mirrors/cinny
1
0
Fork 0
mirror of https://github.com/cinnyapp/cinny.git synced 2025-11-05 23:10:28 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Escape html with markdown off (#732)

Browse source
This commit is contained in:
Ajay Bura 2022-08-11 14:28:39 +05:30
parent 1692098d5d
commit 3c1cc59d59
3 changed files with 42 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/util/sanitize.js
View file

@ -1,7 +1,7 @@
import sanitizeHtml from 'sanitize-html';
import initMatrix from '../client/initMatrix';
const MAX_TAG_NESTING = 100;
let mx = null;
const permittedHtmlTags = [
'font', 'del', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
@ -54,7 +54,7 @@ function transformATag(tagName, attribs) {
'data-mx-pill': userId,
},
};
if (userId === initMatrix.matrixClient.getUserId()) {
if (userId === mx?.getUserId()) {
pill.attribs['data-mx-ping'] = undefined;
}
return pill;
@ -76,17 +76,17 @@ function transformATag(tagName, attribs) {
function transformImgTag(tagName, attribs) {
const { src } = attribs;
const mx = initMatrix.matrixClient;
return {
tagName,
attribs: {
...attribs,
src: src.startsWith('mxc://') ? mx.mxcUrlToHttp(src) : src,
src: src.startsWith('mxc://') ? mx?.mxcUrlToHttp(src) : src,
},
};
}
export function sanitizeCustomHtml(body) {
export function sanitizeCustomHtml(matrixClient, body) {
mx = matrixClient;
return sanitizeHtml(body, {
allowedTags: permittedHtmlTags,
allowedAttributes: permittedTagToAttributes,