« get me outta code hell

content: linkTemplate: strip <a> tags from content - hsmusic-wiki - HSMusic - static wiki software cataloguing collaborative creation
about summary refs log tree commit diff
diff options
context:
space:
mode:
author(quasar) nebula <qznebula@protonmail.com>2023-08-20 22:06:17 -0300
committer(quasar) nebula <qznebula@protonmail.com>2023-08-20 22:07:50 -0300
commit93fd751aeb3a9c0b60889db0073e7907c87f90fe (patch)
treedbf9efedc019a0ce27d37eb40e92922efee2e3f7
parent040e0d3a1d3890f7c45e2839ca949d353a160efc (diff)
content: linkTemplate: strip <a> tags from content
-rw-r--r--package-lock.json11
-rw-r--r--package.json1
-rw-r--r--src/content/dependencies/linkTemplate.js21
-rw-r--r--tap-snapshots/test/snapshot/linkTemplate.js.test.cjs10
-rw-r--r--test/snapshot/linkTemplate.js15
5 files changed, 50 insertions, 8 deletions
diff --git a/package-lock.json b/package-lock.json
index 49852903..d9ab5cd1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15,6 +15,7 @@
                 "he": "^1.2.0",
                 "js-yaml": "^4.1.0",
                 "marked": "^5.0.2",
+                "striptags": "^4.0.0-alpha.4",
                 "word-wrap": "^1.2.3"
             },
             "bin": {
@@ -2632,6 +2633,11 @@
                 "url": "https://github.com/sponsors/sindresorhus"
             }
         },
+        "node_modules/striptags": {
+            "version": "4.0.0-alpha.4",
+            "resolved": "https://registry.npmjs.org/striptags/-/striptags-4.0.0-alpha.4.tgz",
+            "integrity": "sha512-/0jWyVWhpg9ciRHfjKYBpMHXct/HrFRfsR2HU77nGPbc8SPcVSIHZlZR/0TG3MyPq2C+HiHuwx8BlbcdI/cNbw=="
+        },
         "node_modules/supports-color": {
             "version": "7.2.0",
             "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
@@ -6863,6 +6869,11 @@
             "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz",
             "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig=="
         },
+        "striptags": {
+            "version": "4.0.0-alpha.4",
+            "resolved": "https://registry.npmjs.org/striptags/-/striptags-4.0.0-alpha.4.tgz",
+            "integrity": "sha512-/0jWyVWhpg9ciRHfjKYBpMHXct/HrFRfsR2HU77nGPbc8SPcVSIHZlZR/0TG3MyPq2C+HiHuwx8BlbcdI/cNbw=="
+        },
         "supports-color": {
             "version": "7.2.0",
             "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
diff --git a/package.json b/package.json
index b9b89437..02789a76 100644
--- a/package.json
+++ b/package.json
@@ -40,6 +40,7 @@
         "he": "^1.2.0",
         "js-yaml": "^4.1.0",
         "marked": "^5.0.2",
+        "striptags": "^4.0.0-alpha.4",
         "word-wrap": "^1.2.3"
     },
     "license": "GPL-3.0",
diff --git a/src/content/dependencies/linkTemplate.js b/src/content/dependencies/linkTemplate.js
index ed88cacf..1cf64c59 100644
--- a/src/content/dependencies/linkTemplate.js
+++ b/src/content/dependencies/linkTemplate.js
@@ -1,5 +1,7 @@
 import {empty} from '#sugar';
 
+import striptags from 'striptags';
+
 export default {
   extraDependencies: [
     'appendIndexHTML',
@@ -59,15 +61,18 @@ export default {
       title = slots.tooltip;
     }
 
-    return html.tag('a',
-      {
-        ...slots.attributes ?? {},
-        href,
-        style,
-        title,
-      },
+    const content =
       (html.isBlank(slots.content)
         ? language.$('misc.missingLinkContent')
-        : slots.content));
+        : striptags(html.resolve(slots.content, {normalize: 'string'}), {
+            disallowedTags: new Set(['a']),
+          }));
+
+    return html.tag('a', {
+      ...slots.attributes ?? {},
+      href,
+      style,
+      title,
+    }, content);
   },
 }
diff --git a/tap-snapshots/test/snapshot/linkTemplate.js.test.cjs b/tap-snapshots/test/snapshot/linkTemplate.js.test.cjs
index e9d22ba5..45a9e616 100644
--- a/tap-snapshots/test/snapshot/linkTemplate.js.test.cjs
+++ b/tap-snapshots/test/snapshot/linkTemplate.js.test.cjs
@@ -13,6 +13,16 @@ exports[`test/snapshot/linkTemplate.js TAP linkTemplate (snapshot) > fill path s
 <a href="/c*lzone/myCoolPath/ham/pineapple/tomato/index.html">delish</a>
 `
 
+exports[`test/snapshot/linkTemplate.js TAP linkTemplate (snapshot) > link in content 1`] = `
+<a href="#the-more-ye-know">
+    Oh geez oh heck
+    There's a link in here!!
+    But here's <b>a normal tag.</b>
+    <div>Gotta keep them normal tags.</div>
+    <div>But not... NESTED LINKS, OOO.</div>
+</a>
+`
+
 exports[`test/snapshot/linkTemplate.js TAP linkTemplate (snapshot) > missing content 1`] = `
 <a href="banana">(Missing link content)</a>
 `
diff --git a/test/snapshot/linkTemplate.js b/test/snapshot/linkTemplate.js
index bdb91216..7351a102 100644
--- a/test/snapshot/linkTemplate.js
+++ b/test/snapshot/linkTemplate.js
@@ -1,4 +1,5 @@
 import t from 'tap';
+import * as html from '#html';
 import {testContentFunctions} from '#test-lib';
 
 testContentFunctions(t, 'linkTemplate (snapshot)', async (t, evaluate) => {
@@ -50,4 +51,18 @@ testContentFunctions(t, 'linkTemplate (snapshot)', async (t, evaluate) => {
     name: 'linkTemplate',
     slots: {href: 'banana'},
   });
+
+  evaluate.snapshot('link in content', {
+    name: 'linkTemplate',
+    slots: {
+      hash: 'the-more-ye-know',
+      content: [
+        `Oh geez oh heck`,
+        html.tag('a', {href: 'dogs'}, `There's a link in here!!`),
+        `But here's <b>a normal tag.</b>`,
+        html.tag('div', `Gotta keep them normal tags.`),
+        html.tag('div', `But not... <a href="#">NESTED LINKS, OOO.</a>`),
+      ],
+    },
+  });
 });