projects
/
vchess.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
094db3d
)
Slightly restrain allowed HTML tags + adjust style for problems instr/solu
author
Benjamin Auder
<benjamin.auder@somewhere>
Sat, 2 May 2020 02:14:53 +0000
(
04:14
+0200)
committer
Benjamin Auder
<benjamin.auder@somewhere>
Sat, 2 May 2020 02:14:53 +0000
(
04:14
+0200)
client/src/components/UserBio.vue
patch
|
blob
|
blame
|
history
client/src/views/Problems.vue
patch
|
blob
|
blame
|
history
server/routes/problems.js
patch
|
blob
|
blame
|
history
server/routes/users.js
patch
|
blob
|
blame
|
history
diff --git
a/client/src/components/UserBio.vue
b/client/src/components/UserBio.vue
index
01bafd2
..
4631e83
100644
(file)
--- a/
client/src/components/UserBio.vue
+++ b/
client/src/components/UserBio.vue
@@
-115,7
+115,7
@@
export default {
.bio-content
text-align: left
margin: 0 var(--universal-margin)
.bio-content
text-align: left
margin: 0 var(--universal-margin)
- p, ul, ol
+ p, ul, ol
, pre, table, h3, h4, h5, h6, blockquote
margin: var(--universal-margin) 0
.br
display: block
margin: var(--universal-margin) 0
.br
display: block
diff --git
a/client/src/views/Problems.vue
b/client/src/views/Problems.vue
index
b989fbc
..
adc0ad3
100644
(file)
--- a/
client/src/views/Problems.vue
+++ b/
client/src/views/Problems.vue
@@
-47,14
+47,14
@@
main
@input="adjustHeight('instructions')"
v-model="curproblem.instruction"
)
@input="adjustHeight('instructions')"
v-model="curproblem.instruction"
)
-
p
(v-html="parseHtml(curproblem.instruction)")
+
.instructions
(v-html="parseHtml(curproblem.instruction)")
fieldset
textarea.solution-edit(
:placeholder="st.tr['Solution']"
@input="adjustHeight('solution')"
v-model="curproblem.solution"
)
fieldset
textarea.solution-edit(
:placeholder="st.tr['Solution']"
@input="adjustHeight('solution')"
v-model="curproblem.solution"
)
-
p
(v-html="parseHtml(curproblem.solution)")
+
.solution
(v-html="parseHtml(curproblem.solution)")
button(@click="sendProblem()") {{ st.tr["Send"] }}
#dialog.text-center {{ st.tr[infoMsg] }}
.row(v-if="showOne")
button(@click="sendProblem()") {{ st.tr["Send"] }}
#dialog.text-center {{ st.tr[infoMsg] }}
.row(v-if="showOne")
@@
-70,12
+70,12
@@
main
| {{ st.tr["Previous_p"] }}
button.nomargin(@click="gotoPrevNext(curproblem,-1)")
| {{ st.tr["Next_p"] }}
| {{ st.tr["Previous_p"] }}
button.nomargin(@click="gotoPrevNext(curproblem,-1)")
| {{ st.tr["Next_p"] }}
-
p
.oneInstructions.clickable(
+
.instructions
.oneInstructions.clickable(
v-html="parseHtml(curproblem.instruction)"
@click="curproblem.showSolution=!curproblem.showSolution"
)
| {{ st.tr["Show solution"] }}
v-html="parseHtml(curproblem.instruction)"
@click="curproblem.showSolution=!curproblem.showSolution"
)
| {{ st.tr["Show solution"] }}
-
p
(
+
.solution
(
v-show="curproblem.showSolution"
v-html="parseHtml(curproblem.solution)"
)
v-show="curproblem.showSolution"
v-html="parseHtml(curproblem.solution)"
)
@@
-513,9
+513,13
@@
export default {
<style lang="sass">
@import "@/styles/_board_squares_img.sass"
@import "@/styles/_rules.sass"
<style lang="sass">
@import "@/styles/_board_squares_img.sass"
@import "@/styles/_rules.sass"
-.br
- display: block
- margin: 10px 0
+.instructions, .solution
+ margin: 0 var(--universal-margin)
+ p, ul, ol, pre, table, h3, h4, h5, h6, blockquote
+ margin: var(--universal-margin) 0
+ .br
+ display: block
+ margin: 10px 0
</style>
<style lang="sass" scoped>
</style>
<style lang="sass" scoped>
@@
-562,7
+566,7
@@
button#loadMoreBtn
& > *
margin: 0
& > *
margin: 0
-
p
.oneInstructions
+.oneInstructions
margin: 0
padding: 2px 5px
background-color: lightgreen
margin: 0
padding: 2px 5px
background-color: lightgreen
diff --git
a/server/routes/problems.js
b/server/routes/problems.js
index
746be9a
..
5f4dd40
100644
(file)
--- a/
server/routes/problems.js
+++ b/
server/routes/problems.js
@@
-2,7
+2,16
@@
let router = require("express").Router();
const access = require("../utils/access");
const params = require("../config/parameters");
const ProblemModel = require("../models/Problem");
const access = require("../utils/access");
const params = require("../config/parameters");
const ProblemModel = require("../models/Problem");
-const sanitizeHtml = require('sanitize-html');
+const sanitizeHtml_pkg = require('sanitize-html');
+
+const allowedTags = [
+ 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol', 'li', 'b',
+ 'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div', 'table',
+ 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre'
+];
+function sanitizeHtml(text) {
+ return sanitizeHtml_pkg(text, { allowedTags: allowedTags });
+}
router.post("/problems", access.logged, access.ajax, (req,res) => {
if (ProblemModel.checkProblem(req.body.prob)) {
router.post("/problems", access.logged, access.ajax, (req,res) => {
if (ProblemModel.checkProblem(req.body.prob)) {
diff --git
a/server/routes/users.js
b/server/routes/users.js
index
d637e13
..
a3fa706
100644
(file)
--- a/
server/routes/users.js
+++ b/
server/routes/users.js
@@
-4,7
+4,16
@@
const sendEmail = require('../utils/mailer');
const genToken = require("../utils/tokenGenerator");
const access = require("../utils/access");
const params = require("../config/parameters");
const genToken = require("../utils/tokenGenerator");
const access = require("../utils/access");
const params = require("../config/parameters");
-const sanitizeHtml = require('sanitize-html');
+const sanitizeHtml_pkg = require('sanitize-html');
+
+const allowedTags = [
+ 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol', 'li', 'b',
+ 'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div', 'table',
+ 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre'
+];
+function sanitizeHtml(text) {
+ return sanitizeHtml_pkg(text, { allowedTags: allowedTags });
+}
router.get("/userbio", access.ajax, (req,res) => {
const uid = req.query["id"];
router.get("/userbio", access.ajax, (req,res) => {
const uid = req.query["id"];
projects / vchess.git / commitdiff