diff --git a/packages/app-cli/tests/md_to_html/sanitize_19.html b/packages/app-cli/tests/md_to_html/sanitize_19.html new file mode 100644 index 000000000..21d2c11a7 --- /dev/null +++ b/packages/app-cli/tests/md_to_html/sanitize_19.html @@ -0,0 +1 @@ +
This is a comment we would like to keep
\ No newline at end of file diff --git a/packages/app-cli/tests/md_to_html/sanitize_19.md b/packages/app-cli/tests/md_to_html/sanitize_19.md new file mode 100644 index 000000000..5ea991f8c --- /dev/null +++ b/packages/app-cli/tests/md_to_html/sanitize_19.md @@ -0,0 +1 @@ +
This is a comment we would like to keep
\ No newline at end of file diff --git a/packages/renderer/htmlUtils.ts b/packages/renderer/htmlUtils.ts index 909ff8387..c2fbdb202 100644 --- a/packages/renderer/htmlUtils.ts +++ b/packages/renderer/htmlUtils.ts @@ -223,7 +223,7 @@ class HtmlUtils { // to disable them. SVG graphics are still supported via the IMG tag. const disallowedTags = [ 'script', 'iframe', 'frameset', 'frame', 'object', 'base', - 'embed', 'link', 'meta', 'noscript', 'button', 'form', + 'embed', 'link', 'meta', 'noscript', 'button', 'input', 'select', 'textarea', 'option', 'optgroup', 'svg', @@ -233,6 +233,14 @@ class HtmlUtils { 'map', 'area', ]; + // Certain tags should not be rendered, however unlike for the disallowed tags, we want to + // keep their content. For example the FORM tag may sometimes wrap relevant content so we + // want to keep that content, but we don't want to keep the FORM tag itself. In that case we + // simply replace it with a DIV tag. + const replaceWithDivTags = [ + 'form', + ]; + const parser = new htmlparser2.Parser({ onopentag: (name: string, attrs: Record) => { @@ -249,6 +257,11 @@ class HtmlUtils { if (disallowedTagDepth) return; + if (replaceWithDivTags.includes(currentTag())) { + output.push('
'); + return; + } + attrs = { ...attrs }; // Remove all the attributes that start with "on", which @@ -342,6 +355,11 @@ class HtmlUtils { if (disallowedTagDepth) return; + if (replaceWithDivTags.includes(currentTag())) { + output.push('
'); + return; + } + if (isSelfClosingTag(name)) return; output.push(``); },