dawy_go/vnote
1
0
Fork 0
mirror of https://gitee.com/vnotex/vnote.git synced 2025-07-05 05:49:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

turn on XSS protection by default

Browse Source
This commit is contained in:
Le Tan 2024-06-19 23:11:13 +08:00
parent 9a971860e0
commit 74e20dcb3e
3 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/core/mainconfig.cpp
View File

@ -119,4 +119,5 @@ QString MainConfig::getVersion(const QJsonObject &p_jobj)
void MainConfig::doVersionSpecificOverride() void MainConfig::doVersionSpecificOverride()
{ {
// In a new version, we may want to change one value by force. // In a new version, we may want to change one value by force.
m_editorConfig->getMarkdownEditorConfig().m_protectFromXss = true;
} }

2
src/core/markdowneditorconfig.h
View File

@ -231,7 +231,7 @@ namespace vnotex
bool m_fetchImagesInParseAndPaste = true; bool m_fetchImagesInParseAndPaste = true;
// Whether protect from Cross-Site Scripting. // Whether protect from Cross-Site Scripting.
bool m_protectFromXss = false; bool m_protectFromXss = true;
// Whether allow HTML tag in Markdown source. // Whether allow HTML tag in Markdown source.
bool m_htmlTagEnabled = true; bool m_htmlTagEnabled = true;

2
src/data/core/vnotex.json
View File

@ -462,7 +462,7 @@
"//comment" : "Whether fetch images to local in Parse To Markdown And Paste", "//comment" : "Whether fetch images to local in Parse To Markdown And Paste",
"fetch_images_in_parse_and_paste" : true, "fetch_images_in_parse_and_paste" : true,
"//comment" : "Whether protect from Cross-Site Scripting attack", "//comment" : "Whether protect from Cross-Site Scripting attack",
"protect_from_xss" : false, "protect_from_xss" : true,
"//comment" : "Whether allow HTML tags in source", "//comment" : "Whether allow HTML tags in source",
"html_tag" : true, "html_tag" : true,
"//comment" : "Whether auto break a line with '\\n'", "//comment" : "Whether auto break a line with '\\n'",