5 лет назад · 6a0abf2f71
--- a/src/lib/service/xss/xssOption.js
+++ b/src/lib/service/xss/xssOption.js
@@ -1,23 +1,10 @@
 
				 class XssOption {
			
 
				 
			
 
				-  // constructor(config) {
			
 
				-  //   const recommendedWhitelist = require('./recommended-whitelist');
			
 
				-  //   const initializedConfig = (config != null) ? config : {};
			
 
				-
			
 
				-  //   this.isEnabledXssPrevention = initializedConfig.isEnabledXssPrevention || true;
			
 
				-  //   this.tagWhiteList = initializedConfig.tagWhiteList || recommendedWhitelist.tags;
			
 
				-  //   this.attrWhiteList = initializedConfig.attrWhiteList || recommendedWhitelist.attrs;
			
 
				-  // }
			
 
				-
			
 
				   constructor(config, crowi) {
			
 
				     const recommendedWhitelist = require('./recommended-whitelist');
			
 
				     const initializedConfig = (config != null) ? config : {};
			
 
				 
			
 
				     this.isEnabledXssPrevention = initializedConfig.isEnabledXssPrevention || true;
			
 
				-    // if (!crowi.configManager.getConfig('markdown', 'markdown:xss:isEnabledPrevention')) {
			
 
				-    //   this.isEnabledXssPrevention = false;
			
 
				-    // }
			
 
				-
			
 
				     this.tagWhiteList = initializedConfig.tagWhiteList || crowi.xssService.getTagWhiteList() || recommendedWhitelist.tags;
			
 
				     this.attrWhiteList = initializedConfig.attrWhiteList || crowi.xssService.getAttrWhiteList() || recommendedWhitelist.attrs;
			
 
				 
			
--- a/src/server/routes/page.js
+++ b/src/server/routes/page.js
@@ -231,20 +231,23 @@ module.exports = function(crowi, app) {
 
				 
			
 
				   function addRenderVarsForPresentation(renderVars, page) {
			
 
				     // sanitize page.revision.body
			
 
				+    const Xss = require('../../lib/service/xss/index');
			
 
				+    const XssOption = require('../../lib/service/xss/xssOption');
			
 
				 
			
 
				-    // const Xss = require('../../lib/service/xss/index');
			
 
				-    // const XssOption = require('../../lib/service/xss/xssOption');
			
 
				+    // crowi.config is empty.
			
 
				+    const xssOption = new XssOption(crowi.config, crowi);
			
 
				 
			
 
				-    // const xssOption = new XssOption(crowi.config, crowi); // {}
			
 
				-
			
 
				-    // console.log(xssOption);
			
 
				-    // const xss = new Xss(xssOption);
			
 
				-    // console.log(xss);
			
 
				-    // const preventXssRevision = xss.process(page.revision.body);
			
 
				-    // page.revision.body = preventXssRevision;
			
 
				-
			
 
				-    renderVars.page = page;
			
 
				-    renderVars.revision = page.revision;
			
 
				+    if (crowi.configManager.getConfig('markdown', 'markdown:xss:isEnabledPrevention')) {
			
 
				+      const xss = new Xss(xssOption);
			
 
				+      const preventXssRevision = xss.process(page.revision.body);
			
 
				+      page.revision.body = preventXssRevision;
			
 
				+      renderVars.page = page;
			
 
				+      renderVars.revision = page.revision;
			
 
				+    }
			
 
				+    else {
			
 
				+      renderVars.page = page;
			
 
				+      renderVars.revision = page.revision;
			
 
				+    }
			
 
				   }
			
 
				 
			
 
				   async function addRenderVarsForUserPage(renderVars, page, requestUser) {