mirrors/element-web
1
0
Fork 0
mirror of https://github.com/element-hq/element-web synced 2024-10-25 20:26:51 +03:00
Code Issues Projects Releases Packages Wiki Activity

Remove harmful html entities encoding and other style nits

Browse source 
React will take care of this for us. It's harmful because simple characters get converted to something illegible.
This commit is contained in:
Travis Ralston 2020-01-06 12:21:59 -07:00
parent 8b4c1e3dec
commit bef824e84e
2 changed files with 4 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/HtmlUtils.js
View file

@ -528,8 +528,3 @@ export function checkBlockNode(node) {
return false; return false;
} }
} }
export function htmlEntitiesEncode(str: string) {
// Source: https://stackoverflow.com/a/18750001/7037379
return str.replace(/[\u00A0-\u9999<>&]/gim, i => `&#${i.charCodeAt(0)};`);
}

12
src/components/views/dialogs/DMInviteDialog.js
View file

@ -24,7 +24,6 @@ import DMRoomMap from "../../../utils/DMRoomMap";
import {RoomMember} from "matrix-js-sdk/lib/matrix"; import {RoomMember} from "matrix-js-sdk/lib/matrix";
import * as humanize from "humanize"; import * as humanize from "humanize";
import SdkConfig from "../../../SdkConfig"; import SdkConfig from "../../../SdkConfig";
import {htmlEntitiesEncode} from "../../../HtmlUtils";
import {getHttpUriForMxc} from "matrix-js-sdk/lib/content-repo"; import {getHttpUriForMxc} from "matrix-js-sdk/lib/content-repo";
// TODO: [TravisR] Make this generic for all kinds of invites // TODO: [TravisR] Make this generic for all kinds of invites
@ -77,11 +76,9 @@ class DMRoomTile extends React.PureComponent {
_highlightName(str: string) { _highlightName(str: string) {
if (!this.props.highlightWord) return str; if (!this.props.highlightWord) return str;
// First encode the thing to avoid injection
str = htmlEntitiesEncode(str);
// We convert things to lowercase for index searching, but pull substrings from // We convert things to lowercase for index searching, but pull substrings from
// the submitted text to preserve case. // the submitted text to preserve case. Note: we don't need to htmlEntities the
// string because React will safely encode the text for us.
const lowerStr = str.toLowerCase(); const lowerStr = str.toLowerCase();
const filterStr = this.props.highlightWord.toLowerCase(); const filterStr = this.props.highlightWord.toLowerCase();
@ -92,8 +89,8 @@ class DMRoomTile extends React.PureComponent {
while ((ii = lowerStr.indexOf(filterStr, i)) >= 0) { while ((ii = lowerStr.indexOf(filterStr, i)) >= 0) {
// Push any text we missed (first bit/middle of text) // Push any text we missed (first bit/middle of text)
if (ii > i) { if (ii > i) {
// Push any text we aren't highlighting (middle of text match) // Push any text we aren't highlighting (middle of text match, or beginning of text)
result.push(<span key={i + 'mid'}>{str.substring(i, ii)}</span>); result.push(<span key={i + 'begin'}>{str.substring(i, ii)}</span>);
} }
i = ii; // copy over ii only if we have a match (to preserve i for end-of-text matching) i = ii; // copy over ii only if we have a match (to preserve i for end-of-text matching)
@ -333,7 +330,6 @@ export default class DMInviteDialog extends React.PureComponent {
} }
} }
// If we're going to hide one member behind 'show more', just use up the space of the button // If we're going to hide one member behind 'show more', just use up the space of the button
// with the member's tile instead. // with the member's tile instead.
if (showNum === sourceMembers.length - 1) showNum++; if (showNum === sourceMembers.length - 1) showNum++;