-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitizer features #467
Sanitizer features #467
Conversation
src/components/modules/saver.ts
Outdated
* When Tool's "inlineToolbar" value is True, get all sanitizer rules from all tools, | ||
* otherwise get only enabled | ||
*/ | ||
private getSanitizerConfig(name) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Лучше вынести в санитайзер
src/components/modules/sanitizer.ts
Outdated
* Sets sanitizer configuration. Uses default config if user didn't pass the restriction | ||
*/ | ||
public get defaultConfig() { | ||
return { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
От дефолтом теперь же можно избавиться
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
а как же санитайз ядра при вставке? в плагинах sanitize - опциональное поле. Оно применяется при сохранении, но не при вставке
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Он будет сформирован инлайн тулами
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
а, да, ок
src/components/modules/saver.ts
Outdated
*/ | ||
private getSanitizerConfig(name) { | ||
const toolsConfig = this.Editor.Tools.getToolSettings(name), | ||
enableInlineTools = toolsConfig.inlineToolbar || []; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
к настройкам плагинов надо обращаться через Tools.apiSettings.IS_ENABLED_INLINE_TOOLBAR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
enabledInlineTools
docs/api.md
Outdated
@@ -34,11 +34,16 @@ Methods that working with Blocks | |||
|
|||
```insertNewBlock()``` - insert new Block after working place | |||
|
|||
```getSanitizerConfig()``` - method return allowed inline-tool's sanitizer rules |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
этот метод работает только с инлайн тулами. То есть это нельзя назвать sanitizerConfig, тк там нету конфета самого плагина. Он должен либо отдавать полный конфиг (sanitize плагина + sanitize инлайн тулов), либо называться getInlineToolsSanitizerConfig. Первый вариант лучше
src/components/modules/saver.ts
Outdated
* getting only enabled | ||
*/ | ||
enableInlineTools.map( (inlineToolName) => { | ||
config = Object.assign(config, this.Editor.InlineToolbar.tools.get(inlineToolName).sanitize); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
надо учесть, что sanitize
— это опциональное поле, то есть его может не быть. И в инлайн тулах тоже.
src/components/modules/saver.ts
Outdated
/** | ||
* getting all tools sanitizer rule | ||
*/ | ||
this.Editor.InlineToolbar.tools.forEach( (inlineTool) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
почему тут inlineTool, а ниже inlineToolName ? лучше везде inlineToolName
src/components/modules/saver.ts
Outdated
cleanData; | ||
|
||
blocks.forEach((block) => { | ||
baseConfig = this.getSanitizerConfig(block.name); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
лучше, чтобы метод getSanitizerConfig возвращал уже смердженный конфиг санитайза (а не только инлайн-тулы). То есть, вся логика по формированию конфига будет в одном месте. И код deepSanitize упростится за счет того, что не будет baseConfig
src/components/modules/sanitizer.ts
Outdated
* | ||
* @return {String} clean HTML | ||
*/ | ||
public clean(taintString: string, customConfig: ISanitizerConfig) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
надо указать возвращаемые значения функций
src/components/modules/sanitizer.ts
Outdated
* @param {Object} rules - object with sanitizer rules | ||
* @param {Object} baseConfig - object with sanitizer rules from inline-tools | ||
*/ | ||
public deepSanitize(blockData, rules, baseConfig) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
нужно указать тип параметров и возвращаемого значения
src/components/modules/sanitizer.ts
Outdated
/** | ||
* Method recursively reduces Block's data and cleans with passed rules | ||
* | ||
* @param {Object|string} blockData - taint string or object/array that contains taint string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
у нас есть интерфейс IBlockData или вроде того
src/components/modules/sanitizer.ts
Outdated
* Method recursively reduces Block's data and cleans with passed rules | ||
* | ||
* @param {Object|string} blockData - taint string or object/array that contains taint string | ||
* @param {Object} rules - object with sanitizer rules |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
такой интерфейс тоже есть вроде
src/components/modules/sanitizer.ts
Outdated
for (const data in blockData) { | ||
if (Array.isArray(blockData[data]) || typeof blockData[data] === 'object') { | ||
/** | ||
* Case 1 & Case 2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
пишешь, что два кейса, но в коде три кейса: if, elseif, else. Не понятно что тогда else.
src/components/modules/sanitizer.ts
Outdated
super({config}); | ||
|
||
/** Custom configuration */ | ||
this.sanitizerConfig = config.settings ? config.settings.sanitizer : null; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
актуализировать
src/components/modules/sanitizer.ts
Outdated
return blocksData.map((block) => { | ||
toolClass = this.Editor.Tools.toolsAvailable[block.tool]; | ||
|
||
const output = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
можно убрать
src/components/modules/sanitizer.ts
Outdated
/** | ||
* Enable sanitizing if Tool provides config | ||
*/ | ||
if (toolClass.sanitize && !_.isEmpty(toolClass.sanitize)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
развернуть иф
src/components/modules/sanitizer.ts
Outdated
* 2) If rule is false, which means clean all | ||
* 3) Do nothing | ||
*/ | ||
if (rules[data]) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
вынести иф
src/components/modules/sanitizer.ts
Outdated
* 3. When Data is base type (string, int, bool, ...). Check if rule is passed | ||
*/ | ||
for (const data in blockData) { | ||
if (Array.isArray(blockData[data])) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
вынести иф
src/components/modules/sanitizer.ts
Outdated
* Merge with inline tool config | ||
* | ||
* @param {string} toolName | ||
* @param {ISanitizerConfig} blockRules |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
toolConfig
src/components/modules/sanitizer.ts
Outdated
|
||
const toolConfig = {}; | ||
for (const blockRule in blockRules) { | ||
if (blockRules[blockRule]) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blockRules[blockRule] !== false
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- учесть true
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Потести еще paste, чтобы все ок было с санитайзингом
src/components/modules/paste.ts
Outdated
@@ -152,7 +152,7 @@ export default class Paste extends Module { | |||
return result; | |||
}, {}); | |||
|
|||
const customConfig = Object.assign({}, toolsTags, Sanitizer.defaultConfig.tags); | |||
const customConfig = Object.assign({}, toolsTags, Sanitizer.defaultConfig); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
обсудить с @gohabereg
src/components/modules/sanitizer.ts
Outdated
*/ | ||
public deepSanitize(blockData, rules, depth = 0) { | ||
|
||
console.log('start: depth', depth); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
log
src/components/modules/sanitizer.ts
Outdated
* @param {ISanitizerConfig} rules - object with sanitizer rules | ||
* @param {number} depth | ||
*/ | ||
public deepSanitize(blockData, rules, depth = 0) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove deph
src/components/modules/sanitizer.ts
Outdated
* | ||
* 1) Array - we need to save as array, thats why we do Array.map and call itself recursively | ||
* 2) Object - we make new object with clean data and call itself | ||
* 3) Basic type - we clean data |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Boolean/string/number
src/components/modules/sanitizer.ts
Outdated
* 2) Object - we make new object with clean data and call itself | ||
* 3) Basic type - we clean data | ||
*/ | ||
for (const data in blockData) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
data -> fieldName
src/components/modules/sanitizer.ts
Outdated
* - if passed config is not valid, call itself with parent's config | ||
*/ | ||
if (this.isConfigValid(rules[data])) { | ||
cleanData[data] = currentIterationItem.map( (arrayData) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
arrayData -> arrayItem
No description provided.