use generalXssFilter

apps/app/src/components/Admin/UserGroupDetail/UserGroupDetailPage.tsx

@@ -1,5 +1,5 @@
 import React, {
-  useState, useCallback, useEffect, useMemo,
+  useState, useCallback, useEffect,
 } from 'react';
 
 import {
@@ -18,7 +18,7 @@ import { toastSuccess, toastError } from '~/client/util/toastr';
 import type { IExternalUserGroupHasId } from '~/features/external-user-group/interfaces/external-user-group';
 import type { PageActionOnGroupDelete, SearchType } from '~/interfaces/user-group';
 import { SearchTypes } from '~/interfaces/user-group';
-import { Xss } from '~/services/xss';
+import { generalXssFilter } from '~/services/general-xss-filter';
 import { useIsAclEnabled } from '~/stores/context';
 import { useUpdateUserGroupConfirmModal } from '~/stores/modal';
 import { useSWRxUserGroupPages, useSWRxSelectableParentUserGroups, useSWRxSelectableChildUserGroups } from '~/stores/user-group';
@@ -54,7 +54,6 @@ type Props = {
 const UserGroupDetailPage = (props: Props): JSX.Element => {
   const { t } = useTranslation('admin');
   const router = useRouter();
-  const xss = useMemo(() => new Xss(), []);
   const { userGroupId: currentUserGroupId, isExternalGroup } = props;
 
   const { data: currentUserGroup } = useUserGroup(currentUserGroupId, isExternalGroup);
@@ -221,13 +220,13 @@ const UserGroupDetailPage = (props: Props): JSX.Element => {
   const removeUserByUsername = useCallback(async(username: string) => {
     try {
       await apiv3Delete(`/user-groups/${currentUserGroupId}/users/${username}`);
-      toastSuccess(`Removed "${xss.process(username)}" from "${xss.process(currentUserGroup?.name)}"`);
+      toastSuccess(`Removed "${generalXssFilter.process(username)}" from "${generalXssFilter.process(currentUserGroup?.name)}"`);
       mutateUserGroupRelationList();
     }
     catch (err) {
-      toastError(new Error(`Unable to remove "${xss.process(username)}" from "${xss.process(currentUserGroup?.name)}"`));
+      toastError(new Error(`Unable to remove "${generalXssFilter.process(username)}" from "${generalXssFilter.process(currentUserGroup?.name)}"`));
     }
-  }, [currentUserGroup?.name, currentUserGroupId, mutateUserGroupRelationList, xss]);
+  }, [currentUserGroup?.name, currentUserGroupId, mutateUserGroupRelationList]);
 
   const showUpdateModal = useCallback((group: IUserGroupHasId) => {
     setUpdateModalShown(true);

apps/app/src/components/Admin/UserGroupDetail/UserGroupUserFormByInput.tsx

@@ -1,5 +1,5 @@
 import type { FC, KeyboardEvent } from 'react';
-import React, { useState, useRef } from 'react';
+import React, { useState } from 'react';
 
 import type { IUserGroupHasId, IUserHasId } from '@growi/core';
 import { UserPicture } from '@growi/ui/dist/components';
@@ -8,7 +8,7 @@ import { AsyncTypeahead } from 'react-bootstrap-typeahead';
 
 import { toastSuccess, toastError } from '~/client/util/toastr';
 import type { SearchType } from '~/interfaces/user-group';
-import { Xss } from '~/services/xss';
+import { generalXssFilter } from '~/services/general-xss-filter';
 
 type Props = {
   userGroup: IUserGroupHasId,
@@ -30,19 +30,17 @@ export const UserGroupUserFormByInput: FC<Props> = (props) => {
   const [isLoading, setIsLoading] = useState(false);
   const [isSearchError, setIsSearchError] = useState(false);
 
