mirror of
				https://github.com/NodeBB/NodeBB.git
				synced 2025-10-26 08:36:12 +01:00 
			
		
		
		
	fix: inability for plugins to actually alter parser sanitization config
/cc @pitaj
This commit is contained in:
		| @@ -155,6 +155,9 @@ Plugins.reload = async function () { | ||||
| 	Object.keys(Plugins.loadedHooks).forEach(function (hook) { | ||||
| 		Plugins.loadedHooks[hook].sort((a, b) => a.priority - b.priority); | ||||
| 	}); | ||||
|  | ||||
| 	// Post-reload actions | ||||
| 	await posts.configureSanitize(); | ||||
| }; | ||||
|  | ||||
| Plugins.reloadRoutes = async function (params) { | ||||
|   | ||||
| @@ -35,16 +35,6 @@ let sanitizeConfig = { | ||||
| 	], | ||||
| }; | ||||
|  | ||||
| process.nextTick(async () => { | ||||
| 	// Each allowed tags should have some common global attributes... | ||||
| 	sanitizeConfig.allowedTags.forEach((tag) => { | ||||
| 		sanitizeConfig.allowedAttributes[tag] = _.union(sanitizeConfig.allowedAttributes[tag], sanitizeConfig.globalAttributes); | ||||
| 	}); | ||||
|  | ||||
| 	// Some plugins might need to adjust or whitelist their own tags... | ||||
| 	sanitizeConfig = await plugins.fireHook('filter:sanitize.config', sanitizeConfig); | ||||
| }); | ||||
|  | ||||
| module.exports = function (Posts) { | ||||
| 	Posts.urlRegex = { | ||||
| 		regex: /href="([^"]+)"/g, | ||||
| @@ -119,6 +109,15 @@ module.exports = function (Posts) { | ||||
| 		}); | ||||
| 	}; | ||||
|  | ||||
| 	Posts.configureSanitize = async () => { | ||||
| 		// Each allowed tags should have some common global attributes... | ||||
| 		sanitizeConfig.allowedTags.forEach((tag) => { | ||||
| 			sanitizeConfig.allowedAttributes[tag] = _.union(sanitizeConfig.allowedAttributes[tag], sanitizeConfig.globalAttributes); | ||||
| 		}); | ||||
|  | ||||
| 		sanitizeConfig = await plugins.fireHook('filter:sanitize.config', sanitizeConfig); | ||||
| 	}; | ||||
|  | ||||
| 	function sanitizeSignature(signature) { | ||||
| 		signature = translator.escape(signature); | ||||
| 		var tagsToStrip = []; | ||||
|   | ||||
		Reference in New Issue
	
	Block a user