diff --git a/app/assets/javascripts/discourse/app/controllers/history.js b/app/assets/javascripts/discourse/app/controllers/history.js index ef3cb80e50b..9c887aefa64 100644 --- a/app/assets/javascripts/discourse/app/controllers/history.js +++ b/app/assets/javascripts/discourse/app/controllers/history.js @@ -268,7 +268,7 @@ export default Controller.extend(ModalFunctionality, { } else { const opts = { features: { editHistory: true, historyOneboxes: true }, - whiteListed: { + allowListed: { editHistory: { custom: (tag, attr) => attr === "class" }, historyOneboxes: ["header", "article", "div[style]"], }, diff --git a/app/assets/javascripts/discourse/app/lib/text.js b/app/assets/javascripts/discourse/app/lib/text.js index 3fb5349a349..a46500e5d44 100644 --- a/app/assets/javascripts/discourse/app/lib/text.js +++ b/app/assets/javascripts/discourse/app/lib/text.js @@ -1,7 +1,7 @@ import { getURLWithCDN } from "discourse-common/lib/get-url"; import PrettyText, { buildOptions } from "pretty-text/pretty-text"; import { performEmojiUnescape, buildEmojiUrl } from "pretty-text/emoji"; -import WhiteLister from "pretty-text/white-lister"; +import AllowLister from "pretty-text/allow-lister"; import { sanitize as textSanitize } from "pretty-text/sanitizer"; import loadScript from "discourse/lib/load-script"; import { formatUsername } from "discourse/lib/utilities"; @@ -49,7 +49,7 @@ export function generateCookFunction(options) { } export function sanitize(text, options) { - return textSanitize(text, new WhiteLister(options)); + return textSanitize(text, new AllowLister(options)); } export function sanitizeAsync(text, options) { diff --git a/app/assets/javascripts/discourse/tests/unit/lib/white-lister-test.js b/app/assets/javascripts/discourse/tests/unit/lib/allow-lister-test.js similarity index 54% rename from app/assets/javascripts/discourse/tests/unit/lib/white-lister-test.js rename to app/assets/javascripts/discourse/tests/unit/lib/allow-lister-test.js index 226113da9c8..c700d220ce0 100644 --- a/app/assets/javascripts/discourse/tests/unit/lib/white-lister-test.js +++ b/app/assets/javascripts/discourse/tests/unit/lib/allow-lister-test.js @@ -1,36 +1,36 @@ import { test, module } from "qunit"; -import WhiteLister from "pretty-text/white-lister"; +import AllowLister from "pretty-text/allow-lister"; -module("lib:whiteLister"); +module("lib:allowLister"); -test("whiteLister", (assert) => { - const whiteLister = new WhiteLister(); +test("allowLister", (assert) => { + const allowLister = new AllowLister(); assert.ok( - Object.keys(whiteLister.getWhiteList().tagList).length > 1, + Object.keys(allowLister.getAllowList().tagList).length > 1, "should have some defaults" ); - whiteLister.disable("default"); + allowLister.disable("default"); assert.ok( - Object.keys(whiteLister.getWhiteList().tagList).length === 0, + Object.keys(allowLister.getAllowList().tagList).length === 0, "should have no defaults if disabled" ); - whiteLister.whiteListFeature("test", [ + allowLister.allowListFeature("test", [ "custom.foo", "custom.baz", "custom[data-*]", "custom[rel=nofollow]", ]); - whiteLister.whiteListFeature("test", ["custom[rel=test]"]); + allowLister.allowListFeature("test", ["custom[rel=test]"]); - whiteLister.enable("test"); + allowLister.enable("test"); assert.deepEqual( - whiteLister.getWhiteList(), + allowLister.getAllowList(), { tagList: { custom: [], @@ -46,10 +46,10 @@ test("whiteLister", (assert) => { "Expecting a correct white list" ); - whiteLister.disable("test"); + allowLister.disable("test"); assert.deepEqual( - whiteLister.getWhiteList(), + allowLister.getAllowList(), { tagList: {}, attrList: {}, diff --git a/app/assets/javascripts/pretty-text-bundle.js b/app/assets/javascripts/pretty-text-bundle.js index 