mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-13 22:41:32 -05:00
d895238571
closes #3387 - added placeholder for <script> and <iframe> - added google-caja sanitizer - changed title in posts overview to ‚double-stash‘
18 lines
No EOL
716 B
JavaScript
18 lines
No EOL
716 B
JavaScript
/* global Handlebars, html_sanitize*/
|
|
import cajaSanitizers from 'ghost/utils/caja-sanitizers';
|
|
|
|
var formatHTML = Ember.Handlebars.makeBoundHelper(function (html) {
|
|
var escapedhtml = html || '';
|
|
|
|
// replace script and iFrame
|
|
escapedhtml = escapedhtml.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,
|
|
'<pre><code>Embedded JavaScript</code></pre>');
|
|
escapedhtml = escapedhtml.replace(/<iframe\b[^<]*(?:(?!<\/iframe>)<[^<]*)*<\/iframe>/gi,
|
|
'<pre><code>Embedded IFrame</code></pre>');
|
|
|
|
// sanitize HTML
|
|
escapedhtml = html_sanitize(escapedhtml, cajaSanitizers.url, cajaSanitizers.id);
|
|
return new Handlebars.SafeString(escapedhtml);
|
|
});
|
|
|
|
export default formatHTML; |