Better Support for whitelisting caja tags
This commit is contained in:
parent
9b86d1507d
commit
f10f9585ae
|
@ -11,7 +11,8 @@ var parser = window.BetterMarkdown,
|
|||
dialect = MD.dialects.Discourse = DialectHelpers.subclassDialect( MD.dialects.Gruber ),
|
||||
initialized = false,
|
||||
emitters = [],
|
||||
hoisted;
|
||||
hoisted,
|
||||
preProcessors = [];
|
||||
|
||||
/**
|
||||
Initialize our dialects for processing.
|
||||
|
@ -165,6 +166,11 @@ Discourse.Dialect = {
|
|||
**/
|
||||
cook: function(text, opts) {
|
||||
if (!initialized) { initializeDialects(); }
|
||||
|
||||
preProcessors.forEach(function(p) {
|
||||
text = p(text);
|
||||
});
|
||||
|
||||
hoisted = {};
|
||||
dialect.options = opts;
|
||||
var tree = parser.toHTMLTree(text, 'Discourse'),
|
||||
|
@ -188,6 +194,14 @@ Discourse.Dialect = {
|
|||
return result.trim();
|
||||
},
|
||||
|
||||
/**
|
||||
Adds a text pre-processor. Use only if necessary, as a dialect
|
||||
that emits JsonML is much better if possible.
|
||||
**/
|
||||
addPreProcessor: function(preProc) {
|
||||
preProcessors.push(preProc);
|
||||
},
|
||||
|
||||
/**
|
||||
Registers an inline replacer function
|
||||
|
||||
|
|
|
@ -9,7 +9,8 @@
|
|||
**/
|
||||
var _validClasses = {},
|
||||
_validIframes = [],
|
||||
_validTags = {};
|
||||
_validTags = {},
|
||||
_decoratedCaja = false;
|
||||
|
||||
function validateAttribute(tagName, attribName, value) {
|
||||
var tag = _validTags[tagName];
|
||||
|
@ -198,6 +199,20 @@ Discourse.Markdown = {
|
|||
// Allow things like <3 and <_<
|
||||
text = text.replace(/<([^A-Za-z\/\!]|$)/g, "<$1");
|
||||
|
||||
// The first time, let's add some more whitelisted tags
|
||||
if (!_decoratedCaja) {
|
||||
|
||||
// Add anything whitelisted to the list of elements if it's not in there
|
||||
// already.
|
||||
var elements = window.html4.ELEMENTS;
|
||||
Ember.keys(_validTags).forEach(function(t) {
|
||||
if (!elements[t]) {
|
||||
elements[t] = 0;
|
||||
}
|
||||
});
|
||||
_decoratedCaja = true;
|
||||
}
|
||||
|
||||
return window.html_sanitize(text, Discourse.Markdown.urlAllowed, validateAttribute);
|
||||
},
|
||||
|
||||
|
|
Loading…
Reference in New Issue