diff --git a/src/services/html_sanitizer.js b/src/services/html_sanitizer.js
index d6fb91c09..20fb0d70a 100644
--- a/src/services/html_sanitizer.js
+++ b/src/services/html_sanitizer.js
@@ -33,17 +33,7 @@ function sanitize(dirtyHtml) {
'en-media' // for ENEX import
],
allowedAttributes: {
- 'a': [ 'href', 'class' ],
- 'img': [ 'src' ],
- 'section': [ 'class', 'data-note-id' ],
- 'figure': [ 'class' ],
- 'span': [ 'class', 'style' ],
- 'label': [ 'class' ],
- 'input': [ 'class', 'type', 'disabled' ],
- 'code': [ 'class' ],
- 'ul': [ 'class' ],
- 'table': [ 'class' ],
- 'en-media': [ 'hash' ]
+ '*': [ 'class', 'style', 'title', 'src', 'href', 'hash', 'disabled', 'align', 'alt', 'center', 'data-*' ]
},
allowedSchemes: [
'http', 'https', 'ftp', 'ftps', 'mailto', 'data', 'evernote', 'file', 'facetime', 'irc', 'gemini', 'git',
diff --git a/src/services/import/single.js b/src/services/import/single.js
index 567976f4f..31928e7fe 100644
--- a/src/services/import/single.js
+++ b/src/services/import/single.js
@@ -121,7 +121,11 @@ function importMarkdown(taskContext, file, parentNote) {
const title = utils.getNoteTitle(file.originalname, taskContext.data.replaceUnderscoresWithSpaces);
const markdownContent = file.buffer.toString("utf-8");
- const htmlContent = markdownService.renderToHtml(markdownContent, title);
+ let htmlContent = markdownService.renderToHtml(markdownContent, title);
+
+ if (taskContext.data.safeImport) {
+ htmlContent = htmlSanitizer.sanitize(htmlContent);
+ }
const {note} = noteService.createNewNote({
parentNoteId: parentNote.noteId,
@@ -141,7 +145,10 @@ function importHtml(taskContext, file, parentNote) {
const title = utils.getNoteTitle(file.originalname, taskContext.data.replaceUnderscoresWithSpaces);
let content = file.buffer.toString("utf-8");
- content = htmlSanitizer.sanitize(content);
+ if (taskContext.data.safeImport) {
+ content = htmlSanitizer.sanitize(content);
+ }
+
content = importUtils.handleH1(content, title);
const {note} = noteService.createNewNote({
diff --git a/src/services/import/zip.js b/src/services/import/zip.js
index d4c591610..9103d22f9 100644
--- a/src/services/import/zip.js
+++ b/src/services/import/zip.js
@@ -321,7 +321,9 @@ async function importZip(taskContext, fileBuffer, importRootNote) {
}
});
- content = htmlSanitizer.sanitize(content);
+ if (taskContext.data.safeImport) {
+ content = htmlSanitizer.sanitize(content);
+ }
content = content.replace(/]*>/gis, "");
content = content.replace(/<\/body>.*<\/html>/gis, "");