mirror of
https://github.com/element-hq/element-web
synced 2024-11-27 11:47:23 +03:00
Escape HTML in og:description and render any html &-encoded entities
This commit is contained in:
parent
6ef6b5909f
commit
4489b5a21a
1 changed files with 3 additions and 3 deletions
|
@ -128,15 +128,15 @@ module.exports = createReactClass({
|
|||
}
|
||||
|
||||
const AccessibleButton = sdk.getComponent('elements.AccessibleButton');
|
||||
// Escape </> to prevent any HTML injections, we can't replace & as the description may contain & encoded html entities
|
||||
const safeDescription = (p["og:description"] || "").replace("<", "<").replace(">", ">");
|
||||
return (
|
||||
<div className="mx_LinkPreviewWidget" >
|
||||
{ img }
|
||||
<div className="mx_LinkPreviewWidget_caption">
|
||||
<div className="mx_LinkPreviewWidget_title"><a href={this.props.link} target="_blank" rel="noopener">{ p["og:title"] }</a></div>
|
||||
<div className="mx_LinkPreviewWidget_siteName">{ p["og:site_name"] ? (" - " + p["og:site_name"]) : null }</div>
|
||||
<div className="mx_LinkPreviewWidget_description" ref={this._description}>
|
||||
{ p["og:description"] }
|
||||
</div>
|
||||
<div className="mx_LinkPreviewWidget_description" ref={this._description} dangerouslySetInnerHTML={{ __html: safeDescription }} />
|
||||
</div>
|
||||
<AccessibleButton className="mx_LinkPreviewWidget_cancel" onClick={this.props.onCancelClick} aria-label={_t("Close preview")}>
|
||||
<img className="mx_filterFlipColor" alt="" role="presentation"
|
||||
|
|
Loading…
Reference in a new issue