@2kog/pkg-editor 0.0.3 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/src/assets/js/xss.js +1 -1
- package/src/components/Article.vue +10 -3
- package/src/components/Tinymce.vue +14 -5
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@2kog/pkg-editor",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.5",
|
|
4
4
|
"description": "Custom Tinymce、Article Renderer",
|
|
5
5
|
"scripts": {
|
|
6
6
|
"serve": "npm run dev",
|
|
@@ -62,6 +62,6 @@
|
|
|
62
62
|
},
|
|
63
63
|
"repository": {
|
|
64
64
|
"type": "git",
|
|
65
|
-
"url": "git+https://github.com/
|
|
65
|
+
"url": "git+https://github.com/RX-PLANET/pkg-editor.git"
|
|
66
66
|
}
|
|
67
67
|
}
|
package/src/assets/js/xss.js
CHANGED
|
@@ -33,7 +33,7 @@ export default function sanitizeRichText(html) {
|
|
|
33
33
|
},
|
|
34
34
|
|
|
35
35
|
allowedSchemes: ["http", "https", "mailto", "tel"],
|
|
36
|
-
allowProtocolRelative:
|
|
36
|
+
allowProtocolRelative: true,
|
|
37
37
|
allowedSchemesByTag: { img: ["http", "https", "data"],iframe: ["http", "https"], },
|
|
38
38
|
|
|
39
39
|
transformTags: {
|
|
@@ -125,11 +125,18 @@ export default {
|
|
|
125
125
|
methods: {
|
|
126
126
|
doReg: function (data) {
|
|
127
127
|
if (data) {
|
|
128
|
-
//
|
|
129
|
-
data = execLazyload(data, this.cdnDomain);
|
|
130
|
-
data = execFilterIframe(data, this.iframeWhitelist);
|
|
128
|
+
// 1. 先执行 XSS 过滤(xss.js 已包含所有配置)
|
|
131
129
|
data = execFilterXSS(data);
|
|
130
|
+
|
|
131
|
+
// 2. 然后执行 iframe 白名单过滤
|
|
132
|
+
data = execFilterIframe(data, this.iframeWhitelist);
|
|
133
|
+
|
|
134
|
+
// 3. 处理图片懒加载
|
|
135
|
+
data = execLazyload(data, this.cdnDomain);
|
|
136
|
+
|
|
137
|
+
// 4. 最后处理链接
|
|
132
138
|
data = execFilterLink(data, this.linkWhitelist, this.linkStrict);
|
|
139
|
+
|
|
133
140
|
return data;
|
|
134
141
|
} else {
|
|
135
142
|
return "";
|
|
@@ -3,7 +3,12 @@
|
|
|
3
3
|
<slot name="prepend"></slot>
|
|
4
4
|
|
|
5
5
|
<div class="c-editor-header">
|
|
6
|
-
<Upload
|
|
6
|
+
<Upload
|
|
7
|
+
v-if="attachmentEnable"
|
|
8
|
+
@insert="insertAttachments"
|
|
9
|
+
:uploadFn="attachmentUploadFn"
|
|
10
|
+
:domain="attachmentCdnDomain"
|
|
11
|
+
/>
|
|
7
12
|
</div>
|
|
8
13
|
|
|
9
14
|
<slot></slot>
|
|
@@ -29,7 +34,7 @@
|
|
|
29
34
|
import Editor from "@tinymce/tinymce-vue";
|
|
30
35
|
import Upload from "./Upload";
|
|
31
36
|
import hljs_languages from "../assets/js/hljs_languages.js";
|
|
32
|
-
import GlobalConf from
|
|
37
|
+
import GlobalConf from "../../config/global.js";
|
|
33
38
|
|
|
34
39
|
export default {
|
|
35
40
|
name: "Tinymce",
|
|
@@ -60,7 +65,6 @@ export default {
|
|
|
60
65
|
default: true,
|
|
61
66
|
},
|
|
62
67
|
|
|
63
|
-
|
|
64
68
|
// 是否启用附件上传
|
|
65
69
|
attachmentEnable: {
|
|
66
70
|
type: Boolean,
|
|
@@ -76,7 +80,10 @@ export default {
|
|
|
76
80
|
type: String,
|
|
77
81
|
default: "",
|
|
78
82
|
},
|
|
79
|
-
|
|
83
|
+
tinymceDev: {
|
|
84
|
+
type: Boolean,
|
|
85
|
+
default: false,
|
|
86
|
+
},
|
|
80
87
|
},
|
|
81
88
|
emits: ["update:modelValue"],
|
|
82
89
|
data: function () {
|
|
@@ -93,7 +100,9 @@ export default {
|
|
|
93
100
|
convert_urls: false,
|
|
94
101
|
|
|
95
102
|
// 样式
|
|
96
|
-
content_css:
|
|
103
|
+
content_css: this.tinymceDev
|
|
104
|
+
? `http://localhost:5120/skins/content/default/content.min.css`
|
|
105
|
+
: `${this.tinymceAssetsDomain}/static/tinymce/skins/content/default/content.min.css`,
|
|
97
106
|
body_class: "c-article c-article-editor c-article-tinymce",
|
|
98
107
|
height: this.height || 800,
|
|
99
108
|
autosave_ask_before_unload: false,
|