summaryrefslogtreecommitdiffstats
path: root/client
diff options
context:
space:
mode:
authorRomulus Urakagi Tsai <urakagi@gmail.com>2019-08-14 08:42:25 +0000
committerRomulus Urakagi Tsai <urakagi@gmail.com>2019-08-14 08:42:25 +0000
commit3084f242784e9d860789c153dc6456b1aba16d96 (patch)
treea5f4977970178acd92736577268dc8d9065a619c /client
parentefdab37f3faeb125a9b8d31969762932bbbc0c4b (diff)
parent43d14f8b2b25c2b4b536f747a151b92a7bb014f0 (diff)
downloadwekan-3084f242784e9d860789c153dc6456b1aba16d96.tar.gz
wekan-3084f242784e9d860789c153dc6456b1aba16d96.tar.bz2
wekan-3084f242784e9d860789c153dc6456b1aba16d96.zip
Merge branch 'master' of https://github.com/wekan/wekan
Diffstat (limited to 'client')
-rwxr-xr-xclient/components/main/editor.js43
-rw-r--r--client/components/settings/informationBody.jade12
-rw-r--r--client/components/settings/settingBody.styl8
-rw-r--r--client/components/sidebar/sidebar.js7
4 files changed, 50 insertions, 20 deletions
diff --git a/client/components/main/editor.js b/client/components/main/editor.js
index 248f4588..82bda0a3 100755
--- a/client/components/main/editor.js
+++ b/client/components/main/editor.js
@@ -1,4 +1,5 @@
import _sanitizeXss from 'xss';
+const ASIS = 'asis';
const sanitizeXss = (input, options) => {
const defaultAllowedIframeSrc = /^(https:){0,1}\/\/.*?(youtube|vimeo|dailymotion|youku)/i;
const allowedIframeSrcRegex = (function() {
@@ -17,28 +18,39 @@ const sanitizeXss = (input, options) => {
return reg;
})();
const targetWindow = '_blank';
+ const getHtmlDOM = html => {
+ const i = document.createElement('i');
+ i.innerHTML = html;
+ return i.firstChild;
+ };
options = {
onTag(tag, html, options) {
+ const htmlDOM = getHtmlDOM(html);
+ const getAttr = attr => {
+ return htmlDOM && attr && htmlDOM.getAttribute(attr);
+ };
if (tag === 'iframe') {
const clipCls = 'note-vide-clip';
if (!options.isClosing) {
- const srcp = /src=(['"]{0,1})(\S*)(\1)/;
- let safe = html.indexOf(`class="${clipCls}"`) > -1;
- if (srcp.exec(html)) {
- const src = RegExp.$2;
- if (allowedIframeSrcRegex.exec(src)) {
- safe = true;
- }
- if (safe)
- return `<iframe src='${src}' class="${clipCls}" width=100% height=auto allowfullscreen></iframe>`;
+ const iframeCls = getAttr('class');
+ let safe = iframeCls.indexOf(clipCls) > -1;
+ const src = getAttr('src');
+ if (allowedIframeSrcRegex.exec(src)) {
+ safe = true;
}
+ if (safe)
+ return `<iframe src='${src}' class="${clipCls}" width=100% height=auto allowfullscreen></iframe>`;
} else {
+ // remove </iframe> tag
return '';
}
} else if (tag === 'a') {
if (!options.isClosing) {
- if (/href=(['"]{0,1})(\S*)(\1)/.exec(html)) {
- const href = RegExp.$2;
+ if (getAttr(ASIS) === 'true') {
+ // if has a ASIS attribute, don't do anything, it's a member id
+ return html;
+ } else {
+ const href = getAttr('href');
if (href.match(/^((http(s){0,1}:){0,1}\/\/|\/)/)) {
// a valid url
return `<a href=${href} target=${targetWindow}>`;
@@ -47,8 +59,8 @@ const sanitizeXss = (input, options) => {
}
} else if (tag === 'img') {
if (!options.isClosing) {
- if (new RegExp('src=([\'"]{0,1})(\\S*)(\\1)').exec(html)) {
- const src = RegExp.$2;
+ const src = getAttr('src');
+ if (src) {
return `<a href='${src}' class='swipebox'><img src='${src}' class="attachment-image-preview mCS_img_loaded"></a>`;
}
}
@@ -203,7 +215,9 @@ Template.editor.onRendered(() => {
// even though uploaded event fired, attachment.url() is still null somehow //TODO
const url = attachment.url();
if (url) {
- insertImage(url);
+ insertImage(
+ `${location.protocol}//${location.host}${url}`,
+ );
} else {
retry++;
if (retry < maxTry) {
@@ -334,6 +348,7 @@ Blaze.Template.registerHelper(
// `userId` to the popup as usual, and we need to store it in the DOM
// using a data attribute.
'data-userId': knowedUser.userId,
+ [ASIS]: 'true',
},
linkValue,
);
diff --git a/client/components/settings/informationBody.jade b/client/components/settings/informationBody.jade
index feb7c0dc..2c615ffd 100644
--- a/client/components/settings/informationBody.jade
+++ b/client/components/settings/informationBody.jade
@@ -20,9 +20,21 @@ template(name='statistics')
th Wekan {{_ 'info'}}
td {{statistics.version}}
tr
+ th {{_ 'Meteor_version'}}
+ td {{statistics.meteor.meteorVersion}}
+ tr
th {{_ 'Node_version'}}
td {{statistics.process.nodeVersion}}
tr
+ th {{_ 'MongoDB_version'}}
+ td {{statistics.mongo.mongoVersion}}
+ tr
+ th {{_ 'MongoDB_storage_engine'}}
+ td {{statistics.mongo.mongoStorageEngine}}
+ tr
+ th {{_ 'MongoDB_Oplog_enabled'}}
+ td {{statistics.mongo.mongoOplogEnabled}}
+ tr
th {{_ 'OS_Type'}}
td {{statistics.os.type}}
tr
diff --git a/client/components/settings/settingBody.styl b/client/components/settings/settingBody.styl
index b9300782..bcbd2ea1 100644
--- a/client/components/settings/settingBody.styl
+++ b/client/components/settings/settingBody.styl
@@ -52,10 +52,10 @@
.main-body
padding: 0.1em 1em
- -webkit-user-select: auto // Safari 3.1+
- -moz-user-select: auto // Firefox 2+
- -ms-user-select: auto // IE 10+
- user-select: auto // Standard syntax
+ -webkit-user-select: text // Safari 3.1+
+ -moz-user-select: text // Firefox 2+
+ -ms-user-select: text // IE 10+
+ user-select: text // Standard syntax
ul
li
diff --git a/client/components/sidebar/sidebar.js b/client/components/sidebar/sidebar.js
index 8b98fd7e..f7efb1e8 100644
--- a/client/components/sidebar/sidebar.js
+++ b/client/components/sidebar/sidebar.js
@@ -47,8 +47,11 @@ BlazeComponent.extendComponent({
},
calculateNextPeak() {
- const altitude = this.find('.js-board-sidebar-content').scrollHeight;
- this.callFirstWith(this, 'setNextPeak', altitude);
+ const sidebarElement = this.find('.js-board-sidebar-content');
+ if (sidebarElement) {
+ const altitude = sidebarElement.scrollHeight;
+ this.callFirstWith(this, 'setNextPeak', altitude);
+ }
},
reachNextPeak() {