5 лет назад · 81dfcef05f
--- a/src/lib/service/xss/xssOption.js
+++ b/src/lib/service/xss/xssOption.js
@@ -1,12 +1,12 @@
 
				 class XssOption {
			
 
				 
			
 
				-  constructor(config, crowi) {
			
 
				+  constructor(config) {
			
 
				     const recommendedWhitelist = require('./recommended-whitelist');
			
 
				     const initializedConfig = (config != null) ? config : {};
			
 
				 
			
 
				     this.isEnabledXssPrevention = initializedConfig.isEnabledXssPrevention || true;
			
 
				-    this.tagWhiteList = initializedConfig.tagWhiteList || crowi.xssService.getTagWhiteList() || recommendedWhitelist.tags;
			
 
				-    this.attrWhiteList = initializedConfig.attrWhiteList || crowi.xssService.getAttrWhiteList() || recommendedWhitelist.attrs;
			
 
				+    this.tagWhiteList = initializedConfig.tagWhiteList || recommendedWhitelist.tags;
			
 
				+    this.attrWhiteList = initializedConfig.attrWhiteList || recommendedWhitelist.attrs;
			
 
				 
			
 
				   }
			
 
				 
			
--- a/src/server/routes/page.js
+++ b/src/server/routes/page.js
@@ -231,18 +231,21 @@ module.exports = function(crowi, app) {
 
				 
			
 
				   function addRenderVarsForPresentation(renderVars, page) {
			
 
				     // sanitize page.revision.body
			
 
				-    const Xss = require('../../lib/service/xss/index');
			
 
				-    const XssOption = require('../../lib/service/xss/xssOption');
			
 
				-
			
 
				-    const initializedConfig =  {
			
 
				-        tagWhiteList:    crowi.xssService.getTagWhiteList()
			
 
				-        attrWhiteList:  crowi.xssService.getAttrWhiteList() 
			
 
				-    }
			
 
				-    
			
 
				-    // crowi.config is empty.
			
 
				-    const xssOption = new XssOption(initializedConfig);
			
 
				 
			
 
				     if (crowi.configManager.getConfig('markdown', 'markdown:xss:isEnabledPrevention')) {
			
 
				+
			
 
				+      const Xss = require('../../lib/service/xss/index');
			
 
				+      const XssOption = require('../../lib/service/xss/xssOption');
			
 
				+
			
 
				+      const initializedConfig = {
			
 
				+        isEnabledXssPrevention: crowi.configManager.getConfig('markdown', 'markdown:xss:isEnabledPrevention'),
			
 
				+        tagWhiteList: crowi.xssService.getTagWhiteList(),
			
 
				+        attrWhiteList: crowi.xssService.getAttrWhiteList(),
			
 
				+      };
			
 
				+
			
 
				+      const xssOption = new XssOption(initializedConfig);
			
 
				+      console.log(xssOption);
			
 
				+
			
 
				       const xss = new Xss(xssOption);
			
 
				       const preventXssRevision = xss.process(page.revision.body);
			
 
				       page.revision.body = preventXssRevision;