%!s(int64=3) %!d(string=hai) anos · ea60d5a205
--- a/packages/markdown/src/template-integration.js
+++ b/packages/markdown/src/template-integration.js
@@ -9,7 +9,7 @@ var Markdown = require('markdown-it')({
 
				 
			
 
				 import markdownItMermaid from "@liradb2000/markdown-it-mermaid";
			
 
				 
			
 
				-/*
			
 
				+
			
 
				 // Static URL Scheme Listing
			
 
				 var urlschemes = [
			
 
				   "aodroplink",
			
@@ -22,6 +22,10 @@ var urlschemes = [
 
				   "mailspring"
			
 
				 ];
			
 
				 
			
 
				+
			
 
				+
			
 
				+
			
 
				+
			
 
				 // Better would be a field in the admin backend to set this dynamically
			
 
				 // instead of putting all known or wanted url schemes here hard into code
			
 
				 // but i was not able to access those settings
			
@@ -33,6 +37,42 @@ for(var i=0; i<urlschemes.length;i++){
 
				   Markdown.linkify.add(urlschemes[i]+":",'http:');
			
 
				 }
			
 
				 
			
 
				+
			
 
				+// build fitting regex
			
 
				+var regex = RegExp('^(' + urlschemes.join('|') + '):', 'gim');
			
 
				+
			
 
				+// Add a hook to enforce URI scheme allow-list
			
 
				+DOMPurify.addHook('afterSanitizeAttributes', function (node) {
			
 
				+  // build an anchor to map URLs to
			
 
				+  var anchor = document.createElement('a');
			
 
				+
			
 
				+  // check all href attributes for validity
			
 
				+  if (node.hasAttribute('href')) {
			
 
				+    anchor.href = node.getAttribute('href');
			
 
				+    if (anchor.protocol && !anchor.protocol.match(regex)) {
			
 
				+      node.removeAttribute('href');
			
 
				+    }
			
 
				+  }
			
 
				+  // check all action attributes for validity
			
 
				+  if (node.hasAttribute('action')) {
			
 
				+    anchor.href = node.getAttribute('action');
			
 
				+    if (anchor.protocol && !anchor.protocol.match(regex)) {
			
 
				+      node.removeAttribute('action');
			
 
				+    }
			
 
				+  }
			
 
				+  // check all xlink:href attributes for validity
			
 
				+  if (node.hasAttribute('xlink:href')) {
			
 
				+    anchor.href = node.getAttribute('xlink:href');
			
 
				+    if (anchor.protocol && !anchor.protocol.match(regex)) {
			
 
				+      node.removeAttribute('xlink:href');
			
 
				+    }
			
 
				+  }
			
 
				+});
			
 
				+
			
 
				+
			
 
				+
			
 
				+
			
 
				+/*
			
 
				 // Additional  safeAttrValue function to allow for other specific protocols
			
 
				 // See https://github.com/leizongmin/js-xss/issues/52#issuecomment-241354114
			
 
				 function mySafeAttrValue(tag, name, value, cssFilter) {
			
--- a/releases/delete-phantomjs.sh
+++ b/releases/delete-phantomjs.sh
@@ -1,3 +0,0 @@
 
				-cd ~/repos/wekan/.build
			
 
				-find . -name "*phantomjs*" | xargs rm -rf
			
 
				-cd ~/repos/wekan