mirror of
https://github.com/element-hq/element-web
synced 2024-11-24 10:15:43 +03:00
Add extra context for filtering out '>' for sanitizeHtml
This commit is contained in:
parent
04db8333e3
commit
9c93b9002f
2 changed files with 4 additions and 1 deletions
|
@ -406,6 +406,9 @@ export function bodyToHtml(content: IContent, highlights: string[], opts: IOpts
|
||||||
const safeHighlights = highlights
|
const safeHighlights = highlights
|
||||||
// sanitizeHtml can hang if an unclosed HTML tag is thrown at it
|
// sanitizeHtml can hang if an unclosed HTML tag is thrown at it
|
||||||
// A search for `<foo` will make the browser crash
|
// A search for `<foo` will make the browser crash
|
||||||
|
// an alternative would be to escape HTML special characters
|
||||||
|
// but that would bring no additional benefit as the highlighter
|
||||||
|
// does not work with those special chars
|
||||||
.filter((highlight: string): boolean => !highlight.includes("<"))
|
.filter((highlight: string): boolean => !highlight.includes("<"))
|
||||||
.map((highlight: string): string => sanitizeHtml(highlight, sanitizeParams));
|
.map((highlight: string): string => sanitizeHtml(highlight, sanitizeParams));
|
||||||
// XXX: hacky bodge to temporarily apply a textFilter to the sanitizeParams structure.
|
// XXX: hacky bodge to temporarily apply a textFilter to the sanitizeParams structure.
|
||||||
|
|
|
@ -267,7 +267,7 @@ interface IProps {
|
||||||
showReactions?: boolean;
|
showReactions?: boolean;
|
||||||
|
|
||||||
// which layout to use
|
// which layout to use
|
||||||
layout: Layout;
|
layout?: Layout;
|
||||||
|
|
||||||
// whether or not to show flair at all
|
// whether or not to show flair at all
|
||||||
enableFlair?: boolean;
|
enableFlair?: boolean;
|
||||||
|
|
Loading…
Reference in a new issue