chore: add forcedSanitizeWhiteList

St1ggy · St1ggy · commit 648f539f3c9e · 2024-11-06T19:31:02.000+03:00
diff --git a/src/transform/md.ts b/src/transform/md.ts
@@ -168,7 +168,9 @@ function initCompiler(md: MarkdownIt, options: OptionsType, env: EnvType) {
         const html = md.renderer.render(tokens, md.options, env);
 
         // Sanitize the page
-        return needToSanitizeHtml ? sanitizeHtml(html, sanitizeOptions) : html;
+        return needToSanitizeHtml
+            ? sanitizeHtml(html, sanitizeOptions, env.forcedSanitizeCssWhiteList)
+            : html;
     };
 }
 
diff --git a/src/transform/plugins/imsize/plugin.ts b/src/transform/plugins/imsize/plugin.ts
@@ -225,6 +225,8 @@ export const imageWithSize = (md: MarkdownIt, opts?: ImsizeOptions): ParserInlin
                 if (height !== '') {
                     if (width !== '' && !heightWithPercent && !widthWithPercent) {
                         style += `aspect-ratio: ${width} / ${height};height: auto;`;
+                        state.env.forcedSanitizeCssWhiteList ??= {};
+                        state.env.forcedSanitizeCssWhiteList['aspect-ratio'] = true;
                     } else {
                         const heightString = heightWithPercent ? height : `${height}px`;
                         style += `height: ${heightString};`;
diff --git a/src/transform/sanitize.ts b/src/transform/sanitize.ts
@@ -4,6 +4,8 @@ import cssfilter from 'cssfilter';
 import * as cheerio from 'cheerio';
 import css from 'css';
 
+import {CssWhiteList} from './typings';
+
 const htmlTags = [
     'a',
     'abbr',
@@ -492,8 +494,6 @@ const allowedTags = Array.from(
 );
 const allowedAttributes = Array.from(new Set([...htmlAttrs, ...svgAttrs, ...yfmHtmlAttrs]));
 
-export type CssWhiteList = {[property: string]: boolean};
-
 export interface SanitizeOptions extends sanitizeHtml.IOptions {
     cssWhiteList?: CssWhiteList;
     disableStyleSanitizer?: boolean;
@@ -598,9 +598,20 @@ function sanitizeStyles(html: string, options: SanitizeOptions) {
     return styles + content;
 }
 
-export default function sanitize(html: string, options?: SanitizeOptions) {
+export default function sanitize(
+    html: string,
+    options?: SanitizeOptions,
+    forcedSanitizeCssWhiteList?: CssWhiteList,
+) {
     const sanitizeOptions = options || defaultOptions;
 
+    if (forcedSanitizeCssWhiteList) {
+        sanitizeOptions.cssWhiteList = {
+            ...sanitizeOptions.cssWhiteList,
+            ...forcedSanitizeCssWhiteList,
+        };
+    }
+
     const needToSanitizeStyles = !(sanitizeOptions.disableStyleSanitizer ?? false);
 
     const modifiedHtml = needToSanitizeStyles ? sanitizeStyles(html, sanitizeOptions) : html;
diff --git a/src/transform/typings.ts b/src/transform/typings.ts
@@ -74,6 +74,7 @@ export type EnvType<Extras extends {} = {}> = {
     assets?: unknown[];
     meta?: object;
     changelogs?: ChangelogItem[];
+    forcedSanitizeCssWhiteList?: CssWhiteList;
 } & Extras;
 
 export interface MarkdownItPluginOpts {
@@ -98,3 +99,5 @@ export type MarkdownItPluginCb<T extends {} = {}> = {
 export type MarkdownItPreprocessorCb<T extends unknown = {}> = {
     (input: string, opts: T & Partial<MarkdownItPluginOpts>, md?: MarkdownIt): string;
 };
+
+export type CssWhiteList = {[property: string]: boolean};

Original file line number	Diff line number	Diff line change
`@@ -168,7 +168,9 @@ function initCompiler(md: MarkdownIt, options: OptionsType, env: EnvType) {`
`168`	`168`	`const html = md.renderer.render(tokens, md.options, env);`
`169`	`169`
`170`	`170`	`// Sanitize the page`
`171`		`- return needToSanitizeHtml ? sanitizeHtml(html, sanitizeOptions) : html;`
	`171`	`+ return needToSanitizeHtml`
	`172`	`+ ? sanitizeHtml(html, sanitizeOptions, env.forcedSanitizeCssWhiteList)`
	`173`	`+ : html;`
`172`	`174`	`};`
`173`	`175`	`}`
`174`	`176`