Bennett/g0v0-server
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update bbcode_service.py

Browse Source
This commit is contained in:
咕谷酱
2025-09-16 00:44:38 +08:00
parent 0b43f2aad8
commit 0913625836
1 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/service/bbcode_service.py
View File

@@ -25,7 +25,7 @@ class BBCodeService:
# 允许的HTML标签和属性 - 基于官方实现 # 允许的HTML标签和属性 - 基于官方实现
ALLOWED_TAGS: ClassVar[list[str]] = [ ALLOWED_TAGS: ClassVar[list[str]] = [
"a", "audio", "blockquote", "br", "center", "code", "del", "div", "em", "h2", "h4", "a", "audio", "blockquote", "br", "button", "center", "code", "del", "div", "em", "h2", "h4",
"iframe", "img", "li", "ol", "p", "pre", "span", "strong", "u", "ul", "iframe", "img", "li", "ol", "p", "pre", "span", "strong", "u", "ul",
# imagemap 相关 # imagemap 相关
"map", "area", "map", "area",
@@ -37,6 +37,7 @@ class BBCodeService:
"a": ["href", "rel", "class", "data-user-id", "target", "style", "title"], "a": ["href", "rel", "class", "data-user-id", "target", "style", "title"],
"audio": ["controls", "preload", "src"], "audio": ["controls", "preload", "src"],
"blockquote": [], "blockquote": [],
"button": ["type", "class", "style"],
"center": [], "center": [],
"code": [], "code": [],
"div": ["class", "style"], "div": ["class", "style"],
@@ -56,7 +57,7 @@ class BBCodeService:
# 危险的BBCode标签不允许 # 危险的BBCode标签不允许
FORBIDDEN_TAGS: ClassVar[list[str]] = [ FORBIDDEN_TAGS: ClassVar[list[str]] = [
"script", "iframe", "object", "embed", "form", "input", "textarea", "button", "script", "iframe", "object", "embed", "form", "input", "textarea",
"select", "option", "meta", "link", "style", "title", "head", "html", "body", "select", "option", "meta", "link", "style", "title", "head", "html", "body",
] ]
@@ -140,8 +141,9 @@ class BBCodeService:
content = match.group(2) content = match.group(2)
return ( return (
f"<div class='js-spoilerbox bbcode-spoilerbox'>" f"<div class='js-spoilerbox bbcode-spoilerbox'>"
f"<a class='js-spoilerbox__link bbcode-spoilerbox__link' href='#'>" f"<button type='button' class='js-spoilerbox__link bbcode-spoilerbox__link' "
f"<span class='bbcode-spoilerbox__link-icon'></span>{title}</a>" f"style='background: none; border: none; cursor: pointer; padding: 0; text-align: left; width: 100%;'>"
f"<span class='bbcode-spoilerbox__link-icon'></span>{title}</button>"
f"<div class='js-spoilerbox__body bbcode-spoilerbox__body'>{content}</div></div>" f"<div class='js-spoilerbox__body bbcode-spoilerbox__body'>{content}</div></div>"
) )
@@ -154,8 +156,9 @@ class BBCodeService:
content = match.group(1) content = match.group(1)
return ( return (
f"<div class='js-spoilerbox bbcode-spoilerbox'>" f"<div class='js-spoilerbox bbcode-spoilerbox'>"
f"<a class='js-spoilerbox__link bbcode-spoilerbox__link' href='#'>" f"<button type='button' class='js-spoilerbox__link bbcode-spoilerbox__link' "
f"<span class='bbcode-spoilerbox__link-icon'></span>SPOILER</a>" f"style='background: none; border: none; cursor: pointer; padding: 0; text-align: left; width: 100%;'>"
f"<span class='bbcode-spoilerbox__link-icon'></span>SPOILER</button>"
f"<div class='js-spoilerbox__body bbcode-spoilerbox__body'>{content}</div></div>" f"<div class='js-spoilerbox__body bbcode-spoilerbox__body'>{content}</div></div>"
) )
@@ -438,6 +441,7 @@ class BBCodeService:
css_sanitizer = CSSSanitizer( css_sanitizer = CSSSanitizer(
allowed_css_properties=[ allowed_css_properties=[
"color", "color",
"background",
"background-color", "background-color",
"font-size", "font-size",
"font-weight", "font-weight",
@@ -456,6 +460,9 @@ class BBCodeService:
"aspect-ratio", "aspect-ratio",
"z-index", "z-index",
"display", "display",
"border",
"border-none",
"cursor",
] ]
) )