code tag

lib/util/RecommendedXSSWhiteList.js

@@ -1,6 +1,7 @@
 /**
  * reference: https://meta.stackexchange.com/questions/1777/what-html-tags-are-allowed-on-stack-exchange-sites
- * plus h4, h5, h6
+ * added tags: h4, h5, h6
+ * added attrs: class(without this, markdown for <code> does not work)
  */
 
 const tags = [
@@ -9,7 +10,7 @@ const tags = [
   's', 'sup', 'sub', 'strong', 'strike', 'ul', 'br', 'hr',
 ];
 
-const attrs = ['src', 'width', 'height', 'alt', 'title', 'href'];
+const attrs = ['src', 'width', 'height', 'alt', 'title', 'href', 'class'];
 
 module.exports = {
   tags,

lib/util/xss.js

@@ -13,7 +13,7 @@ class Xss {
     // default
     let option = {
       stripIgnoreTag: true,
-      stripIgnoreTagBody: true,
+      stripIgnoreTagBody: false,
       css: false,
       whiteList: whiteListContent,
       escapeHtml: (html) => html,   // resolve https://github.com/weseek/growi/issues/221
@@ -23,11 +23,9 @@ class Xss {
       tagWhiteList.forEach(tag => {
         whiteListContent[tag] = attrWhiteList;
       });
-      option['whiteList'] = whiteListContent;
     }
     else {
       option['stripIgnoreTag'] = false;
-      option['stripIgnoreTagBody'] = false;
     }
 
     // create the XSS Filter instance