38 lines
1.1 KiB
JavaScript
38 lines
1.1 KiB
JavaScript
|
module.exports = {
|
||
|
|
//sanitizeHtml: {
|
||
|
|
// allowedTags: [],
|
||
|
|
// allowedAttributes: {},
|
||
|
|
// allowedClasses: {}
|
||
|
|
//}
|
||
|
|
sanitizeHtml: {
|
||
|
|
allowedTags: [ 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol',
|
||
|
|
'li', 'b', 'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div',
|
||
|
|
'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre',
|
||
|
|
'sup', 'sub', 'span'
|
||
|
|
],
|
||
|
|
allowedClasses: {
|
||
|
|
'p': ['highlighted'],
|
||
|
|
'div': ['highlighted']
|
||
|
|
},
|
||
|
|
allowedAttributes: {
|
||
|
|
'*': ['style', 'class'],
|
||
|
|
p: ['class'],
|
||
|
|
div: ['class', 'style'],
|
||
|
|
a: [ 'href', 'name', 'target' ],
|
||
|
|
// We don't currently allow img itself by default, but this
|
||
|
|
// would make sense if we did
|
||
|
|
img: [ 'src' ]
|
||
|
|
},
|
||
|
|
//allowedAttributes: {},
|
||
|
|
//allowedTags: false,
|
||
|
|
//allowedAttributes: false,
|
||
|
|
//allowedClasses: false,
|
||
|
|
// Lots of these won't come up by default because we don't allow them
|
||
|
|
selfClosing: [ 'img', 'br', 'hr', 'area', 'base', 'basefont',
|
||
|
|
'input', 'link', 'meta' ],
|
||
|
|
// URL schemes we permit
|
||
|
|
allowedSchemes: [ 'http', 'https', 'ftp', 'mailto' ],
|
||
|
|
allowedSchemesByTag: {}
|
||
|
|
}
|
||
|
|
}
|