Skip to content

Commit 75a4870

Browse files
authored
Merge pull request #82 from CAPS-DGU/develop
fix : iframe 하단 내용들 무시하는 부분 고침
2 parents 3b567f2 + 7c0d4b4 commit 75a4870

2 files changed

Lines changed: 20 additions & 1 deletion

File tree

src/components/WIKI/WikiEngine.jsx

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,10 @@ const ALLOWED_TAGS = [
3434

3535
const ALLOWED_ATTR = ['href', 'class', 'id', 'style', 'data-comment-index'];
3636

37+
// 명시적으로 금지할 태그 / 속성 (iframe, script, on* 이벤트 등)
38+
const FORBID_TAGS = ['iframe', 'script'];
39+
const FORBID_ATTR = ['onerror', 'onclick', 'onload', /^on.*/];
40+
3741
const WikiContent = ({ author, DocTitle, content, notFoundFlag, history, prevContent }) => {
3842
const [toc, setToc] = useState([]);
3943
const [comments, setComments] = useState([]);
@@ -127,6 +131,8 @@ const WikiContent = ({ author, DocTitle, content, notFoundFlag, history, prevCon
127131
const sanitizedHtml = DOMPurify.sanitize(wrappedHtml, {
128132
ALLOWED_TAGS,
129133
ALLOWED_ATTR,
134+
FORBID_TAGS,
135+
FORBID_ATTR,
130136
});
131137

132138
return {
@@ -237,6 +243,8 @@ const WikiContent = ({ author, DocTitle, content, notFoundFlag, history, prevCon
237243
__html: DOMPurify.sanitize(section.subtitle, {
238244
ALLOWED_TAGS,
239245
ALLOWED_ATTR,
246+
FORBID_TAGS,
247+
FORBID_ATTR,
240248
}),
241249
}}
242250
></span>
@@ -270,6 +278,8 @@ const WikiContent = ({ author, DocTitle, content, notFoundFlag, history, prevCon
270278
__html: DOMPurify.sanitize(htmlContent, {
271279
ALLOWED_TAGS,
272280
ALLOWED_ATTR,
281+
FORBID_TAGS,
282+
FORBID_ATTR,
273283
}),
274284
}}
275285
></div>
@@ -293,6 +303,8 @@ const WikiContent = ({ author, DocTitle, content, notFoundFlag, history, prevCon
293303
__html: DOMPurify.sanitize(comment, {
294304
ALLOWED_TAGS,
295305
ALLOWED_ATTR,
306+
FORBID_TAGS,
307+
FORBID_ATTR,
296308
}),
297309
}}
298310
></span>

src/components/WIKI/WikiEngine.tsx

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,11 @@ const ALLOWED_TAGS = [
3131
// 허용된 HTML 속성 목록
3232
const ALLOWED_ATTR = ["href", "class", "id", "style", "data-comment-index"];
3333

34+
// 명시적으로 금지할 태그 / 속성 (iframe, script, on* 이벤트 등)
35+
const FORBID_TAGS = ["iframe", "script"];
36+
// DOMPurify 타입 정의상 RegExp는 직접 넣기 까다로우므로 대표적인 이벤트 핸들러만 문자열로 명시
37+
const FORBID_ATTR = ["onerror", "onclick", "onload"];
38+
3439
interface WikiLink {
3540
text: string;
3641
href: string;
@@ -92,7 +97,9 @@ const WikiEngine: React.FC<WikiContentProps> = ({
9297
const sanitizedHtml = DOMPurify.sanitize(htmlContent, {
9398
ALLOWED_TAGS,
9499
ALLOWED_ATTR,
95-
});
100+
FORBID_TAGS,
101+
FORBID_ATTR,
102+
}) as string;
96103

97104
// 주석 목록 추가
98105
let finalHtml = sanitizedHtml;

0 commit comments

Comments
 (0)