call one time

src/server/routes/page.js

@@ -147,6 +147,17 @@ module.exports = function(crowi, app) {
   const interceptorManager = crowi.getInterceptorManager();
   const globalNotificationService = crowi.getGlobalNotificationService();
 
+  const XssOption = require('../../lib/service/xss/xssOption');
+  const Xss = require('../../lib/service/xss/index');
+  const initializedConfig = {
+    isEnabledXssPrevention: crowi.configManager.getConfig('markdown', 'markdown:xss:isEnabledPrevention'),
+    tagWhiteList: crowi.xssService.getTagWhiteList(),
+    attrWhiteList: crowi.xssService.getAttrWhiteList(),
+  };
+  this.xssOption = new XssOption(initializedConfig);
+  this.xss = new Xss(this.xssOption);
+
+
   const actions = {};
 
   function getPathFromRequest(req) {
@@ -232,19 +243,9 @@ module.exports = function(crowi, app) {
   function addRenderVarsForPresentation(renderVars, page) {
     // sanitize page.revision.body
     if (crowi.configManager.getConfig('markdown', 'markdown:xss:isEnabledPrevention')) {
-      const Xss = require('../../lib/service/xss/index');
-      const XssOption = require('../../lib/service/xss/xssOption');
-      const initializedConfig = {
-        isEnabledXssPrevention: crowi.configManager.getConfig('markdown', 'markdown:xss:isEnabledPrevention'),
-        tagWhiteList: crowi.xssService.getTagWhiteList(),
-        attrWhiteList: crowi.xssService.getAttrWhiteList(),
-      };
-      const xssOption = new XssOption(initializedConfig);
-      const xss = new Xss(xssOption);
-      const preventXssRevision = xss.process(page.revision.body);
+      const preventXssRevision = this.xss.process(page.revision.body);
       page.revision.body = preventXssRevision;
     }
-
     renderVars.page = page;
     renderVars.revision = page.revision;
   }