Remove attributes on del tags
There is no use case for those afaik and they do break our replacement in the frontend. Let's instead strip them out in the sanitization step, since there are no valid attributes defined for the del tag currenlty. In theory we could also strip out all attributes here, but that seems excessive for now. Fixes https://github.com/Nheko-Reborn/nheko/issues/1693
This commit is contained in:
parent
30ac76e942
commit
9656304e24
@ -582,9 +582,10 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
|
||||
const auto tagNameEnd =
|
||||
std::find_first_of(tagNameStart, end, tagNameEnds.begin(), tagNameEnds.end());
|
||||
|
||||
if (allowedTags.find(
|
||||
QByteArray(tagNameStart, static_cast<int>(tagNameEnd - tagNameStart)).toLower()) ==
|
||||
allowedTags.end()) {
|
||||
const auto tagName =
|
||||
QByteArray(tagNameStart, static_cast<int>(tagNameEnd - tagNameStart)).toLower();
|
||||
|
||||
if (allowedTags.find(tagName) == allowedTags.end()) {
|
||||
// not allowed -> escape
|
||||
buffer.append("<");
|
||||
pos = tagNameStart;
|
||||
@ -620,8 +621,9 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
|
||||
auto attrName =
|
||||
QByteArray(attrStart, static_cast<int>(attrEnd - attrStart)).toLower();
|
||||
|
||||
auto sanitizeValue = [&attrName](QByteArray val) {
|
||||
if (attrName == QByteArrayLiteral("src") && !val.startsWith("mxc://"))
|
||||
auto sanitizeValue = [&attrName, tagName](QByteArray val) {
|
||||
if (tagName == QByteArrayLiteral("del") ||
|
||||
(attrName == QByteArrayLiteral("src") && !val.startsWith("mxc://")))
|
||||
return QByteArray();
|
||||
else
|
||||
return val;
|
||||
@ -697,8 +699,12 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
|
||||
}
|
||||
}
|
||||
|
||||
buffer.append(' ');
|
||||
buffer.append(attrName);
|
||||
// We don't really want tags on del tags and they make replacement in the
|
||||
// frontend more expansive
|
||||
if (tagName != QByteArrayLiteral("del")) {
|
||||
buffer.append(' ');
|
||||
buffer.append(attrName);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user