From 5440136c742a90af3c9c90033de2d20598f6c1d8 Mon Sep 17 00:00:00 2001
From: mknj <github@mknj.de>
Date: Sun, 27 Sep 2020 12:24:35 +0200
Subject: [PATCH] feat: allow deep links on readme pages

see https://github.com/verdaccio/verdaccio/issues/1938
---
 src/utils/sec-utils.ts | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/utils/sec-utils.ts b/src/utils/sec-utils.ts
index 3769a1279..c5d74b1b8 100644
--- a/src/utils/sec-utils.ts
+++ b/src/utils/sec-utils.ts
@@ -1,7 +1,15 @@
-import { filterXSS } from 'xss';
+import { filterXSS, escapeAttrValue } from 'xss';
+
+const xssOpts = {
+  onIgnoreTagAttr: function(tag: string, name: string, value: string) {
+    if (tag.match(/^h[0-9]$/) && name === 'id') {
+      return name + '="' + escapeAttrValue(value) + '"';
+    }
+  },
+};
 
 export function preventXSS(text: string): string {
-  const encodedText = filterXSS(text);
+  const encodedText = filterXSS(text, xssOpts);
 
   return encodedText;
 }