mirror of
https://github.com/LemmyNet/lemmy-ui.git
synced 2024-11-25 13:51:13 +00:00
Fix XSS vuln (#1897)
This commit is contained in:
parent
a614b16fc5
commit
80fb21061c
1 changed files with 7 additions and 4 deletions
|
@ -188,13 +188,16 @@ export function setupMarkdown() {
|
||||||
//Provide custom renderer for our emojis to allow us to add a css class and force size dimensions on them.
|
//Provide custom renderer for our emojis to allow us to add a css class and force size dimensions on them.
|
||||||
const item = tokens[idx] as any;
|
const item = tokens[idx] as any;
|
||||||
const title = item.attrs.length >= 3 ? item.attrs[2][1] : "";
|
const title = item.attrs.length >= 3 ? item.attrs[2][1] : "";
|
||||||
const src: string = item.attrs[0][1];
|
const customEmoji = customEmojisLookup.get(title);
|
||||||
const isCustomEmoji = customEmojisLookup.get(title) != undefined;
|
const isCustomEmoji = customEmoji != undefined;
|
||||||
if (!isCustomEmoji) {
|
if (!isCustomEmoji) {
|
||||||
return defaultRenderer?.(tokens, idx, options, env, self) ?? "";
|
return defaultRenderer?.(tokens, idx, options, env, self) ?? "";
|
||||||
}
|
}
|
||||||
const alt_text = item.content;
|
return `<img class="icon icon-emoji" src="${
|
||||||
return `<img class="icon icon-emoji" src="${src}" title="${title}" alt="${alt_text}"/>`;
|
customEmoji!.custom_emoji.image_url
|
||||||
|
}" title="${customEmoji!.custom_emoji.shortcode}" alt="${
|
||||||
|
customEmoji!.custom_emoji.alt_text
|
||||||
|
}"/>`;
|
||||||
};
|
};
|
||||||
md.renderer.rules.table_open = function () {
|
md.renderer.rules.table_open = function () {
|
||||||
return '<table class="table">';
|
return '<table class="table">';
|
||||||
|
|
Loading…
Reference in a new issue