Merge pull request #444 from thematters/develop

Release: v0.2.1
thematters · Sep 14, 2023 · 6c20a9e · 6c20a9e
2 parents 98a6b24 + 9cf7af0
commit 6c20a9e
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 6 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@matters/matters-editor",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Editor for matters.news",
   "author": "https://github.com/thematters",
   "homepage": "https://github.com/thematters/matters-editor",

diff --git a/src/editors/extensions/readOnlyFigureEmbed.ts b/src/editors/extensions/readOnlyFigureEmbed.ts
@@ -278,7 +278,6 @@ export const ReadOnlyFigureEmbed = Node.create({
       ...(isCode ? [`embed-code`] : []),
     ].join(' ')
 
-    console.log({ url })
 
     return [
       'figure',

diff --git a/src/transformers/options.ts b/src/transformers/options.ts
@@ -95,15 +95,27 @@ export const rehypeSanitizeOptions:
   },
   attributes: {
     ...defaultSchema.attributes,
-    a: ['href', 'ref', 'target', 'className', 'data*'],
-    br: ['className'],
+    a: [
+      // classes
+      ['className', 'mention'],
+      'href',
+      'ref',
+      'target',
+      'data*',
+    ],
+    br: [
+      // classes
+      ['className', 'smart'],
+    ],
     img: ['src', 'srcSet', 'data*'],
     audio: ['controls', 'data*', ['preload', 'metadata']],
     source: ['src', 'type', 'data*'],
     figure: [
+      // classes
       ['className', 'image', 'audio', 'embed', 'embed-code', 'embed-video'],
     ],
     div: [
+      // classes
       [
         'className',
         'player',
@@ -114,8 +126,15 @@ export const rehypeSanitizeOptions:
       ],
       'data*',
     ],
-    h4: [['className', 'title']],
-    span: [['className', 'play', 'current', 'duration'], 'data*'],
+    h4: [
+      // classes
+      ['className', 'title'],
+    ],
+    span: [
+      // classes
+      ['className', 'play', 'current', 'duration'],
+      'data*',
+    ],
     iframe: [
       'src',
       'allowFullScreen',

diff --git a/src/transformers/sanitize.test.ts b/src/transformers/sanitize.test.ts
@@ -9,6 +9,16 @@ const expectSanitizeHTML = (input: string, output: string) => {
 /**
  * Tests
  */
+describe('Sanitization: custom', () => {
+  test('whitelist classes', () => {
+    expectSanitizeHTML('<a class="mention">pp</a>', '<a class="mention">pp</a>')
+    expectSanitizeHTML(
+      '<a class="styles_link__dKYrM">pp</a>',
+      '<a class="">pp</a>'
+    )
+  })
+})
+
 // via https://github.com/leizongmin/js-xss/blob/master/test/test_xss.js
 describe('Sanitization: basic', () => {
   test('unknown attributes', () => {