Skip to content

.1502411993651747:ac3bcb3f140171691d75c8bfec2c7bfe_69f56f29dc48703ced6ce1f3.69f56f99dc48703ced6ce207.69f56f98ff5d45dc322cbd5c:Trae CN.T(2026/5/2 11:29:29)#707

Open
lovely90133 wants to merge 3 commits intouiwjs:masterfrom
lovely90133:trae4
Open

.1502411993651747:ac3bcb3f140171691d75c8bfec2c7bfe_69f56f29dc48703ced6ce1f3.69f56f99dc48703ced6ce207.69f56f98ff5d45dc322cbd5c:Trae CN.T(2026/5/2 11:29:29)#707
lovely90133 wants to merge 3 commits intouiwjs:masterfrom
lovely90133:trae4

Conversation

@lovely90133
Copy link
Copy Markdown

@lovely90133 lovely90133 commented May 2, 2026

docs(core): 完善安全边界文档和XSS保护机制注释

添加详细的文档说明和代码注释,明确以下安全责任边界:

  1. previewOptions 的自动 sanitize 注入规则
  2. 自定义 preview 组件的安全风险
  3. MDEditor.Markdown 静态组件的安全注意事项
  4. 核心安全函数的实现逻辑和边界条件

lovely90133 added 3 commits May 2, 2026 09:36
@lovely90133
feat(安全): 添加默认的XSS防护功能
a9a48d7 
添加rehype-sanitize作为默认的markdown预览安全插件
实现自动合并用户自定义rehype插件与默认安全插件
添加全面的XSS安全测试用例
@lovely90133
test(xss-security): 增强XSS安全回归测试的覆盖范围和断言
afccc63 
添加更多XSS测试用例并完善断言,验证默认sanitize行为与自定义rehype插件的交互
确保测试覆盖安全风险场景并明确标记潜在风险
@lovely90133
docs(core): 完善安全边界文档和XSS保护机制注释
588451e 
添加详细的文档说明和代码注释,明确以下安全责任边界:
1. previewOptions 的自动 sanitize 注入规则
2. 自定义 preview 组件的安全风险
3. MDEditor.Markdown 静态组件的安全注意事项
4. 核心安全函数的实现逻辑和边界条件
@vercel
Copy link
Copy Markdown

vercel Bot commented May 2, 2026

@lovely90133 is attempting to deploy a commit to the kenny wong's projects Team on Vercel.

A member of the Team first needs to authorize it.

@jaywcjlove
Copy link
Copy Markdown
Member

jaywcjlove commented May 2, 2026

@lovely90133 rehype-sanitize 没有默认集成进来时 rehype-sanitize 会破坏标签的一些属性值,不能显示 html 执行 js 脚本,在有些项目中我需要这些

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lovely90133 @jaywcjlove