mirror of
https://github.com/wekan/wekan.git
synced 2026-02-19 06:28:06 +01:00
Added markdown-it-mermaid for some charts support in all input fields. Replaced xss with dompurify.
Thanks to xuguotong and xet7 ! Fixes #3794
This commit is contained in:
parent
88e4918208
commit
5ab20a9257
6 changed files with 5604 additions and 889 deletions
|
|
@ -1,5 +1,5 @@
|
|||
import { checkNpmVersions } from 'meteor/tmeasday:check-npm-versions';
|
||||
|
||||
checkNpmVersions({
|
||||
'xss': '1.0.8',
|
||||
'dompurify': '2.2.8',
|
||||
}, 'my:xss');
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
import sanitizeXss from 'xss';
|
||||
import DOMPurify from 'dompurify';
|
||||
|
||||
var Markdown = require('markdown-it')({
|
||||
html: true,
|
||||
linkify: true,
|
||||
|
|
@ -6,7 +7,9 @@ var Markdown = require('markdown-it')({
|
|||
breaks: true,
|
||||
});
|
||||
|
||||
import markdownItMermaid from "@liradb2000/markdown-it-mermaid";
|
||||
|
||||
/*
|
||||
// Static URL Scheme Listing
|
||||
var urlschemes = [
|
||||
"aodroplink",
|
||||
|
|
@ -19,7 +22,7 @@ var urlschemes = [
|
|||
"mailspring"
|
||||
];
|
||||
|
||||
// Better would be a field in the admin backend to set this dynamically
|
||||
// Better would be a field in the admin backend to set this dynamically
|
||||
// instead of putting all known or wanted url schemes here hard into code
|
||||
// but i was not able to access those settings
|
||||
// var urlschemes = currentSetting.automaticLinkedUrlSchemes.split('\n');
|
||||
|
|
@ -44,14 +47,18 @@ function mySafeAttrValue(tag, name, value, cssFilter) {
|
|||
// use the default safeAttrValue function to process all non cbthunderlinks
|
||||
return sanitizeXss.safeAttrValue(tag, name, value, cssFilter);
|
||||
}
|
||||
// } else if (tag === 'svg') {
|
||||
// return `<img src="data:image/svg+xml;base64,` + atob(value) + `"></img>`;
|
||||
} else {
|
||||
// use the default safeAttrValue function to process it
|
||||
return sanitizeXss.safeAttrValue(tag, name, value, cssFilter);
|
||||
}
|
||||
};
|
||||
*/
|
||||
|
||||
var emoji = require('markdown-it-emoji');
|
||||
Markdown.use(emoji);
|
||||
Markdown.use(markdownItMermaid);
|
||||
|
||||
if (Package.ui) {
|
||||
const Template = Package.templating.Template;
|
||||
|
|
@ -66,6 +73,6 @@ if (Package.ui) {
|
|||
text = Blaze._toText(self.templateContentBlock, HTML.TEXTMODE.STRING);
|
||||
}
|
||||
|
||||
return HTML.Raw(sanitizeXss(Markdown.render(text), { safeAttrValue: mySafeAttrValue }));
|
||||
return HTML.Raw(DOMPurify.sanitize(Markdown.render(text), {ALLOW_UNKNOWN_PROTOCOLS: true}));
|
||||
}));
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue