BigBlueButton/bigbluebutton-Github
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #14734 from JoVictorNunes/issue-14721

Browse Source 
fix: link sanitizing in welcome message
This commit is contained in:
Anton Georgiev 2022-04-12 10:36:59 -04:00 committed by GitHub
commit 96c2fc9d86
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
bigbluebutton-html5/imports/api/meetings/server/modifiers/addMeeting.js
View File

@ -139,10 +139,13 @@ export default function addMeeting(meeting) {
const sanitizeTextInChat = original => SanitizeHTML(original, {
allowedTags: ['a', 'b', 'br', 'i', 'img', 'li', 'small', 'span', 'strong', 'u', 'ul'],
allowedAttributes: {
a: ['href', 'name', 'target'],
a: ['href', 'target'],
img: ['src', 'width', 'height'],
},
allowedSchemes: ['https'],
allowedSchemesByTag: {
a: ['https', 'mailto', 'tel']
}
});
const sanitizedWelcomeText = sanitizeTextInChat(welcomeMsg);
@ -153,14 +156,18 @@ export default function addMeeting(meeting) {
const insertBlankTarget = (s, i) => `${s.substr(0, i)} target="_blank"${s.substr(i)}`;
const linkWithoutTarget = new RegExp('<a href="(.*?)">', 'g');
linkWithoutTarget.test(welcomeMsg);
if (linkWithoutTarget.lastIndex > 0) {
welcomeMsg = insertBlankTarget(
welcomeMsg,
linkWithoutTarget.lastIndex - 1,
);
}
do {
linkWithoutTarget.test(welcomeMsg);
if (linkWithoutTarget.lastIndex > 0) {
welcomeMsg = insertBlankTarget(
welcomeMsg,
linkWithoutTarget.lastIndex - 1,
);
linkWithoutTarget.lastIndex = linkWithoutTarget.lastIndex - 1;
}
} while (linkWithoutTarget.lastIndex > 0);
newMeeting.welcomeProp.welcomeMsg = welcomeMsg;