Ana Sayfa Keşfet Yardım
Giriş Yap
wiki
/
weseek__growi
şunun yansıması https://github.com/weseek/growi
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Kaynağa Gözat

temporary form

sou 7 yıl önce
ebeveyn
5dd968770f
işleme
1b0a4be13f
2 değiştirilmiş dosya ile 34 ekleme ve 13 silme
Birleşik Görünüm Farklılık Durumunu Göster
  1. 4 1
      lib/form/admin/markdownXSS.js
  2. 30 12
      lib/views/admin/markdown.html

+ 4 - 1
lib/form/admin/markdownXSS.js
Dosyayı Görüntüle 

@@ -4,6 +4,9 @@ var form = require('express-form')
 
   , field = form.field;
 
   , field = form.field;
 
 
 
 module.exports = form(
 
 module.exports = form(
 
-  field('markdownSetting[markdown:isEnabledPreventXSS]').trim().toBooleanStrict()
 
+  field('markdownSetting[markdown:XSS:isPrevented]').trim().toBooleanStrict(),
 
+  field('markdownSetting[markdown:XSS:option]').trim().toBooleanStrict(),
 
+  field('markdownSetting[markdown:XSS:tagWhiteList]').trim().toBooleanStrict(),
 
+  field('markdownSetting[markdown:XSS:attrWhiteList]').trim().toBooleanStrict()
 
 );
 
 );

+ 30 - 12
lib/views/admin/markdown.html
Dosyayı Görüntüle 

@@ -101,26 +101,44 @@
 
           <div class="col-xs-5">
 
           <div class="col-xs-5">
 
             <div class="btn-group btn-toggle" data-toggle="buttons">
 
             <div class="btn-group btn-toggle" data-toggle="buttons">
 
               <label class="btn btn-default btn-rounded btn-outline {% if markdownSetting['markdown:isEnabledPreventXSS'] %}active{% endif %}" data-active-class="primary">
 
               <label class="btn btn-default btn-rounded btn-outline {% if markdownSetting['markdown:isEnabledPreventXSS'] %}active{% endif %}" data-active-class="primary">
 
-                <input name="markdownSetting[markdown:isEnabledPreventXSS]" value="true" type="radio"
 
-                    {% if true === markdownSetting['markdown:isEnabledPreventXSS'] %}checked{% endif %}> ON
 
+                <input name="markdownSetting[markdown:XSS:isPrevented]" value="true" type="radio"
 
+                    {% if true === markdownSetting['markdown:XSS:isPrevented'] %}checked{% endif %}> ON
 
               </label>
 
               </label>
 
               <label class="btn btn-default btn-rounded btn-outline {% if !markdownSetting['markdown:isEnabledPreventXSS'] %}active{% endif %}" data-active-class="default">
 
               <label class="btn btn-default btn-rounded btn-outline {% if !markdownSetting['markdown:isEnabledPreventXSS'] %}active{% endif %}" data-active-class="default">
 
-                <input name="markdownSetting[markdown:isEnabledPreventXSS]" value="false" type="radio"
 
-                    {% if !markdownSetting['markdown:isEnabledPreventXSS'] %}checked{% endif %}> OFF
 
+                <input name="markdownSetting[markdown:XSS:isPrevented]" value="false" type="radio"
 
+                    {% if !markdownSetting['markdown:XSS:isPrevented'] %}checked{% endif %}> OFF
 
               </label>
 
               </label>
 
             </div>
 
             </div>
 
-            <!-- <div class="input">
 
-              <input type="radio" name="preventXSS" value="stripignoretag" checked>
 
-                {{ t('markdown_setting.Strip ignore tag') }}<br>
 
-              <input type="radio" name="preventXSS" value="WLtagnames">
 
-                {{ t('markdown_setting.White list tag names') }}<br>
 
-              <input type="radio" name="preventXSS" value="WLtagattribute">
 
-                {{ t('markdown_setting.White list tag attributes') }}
 
-            </div> -->
 
             <p class="help-block">{{ t("markdown_setting.Prevent XSS(Cross Site Scripting)desc") }}<br>{{ t("markdown_setting.Prevent XSS(Cross Site Scripting)desc2") }}</p>
 
             <p class="help-block">{{ t("markdown_setting.Prevent XSS(Cross Site Scripting)desc") }}<br>{{ t("markdown_setting.Prevent XSS(Cross Site Scripting)desc2") }}</p>
 
           </div>
 
           </div>
 
         </div>
 
         </div>
 
 
 
+        <div class="form-group">
 
+          <div id="selectXSS" class="input">
 
+            <input type="radio" name="markdownSetting[markdown:XSS:option]" value="1" checked>
 
+              {{ t('markdown_setting.Allow all') }}<br>
 
+            <input type="radio" name="markdownSetting[markdown:XSS:option]" value="2">
 
+              {{ t('markdown_setting.Ignore all') }}<br>
 
+            <input type="radio" name="markdownSetting[markdown:XSS:option]" value="3">
 
+              {{ t('markdown_setting.Recommended setting') }}<br>
 
+            <input type="radio" name="markdownSetting[markdown:XSS:option]" value="4">
 
+              {{ t('markdown_setting.Whitelist setting') }}<br>
 
+        </div>
 
+
 
+        <div class="form-group">
 
+          <div id="WLsetting" class="input">
 
+            <p class="help-block">{{ t('markdown_setting.Add white list desc') }}</p>
 
+           <div class="inputbox">
 
+             {{ t('markdown_setting.tag') }}
 
+             <input type="text" name="markdownSetting[markdown:XSS:tagWhiteList]" size="70" value="" placeholder="span, iframe, input">
 
+           </div>
 
+           <div class="inputbox">
 
+             {{ t('markdown_setting.tag attribute') }}
 
+             <input type="text" name="markdownSetting[markdown:XSS:attrWhiteList]" size="70" value="" placeholder="class, type, placeholder, name, required">
 
+           </div>
 
+         </div>
 
+        </div>
 
+
 
         <div class="form-group">
 
         <div class="form-group">
 
           <div class="col-xs-offset-4 col-xs-5">
 
           <div class="col-xs-offset-4 col-xs-5">
 
             <input type="hidden" name="_csrf" value="{{ csrf() }}">
 
             <input type="hidden" name="_csrf" value="{{ csrf() }}">