From 594d9a6ec3ded738576771fda1a410b394b872cb Mon Sep 17 00:00:00 2001 From: cyfung1031 <44498510+cyfung1031@users.noreply.github.com> Date: Tue, 3 Mar 2026 19:55:56 +0900 Subject: [PATCH 1/3] fix #1274 --- src/app/service/service_worker/index.ts | 2 +- src/pages/popup/App.tsx | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/app/service/service_worker/index.ts b/src/app/service/service_worker/index.ts index 70a7c8d61..b4faf6a65 100644 --- a/src/app/service/service_worker/index.ts +++ b/src/app/service/service_worker/index.ts @@ -116,7 +116,7 @@ export default class ServiceWorkerManager { .then((resp: { data: { [key: string]: any; notice: string; version: string } }) => { const data = resp.data; systemConfig - .getCheckUpdate({ sanitizeHTML }) + .getCheckUpdate() .then((items) => { const isRead = items.notice !== data.notice ? false : items.isRead; systemConfig.setCheckUpdate({ ...data, isRead: isRead }); diff --git a/src/pages/popup/App.tsx b/src/pages/popup/App.tsx index 4dcec595d..33ffde740 100644 --- a/src/pages/popup/App.tsx +++ b/src/pages/popup/App.tsx @@ -271,9 +271,12 @@ function App() { const checkScriptEnableAndUpdate = async () => { const [isEnableScript, checkUpdate] = await Promise.all([ systemConfig.getEnableScript(), - systemConfig.getCheckUpdate({ sanitizeHTML }), + systemConfig.getCheckUpdate(), ]); if (!hookMgr.isMounted) return; + if (typeof checkUpdate.notice === "string") { + checkUpdate.notice = sanitizeHTML(checkUpdate.notice); + } setIsEnableScript(isEnableScript); setCheckUpdate(checkUpdate); }; From be5e62064696c7d12c3627db6b3cd27e0d75bef1 Mon Sep 17 00:00:00 2001 From: cyfung1031 <44498510+cyfung1031@users.noreply.github.com> Date: Tue, 3 Mar 2026 19:58:00 +0900 Subject: [PATCH 2/3] Update index.ts --- src/app/service/service_worker/index.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/app/service/service_worker/index.ts b/src/app/service/service_worker/index.ts index b4faf6a65..51f381283 100644 --- a/src/app/service/service_worker/index.ts +++ b/src/app/service/service_worker/index.ts @@ -21,7 +21,6 @@ import { FaviconDAO } from "@App/app/repo/favicon"; import { onRegularUpdateCheckAlarm } from "./regular_updatecheck"; import { cacheInstance } from "@App/app/cache"; import { InfoNotification } from "./utils"; -import { sanitizeHTML } from "@App/pkg/utils/sanitize"; // service worker的管理器 export default class ServiceWorkerManager { From ebfb33ead688f24b975415622d8392bb0646b3c8 Mon Sep 17 00:00:00 2001 From: cyfung1031 <44498510+cyfung1031@users.noreply.github.com> Date: Wed, 4 Mar 2026 03:16:45 +0900 Subject: [PATCH 3/3] Array.includes -> Set.has --- src/pkg/utils/sanitize.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pkg/utils/sanitize.ts b/src/pkg/utils/sanitize.ts index 264fbb01b..5ab1f34a3 100644 --- a/src/pkg/utils/sanitize.ts +++ b/src/pkg/utils/sanitize.ts @@ -1,14 +1,14 @@ import DOMPurify from "dompurify"; // 允许的安全 CSS 属性白名单 -const ALLOWED_CSS_PROPERTIES = ["color", "font-size", "font-weight", "font-style"]; +const ALLOWED_CSS_PROPERTIES = new Set(["color", "font-size", "font-weight", "font-style"]); // 过滤不安全的 CSS 属性,只保留白名单中的属性 DOMPurify.addHook("afterSanitizeAttributes", (node) => { if (node instanceof HTMLElement && node.hasAttribute("style")) { const { style } = node; for (let i = style.length - 1; i >= 0; i--) { - if (!ALLOWED_CSS_PROPERTIES.includes(style[i])) { + if (!ALLOWED_CSS_PROPERTIES.has(style[i])) { style.removeProperty(style[i]); } }