add href, id, name transform for secure navigation

2025-12-13 01:36:22 +00:00 · 2016-01-07 09:14:30 +09:00
parent 6698d15f20
commit c1b56e4cb6
5 changed files with 22 additions and 14 deletions
--- a/browser/components/MarkdownPreview.js
+++ b/browser/components/MarkdownPreview.js
@@ -3,6 +3,7 @@ import markdown from '../lib/markdown'
 import ReactDOM from 'react-dom'
 import sanitizeHtml from '@rokt33r/sanitize-html'
 import hljs from 'highlight.js'
+import _ from 'lodash'

 const electron = require('electron')
 const shell = electron.shell
@@ -21,14 +22,29 @@ const sanitizeOpts = {
  },
  allowedAttributes: {
    a: ['href', 'data-key'],
-    img: [ 'src' ]
+    img: [ 'src' ],
+    '*': ['id', 'name']
+  },
+  transformTags: {
+    '*': function (tagName, attribs) {
+      let href = attribs.href
+      if (_.isString(href) && href.match(/^#.+$/)) attribs.href = href.replace(/^#/, '#md-anchor-')
+      if (attribs.id) attribs.id = 'md-anchor-' + attribs.id
+      if (attribs.name) attribs.name = 'md-anchor-' + attribs.name
+      return {
+        tagName: tagName,
+        attribs: attribs
+      }
+    }
  }
 }

 function handleAnchorClick (e) {
+  if (e.target.attributes.href && e.target.attributes.href.nodeValue.match(/#.+/)) {
+    return
+  }
  e.preventDefault()
  e.stopPropagation()
-  console.log(e.target.href)
  shell.openExternal(e.target.href)
 }

--- a/browser/main/HomePage/ArticleDetail/ArticleEditor.js
+++ b/browser/main/HomePage/ArticleDetail/ArticleEditor.js
@@ -23,7 +23,7 @@ export default class ArticleEditor extends React.Component {
      firstVisibleRow: null
    }, function () {
      let previewEl = ReactDOM.findDOMNode(this.refs.preview)
-      previewEl.scrollTop = 0
+      if (previewEl) previewEl.scrollTop = 0
    })
  }

--- a/browser/main/MainPage.js
+++ b/browser/main/MainPage.js
@@ -1,6 +1,7 @@
 const electron = require('electron')
 const ipc = electron.ipcRenderer
 import React, { PropTypes } from 'react'
+import HomePage from './HomePage'

 export default class MainContainer extends React.Component {
  constructor (props) {
@@ -24,7 +25,7 @@ export default class MainContainer extends React.Component {
        {this.state.updateAvailable ? (
        <button onClick={this.updateApp} className='appUpdateButton'><i className='fa fa-cloud-download'/> Update available!</button>
        ) : null}
-        {this.props.children}
+        <HomePage/>
      </div>
    )
  }
--- a/browser/main/index.js
+++ b/browser/main/index.js
@@ -1,7 +1,5 @@
 import { Provider } from 'react-redux'
-import { Router, Route, IndexRoute } from 'react-router'
 import MainPage from './MainPage'
-import HomePage from './HomePage'
 import store from './store'
 import React from 'react'
 import ReactDOM from 'react-dom'
@@ -40,17 +38,11 @@ ipc.on('open-finder', function () {
  activityRecord.emit('FINDER_OPEN')
 })

-let routes = (
-  <Route path='/' component={MainPage}>
-    <IndexRoute name='home' component={HomePage}/>
-  </Route>
-)
-
 let el = document.getElementById('content')
 ReactDOM.render((
  <div>
    <Provider store={store}>
-      <Router>{routes}</Router>
+      <MainPage/>
    </Provider>
  </div>
 ), el, function () {
--- a/package.json
+++ b/package.json
@@ -64,7 +64,6 @@
    "react": "^0.14.3",
    "react-dom": "^0.14.3",
    "react-redux": "^4.0.6",
-    "react-router": "^1.0.0-rc1",
    "redux": "^3.0.5",
    "standard": "^5.3.1",
    "style-loader": "^0.12.4",