From 0341e8fd1903774669b371dc7f246f32cfe672d9 Mon Sep 17 00:00:00 2001 From: tomasc <49659410+tx0c@users.noreply.github.com> Date: Wed, 29 Sep 2021 10:02:15 +0000 Subject: [PATCH 1/2] make unittest for server side for sure not to touch the pre code-block part of reason for thematters/matters-web#2114 is server not saving exactly same pre code-block, as 
Pre1\n

next paragraph... server side is always dropping the `spellcheck="false"`, then next time when editor is loading the pre code-block incomplete, it triggers `clipboard.convert` to parse again, and in MattersArticleEditor the `mentionContainer` reference is causing ReactQuill to re-initialize twice every time, caused converting between `HTML <=> Delta` happening 6 or even more times, and eventually caused wrong parsing --- src/common/utils/__test__/xss.test.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/common/utils/__test__/xss.test.ts b/src/common/utils/__test__/xss.test.ts index 9ef93b158..3e6e8c46a 100644 --- a/src/common/utils/__test__/xss.test.ts +++ b/src/common/utils/__test__/xss.test.ts @@ -37,6 +37,10 @@ test('valid contents', async () => { content: '

', }, + { + content: + '
Pre1\n

Para2

Para3

', + }, ] htmls.forEach(({ content }) => { From 3c9fcccb22a78313d967aa63f305c9ad325d8c1a Mon Sep 17 00:00:00 2001 From: tomasc <49659410+tx0c@users.noreply.github.com> Date: Thu, 30 Sep 2021 18:16:48 +0000 Subject: [PATCH 2/2] sanitize xss filter whitelist pre: ['spellcheck'] --- src/common/utils/xss.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/common/utils/xss.ts b/src/common/utils/xss.ts index e2ece71c1..a86f84f67 100644 --- a/src/common/utils/xss.ts +++ b/src/common/utils/xss.ts @@ -3,6 +3,7 @@ import * as xss from 'xss' const CUSTOM_WHITELIST = { source: ['src', 'type'], iframe: ['src', 'frameborder', 'allowfullscreen', 'sandbox'], + pre: ['spellcheck'], } const IFRAME_SANDBOX_WHITELIST = [