imhven
/
abp
mirror of https://github.com/abpframework/abp
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13498 from abpframework/enisn/6.0-separate-encoding-and-sanitizer

Browse Source 
CmsKit - MarkdownRenderer Overhaul
pull/13500/head
Yunus Emre Kalkan 3 years ago committed by GitHub
parent be5ce2f87b d911b0a00c
commit d9a4a806c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File

4
modules/cms-kit/src/Volo.CmsKit.Public.Web/Pages/CmsKit/Shared/Components/Commenting/CommentingViewComponent.cs
Unescape View File

@ -65,12 +65,12 @@ public class CommentingViewComponent : AbpViewComponent
foreach (var comment in viewModel.Comments)
{
viewModel.RawCommentTexts.Add(comment.Id, comment.Text);
comment.Text = await MarkdownToHtmlRenderer.RenderAsync(comment.Text, true);
comment.Text = await MarkdownToHtmlRenderer.RenderAsync(comment.Text, allowHtmlTags: false, preventXSS: true);
foreach (var reply in comment.Replies)
{
viewModel.RawCommentTexts.Add(reply.Id, reply.Text);
reply.Text = await MarkdownToHtmlRenderer.RenderAsync(reply.Text, true);
reply.Text = await MarkdownToHtmlRenderer.RenderAsync(reply.Text, allowHtmlTags: false, preventXSS: true);
}
}
}

14
modules/cms-kit/src/Volo.CmsKit.Public.Web/Pages/Public/CmsKit/Blogs/BlogPost.cshtml
Unescape View File

@ -72,7 +72,7 @@
{
if (contentFragment.Type == ContentConsts.Markdown)
{
@Html.Raw(await MarkdownRenderer.RenderAsync(contentFragment.GetProperty<string>("Content")))
@Html.Raw(await MarkdownRenderer.RenderAsync(contentFragment.GetProperty<string>("Content"), allowHtmlTags: true, preventXSS: true))
}
else if (contentFragment.Type == ContentConsts.Widget)
{
@ -92,13 +92,13 @@
if (Model.TagsFeature?.IsEnabled == true)
{
@await Component.InvokeAsync(typeof(TagViewComponent), new
{
entityType = Volo.CmsKit.Blogs.BlogPostConsts.EntityType,
entityId = Model.BlogPost.Id.ToString(),
urlFormat = $"/blogs/{Model.BlogSlug}?tagId={{TagId}}"
})
{
entityType = Volo.CmsKit.Blogs.BlogPostConsts.EntityType,
entityId = Model.BlogPost.Id.ToString(),
urlFormat = $"/blogs/{Model.BlogSlug}?tagId={{TagId}}"
})
}
}
}
</div>
</abp-row>

2
modules/cms-kit/src/Volo.CmsKit.Public.Web/Pages/Public/CmsKit/Pages/Index.cshtml
Unescape View File

@ -34,7 +34,7 @@
{
if (contentFragment.Type == ContentConsts.Markdown)
{
@Html.Raw(await MarkdownRenderer.RenderAsync(contentFragment.GetProperty<string>("Content")))
@Html.Raw(await MarkdownRenderer.RenderAsync(contentFragment.GetProperty<string>("Content"), allowHtmlTags: true, preventXSS: true))
}
else if (contentFragment.Type == ContentConsts.Widget)
{

2
modules/cms-kit/src/Volo.CmsKit.Public.Web/Renderers/IMarkdownToHtmlRenderer.cs
Unescape View File

@ -4,5 +4,5 @@ namespace Volo.CmsKit.Public.Web.Renderers;
public interface IMarkdownToHtmlRenderer
{
Task<string> RenderAsync(string rawMarkdown, bool preventXSS = true);
Task<string> RenderAsync(string rawMarkdown, bool allowHtmlTags = true, bool preventXSS = true);
}

4
modules/cms-kit/src/Volo.CmsKit.Public.Web/Renderers/MarkdownToHtmlRenderer.cs
Unescape View File

@ -20,9 +20,9 @@ public class MarkdownToHtmlRenderer : IMarkdownToHtmlRenderer, ITransientDepende
_htmlSanitizer = new HtmlSanitizer();
}
public async Task<string> RenderAsync(string rawMarkdown, bool preventXSS = false)
public async Task<string> RenderAsync(string rawMarkdown, bool allowHtmlTags = true, bool preventXSS = true)
{
if (preventXSS)
if (!allowHtmlTags)
{
rawMarkdown = EncodeHtmlTags(rawMarkdown, true);
}

Write Preview
Loading…
Cancel
Save