markdown:xss:isPrevented >> markdown:xss:isEnabledPrevention

isPrevented >> EnabledXssPrevention

lib/form/admin/markdownXss.js

@@ -4,7 +4,7 @@ var form = require('express-form')
   , field = form.field;
 
 module.exports = form(
-  field('markdownSetting[markdown:xss:isPrevented]').trim().toBooleanStrict(),
+  field('markdownSetting[markdown:xss:isEnabledPrevention]').trim().toBooleanStrict(),
   field('markdownSetting[markdown:xss:option]').trim().toInt(),
   field('markdownSetting[markdown:xss:tagWhiteList]').trim(),
   field('markdownSetting[markdown:xss:attrWhiteList]').trim()

lib/models/config.js

@@ -102,7 +102,7 @@ module.exports = function(crowi) {
 
   function getDefaultMarkdownConfigs() {
     return {
-      'markdown:xss:isPrevented': true,
+      'markdown:xss:isEnabledPrevention': true,
       'markdown:xss:option': 2,
       'markdown:xss:tagWhiteList': [],
       'markdown:xss:attrWhiteList': [],
@@ -339,8 +339,8 @@ module.exports = function(crowi) {
     return config.markdown[key];
   };
 
-  configSchema.statics.isXssPrevented = function(config) {
-    const key = 'markdown:xss:isPrevented';
+  configSchema.statics.isEnabledXssPrevention = function(config) {
+    const key = 'markdown:xss:isEnabledPrevention';
 
     // return default value if undefined
     if (undefined === config.markdown || undefined === config.markdown[key]) {
@@ -369,7 +369,7 @@ module.exports = function(crowi) {
       return getDefaultMarkdownConfigs[key];
     }
 
-    if (this.isXssPrevented(config)) {
+    if (this.isEnabledXssPrevention(config)) {
       switch (this.xssOption(config)) {
         case 1: // ignore all: use default option
           return [];
@@ -398,7 +398,7 @@ module.exports = function(crowi) {
       return getDefaultMarkdownConfigs[key];
     }
 
-    if (this.isXssPrevented(config)) {
+    if (this.isEnabledXssPrevention(config)) {
       switch (this.xssOption(config)) {
         case 1: // ignore all: use default option
           return [];
@@ -558,7 +558,7 @@ module.exports = function(crowi) {
       layoutType: Config.layoutType(config),
       isEnabledLinebreaks: Config.isEnabledLinebreaks(config),
       isEnabledLinebreaksInComments: Config.isEnabledLinebreaksInComments(config),
-      isXssPrevented: Config.isXssPrevented(config),
+      isEnabledXssPrevention: Config.isEnabledXssPrevention(config),
       xssOption: Config.xssOption(config),
       tagWhiteList: Config.tagWhiteList(config),
       attrWhiteList: Config.attrWhiteList(config),

lib/util/xss.js

@@ -3,7 +3,7 @@ class Xss {
   constructor(xssOption) {
     const xss = require('xss');
 
-    const isXssPrevented = xssOption.isXssPrevented;
+    const isEnabledXssPrevention = xssOption.isEnabledXssPrevention;
     const tagWhiteList = xssOption.tagWhiteList;
     const attrWhiteList = xssOption.attrWhiteList;
 
@@ -18,7 +18,7 @@ class Xss {
       escapeHtml: (html) => html,   // resolve https://github.com/weseek/growi/issues/221
     };
 
-    if (isXssPrevented) {
+    if (isEnabledXssPrevention) {
       tagWhiteList.forEach(tag => {
         whiteListContent[tag] = attrWhiteList;
       });

lib/util/xssOption.js

@@ -4,12 +4,12 @@ class XssOption {
     const recommendedXssWhiteList = require('../util/recommendedXssWhiteList');
 
