zhangyuheng/MrDoc
1
0
Fork 0
forked from mirror/MrDoc
Code Pull Requests Activity

优化Editor.md编辑器XSS过滤逻辑

Browse Source
This commit is contained in:
yangjian 2021-04-20 18:30:19 +08:00
parent 282e5e5e44
commit 3428770427
2 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
static/editor.md/editormd.js
View File

@ -4446,10 +4446,8 @@
var markdownParsed = marked(markdownDoc, markedOptions);
// markdownParsed = editormd.filterHTMLTags(markdownParsed, settings.htmlDecode);
// 加载DOMPurify过滤HTML
editormd.loadScript(settings.plugin_path + 'purify.min',function(){
markdownParsed = DOMPurify.sanitize(markdownParsed,{ADD_TAGS: ['iframe']});
});
// 使用DOMPurify过滤HTML
markdownParsed = DOMPurify.sanitize(markdownParsed,{ADD_TAGS: ['iframe']});
// console.log(markdownParsed)
if (settings.markdownSourceCode) {

1
template/app_doc/docs_base.html
View File

@ -331,6 +331,7 @@
<script src="{% static 'vditor/dist/method.min.js' %}?version={{mrdoc_version}}"></script>
{% elif doc.editor_mode == 1 %}
<script src="{% static 'editor.md/lib/marked.min.js' %}?version={{mrdoc_version}}"></script>
<script src="{% static 'editor.md/lib/purify.min.js' %}?version={{mrdoc_version}}"></script>
<script src="{% static 'editor.md/editormd.js' %}?version={{mrdoc_version}}"></script>
{% elif doc.editor_mode == 4 %}
<!-- 在线表格 -->