save form

lib/form/admin/markdownXSS.js

@@ -5,8 +5,7 @@ var form = require('express-form')
 
 module.exports = form(
   field('markdownSetting[markdown:XSS:isPrevented]').trim().toBooleanStrict(),
-  field('markdownSetting[markdown:XSS:option]').trim().toBooleanStrict(),
-  field('markdownSetting[markdown:XSS:tagWhiteList]').trim().toBooleanStrict(),
-  field('markdownSetting[markdown:XSS:attrWhiteList]').trim().toBooleanStrict()
+  field('markdownSetting[markdown:XSS:option]').trim().toInt(),
+  field('markdownSetting[markdown:XSS:tagWhiteList]').trim(),
+  field('markdownSetting[markdown:XSS:attrWhiteList]').trim()
 );
-

lib/routes/admin.js

@@ -134,6 +134,9 @@ module.exports = function(crowi, app) {
   actions.markdown.XSSSetting = function(req, res) {
     var XSSSetting = req.form.markdownSetting;
 
+    XSSSetting['markdown:XSS:tagWhiteList'] = stringToArray(XSSSetting['markdown:XSS:tagWhiteList']);
+    XSSSetting['markdown:XSS:attrWhiteList'] = stringToArray(XSSSetting['markdown:XSS:attrWhiteList']);
+
     req.session.markdownSetting = XSSSetting;
     if (req.form.isValid) {
       Config.updateNamespaceByArray('markdown', XSSSetting, function(err, config) {
@@ -149,6 +152,15 @@ module.exports = function(crowi, app) {
     }
   };
 
+  const stringToArray = (string) => {
+    let array = string.split(',');
+    for (let i = 0; i < array.length; i++) {
+      array[i] = array[i].trim();
+    }
+
+    return array;
+  };
+
   // app.get('/admin/customize' , admin.customize.index);
   actions.customize = {};
   actions.customize.index = function(req, res) {