From a95b761ce4cb60817bba8ffd5aa964ad2bd33319 Mon Sep 17 00:00:00 2001 From: Akis Date: Thu, 5 Jan 2023 22:41:28 +0200 Subject: [PATCH] sanitize htlm --- package.json | 2 + pnpm-lock.yaml | 76 ++++++++++++++++++++++++++++++++++++++ src/routes/+page.server.ts | 5 ++- 3 files changed, 82 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index e901ef6..04e8b75 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,7 @@ "@iconify-json/simple-icons": "^1.1.40", "@sveltejs/adapter-node": "1.0.0", "@sveltejs/kit": "1.0.1", + "@types/sanitize-html": "^2.8.0", "axios": "^1.2.2", "consola": "^2.15.3", "dayjs": "^1.11.7", @@ -21,6 +22,7 @@ "mdsvex": "^0.10.6", "prettier": "^2.8.1", "prettier-plugin-svelte": "^2.9.0", + "sanitize-html": "^2.8.1", "svelte": "^3.55.0", "svelte-check": "^3.0.1", "svelte-dark-mode": "^2.1.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 8177730..a4234b2 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -7,6 +7,7 @@ specifiers: '@iconify-json/simple-icons': ^1.1.40 '@sveltejs/adapter-node': 1.0.0 '@sveltejs/kit': 1.0.1 + '@types/sanitize-html': ^2.8.0 axios: ^1.2.2 consola: ^2.15.3 dayjs: ^1.11.7 @@ -17,6 +18,7 @@ specifiers: pg-hstore: ^2.3.4 prettier: ^2.8.1 prettier-plugin-svelte: ^2.9.0 + sanitize-html: ^2.8.1 sequelize: ^6.28.0 svelte: ^3.55.0 svelte-check: ^3.0.1 @@ -42,6 +44,7 @@ devDependencies: '@iconify-json/simple-icons': 1.1.40 '@sveltejs/adapter-node': 1.0.0_@sveltejs+kit@1.0.1 '@sveltejs/kit': 1.0.1_svelte@3.55.0+vite@4.0.3 + '@types/sanitize-html': 2.8.0 axios: 1.2.2 consola: 2.15.3 dayjs: 1.11.7 @@ -49,6 +52,7 @@ devDependencies: mdsvex: 0.10.6_svelte@3.55.0 prettier: 2.8.1 prettier-plugin-svelte: 2.9.0_ajxj753sv7dbwexjherrch25ta + sanitize-html: 2.8.1 svelte: 3.55.0 svelte-check: 3.0.1_svelte@3.55.0 svelte-dark-mode: 2.1.0 @@ -578,6 +582,12 @@ packages: resolution: {integrity: sha512-60BCwRFOZCQhDncwQdxxeOEEkbc5dIMccYLwbxsS4TUNeVECQ/pBJ0j09mrHOl/JJvpRPGwO9SvE4nR2Nb/a4Q==} dev: true + /@types/sanitize-html/2.8.0: + resolution: {integrity: sha512-Uih6caOm3DsBYnVGOYn0A9NoTNe1c4aPStmHC/YA2JrpP9kx//jzaRcIklFvSpvVQEcpl/ZCr4DgISSf/YxTvg==} + dependencies: + htmlparser2: 8.0.1 + dev: true + /@types/sass/1.43.1: resolution: {integrity: sha512-BPdoIt1lfJ6B7rw35ncdwBZrAssjcwzI5LByIrYs+tpXlj/CAkuVdRsgZDdP4lq5EjyWzwxZCqAoFyHKFwp32g==} dependencies: @@ -942,6 +952,33 @@ packages: - encoding dev: true + /dom-serializer/2.0.0: + resolution: {integrity: sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==} + dependencies: + domelementtype: 2.3.0 + domhandler: 5.0.3 + entities: 4.4.0 + dev: true + + /domelementtype/2.3.0: + resolution: {integrity: sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==} + dev: true + + /domhandler/5.0.3: + resolution: {integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==} + engines: {node: '>= 4'} + dependencies: + domelementtype: 2.3.0 + dev: true + + /domutils/3.0.1: + resolution: {integrity: sha512-z08c1l761iKhDFtfXO04C7kTdPBLi41zwOZl00WS8b5eiaebNpY00HKbztwBq+e3vyqWNwWF3mP9YLUeqIrF+Q==} + dependencies: + dom-serializer: 2.0.0 + domelementtype: 2.3.0 + domhandler: 5.0.3 + dev: true + /dottie/2.0.2: resolution: {integrity: sha512-fmrwR04lsniq/uSr8yikThDTrM7epXHBAAjH9TbeH3rEA8tdCO7mRzB9hdmdGyJCxF8KERo9CITcm3kGuoyMhg==} dev: false @@ -950,6 +987,11 @@ packages: resolution: {integrity: sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg==} dev: true + /entities/4.4.0: + resolution: {integrity: sha512-oYp7156SP8LkeGD0GF85ad1X9Ai79WtRsZ2gxJqtBuzH+98YUV6jkHEKlZkMbcrjJjIVJNIDP/3WL9wQkoPbWA==} + engines: {node: '>=0.12'} + dev: true + /es6-promise/3.3.1: resolution: {integrity: sha512-SOp9Phqvqn7jtEUxPWdWfWoLmyt2VaJ6MpvP9Comy1MceMXqE6bxvaTu4iaxpYYPzhny28Lc+M87/c2cPK6lDg==} dev: true @@ -983,6 +1025,11 @@ packages: '@esbuild/win32-ia32': 0.16.12 '@esbuild/win32-x64': 0.16.12 + /escape-string-regexp/4.0.0: + resolution: {integrity: sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==} + engines: {node: '>=10'} + dev: true + /esm-env/1.0.0: resolution: {integrity: sha512-Cf6VksWPsTuW01vU9Mk/3vRue91Zevka5SjyNf3nEpokFRuqt/KjUQoGAwq9qMmhpLTHmXzSIrFRw8zxWzmFBA==} @@ -1136,6 +1183,15 @@ packages: dependencies: function-bind: 1.1.1 + /htmlparser2/8.0.1: + resolution: {integrity: sha512-4lVbmc1diZC7GUJQtRQ5yBAeUCL1exyMwmForWkRLnwyzWBFxN633SALPMGYaWZvKe9j1pRZJpauvmxENSp/EA==} + dependencies: + domelementtype: 2.3.0 + domhandler: 5.0.3 + domutils: 3.0.1 + entities: 4.4.0 + dev: true + /human-signals/2.1.0: resolution: {integrity: sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==} engines: {node: '>=10.17.0'} @@ -1205,6 +1261,11 @@ packages: engines: {node: '>=0.12.0'} dev: true + /is-plain-object/5.0.0: + resolution: {integrity: sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==} + engines: {node: '>=0.10.0'} + dev: true + /is-reference/1.2.1: resolution: {integrity: sha512-U82MsXXiFIrjCK4otLT+o2NA2Cd2g5MLoOVXUZjIOhLurrRxpEXzI8O0KZHr3IjLvlAH1kTPYSuqer5T9ZVBKQ==} dependencies: @@ -1469,6 +1530,10 @@ packages: callsites: 3.1.0 dev: true + /parse-srcset/1.0.2: + resolution: {integrity: sha512-/2qh0lav6CmI15FzA3i/2Bzk2zCgQhGMkvhOhKNcBVQ1ldgpbfiNTVslmooUmWJcADi1f1kIeynbDRVzNlfR6Q==} + dev: true + /path-exists/4.0.0: resolution: {integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==} engines: {node: '>=8'} @@ -1710,6 +1775,17 @@ packages: rimraf: 2.7.1 dev: true + /sanitize-html/2.8.1: + resolution: {integrity: sha512-qK5neD0SaMxGwVv5txOYv05huC3o6ZAA4h5+7nJJgWMNFUNRjcjLO6FpwAtKzfKCZ0jrG6xTk6eVFskbvOGblg==} + dependencies: + deepmerge: 4.2.2 + escape-string-regexp: 4.0.0 + htmlparser2: 8.0.1 + is-plain-object: 5.0.0 + parse-srcset: 1.0.2 + postcss: 8.4.20 + dev: true + /schema-dts/0.8.3_typescript@4.9.4: resolution: {integrity: sha512-GSLeVkUgEe8DzS8/FGWou1wlC8tQ1KXA5amCqCIH/psUzF74fWswtT0QFlSoJLT08CYyixnc3S/lkAm+RExoLQ==} peerDependencies: diff --git a/src/routes/+page.server.ts b/src/routes/+page.server.ts index 67d8336..69a1727 100644 --- a/src/routes/+page.server.ts +++ b/src/routes/+page.server.ts @@ -1,5 +1,6 @@ import type { PageServerLoad } from "./$types"; import { compile } from "mdsvex"; +import sanitizeHtml from "sanitize-html"; import db from "$lib/db"; export const load: PageServerLoad = async () => { @@ -9,10 +10,12 @@ export const load: PageServerLoad = async () => { return docs.map((doc) => doc.get()); }); + const sanitizedContent = sanitizeHtml(data[0].title) + if (data.length !== 0 || data[0] !== undefined) { return { announcements: data[0], - content: compile(data[0]["title"]).then((compiled) => compiled?.code) + content: compile(sanitizedContent).then((compiled) => compiled?.code) } } };