feat: add sanitize-html for content filtering

Enhance RSS feed content safety by integrating sanitize-html to allow specific media tags and attributes, ensuring a secure and controlled presentation of content.
2026-05-16 07:26:44 +00:00 · 2024-08-07 21:00:55 +08:00
parent 877279ac03
commit 4fa62bf68d
3 changed files with 45 additions and 5 deletions
--- a/src/pages/rss.xml.js
+++ b/src/pages/rss.xml.js
@@ -1,5 +1,5 @@
 import rss from '@astrojs/rss'
-
+import sanitizeHtml from 'sanitize-html'
 import { getChannelInfo } from '../lib/telegram'

 export const prerender = false
@@ -22,7 +22,14 @@ export async function GET(Astro) {
      title: item.title,
      description: item.description,
      pubDate: new Date(item.datetime),
-      content: item.content,
+      content: sanitizeHtml(item.content, {
+        allowedTags: sanitizeHtml.defaults.allowedTags.concat(['img', 'video', 'audio']),
+        allowedAttributes: {
+          video: ['src', 'width', 'height', 'poster'],
+          audio: ['src', 'controls'],
+          img: ['src', 'width', 'height', 'loading'],
+        },
+      }),
    })),
  })
 }