app/assets/javascripts/vue_shared/components/rich_content_editor/services/sanitize_html.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

import createSanitizer from 'dompurify';
import { ALLOWED_VIDEO_ORIGINS } from '../constants';
import { getURLOrigin } from '~/lib/utils/url_utility';

const sanitizer = createSanitizer(window);
const ADD_TAGS = ['iframe'];

sanitizer.addHook('uponSanitizeElement', node => {
  if (node.tagName !== 'IFRAME') {
    return;
  }

  const origin = getURLOrigin(node.getAttribute('src'));

  if (!ALLOWED_VIDEO_ORIGINS.includes(origin)) {
    node.remove();
  }
});

const sanitize = content => sanitizer.sanitize(content, { ADD_TAGS });

export default sanitize;