gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-10-30 19:19:03 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

respect safeImport flag when sanitizing imported content

Browse Source
This commit is contained in:
zadam 2023-10-21 17:54:07 +02:00
parent 692f7868bc
commit 90c0a4a437
3 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/services/html_sanitizer.js
View File

@ -33,17 +33,7 @@ function sanitize(dirtyHtml) {
'en-media' // for ENEX import 'en-media' // for ENEX import
], ],
allowedAttributes: { allowedAttributes: {
'a': [ 'href', 'class' ], '*': [ 'class', 'style', 'title', 'src', 'href', 'hash', 'disabled', 'align', 'alt', 'center', 'data-*' ]
'img': [ 'src' ],
'section': [ 'class', 'data-note-id' ],
'figure': [ 'class' ],
'span': [ 'class', 'style' ],
'label': [ 'class' ],
'input': [ 'class', 'type', 'disabled' ],
'code': [ 'class' ],
'ul': [ 'class' ],
'table': [ 'class' ],
'en-media': [ 'hash' ]
}, },
allowedSchemes: [ allowedSchemes: [
'http', 'https', 'ftp', 'ftps', 'mailto', 'data', 'evernote', 'file', 'facetime', 'irc', 'gemini', 'git', 'http', 'https', 'ftp', 'ftps', 'mailto', 'data', 'evernote', 'file', 'facetime', 'irc', 'gemini', 'git',

11
src/services/import/single.js
View File

@ -121,7 +121,11 @@ function importMarkdown(taskContext, file, parentNote) {
const title = utils.getNoteTitle(file.originalname, taskContext.data.replaceUnderscoresWithSpaces); const title = utils.getNoteTitle(file.originalname, taskContext.data.replaceUnderscoresWithSpaces);
const markdownContent = file.buffer.toString("utf-8"); const markdownContent = file.buffer.toString("utf-8");
const htmlContent = markdownService.renderToHtml(markdownContent, title); let htmlContent = markdownService.renderToHtml(markdownContent, title);
if (taskContext.data.safeImport) {
htmlContent = htmlSanitizer.sanitize(htmlContent);
}
const {note} = noteService.createNewNote({ const {note} = noteService.createNewNote({
parentNoteId: parentNote.noteId, parentNoteId: parentNote.noteId,
@ -141,7 +145,10 @@ function importHtml(taskContext, file, parentNote) {
const title = utils.getNoteTitle(file.originalname, taskContext.data.replaceUnderscoresWithSpaces); const title = utils.getNoteTitle(file.originalname, taskContext.data.replaceUnderscoresWithSpaces);
let content = file.buffer.toString("utf-8"); let content = file.buffer.toString("utf-8");
content = htmlSanitizer.sanitize(content); if (taskContext.data.safeImport) {
content = htmlSanitizer.sanitize(content);
}
content = importUtils.handleH1(content, title); content = importUtils.handleH1(content, title);
const {note} = noteService.createNewNote({ const {note} = noteService.createNewNote({

4
src/services/import/zip.js
View File

@ -321,7 +321,9 @@ async function importZip(taskContext, fileBuffer, importRootNote) {
} }
}); });
content = htmlSanitizer.sanitize(content); if (taskContext.data.safeImport) {
content = htmlSanitizer.sanitize(content);
}
content = content.replace(/<html.*<body[^>]*>/gis, ""); content = content.replace(/<html.*<body[^>]*>/gis, "");
content = content.replace(/<\/body>.*<\/html>/gis, ""); content = content.replace(/<\/body>.*<\/html>/gis, "");