XssService

src/server/crowi/index.js

@@ -39,6 +39,7 @@ function Crowi(rootdir) {
   this.passportService = null;
   this.globalNotificationService = null;
   this.crowiSlackNotificationService = null;
+  this.xssService = null;
   this.restQiitaAPIService = null;
   this.cdnResourcesService = new CdnResourcesService();
   this.interceptorManager = new InterceptorManager();
@@ -449,6 +450,16 @@ Crowi.prototype.setUpCrowiSlacklNotification = function() {
   }
 };
 
+/**
+ * setup XssService
+ */
+Crowi.prototype.setUpCrowiSlacklNotification = function() {
+  const XssService = require('../service/xss');
+  if (this.xssService == null) {
+    this.xssService = new XssService(this);
+  }
+};
+
 /**
  * setup RestQiitaAPIService
  */

src/server/service/config-manager.js

@@ -108,57 +108,6 @@ class ConfigManager {
     return method !== 'none';
   }
 
-  getTagWhiteList() {
-    const { tags } = require('@commons/service/xss/recommended-whitelist');
-    const isEnabledXssPrevention = this.getConfig('markdown', 'markdown:xss:isEnabledPrevention');
-    const xssOpiton = this.getConfig('markdown', 'markdown:xss:option');
-
-    if (isEnabledXssPrevention) {
-      switch (xssOpiton) {
-        case 1: // ignore all: use default option
-          return [];
-
-        case 2: // recommended
-          return tags;
-
-        case 3: // custom white list
-          return this.getConfig('markdown', 'markdown:xss:tagWhiteList');
-
-        default:
-          return [];
-      }
-    }
-    else {
-      return [];
-    }
-  }
-
-  getAttrWhiteList() {
-    const { attrs } = require('@commons/service/xss/recommended-whitelist');
-    const isEnabledXssPrevention = this.getConfig('markdown', 'markdown:xss:isEnabledPrevention');
-    const xssOpiton = this.getConfig('markdown', 'markdown:xss:option');
-
-    if (isEnabledXssPrevention) {
-      switch (xssOpiton) {
-        case 1: // ignore all: use default option
-          return [];
-
-        case 2: // recommended
-          return attrs;
-
-        case 3: // custom white list
-          return this.getConfig('markdown', 'markdown:xss:attrWhiteList');
-
-        default:
-          return [];
-      }
-    }
-    else {
-      return [];
-    }
-  }
-
-
   getIsPublicWikiOnly() {
     // CONF.RF save PUBLIC_WIKI_ONLY in mongodb?
     const publicWikiOnly = process.env.PUBLIC_WIKI_ONLY;

src/server/service/xss.js

@@ -0,0 +1,63 @@
+const logger = require('@alias/logger')('growi:service:XssSerivce'); // eslint-disable-line no-unused-vars
+const { tags, attrs } = require('@commons/service/xss/recommended-whitelist');
+
+/**
+ * the service class of GlobalNotificationSetting
+ */
+class XssSerivce {
+
+  constructor(crowi) {
+    this.crowi = crowi;
+  }
+
+  getTagWhiteList() {
+    const isEnabledXssPrevention = this.crowi.configManager.getConfig('markdown', 'markdown:xss:isEnabledPrevention');
+    const xssOpiton = this.crowi.configManager.getConfig('markdown', 'markdown:xss:option');
+
+    if (isEnabledXssPrevention) {
+      switch (xssOpiton) {
+        case 1: // ignore all: use default option
+          return [];
+
+        case 2: // recommended
+          return tags;
+
+        case 3: // custom white list
+          return this.crowi.configManager.getConfig('markdown', 'markdown:xss:tagWhiteList');
+
+        default:
+          return [];
+      }
+    }
+    else {
+      return [];
+    }
+  }
+
+  getAttrWhiteList() {
+    const isEnabledXssPrevention = this.crowi.configManager.getConfig('markdown', 'markdown:xss:isEnabledPrevention');
+    const xssOpiton = this.crowi.configManager.getConfig('markdown', 'markdown:xss:option');
+
+    if (isEnabledXssPrevention) {
+      switch (xssOpiton) {
+        case 1: // ignore all: use default option
+          return [];
+
+        case 2: // recommended
+          return attrs;
+
+        case 3: // custom white list
+          return this.crowi.configManager.getConfig('markdown', 'markdown:xss:attrWhiteList');
+
+        default:
+          return [];
+      }
+    }
+    else {
+      return [];
+    }
+  }
+
+}
+
+module.exports = XssSerivce;