Merge pull request #5312 from efaraz27/feat/allow-img-tags-in-in-app-…

…and-email-editor feat(api): Allow img tags in the In-App & Email Editor
novuhq · Mar 18, 2024 · 92d1cb6 · 92d1cb6
2 parents be23aa3 + 8803bf7
commit 92d1cb6
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/apps/api/src/app/message-template/shared/sanitizer.service.spec.ts b/apps/api/src/app/message-template/shared/sanitizer.service.spec.ts
@@ -60,4 +60,16 @@ describe('HTML Sanitizer', function () {
 
     expect(result[0].content).to.equal('<p style="color:red;">Red Text</p>');
   });
+
+  it('should NOT sanitize img tags', function () {
+    const result = sanitizeMessageContent([
+      {
+        type: EmailBlockTypeEnum.TEXT,
+        content: '<img src="https://example.com/image.jpg" alt="Example Image">',
+        url: '',
+      },
+    ]);
+
+    expect(result[0].content).to.equal('<img src="https://example.com/image.jpg" alt="Example Image" />');
+  });
 });
diff --git a/apps/api/src/app/message-template/shared/sanitizer.service.ts b/apps/api/src/app/message-template/shared/sanitizer.service.ts
@@ -10,13 +10,14 @@ const sanitizeOptions: sanitize.IOptions = {
   /**
    * Additional tags to allow.
    */
-  allowedTags: sanitize.defaults.allowedTags.concat(['style']),
+  allowedTags: sanitize.defaults.allowedTags.concat(['style', 'img']),
   allowedAttributes: {
     ...sanitize.defaults.allowedAttributes,
     /**
      * Additional attributes to allow on all tags.
      */
     '*': ['style'],
+    img: ['src', 'srcset', 'alt', 'title', 'width', 'height', 'loading'],
   },
   /**
    * Required to disable console warnings when allowing style tags.