From 05078a78574a1ee5b434da6aa17a3d7487808d0b Mon Sep 17 00:00:00 2001 From: Le Tan Date: Thu, 18 Jul 2024 22:58:29 +0800 Subject: [PATCH] update xss whitelist --- src/core/mainconfig.cpp | 1 - src/data/extra/web/js/markdownit.js | 5 +++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/core/mainconfig.cpp b/src/core/mainconfig.cpp index fcf6fff0f9..a9e7254c90 100644 --- a/src/core/mainconfig.cpp +++ b/src/core/mainconfig.cpp @@ -119,5 +119,4 @@ QString MainConfig::getVersion(const QJsonObject &p_jobj) void MainConfig::doVersionSpecificOverride() { // In a new version, we may want to change one value by force. - m_editorConfig->getMarkdownEditorConfig().m_protectFromXss = true; } diff --git a/src/data/extra/web/js/markdownit.js b/src/data/extra/web/js/markdownit.js index 32d70f9469..c100e3a5d6 100644 --- a/src/data/extra/web/js/markdownit.js +++ b/src/data/extra/web/js/markdownit.js @@ -215,6 +215,11 @@ class MarkdownIt extends VxWorker { whiteList: { input: ["class", "disabled", "type", "checked"], mark: ["class"], + font: ["color", "class"], + sub: ["class"], + sup: ["class"], + details: ["class"], + summary: ["class"], } }); });