Files
Momento/memento-note/lib/sanitize-content.ts
Antigravity 96e7902f01
Some checks failed
CI / Lint, Unit Tests & Build (push) Failing after 1m22s
CI / Deploy production (on server) (push) Has been skipped
feat: publication IA (magazine/brief/essay) + fixes critique
Publication IA:
- 4 templates (magazine, brief, essay, simple) avec CSS riche
- Rewrite IA (article/exercises/tutorial/reference/mixed)
- Modération avec timeout 12s + fallback safe
- Quotas publish_enhance par tier (basic=2, pro=15, business=100)
- Détection contenu stale (hash)
- Migration DB publishedContent/publishedTemplate/publishedSourceHash

Fixes:
- cheerio v1.2: Element -> AnyNode (domhandler), decodeEntities cast
- _isShared ajouté au type Note (champ virtuel serveur)
- callout colors PDF export: extraction fonction pure testable
- admin/published: guard note.userId null
- Cmd+S fonctionne en mode dialog (pas seulement fullPage)

i18n:
- 23 clés publish* traduites dans les 15 locales
- Extension Web Clipper: 13 locales mise à jour

Tests:
- callout-colors.test.ts (6 tests)
- note-visible-in-view.test.ts (5 tests)
- entitlements.test.ts + byok-entitlements.test.ts: mock usageLog + unstubAllEnvs
- 199/199 tests passent

Tracker: user-stories.md sync avec sprint-status.yaml
2026-06-28 07:32:57 +00:00

56 lines
2.1 KiB
TypeScript

import DOMPurify from 'isomorphic-dompurify'
const SVG_SANITIZE_CONFIG = {
USE_PROFILES: { svg: true, svgFilters: true },
ADD_TAGS: [
'use', 'defs', 'linearGradient', 'radialGradient', 'stop',
'filter', 'feDropShadow', 'feGaussianBlur', 'feBlend', 'feComposite',
'feMerge', 'feMergeNode', 'feColorMatrix', 'feOffset', 'feTurbulence',
'feDisplacementMap', 'clipPath', 'mask', 'pattern', 'symbol', 'marker',
],
ADD_ATTR: [
'viewBox', 'xmlns', 'preserveAspectRatio',
'gradientUnits', 'gradientTransform', 'spreadMethod',
'offset', 'stop-color', 'stop-opacity',
'x', 'y', 'width', 'height', 'fill', 'stroke', 'stroke-width',
'opacity', 'transform', 'd', 'cx', 'cy', 'r', 'rx', 'ry',
'x1', 'y1', 'x2', 'y2', 'points', 'class', 'id', 'href', 'xlink:href',
],
} as const
export function sanitizeIllustrationSvg(svg: string): string {
if (!svg) return ''
return DOMPurify.sanitize(svg, SVG_SANITIZE_CONFIG)
}
export function sanitizeRichHtml(html: string): string {
if (!html) return ''
return DOMPurify.sanitize(html, { USE_PROFILES: { html: true } })
}
/** Sanitisation pages publiées — préserve le HTML généré par KaTeX (MathML + spans). */
const KATEX_MATH_TAGS = [
'math', 'semantics', 'mrow', 'mi', 'mo', 'mn', 'msup', 'msub', 'mfrac', 'msqrt',
'mroot', 'mtext', 'mspace', 'mstyle', 'mpadded', 'mphantom', 'menclose',
'mover', 'munder', 'munderover', 'mtable', 'mtr', 'mtd', 'mlabeledtr',
'annotation', 'maligngroup', 'malignmark',
] as const
const KATEX_MATH_ATTR = [
'xmlns', 'display', 'mathvariant', 'mathsize', 'mathcolor', 'dir',
'columnalign', 'rowalign', 'columnspacing', 'rowspacing', 'stretchy',
'symmetric', 'maxsize', 'minsize', 'largeop', 'movablelimits', 'accent',
'accentunder', 'fence', 'separator', 'lspace', 'rspace', 'depth', 'height',
'width', 'displaystyle', 'scriptlevel', 'class', 'style', 'aria-hidden',
'encoding', 'data-latex',
] as const
export function sanitizePublishedHtml(html: string): string {
if (!html) return ''
return DOMPurify.sanitize(html, {
USE_PROFILES: { html: true },
ADD_TAGS: [...KATEX_MATH_TAGS],
ADD_ATTR: [...KATEX_MATH_ATTR],
})
}