fix: prevent HTML rendering in preview mode (#2986)

Prevent HTML rendering in preview mode if HTML rendering is disabled in settings. We allow the img tag to support our image resizer.
2025-05-02 07:31:18 +08:00 · 2022-02-07 11:55:45 +01:00 · 2022-02-07 11:55:45 +01:00 · 247a9e38e2
commit 247a9e38e2
parent 1d4cd88b3e
1 changed files with 17 additions and 4 deletions
--- a/src/muya/lib/parser/index.js
+++ b/src/muya/lib/parser/index.js
@ -32,12 +32,26 @@ const correctUrl = token => {
  }
 }

+const matchHtmlTag = (src, disableHtml) => {
+  const match = inlineRules.html_tag.exec(src)
+  if (!match) {
+    return null
+  }
+
+  // Ignore HTML tag when HTML rendering is disabled and import it as plain text.
+  // NB: We have to allow img tag to support image resizer and options.
+  if (disableHtml && (!match[3] || !/^img$/i.test(match[3]))) {
+    return null
+  }
+  return match
+}
+
 const tokenizerFac = (src, beginRules, inlineRules, pos = 0, top, labels, options) => {
  const originSrc = src
  const tokens = []
  let pending = ''
  let pendingStartPos = pos
-  const { superSubScript, footnote } = options
+  const { disableHtml, superSubScript, footnote } = options
  const pushPending = () => {
    if (pending) {
      tokens.push({
@ -427,7 +441,7 @@ const tokenizerFac = (src, beginRules, inlineRules, pos = 0, top, labels, option
    }

    // html-tag
-    const htmlTo = inlineRules.html_tag.exec(src)
+    const htmlTo = matchHtmlTag(src, disableHtml)
    let attrs
    // handle comment
    if (htmlTo && htmlTo[1] && !htmlTo[3]) {
@ -448,8 +462,7 @@ const tokenizerFac = (src, beginRules, inlineRules, pos = 0, top, labels, option
      src = src.substring(len)
      pos = pos + len
      continue
-    }
-    if (htmlTo && !(disallowedHtmlTag.test(htmlTo[3])) && (attrs = getAttributes(htmlTo[0]))) {
+    } else if (htmlTo && !(disallowedHtmlTag.test(htmlTo[3])) && (attrs = getAttributes(htmlTo[0]))) {
      const tag = htmlTo[3]
      const html = htmlTo[0]
      const len = htmlTo[0].length