-
Notifications
You must be signed in to change notification settings - Fork 28
HTML CSS Sanitization
const allowedTags = {
a: [],
b: [],
br: [],
div: [],
font: [],
h1: [],
h2: [],
h3: [],
h4: [],
h5: [],
h6: [],
hr: [],
img: [],
label: [],
li: [],
ol: [],
p: [],
span: [],
strong: [],
table: [],
td: [],
th: [],
tr: [],
u: [],
ul: [],
i: [],
};
const headingAttributes = [
‘align’, ‘dir’, ‘id’, ‘style’
];
const allowedAttributes = {
‘a’: [‘href’, ‘style’, ‘target’],
‘b’: [‘style’],
‘br’: [‘style’],
‘div’: [‘align’, ‘dir’, ‘style’],
‘font’: [‘color’, ‘face’, ‘size’, ‘style’],
‘h1’: headingAttributes,
‘h2’: headingAttributes,
‘h3’: headingAttributes,
‘h4’: headingAttributes,
‘h5’: headingAttributes,
‘h6’: headingAttributes,
‘hr’: [‘align’, ‘size’, ‘width’],
‘img’: [
‘align’, ‘border’, ‘height’, ‘hspace’,
‘src’, ‘style’, ‘usemap’, ‘vspace’, ‘width’
],
‘label’: [‘id’, ‘style’],
‘li’: [‘dir’, ‘style’, ‘type’],
‘ol’: [‘dir’, ‘style’, ‘type’],
‘p’: [‘align’, ‘dir’, ‘style’],
‘span’: [‘style’],
‘strong’: [‘style’],
‘table’: [
‘align’, ‘bgcolor’, ‘border’, ‘cellpadding’, ‘cellspacing’,
‘dir’, ‘frame’, ‘rules’, ‘style’, ‘width’
],
‘td’: [
‘abbr’, ‘align’, ‘bgcolor’, ‘colspan’, ‘dir’,
‘height’, ‘lang’, ‘rowspan’, ‘scope’, ‘style’, ‘valign’, ‘width’
],
‘th’: [
‘abbr’, ‘align’, ‘background’, ‘bgcolor’, ‘colspan’,
‘dir’, ‘height’, ‘lang’, ‘scope’, ‘style’, ‘valign’, ‘width’
],
‘tr’: [‘align’, ‘bgcolor’, ‘dir’, ‘style’, ‘valign’],
‘u’: [‘style’],
‘ul’: [‘dir’, ‘style’]
};
Extra work
1. Move header styles to inline style
2. Remove `class` attributes from all of tags