1 год назад · cd1a2b5144
--- a/apps/app/src/components/Admin/MarkdownSetting/WhitelistInput.jsx
+++ b/apps/app/src/components/Admin/MarkdownSetting/WhitelistInput.jsx
@@ -2,9 +2,9 @@ import React from 'react';
 
				 
			
 
				 import { useTranslation } from 'next-i18next';
			
 
				 import PropTypes from 'prop-types';
			
 
				-import { defaultSchema as sanitizeDefaultSchema } from 'rehype-sanitize';
			
 
				 
			
 
				 import AdminMarkDownContainer from '~/client/services/AdminMarkDownContainer';
			
 
				+import { tagNames as recommendedTagNames, attributes as recommendedAttributes } from '~/services/renderer/recommended-whitelist';
			
 
				 
			
 
				 import { withUnstatedContainers } from '../../UnstatedUtils';
			
 
				 
			
@@ -16,8 +16,8 @@ class WhitelistInput extends React.Component {
 
				     this.tagWhitelist = React.createRef();
			
 
				     this.attrWhitelist = React.createRef();
			
 
				 
			
 
				-    this.tags = [...sanitizeDefaultSchema.tagNames, 'video'];
			
 
				-    this.attrs = JSON.stringify(sanitizeDefaultSchema.attributes);
			
 
				+    this.tags = recommendedTagNames;
			
 
				+    this.attrs = recommendedAttributes;
			
 
				 
			
 
				     this.onClickRecommendTagButton = this.onClickRecommendTagButton.bind(this);
			
 
				     this.onClickRecommendAttrButton = this.onClickRecommendAttrButton.bind(this);
			
--- a/apps/app/src/pages/[[...path]].page.tsx
+++ b/apps/app/src/pages/[[...path]].page.tsx
@@ -566,9 +566,9 @@ function injectServerConfigurations(context: GetServerSidePropsContext, props: P
 
				 
			
 
				     // XSS Options
			
 
				     isEnabledXssPrevention: configManager.getConfig('markdown', 'markdown:rehypeSanitize:isEnabledPrevention'),
			
 
				-    xssOption: configManager.getConfig('markdown', 'markdown:rehypeSanitize:option'),
			
 
				-    attrWhitelist: JSON.parse(crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:attributes')),
			
 
				-    tagWhitelist: crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:tagNames'),
			
 
				+    sanitizeType: configManager.getConfig('markdown', 'markdown:rehypeSanitize:option'),
			
 
				+    customAttrWhitelist: JSON.parse(crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:attributes')),
			
 
				+    customTagWhitelist: crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:tagNames'),
			
 
				     highlightJsStyleBorder: crowi.configManager.getConfig('crowi', 'customize:highlightJsStyleBorder'),
			
 
				   };
			
 
				 
			
--- a/apps/app/src/pages/_private-legacy-pages.page.tsx
+++ b/apps/app/src/pages/_private-legacy-pages.page.tsx
@@ -114,9 +114,9 @@ async function injectServerConfigurations(context: GetServerSidePropsContext, pr
 
				 
			
 
				     // XSS Options
			
 
				     isEnabledXssPrevention: configManager.getConfig('markdown', 'markdown:rehypeSanitize:isEnabledPrevention'),
			
 
				-    xssOption: configManager.getConfig('markdown', 'markdown:rehypeSanitize:option'),
			
 
				-    attrWhitelist: JSON.parse(crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:attributes')),
			
 
				-    tagWhitelist: crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:tagNames'),
			
 
				+    sanitizeType: configManager.getConfig('markdown', 'markdown:rehypeSanitize:option'),
			
 
				+    customAttrWhitelist: JSON.parse(crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:attributes')),
			
 
				+    customTagWhitelist: crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:tagNames'),
			
 
				     highlightJsStyleBorder: crowi.configManager.getConfig('crowi', 'customize:highlightJsStyleBorder'),
			
 
				   };
			
 
				 }
			
--- a/apps/app/src/pages/_search.page.tsx
+++ b/apps/app/src/pages/_search.page.tsx
@@ -141,9 +141,9 @@ function injectServerConfigurations(context: GetServerSidePropsContext, props: P
 
				 
			
 
				     // XSS Options
			
 
				     isEnabledXssPrevention: configManager.getConfig('markdown', 'markdown:rehypeSanitize:isEnabledPrevention'),
			
 
				-    xssOption: configManager.getConfig('markdown', 'markdown:rehypeSanitize:option'),
			
 
				-    attrWhitelist: JSON.parse(crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:attributes')),
			
 
				-    tagWhitelist: crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:tagNames'),
			
 
				+    sanitizeType: configManager.getConfig('markdown', 'markdown:rehypeSanitize:option'),
			
 
				+    customAttrWhitelist: JSON.parse(crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:attributes')),
			
 
				+    customTagWhitelist: crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:tagNames'),
			
 
				     highlightJsStyleBorder: crowi.configManager.getConfig('crowi', 'customize:highlightJsStyleBorder'),
			
 
				   };
			
 
				 
			
--- a/apps/app/src/pages/me/[[...path]].page.tsx
+++ b/apps/app/src/pages/me/[[...path]].page.tsx
@@ -196,9 +196,9 @@ async function injectServerConfigurations(context: GetServerSidePropsContext, pr
 
				 
			
 
				     // XSS Options
			
 
				     isEnabledXssPrevention: configManager.getConfig('markdown', 'markdown:rehypeSanitize:isEnabledPrevention'),
			
 
				-    xssOption: configManager.getConfig('markdown', 'markdown:rehypeSanitize:option'),
			
 
				-    attrWhitelist: JSON.parse(crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:attributes')),
			
 
				-    tagWhitelist: crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:tagNames'),
			
 
				+    sanitizeType: configManager.getConfig('markdown', 'markdown:rehypeSanitize:option'),
			
 
				+    customAttrWhitelist: JSON.parse(crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:attributes')),
			
 
				+    customTagWhitelist: crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:tagNames'),
			
 
				     highlightJsStyleBorder: crowi.configManager.getConfig('crowi', 'customize:highlightJsStyleBorder'),
			
 
				   };
			
 
				 }
			
--- a/apps/app/src/pages/share/[[...path]].page.tsx
+++ b/apps/app/src/pages/share/[[...path]].page.tsx
@@ -173,10 +173,10 @@ function injectServerConfigurations(context: GetServerSidePropsContext, props: P
 
				 
			
 
				     // XSS Options
			
 
				     isEnabledXssPrevention: configManager.getConfig('markdown', 'markdown:rehypeSanitize:isEnabledPrevention'),
			
 
				-    xssOption: configManager.getConfig('markdown', 'markdown:rehypeSanitize:option'),
			
 
				-    attrWhitelist: JSON.parse(crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:attributes')),
			
 
				-    tagWhitelist: crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:tagNames'),
			
 
				-    highlightJsStyleBorder: configManager.getConfig('crowi', 'customize:highlightJsStyleBorder'),
			
 
				+    sanitizeType: configManager.getConfig('markdown', 'markdown:rehypeSanitize:option'),
			
 
				+    customAttrWhitelist: JSON.parse(crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:attributes')),
			
 
				+    customTagWhitelist: crowi.configManager.getConfig('markdown', 'markdown:rehypeSanitize:tagNames'),
			
 
				+    highlightJsStyleBorder: crowi.configManager.getConfig('crowi', 'customize:highlightJsStyleBorder'),
			
 
				   };
			
 
				 
			
 
				   props.ssrMaxRevisionBodyLength = configManager.getConfig('crowi', 'app:ssrMaxRevisionBodyLength');