-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvanilla-21
59 lines (51 loc) · 2.24 KB
/
vanilla-21
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Document</title>
<link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-giJF6kkoqNQ00vy+HMDP7azOuL0xtbfIcaT9wjKHr8RbDVddVHyTfAAsrekwKmP1" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js" integrity="sha384-ygbV9kiqUc6oa4msXn9868pTtWMgiQaeYH7/t7LECLbyPA2x65Kgf80OJFdroafW" crossorigin="anonymous"></script>
</head>
<body>
<div class="container p-4">
<div class="row">
<div id="app"></div>
</div>
</div>
<script src="dompurify.min.js"></script>
<script>
var app = document.querySelector('#app');
/**
* Sanitize and encode all HTML in a user-submitted string
* https://portswigger.net/web-security/cross-site-scripting/preventing
* @param {String} str The user-submitted string
* @return {String} str The sanitized string
*/
var sanitizeHTML = function (str) {
return str.replace(/[^\w. ]/gi, function (c) {
return '&#' + c.charCodeAt(0) + ';';
});
};
let allSections = ["arts", "automobiles", "books", "business", "fashion", "food", "health", "home", "insider", "magazine", "movies", "nyregion", "obituaries", "opinion", "politics", "realestate", "science", "sports", "sundayreview", "technology", "theater", "t-magazine", "travel", "upshot", "us", "world"];
let selectedSections = allSections.slice(2, 8);
let getFeed = function (section) {
let address = 'https://api.nytimes.com/svc/topstories/v2/' + section + '.json?api-key=Dl9PtOimIHf00uHBk7k19lE8PhCWTNi4';
fetch(address).then(function(response){
return response.json();
}).then(function(data){
let titles = data.results.slice(0,5).map(function(result){
return '<li>' + '<a href="' + sanitizeHTML(result.url) + '">' + sanitizeHTML(result.title) + '</a>' + '</li>';
}).join('');
// let safeTitles = DOMPurify.sanitize(titles, {ALLOWED_TAGS: ['li', 'a']});
let sectionContent = '<h3>' + section + '</h3>' + '<ul>' + titles + '</ul>';
app.innerHTML += sectionContent;
}).catch(function(err){
console.warn('error occurred', err);
});
};
selectedSections.forEach( function(section, index) {
getFeed(section);
});
</script>
</body>
</html>