Flatpages render (but not sanitized)

MuckRock · Jan 29, 2024 · 2ea42f5 · 2ea42f5
1 parent 7c1b78d
commit 2ea42f5
Show file tree

Hide file tree

Showing 9 changed files with 330 additions and 13 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -19,7 +19,7 @@
     "axios": "1.5.1",
     "axios-retry": "^3.5.1",
     "body-scroll-lock": "^2.6.4",
-    "dompurify": "^3.0.5",
+    "dompurify": "^3.0.8",
     "fast-copy": "^2.1.0",
     "fast-deep-equal": "^3.1.3",
     "lucene": "^2.1.1",

diff --git a/src/api/types/orgAndUser.d.ts b/src/api/types/orgAndUser.d.ts
@@ -34,4 +34,5 @@ export interface User {
   organization: string | Org;
   organizations: string[];
   admin_organizations: string[];
+  feature_level: number;
 }
diff --git a/src/pages/app/sidebar/DocumentFilters.svelte b/src/pages/app/sidebar/DocumentFilters.svelte
@@ -2,7 +2,7 @@
   import { _ } from "svelte-i18n";
   import Link from "../../../router/Link.svelte";
   import { allDocumentsUrl, userUrl, orgUrl } from "../../../search/search.js";
-  import { User } from "../accounts/types";
+  import type { User } from "../accounts/types";
   import { Globe16, Infinity16, Lock16, Organization16 } from "svelte-octicons";
   import ListItem from "./ListItem.svelte";
 

diff --git a/src/pages/app/sidebar/Sidebar.svelte b/src/pages/app/sidebar/Sidebar.svelte
@@ -12,8 +12,8 @@
   import ProjectList from "./projects/ProjectList.svelte";
 
   import { newProject, editProject } from "../../../manager/layout.js";
-  import { getMe } from "../../../api/orgAndUser";
-  import { User } from "../../../api/types/orgAndUser";
+  import { getMe } from "../../../api/orgAndUser.js";
+  import type { User } from "../../../api/types/orgAndUser";
 
   export let expanded;
 

diff --git a/src/pages/app/sidebar/projects/ProjectList.svelte b/src/pages/app/sidebar/projects/ProjectList.svelte
@@ -2,7 +2,7 @@
   import { writable } from "svelte/store";
   import { _ } from "svelte-i18n";
 
-  import { User } from "../../../../api/types/orgAndUser";
+  import type { User } from "../../../../api/types/orgAndUser";
   import { getProjects } from "../../../../api/project.js";
   import { projectUrl } from "../../../../search/search.js";
   import Link from "../../../../router/Link.svelte";

diff --git a/src/routes/+layout.js b/src/routes/+layout.js
@@ -2,6 +2,8 @@ import { locale, waitLocale } from "svelte-i18n";
 import { browser } from "$app/environment";
 import "$lib/i18n/index.js"; // Import to initialize. Important :)
 
+export const trailingSlash = "always";
+
 /** @type {import('./$types').LayoutLoad} */
 export async function load() {
   if (browser) {

diff --git a/src/routes/[...path]/+page.js b/src/routes/[...path]/+page.js
@@ -1,6 +1,5 @@
 // load data for flatpages
 import { error, redirect } from "@sveltejs/kit";
-import DOMPurify from "dompurify";
 import { marked } from "marked";
 import { gfmHeadingId } from "marked-gfm-heading-id";
 
@@ -11,7 +10,7 @@ marked.use(gfmHeadingId());
 const ROOT = new URL("flatpages/", BASE_API_URL);
 
 /** @type {import('./$types').PageLoad} */
-export async function load({ params }) {
+export async function load({ fetch, params }) {
   const endpoint = new URL(params.path, ROOT);
 
   const resp = await fetch(endpoint, { credentials: "include" });
@@ -27,7 +26,15 @@ export async function load({ params }) {
 
   const page = await resp.json();
 
-  page.content = DOMPurify.sanitize(marked.parse(page.content));
+  return {
+    title: page.title,
+    url: page.url,
+    content: render(page.content),
+  };
+}
 
-  return page;
+function render(content) {
+  // TODO sanitize content
+  console.warn("FlatPage content is not sanitized");
+  return marked.parse(content);
 }