sinvo/docmost
1
0
Fork 0
mirror of https://github.com/docmost/docmost.git synced 2026-05-07 06:23:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

merge commit

Browse Source
This commit is contained in:
Philipinho
2026-03-24 10:52:09 +00:00
parent 975b4dcaab
commit 6d6f3a8a8e
3 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/client/src/lib/config.ts
+2 -1
View File
@@ -1,6 +1,7 @@
import bytes from "bytes"; import bytes from "bytes";
import { castToBoolean } from "@/lib/utils.tsx"; import { castToBoolean } from "@/lib/utils.tsx";
import { AvatarIconType } from "@/features/attachments/types/attachment.types.ts"; import { AvatarIconType } from "@/features/attachments/types/attachment.types.ts";
import { sanitizeUrl } from "@docmost/editor-ext";
declare global { declare global {
interface Window { interface Window {
@@ -66,7 +67,7 @@ export function getFileUrl(src: string) {
if (src.startsWith("/files/")) { if (src.startsWith("/files/")) {
return getBackendUrl() + src; return getBackendUrl() + src;
} }
return src; return sanitizeUrl(src);
} }
export function getFileUploadSizeLimit() { export function getFileUploadSizeLimit() {
apps/server/src/core/attachment/services/attachment.service.ts
+2 -2
View File
@@ -70,8 +70,8 @@ export class AttachmentService {
} }
if ( if (
existingAttachment.pageId !== pageId && existingAttachment.pageId !== pageId ||
existingAttachment.fileExt !== preparedFile.fileExtension && existingAttachment.fileExt !== preparedFile.fileExtension ||
existingAttachment.workspaceId !== workspaceId existingAttachment.workspaceId !== workspaceId
) { ) {
throw new BadRequestException('File attachment does not match'); throw new BadRequestException('File attachment does not match');
packages/editor-ext/src/lib/attachment/attachment.ts
+7 -3
View File
@@ -1,5 +1,6 @@
import { Node, mergeAttributes } from "@tiptap/core"; import { Node, mergeAttributes } from "@tiptap/core";
import { ReactNodeViewRenderer } from "@tiptap/react"; import { ReactNodeViewRenderer } from "@tiptap/react";
import { sanitizeUrl } from "../utils";
export interface AttachmentOptions { export interface AttachmentOptions {
HTMLAttributes: Record<string, any>; HTMLAttributes: Record<string, any>;
@@ -42,9 +43,12 @@ export const Attachment = Node.create<AttachmentOptions>({
return { return {
url: { url: {
default: "", default: "",
parseHTML: (element) => element.getAttribute("data-attachment-url"), parseHTML: (element) => {
const url = element.getAttribute("data-attachment-url");
return sanitizeUrl(url);
},
renderHTML: (attributes) => ({ renderHTML: (attributes) => ({
"data-attachment-url": attributes.url, "data-attachment-url": sanitizeUrl(attributes.url),
}), }),
}, },
name: { name: {
@@ -101,7 +105,7 @@ export const Attachment = Node.create<AttachmentOptions>({
[ [
"a", "a",
{ {
href: HTMLAttributes["data-attachment-url"], href: sanitizeUrl(HTMLAttributes["data-attachment-url"]),
class: "attachment", class: "attachment",
target: "blank", target: "blank",
}, },