Anon/yandere_fe
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix regex misinterpreting tag name in badly formed HTML, prevent rich

Browse Source 
content from ever using dangerous tags
This commit is contained in:
Henry Jameson 2023-06-05 21:49:47 +03:00
parent 22c3012e1c
commit 00b47e1673
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/components/rich_content/rich_content.jsx
View File

@ -149,7 +149,9 @@ export default {
// Handle tag nodes // Handle tag nodes
if (Array.isArray(item)) { if (Array.isArray(item)) {
const [opener, children, closer] = item const [opener, children, closer] = item
const Tag = getTagName(opener) let Tag = getTagName(opener)
if (Tag === 'script') Tag = 'js-exploit'
if (Tag === 'style') Tag = 'css-exploit'
const fullAttrs = getAttrs(opener, () => true) const fullAttrs = getAttrs(opener, () => true)
const attrs = getAttrs(opener) const attrs = getAttrs(opener)
const previouslyMentions = currentMentions !== null const previouslyMentions = currentMentions !== null

2
src/services/html_converter/utility.service.js
View File

@ -5,7 +5,7 @@
* @return {String} - tagname, i.e. "div" * @return {String} - tagname, i.e. "div"
*/ */
export const getTagName = (tag) => { export const getTagName = (tag) => {
const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gi.exec(tag) const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gis.exec(tag)
return result && (result[1] || result[2]) return result && (result[1] || result[2])
} }