21 lines
705 B
Kotlin
21 lines
705 B
Kotlin
package be.simplenotes.domain.security
|
|
|
|
import org.owasp.html.HtmlPolicyBuilder
|
|
|
|
internal object HtmlSanitizer {
|
|
private val htmlPolicy = HtmlPolicyBuilder()
|
|
.allowElements("a")
|
|
.allowCommonBlockElements()
|
|
.allowCommonInlineFormattingElements()
|
|
.allowElements("pre")
|
|
.allowAttributes("class").onElements("code")
|
|
.allowUrlProtocols("http", "https")
|
|
.allowAttributes("href").onElements("a")
|
|
.allowElements("input")
|
|
.allowAttributes("type", "checked", "disabled", "readonly").onElements("input")
|
|
.requireRelNofollowOnLinks()
|
|
.toFactory()!!
|
|
|
|
fun sanitize(unsafeHtml: String) = htmlPolicy.sanitize(unsafeHtml)!!
|
|
}
|