|
@@ -13,17 +13,16 @@ export default class XssOption {
|
|
|
|
|
|
|
|
isEnabledXssPrevention: boolean;
|
|
isEnabledXssPrevention: boolean;
|
|
|
|
|
|
|
|
- tagWhiteList: RehypeSanitizeAttributes;
|
|
|
|
|
|
|
+ tagWhiteList: RehypeSanitizeTags;
|
|
|
|
|
|
|
|
- attrWhiteList: RehypeSanitizeTags;
|
|
|
|
|
|
|
+ attrWhiteList: RehypeSanitizeAttributes;
|
|
|
|
|
|
|
|
constructor(config: XssOptionConfig) {
|
|
constructor(config: XssOptionConfig) {
|
|
|
- const recommendedWhitelist = require('~/services/xss/recommended-whitelist');
|
|
|
|
|
const initializedConfig: Partial<XssOptionConfig> = (config != null) ? config : {};
|
|
const initializedConfig: Partial<XssOptionConfig> = (config != null) ? config : {};
|
|
|
|
|
|
|
|
this.isEnabledXssPrevention = initializedConfig.isEnabledXssPrevention || true;
|
|
this.isEnabledXssPrevention = initializedConfig.isEnabledXssPrevention || true;
|
|
|
- this.tagWhiteList = initializedConfig.tagWhiteList || recommendedWhitelist.tags;
|
|
|
|
|
- this.attrWhiteList = initializedConfig.attrWhiteList || recommendedWhitelist.attrs;
|
|
|
|
|
|
|
+ this.tagWhiteList = initializedConfig.tagWhiteList || defaultSchema.tagNames;
|
|
|
|
|
+ this.attrWhiteList = initializedConfig.attrWhiteList || defaultSchema.attributes;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
}
|
|
}
|
Shun Miyazawa