mirror of
https://github.com/zadam/trilium.git
synced 2025-06-06 18:08:33 +02:00
html_sanitizer: Demote H1 tags (#2190)
Generalize clipper.js support for removing H1 tags so it also applies to imports. This will move all heading levels down to make room if needed, only leaving duplicates at H6.
This commit is contained in:
parent
ec3b844026
commit
6ae8508413
@ -104,10 +104,7 @@ function createNote(req) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function processContent(images, note, content) {
|
function processContent(images, note, content) {
|
||||||
let rewrittenContent = htmlSanitizer.sanitize(content)
|
let rewrittenContent = htmlSanitizer.sanitize(content);
|
||||||
// H1 is not supported so convert it to H2
|
|
||||||
.replace(/<h1/ig, "<h2")
|
|
||||||
.replace(/<\/h1/ig, "</h2");
|
|
||||||
|
|
||||||
if (images) {
|
if (images) {
|
||||||
for (const {src, dataUrl, imageId} of images) {
|
for (const {src, dataUrl, imageId} of images) {
|
||||||
|
@ -3,6 +3,24 @@ const sanitizeHtml = require('sanitize-html');
|
|||||||
// intended mainly as protection against XSS via import
|
// intended mainly as protection against XSS via import
|
||||||
// secondarily it (partly) protects against "CSS takeover"
|
// secondarily it (partly) protects against "CSS takeover"
|
||||||
function sanitize(dirtyHtml) {
|
function sanitize(dirtyHtml) {
|
||||||
|
|
||||||
|
// avoid H1 per https://github.com/zadam/trilium/issues/1552
|
||||||
|
// demote H1, and if that conflicts with existing H2, demote that, etc
|
||||||
|
let transformTags = {};
|
||||||
|
const loweraseHtml = dirtyHtml.toLowerCase();
|
||||||
|
for (let i = 1; i < 6; ++i)
|
||||||
|
{
|
||||||
|
if (loweraseHtml.includes(`<h${i}`))
|
||||||
|
{
|
||||||
|
transformTags[`h${i}`] = `h${i+1}`;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// to minimize document changes, compress H
|
||||||
return sanitizeHtml(dirtyHtml, {
|
return sanitizeHtml(dirtyHtml, {
|
||||||
allowedTags: [
|
allowedTags: [
|
||||||
'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol',
|
'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol',
|
||||||
@ -20,7 +38,8 @@ function sanitize(dirtyHtml) {
|
|||||||
'input': [ 'class', 'type', 'disabled' ],
|
'input': [ 'class', 'type', 'disabled' ],
|
||||||
'code': [ 'class' ]
|
'code': [ 'class' ]
|
||||||
},
|
},
|
||||||
allowedSchemes: ['http', 'https', 'ftp', 'mailto', 'data', 'evernote']
|
allowedSchemes: ['http', 'https', 'ftp', 'mailto', 'data', 'evernote'],
|
||||||
|
transformTags,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user