Only allow certain inline tags to remain in the title; HTML-encode the rest
This commit is contained in:
parent
2708a608c5
commit
4ddb6c8d4f
|
@ -86,3 +86,38 @@ public extension Array where Element == Article {
|
|||
return map { $0.articleID }
|
||||
}
|
||||
}
|
||||
|
||||
public extension Article {
|
||||
static let allowedTags: Set = ["b", "bdi", "bdo", "cite", "code", "del", "dfn", "em", "i", "ins", "kbd", "mark", "q", "rb", "rp", "rt", "rtc", "ruby", "s", "samp", "small", "strong", "sub", "sup", "time", "u", "var"]
|
||||
|
||||
func sanitizedTitle(forHTML: Bool = true) -> String? {
|
||||
guard let title = title else { return nil }
|
||||
|
||||
let scanner = Scanner(string: title)
|
||||
scanner.charactersToBeSkipped = nil
|
||||
var result = ""
|
||||
result.reserveCapacity(title.count)
|
||||
|
||||
while !scanner.isAtEnd {
|
||||
if let text = scanner.scanUpToString("<") {
|
||||
result.append(text)
|
||||
}
|
||||
|
||||
if let _ = scanner.scanString("<") {
|
||||
// All the allowed tags currently don't allow attributes
|
||||
if let tag = scanner.scanUpToString(">") {
|
||||
if Self.allowedTags.contains(tag.replacingOccurrences(of: "/", with: "")) {
|
||||
forHTML ? result.append("<\(tag)>") : result.append("")
|
||||
} else {
|
||||
forHTML ? result.append("<\(tag)>") : result.append("<\(tag)>")
|
||||
}
|
||||
|
||||
let _ = scanner.scanString(">")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return result
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue