mirrors/element-web
1
0
Fork 0
mirror of https://github.com/element-hq/element-web synced 2024-10-25 12:16:00 +03:00
Code Issues Projects Releases Packages Wiki Activity

Strip <img src="https?://..">s when transforming imgs instead of using allowedSchemesByTag

Browse source
This commit is contained in:
Luke Barnard 2017-07-10 17:44:49 +01:00
parent bb9080425a
commit 6877b99435
1 changed files with 7 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/HtmlUtils.js
View file

@ -151,9 +151,6 @@ const sanitizeHtmlParams = {
// URL schemes we permit // URL schemes we permit
allowedSchemes: ['http', 'https', 'ftp', 'mailto'], allowedSchemes: ['http', 'https', 'ftp', 'mailto'],
allowedSchemesByTag: {
img: ['http', 'https'],
},
allowProtocolRelative: false, allowProtocolRelative: false,
transformTags: { // custom to matrix transformTags: { // custom to matrix
@ -187,13 +184,14 @@ const sanitizeHtmlParams = {
return { tagName: tagName, attribs : attribs }; return { tagName: tagName, attribs : attribs };
}, },
'img': function(tagName, attribs) { 'img': function(tagName, attribs) {
if (attribs.src.startsWith('mxc://')) { if (!attribs.src.startsWith('mxc://')) {
return { tagName, attribs: {}};
}
attribs.src = MatrixClientPeg.get().mxcUrlToHttp( attribs.src = MatrixClientPeg.get().mxcUrlToHttp(
attribs.src, attribs.src,
attribs.width || 800, attribs.width || 800,
attribs.height || 600, attribs.height || 600,
); );
}
return { tagName: tagName, attribs: attribs }; return { tagName: tagName, attribs: attribs };
}, },
'code': function(tagName, attribs) { 'code': function(tagName, attribs) {