张翔
fecbfd1990
refactor: 优化代码健壮性和类型安全 style: 更新字体样式和全局CSS fix: 修复IntersectionObserver潜在空引用问题 chore: 更新依赖和ESLint配置 build: 更新构建ID和路由配置
43 lines
1006 B
TypeScript
43 lines
1006 B
TypeScript
import DOMPurify from 'dompurify';
|
|
|
|
export function sanitizeHTML(dirty: string): string {
|
|
return DOMPurify.sanitize(dirty, {
|
|
ALLOWED_TAGS: ['b', 'i', 'em', 'strong', 'a', 'p', 'br'],
|
|
ALLOWED_ATTR: ['href', 'title', 'target', 'rel'],
|
|
ALLOW_DATA_ATTR: false,
|
|
});
|
|
}
|
|
|
|
export function sanitizeInput(input: string): string {
|
|
return DOMPurify.sanitize(input, {
|
|
ALLOWED_TAGS: [],
|
|
ALLOWED_ATTR: [],
|
|
});
|
|
}
|
|
|
|
export function sanitizeURL(url: string): string {
|
|
const sanitized = DOMPurify.sanitize(url, {
|
|
ALLOWED_TAGS: [],
|
|
ALLOWED_ATTR: [],
|
|
});
|
|
|
|
if (sanitized.startsWith('http://') || sanitized.startsWith('https://') || sanitized.startsWith('mailto:')) {
|
|
return sanitized;
|
|
}
|
|
|
|
return '';
|
|
}
|
|
|
|
export function escapeHTML(str: string): string {
|
|
const map: Record<string, string> = {
|
|
'&': '&',
|
|
'<': '<',
|
|
'>': '>',
|
|
'"': '"',
|
|
"'": ''',
|
|
'/': '/',
|
|
};
|
|
|
|
return str.replace(/[&<>"'/]/g, (char) => map[char] ?? char);
|
|
}
|