Remove attributes on del tags

There is no use case for those afaik and they do break our replacement in the frontend. Let's instead strip them out in the sanitization step, since there are no valid attributes defined for the del tag currenlty. In theory we could also strip out all attributes here, but that seems excessive for now. Fixes https://github.com/Nheko-Reborn/nheko/issues/1693
2024-11-21 18:50:47 +03:00 · 2024-03-20 21:53:20 +01:00 · 2024-03-20 21:53:20 +01:00 · 9656304e24
commit 9656304e24
parent 30ac76e942
1 changed files with 13 additions and 7 deletions
--- a/src/Utils.cpp
+++ b/src/Utils.cpp
@ -582,9 +582,10 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
        const auto tagNameEnd =
          std::find_first_of(tagNameStart, end, tagNameEnds.begin(), tagNameEnds.end());

-        if (allowedTags.find(
-              QByteArray(tagNameStart, static_cast<int>(tagNameEnd - tagNameStart)).toLower()) ==
-            allowedTags.end()) {
+        const auto tagName =
+          QByteArray(tagNameStart, static_cast<int>(tagNameEnd - tagNameStart)).toLower();
+
+        if (allowedTags.find(tagName) == allowedTags.end()) {
            // not allowed -> escape
            buffer.append("&lt;");
            pos = tagNameStart;
@ -620,8 +621,9 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
                    auto attrName =
                      QByteArray(attrStart, static_cast<int>(attrEnd - attrStart)).toLower();

-                    auto sanitizeValue = [&attrName](QByteArray val) {
-                        if (attrName == QByteArrayLiteral("src") && !val.startsWith("mxc://"))
+                    auto sanitizeValue = [&attrName, tagName](QByteArray val) {
+                        if (tagName == QByteArrayLiteral("del") ||
+                            (attrName == QByteArrayLiteral("src") && !val.startsWith("mxc://")))
                            return QByteArray();
                        else
                            return val;
@ -697,12 +699,16 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
                        }
                    }

+                    // We don't really want tags on del tags and they make replacement in the
+                    // frontend more expansive
+                    if (tagName != QByteArrayLiteral("del")) {
                        buffer.append(' ');
                        buffer.append(attrName);
                    }
                }
            }
        }
+    }

    return QString::fromUtf8(buffer);
 }