fix: 加固链接/图标安全与版本一致性;sync-articles 对齐 best-effort
- 模板与运行时统一做 URL scheme 白名单校验(不安全降级为 #),并清洗 icon class;分类标题/新增分类改用 DOM API 避免 innerHTML 注入 - sync-articles 主入口异常不再返回非 0 退出码,避免阻断 build/deploy - window.MeNav.version 改为从 meta menav-version/配置自动读取,避免写死版本 - 文档/配置:新增 security.allowedSchemes 配置说明
This commit is contained in:
rbetree
@@ -23,7 +23,7 @@
|
||||
{{#if projectsMeta.heatmap}}
|
||||
<div class="welcome-section-side">
|
||||
<div class="heatmap-container" title="我的 GitHub 贡献热力图">
|
||||
<a href="{{projectsMeta.heatmap.profileUrl}}" target="_blank" rel="noopener">
|
||||
<a href="{{safeUrl projectsMeta.heatmap.profileUrl}}" target="_blank" rel="noopener">
|
||||
<img class="heatmap-img"
|
||||
src="{{projectsMeta.heatmap.imageUrl}}"
|
||||
alt="Github Chart"
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
{{#if url}}
|
||||
<a href="{{url}}" class="site-card{{#if style}} site-card-{{style}}{{/if}}" {{#if external}}target="_blank"
|
||||
rel="noopener" {{/if}} data-type="{{#if type}}{{type}}{{else}}site{{/if}}" data-name="{{name}}" data-url="{{url}}"
|
||||
data-icon="{{#if icon}}{{icon}}{{else}}fas fa-link{{/if}}" {{#if faviconUrl}}data-favicon-url="{{faviconUrl}}"
|
||||
{{/if}} {{#if forceIconMode}}data-force-icon-mode="{{forceIconMode}}" {{/if}}
|
||||
data-description="{{#if description}}{{description}}{{else}}{{extractDomain url}}{{/if}}"
|
||||
<a href="{{safeUrl url}}" class="site-card{{#if style}} site-card-{{style}}{{/if}}" {{#if external}}target="_blank"
|
||||
rel="noopener" {{/if}} data-type="{{#if type}}{{type}}{{else}}site{{/if}}" data-name="{{name}}" data-url="{{url}}"
|
||||
data-icon="{{#if icon}}{{icon}}{{else}}fas fa-link{{/if}}" {{#if faviconUrl}}data-favicon-url="{{faviconUrl}}"
|
||||
{{/if}} {{#if forceIconMode}}data-force-icon-mode="{{forceIconMode}}" {{/if}}
|
||||
data-description="{{#if description}}{{description}}{{else}}{{extractDomain url}}{{/if}}"
|
||||
data-tooltip="{{#if name}}{{name}}{{else}}未命名站点{{/if}}{{#if description}} - {{description}}{{else}} - {{extractDomain url}}{{/if}}"
|
||||
{{#if publishedAt}}data-published-at="{{publishedAt}}" {{/if}} {{#if source}}data-source="{{source}}" {{/if}}>
|
||||
{{!-- articles:首行图标+标题;下方“时间/来源 + 简介”全宽对齐,不被图标列缩进 --}}
|
||||
@@ -170,4 +170,4 @@
|
||||
{{/ifEquals}}
|
||||
{{/ifEquals}}
|
||||
</a>
|
||||
{{/if}}
|
||||
{{/if}}
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
{{#if this}}
|
||||
{{#each this}}
|
||||
<a href="{{url}}" class="social-icon" target="_blank" rel="noopener" title="{{name}}" aria-label="{{name}}" data-type="social-link" data-name="{{name}}" data-url="{{url}}" data-icon="{{icon}}">
|
||||
<i class="{{icon}}" aria-hidden="true"></i>
|
||||
<span class="nav-text visually-hidden" data-editable="social-link-name">{{name}}</span>
|
||||
<a href="{{safeUrl url}}" class="social-icon" target="_blank" rel="noopener" title="{{name}}" aria-label="{{name}}" data-type="social-link" data-name="{{name}}" data-url="{{url}}" data-icon="{{icon}}">
|
||||
<i class="{{icon}}" aria-hidden="true"></i>
|
||||
<span class="nav-text visually-hidden" data-editable="social-link-name">{{name}}</span>
|
||||
</a>
|
||||
{{/each}}
|
||||
{{/if}}
|
||||
|
||||
Reference in New Issue
Block a user