Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

Stripped all HTML except <p> and <br> when saving comments

Browse source 
refs https://github.com/TryGhost/Team/issues/1664
This commit is contained in:
Kevin Ansfield 2022-07-07 12:23:23 +02:00 committed by Simon Backx
parent 38eb755056
commit 379771ccc7
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
core/server/models/comment.js
View file

@ -44,6 +44,19 @@ const Comment = ghostBookshelf.Model.extend({
ghostBookshelf.Model.prototype.emitChange.bind(this)(this, eventToTrigger, options);
},
onSaving() {
ghostBookshelf.Model.prototype.onSaving.apply(this, arguments);
if (this.hasChanged('html')) {
const sanitizeHtml = require('sanitize-html');
this.set('html', sanitizeHtml(this.get('html'), {
allowedTags: ['p', 'br'],
selfClosing: ['br']
}));
}
},
onCreated: function onCreated(model, options) {
ghostBookshelf.Model.prototype.onCreated.apply(this, arguments);