4 лет назад · 3861c866a5
--- a/src/client/js/util/PreProcessor/XssFilter.js
+++ b/src/client/js/util/PreProcessor/XssFilter.js
@@ -14,17 +14,7 @@ export default class XssFilter {
 
				 
			
 
				   process(markdown) {
			
 
				     if (this.crowi.config.isEnabledXssPrevention) {
			
 
				-      let count = 0;
			
 
				-      let tempValue = markdown;
			
 
				-      let currValue = '';
			
 
				-      while (true) {
			
 
				-        count += 1;
			
 
				-        currValue = this.xss.process(tempValue);
			
 
				-        if(count > 50) return '--filtered--';
			
 
				-        if(currValue == tempValue) break;
			
 
				-        tempValue = currValue;
			
 
				-      }
			
 
				-      return currValue;
			
 
				+      return this.xss.process(markdown);
			
 
				     }
			
 
				 
			
 
				     return markdown;
			
--- a/src/lib/service/xss/index.js
+++ b/src/lib/service/xss/index.js
@@ -1,6 +1,9 @@
 
				 const xss = require('xss');
			
 
				 const commonmarkSpec = require('./commonmark-spec');
			
 
				 
			
 
				+
			
 
				+const REPETITIONS_NUM = 50;
			
 
				+
			
 
				 class Xss {
			
 
				 
			
 
				   constructor(xssOption) {
			
@@ -36,7 +39,23 @@ class Xss {
 
				   }
			
 
				 
			
 
				   process(document) {
			
 
				-    return this.myxss.process(document);
			
 
				+    let count = 0;
			
 
				+    let currDoc = document;
			
 
				+    let prevDoc = document;
			
 
				+
			
 
				+    do {
			
 
				+      count += 1;
			
 
				+      // stop running infinitely
			
 
				+      if (count > REPETITIONS_NUM) {
			
 
				+        return '--filtered--';
			
 
				+      }
			
 
				+
			
 
				+      prevDoc = currDoc;
			
 
				+      currDoc = this.myxss.process(currDoc);
			
 
				+    }
			
 
				+    while (currDoc !== prevDoc);
			
 
				+
			
 
				+    return currDoc;
			
 
				   }
			
 
				 
			
 
				 }
			
--- a/src/server/util/middlewares.js
+++ b/src/server/util/middlewares.js
@@ -142,16 +142,7 @@ module.exports = (crowi) => {
 
				       });
			
 
				 
			
 
				       swig.setFilter('preventXss', (string) => {
			
 
				-        count = 0;
			
 
				-        tempValue = string;
			
 
				-        while (true) {
			
 
				-          count += 1;
			
 
				-          currValue = crowi.xss.process(tempValue);
			
 
				-          if(count > 50) return '--filtered--';
			
 
				-          if(currValue == tempValue) break;
			
 
				-          tempValue = currValue;
			
 
				-        }
			
 
				-        return currValue;
			
 
				+        return crowi.xss.process(string);
			
 
				       });
			
 
				 
			
 
				       swig.setFilter('slice', (list, start, end) => {