From a73f781fb19060f082ad4b57d7a33d2abdd0ba48 Mon Sep 17 00:00:00 2001
From: JeffreyGilbert <visualjeff@icloud.com>
Date: Wed, 16 Dec 2020 20:06:36 -0800
Subject: [PATCH] Added a few lines of code to sanitize html elements that
 might get injected to a website

---
 src/normalize.js | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/src/normalize.js b/src/normalize.js
index f702717..127a926 100644
--- a/src/normalize.js
+++ b/src/normalize.js
@@ -1,3 +1,18 @@
+function SanitizeHtml(html) {
+  const SCRIPT_REGEX = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi
+
+  // Removing the <script> tags
+  while (SCRIPT_REGEX.test(html)) {
+    html = html.replace(SCRIPT_REGEX, "")
+  }
+
+  // Removing all events from tags...
+  html = html.replace(/ on\w+=["|'][^']*["|']/g, "")
+
+  return html
+}
+
+
 exports.processContentType = (
   contentType,
   createNodeId,
@@ -54,6 +69,17 @@ exports.processEntry = (
   createContentDigest,
   typePrefix
 ) => {
+  //Find uid of objects in schema that are text fields
+  const needSanitizing = contentType.schema.filter(obj => {
+    return obj.data_type === 'text';
+  }).map(obj => {
+    return obj.uid;
+  });
+  //For each text field sanitize its content.
+  needSanitizing.forEach((field) => {
+    entry[field] = SanitizeHtml(entry[field]);     
+  });
+
   const nodeId = makeEntryNodeUid(entry, createNodeId, typePrefix);
   const nodeContent = JSON.stringify(entry);
   const nodeData = {