agtic/keycloak_theme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use textarea on client for decode

Browse Source
This commit is contained in:
uchar
2024-09-18 11:13:49 +03:30
parent 7e6a84ce19
commit 66b480f837
2 changed files with 241 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/tools/kcSanitize/KcSanitizer.ts
View File

@ -1,26 +1,44 @@
import { KcSanitizerPolicy } from "keycloakify/tools/kcSanitize/KcSanitizerPolicy";
import { decode } from "html-entities";
// implementation of keycloak java sanitize method ( KeycloakSanitizerMethod )
// https://github.com/keycloak/keycloak/blob/8ce8a4ba089eef25a0e01f58e09890399477b9ef/services/src/main/java/org/keycloak/theme/KeycloakSanitizerMethod.java#L33
export class KcSanitizer {
private static HREF_PATTERN = /\s+href="([^"]*)"/g;
private static textarea: HTMLTextAreaElement | null = null;
public static sanitize(html: string | null): string {
public static async sanitize(html: string | null): Promise<string> {
if (html == null) {
throw new Error("Cannot escape null value.");
}
if (html === "") return "";
html = this.decodeHtmlFull(html);
html = await this.decodeHtmlFull(html);
const sanitized = KcSanitizerPolicy.sanitize(html);
return this.fixURLs(sanitized);
}
private static decodeHtmlFull(html: string): string {
private static async decodeHtmlFull(html: string): Promise<string> {
if (typeof window !== "undefined" && typeof document !== "undefined") {
return KcSanitizer.decodeHtmlOnClient(html);
} else {
return await KcSanitizer.decodeHtmlOnServer(html);
}
}
private static async decodeHtmlOnServer(html: string): Promise<string> {
// Dynamically import html-entities only on the server side
const { decode } = await import("html-entities");
return decode(html);
}
private static decodeHtmlOnClient(html: string): string {
if (!KcSanitizer.textarea) {
KcSanitizer.textarea = document.createElement("textarea");
}
KcSanitizer.textarea.innerHTML = html;
return KcSanitizer.textarea.value;
}
// This will remove unwanted characters from url
private static fixURLs(msg: string): string {
const HREF_PATTERN = this.HREF_PATTERN;