Matrix/element-web-Github
1
0
Fork 0
mirror of https://github.com/vector-im/element-web.git synced 2024-11-16 05:04:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add extra context for filtering out '>' for sanitizeHtml

Browse Source
This commit is contained in:
Germain Souquet 2021-07-01 12:23:36 +01:00
parent 04db8333e3
commit 9c93b9002f
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/HtmlUtils.tsx
View File

@ -406,6 +406,9 @@ export function bodyToHtml(content: IContent, highlights: string[], opts: IOpts
const safeHighlights = highlights const safeHighlights = highlights
// sanitizeHtml can hang if an unclosed HTML tag is thrown at it // sanitizeHtml can hang if an unclosed HTML tag is thrown at it
// A search for `<foo` will make the browser crash // A search for `<foo` will make the browser crash
// an alternative would be to escape HTML special characters
// but that would bring no additional benefit as the highlighter
// does not work with those special chars
.filter((highlight: string): boolean => !highlight.includes("<")) .filter((highlight: string): boolean => !highlight.includes("<"))
.map((highlight: string): string => sanitizeHtml(highlight, sanitizeParams)); .map((highlight: string): string => sanitizeHtml(highlight, sanitizeParams));
// XXX: hacky bodge to temporarily apply a textFilter to the sanitizeParams structure. // XXX: hacky bodge to temporarily apply a textFilter to the sanitizeParams structure.

2
src/components/views/rooms/EventTile.tsx
View File

@ -267,7 +267,7 @@ interface IProps {
showReactions?: boolean; showReactions?: boolean;
// which layout to use // which layout to use
layout: Layout; layout?: Layout;
// whether or not to show flair at all // whether or not to show flair at all
enableFlair?: boolean; enableFlair?: boolean;