From eddcb5bc38d2c0d58d2a104cec1c6d7aaafbde65 Mon Sep 17 00:00:00 2001 From: Ryan Wang Date: Wed, 13 Aug 2025 15:14:50 +0800 Subject: [PATCH] Allow tag and class attribute on in comments (#7682) #### What type of PR is this? /area code /milestone 2.21.x /kind improvement #### What this PR does / why we need it: Comments are allowed to contain `s` tags and `code` tags with class attributes for the following reasons: 1. `s`: The comment component uses tiptap editor's [strikethrough extension](https://tiptap.dev/docs/editor/extensions/marks/strike#:~:text=while%20you%20type.-,Restrictions,-The%20extension%20will) which enforces the use of `s` tags for strikethrough text and cannot be changed. 2. `code[class]`: Used for code highlighting (class="language-*") #### Does this PR introduce a user-facing change? ```release-note None ``` --- .../halo/app/content/comment/AbstractCommentService.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/application/src/main/java/run/halo/app/content/comment/AbstractCommentService.java b/application/src/main/java/run/halo/app/content/comment/AbstractCommentService.java index 66f6ee89c..34a50514a 100644 --- a/application/src/main/java/run/halo/app/content/comment/AbstractCommentService.java +++ b/application/src/main/java/run/halo/app/content/comment/AbstractCommentService.java @@ -24,7 +24,11 @@ public abstract class AbstractCommentService { protected final ReactiveExtensionClient client; protected final UserService userService; protected final CounterService counterService; - private final Safelist safelist = Safelist.relaxed(); + private final Safelist safelist = Safelist.relaxed() + // Allow tag, which is used for strikethrough + .addTags("s") + // Allow tag's class attribute, for syntax highlighting + .addAttributes("code", "class"); protected Mono fetchCurrentUser() { return ReactiveSecurityContextHolder.getContext()