2a3862f8d46..6602c63a6b5 100644 --- a/app/assets/javascripts/pretty-text-bundle.js +++ b/app/assets/javascripts/pretty-text-bundle.js @@ -6,6 +6,7 @@ //= require ./pretty-text/addon/emoji //= require ./pretty-text/addon/engines/discourse-markdown-it //= require xss.min +//= require ./pretty-text/addon/allow-lister //= require ./pretty-text/addon/white-lister //= require ./pretty-text/addon/sanitizer //= require ./pretty-text/addon/oneboxer diff --git a/app/assets/javascripts/pretty-text/addon/allow-lister.js b/app/assets/javascripts/pretty-text/addon/allow-lister.js new file mode 100644 index 00000000000..1844702b6ec --- /dev/null +++ b/app/assets/javascripts/pretty-text/addon/allow-lister.js @@ -0,0 +1,246 @@ +import deprecated from "discourse-common/lib/deprecated"; +// to match: +// abcd +// abcd[test] +// abcd[test=bob] +const ALLOWLIST_REGEX = /([^\[]+)(\[([^=]+)(=(.*))?\])?/; + +export default class AllowLister { + constructor(options) { + this._enabled = { default: true }; + this._allowedHrefSchemes = (options && options.allowedHrefSchemes) || []; + this._allowedIframes = (options && options.allowedIframes) || []; + this._rawFeatures = [["default", DEFAULT_LIST]]; + + this._cache = null; + + if (options && options.features) { + Object.keys(options.features).forEach((f) => { + if (options.features[f]) { + this._enabled[f] = true; + } + }); + } + } + + allowListFeature(feature, info) { + this._rawFeatures.push([feature, info]); + } + + whiteListFeature(feature, info) { + deprecated("`whiteListFeature` has been replaced with `allowListFeature`", { + since: "2.6.0.beta.4", + dropFrom: "2.7.0", + }); + this.allowListFeature(feature, info); + } + + disable(feature) { + this._enabled[feature] = false; + this._cache = null; + } + + enable(feature) { + this._enabled[feature] = true; + this._cache = null; + } + + _buildCache() { + const tagList = {}; + const attrList = {}; + const custom = []; + + this._rawFeatures.forEach(([name, info]) => { + if (!this._enabled[name]) { + return; + } + + if (info.custom) { + custom.push(info.custom); + return; + } + + if (typeof info === "string") { + info = [info]; + } + + (info || []).forEach((tag) => { + const classes = tag.split("."); + const tagWithAttr = classes.shift(); + + const m = ALLOWLIST_REGEX.exec(tagWithAttr); + if (m) { + const [, tagname, , attr, , val] = m; + tagList[tagname] = []; + + let attrs = (attrList[tagname] = attrList[tagname] || {}); + if (classes.length > 0) { + attrs["class"] = (attrs["class"] || []).concat(classes); + } + + if (attr) { + let attrInfo = (attrs[attr] = attrs[attr] || []); + + if (val) { + attrInfo.push(val); + } else { + attrs[attr] = ["*"]; + } + } + } + }); + }); + + this._cache = { custom, allowList: { tagList, attrList } }; + } + + _ensureCache() { + if (!this._cache) { + this._buildCache(); + } + } + + getAllowList() { + this._ensureCache(); + return this._cache.allowList; + } + + getWhiteList() { + deprecated("`getWhiteList` has been replaced with `getAllowList`", { + since: "2.6.0.beta.4", + dropFrom: "2.7.0", + }); + return this.getAllowList(); + } + + getCustom() { + this._ensureCache(); + return this._cache.custom; + } + + getAllowedHrefSchemes() { + return this._allowedHrefSchemes; + } + + getAllowedIframes() { + return this._allowedIframes; + } +} + +// Only add to `default` when you always want your allowlist to occur. In other words, +// don't change this for a plugin or a feature that can be disabled +export const DEFAULT_LIST = [ + "a.attachment", + "a.hashtag", + "a.mention", + "a.mention-group", + "a.onebox", + `a.inline-onebox`, + `a.inline-onebox-loading`, + "a[data-bbcode]", + "a[name]", + "a[rel=nofollow]", + "a[rel=ugc]", + "a[target=_blank]", + "a[title]", + "abbr[title]", + "aside.quote", + "aside[data-*]", + "audio", + "audio[controls]", + "audio[preload]", + "b", + "big", + "blockquote", + "br", + "code", + "dd", + "del", + "div", + "div.quote-controls", + "div.title", + "div[align]", + "div[lang]", + "div[data-*]" /* This