From 74e20dcb3e41d8c51c0a79f99e4ede4d8f6b0bde Mon Sep 17 00:00:00 2001 From: Le Tan Date: Wed, 19 Jun 2024 23:11:13 +0800 Subject: [PATCH] turn on XSS protection by default --- src/core/mainconfig.cpp | 1 + src/core/markdowneditorconfig.h | 2 +- src/data/core/vnotex.json | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/core/mainconfig.cpp b/src/core/mainconfig.cpp index a9e7254c90..fcf6fff0f9 100644 --- a/src/core/mainconfig.cpp +++ b/src/core/mainconfig.cpp @@ -119,4 +119,5 @@ QString MainConfig::getVersion(const QJsonObject &p_jobj) void MainConfig::doVersionSpecificOverride() { // In a new version, we may want to change one value by force. + m_editorConfig->getMarkdownEditorConfig().m_protectFromXss = true; } diff --git a/src/core/markdowneditorconfig.h b/src/core/markdowneditorconfig.h index 97d2701c8e..9a92464d4e 100644 --- a/src/core/markdowneditorconfig.h +++ b/src/core/markdowneditorconfig.h @@ -231,7 +231,7 @@ namespace vnotex bool m_fetchImagesInParseAndPaste = true; // Whether protect from Cross-Site Scripting. - bool m_protectFromXss = false; + bool m_protectFromXss = true; // Whether allow HTML tag in Markdown source. bool m_htmlTagEnabled = true; diff --git a/src/data/core/vnotex.json b/src/data/core/vnotex.json index 29300e95b0..84ac467e6b 100644 --- a/src/data/core/vnotex.json +++ b/src/data/core/vnotex.json @@ -462,7 +462,7 @@ "//comment" : "Whether fetch images to local in Parse To Markdown And Paste", "fetch_images_in_parse_and_paste" : true, "//comment" : "Whether protect from Cross-Site Scripting attack", - "protect_from_xss" : false, + "protect_from_xss" : true, "//comment" : "Whether allow HTML tags in source", "html_tag" : true, "//comment" : "Whether auto break a line with '\\n'",