Publication IA: - 4 templates (magazine, brief, essay, simple) avec CSS riche - Rewrite IA (article/exercises/tutorial/reference/mixed) - Modération avec timeout 12s + fallback safe - Quotas publish_enhance par tier (basic=2, pro=15, business=100) - Détection contenu stale (hash) - Migration DB publishedContent/publishedTemplate/publishedSourceHash Fixes: - cheerio v1.2: Element -> AnyNode (domhandler), decodeEntities cast - _isShared ajouté au type Note (champ virtuel serveur) - callout colors PDF export: extraction fonction pure testable - admin/published: guard note.userId null - Cmd+S fonctionne en mode dialog (pas seulement fullPage) i18n: - 23 clés publish* traduites dans les 15 locales - Extension Web Clipper: 13 locales mise à jour Tests: - callout-colors.test.ts (6 tests) - note-visible-in-view.test.ts (5 tests) - entitlements.test.ts + byok-entitlements.test.ts: mock usageLog + unstubAllEnvs - 199/199 tests passent Tracker: user-stories.md sync avec sprint-status.yaml
56 lines
2.1 KiB
TypeScript
56 lines
2.1 KiB
TypeScript
import DOMPurify from 'isomorphic-dompurify'
|
|
|
|
const SVG_SANITIZE_CONFIG = {
|
|
USE_PROFILES: { svg: true, svgFilters: true },
|
|
ADD_TAGS: [
|
|
'use', 'defs', 'linearGradient', 'radialGradient', 'stop',
|
|
'filter', 'feDropShadow', 'feGaussianBlur', 'feBlend', 'feComposite',
|
|
'feMerge', 'feMergeNode', 'feColorMatrix', 'feOffset', 'feTurbulence',
|
|
'feDisplacementMap', 'clipPath', 'mask', 'pattern', 'symbol', 'marker',
|
|
],
|
|
ADD_ATTR: [
|
|
'viewBox', 'xmlns', 'preserveAspectRatio',
|
|
'gradientUnits', 'gradientTransform', 'spreadMethod',
|
|
'offset', 'stop-color', 'stop-opacity',
|
|
'x', 'y', 'width', 'height', 'fill', 'stroke', 'stroke-width',
|
|
'opacity', 'transform', 'd', 'cx', 'cy', 'r', 'rx', 'ry',
|
|
'x1', 'y1', 'x2', 'y2', 'points', 'class', 'id', 'href', 'xlink:href',
|
|
],
|
|
} as const
|
|
|
|
export function sanitizeIllustrationSvg(svg: string): string {
|
|
if (!svg) return ''
|
|
return DOMPurify.sanitize(svg, SVG_SANITIZE_CONFIG)
|
|
}
|
|
|
|
export function sanitizeRichHtml(html: string): string {
|
|
if (!html) return ''
|
|
return DOMPurify.sanitize(html, { USE_PROFILES: { html: true } })
|
|
}
|
|
|
|
/** Sanitisation pages publiées — préserve le HTML généré par KaTeX (MathML + spans). */
|
|
const KATEX_MATH_TAGS = [
|
|
'math', 'semantics', 'mrow', 'mi', 'mo', 'mn', 'msup', 'msub', 'mfrac', 'msqrt',
|
|
'mroot', 'mtext', 'mspace', 'mstyle', 'mpadded', 'mphantom', 'menclose',
|
|
'mover', 'munder', 'munderover', 'mtable', 'mtr', 'mtd', 'mlabeledtr',
|
|
'annotation', 'maligngroup', 'malignmark',
|
|
] as const
|
|
|
|
const KATEX_MATH_ATTR = [
|
|
'xmlns', 'display', 'mathvariant', 'mathsize', 'mathcolor', 'dir',
|
|
'columnalign', 'rowalign', 'columnspacing', 'rowspacing', 'stretchy',
|
|
'symmetric', 'maxsize', 'minsize', 'largeop', 'movablelimits', 'accent',
|
|
'accentunder', 'fence', 'separator', 'lspace', 'rspace', 'depth', 'height',
|
|
'width', 'displaystyle', 'scriptlevel', 'class', 'style', 'aria-hidden',
|
|
'encoding', 'data-latex',
|
|
] as const
|
|
|
|
export function sanitizePublishedHtml(html: string): string {
|
|
if (!html) return ''
|
|
return DOMPurify.sanitize(html, {
|
|
USE_PROFILES: { html: true },
|
|
ADD_TAGS: [...KATEX_MATH_TAGS],
|
|
ADD_ATTR: [...KATEX_MATH_ATTR],
|
|
})
|
|
}
|