diff options
Diffstat (limited to 'apps/web/lib/sanitize.ts')
| -rw-r--r-- | apps/web/lib/sanitize.ts | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/apps/web/lib/sanitize.ts b/apps/web/lib/sanitize.ts index b63cee1..3a85016 100644 --- a/apps/web/lib/sanitize.ts +++ b/apps/web/lib/sanitize.ts @@ -1,5 +1,19 @@ import sanitizeHtml from "sanitize-html" +const TRACKING_PIXEL_DIMENSION_THRESHOLD = 3 + +function isTrackingPixel(tagName: string, attributes: Record<string, string>): boolean { + if (tagName !== "img") return false + + const width = parseInt(attributes.width, 10) + const height = parseInt(attributes.height, 10) + + if (!isNaN(width) && width <= TRACKING_PIXEL_DIMENSION_THRESHOLD) return true + if (!isNaN(height) && height <= TRACKING_PIXEL_DIMENSION_THRESHOLD) return true + + return false +} + const SANITIZE_OPTIONS: sanitizeHtml.IOptions = { allowedTags: [ "h1", @@ -36,6 +50,7 @@ const SANITIZE_OPTIONS: sanitizeHtml.IOptions = { img: ["src", "alt", "title", "width", "height"], }, allowedSchemes: ["http", "https"], + exclusiveFilter: (frame) => isTrackingPixel(frame.tag, frame.attribs), } export function sanitizeEntryContent(htmlContent: string): string { |