feed.title} date={formatDate(item.pubDate)} />
|
||||||
@@ -210,7 +225,7 @@ const InfoDisplay = ({ date, title }: { date: string; title: string | undefined
|
|||||||
</Group>
|
</Group>
|
||||||
);
|
);
|
||||||
|
|
||||||
const useStyles = createStyles(({ colorScheme }) => ({
|
const useStyles = createStyles(({ colorScheme, colors, radius, spacing }) => ({
|
||||||
backgroundImage: {
|
backgroundImage: {
|
||||||
position: 'absolute',
|
position: 'absolute',
|
||||||
width: '100%',
|
width: '100%',
|
||||||
@@ -225,6 +240,26 @@ const useStyles = createStyles(({ colorScheme }) => ({
|
|||||||
filter: 'blur(40px) brightness(0.7)',
|
filter: 'blur(40px) brightness(0.7)',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
itemContent: {
|
||||||
|
img: {
|
||||||
|
height: 100,
|
||||||
|
width: 'auto',
|
||||||
|
borderRadius: radius.sm,
|
||||||
|
},
|
||||||
|
blockquote: {
|
||||||
|
marginLeft: 10,
|
||||||
|
marginRight: 10,
|
||||||
|
paddingLeft: spacing.xs,
|
||||||
|
paddingRight: spacing.xs,
|
||||||
|
paddingTop: 1,
|
||||||
|
paddingBottom: 1,
|
||||||
|
borderLeftWidth: 4,
|
||||||
|
borderLeftStyle: 'solid',
|
||||||
|
borderLeftColor: colors.red[5],
|
||||||
|
borderRadius: radius.sm,
|
||||||
|
backgroundColor: colorScheme === 'dark' ? colors.dark[4] : '',
|
||||||
|
},
|
||||||
|
},
|
||||||
}));
|
}));
|
||||||
|
|
||||||
export default definition;
|
export default definition;
|
||||||
|
|||||||
Reference in New Issue
Block a user