Fix hljs class parsing (#1174)

2023-06-06 18:43:23 -02:30
parent 273a69258a
commit 80530012b8
1 changed files with 8 additions and 6 deletions
--- a/helpers/parse.js
+++ b/helpers/parse.js
@@ -50,12 +50,14 @@ export const configuredXss = new xss.FilterXSS({
    }
    // For Highlight.JS
-    if (
+    if (name === 'class' && ['pre', 'code', 'span'].includes(tag)) {
-      name === 'class' &&
+      const allowedClasses = []
-      ['pre', 'code', 'span'].includes(tag) &&
+      for (const className of value.split(/\s/g)) {
-      (value.startsWith('hljs-') || value.startsWith('language-'))
+        if (className.startsWith('hljs-') || className.startsWith('language-')) {
-    ) {
+          allowedClasses.push(className)
-      return name + '="' + xss.escapeAttrValue(value) + '"'
+        }
      }
      return name + '="' + xss.escapeAttrValue(allowedClasses.join(' ')) + '"'
    }
  },
  safeAttrValue(tag, name, value, cssFilter) {