diff --git a/README.md b/README.md index 5af7186..2c0c590 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,9 @@ Normal test with HTML Entities & " ' < > . ## 注意事项 -- 如果在使用插件时遇到问题,您可以通过 [发起 Issue](https://github.com/d0j1a1701/LiteLoaderQQNT-Markdown/issues/new) 向我们进行反馈。届时请尽可能附上诸如系统版本,插件列表, LiteLoaderQQNT 设置页版本信息截图等可以帮助分析问题的信息。如果你还安装了远程调试插件,可以再附上 Devtools 信息。 +您可以查看本项目的 [Known Issue](/docs/known_issue.md) 查看已经发现以及仍未解决的问题。 + +如果在使用插件时遇到问题,您可以通过 [发起 Issue](https://github.com/d0j1a1701/LiteLoaderQQNT-Markdown/issues/new) 向我们进行反馈。届时请尽可能附上诸如系统版本,插件列表, LiteLoaderQQNT 设置页版本信息截图等可以帮助分析问题的信息。如果你还安装了远程调试插件,可以再附上 Devtools 信息。 ## Contributing diff --git a/src/renderer.jsx b/src/renderer.jsx index 82f7406..76c7260 100644 --- a/src/renderer.jsx +++ b/src/renderer.jsx @@ -134,7 +134,7 @@ async function renderSingleMsgBox(messageBox) { function renderedHtmlProcessor(x) { if ((settings.forceEnableHtmlPurify() ?? settings.enableHtmlPurify) == true) { - mditLogger('debug', `Purified ${x}`); + mditLogger('debug', `Purify`, 'Input:', `${x}`); return purifyHtml(x); } return x; diff --git a/src/utils/htmlProc.js b/src/utils/htmlProc.js deleted file mode 100644 index aba40ae..0000000 --- a/src/utils/htmlProc.js +++ /dev/null @@ -1,32 +0,0 @@ -// Utils function about HTML string process - -import DOMPurify from 'dompurify'; - -/** - * Unescape HTML entities in HTML string. Already unescaped HTML tag string will be ignored and not shown - * in return string. - * @param {string} input - * @returns {string} String with all HTML entities unescaped - */ -export function unescapeHtml(input) { - var doc = new DOMParser().parseFromString(input, "text/html"); - return doc.documentElement.textContent; -} - -export function escapeHtml(input) { - return input - .replaceAll('&', '&') - .replaceAll('<', '<') - .replaceAll('>', '>') - .replaceAll('"', '"') - .replaceAll("'", '''); -} - -/** - * Using DOMPurify to purify HTML - * @param {string} input - * @return {string} Purified HTML string. - */ -export function purifyHtml(input) { - return DOMPurify.sanitize(input); -} \ No newline at end of file diff --git a/src/utils/htmlProc.ts b/src/utils/htmlProc.ts new file mode 100644 index 0000000..e82adab --- /dev/null +++ b/src/utils/htmlProc.ts @@ -0,0 +1,53 @@ +// Utils function about HTML string process + +import { mditLogger } from "./logger"; + +const DOMPurify = require('dompurify'); + +DOMPurify.addHook('uponSanitizeElement', function (node: HTMLElement, data: any) { + // mditLogger('debug', 'PurifyHook', 'Data', data); + if (data.allowedTags[data.tagName] === true) { + // mditLogger('debug', 'PurifyHook', 'Hook skipped'); + return; + } + let newNode = document.createElement('p'); + newNode.innerText = node.outerHTML; + // mditLogger('debug', 'PurifyHook', 'New node', newNode); + node.replaceWith(newNode); +}); + +interface UponSanitizeDataRecv { + tagName: string; + allowedTags: Record; +} + +/** + * Unescape HTML entities in HTML string. Already unescaped HTML tag string will be ignored and not shown + * in return string. + * @param {string} input + * @returns {string} String with all HTML entities unescaped + */ +export function unescapeHtml(input: string) { + var doc = new DOMParser().parseFromString(input, "text/html"); + return doc.documentElement.textContent; +} + +export function escapeHtml(input: string) { + return input + .replaceAll('&', '&') + .replaceAll('<', '<') + .replaceAll('>', '>') + .replaceAll('"', '"') + .replaceAll("'", '''); +} + +/** + * Using DOMPurify to purify HTML + * @param {string} input + * @return {string} Purified HTML string. + */ +export function purifyHtml(input: string) { + let res = DOMPurify.sanitize(input); + mditLogger('debug', 'Purify', 'Removed', DOMPurify.removed); + return res; +} \ No newline at end of file