mirror of
https://github.com/wekan/wekan.git
synced 2025-12-24 03:10:12 +01:00
Re-enables custom schemes auto linking.
Thanks to chrisi51 ! Related https://github.com/wekan/wekan/pull/4059
This commit is contained in:
Lauri Ojansivu
parent
8224410e0c
commit
f67a174c4a
1 changed files with 4 additions and 60 deletions
|
|
@ -9,8 +9,6 @@ var Markdown = require('markdown-it')({
|
|||
|
||||
import markdownItMermaid from "@wekanteam/markdown-it-mermaid";
|
||||
|
||||
/*
|
||||
|
||||
// Static URL Scheme Listing
|
||||
var urlschemes = [
|
||||
"aodroplink",
|
||||
|
|
@ -23,74 +21,20 @@ var urlschemes = [
|
|||
"mailspring"
|
||||
];
|
||||
|
||||
|
||||
|
||||
// Better would be a field in the admin backend to set this dynamically
|
||||
// instead of putting all known or wanted url schemes here hard into code
|
||||
// but i was not able to access those settings
|
||||
// var urlschemes = currentSetting.automaticLinkedUrlSchemes.split('\n');
|
||||
|
||||
|
||||
|
||||
// put all url schemes into the linkify configuration to automatically make it clickable
|
||||
for(var i=0; i<urlschemes.length;i++){
|
||||
//console.log("adding autolink for "+urlschemes[i]);
|
||||
Markdown.linkify.add(urlschemes[i]+":",'http:');
|
||||
}
|
||||
|
||||
|
||||
|
||||
// build fitting regex
|
||||
var regex = RegExp('^(' + urlschemes.join('|') + '):', 'gim');
|
||||
|
||||
// Add a hook to enforce URI scheme allow-list
|
||||
DOMPurify.addHook('afterSanitizeAttributes', function (node) {
|
||||
// build an anchor to map URLs to
|
||||
var anchor = document.createElement('a');
|
||||
|
||||
// check all href attributes for validity
|
||||
if (node.hasAttribute('href')) {
|
||||
anchor.href = node.getAttribute('href');
|
||||
if (anchor.protocol && !anchor.protocol.match(regex)) {
|
||||
node.removeAttribute('href');
|
||||
}
|
||||
}
|
||||
// check all action attributes for validity
|
||||
if (node.hasAttribute('action')) {
|
||||
anchor.href = node.getAttribute('action');
|
||||
if (anchor.protocol && !anchor.protocol.match(regex)) {
|
||||
node.removeAttribute('action');
|
||||
}
|
||||
}
|
||||
// check all xlink:href attributes for validity
|
||||
if (node.hasAttribute('xlink:href')) {
|
||||
anchor.href = node.getAttribute('xlink:href');
|
||||
if (anchor.protocol && !anchor.protocol.match(regex)) {
|
||||
node.removeAttribute('xlink:href');
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
// Additional safeAttrValue function to allow for other specific protocols
|
||||
// See https://github.com/leizongmin/js-xss/issues/52#issuecomment-241354114
|
||||
function mySafeAttrValue(tag, name, value, cssFilter) {
|
||||
// only when the tag is 'a' and attribute is 'href'
|
||||
// then use your custom function
|
||||
if (tag === 'a' && name === 'href') {
|
||||
// only filter the value if starts with an registered url scheme
|
||||
urlscheme = value.split(/:/);
|
||||
//console.log("validating "+urlscheme[0]);
|
||||
if(urlschemes.includes(urlscheme[0])) return value;
|
||||
else {
|
||||
// use the default safeAttrValue function to process all non cbthunderlinks
|
||||
return sanitizeXss.safeAttrValue(tag, name, value, cssFilter);
|
||||
}
|
||||
// } else if (tag === 'svg') {
|
||||
// return `<img src="data:image/svg+xml;base64,` + atob(value) + `"></img>`;
|
||||
} else {
|
||||
// use the default safeAttrValue function to process it
|
||||
return sanitizeXss.safeAttrValue(tag, name, value, cssFilter);
|
||||
}
|
||||
};
|
||||
*/
|
||||
|
||||
var emoji = require('markdown-it-emoji');
|
||||
Markdown.use(emoji);
|
||||
Markdown.use(markdownItMermaid);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue