Squire sanitizeToDOMFragment use cleanHTML

2026-06-26 08:16:44 +03:00 · 2024-09-30 17:01:50 +02:00 · 2024-09-30 17:01:50 +02:00 · f43c2c92b5
commit f43c2c92b5
parent beb418080f
2 changed files with 9 additions and 31 deletions
--- a/dev/Common/Html.js
+++ b/dev/Common/Html.js
@ -23,7 +23,7 @@ const
 		// Structural Elements:
 		'blockquote','br','div','figcaption','figure','h1','h2','h3','h4','h5','h6','hgroup','hr','p','wbr',
 		'article','aside','header','footer','main','section',
-		'details','summary',
+		'details','summary','nav',
 		// List Elements
 		'dd','dl','dt','li','ol','ul',
 		// Text Formatting Elements
@ -282,6 +282,8 @@ export const
 				'abbr', 'scope',
 				// td
 				'colspan', 'rowspan', 'headers'
+				// others
+				//'class', 'id', 'target'
 			];

 		if (SettingsUserStore.allowStyles()) {
@ -332,7 +334,7 @@ export const
 		tmpl.content.querySelectorAll(keepTagContent).forEach(oElement => replaceWithChildren(oElement));

 		tmpl.content.querySelectorAll(
-			':not('+allowedTags+')'
+			':not('+allowedTags+'),a:empty,span:empty'
 			+ (0 < bqLevel ? ',' + (new Array(1 + bqLevel).fill('blockquote').join(' ')) : '')
 		).forEach(oElement => oElement.remove());
 /*		// Is this slower or faster?
@ -356,7 +358,7 @@ export const
 			});
 */

-		[...tmpl.content.querySelectorAll('*')].forEach(oElement => {
+		msgId && [...tmpl.content.querySelectorAll('*')].forEach(oElement => {
 			const name = oElement.tagName,
 				oStyle = oElement.style;

@ -631,7 +633,7 @@ export const
 			}
 		});

-		blockquoteSwitcher();
+		msgId && blockquoteSwitcher();

 //		return tmpl.content.firstChild;
 		result.html = tmpl.innerHTML.trim();
@ -819,6 +821,7 @@ export const
 	};

 rl.Utils = {
+	cleanHtml: cleanHtml,
 	htmlToPlain: htmlToPlain,
 	plainToHtml: plainToHtml,
 	htmlToMarkdown: htmlToMarkdown
--- a/dev/External/SquireUI.js
+++ b/dev/External/SquireUI.js
@ -3,10 +3,6 @@
 (doc => {

 const
-	removeElements = 'HEAD,LINK,META,NOSCRIPT,SCRIPT,TEMPLATE,TITLE',
-	allowedElements = 'A,B,BLOCKQUOTE,BR,DIV,FONT,H1,H2,H3,H4,H5,H6,HR,IMG,LI,OL,P,SPAN,STRONG,TABLE,TD,TH,TR,U,UL',
-	allowedAttributes = 'abbr,align,background,bgcolor,border,cellpadding,cellspacing,class,color,colspan,dir,face,frame,height,href,hspace,id,lang,rowspan,rules,scope,size,src,style,target,type,usemap,valign,vspace,width'.split(','),
-
 	i18n = (str, def) => rl.i18n(str) || def,

 	ctrlKey = shortcuts.getMetaKey() + ' + ',
@ -21,38 +17,17 @@ const

 	forEachObjectValue = (obj, fn) => Object.values(obj).forEach(fn),

-	getFragmentOfChildren = parent => {
-		let frag = doc.createDocumentFragment();
-		frag.append(...parent.childNodes);
-		return frag;
-	},
-
 	SquireDefaultConfig = {
 /*
 		addLinks: true // allow_smart_html_links
 */
 		sanitizeToDOMFragment: (html, isPaste/*, squire*/) => {
-			tpl.innerHTML = (html||'')
+			html = (html||'')
 				.replace(/<\/?(BODY|HTML)[^>]*>/gi,'')
 				.replace(/<!--[^>]+-->/g,'')
 				.replace(/<span[^>]*>\s*<\/span>/gi,'')
 				.trim();
-			tpl.querySelectorAll('a:empty,span:empty').forEach(el => el.remove());
-			if (isPaste) {
-				tpl.querySelectorAll(removeElements).forEach(el => el.remove());
-				tpl.querySelectorAll('*').forEach(el => {
-					if (!el.matches(allowedElements)) {
-						el.replaceWith(getFragmentOfChildren(el));
-					} else if (el.hasAttributes()) {
-						[...el.attributes].forEach(attr => {
-							let name = attr.name.toLowerCase();
-							if (!allowedAttributes.includes(name)) {
-								el.removeAttribute(name);
-							}
-						});
-					}
-				});
-			}
+			tpl.innerHTML =  isPaste ? rl.Utils.cleanHtml(html).html : html;
 			return tpl.content;
 		}
 	};