Skip to content

Commit cf145a8

Browse files
mjbvzmjbvz
authored
Enable safe inline svg tags in trusted html (microsoft#156216)
Enable safe svg tags in trusted html From https://github.com/cure53/DOMPurify/blob/cce00ac40d33c2aae6422eaa59e6a8aad5c73901/src/tags.js#L124
1 parent a444059 commit cf145a8

File tree

1 file changed

+100
-49
lines changed
  • extensions/markdown-language-features/notebook

1 file changed

+100
-49
lines changed

extensions/markdown-language-features/notebook/index.ts

Lines changed: 100 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -8,57 +8,108 @@ import MarkdownIt from 'markdown-it';
88
import type * as MarkdownItToken from 'markdown-it/lib/token';
99
import type { ActivationFunction } from 'vscode-notebook-renderer';
1010

11+
const allowedHtmlTags = Object.freeze([
12+
'a',
13+
'b',
14+
'blockquote',
15+
'br',
16+
'button',
17+
'caption',
18+
'center',
19+
'code',
20+
'col',
21+
'colgroup',
22+
'details',
23+
'div',
24+
'em',
25+
'font',
26+
'h1',
27+
'h2',
28+
'h3',
29+
'h4',
30+
'h5',
31+
'h6',
32+
'hr',
33+
'i',
34+
'img',
35+
'input',
36+
'kbd',
37+
'label',
38+
'li',
39+
'ol',
40+
'p',
41+
'pre',
42+
'select',
43+
'small',
44+
'span',
45+
'strong',
46+
'sub',
47+
'summary',
48+
'sup',
49+
'table',
50+
'tbody',
51+
'td',
52+
'textarea',
53+
'tfoot',
54+
'th',
55+
'thead',
56+
'tr',
57+
'tt',
58+
'u',
59+
'ul',
60+
'video',
61+
]);
62+
63+
const allowedSvgTags = Object.freeze([
64+
'svg',
65+
'a',
66+
'altglyph',
67+
'altglyphdef',
68+
'altglyphitem',
69+
'animatecolor',
70+
'animatemotion',
71+
'animatetransform',
72+
'circle',
73+
'clippath',
74+
'defs',
75+
'desc',
76+
'ellipse',
77+
'filter',
78+
'font',
79+
'g',
80+
'glyph',
81+
'glyphref',
82+
'hkern',
83+
'image',
84+
'line',
85+
'lineargradient',
86+
'marker',
87+
'mask',
88+
'metadata',
89+
'mpath',
90+
'path',
91+
'pattern',
92+
'polygon',
93+
'polyline',
94+
'radialgradient',
95+
'rect',
96+
'stop',
97+
'style',
98+
'switch',
99+
'symbol',
100+
'text',
101+
'textpath',
102+
'title',
103+
'tref',
104+
'tspan',
105+
'view',
106+
'vkern',
107+
]);
108+
11109
const sanitizerOptions: DOMPurify.Config = {
12110
ALLOWED_TAGS: [
13-
'a',
14-
'b',
15-
'blockquote',
16-
'br',
17-
'button',
18-
'caption',
19-
'center',
20-
'code',
21-
'col',
22-
'colgroup',
23-
'details',
24-
'div',
25-
'em',
26-
'font',
27-
'h1',
28-
'h2',
29-
'h3',
30-
'h4',
31-
'h5',
32-
'h6',
33-
'hr',
34-
'i',
35-
'img',
36-
'input',
37-
'kbd',
38-
'label',
39-
'li',
40-
'ol',
41-
'p',
42-
'pre',
43-
'select',
44-
'small',
45-
'span',
46-
'strong',
47-
'sub',
48-
'summary',
49-
'sup',
50-
'table',
51-
'tbody',
52-
'td',
53-
'textarea',
54-
'tfoot',
55-
'th',
56-
'thead',
57-
'tr',
58-
'tt',
59-
'u',
60-
'ul',
61-
'video',
111+
...allowedHtmlTags,
112+
...allowedSvgTags,
62113
],
63114
};
64115

0 commit comments

Comments
 (0)