Fix XSS vuln (#1897)

This commit is contained in:
Anon 2023-07-10 06:37:07 -05:00 committed by Dessalines
parent a614b16fc5
commit 80fb21061c

View file

@ -188,13 +188,16 @@ export function setupMarkdown() {
//Provide custom renderer for our emojis to allow us to add a css class and force size dimensions on them.
const item = tokens[idx] as any;
const title = item.attrs.length >= 3 ? item.attrs[2][1] : "";
const src: string = item.attrs[0][1];
const isCustomEmoji = customEmojisLookup.get(title) != undefined;
const customEmoji = customEmojisLookup.get(title);
const isCustomEmoji = customEmoji != undefined;
if (!isCustomEmoji) {
return defaultRenderer?.(tokens, idx, options, env, self) ?? "";
}
const alt_text = item.content;
return `<img class="icon icon-emoji" src="${src}" title="${title}" alt="${alt_text}"/>`;
return `<img class="icon icon-emoji" src="${
customEmoji!.custom_emoji.image_url
}" title="${customEmoji!.custom_emoji.shortcode}" alt="${
customEmoji!.custom_emoji.alt_text
}"/>`;
};
md.renderer.rules.table_open = function () {
return '<table class="table">';