From fd18eb70301de2ce3c9265e2986c14a3e2c0d356 Mon Sep 17 00:00:00 2001
From: moonrailgun <moonrailgun@gmail.com>
Date: Sat, 15 Jul 2023 16:49:49 +0800
Subject: [PATCH] perf: update custom web panel render xss rules

---
 .../src/group/GroupCustomWebPanelRender.tsx       | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/client/web/plugins/com.msgbyte.webview/src/group/GroupCustomWebPanelRender.tsx b/client/web/plugins/com.msgbyte.webview/src/group/GroupCustomWebPanelRender.tsx
index 9452a873..917ca6fa 100644
--- a/client/web/plugins/com.msgbyte.webview/src/group/GroupCustomWebPanelRender.tsx
+++ b/client/web/plugins/com.msgbyte.webview/src/group/GroupCustomWebPanelRender.tsx
@@ -1,6 +1,6 @@
 import React, { useEffect, useRef, useState } from 'react';
 import { Translate } from '../translate';
-import xss from 'xss';
+import { FilterXSS, filterXSS, getDefaultWhiteList, IWhiteList } from 'xss';
 import { useWatch } from '@capital/common';
 import { GroupExtraDataPanel, TextArea } from '@capital/component';
 import styled from 'styled-components';
@@ -24,6 +24,16 @@ const EditModalContent = styled.div`
   }
 `;
 
+const xss = new FilterXSS({
+  css: false,
+  onIgnoreTag: function (tag, html, options) {
+    if (['html', 'body', 'head', 'meta', 'style', 'iframe'].includes(tag)) {
+      // 不对其属性列表进行过滤
+      return html;
+    }
+  },
+});
+
 function getInjectedStyle() {
   try {
     // 当前面板文本颜色
@@ -48,7 +58,8 @@ const GroupCustomWebPanelRender: React.FC<{ html: string }> = (props) => {
 
     const doc = ref.current.contentWindow.document;
     doc.open();
-    doc.writeln(getInjectedStyle(), xss(html));
+    console.log('html', xss.process(html));
+    doc.writeln(getInjectedStyle(), xss.process(html));
     doc.close();
   }, [html]);