mirror of https://github.com/laurent22/joplin.git
Electron: Allow HTML in Markdown documents in a secure way
Laurent Cozic
parent
6d8941c005
commit
df302206dd
|
|
@ -1282,7 +1282,7 @@ class NoteTextComponent extends React.Component {
|
||||||
|
|
||||||
const viewer = <webview
|
const viewer = <webview
|
||||||
style={viewerStyle}
|
style={viewerStyle}
|
||||||
nodeintegration="1"
|
preload="gui/note-viewer/preload.js"
|
||||||
src="gui/note-viewer/index.html"
|
src="gui/note-viewer/index.html"
|
||||||
ref={(elem) => { this.webview_ref(elem); } }
|
ref={(elem) => { this.webview_ref(elem); } }
|
||||||
/>
|
/>
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,6 @@
|
||||||
<div id="content" ondragstart="return false;" ondrop="return false;"></div>
|
<div id="content" ondragstart="return false;" ondrop="return false;"></div>
|
||||||
|
|
||||||
<script>
|
<script>
|
||||||
const { ipcRenderer } = require('electron');
|
|
||||||
const contentElement = document.getElementById('content');
|
const contentElement = document.getElementById('content');
|
||||||
|
|
||||||
// ----------------------------------------------------------------------
|
// ----------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
// Define here Electron objects that need to be accessed from the WebView
|
||||||
|
// https://github.com/electron/electron/blob/master/docs/tutorial/security.md#2-disable-nodejs-integration-for-remote-content
|
||||||
|
|
||||||
|
window.ipcRenderer = require('electron').ipcRenderer;
|
||||||
|
|
@ -216,7 +216,7 @@ class MdToHtml {
|
||||||
|
|
||||||
if (isInlineCode) {
|
if (isInlineCode) {
|
||||||
openTag = null;
|
openTag = null;
|
||||||
} else if (tag && t.type.indexOf('html_inline') >= 0) {
|
} else if (tag && (t.type.indexOf('html_inline') >= 0 || t.type.indexOf('html_block') >= 0)) {
|
||||||
openTag = null;
|
openTag = null;
|
||||||
} else if (tag && t.type.indexOf('_open') >= 0) {
|
} else if (tag && t.type.indexOf('_open') >= 0) {
|
||||||
openTag = tag;
|
openTag = tag;
|
||||||
|
|
@ -277,7 +277,7 @@ class MdToHtml {
|
||||||
if (t.type === 'image') {
|
if (t.type === 'image') {
|
||||||
if (tokenContent) attrs.push(['title', tokenContent]);
|
if (tokenContent) attrs.push(['title', tokenContent]);
|
||||||
output.push(this.renderImage_(attrs, options));
|
output.push(this.renderImage_(attrs, options));
|
||||||
} else if (t.type === 'html_inline') {
|
} else if (t.type === 'html_inline' || t.type === 'html_block') {
|
||||||
output.push(t.content);
|
output.push(t.content);
|
||||||
} else if (t.type === 'softbreak') {
|
} else if (t.type === 'softbreak') {
|
||||||
output.push('<br/>');
|
output.push('<br/>');
|
||||||
|
|
@ -392,7 +392,7 @@ class MdToHtml {
|
||||||
const md = new MarkdownIt({
|
const md = new MarkdownIt({
|
||||||
breaks: true,
|
breaks: true,
|
||||||
linkify: true,
|
linkify: true,
|
||||||
html: false, // For security, HTML tags are not supported - https://github.com/laurent22/joplin/issues/500
|
html: true,
|
||||||
});
|
});
|
||||||
|
|
||||||
// This is currently used only so that the $expression$ and $$\nexpression\n$$ blocks are translated
|
// This is currently used only so that the $expression$ and $$\nexpression\n$$ blocks are translated
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue