fix regex misinterpreting tag name in badly formed HTML, prevent rich
content from ever using dangerous tags
This commit is contained in:
parent
22c3012e1c
commit
00b47e1673
|
@ -149,7 +149,9 @@ export default {
|
||||||
// Handle tag nodes
|
// Handle tag nodes
|
||||||
if (Array.isArray(item)) {
|
if (Array.isArray(item)) {
|
||||||
const [opener, children, closer] = item
|
const [opener, children, closer] = item
|
||||||
const Tag = getTagName(opener)
|
let Tag = getTagName(opener)
|
||||||
|
if (Tag === 'script') Tag = 'js-exploit'
|
||||||
|
if (Tag === 'style') Tag = 'css-exploit'
|
||||||
const fullAttrs = getAttrs(opener, () => true)
|
const fullAttrs = getAttrs(opener, () => true)
|
||||||
const attrs = getAttrs(opener)
|
const attrs = getAttrs(opener)
|
||||||
const previouslyMentions = currentMentions !== null
|
const previouslyMentions = currentMentions !== null
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
* @return {String} - tagname, i.e. "div"
|
* @return {String} - tagname, i.e. "div"
|
||||||
*/
|
*/
|
||||||
export const getTagName = (tag) => {
|
export const getTagName = (tag) => {
|
||||||
const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gi.exec(tag)
|
const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gis.exec(tag)
|
||||||
return result && (result[1] || result[2])
|
return result && (result[1] || result[2])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue