mirror of
https://github.com/wekan/wekan.git
synced 2026-01-01 15:18:49 +01:00
fdb4980b68
autolinking is not working for abasurl as it contains not url conform characters so you would still have to link it manually but it is not sanitized anymore.
71 lines
2.2 KiB
JavaScript
Executable file
71 lines
2.2 KiB
JavaScript
Executable file
import sanitizeXss from 'xss';
|
|
var Markdown = require('markdown-it')({
|
|
html: true,
|
|
linkify: true,
|
|
typographer: true,
|
|
breaks: true,
|
|
});
|
|
|
|
|
|
// Static URL Scheme Listing
|
|
var urlschemes = [
|
|
"aodroplink",
|
|
"thunderlink",
|
|
"cbthunderlink",
|
|
"onenote",
|
|
"file",
|
|
"abasurl",
|
|
"conisio",
|
|
"mailspring"
|
|
];
|
|
|
|
// Better would be a field in the admin backend to set this dynamically
|
|
// instead of putting all known or wanted url schemes here hard into code
|
|
// but i was not able to access those settings
|
|
// var urlschemes = currentSetting.automaticLinkedUrlSchemes.split('\n');
|
|
|
|
// put all url schemes into the linkify configuration to automatically make it clickable
|
|
for(var i=0; i<urlschemes.length;i++){
|
|
//console.log("adding autolink for "+urlschemes[i]);
|
|
Markdown.linkify.add(urlschemes[i]+":",'http:');
|
|
}
|
|
|
|
// Additional safeAttrValue function to allow for other specific protocols
|
|
// See https://github.com/leizongmin/js-xss/issues/52#issuecomment-241354114
|
|
function mySafeAttrValue(tag, name, value, cssFilter) {
|
|
// only when the tag is 'a' and attribute is 'href'
|
|
// then use your custom function
|
|
if (tag === 'a' && name === 'href') {
|
|
// only filter the value if starts with an registered url scheme
|
|
urlscheme = value.split(/:/);
|
|
//console.log("validating "+urlscheme[0]);
|
|
if(urlschemes.includes(urlscheme[0])) return value;
|
|
else {
|
|
// use the default safeAttrValue function to process all non cbthunderlinks
|
|
return sanitizeXss.safeAttrValue(tag, name, value, cssFilter);
|
|
}
|
|
} else {
|
|
// use the default safeAttrValue function to process it
|
|
return sanitizeXss.safeAttrValue(tag, name, value, cssFilter);
|
|
}
|
|
};
|
|
|
|
var emoji = require('markdown-it-emoji');
|
|
Markdown.use(emoji);
|
|
|
|
if (Package.ui) {
|
|
const Template = Package.templating.Template;
|
|
const UI = Package.ui.UI;
|
|
const HTML = Package.htmljs.HTML;
|
|
const Blaze = Package.blaze.Blaze; // implied by `ui`
|
|
|
|
UI.registerHelper('markdown', new Template('markdown', function () {
|
|
const self = this;
|
|
let text = '';
|
|
if (self.templateContentBlock) {
|
|
text = Blaze._toText(self.templateContentBlock, HTML.TEXTMODE.STRING);
|
|
}
|
|
|
|
return HTML.Raw(sanitizeXss(Markdown.render(text), { safeAttrValue: mySafeAttrValue }));
|
|
}));
|
|
}
|