may seem a bit much but polls does + it anyway and this is needed for themes, + special code in sanitizer handles data-* + nothing exists for data-theme-* and we + don't want to slow sanitize for this case + */, + "div[dir]", + "dl", + "dt", + "em", + "h1", + "h2", + "h3", + "h4", + "h5", + "h6", + "hr", + "i", + "iframe", + "iframe[frameborder]", + "iframe[height]", + "iframe[marginheight]", + "iframe[marginwidth]", + "iframe[width]", + "iframe[allowfullscreen]", + "img[alt]", + "img[height]", + "img[title]", + "img[width]", + "ins", + "kbd", + "li", + "ol", + "ol[start]", + "p", + "p[lang]", + "picture", + "pre", + "s", + "small", + "span[lang]", + "span.excerpt", + "div.excerpt", + "div.video-container", + "div.onebox-placeholder-container", + "span.placeholder-icon video", + "span.hashtag", + "span.mention", + "strike", + "strong", + "sub", + "sup", + "source[data-orig-src]", + "source[src]", + "source[srcset]", + "source[type]", + "track", + "track[default]", + "track[label]", + "track[kind]", + "track[src]", + "track[srclang]", + "ul", + "video", + "video[autoplay]", + "video[controls]", + "video[controlslist]", + "video[crossorigin]", + "video[height]", + "video[loop]", + "video[muted]", + "video[playsinline]", + "video[poster]", + "video[preload]", + "video[width]", + "ruby", + "ruby[lang]", + "rb", + "rb[lang]", + "rp", + "rt", + "rt[lang]", +]; diff --git a/app/assets/javascripts/pretty-text/addon/engines/discourse-markdown-it.js b/app/assets/javascripts/pretty-text/addon/engines/discourse-markdown-it.js index 8ed78033bd0..e28ec7becf9 100644 --- a/app/assets/javascripts/pretty-text/addon/engines/discourse-markdown-it.js +++ b/app/assets/javascripts/pretty-text/addon/engines/discourse-markdown-it.js @@ -1,6 +1,7 @@ -import WhiteLister from "pretty-text/white-lister"; +import AllowLister from "pretty-text/allow-lister"; import { sanitize } from "pretty-text/sanitizer"; import guid from "pretty-text/guid"; +import deprecated from "discourse-common/lib/deprecated"; export const ATTACHMENT_CSS_CLASS = "attachment"; @@ -23,11 +24,19 @@ function createHelper( optionCallbacks, pluginCallbacks, getOptions, - whiteListed + allowListed ) { let helper = {}; helper.markdownIt = true; - helper.whiteList = (info) => whiteListed.push([featureName, info]); + helper.allowList = (info) => allowListed.push([featureName, info]); + helper.whiteList = (info) => { + deprecated("`whiteList` has been replaced with `allowList`", { + since: "2.6.0.beta.4", + dropFrom: "2.7.0", + }); + helper.allowList(info); + }; + helper.registerInline = deprecate(featureName, "registerInline"); helper.replaceBlock = deprecate(featureName, "replaceBlock"); helper.addPreProcessor = deprecate(featureName, "addPreProcessor"); @@ -296,7 +305,7 @@ export function setup(opts, siteSettings, state) { const check = /discourse-markdown\/|markdown-it\//; let features = []; - let whiteListed = []; + let allowListed = []; Object.keys(require._eak_seen).forEach((entry) => { if (check.test(entry)) { @@ -319,13 +328,13 @@ export function setup(opts, siteSettings, state) { optionCallbacks, pluginCallbacks, getOptions, - whiteListed + allowListed ) ); }); - Object.entries(state.whiteListed || {}).forEach((entry) => { - whiteListed.push(entry); + Object.entries(state.allowListed || {}).forEach((entry) => { + allowListed.push(entry); }); optionCallbacks.forEach(([, callback]) => { @@ -393,14 +402,14 @@ export function setup(opts, siteSettings, state) { opts.setup = true; if (!opts.discourse.sanitizer || !opts.sanitizer) { - const whiteLister = new WhiteLister(opts.discourse); + const allowLister = new AllowLister(opts.discourse); - whiteListed.forEach(([feature, info]) => { - whiteLister.whiteListFeature(feature, info); + allowListed.forEach(([feature, info]) => { + allowLister.allowListFeature(feature, info); }); opts.sanitizer = opts.discourse.sanitizer = !!opts.discourse.sanitize - ? (a) => sanitize(a, whiteLister) + ? (a) => sanitize(a, allowLister) : (a) => a; } } diff --git a/app/assets/javascripts/pretty-text/addon/sanitizer.js b/app/assets/javascripts/pretty-text/addon/sanitizer.js index 035199fe44f..23eea075e14 100644 --- a/app/assets/javascripts/pretty-text/addon/sanitizer.js +++ b/app/assets/javascripts/pretty-text/addon/sanitizer.js @@ -71,7 +71,7 @@ export function hrefAllowed(href, extraHrefMatchers) { } } -export function sanitize(text, whiteLister) { +export function sanitize(text, allowLister) { if (!text) { return ""; } @@ -79,9 +79,9 @@ export function sanitize(text, whiteLister) { // Allow things like <3 and <_< text = text.replace(/<([^A-Za-z\/\!]|$)/g, "<$1"); - const whiteList = whiteLister.getWhiteList(), - allowedHrefSchemes = whiteLister.getAllowedHrefSchemes(), - allowedIframes = whiteLister.getAllowedIframes(); + const allowList = allowLister.getAllowList(), + allowedHrefSchemes = allowLister.getAllowedHrefSchemes(), + allowedIframes = allowLister.getAllowedIframes(); let extraHrefMatchers = null; if (allowedHrefSchemes && allowedHrefSchemes.length > 0) { @@ -94,12 +94,12 @@ export function sanitize(text, whiteLister) { } let result = xss(text, { - whiteList: whiteList.tagList, + whiteList: allowList.tagList, stripIgnoreTag: true, stripIgnoreTagBody: ["script", "table"], onIgnoreTagAttr(tag, name, value) { - const forTag = whiteList.attrList[tag]; + const forTag = allowList.attrList[tag]; if (forTag) { const forAttr = forTag[name]; if ( @@ -134,7 +134,7 @@ export function sanitize(text, whiteLister) { return attr(name, value); } - const custom = whiteLister.getCustom(); + const custom = allowLister.getCustom(); for (let i = 0; i < custom.length; i++) { const fn = custom[i]; if (fn(tag, name, value)) { diff --git a/app/assets/javascripts/pretty-text/addon/white-lister.js b/app/assets/javascripts/pretty-text/addon/white-lister.js index 8b02d126632..f7ee800b3fb 100644 --- a/app/assets/javascripts/pretty-text/addon/white-lister.js +++ b/app/assets/javascripts/pretty-text/addon/white-lister.js @@ -1,229 +1,15 @@ -// to match: -// abcd -// abcd[test] -// abcd[test=bob] -const WHITELIST_REGEX = /([^\[]+)(\[([^=]+)(=(.*))?\])?/; +import deprecated from "discourse-common/lib/deprecated"; +import AllowLister from "pretty-text/allow-lister"; +import { DEFAULT_LIST as NEW_DEFAULT_LIST } from "pretty-text/allow-lister"; -export default class WhiteLister { +export default class WhiteLister extends AllowLister { constructor(options) { - this._enabled = { default: true }; - this._allowedHrefSchemes = (options && options.allowedHrefSchemes) || []; - this._allowedIframes = (options && options.allowedIframes) || []; - this._rawFeatures = [["default", DEFAULT_LIST]]; - - this._cache = null; - - if (options && options.features) { - Object.keys(options.features).forEach((f) => { - if (options.features[f]) { - this._enabled[f] = true; - } - }); - } - } - - whiteListFeature(feature, info) { - this._rawFeatures.push([feature, info]); - } - - disable(feature) { - this._enabled[feature] = false; - this._cache = null; - } - - enable(feature) { - this._enabled[feature] = true; - this._cache = null; - } - - _buildCache() { - const tagList = {}; - const attrList = {}; - const custom = []; - - this._rawFeatures.forEach(([name, info]) => { - if (!this._enabled[name]) { - return; - } - - if (info.custom) { - custom.push(info.custom); - return; - } - - if (typeof info === "string") { - info = [info]; - } - - (info || []).forEach((tag) => { - const classes = tag.split("."); - const tagWithAttr = classes.shift(); - - const m = WHITELIST_REGEX.exec(tagWithAttr); - if (m) { - const [, tagname, , attr, , val] = m; - tagList[tagname] = []; - - let attrs = (attrList[tagname] = attrList[tagname] || {}); - if (classes.length > 0) { - attrs["class"] = (attrs["class"] || []).concat(classes); - } - - if (attr) { - let attrInfo = (attrs[attr] = attrs[attr] || []); - - if (val) { - attrInfo.push(val); - } else { - attrs[attr] = ["*"]; - } - } - } - }); + deprecated("`WhiteLister` has been replaced with `AllowLister`", { + since: "2.6.0.beta.4", + dropFrom: "2.7.0", }); - - this._cache = { custom, whiteList: { tagList, attrList } }; - } - - _ensureCache() { - if (!this._cache) { - this._buildCache(); - } - } - - getWhiteList() { - this._ensureCache(); - return this._cache.whiteList; - } - - getCustom() { - this._ensureCache(); - return this._cache.custom; - } - - getAllowedHrefSchemes() { - return this._allowedHrefSchemes; - } - - getAllowedIframes() { - return this._allowedIframes; + super(options); } } -// Only add to `default` when you always want your allowlist to occur. In other words, -// don't change this for a plugin or a feature that can be disabled -export const DEFAULT_LIST = [ - "a.attachment", - "a.hashtag", - "a.mention", - "a.mention-group", - "a.onebox", - `a.inline-onebox`, - `a.inline-onebox-loading`, - "a[data-bbcode]", - "a[name]", - "a[rel=nofollow]", - "a[rel=ugc]", - "a[target=_blank]", - "a[title]", - "abbr[title]", - "aside.quote", - "aside[data-*]", - "audio", - "audio[controls]", - "audio[preload]", - "b", - "big", - "blockquote", - "br", - "code", - "dd", - "del", - "div", - "div.quote-controls", - "div.title", - "div[align]", - "div[lang]", - "div[data-*]" /* This may seem a bit much but polls does - it anyway and this is needed for themes, - special code in sanitizer handles data-* - nothing exists for data-theme-* and we - don't want to slow sanitize for this case - */, - "div[dir]", - "dl", - "dt", - "em", - "h1", - "h2", - "h3", - "h4", - "h5", - "h6", - "hr", - "i", - "iframe", - "iframe[frameborder]", - "iframe[height]", - "iframe[marginheight]", - "iframe[marginwidth]", - "iframe[width]", - "iframe[allowfullscreen]", - "img[alt]", - "img[height]", - "img[title]", - "img[width]", - "ins", - "kbd", - "li", - "ol", - "ol[start]", - "p", - "p[lang]", - "picture", - "pre", - "s", - "small", - "span[lang]", - "span.excerpt", - "div.excerpt", - "div.video-container", - "div.onebox-placeholder-container", - "span.placeholder-icon video", - "span.hashtag", - "span.mention", - "strike", - "strong", - "sub", - "sup", - "source[data-orig-src]", - "source[src]", - "source[srcset]", - "source[type]", - "track", - "track[default]", - "track[label]", - "track[kind]", - "track[src]", - "track[srclang]", - "ul", - "video", - "video[autoplay]", - "video[controls]", - "video[controlslist]", - "video[crossorigin]", - "video[height]", - "video[loop]", - "video[muted]", - "video[playsinline]", - "video[poster]", - "video[preload]", - "video[width]", - "ruby", - "ruby[lang]", - "rb", - "rb[lang]", - "rp", - "rt", - "rt[lang]", -]; +export const DEFAULT_LIST = NEW_DEFAULT_LIST; diff --git a/app/assets/javascripts/pretty-text/engines/discourse-markdown/bbcode-inline.js b/app/assets/javascripts/pretty-text/engines/discourse-markdown/bbcode-inline.js index 4d968fc86bd..5ca653daaf1 100644 --- a/app/assets/javascripts/pretty-text/engines/discourse-markdown/bbcode-inline.js +++ b/app/assets/javascripts/pretty-text/engines/discourse-markdown/bbcode-inline.js @@ -147,7 +147,7 @@ function