jeans/frontend
jeans/frontend
1
0
Fork 0
mirror of https://github.com/home-assistant/frontend.git synced 2025-07-19 15:26:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

disableXssFilter ==> allowSvg (#1600)

Browse Source 
* disableXssFilter ==> allowSvg

* Move allowSvg patch to _render()

* Add comment
This commit is contained in:
Jason Hu 2018-08-26 11:50:37 -07:00 committed by GitHub
parent c8ea4cd85e
commit 73098d106d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/components/ha-markdown.js
View File

@ -3,6 +3,12 @@ import EventsMixin from '../mixins/events-mixin.js';
let loaded = null; let loaded = null;
/**
* White list allowed svg tag.
* Only put in the tag used in QR code, can be extend in future.
*/
const svgWhiteList = ['svg', 'path'];
/* /*
* @appliesMixin EventsMixin * @appliesMixin EventsMixin
*/ */
@ -13,7 +19,7 @@ class HaMarkdown extends EventsMixin(PolymerElement) {
type: String, type: String,
observer: '_render', observer: '_render',
}, },
disableXssFilter: { allowSvg: {
type: Boolean, type: Boolean,
value: false, value: false,
}, },
@ -33,7 +39,7 @@ class HaMarkdown extends EventsMixin(PolymerElement) {
loaded.then( loaded.then(
({ marked, filterXSS }) => { ({ marked, filterXSS }) => {
this.marked = marked; this.marked = marked;
this.filterXSS = this.disableXssFilter ? c => c : filterXSS; this.filterXSS = filterXSS;
this._scriptLoaded = 1; this._scriptLoaded = 1;
}, },
() => { this._scriptLoaded = 2; }, () => { this._scriptLoaded = 2; },
@ -54,7 +60,11 @@ class HaMarkdown extends EventsMixin(PolymerElement) {
gfm: true, gfm: true,
tables: true, tables: true,
breaks: true breaks: true
})); }), {
onIgnoreTag: this.allowSvg
? (tag, html) => (svgWhiteList.indexOf(tag) >= 0 ? html : null)
: null
});
this._resize(); this._resize();
const walker = document.createTreeWalker(this, 1 /* SHOW_ELEMENT */, null, false); const walker = document.createTreeWalker(this, 1 /* SHOW_ELEMENT */, null, false);

2
src/panels/config/config-entries/ha-config-flow.js
View File

@ -71,7 +71,7 @@ class HaConfigFlow extends
<template is="dom-if" if="[[_equals(_step.type, 'form')]]"> <template is="dom-if" if="[[_equals(_step.type, 'form')]]">
<template is="dom-if" if="[[_computeStepDescription(localize, _step)]]"> <template is="dom-if" if="[[_computeStepDescription(localize, _step)]]">
<ha-markdown content="[[_computeStepDescription(localize, _step)]]" disable-xss-filter></ha-markdown> <ha-markdown content="[[_computeStepDescription(localize, _step)]]" allow-svg></ha-markdown>
</template> </template>
<ha-form <ha-form

2
src/panels/profile/ha-mfa-module-setup-flow.js
View File

@ -71,7 +71,7 @@ class HaMfaModuleSetupFlow extends
<template is="dom-if" if="[[_equals(_step.type, 'form')]]"> <template is="dom-if" if="[[_equals(_step.type, 'form')]]">
<template is="dom-if" if="[[_computeStepDescription(localize, _step)]]"> <template is="dom-if" if="[[_computeStepDescription(localize, _step)]]">
<ha-markdown content="[[_computeStepDescription(localize, _step)]]" disable-xss-filter></ha-markdown> <ha-markdown content="[[_computeStepDescription(localize, _step)]]" allow-svg></ha-markdown>
</template> </template>
<ha-form <ha-form