Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

Added <a> to comment html sanitizer

Browse source 
refs https://github.com/TryGhost/Team/issues/1664
This commit is contained in:
Simon Backx 2022-07-07 17:58:36 +02:00 committed by Simon Backx
parent 903b8a1105
commit 9893147d58
1 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
core/server/models/comment.js
View file

@ -51,8 +51,18 @@ const Comment = ghostBookshelf.Model.extend({
const sanitizeHtml = require('sanitize-html');
this.set('html', sanitizeHtml(this.get('html'), {
allowedTags: ['p', 'br'],
selfClosing: ['br']
allowedTags: ['p', 'br', 'a'],
allowedAttributes: {
a: ['href', 'target', 'rel']
},
selfClosing: ['br'],
// Enforce _blank and safe URLs
transformTags: {
a: sanitizeHtml.simpleTransform('a', {
target: '_blank',
rel: 'ugc noopener noreferrer nofollow'
})
}
}));
}
},