diff options
author | Romulus Urakagi Tsai <urakagi@gmail.com> | 2019-08-14 08:42:25 +0000 |
---|---|---|
committer | Romulus Urakagi Tsai <urakagi@gmail.com> | 2019-08-14 08:42:25 +0000 |
commit | 3084f242784e9d860789c153dc6456b1aba16d96 (patch) | |
tree | a5f4977970178acd92736577268dc8d9065a619c /client | |
parent | efdab37f3faeb125a9b8d31969762932bbbc0c4b (diff) | |
parent | 43d14f8b2b25c2b4b536f747a151b92a7bb014f0 (diff) | |
download | wekan-3084f242784e9d860789c153dc6456b1aba16d96.tar.gz wekan-3084f242784e9d860789c153dc6456b1aba16d96.tar.bz2 wekan-3084f242784e9d860789c153dc6456b1aba16d96.zip |
Merge branch 'master' of https://github.com/wekan/wekan
Diffstat (limited to 'client')
-rwxr-xr-x | client/components/main/editor.js | 43 | ||||
-rw-r--r-- | client/components/settings/informationBody.jade | 12 | ||||
-rw-r--r-- | client/components/settings/settingBody.styl | 8 | ||||
-rw-r--r-- | client/components/sidebar/sidebar.js | 7 |
4 files changed, 50 insertions, 20 deletions
diff --git a/client/components/main/editor.js b/client/components/main/editor.js index 248f4588..82bda0a3 100755 --- a/client/components/main/editor.js +++ b/client/components/main/editor.js @@ -1,4 +1,5 @@ import _sanitizeXss from 'xss'; +const ASIS = 'asis'; const sanitizeXss = (input, options) => { const defaultAllowedIframeSrc = /^(https:){0,1}\/\/.*?(youtube|vimeo|dailymotion|youku)/i; const allowedIframeSrcRegex = (function() { @@ -17,28 +18,39 @@ const sanitizeXss = (input, options) => { return reg; })(); const targetWindow = '_blank'; + const getHtmlDOM = html => { + const i = document.createElement('i'); + i.innerHTML = html; + return i.firstChild; + }; options = { onTag(tag, html, options) { + const htmlDOM = getHtmlDOM(html); + const getAttr = attr => { + return htmlDOM && attr && htmlDOM.getAttribute(attr); + }; if (tag === 'iframe') { const clipCls = 'note-vide-clip'; if (!options.isClosing) { - const srcp = /src=(['"]{0,1})(\S*)(\1)/; - let safe = html.indexOf(`class="${clipCls}"`) > -1; - if (srcp.exec(html)) { - const src = RegExp.$2; - if (allowedIframeSrcRegex.exec(src)) { - safe = true; - } - if (safe) - return `<iframe src='${src}' class="${clipCls}" width=100% height=auto allowfullscreen></iframe>`; + const iframeCls = getAttr('class'); + let safe = iframeCls.indexOf(clipCls) > -1; + const src = getAttr('src'); + if (allowedIframeSrcRegex.exec(src)) { + safe = true; } + if (safe) + return `<iframe src='${src}' class="${clipCls}" width=100% height=auto allowfullscreen></iframe>`; } else { + // remove </iframe> tag return ''; } } else if (tag === 'a') { if (!options.isClosing) { - if (/href=(['"]{0,1})(\S*)(\1)/.exec(html)) { - const href = RegExp.$2; + if (getAttr(ASIS) === 'true') { + // if has a ASIS attribute, don't do anything, it's a member id + return html; + } else { + const href = getAttr('href'); if (href.match(/^((http(s){0,1}:){0,1}\/\/|\/)/)) { // a valid url return `<a href=${href} target=${targetWindow}>`; @@ -47,8 +59,8 @@ const sanitizeXss = (input, options) => { } } else if (tag === 'img') { if (!options.isClosing) { - if (new RegExp('src=([\'"]{0,1})(\\S*)(\\1)').exec(html)) { - const src = RegExp.$2; + const src = getAttr('src'); + if (src) { return `<a href='${src}' class='swipebox'><img src='${src}' class="attachment-image-preview mCS_img_loaded"></a>`; } } @@ -203,7 +215,9 @@ Template.editor.onRendered(() => { // even though uploaded event fired, attachment.url() is still null somehow //TODO const url = attachment.url(); if (url) { - insertImage(url); + insertImage( + `${location.protocol}//${location.host}${url}`, + ); } else { retry++; if (retry < maxTry) { @@ -334,6 +348,7 @@ Blaze.Template.registerHelper( // `userId` to the popup as usual, and we need to store it in the DOM // using a data attribute. 'data-userId': knowedUser.userId, + [ASIS]: 'true', }, linkValue, ); diff --git a/client/components/settings/informationBody.jade b/client/components/settings/informationBody.jade index feb7c0dc..2c615ffd 100644 --- a/client/components/settings/informationBody.jade +++ b/client/components/settings/informationBody.jade @@ -20,9 +20,21 @@ template(name='statistics') th Wekan {{_ 'info'}} td {{statistics.version}} tr + th {{_ 'Meteor_version'}} + td {{statistics.meteor.meteorVersion}} + tr th {{_ 'Node_version'}} td {{statistics.process.nodeVersion}} tr + th {{_ 'MongoDB_version'}} + td {{statistics.mongo.mongoVersion}} + tr + th {{_ 'MongoDB_storage_engine'}} + td {{statistics.mongo.mongoStorageEngine}} + tr + th {{_ 'MongoDB_Oplog_enabled'}} + td {{statistics.mongo.mongoOplogEnabled}} + tr th {{_ 'OS_Type'}} td {{statistics.os.type}} tr diff --git a/client/components/settings/settingBody.styl b/client/components/settings/settingBody.styl index b9300782..bcbd2ea1 100644 --- a/client/components/settings/settingBody.styl +++ b/client/components/settings/settingBody.styl @@ -52,10 +52,10 @@ .main-body padding: 0.1em 1em - -webkit-user-select: auto // Safari 3.1+ - -moz-user-select: auto // Firefox 2+ - -ms-user-select: auto // IE 10+ - user-select: auto // Standard syntax + -webkit-user-select: text // Safari 3.1+ + -moz-user-select: text // Firefox 2+ + -ms-user-select: text // IE 10+ + user-select: text // Standard syntax ul li diff --git a/client/components/sidebar/sidebar.js b/client/components/sidebar/sidebar.js index 8b98fd7e..f7efb1e8 100644 --- a/client/components/sidebar/sidebar.js +++ b/client/components/sidebar/sidebar.js @@ -47,8 +47,11 @@ BlazeComponent.extendComponent({ }, calculateNextPeak() { - const altitude = this.find('.js-board-sidebar-content').scrollHeight; - this.callFirstWith(this, 'setNextPeak', altitude); + const sidebarElement = this.find('.js-board-sidebar-content'); + if (sidebarElement) { + const altitude = sidebarElement.scrollHeight; + this.callFirstWith(this, 'setNextPeak', altitude); + } }, reachNextPeak() { |