🔧 修复class穿越的问题

csfwff · May 27, 2024 · 7a14264 · 7a14264
1 parent 587eaa4
commit 7a14264
Showing 1 changed file with 5 additions and 9 deletions.
diff --git a/src/main/java/org/b3log/symphony/util/Markdowns.java b/src/main/java/org/b3log/symphony/util/Markdowns.java
@@ -145,7 +145,7 @@ private Markdowns() {
      * @return safe HTML content
      */
     public static String clean(final String content, final String baseURI) {
-        final Whitelist whitelist = Whitelist.relaxed().addAttributes(":all", "id", "target", "class", "data-src", "aria-name", "aria-label");
+        final Whitelist whitelist = Whitelist.relaxed().addAttributes(":all", "id", "target", "data-src", "aria-name", "aria-label");
         inputWhitelist(whitelist);
         final Document.OutputSettings outputSettings = new Document.OutputSettings();
         outputSettings.prettyPrint(false);
@@ -449,7 +449,7 @@ private static void putHTML(final String markdownText, final String html) {
 
     private static void inputWhitelist(final Whitelist whitelist) {
         whitelist.addTags("span", "hr", "kbd", "samp", "tt", "del", "s", "strike", "u", "details", "summary").
-                addAttributes("sup", "class", "id").
+                addAttributes("sup", "id").
                 addAttributes("iframe", "src", "sandbox", "width", "height", "border", "marginwidth", "marginheight").
                 addAttributes("audio", "controls", "src").
                 addAttributes("video", "controls", "src", "width", "height").
@@ -458,15 +458,11 @@ private static void inputWhitelist(final Whitelist whitelist) {
                 addAttributes("param", "name", "value").
                 addAttributes("input", "type", "disabled", "checked").
                 addAttributes("embed", "src", "type", "width", "height", "wmode", "allowNetworking").
-                addAttributes("pre", "class").
-                addAttributes("code", "class").
-                addAttributes("li", "class", "id").
-                addAttributes("div", "class", "data-code").
-                addAttributes("span", "class").
-                addAttributes("img", "class").
+                addAttributes("li",  "id").
+                addAttributes("div", "data-code").
                 addAttributes("p", "align").
                 addAttributes("th", "align").
-                addAttributes("a", "class", "rel").
+                addAttributes("a", "rel").
                 addAttributes("td", "align");
         whitelist.addProtocols("a", "href", "#");
         whitelist.addProtocols("iframe", "src", "http", "https");