Compare revisions

Bruno Boiget · Bruno Boiget · Joël Cuissinat · semantic-release-bot · 1f7b6e99 · 1f7b6e99
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
 # Changelog

+### [1.8.1](https://gitlab.mim-libre.fr/alphabet/laboite-blog-front/compare/release/1.8.0...release/1.8.1) (2023-10-02)
+
+
+### Bug Fixes
+
+* **articles:** adjust sanitizeHtml parameters for articles ([1e5f84f](https://gitlab.mim-libre.fr/alphabet/laboite-blog-front/commit/1e5f84f4d7ddba37a891c2cee3c72bf2bb69d515))
+* **articles:** allow embedded videos in articles ([2de64d0](https://gitlab.mim-libre.fr/alphabet/laboite-blog-front/commit/2de64d0dcbaf2001fb0d0aff914c3628c86eb689))
+
 ## [1.8.0](https://gitlab.mim-libre.fr/alphabet/laboite-blog-front/compare/release/1.7.0...release/1.8.0) (2023-08-24)



--- a/package.json
+++ b/package.json
 {
  "name": "laboite-blog-front",
  "description": "laboite blog service frontend",
-  "version": "1.8.0",
+  "version": "1.8.1",
  "license": "EUPL-1.2",
  "author": "EOLE/PCLL <team@eole.education> - DINUM",
  "type": "module",

--- a/src/routes/articles/[slug]/+page.svelte
+++ b/src/routes/articles/[slug]/+page.svelte
@@ -8,6 +8,7 @@
  import SingleTag from '../../../components/common/SingleTag.svelte';
  import FavoritesButton from '../../../components/common/FavoritesButton.svelte';
  import {articlesRead} from '../../../utils/functions/stores';
+  import sanitizeParameters from '../../../utils/sanitize';
  import NoResults from '../../../components/common/NoResults.svelte';
  let MarkdownViewer;

@@ -92,7 +93,7 @@
              />
            {:else}
              <div class="quill-editor">
-                {@html sanitizeHtml(data.article.content)}
+                {@html sanitizeHtml(data.article.content, sanitizeParameters)}
              </div>
            {/if}
          </div>

--- a/src/utils/sanitize.js
+++ b/src/utils/sanitize.js
+import sanitizeHtml from 'sanitize-html';
+
+// allow iframes for embedded videos in blog articles
+export const sanitizeParameters = {
+  allowedTags: sanitizeHtml.defaults.allowedTags.concat([
+    'iframe',
+    'img',
+    'audio',
+    'video',
+  ]),
+  allowedAttributes: {
+    ...sanitizeHtml.defaults.allowedAttributes,
+    iframe: ['src', 'frameborder', 'allowfullscreen'],
+    span: ['contenteditable'],
+    audio: ['preload', 'controls', 'src'],
+    video: ['preload', 'controls', 'src', 'width'],
+    a: ['href', 'name', 'target', 'rel'],
+  },
+  allowedClasses: {
+    ...sanitizeHtml.defaults.allowedClasses,
+    iframe: ['ql-video'],
+    div: [
+      'embed-audio',
+      'audio-wrapper',
+      'embed-responsive',
+      'webcam-video-wrapper',
+    ],
+    audio: ['embed-responsive-audio-item'],
+    video: ['embed-responsive-item'],
+    p: ['ql-indent-*'],
+  },
+};
+
+export default sanitizeParameters;
No results found