From eea8db928890790aad058e3961bc6b937bbff91a Mon Sep 17 00:00:00 2001 From: HarveyKandola Date: Tue, 7 Sep 2021 20:18:30 -0400 Subject: [PATCH] Fingerprint during Ember build --- domain/document/endpoint.go | 4 ++ domain/section/frame/frame.go | 1 + domain/section/markdown/markdown.go | 1 + domain/space/endpoint.go | 4 +- edition/community.go | 2 +- gui/ember-cli-build.js | 67 +++++++++++++++-------------- 6 files changed, 45 insertions(+), 34 deletions(-) diff --git a/domain/document/endpoint.go b/domain/document/endpoint.go index a9937bcf2..2ee2d56f8 100644 --- a/domain/document/endpoint.go +++ b/domain/document/endpoint.go @@ -43,6 +43,7 @@ import ( "github.com/documize/community/model/space" "github.com/documize/community/model/user" "github.com/documize/community/model/workflow" + "github.com/microcosm-cc/bluemonday" ) // Handler contains the runtime information such as logging and database. @@ -270,6 +271,9 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) { } } + d.Name = bluemonday.StrictPolicy().Sanitize(d.Name) + d.Excerpt = bluemonday.StrictPolicy().Sanitize(d.Excerpt) + err = h.Store.Document.Update(ctx, d) if err != nil { h.Runtime.Rollback(ctx.Transaction) diff --git a/domain/section/frame/frame.go b/domain/section/frame/frame.go index 0de3ac304..c0e85dccd 100644 --- a/domain/section/frame/frame.go +++ b/domain/section/frame/frame.go @@ -54,5 +54,6 @@ func (*Provider) Refresh(ctx *provider.Context, config, data string) string { } func embed(config, data string) string { + // return bluemonday.UGCPolicy().Sanitize(data) return data } diff --git a/domain/section/markdown/markdown.go b/domain/section/markdown/markdown.go index ad8bcca50..06610f23c 100644 --- a/domain/section/markdown/markdown.go +++ b/domain/section/markdown/markdown.go @@ -47,6 +47,7 @@ func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.R } // Render converts markdown data into HTML suitable for browser rendering. +// See also https://github.com/yuin/goldmark func (*Provider) Render(ctx *provider.Context, config, data string) string { unsafe := blackfriday.Run([]byte(data)) diff --git a/domain/space/endpoint.go b/domain/space/endpoint.go index c579aaa62..38344745d 100644 --- a/domain/space/endpoint.go +++ b/domain/space/endpoint.go @@ -44,6 +44,7 @@ import ( "github.com/documize/community/model/space" "github.com/documize/community/model/user" wf "github.com/documize/community/model/workflow" + "github.com/microcosm-cc/bluemonday" uuid "github.com/nu7hatch/gouuid" ) @@ -99,7 +100,8 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) { var sp space.Space sp.Name = model.Name - sp.Description = model.Description + sp.Description = bluemonday.StrictPolicy().Sanitize(model.Description) + sp.Icon = model.Icon sp.LabelID = model.LabelID sp.RefID = uniqueid.Generate() diff --git a/edition/community.go b/edition/community.go index 0127c57ba..60ed69641 100644 --- a/edition/community.go +++ b/edition/community.go @@ -41,7 +41,7 @@ func main() { rt.Product.Major = "4" rt.Product.Minor = "0" rt.Product.Patch = "0" - rt.Product.Revision = "210817183831" + rt.Product.Revision = "210907143905" rt.Product.Version = fmt.Sprintf("%s.%s.%s", rt.Product.Major, rt.Product.Minor, rt.Product.Patch) rt.Product.Edition = domain.CommunityEdition rt.Product.Title = fmt.Sprintf("%s Edition", rt.Product.Edition) diff --git a/gui/ember-cli-build.js b/gui/ember-cli-build.js index cc6d1004d..5ae3bcb01 100644 --- a/gui/ember-cli-build.js +++ b/gui/ember-cli-build.js @@ -7,48 +7,51 @@ let isDevelopment = EmberApp.env() === 'development'; module.exports = function(defaults) { let app = new EmberApp(defaults, { - 'ember-cli-terser': { - enabled: !isDevelopment, - exclude: ['tinymce/**', 'codemirror/**', 'prism/**', 'pdfjs/**'], - - hiddenSourceMap: true, - - fingerprint: { + fingerprint: { enabled: true, generateAssetMap: true, - fingerprintAssetMap: true, + fingerprintAssetMap: false, prepend: '/', extensions: ['js', 'css'], exclude: ['tinymce/**', 'codemirror/**', 'prism/**', 'pdfjs/**'] - }, + }, - minifyJS: { - enabled: !isDevelopment, - options: { - exclude: ['tinymce/**', 'codemirror/**', 'prism/**', 'pdfjs/**'] - } - }, + minifyCSS: { + enabled: !isDevelopment, + options: { + exclude: ['tinymce/**', 'codemirror/**', 'prism/**', 'pdfjs/**'] + } + }, - minifyCSS: { - enabled: !isDevelopment, - options: { - exclude: ['tinymce/**', 'codemirror/**', 'prism/**', 'pdfjs/**'] + outputPaths: { + app: { + css: { + 'app': '/assets/documize.css', + 'themes/conference': '/assets/theme-conference.css', + 'themes/forest': '/assets/theme-forest.css', + 'themes/brave': '/assets/theme-brave.css', + 'themes/harvest': '/assets/theme-harvest.css', + 'themes/sunflower': '/assets/theme-sunflower.css', + 'themes/silver': '/assets/theme-silver.css', } + } + }, + + 'ember-cli-terser': { + enabled: !isDevelopment, + exclude: ['tinymce/**', 'codemirror/**', 'prism/**', 'pdfjs/**'], + + hiddenSourceMap: true, + + terser: { }, - outputPaths: { - app: { - css: { - 'app': '/assets/documize.css', - 'themes/conference': '/assets/theme-conference.css', - 'themes/forest': '/assets/theme-forest.css', - 'themes/brave': '/assets/theme-brave.css', - 'themes/harvest': '/assets/theme-harvest.css', - 'themes/sunflower': '/assets/theme-sunflower.css', - 'themes/silver': '/assets/theme-silver.css', - } - } - } + // minifyJS: { + // enabled: !isDevelopment, + // options: { + // exclude: ['tinymce/**', 'codemirror/**', 'prism/**', 'pdfjs/**'] + // } + // }, }, });