|
@@ -30,6 +30,7 @@ import { NextLink } from '~/components/ReactMarkdownComponents/NextLink';
|
|
|
import { Table } from '~/components/ReactMarkdownComponents/Table';
|
|
import { Table } from '~/components/ReactMarkdownComponents/Table';
|
|
|
import { TableWithEditButton } from '~/components/ReactMarkdownComponents/TableWithEditButton';
|
|
import { TableWithEditButton } from '~/components/ReactMarkdownComponents/TableWithEditButton';
|
|
|
import { RendererConfig } from '~/interfaces/services/renderer';
|
|
import { RendererConfig } from '~/interfaces/services/renderer';
|
|
|
|
|
+import { RehypeSanitizeOption } from '~/interfaces/rehype';
|
|
|
import { registerGrowiFacade } from '~/utils/growi-facade';
|
|
import { registerGrowiFacade } from '~/utils/growi-facade';
|
|
|
import loggerFactory from '~/utils/logger';
|
|
import loggerFactory from '~/utils/logger';
|
|
|
|
|
|
|
@@ -148,6 +149,11 @@ export const generateViewOptions = (
|
|
|
remarkPlugins.push(breaks);
|
|
remarkPlugins.push(breaks);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ if (config.xssOption === RehypeSanitizeOption.CUSTOM) {
|
|
|
|
|
+ commonSanitizeOption.tagNames = config.tagWhiteList;
|
|
|
|
|
+ commonSanitizeOption.attributes = deepmerge(commonSanitizeOption.attributes ?? {}, config.attrWhiteList ?? {});
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
const rehypeSanitizePlugin: Pluggable<any[]> | (() => void) = config.isEnabledXssPrevention
|
|
const rehypeSanitizePlugin: Pluggable<any[]> | (() => void) = config.isEnabledXssPrevention
|
|
|
? [sanitize, deepmerge(
|
|
? [sanitize, deepmerge(
|
|
|
commonSanitizeOption,
|
|
commonSanitizeOption,
|
|
@@ -190,6 +196,11 @@ export const generateTocOptions = (config: RendererConfig, tocNode: HtmlElementN
|
|
|
// add remark plugins
|
|
// add remark plugins
|
|
|
// remarkPlugins.push();
|
|
// remarkPlugins.push();
|
|
|
|
|
|
|
|
|
|
+ if (config.xssOption === RehypeSanitizeOption.CUSTOM) {
|
|
|
|
|
+ commonSanitizeOption.tagNames = config.tagWhiteList;
|
|
|
|
|
+ commonSanitizeOption.attributes = deepmerge(commonSanitizeOption.attributes ?? {}, config.attrWhiteList ?? {});
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
const rehypeSanitizePlugin: Pluggable<any[]> | (() => void) = config.isEnabledXssPrevention
|
|
const rehypeSanitizePlugin: Pluggable<any[]> | (() => void) = config.isEnabledXssPrevention
|
|
|
? [sanitize, deepmerge(
|
|
? [sanitize, deepmerge(
|
|
|
commonSanitizeOption,
|
|
commonSanitizeOption,
|
|
@@ -234,6 +245,11 @@ export const generateSimpleViewOptions = (
|
|
|
remarkPlugins.push(breaks);
|
|
remarkPlugins.push(breaks);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ if (config.xssOption === RehypeSanitizeOption.CUSTOM) {
|
|
|
|
|
+ commonSanitizeOption.tagNames = config.tagWhiteList;
|
|
|
|
|
+ commonSanitizeOption.attributes = deepmerge(commonSanitizeOption.attributes ?? {}, config.attrWhiteList ?? {});
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
const rehypeSanitizePlugin: Pluggable<any[]> | (() => void) = config.isEnabledXssPrevention
|
|
const rehypeSanitizePlugin: Pluggable<any[]> | (() => void) = config.isEnabledXssPrevention
|
|
|
? [sanitize, deepmerge(
|
|
? [sanitize, deepmerge(
|
|
|
commonSanitizeOption,
|
|
commonSanitizeOption,
|
|
@@ -281,6 +297,11 @@ export const generatePreviewOptions = (config: RendererConfig, pagePath: string)
|
|
|
remarkPlugins.push(breaks);
|
|
remarkPlugins.push(breaks);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ if (config.xssOption === RehypeSanitizeOption.CUSTOM) {
|
|
|
|
|
+ commonSanitizeOption.tagNames = config.tagWhiteList;
|
|
|
|
|
+ commonSanitizeOption.attributes = deepmerge(commonSanitizeOption.attributes ?? {}, config.attrWhiteList ?? {});
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
const rehypeSanitizePlugin: Pluggable<any[]> | (() => void) = config.isEnabledXssPrevention
|
|
const rehypeSanitizePlugin: Pluggable<any[]> | (() => void) = config.isEnabledXssPrevention
|
|
|
? [sanitize, deepmerge(
|
|
? [sanitize, deepmerge(
|
|
|
commonSanitizeOption,
|
|
commonSanitizeOption,
|
Shun Miyazawa