Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-16 23:40:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Try to allow links to onenote, mailspring and file.

Browse source 
Thanks to lime918, rgalonso, ocdtrekkie, gkarachuk and xet7 !

Fixes #1615
This commit is contained in:
Lauri Ojansivu 2021-01-13 00:02:17 +02:00
parent 4b3270e82a
commit 3977f2187a
2 changed files with 24 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

5
client/components/main/editor.js
View file

@ -275,7 +275,10 @@ function mySafeAttrValue(tag, name, value, cssFilter) {
if ( if (
/^thunderlink:/gi.test(value) || /^thunderlink:/gi.test(value) ||
/^cbthunderlink:/gi.test(value) || /^cbthunderlink:/gi.test(value) ||
/^aodroplink:/gi.test(value) /^aodroplink:/gi.test(value) ||
/^onenote:/gi.test(value) ||
/^file:/gi.test(value) ||
/^mailspring:/gi.test(value)
) { ) {
return value; return value;
} else { } else {

35
packages/markdown/src/template-integration.js
View file

@ -2,8 +2,8 @@ import sanitizeXss from 'xss';
var Markdown = require('markdown-it')({ var Markdown = require('markdown-it')({
html: true, html: true,
linkify: true, linkify: true,
typographer: true, typographer: true,
breaks: true, breaks: true,
}); });
// Additional safeAttrValue function to allow for other specific protocols // Additional safeAttrValue function to allow for other specific protocols
@ -13,7 +13,12 @@ function mySafeAttrValue(tag, name, value, cssFilter) {
// then use your custom function // then use your custom function
if (tag === 'a' && name === 'href') { if (tag === 'a' && name === 'href') {
// only filter the value if starts with 'cbthunderlink:' or 'aodroplink' // only filter the value if starts with 'cbthunderlink:' or 'aodroplink'
if (/^thunderlink:/ig.test(value) || /^cbthunderlink:/ig.test(value) || /^aodroplink:/ig.test(value)) { if (/^thunderlink:/ig.test(value) ||
/^cbthunderlink:/ig.test(value) ||
/^aodroplink:/ig.test(value) ||
/^onenote:/ig.test(value) ||
/^file:/ig.test(value) ||
/^mailspring:/ig.test(value)) {
return value; return value;
} }
else { else {
@ -30,18 +35,18 @@ var emoji = require('markdown-it-emoji');
Markdown.use(emoji); Markdown.use(emoji);
if (Package.ui) { if (Package.ui) {
const Template = Package.templating.Template; const Template = Package.templating.Template;
const UI = Package.ui.UI; const UI = Package.ui.UI;
const HTML = Package.htmljs.HTML; const HTML = Package.htmljs.HTML;
const Blaze = Package.blaze.Blaze; // implied by `ui` const Blaze = Package.blaze.Blaze; // implied by `ui`
UI.registerHelper('markdown', new Template('markdown', function () { UI.registerHelper('markdown', new Template('markdown', function () {
const self = this; const self = this;
let text = ''; let text = '';
if (self.templateContentBlock) { if (self.templateContentBlock) {
text = Blaze._toText(self.templateContentBlock, HTML.TEXTMODE.STRING); text = Blaze._toText(self.templateContentBlock, HTML.TEXTMODE.STRING);
} }
return HTML.Raw(sanitizeXss(Markdown.render(text), { safeAttrValue: mySafeAttrValue })); return HTML.Raw(sanitizeXss(Markdown.render(text), { safeAttrValue: mySafeAttrValue }));
})); }));
} }