fix(deps): update dependency sanitize-html to v2

2025-10-26 16:46:12 +01:00 · 2020-09-29 13:34:24 -04:00
parent 84f5e4cf3d
commit 1e5621c049
2 changed files with 5 additions and 7 deletions
--- a/install/package.json
+++ b/install/package.json
@@ -108,7 +108,7 @@
        "request-promise-native": "^1.0.8",
        "rimraf": "3.0.2",
        "rss": "^1.2.2",
-        "sanitize-html": "^1.23.0",
+        "sanitize-html": "^2.0.0",
        "semver": "^7.2.1",
        "serve-favicon": "^2.5.0",
        "sharp": "0.26.1",
@@ -172,4 +172,4 @@
            "url": "https://github.com/barisusakli"
        }
    ]
-}
+}
--- a/src/posts/parse.js
+++ b/src/posts/parse.js
@@ -14,15 +14,13 @@ var utils = require('../utils');
 let sanitizeConfig = {
 	allowedTags: sanitize.defaults.allowedTags.concat([
 		// Some safe-to-use tags to add
-		'span', 'a', 'pre', 'small',
+		'sup', 'ins', 'del', 'img', 'button',
 		'sup', 'sub', 'u', 'del',
 		'video', 'audio', 'iframe', 'embed',
-		'img', 'tfoot', 'h1', 'h2',
+		// 'sup' still necessary until https://github.com/apostrophecms/sanitize-html/pull/422 merged
 		's', 'button', 'i',
 	]),
 	allowedAttributes: {
 		...sanitize.defaults.allowedAttributes,
-		a: ['href', 'hreflang', 'media', 'rel', 'target', 'type'],
+		a: ['href', 'name', 'hreflang', 'media', 'rel', 'target', 'type'],
 		img: ['alt', 'height', 'ismap', 'src', 'usemap', 'width', 'srcset'],
 		iframe: ['height', 'name', 'src', 'width'],
 		video: ['autoplay', 'controls', 'height', 'loop', 'muted', 'poster', 'preload', 'src', 'width'],