Refine sanitize config

TryGhost · Jul 31, 2024 · e224c6f · e224c6f
1 parent 854a0f8
commit e224c6f
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/handlers.ts b/src/handlers.ts
@@ -20,7 +20,9 @@ import type { PersonData } from './user';
 import { ACTOR_DEFAULT_HANDLE } from './constants';
 
 type StoredThing = {
-    object: object | string;
+    object: string | {
+        content: string;
+    }
 }
 
 async function postToArticle(ctx: RequestContext<ContextData>, post: any) {
@@ -210,7 +212,8 @@ export async function inboxHandler(
                 thing.object = await db.get([thing.object]) ?? thing.object;
             }
 
-            if (thing?.object?.content) {
+            // Sanitize HTML content
+            if (thing?.object && typeof thing.object !== 'string') {
                 thing.object.content = sanitizeHtml(thing.object.content, {
                     allowedTags: ['a', 'p', 'img', 'br', 'strong', 'em', 'span'],
                     allowedAttributes: {