hj/pleroma-fe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix regex misinterpreting tag name in badly formed HTML, prevent rich

Browse source 
content from ever using dangerous tags
This commit is contained in:
Henry Jameson 2023-06-05 21:49:47 +03:00
commit 00b47e1673
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/components/rich_content/rich_content.jsx
View file

@ -149,7 +149,9 @@ export default {
// Handle tag nodes
if (Array.isArray(item)) {
const [opener, children, closer] = item
const Tag = getTagName(opener)
let Tag = getTagName(opener)
if (Tag === 'script') Tag = 'js-exploit'
if (Tag === 'style') Tag = 'css-exploit'
const fullAttrs = getAttrs(opener, () => true)
const attrs = getAttrs(opener)
const previouslyMentions = currentMentions !== null