processBBCode(state, silent) { } export function setup(helper) { - helper.whiteList([ + helper.allowList([ "span.bbcode-b", "span.bbcode-i", "span.bbcode-u", diff --git a/app/assets/javascripts/pretty-text/engines/discourse-markdown/code.js b/app/assets/javascripts/pretty-text/engines/discourse-markdown/code.js index 8837b5d05c5..1fdab1bf29c 100644 --- a/app/assets/javascripts/pretty-text/engines/discourse-markdown/code.js +++ b/app/assets/javascripts/pretty-text/engines/discourse-markdown/code.js @@ -41,7 +41,7 @@ export function setup(helper) { .concat(["auto", "nohighlight"]); }); - helper.whiteList({ + helper.allowList({ custom(tag, name, value) { if (tag === "code" && name === "class") { const m = /^lang\-(.+)$/.exec(value); diff --git a/app/assets/javascripts/pretty-text/engines/discourse-markdown/d-wrap.js b/app/assets/javascripts/pretty-text/engines/discourse-markdown/d-wrap.js index 77245500cc7..091ec4c0097 100644 --- a/app/assets/javascripts/pretty-text/engines/discourse-markdown/d-wrap.js +++ b/app/assets/javascripts/pretty-text/engines/discourse-markdown/d-wrap.js @@ -68,5 +68,5 @@ export function setup(helper) { md.block.bbcode.ruler.push("block-wrap", blockRule); }); - helper.whiteList([`div.${WRAP_CLASS}`, `span.${WRAP_CLASS}`, "span[data-*]"]); + helper.allowList([`div.${WRAP_CLASS}`, `span.${WRAP_CLASS}`, "span[data-*]"]); } diff --git a/app/assets/javascripts/pretty-text/engines/discourse-markdown/emoji.js b/app/assets/javascripts/pretty-text/engines/discourse-markdown/emoji.js index 6bd6ea87ef7..56e3f2d9108 100644 --- a/app/assets/javascripts/pretty-text/engines/discourse-markdown/emoji.js +++ b/app/assets/javascripts/pretty-text/engines/discourse-markdown/emoji.js @@ -339,7 +339,7 @@ export function setup(helper) { ); }); - helper.whiteList([ + helper.allowList([ "img[class=emoji]", "img[class=emoji emoji-custom]", "img[class=emoji emoji-custom only-emoji]", diff --git a/app/assets/javascripts/pretty-text/engines/discourse-markdown/inject-line-number.js b/app/assets/javascripts/pretty-text/engines/discourse-markdown/inject-line-number.js index edf43c69cc3..c64f9aa59c0 100644 --- a/app/assets/javascripts/pretty-text/engines/discourse-markdown/inject-line-number.js +++ b/app/assets/javascripts/pretty-text/engines/discourse-markdown/inject-line-number.js @@ -2,7 +2,7 @@ export function setup(helper) { const opts = helper.getOptions(); if (opts.previewing && opts.injectLineNumbersToPreview) { - helper.whiteList([ + helper.allowList([ "p.preview-sync-line", "p[data-line-number]", "h1.preview-sync-line", diff --git a/app/assets/javascripts/pretty-text/engines/discourse-markdown/quotes.js b/app/assets/javascripts/pretty-text/engines/discourse-markdown/quotes.js index ceccd3c2e4b..c7e0dc9ca71 100644 --- a/app/assets/javascripts/pretty-text/engines/discourse-markdown/quotes.js +++ b/app/assets/javascripts/pretty-text/engines/discourse-markdown/quotes.js @@ -168,8 +168,8 @@ export function setup(helper) { md.block.bbcode.ruler.push("quotes", rule); }); - helper.whiteList(["img[class=avatar]"]); - helper.whiteList({ + helper.allowList(["img[class=avatar]"]); + helper.allowList({ custom(tag, name, value) { if (tag === "aside" && name === "class") { return ( diff --git a/app/assets/javascripts/pretty-text/engines/discourse-markdown/resize-controls.js b/app/assets/javascripts/pretty-text/engines/discourse-markdown/resize-controls.js index 49dc478383a..63bf3f7059b 100644 --- a/app/assets/javascripts/pretty-text/engines/discourse-markdown/resize-controls.js +++ b/app/assets/javascripts/pretty-text/engines/discourse-markdown/resize-controls.js @@ -71,7 +71,7 @@ export const priority = 1; export function setup(helper) { const opts = helper.getOptions(); if (opts.previewing) { - helper.whiteList([ + helper.allowList([ "span.image-wrapper", "span.button-wrapper", "span[class=scale-btn]", diff --git a/app/assets/javascripts/pretty-text/engines/discourse-markdown/table.js b/app/assets/javascripts/pretty-text/engines/discourse-markdown/table.js index 6be8a1dab38..5533b5fdede 100644 --- a/app/assets/javascripts/pretty-text/engines/discourse-markdown/table.js +++ b/app/assets/javascripts/pretty-text/engines/discourse-markdown/table.js @@ -10,7 +10,7 @@ export function setup(helper) { }); // we need a custom callback for style handling - helper.whiteList({ + helper.allowList({ custom: function (tag, attr, val) { if (tag !== "th" && tag !== "td") { return false; @@ -28,7 +28,7 @@ export function setup(helper) { }, }); - helper.whiteList([ + helper.allowList([ "table", "tbody", "thead", diff --git a/app/assets/javascripts/pretty-text/engines/discourse-markdown/upload-protocol.js b/app/assets/javascripts/pretty-text/engines/discourse-markdown/upload-protocol.js index 0b5d5bf6cb5..4b99308a898 100644 --- a/app/assets/javascripts/pretty-text/engines/discourse-markdown/upload-protocol.js +++ b/app/assets/javascripts/pretty-text/engines/discourse-markdown/upload-protocol.js @@ -91,10 +91,10 @@ function rule(state) { export function setup(helper) { const opts = helper.getOptions(); if (opts.previewing) { - helper.whiteList(["img.resizable"]); + helper.allowList(["img.resizable"]); } - helper.whiteList([ + helper.allowList([ "img[data-orig-src]", "img[data-base62-sha1]", "a[data-orig-href]", diff --git a/lib/pretty_text.rb b/lib/pretty_text.rb index 30e567ea3f6..b51ee1cf1e2 100644 --- a/lib/pretty_text.rb +++ b/lib/pretty_text.rb @@ -90,6 +90,7 @@ module PrettyText apply_es6_file(ctx, root_path, "discourse-common/addon/lib/get-url") apply_es6_file(ctx, root_path, "discourse-common/addon/lib/object") + apply_es6_file(ctx, root_path, "discourse-common/addon/lib/deprecated") apply_es6_file(ctx, root_path, "discourse/app/lib/to-markdown") apply_es6_file(ctx, root_path, "discourse/app/lib/utilities") diff --git a/plugins/discourse-details/assets/javascripts/lib/discourse-markdown/details.js.es6 b/plugins/discourse-details/assets/javascripts/lib/discourse-markdown/details.js.es6 index 7ad6077673a..debaacc72b1 100644 --- a/plugins/discourse-details/assets/javascripts/lib/discourse-markdown/details.js.es6 +++ b/plugins/discourse-details/assets/javascripts/lib/discourse-markdown/details.js.es6 @@ -17,7 +17,7 @@ const rule = { }; export function setup(helper) { - helper.whiteList([ + helper.allowList([ "summary", "summary[title]", "details", diff --git a/plugins/discourse-local-dates/assets/javascripts/lib/discourse-markdown/discourse-local-dates.js.es6 b/plugins/discourse-local-dates/assets/javascripts/lib/discourse-markdown/discourse-local-dates.js.es6 index 2dbd3467bbe..8ea3c13a4a1 100644 --- a/plugins/discourse-local-dates/assets/javascripts/lib/discourse-markdown/discourse-local-dates.js.es6 +++ b/plugins/discourse-local-dates/assets/javascripts/lib/discourse-markdown/discourse-local-dates.js.es6 @@ -138,7 +138,7 @@ function closeBuffer(buffer, state, text) { } export function setup(helper) { - helper.whiteList([ + helper.allowList([ "span.discourse-local-date", "span[data-*]", "span[aria-label]", diff --git a/plugins/poll/assets/javascripts/lib/discourse-markdown/poll.js.es6 b/plugins/poll/assets/javascripts/lib/discourse-markdown/poll.js.es6 index da28392b1ec..f71dec46085 100644 --- a/plugins/poll/assets/javascripts/lib/discourse-markdown/poll.js.es6 +++ b/plugins/poll/assets/javascripts/lib/discourse-markdown/poll.js.es6 @@ -272,7 +272,7 @@ function newApiInit(helper) { } export function setup(helper) { - helper.whiteList([ + helper.allowList([ "div.poll", "div.poll-info", "div.poll-container",