mirror of
https://github.com/element-hq/element-web
synced 2024-11-24 02:05:45 +03:00
Add extra context for filtering out '>' for sanitizeHtml
This commit is contained in:
parent
04db8333e3
commit
9c93b9002f
2 changed files with 4 additions and 1 deletions
|
@ -406,6 +406,9 @@ export function bodyToHtml(content: IContent, highlights: string[], opts: IOpts
|
|||
const safeHighlights = highlights
|
||||
// sanitizeHtml can hang if an unclosed HTML tag is thrown at it
|
||||
// A search for `<foo` will make the browser crash
|
||||
// an alternative would be to escape HTML special characters
|
||||
// but that would bring no additional benefit as the highlighter
|
||||
// does not work with those special chars
|
||||
.filter((highlight: string): boolean => !highlight.includes("<"))
|
||||
.map((highlight: string): string => sanitizeHtml(highlight, sanitizeParams));
|
||||
// XXX: hacky bodge to temporarily apply a textFilter to the sanitizeParams structure.
|
||||
|
|
|
@ -267,7 +267,7 @@ interface IProps {
|
|||
showReactions?: boolean;
|
||||
|
||||
// which layout to use
|
||||
layout: Layout;
|
||||
layout?: Layout;
|
||||
|
||||
// whether or not to show flair at all
|
||||
enableFlair?: boolean;
|
||||
|
|
Loading…
Reference in a new issue