Strip <img src="https?://..">s when transforming imgs instead of using allowedSchemesByTag

This commit is contained in:
Luke Barnard 2017-07-10 17:44:49 +01:00
parent bb9080425a
commit 6877b99435

View file

@ -151,9 +151,6 @@ const sanitizeHtmlParams = {
// URL schemes we permit // URL schemes we permit
allowedSchemes: ['http', 'https', 'ftp', 'mailto'], allowedSchemes: ['http', 'https', 'ftp', 'mailto'],
allowedSchemesByTag: {
img: ['http', 'https'],
},
allowProtocolRelative: false, allowProtocolRelative: false,
transformTags: { // custom to matrix transformTags: { // custom to matrix
@ -187,13 +184,14 @@ const sanitizeHtmlParams = {
return { tagName: tagName, attribs : attribs }; return { tagName: tagName, attribs : attribs };
}, },
'img': function(tagName, attribs) { 'img': function(tagName, attribs) {
if (attribs.src.startsWith('mxc://')) { if (!attribs.src.startsWith('mxc://')) {
return { tagName, attribs: {}};
}
attribs.src = MatrixClientPeg.get().mxcUrlToHttp( attribs.src = MatrixClientPeg.get().mxcUrlToHttp(
attribs.src, attribs.src,
attribs.width || 800, attribs.width || 800,
attribs.height || 600, attribs.height || 600,
); );
}
return { tagName: tagName, attribs: attribs }; return { tagName: tagName, attribs: attribs };
}, },
'code': function(tagName, attribs) { 'code': function(tagName, attribs) {