Sanitizer features #467
Sanitizer features #467
Conversation
src/components/modules/saver.ts
Outdated
| * When Tool's "inlineToolbar" value is True, get all sanitizer rules from all tools, | ||
| * otherwise get only enabled | ||
| */ | ||
| private getSanitizerConfig(name) { |
src/components/modules/sanitizer.ts
Outdated
| * Sets sanitizer configuration. Uses default config if user didn't pass the restriction | ||
| */ | ||
| public get defaultConfig() { | ||
| return { |
There was a problem hiding this comment.
От дефолтом теперь же можно избавиться
There was a problem hiding this comment.
а как же санитайз ядра при вставке? в плагинах sanitize - опциональное поле. Оно применяется при сохранении, но не при вставке
There was a problem hiding this comment.
Он будет сформирован инлайн тулами
src/components/modules/saver.ts
Outdated
| */ | ||
| private getSanitizerConfig(name) { | ||
| const toolsConfig = this.Editor.Tools.getToolSettings(name), | ||
| enableInlineTools = toolsConfig.inlineToolbar || []; |
There was a problem hiding this comment.
к настройкам плагинов надо обращаться через Tools.apiSettings.IS_ENABLED_INLINE_TOOLBAR
docs/api.md
Outdated
| @@ -34,11 +34,16 @@ Methods that working with Blocks | |||
|
|
|||
| ```insertNewBlock()``` - insert new Block after working place | |||
|
|
|||
| ```getSanitizerConfig()``` - method return allowed inline-tool's sanitizer rules | |||
There was a problem hiding this comment.
этот метод работает только с инлайн тулами. То есть это нельзя назвать sanitizerConfig, тк там нету конфета самого плагина. Он должен либо отдавать полный конфиг (sanitize плагина + sanitize инлайн тулов), либо называться getInlineToolsSanitizerConfig. Первый вариант лучше
src/components/modules/saver.ts
Outdated
| * getting only enabled | ||
| */ | ||
| enableInlineTools.map( (inlineToolName) => { | ||
| config = Object.assign(config, this.Editor.InlineToolbar.tools.get(inlineToolName).sanitize); |
There was a problem hiding this comment.
надо учесть, что sanitize — это опциональное поле, то есть его может не быть. И в инлайн тулах тоже.
src/components/modules/saver.ts
Outdated
| /** | ||
| * getting all tools sanitizer rule | ||
| */ | ||
| this.Editor.InlineToolbar.tools.forEach( (inlineTool) => { |
There was a problem hiding this comment.
почему тут inlineTool, а ниже inlineToolName ? лучше везде inlineToolName
src/components/modules/saver.ts
Outdated
| cleanData; | ||
|
|
||
| blocks.forEach((block) => { | ||
| baseConfig = this.getSanitizerConfig(block.name); |
There was a problem hiding this comment.
лучше, чтобы метод getSanitizerConfig возвращал уже смердженный конфиг санитайза (а не только инлайн-тулы). То есть, вся логика по формированию конфига будет в одном месте. И код deepSanitize упростится за счет того, что не будет baseConfig
src/components/modules/sanitizer.ts
Outdated
| * | ||
| * @return {String} clean HTML | ||
| */ | ||
| public clean(taintString: string, customConfig: ISanitizerConfig) { |
There was a problem hiding this comment.
надо указать возвращаемые значения функций
src/components/modules/sanitizer.ts
Outdated
| * @param {Object} rules - object with sanitizer rules | ||
| * @param {Object} baseConfig - object with sanitizer rules from inline-tools | ||
| */ | ||
| public deepSanitize(blockData, rules, baseConfig) { |
There was a problem hiding this comment.
нужно указать тип параметров и возвращаемого значения
src/components/modules/sanitizer.ts
Outdated
| /** | ||
| * Method recursively reduces Block's data and cleans with passed rules | ||
| * | ||
| * @param {Object|string} blockData - taint string or object/array that contains taint string |
There was a problem hiding this comment.
