We use cookies to ensure you get the best experience on our website
Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
0ct0pu5
/
siyuan
1
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Selaa lähdekoodia

:bug: https://github.com/siyuan-note/siyuan/issues/11321

Vanessa 1 vuosi sitten
vanhempi
30b0f69dff
commit
e04c8ff0b9
2 muutettua tiedostoa jossa 40 lisäystä ja 38 poistoa
Yhdistetty näkymä Näytä diff tilastot
  1. 1 1
      app/src/protyle/toolbar/index.ts
  2. 39 37
      app/stage/protyle/js/protyle-html.js

+ 1 - 1
app/src/protyle/toolbar/index.ts
Näytä tiedosto 

@@ -995,7 +995,7 @@ export class Toolbar {
 
         /// #endif
 
         /// #endif
 
         const textElement = this.subElement.querySelector(".b3-text-field") as HTMLTextAreaElement;
 
         const textElement = this.subElement.querySelector(".b3-text-field") as HTMLTextAreaElement;
 
         if (types.includes("NodeHTMLBlock")) {
 
         if (types.includes("NodeHTMLBlock")) {
 
-            textElement.value = renderElement.querySelector("protyle-html").getAttribute("data-content") || "";
 
+            textElement.value = Lute.UnEscapeHTMLStr(renderElement.querySelector("protyle-html").getAttribute("data-content") || "");
 
         } else if (isInlineMemo) {
 
         } else if (isInlineMemo) {
 
             textElement.value = Lute.UnEscapeHTMLStr(renderElement.getAttribute("data-inline-memo-content") || "");
 
             textElement.value = Lute.UnEscapeHTMLStr(renderElement.getAttribute("data-inline-memo-content") || "");
 
         } else {
 
         } else {

+ 39 - 37
app/stage/protyle/js/protyle-html.js
Näytä tiedosto 

@@ -3,51 +3,53 @@
 
 //# sourceMappingURL=purify.min.js.map
 
 //# sourceMappingURL=purify.min.js.map
 
 
 
 class ProtyleHtml extends HTMLElement {
 
 class ProtyleHtml extends HTMLElement {
 
-  constructor () {
 
-    super()
 
-    const shadowRoot = this.attachShadow({mode: 'open'})
 
-    this.display = this.shadowRoot
 
-    const dataContent = this.getAttribute('data-content')
 
-    this.display.innerHTML = dataContent
 
-  }
 
+    constructor() {
 
+        super()
 
+        const shadowRoot = this.attachShadow({mode: 'open'})
 
+        this.display = this.shadowRoot
 
+        // https://github.com/siyuan-note/siyuan/issues/11321
 
+        this.setAttribute('data-content', Lute.EscapeHTMLStr(this.getAttribute('data-content')))
 
+        const dataContent = this.getAttribute('data-content')
 
+        this.display.innerHTML = dataContent
 
+    }
 
 
 
-  static get observedAttributes () {
 
-    return ['data-content']
 
-  }
 
+    static get observedAttributes() {
 
+        return ['data-content']
 
+    }
 
 
 
-  attributeChangedCallback (name, oldValue, newValue) {
 
-    if (name === 'data-content') {
 
-      let dataContent = Lute.UnEscapeHTMLStr(this.getAttribute('data-content'))
 
+    attributeChangedCallback(name, oldValue, newValue) {
 
+        if (name === 'data-content') {
 
+            let dataContent = Lute.UnEscapeHTMLStr(this.getAttribute('data-content'))
 
 
 
-      if (!window.siyuan.config.editor.allowHTMLBLockScript) {
 
-        // Do not execute scripts in HTML blocks by default to prevent XSS https://github.com/siyuan-note/siyuan/issues/11172
 
-        dataContent = DOMPurify.sanitize(dataContent);
 
-      }
 
+            if (!window.siyuan.config.editor.allowHTMLBLockScript) {
 
+                // Do not execute scripts in HTML blocks by default to prevent XSS https://github.com/siyuan-note/siyuan/issues/11172
 
+                dataContent = DOMPurify.sanitize(dataContent);
 
+            }
 
 
 
-      this.display.innerHTML = dataContent
 
+            this.display.innerHTML = dataContent
 
 
 
-      const el = document.createElement('div')
 
-      el.innerHTML = dataContent
 
-      const scripts = el.getElementsByTagName('script')
 
-      let fatalHTML = ''
 
-      for (const script of scripts) {
 
-        if (script.textContent.indexOf('document.write') > -1) {
 
-          fatalHTML += `<div style="color:var(--b3-theme-error);font-size: 12px">${window.siyuan.languages.htmlBlockError}</div>
 
+            const el = document.createElement('div')
 
+            el.innerHTML = dataContent
 
+            const scripts = el.getElementsByTagName('script')
 
+            let fatalHTML = ''
 
+            for (const script of scripts) {
 
+                if (script.textContent.indexOf('document.write') > -1) {
 
+                    fatalHTML += `<div style="color:var(--b3-theme-error);font-size: 12px">${window.siyuan.languages.htmlBlockError}</div>
 
 <textarea style="width: 100%;box-sizing: border-box;height: 120px"><script>${script.textContent}</script></textarea>`
 
 <textarea style="width: 100%;box-sizing: border-box;height: 120px"><script>${script.textContent}</script></textarea>`
 
-        } else {
 
-          const s = document.createElement('script')
 
-          for (const attr of script.attributes) {
 
-            s.setAttribute(attr.name, attr.value);
 
-          }
 
-          s.textContent = script.textContent
 
-          this.display.appendChild(s)
 
+                } else {
 
+                    const s = document.createElement('script')
 
+                    for (const attr of script.attributes) {
 
+                        s.setAttribute(attr.name, attr.value);
 
+                    }
 
+                    s.textContent = script.textContent
 
+                    this.display.appendChild(s)
 
+                }
 
+            }
 
+            if (fatalHTML) {
 
+                this.display.innerHTML += fatalHTML
 
+            }
 
         }
 
         }
 
-      }
 
-      if (fatalHTML) {
 
-        this.display.innerHTML += fatalHTML
 
-      }
 
     }
 
     }
 
-  }
 
 }
 
 }
 
 
 
 customElements.define('protyle-html', ProtyleHtml)
 
 customElements.define('protyle-html', ProtyleHtml)

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5