From c6fe4742aa38650fa897ac7aad94b13d403bad2a Mon Sep 17 00:00:00 2001
From: ccbikai <ccbikai@qq.com>
Date: Sat, 10 Aug 2024 14:00:53 +0800
Subject: [PATCH] feat: enhance image loading and sanitization

- Standardized image loading to lazy for consistency in modal previews
- Expanded allowed attributes for sanitization to support additional image properties
- Introduced an exclusive filter to exclude specific images by class during sanitization
---
 src/lib/telegram/index.js | 2 +-
 src/pages/rss.xml.js      | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/lib/telegram/index.js b/src/lib/telegram/index.js
index 603a413..de237da 100644
--- a/src/lib/telegram/index.js
+++ b/src/lib/telegram/index.js
@@ -41,7 +41,7 @@ function getImages($, item, { staticProxy, id, index, title }) {
         <img src="${staticProxy + url}" alt="${title}" loading="${index > 15 ? 'eager' : 'lazy'}" />
       </button>
       <button class="image-preview-button modal" id="${popoverId}" popovertarget="${popoverId}" popovertargetaction="hide" popover>
-        <img class="modal-img" src="${staticProxy + url}" alt="${title}" loading="${index > 15 ? 'eager' : 'lazy'}" />
+        <img class="modal-img" src="${staticProxy + url}" alt="${title}" loading="lazy" />
       </button>
     `
   })?.get()
diff --git a/src/pages/rss.xml.js b/src/pages/rss.xml.js
index 99b3826..29d244a 100644
--- a/src/pages/rss.xml.js
+++ b/src/pages/rss.xml.js
@@ -25,9 +25,13 @@ export async function GET(Astro) {
       content: sanitizeHtml(item.content, {
         allowedTags: sanitizeHtml.defaults.allowedTags.concat(['img', 'video', 'audio']),
         allowedAttributes: {
+          ...sanitizeHtml.defaults.allowedAttributes,
           video: ['src', 'width', 'height', 'poster'],
           audio: ['src', 'controls'],
-          img: ['src', 'width', 'height', 'loading'],
+          img: ['src', 'srcset', 'alt', 'title', 'width', 'height', 'loading', 'class'],
+        },
+        exclusiveFilter(frame) {
+          return frame.tag === 'img' && frame.attribs?.class?.includes('modal-img')
         },
       }),
     })),