package be.simplenotes.domain.security

import org.owasp.html.HtmlPolicyBuilder

internal object HtmlSanitizer {
    private val htmlPolicy = HtmlPolicyBuilder()
        .allowElements("a")
        .allowCommonBlockElements()
        .allowCommonInlineFormattingElements()
        .allowElements("pre")
        .allowAttributes("class").onElements("code")
        .allowUrlProtocols("http", "https")
        .allowAttributes("href").onElements("a")
        .allowElements("input")
        .allowAttributes("type", "checked", "disabled", "readonly").onElements("input")
        .requireRelNofollowOnLinks()
        .toFactory()!!

    fun sanitize(unsafeHtml: String) = htmlPolicy.sanitize(unsafeHtml)!!
}