mirror of
https://github.com/LemmyNet/lemmy-ui.git
synced 2024-11-25 13:51:13 +00:00
Fix XSS vuln (#1897)
This commit is contained in:
parent
a614b16fc5
commit
80fb21061c
1 changed files with 7 additions and 4 deletions
|
@ -188,13 +188,16 @@ export function setupMarkdown() {
|
|||
//Provide custom renderer for our emojis to allow us to add a css class and force size dimensions on them.
|
||||
const item = tokens[idx] as any;
|
||||
const title = item.attrs.length >= 3 ? item.attrs[2][1] : "";
|
||||
const src: string = item.attrs[0][1];
|
||||
const isCustomEmoji = customEmojisLookup.get(title) != undefined;
|
||||
const customEmoji = customEmojisLookup.get(title);
|
||||
const isCustomEmoji = customEmoji != undefined;
|
||||
if (!isCustomEmoji) {
|
||||
return defaultRenderer?.(tokens, idx, options, env, self) ?? "";
|
||||
}
|
||||
const alt_text = item.content;
|
||||
return `<img class="icon icon-emoji" src="${src}" title="${title}" alt="${alt_text}"/>`;
|
||||
return `<img class="icon icon-emoji" src="${
|
||||
customEmoji!.custom_emoji.image_url
|
||||
}" title="${customEmoji!.custom_emoji.shortcode}" alt="${
|
||||
customEmoji!.custom_emoji.alt_text
|
||||
}"/>`;
|
||||
};
|
||||
md.renderer.rules.table_open = function () {
|
||||
return '<table class="table">';
|
||||
|
|
Loading…
Reference in a new issue