Merge remote-tracking branch 'origin/dev' into dev

kernel/model/attribute_view_render.go

@@ -85,9 +85,6 @@ func renderAttributeView(attrView *av.AttributeView, nodeID, viewID, query strin
 	checkAttrView(attrView, view)
 	upgradeAttributeViewSpec(attrView)
 
-	// 消毒
-	sanitizeAttrView(attrView)
-
 	// 渲染视图
 	viewable = sql.RenderView(attrView, view, query)
 	err = renderViewableInstance(viewable, view, attrView, page, pageSize)
@@ -100,18 +97,6 @@ func renderAttributeView(attrView *av.AttributeView, nodeID, viewID, query strin
 	return
 }
 
-func sanitizeAttrView(attrView *av.AttributeView) {
-	for _, kv := range attrView.KeyValues {
-		for _, v := range kv.Values {
-			if av.KeyTypeMAsset == v.Type {
-				for _, a := range v.MAsset {
-					a.Content = util.SanitizeHtmlTagAttr(a.Content)
-				}
-			}
-		}
-	}
-}
-
 func renderAttributeViewGroups(viewable av.Viewable, attrView *av.AttributeView, view *av.View, query string, page, pageSize int, groupPaging map[string]interface{}) (err error) {
 	groupKey := view.GetGroupKey(attrView)
 	if nil == groupKey {

kernel/util/misc.go

@@ -20,14 +20,12 @@ import (
 	"bytes"
 	"fmt"
 	"math/rand"
-	"net/url"
 	"regexp"
 	"strconv"
 	"strings"
 	"unicode"
 
 	"github.com/88250/lute/html"
-	"github.com/microcosm-cc/bluemonday"
 	"github.com/siyuan-note/logging"
 )
 
@@ -213,22 +211,6 @@ func GetContainsSubStrs(s string, subStrs []string) (ret []string) {
 	return
 }
 
-func SanitizeHtmlTagAttr(val string) string {
-	val = strings.TrimSpace(val)
-	u, err := url.Parse(val)
-	if err == nil {
-		val = u.String()
-	}
-	h := "<div data-attr=\"" + val + "\">"
-	p := bluemonday.UGCPolicy()
-	p.AllowRelativeURLs(true)
-	p.AllowDataAttributes()
-	ret := p.Sanitize(h)
-	ret = strings.TrimPrefix(ret, "<div data-attr=\"")
-	ret = strings.TrimSuffix(ret, "\">")
-	return ret
-}
-
 func SanitizeSVG(svgInput string) string {
 	// 1. 将字符串解析为节点树
 	doc, err := html.Parse(strings.NewReader(svgInput))