d3v1l/matrixion
1
0
Fork 0
mirror of https://github.com/Nheko-Reborn/nheko.git synced 2024-11-21 18:50:47 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove attributes on del tags

Browse source 
There is no use case for those afaik and they do break our replacement
in the frontend. Let's instead strip them out in the sanitization step,
since there are no valid attributes defined for the del tag currenlty.

In theory we could also strip out all attributes here, but that seems
excessive for now.

Fixes https://github.com/Nheko-Reborn/nheko/issues/1693
This commit is contained in:
Nicolas Werner 2024-03-20 21:53:20 +01:00
parent 30ac76e942
commit 9656304e24
No known key found for this signature in database
GPG key ID: C8D75E610773F2D9
1 changed files with 13 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/Utils.cpp
View file

@ -582,9 +582,10 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
const auto tagNameEnd = const auto tagNameEnd =
std::find_first_of(tagNameStart, end, tagNameEnds.begin(), tagNameEnds.end()); std::find_first_of(tagNameStart, end, tagNameEnds.begin(), tagNameEnds.end());
if (allowedTags.find( const auto tagName =
QByteArray(tagNameStart, static_cast<int>(tagNameEnd - tagNameStart)).toLower()) == QByteArray(tagNameStart, static_cast<int>(tagNameEnd - tagNameStart)).toLower();
allowedTags.end()) {
if (allowedTags.find(tagName) == allowedTags.end()) {
// not allowed -> escape // not allowed -> escape
buffer.append("&lt;"); buffer.append("&lt;");
pos = tagNameStart; pos = tagNameStart;
@ -620,8 +621,9 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
auto attrName = auto attrName =
QByteArray(attrStart, static_cast<int>(attrEnd - attrStart)).toLower(); QByteArray(attrStart, static_cast<int>(attrEnd - attrStart)).toLower();
auto sanitizeValue = [&attrName](QByteArray val) { auto sanitizeValue = [&attrName, tagName](QByteArray val) {
if (attrName == QByteArrayLiteral("src") && !val.startsWith("mxc://")) if (tagName == QByteArrayLiteral("del") ||
(attrName == QByteArrayLiteral("src") && !val.startsWith("mxc://")))
return QByteArray(); return QByteArray();
else else
return val; return val;
@ -697,8 +699,12 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
} }
} }
buffer.append(' '); // We don't really want tags on del tags and they make replacement in the
buffer.append(attrName); // frontend more expansive
if (tagName != QByteArrayLiteral("del")) {
buffer.append(' ');
buffer.append(attrName);
}
} }
} }
} }