Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-18 03:00:41 +01:00
Code Issues Packages Projects Releases Activity

server-ts: Port services/html_sanitizer

Browse Source
This commit is contained in:
Elian Doran
2024-02-17 21:33:47 +02:00
parent 00c692cf28
commit dc22d05657
11 changed files with 159 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/services/html_sanitizer.js → src/services/html_sanitizer.ts
View File

@@ -1,18 +1,18 @@
const sanitizeHtml = require('sanitize-html');
const sanitizeUrl = require('@braintree/sanitize-url').sanitizeUrl;
import sanitizeHtml = require('sanitize-html');
import sanitizeUrl = require('@braintree/sanitize-url');
// intended mainly as protection against XSS via import
// secondarily, it (partly) protects against "CSS takeover"
// sanitize also note titles, label values etc. - there are so many usages which make it difficult
// to guarantee all of them are properly handled
function sanitize(dirtyHtml) {
function sanitize(dirtyHtml: string) {
if (!dirtyHtml) {
return dirtyHtml;
}
// avoid H1 per https://github.com/zadam/trilium/issues/1552
// demote H1, and if that conflicts with existing H2, demote that, etc
const transformTags = {};
const transformTags: Record<string, string> = {};
const lowercasedHtml = dirtyHtml.toLowerCase();
for (let i = 1; i < 6; ++i) {
if (lowercasedHtml.includes(`<h${i}`)) {
@@ -49,7 +49,7 @@ function sanitize(dirtyHtml) {
module.exports = {
sanitize,
sanitizeUrl: url => {
return sanitizeUrl(url).trim();
sanitizeUrl: (url: string) => {
return sanitizeUrl.sanitizeUrl(url).trim();
}
};

2
src/services/image.js
View File

@@ -11,7 +11,7 @@ const imageType = require('image-type');
const sanitizeFilename = require('sanitize-filename');
const isSvg = require('is-svg');
const isAnimated = require('is-animated');
const htmlSanitizer = require('./html_sanitizer.js');
const htmlSanitizer = require('./html_sanitizer');
async function processImage(uploadBuffer, originalName, shrinkImageSwitch) {
const compressImages = optionService.getOptionBool("compressImages");

2
src/services/import/enex.js
View File

@@ -7,7 +7,7 @@ const sql = require('../sql');
const noteService = require('../notes.js');
const imageService = require('../image.js');
const protectedSessionService = require('../protected_session');
const htmlSanitizer = require('../html_sanitizer.js');
const htmlSanitizer = require('../html_sanitizer');
const {sanitizeAttributeName} = require('../sanitize_attribute_name');
/**

2
src/services/import/markdown.js
View File

@@ -1,7 +1,7 @@
"use strict";
const marked = require("marked");
const htmlSanitizer = require('../html_sanitizer.js');
const htmlSanitizer = require('../html_sanitizer');
const importUtils = require('./utils');
function renderToHtml(content, title) {

2
src/services/import/opml.js
View File

@@ -3,7 +3,7 @@
const noteService = require('../../services/notes.js');
const parseString = require('xml2js').parseString;
const protectedSessionService = require('../protected_session');
const htmlSanitizer = require('../html_sanitizer.js');
const htmlSanitizer = require('../html_sanitizer');
/**
* @param {TaskContext} taskContext

2
src/services/import/single.js
View File

@@ -7,7 +7,7 @@ const markdownService = require('./markdown.js');
const mimeService = require('./mime.js');
const utils = require('../../services/utils');
const importUtils = require('./utils');
const htmlSanitizer = require('../html_sanitizer.js');
const htmlSanitizer = require('../html_sanitizer');
function importSingleFile(taskContext, file, parentNote) {
const mime = mimeService.getMime(file.originalname) || file.mimetype;

2
src/services/import/zip.js
View File

@@ -11,7 +11,7 @@ const protectedSessionService = require('../protected_session');
const mimeService = require('./mime.js');
const treeService = require('../tree.js');
const yauzl = require("yauzl");
const htmlSanitizer = require('../html_sanitizer.js');
const htmlSanitizer = require('../html_sanitizer');
const becca = require('../../becca/becca');
const BAttachment = require('../../becca/entities/battachment');
const markdownService = require('./markdown.js');

2
src/services/notes.js
View File

@@ -17,7 +17,7 @@ const BNote = require('../becca/entities/bnote');
const BAttribute = require('../becca/entities/battribute');
const BAttachment = require('../becca/entities/battachment');
const dayjs = require("dayjs");
const htmlSanitizer = require('./html_sanitizer.js');
const htmlSanitizer = require('./html_sanitizer');
const ValidationError = require('../errors/validation_error');
const noteTypesService = require('./note_types');
const fs = require("fs");