Skip to content

Commit

Permalink
Minor refactoring
Browse files Browse the repository at this point in the history
Rename variables and remove a temporary one
  • Loading branch information
XhmikosR committed Sep 15, 2021
1 parent 1d484b5 commit de76ce6
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 23 deletions.
6 changes: 1 addition & 5 deletions js/src/util/focustrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,7 @@ class FocusTrap {
const { target } = event
const { trapElement } = this._config

if (
target === document ||
target === trapElement ||
trapElement.contains(target)
) {
if (target === document || target === trapElement || trapElement.contains(target)) {
return
}

Expand Down
35 changes: 17 additions & 18 deletions js/src/util/sanitizer.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* --------------------------------------------------------------------------
*/

const uriAttrs = new Set([
const uriAttributes = new Set([
'background',
'cite',
'href',
Expand All @@ -32,22 +32,22 @@ const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^#&/:?]*(?:[#/?]|
*/
const DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[\d+/a-z]+=*$/i

const allowedAttribute = (attr, allowedAttributeList) => {
const attrName = attr.nodeName.toLowerCase()
const allowedAttribute = (attribute, allowedAttributeList) => {
const attributeName = attribute.nodeName.toLowerCase()

if (allowedAttributeList.includes(attrName)) {
if (uriAttrs.has(attrName)) {
return Boolean(SAFE_URL_PATTERN.test(attr.nodeValue) || DATA_URL_PATTERN.test(attr.nodeValue))
if (allowedAttributeList.includes(attributeName)) {
if (uriAttributes.has(attributeName)) {
return Boolean(SAFE_URL_PATTERN.test(attribute.nodeValue) || DATA_URL_PATTERN.test(attribute.nodeValue))
}

return true
}

const regExp = allowedAttributeList.filter(attrRegex => attrRegex instanceof RegExp)
const regExp = allowedAttributeList.filter(attributeRegex => attributeRegex instanceof RegExp)

// Check if a regular expression validates the attribute.
for (let i = 0, len = regExp.length; i < len; i++) {
if (regExp[i].test(attrName)) {
if (regExp[i].test(attributeName)) {
return true
}
}
Expand Down Expand Up @@ -100,25 +100,24 @@ export function sanitizeHtml(unsafeHtml, allowList, sanitizeFn) {

const domParser = new window.DOMParser()
const createdDocument = domParser.parseFromString(unsafeHtml, 'text/html')
const allowlistKeys = Object.keys(allowList)
const elements = [].concat(...createdDocument.body.querySelectorAll('*'))

for (let i = 0, len = elements.length; i < len; i++) {
const el = elements[i]
const elName = el.nodeName.toLowerCase()
const element = elements[i]
const elementName = element.nodeName.toLowerCase()

if (!allowlistKeys.includes(elName)) {
el.remove()
if (!Object.keys(allowList).includes(elementName)) {
element.remove()

continue
}

const attributeList = [].concat(...el.attributes)
const allowedAttributes = [].concat(allowList['*'] || [], allowList[elName] || [])
const attributeList = [].concat(...element.attributes)
const allowedAttributes = [].concat(allowList['*'] || [], allowList[elementName] || [])

attributeList.forEach(attr => {
if (!allowedAttribute(attr, allowedAttributes)) {
el.removeAttribute(attr.nodeName)
attributeList.forEach(attribute => {
if (!allowedAttribute(attribute, allowedAttributes)) {
element.removeAttribute(attribute.nodeName)
}
})
}
Expand Down

0 comments on commit de76ce6

Please sign in to comment.