|
|
@@ -9,8 +9,6 @@ var Markdown = require('markdown-it')({
|
|
|
|
|
|
import markdownItMermaid from "@wekanteam/markdown-it-mermaid";
|
|
|
|
|
|
-/*
|
|
|
-
|
|
|
// Static URL Scheme Listing
|
|
|
var urlschemes = [
|
|
|
"aodroplink",
|
|
|
@@ -23,74 +21,20 @@ var urlschemes = [
|
|
|
"mailspring"
|
|
|
];
|
|
|
|
|
|
+
|
|
|
+
|
|
|
// Better would be a field in the admin backend to set this dynamically
|
|
|
// instead of putting all known or wanted url schemes here hard into code
|
|
|
// but i was not able to access those settings
|
|
|
// var urlschemes = currentSetting.automaticLinkedUrlSchemes.split('\n');
|
|
|
|
|
|
+
|
|
|
+
|
|
|
// put all url schemes into the linkify configuration to automatically make it clickable
|
|
|
for(var i=0; i<urlschemes.length;i++){
|
|
|
- //console.log("adding autolink for "+urlschemes[i]);
|
|
|
Markdown.linkify.add(urlschemes[i]+":",'http:');
|
|
|
}
|
|
|
|
|
|
-
|
|
|
-
|
|
|
-// build fitting regex
|
|
|
-var regex = RegExp('^(' + urlschemes.join('|') + '):', 'gim');
|
|
|
-
|
|
|
-// Add a hook to enforce URI scheme allow-list
|
|
|
-DOMPurify.addHook('afterSanitizeAttributes', function (node) {
|
|
|
- // build an anchor to map URLs to
|
|
|
- var anchor = document.createElement('a');
|
|
|
-
|
|
|
- // check all href attributes for validity
|
|
|
- if (node.hasAttribute('href')) {
|
|
|
- anchor.href = node.getAttribute('href');
|
|
|
- if (anchor.protocol && !anchor.protocol.match(regex)) {
|
|
|
- node.removeAttribute('href');
|
|
|
- }
|
|
|
- }
|
|
|
- // check all action attributes for validity
|
|
|
- if (node.hasAttribute('action')) {
|
|
|
- anchor.href = node.getAttribute('action');
|
|
|
- if (anchor.protocol && !anchor.protocol.match(regex)) {
|
|
|
- node.removeAttribute('action');
|
|
|
- }
|
|
|
- }
|
|
|
- // check all xlink:href attributes for validity
|
|
|
- if (node.hasAttribute('xlink:href')) {
|
|
|
- anchor.href = node.getAttribute('xlink:href');
|
|
|
- if (anchor.protocol && !anchor.protocol.match(regex)) {
|
|
|
- node.removeAttribute('xlink:href');
|
|
|
- }
|
|
|
- }
|
|
|
-});
|
|
|
-
|
|
|
-
|
|
|
-// Additional safeAttrValue function to allow for other specific protocols
|
|
|
-// See https://github.com/leizongmin/js-xss/issues/52#issuecomment-241354114
|
|
|
-function mySafeAttrValue(tag, name, value, cssFilter) {
|
|
|
- // only when the tag is 'a' and attribute is 'href'
|
|
|
- // then use your custom function
|
|
|
- if (tag === 'a' && name === 'href') {
|
|
|
- // only filter the value if starts with an registered url scheme
|
|
|
- urlscheme = value.split(/:/);
|
|
|
- //console.log("validating "+urlscheme[0]);
|
|
|
- if(urlschemes.includes(urlscheme[0])) return value;
|
|
|
- else {
|
|
|
- // use the default safeAttrValue function to process all non cbthunderlinks
|
|
|
- return sanitizeXss.safeAttrValue(tag, name, value, cssFilter);
|
|
|
- }
|
|
|
-// } else if (tag === 'svg') {
|
|
|
-// return `<img src="data:image/svg+xml;base64,` + atob(value) + `"></img>`;
|
|
|
- } else {
|
|
|
- // use the default safeAttrValue function to process it
|
|
|
- return sanitizeXss.safeAttrValue(tag, name, value, cssFilter);
|
|
|
- }
|
|
|
-};
|
|
|
-*/
|
|
|
-
|
|
|
var emoji = require('markdown-it-emoji');
|
|
|
Markdown.use(emoji);
|
|
|
Markdown.use(markdownItMermaid);
|
Lauri Ojansivu