5 лет назад · 81dfcef05f
--- a/src/lib/service/xss/xssOption.js
+++ b/src/lib/service/xss/xssOption.js
@@ -1,12 +1,12 @@
 
															 class XssOption {
														
 
															-  constructor(config, crowi) {
														
 
															+  constructor(config) {
														
 
															     const recommendedWhitelist = require('./recommended-whitelist');
														
 
															     const initializedConfig = (config != null) ? config : {};
														
 
															     this.isEnabledXssPrevention = initializedConfig.isEnabledXssPrevention || true;
														
 
															-    this.tagWhiteList = initializedConfig.tagWhiteList || crowi.xssService.getTagWhiteList() || recommendedWhitelist.tags;
														
 
															-    this.attrWhiteList = initializedConfig.attrWhiteList || crowi.xssService.getAttrWhiteList() || recommendedWhitelist.attrs;
														
 
															+    this.tagWhiteList = initializedConfig.tagWhiteList || recommendedWhitelist.tags;
														
 
															+    this.attrWhiteList = initializedConfig.attrWhiteList || recommendedWhitelist.attrs;
														
 
															   }
														
--- a/src/server/routes/page.js
+++ b/src/server/routes/page.js
@@ -231,18 +231,21 @@ module.exports = function(crowi, app) {
 
															   function addRenderVarsForPresentation(renderVars, page) {
														
 
															     // sanitize page.revision.body
														
 
															-    const Xss = require('../../lib/service/xss/index');
														
 
															-    const XssOption = require('../../lib/service/xss/xssOption');
														
 
															-
														
 
															-    const initializedConfig =  {
														
 
															-        tagWhiteList:    crowi.xssService.getTagWhiteList()
														
 
															-        attrWhiteList:  crowi.xssService.getAttrWhiteList() 
														
 
															-    }
														
 
															-    
														
 
															-    // crowi.config is empty.
														
 
															-    const xssOption = new XssOption(initializedConfig);
														
 
															     if (crowi.configManager.getConfig('markdown', 'markdown:xss:isEnabledPrevention')) {
														
 
															+
														
 
															+      const Xss = require('../../lib/service/xss/index');
														
 
															+      const XssOption = require('../../lib/service/xss/xssOption');
														
 
															+
														
 
															+      const initializedConfig = {
														
 
															+        isEnabledXssPrevention: crowi.configManager.getConfig('markdown', 'markdown:xss:isEnabledPrevention'),
														
 
															+        tagWhiteList: crowi.xssService.getTagWhiteList(),
														
 
															+        attrWhiteList: crowi.xssService.getAttrWhiteList(),
														
 
															+      };
														
 
															+
														
 
															+      const xssOption = new XssOption(initializedConfig);
														
 
															+      console.log(xssOption);
														
 
															+
														
 
															       const xss = new Xss(xssOption);
														
 
															       const preventXssRevision = xss.process(page.revision.body);
														
 
															       page.revision.body = preventXssRevision;