From e02a66e10a9cff1b8fefb707b9a87beece344de9 Mon Sep 17 00:00:00 2001 From: Oyasuminasai <61616918+nfnfgo@users.noreply.github.com> Date: Fri, 12 Jul 2024 17:58:17 +0800 Subject: [PATCH 1/4] refactor: Change htmlProc to TypeScript. --- README.md | 4 +++- src/renderer.jsx | 2 +- src/utils/{htmlProc.js => htmlProc.ts} | 20 +++++++++++++++----- 3 files changed, 19 insertions(+), 7 deletions(-) rename src/utils/{htmlProc.js => htmlProc.ts} (59%) diff --git a/README.md b/README.md index 5af7186..2c0c590 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,9 @@ Normal test with HTML Entities & " ' < > . ## 注意事项 -- 如果在使用插件时遇到问题,您可以通过 [发起 Issue](https://github.com/d0j1a1701/LiteLoaderQQNT-Markdown/issues/new) 向我们进行反馈。届时请尽可能附上诸如系统版本,插件列表, LiteLoaderQQNT 设置页版本信息截图等可以帮助分析问题的信息。如果你还安装了远程调试插件,可以再附上 Devtools 信息。 +您可以查看本项目的 [Known Issue](/docs/known_issue.md) 查看已经发现以及仍未解决的问题。 + +如果在使用插件时遇到问题,您可以通过 [发起 Issue](https://github.com/d0j1a1701/LiteLoaderQQNT-Markdown/issues/new) 向我们进行反馈。届时请尽可能附上诸如系统版本,插件列表, LiteLoaderQQNT 设置页版本信息截图等可以帮助分析问题的信息。如果你还安装了远程调试插件,可以再附上 Devtools 信息。 ## Contributing diff --git a/src/renderer.jsx b/src/renderer.jsx index 82f7406..76c7260 100644 --- a/src/renderer.jsx +++ b/src/renderer.jsx @@ -134,7 +134,7 @@ async function renderSingleMsgBox(messageBox) { function renderedHtmlProcessor(x) { if ((settings.forceEnableHtmlPurify() ?? settings.enableHtmlPurify) == true) { - mditLogger('debug', `Purified ${x}`); + mditLogger('debug', `Purify`, 'Input:', `${x}`); return purifyHtml(x); } return x; diff --git a/src/utils/htmlProc.js b/src/utils/htmlProc.ts similarity index 59% rename from src/utils/htmlProc.js rename to src/utils/htmlProc.ts index aba40ae..52b1bde 100644 --- a/src/utils/htmlProc.js +++ b/src/utils/htmlProc.ts @@ -1,6 +1,14 @@ // Utils function about HTML string process -import DOMPurify from 'dompurify'; +import { mditLogger } from "./logger"; + +const DOMPurify = require('DOMPurify'); +// import {} from 'dompurify'; + +interface UponSanitizeDataRecv { + tagName: string; + allowedTags: Record; +} /** * Unescape HTML entities in HTML string. Already unescaped HTML tag string will be ignored and not shown @@ -8,12 +16,12 @@ import DOMPurify from 'dompurify'; * @param {string} input * @returns {string} String with all HTML entities unescaped */ -export function unescapeHtml(input) { +export function unescapeHtml(input: string) { var doc = new DOMParser().parseFromString(input, "text/html"); return doc.documentElement.textContent; } -export function escapeHtml(input) { +export function escapeHtml(input: string) { return input .replaceAll('&', '&') .replaceAll('<', '<') @@ -27,6 +35,8 @@ export function escapeHtml(input) { * @param {string} input * @return {string} Purified HTML string. */ -export function purifyHtml(input) { - return DOMPurify.sanitize(input); +export function purifyHtml(input: string) { + let res = DOMPurify.sanitize(input); + mditLogger('debug', 'Purify', 'Removed', DOMPurify.removed); + return res; } \ No newline at end of file From 60db8db783f2584b33a894a66e132df2f0fe33bc Mon Sep 17 00:00:00 2001 From: Oyasuminasai <61616918+nfnfgo@users.noreply.github.com> Date: Fri, 12 Jul 2024 18:45:55 +0800 Subject: [PATCH 2/4] feat: Show filter HTML text instead of removal. --- src/utils/htmlProc.ts | 12 ++++++++++++ test.md | 5 +++++ 2 files changed, 17 insertions(+) create mode 100644 test.md diff --git a/src/utils/htmlProc.ts b/src/utils/htmlProc.ts index 52b1bde..27e3ef5 100644 --- a/src/utils/htmlProc.ts +++ b/src/utils/htmlProc.ts @@ -5,6 +5,18 @@ import { mditLogger } from "./logger"; const DOMPurify = require('DOMPurify'); // import {} from 'dompurify'; +DOMPurify.addHook('uponSanitizeElement', function (node: HTMLElement, data: any) { + // mditLogger('debug', 'PurifyHook', 'Data', data); + if (data.allowedTags[data.tagName] === true) { + // mditLogger('debug', 'PurifyHook', 'Hook skipped'); + return; + } + let newNode = document.createElement('p'); + newNode.innerText = node.outerHTML; + // mditLogger('debug', 'PurifyHook', 'New node', newNode); + node.replaceWith(newNode); +}); + interface UponSanitizeDataRecv { tagName: string; allowedTags: Record; diff --git a/test.md b/test.md new file mode 100644 index 0000000..3dfdeeb --- /dev/null +++ b/test.md @@ -0,0 +1,5 @@ +我刚开始打算尝试使用 `beforeSanitize` 那个 hook,先行自行检测tagName在不在allowed里面,如果不在就先转成string. + +遇到的问题有: + +- DOMPurify 不暴露有关于allowedTag的接口。 \ No newline at end of file From f607505aaf6c67515a081c33e8a6c10486039f47 Mon Sep 17 00:00:00 2001 From: Oyasuminasai <61616918+nfnfgo@users.noreply.github.com> Date: Fri, 12 Jul 2024 18:47:20 +0800 Subject: [PATCH 3/4] fix: Remove tmp file. --- test.md | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 test.md diff --git a/test.md b/test.md deleted file mode 100644 index 3dfdeeb..0000000 --- a/test.md +++ /dev/null @@ -1,5 +0,0 @@ -我刚开始打算尝试使用 `beforeSanitize` 那个 hook,先行自行检测tagName在不在allowed里面,如果不在就先转成string. - -遇到的问题有: - -- DOMPurify 不暴露有关于allowedTag的接口。 \ No newline at end of file From f2386faa554393defd6dbdca369d212f82935841 Mon Sep 17 00:00:00 2001 From: Oyasuminasai <61616918+nfnfgo@users.noreply.github.com> Date: Sat, 13 Jul 2024 00:31:06 +0800 Subject: [PATCH 4/4] fix: Try fixing dompurify import issue. --- src/utils/htmlProc.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/utils/htmlProc.ts b/src/utils/htmlProc.ts index 27e3ef5..e82adab 100644 --- a/src/utils/htmlProc.ts +++ b/src/utils/htmlProc.ts @@ -2,8 +2,7 @@ import { mditLogger } from "./logger"; -const DOMPurify = require('DOMPurify'); -// import {} from 'dompurify'; +const DOMPurify = require('dompurify'); DOMPurify.addHook('uponSanitizeElement', function (node: HTMLElement, data: any) { // mditLogger('debug', 'PurifyHook', 'Data', data);