vhad/plane
1
0
Fork 0
mirror of https://github.com/gosticks/plane.git synced 2025-10-16 12:45:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[WEB-4806] chore: updated html attribute validation #7719

Browse Source
This commit is contained in:
Bavisetti Narayan 2025-09-04 13:52:43 +05:30 committed by sriramveeraghanta
parent cab5d20217
commit c40c7804e7
1 changed files with 44 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
apps/api/plane/utils/content_validator.py
View File

@ -67,20 +67,9 @@ def validate_binary_data(data):
# Combine custom components and editor-specific nodes into a single set of tags # Combine custom components and editor-specific nodes into a single set of tags
CUSTOM_TAGS = { CUSTOM_TAGS = {
# editor node/tag names # editor node/tag names
"imageComponent", "mention-component",
"image", "label",
"mention", "input",
"link",
"customColor",
"emoji",
"tableHeader",
"tableCell",
"tableRow",
"codeBlock",
"code",
"horizontalRule",
"calloutComponent",
# component-style tag used by editor embeds
"image-component", "image-component",
} }
ALLOWED_TAGS = nh3.ALLOWED_TAGS | CUSTOM_TAGS ALLOWED_TAGS = nh3.ALLOWED_TAGS | CUSTOM_TAGS
@ -102,49 +91,64 @@ ATTRIBUTES = {
"data-node-type", "data-node-type",
"data-type", "data-type",
"data-checked", "data-checked",
"data-background", "data-background-color",
"data-text-color", "data-text-color",
"data-name",
# callout attributes
"data-icon-name", "data-icon-name",
"data-icon-color", "data-icon-color",
"data-background-color", "data-background",
"data-emoji-unicode", "data-emoji-unicode",
"data-emoji-url", "data-emoji-url",
"data-logo-in-use", "data-logo-in-use",
"data-block-type", "data-block-type",
"data-name",
"data-entity-id",
"data-entity-group-id",
}, },
"a": {"href", "target"}, "a": {"href", "target"},
# editor node/tag attributes # editor node/tag attributes
"imageComponent": {"id", "width", "height", "aspectRatio", "src", "alignment"}, "image-component": {
"image": {"width", "height", "aspectRatio", "alignment", "src", "alt", "title"}, "id",
"mention": {"id", "entity_identifier", "entity_name"}, "width",
"link": {"href", "target"}, "height",
"customColor": {"color", "backgroundColor"}, "aspectRatio",
"emoji": {"name"}, "aspectratio",
"tableHeader": {"colspan", "rowspan", "colwidth", "background", "hideContent"}, "src",
"tableCell": { "alignment",
},
"img": {
"width",
"height",
"aspectRatio",
"aspectratio",
"alignment",
"src",
"alt",
"title",
},
"mention-component": {"id", "entity_identifier", "entity_name"},
"th": {
"colspan",
"rowspan",
"colwidth",
"background",
"hideContent",
"hidecontent",
"style",
},
"td": {
"colspan", "colspan",
"rowspan", "rowspan",
"colwidth", "colwidth",
"background", "background",
"textColor", "textColor",
"textcolor",
"hideContent", "hideContent",
"hidecontent",
"style",
}, },
"tableRow": {"background", "textColor"}, "tr": {"background", "textColor", "textcolor", "style"},
"codeBlock": {"language"}, "pre": {"language"},
"calloutComponent": { "code": {"language", "spellcheck"},
"data-icon-color", "input": {"type", "checked"},
"data-icon-name",
"data-emoji-unicode",
"data-emoji-url",
"data-logo-in-use",
"data-background",
"data-block-type",
},
# image-component (from editor extension and seeds)
"image-component": {"src", "id", "width", "height", "aspectratio", "alignment"},
} }
SAFE_PROTOCOLS = {"http", "https", "mailto", "tel"} SAFE_PROTOCOLS = {"http", "https", "mailto", "tel"}