-  const xss = new Xss();
-
   const addUserBySubmit = async() => {
     if (inputUser.length === 0) { return }
     const userName = inputUser[0].username;
 
     try {
       await onClickAddUserBtn(userName);
-      toastSuccess(`Added "${xss.process(userName)}" to "${xss.process(userGroup.name)}"`);
+      toastSuccess(`Added "${generalXssFilter.process(userName)}" to "${generalXssFilter.process(userGroup.name)}"`);
       setInputUser([]);
     }
     catch (err) {
-      toastError(new Error(`Unable to add "${xss.process(userName)}" to "${xss.process(userGroup.name)}"`));
+      toastError(new Error(`Unable to add "${generalXssFilter.process(userName)}" to "${generalXssFilter.process(userGroup.name)}"`));
     }
   };
 

apps/app/src/server/crowi/index.js

@@ -14,7 +14,6 @@ import { KeycloakUserGroupSyncService } from '~/features/external-user-group/ser
 import { LdapUserGroupSyncService } from '~/features/external-user-group/server/service/ldap-user-group-sync';
 import QuestionnaireService from '~/features/questionnaire/server/service/questionnaire';
 import QuestionnaireCronService from '~/features/questionnaire/server/service/questionnaire-cron';
-import Xss from '~/services/xss';
 import loggerFactory from '~/utils/logger';
 import { projectRoot } from '~/utils/project-dir-utils';
 

apps/app/src/server/service/customize.ts

@@ -7,6 +7,7 @@ import { DefaultThemeMetadata, PresetThemesMetadatas, manifestPath } from '@grow
 import uglifycss from 'uglifycss';
 
 import { growiPluginService } from '~/features/growi-plugin/server/services';
+import { generalXssFilter } from '~/services/general-xss-filter';
 import loggerFactory from '~/utils/logger';
 
 import S2sMessage from '../models/vo/s2s-message';
@@ -14,7 +15,6 @@ import S2sMessage from '../models/vo/s2s-message';
 
 import type { ConfigManager } from './config-manager';
 import type { S2sMessageHandlable } from './s2s-messaging/handlable';
-import { xss } from './xss';
 
 
 const logger = loggerFactory('growi:service:CustomizeService');
@@ -135,7 +135,7 @@ class CustomizeService implements S2sMessageHandlable {
       .replace('{{page}}', dPagePath.latter) // for backward compatibility
       .replace('{{pagename}}', dPagePath.latter);
 
-    return xss.process(customTitle);
+    return generalXssFilter.process(customTitle);
   }
 
   generateCustomTitleForFixedPageName(title) {
@@ -146,7 +146,7 @@ class CustomizeService implements S2sMessageHandlable {
       .replace('{{pagepath}}', title)
       .replace('{{pagename}}', title);
 
-    return xss.process(customTitle);
+    return generalXssFilter.process(customTitle);
   }
 
   async initGrowiTheme(): Promise<void> {

apps/app/src/server/service/xss.ts

@@ -1,32 +0,0 @@
-import { RehypeSanitizeOption } from '~/interfaces/rehype';
-import { Xss } from '~/services/xss';
-import type { XssOptionConfig } from '~/services/xss/xssOption';
-import XssOption from '~/services/xss/xssOption';
-import loggerFactory from '~/utils/logger'; // eslint-disable-line no-unused-vars
-
-import { configManager } from './config-manager';
-
-const logger = loggerFactory('growi:service:XssSerivce');
-
-
-export const xss = (() => {
-  const options: XssOptionConfig = {
-    isEnabledXssPrevention: configManager.getConfig('markdown', 'markdown:rehypeSanitize:isEnabledPrevention'),
-    xssOption: configManager.getConfig('markdown', 'markdown:rehypeSanitize:option') as RehypeSanitizeOption,
-    tagWhitelist: configManager.getConfig('markdown', 'markdown:rehypeSanitize:tagNames'),
-    attrWhitelist: configManager.getConfig('markdown', 'markdown:rehypeSanitize:attributes'),
-  };
-  const xssOption = new XssOption(options);
-  return new Xss(xssOption);
-})();
-
-export const xssForRevisionId = (() => {
-  const options: XssOptionConfig = {
-    isEnabledXssPrevention: true,
-    xssOption: RehypeSanitizeOption.CUSTOM,
-    tagWhitelist: [],
-    attrWhitelist: {},
-  };
-  const xssOption = new XssOption(options);
-  return new Xss(xssOption);
-})();

apps/app/src/stores/xss.ts

@@ -1,7 +1,7 @@
 
-import { SWRResponse } from 'swr';
+import type { SWRResponse } from 'swr';
 
-import Xss from '~/services/xss';
+import type Xss from '~/services/general-xss-filter';
 
 import { useStaticSWR } from './use-static-swr';