Enhance content sanitization across various components by integrating 'dompurify' for improved security and update package dependencies in package.json and package-lock.json.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 4m56s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 4m56s
This commit is contained in:
Torsten Schulz (local)
26
composables/useSanitizeHtml.js
Normal file
26
composables/useSanitizeHtml.js
Normal file
@@ -0,0 +1,26 @@
|
||||
import DOMPurify from 'dompurify'
|
||||
|
||||
/**
|
||||
* Sanitizes HTML content to prevent XSS attacks
|
||||
* @param {string} html - The HTML content to sanitize
|
||||
* @returns {string} - The sanitized HTML
|
||||
*/
|
||||
export function useSanitizeHtml(html) {
|
||||
if (!html || typeof html !== 'string') {
|
||||
return ''
|
||||
}
|
||||
|
||||
// DOMPurify sanitizes HTML and removes dangerous content
|
||||
return DOMPurify.sanitize(html, {
|
||||
ALLOWED_TAGS: [
|
||||
'p', 'br', 'strong', 'em', 'u', 's', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
|
||||
'ul', 'ol', 'li', 'a', 'img', 'blockquote', 'code', 'pre', 'span', 'div',
|
||||
'table', 'thead', 'tbody', 'tr', 'th', 'td'
|
||||
],
|
||||
ALLOWED_ATTR: [
|
||||
'href', 'src', 'alt', 'title', 'class', 'id', 'width', 'height', 'style'
|
||||
],
|
||||
ALLOW_DATA_ATTR: false
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user