From 2a2a916ac1958fcd8a84bda6974b1b9653928c13 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson Date: Tue, 17 Dec 2024 15:57:59 +0100 Subject: [PATCH] Allow more text mutation for safe HTML --- lib/fic_tracker/converters/to_safe_html.rb | 28 ++++++++++++++++++---- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/lib/fic_tracker/converters/to_safe_html.rb b/lib/fic_tracker/converters/to_safe_html.rb index 2beba9c..1e87e3e 100644 --- a/lib/fic_tracker/converters/to_safe_html.rb +++ b/lib/fic_tracker/converters/to_safe_html.rb @@ -8,19 +8,23 @@ module Kramdown::Converter class SafeHtml < Base def initialize(root, options) super - + @options[:remove_block_html_tags] = true @options[:remove_span_html_tags] = false @options[:template] = 'string://<%= Html.convert(@body).first %>' end - SUPERFLUOUS_TAGS = %w[align class justify] - + ALLOWED_ATTRS = %w[alt dir hidden inert lang title translate] def convert(el) real_el, el = el, el.value if el.type == :footnote - # Strip out unnecessary HTML tags - SUPERFLUOUS_TAGS.each { |tag| el.attr.delete tag if el.attr.key? tag } + # Strip out superfluous and invalid HTML 5 tags + style = el.attr['style'] || "" + style += ";text-align:#{el.attr['align']}" if el.attr.key? 'align' + style = strip_style(style) if style.include? ':' + + el.attr.delete_if { |key, _| !ALLOWED_ATTRS.include?(key) } + el.attr['style'] = style if style.include? ':' children = el.children.dup index = 0 @@ -43,5 +47,19 @@ module Kramdown::Converter real_el || el end + + private + + ALLOWED_STYLE_ASSIGNMENTS = %w[font-size font-style font-weight text-align] + def strip_style(style) + parts = style.split(';').select { |p| p.include? ':' }.to_h do |assign| + parts = assign.split(':') + [parts.first.strip, parts.last.strip] + end + + parts.delete_if { |key, _| !ALLOWED_STYLE_ASSIGNMENTS.include?(key) } + + parts.map { |key, val| "#{key}:#{val}" }.join(';') + end end end