у нас есть интерфейс IBlockData или вроде того
src/components/modules/sanitizer.ts
Outdated
| * Method recursively reduces Block's data and cleans with passed rules | ||
| * | ||
| * @param {Object|string} blockData - taint string or object/array that contains taint string | ||
| * @param {Object} rules - object with sanitizer rules |
There was a problem hiding this comment.
такой интерфейс тоже есть вроде
src/components/modules/sanitizer.ts
Outdated
| for (const data in blockData) { | ||
| if (Array.isArray(blockData[data]) || typeof blockData[data] === 'object') { | ||
| /** | ||
| * Case 1 & Case 2 |
There was a problem hiding this comment.
пишешь, что два кейса, но в коде три кейса: if, elseif, else. Не понятно что тогда else.
src/components/modules/sanitizer.ts
Outdated
| super({config}); | ||
|
|
||
| /** Custom configuration */ | ||
| this.sanitizerConfig = config.settings ? config.settings.sanitizer : null; |
src/components/modules/sanitizer.ts
Outdated
| return blocksData.map((block) => { | ||
| toolClass = this.Editor.Tools.toolsAvailable[block.tool]; | ||
|
|
||
| const output = { |
src/components/modules/sanitizer.ts
Outdated
| /** | ||
| * Enable sanitizing if Tool provides config | ||
| */ | ||
| if (toolClass.sanitize && !_.isEmpty(toolClass.sanitize)) { |
src/components/modules/sanitizer.ts
Outdated
| * 2) If rule is false, which means clean all | ||
| * 3) Do nothing | ||
| */ | ||
| if (rules[data]) { |
src/components/modules/sanitizer.ts
Outdated
| * 3. When Data is base type (string, int, bool, ...). Check if rule is passed | ||
| */ | ||
| for (const data in blockData) { | ||
| if (Array.isArray(blockData[data])) { |
src/components/modules/sanitizer.ts
Outdated
| * Merge with inline tool config | ||
| * | ||
| * @param {string} toolName | ||
| * @param {ISanitizerConfig} blockRules |
src/components/modules/sanitizer.ts
Outdated
|
|
||
| const toolConfig = {}; | ||
| for (const blockRule in blockRules) { | ||
| if (blockRules[blockRule]) { |
There was a problem hiding this comment.
blockRules[blockRule] !== false
src/components/modules/paste.ts
Outdated
| @@ -152,7 +152,7 @@ export default class Paste extends Module { | |||
| return result; | |||
| }, {}); | |||
|
|
|||
| const customConfig = Object.assign({}, toolsTags, Sanitizer.defaultConfig.tags); | |||
| const customConfig = Object.assign({}, toolsTags, Sanitizer.defaultConfig); | |||
src/components/modules/sanitizer.ts
Outdated
| */ | ||
| public deepSanitize(blockData, rules, depth = 0) { | ||
|
|
||
| console.log('start: depth', depth); |
src/components/modules/sanitizer.ts
Outdated
| * @param {ISanitizerConfig} rules - object with sanitizer rules | ||
| * @param {number} depth | ||
| */ | ||
| public deepSanitize(blockData, rules, depth = 0) { |
src/components/modules/sanitizer.ts
Outdated
| * | ||
| * 1) Array - we need to save as array, thats why we do Array.map and call itself recursively | ||
| * 2) Object - we make new object with clean data and call itself | ||
| * 3) Basic type - we clean data |
src/components/modules/sanitizer.ts
Outdated
| * 2) Object - we make new object with clean data and call itself | ||
| * 3) Basic type - we clean data | ||
| */ | ||
| for (const data in blockData) { |
src/components/modules/sanitizer.ts
Outdated
| * - if passed config is not valid, call itself with parent's config | ||
| */ | ||
| if (this.isConfigValid(rules[data])) { | ||
| cleanData[data] = currentIterationItem.map( (arrayData) => { |
No description provided.