make a XSSprevent link from security page to markdown page

lib/locales/ja/translation.json

@@ -341,6 +341,8 @@
     "change_redirect_url": "承認済みのリダイレクトURLに、 <code>https://${crowi.host}/google/callback</code> を入力<br>(<code>${crowi.host}</code>は環境に合わせて変更してください)",
     "clientID": "クライアントID",
     "client_secret": "クライアントシークレット",
+    "XSS_prevent_setting":"XSS防御設定",
+    "XSS_prevent_setting_link":"XSS防御設定する",
     "guest_mode": {
       "deny": "アカウントを持たないユーザーはアクセス不可",
       "readonly": "閲覧のみ許可"

lib/views/admin/markdown.html

@@ -80,7 +80,7 @@
           </div>
         </div>
 
-        <div class="form-group">
+        <div id="preventXSS" class="form-group">
             <label for="markdownSetting[markdown:isPreventXss]" class="col-xs-4 control-label">
               {{ t('markdown_setting.Prevent XSS(Cross Site Scripting)') }}
             </label>
@@ -96,7 +96,7 @@
                     </label>
                   </div>
 
-                <div class="collapse input" id="collapseExample">
+                <div class="input collapse " id="collapseExample">
                   <form>
                     <input type="radio" name="preventXSS" value="1" checked>
                       {{ t('markdown_setting.Ignore all') }}<br>
@@ -107,11 +107,11 @@
                       <div id="WLsetting" class="input collapse">
                          <p class="help-block">{{ t('markdown_setting.Add white list desc') }}</p>
                         <div class="inputbox">
-                          {{ t('markdown_setting.tag') }}
+                          <div>{{ t('markdown_setting.tag') }}</div>
                           <input type="text" name="tag" size="70" value="" placeholder="span, iframe, input">
                         </div>
                         <div class="inputbox">
-                          {{ t('markdown_setting.tag attribute') }}
+                          <div>{{ t('markdown_setting.tag attribute') }}</div>
                           <input type="text" name="tagattribute" size="70" value="" placeholder="class, type, placeholder, name, required">
                         </div>
                       </div>

lib/views/admin/security.html

@@ -275,6 +275,15 @@
 
       </div><!-- /.auth-mechanism-configurations -->
 
+      <div class="XSSprevent">
+        <legend>{{ t('security_setting.XSS_prevent_setting') }}</legend>
+          <div class="XSSposition">
+            <a class="btn btn-default XSSlink" href="/admin/markdown/#preventXSS">
+              {{ t('security_setting.XSS_prevent_setting_link') }}
+            </a>
+          </div>
+      </div>
+
     </div>
   </div>
 

resource/styles/scss/_admin.scss

@@ -37,7 +37,7 @@
     }
 
     .auth-mechanism-configurations {
-      min-height: 800px;
+      min-height: 300px;
     }
   }
 
@@ -90,7 +90,7 @@
   }
 }
 
-
+//markdown prevent XSS setting
 .input{
   margin: 1em;
 }
@@ -98,3 +98,20 @@
 .inputbox{
   width: 100%;
 }
+
+//security XSS prevent
+.XSSprevent{
+  min-height: 200px;
+}
+.XSSlink{
+  width: 50%;
+  text-align: center;
+  font-size: 1.3em;
+}
+.XSSprevent .a{
+  width: 100%;
+}
+.XSSposition{
+  text-align: center;
+  margin: auto;
+}