70 lines
1.8 KiB
JavaScript
70 lines
1.8 KiB
JavaScript
'use strict';
|
|
|
|
const { detachNodeFromParent } = require('../lib/xast.js');
|
|
const { attrsGroups } = require('./_collections.js');
|
|
|
|
exports.name = 'removeScriptElement';
|
|
exports.description = 'removes scripts (disabled by default)';
|
|
|
|
/** Union of all event attributes. */
|
|
const eventAttrs = [
|
|
...attrsGroups.animationEvent,
|
|
...attrsGroups.documentEvent,
|
|
...attrsGroups.documentElementEvent,
|
|
...attrsGroups.globalEvent,
|
|
...attrsGroups.graphicalEvent,
|
|
];
|
|
|
|
/**
|
|
* Remove scripts.
|
|
*
|
|
* https://www.w3.org/TR/SVG11/script.html
|
|
*
|
|
* @author Patrick Klingemann
|
|
* @type {import('./plugins-types').Plugin<'removeScriptElement'>}
|
|
*/
|
|
exports.fn = () => {
|
|
return {
|
|
element: {
|
|
enter: (node, parentNode) => {
|
|
if (node.name === 'script') {
|
|
detachNodeFromParent(node, parentNode);
|
|
return;
|
|
}
|
|
|
|
for (const attr of eventAttrs) {
|
|
if (node.attributes[attr] != null) {
|
|
delete node.attributes[attr];
|
|
}
|
|
}
|
|
},
|
|
exit: (node, parentNode) => {
|
|
if (node.name !== 'a') {
|
|
return;
|
|
}
|
|
|
|
for (const attr of Object.keys(node.attributes)) {
|
|
if (attr === 'href' || attr.endsWith(':href')) {
|
|
if (
|
|
node.attributes[attr] == null ||
|
|
!node.attributes[attr].trimStart().startsWith('javascript:')
|
|
) {
|
|
continue;
|
|
}
|
|
|
|
const index = parentNode.children.indexOf(node);
|
|
parentNode.children.splice(index, 1, ...node.children);
|
|
|
|
// TODO remove legacy parentNode in v4
|
|
for (const child of node.children) {
|
|
Object.defineProperty(child, 'parentNode', {
|
|
writable: true,
|
|
value: parentNode,
|
|
});
|
|
}
|
|
}
|
|
}
|
|
},
|
|
},
|
|
};
|
|
};
|