     if (config) {
-      this.isXssPrevented = config.isXssPrevented || true;
+      this.isEnabledXssPrevention = config.isEnabledXssPrevention || true;
       this.tagWhiteList = config.tagWhiteList || recommendedXssWhiteList.tags;
       this.attrWhiteList = config.attrWhiteList || recommendedXssWhiteList.attrs;
     }
     else {
-      this.isXssPrevented = true;
+      this.isEnabledXssPrevention = true;
       this.tagWhiteList = recommendedXssWhiteList.tags;
       this.attrWhiteList = recommendedXssWhiteList.attrs;
     }

lib/views/admin/markdown.html

@@ -90,8 +90,8 @@
       </form>
 
       <form action="/admin/markdown/xss-setting" method="post" class="form-horizontal" id="markdownSettingForm" role="form">
-        {% set nameForIsXssEnabled = "markdownSetting[markdown:xss:isPrevented]" %}
-        {% set isXssEnabled = markdownSetting['markdown:xss:isPrevented'] %}
+        {% set nameForIsXssEnabled = "markdownSetting[markdown:xss:isEnabledPrevention]" %}
+        {% set isXssEnabled = markdownSetting['markdown:xss:isEnabledPrevention'] %}
 
         <legend>{{ t('markdown_setting.XSS_setting') }}</legend>
         <p class="well">{{ t("markdown_setting.XSS_setting_desc") }}</p>
@@ -136,11 +136,11 @@
               <p class="font-weight-bold">{{ t('markdown_setting.Recommended setting') }}</p>
               <div class="m-t-15">
                 {{ t('markdown_setting.Tag names') }}
-                <textarea class="form-control xss-list" name="recommendedTags" rows="5" cols="40" readonly>{{ recommendedXssWhiteList.tags }}</textarea>
+                <textarea class="form-control xss-list" name="recommendedTags" rows="6" cols="40" readonly>{{ recommendedXssWhiteList.tags }}</textarea>
               </div>
               <div class="m-t-15">
                 {{ t('markdown_setting.Tag attributes') }}
-                <textarea class="form-control xss-list" name="recommendedAttrs" rows="5" cols="40" readonly>{{ recommendedXssWhiteList.attrs }}</textarea>
+                <textarea class="form-control xss-list" name="recommendedAttrs" rows="6" cols="40" readonly>{{ recommendedXssWhiteList.attrs }}</textarea>
               </div>
             </label>
           </div>
@@ -156,7 +156,7 @@
                     {{ t('markdown_setting.import_recommended', 'tags') }}
                   </p>
                 </div>
-                <textarea class="form-control xss-list" type="text" name="markdownSetting[markdown:xss:tagWhiteList]" rows="5" cols="40" placeholder="e.g. iframe, script, video...">{{ markdownSetting['markdown:xss:tagWhiteList'] }}</textarea>
+                <textarea class="form-control xss-list" type="text" name="markdownSetting[markdown:xss:tagWhiteList]" rows="6" cols="40" placeholder="e.g. iframe, script, video...">{{ markdownSetting['markdown:xss:tagWhiteList'] }}</textarea>
               </div>
               <div class="m-t-15">
                 <div class="d-flex justify-content-between">
@@ -165,7 +165,7 @@
                     {{ t('markdown_setting.import_recommended', 'attributes') }}
                   </p>
                 </div>
-                <textarea class="form-control xss-list" name="markdownSetting[markdown:xss:attrWhiteList]" rows="5" cols="40" placeholder="e.g. src, id, name...">{{ markdownSetting['markdown:xss:attrWhiteList'] }}</textarea>
+                <textarea class="form-control xss-list" name="markdownSetting[markdown:xss:attrWhiteList]" rows="6" cols="40" placeholder="e.g. src, id, name...">{{ markdownSetting['markdown:xss:attrWhiteList'] }}</textarea>
               </div>
             </label>
           </div>
@@ -191,7 +191,7 @@
     $($('textarea.xss-list')[i]).val($($('textarea.xss-list')[i]).val().replace(/,/g, ', '));
   };
 
-  $('input[name="markdownSetting[markdown:xss:isPrevented]"]').change(function() {
+  $('input[name="markdownSetting[markdown:xss:isEnabledPrevention]"]').change(function() {
     if ($(this).val() === 'true') {
       $('#xss-hide-when-disabled').slideDown();
     }