cds-videos/cds/modules/theme/assets/bootstrap3/js/cds_deposit/ckeditor-sanitizer.js at 2e03a8452c21bc4699a62997bdfb102398b320a4 · zubeydecivelek/cds-videos · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
/**
 * CKEditor HTML Sanitizer
 * Sanitizes HTML content using DOMPurify to prevent XSS attacks
 */
import DOMPurify from "dompurify";

// Sanitization config - matches backend allowed tags
var sanitizeConfig = {
  ALLOWED_TAGS: [
    "a",
    "abbr",
    "acronym",
    "b",
    "blockquote",
    "br",
    "code",
    "col",
    "colgroup",
    "div",
    "table",
    "tbody",
    "tfoot",
    "thead",
    "td",
    "th",
    "tr",
    "em",
    "h1",
    "h2",
    "h3",
    "h4",
    "h5",
    "i",
    "li",
    "ol",
    "p",
    "pre",
    "s",
    "span",
    "strike",
    "strong",
    "sub",
    "sup",
    "u",
    "ul",
  ],
  ALLOWED_ATTR: ["style", "dir", "lang", "color"],
  ALLOW_STYLE: true,
  ALLOW_DATA_ATTR: false,
};

function sanitizeHtml(html) {
  if (!html || typeof html !== "string") {
    return html;
  }
  return DOMPurify.sanitize(html, sanitizeConfig);
}

// Initialize sanitization when CKEditor instances are ready
if (typeof window !== "undefined" && window.CKEDITOR) {
  window.CKEDITOR.on("instanceReady", function (ev) {
    var editor = ev.editor;

    // Store original getData method
    var originalGetData = editor.getData;

    // Sanitize when content is retrieved (before saving)
    editor.getData = function (noEvents) {
      var data = originalGetData.call(this, noEvents);
      if (data) {
        return sanitizeHtml(data);
      }
      return data;
    };
  });
}