commit: 00b47e16736f8b472f20dab8def30fb22d54c8be
parent 22c3012e1cb66b8a93b79b2bf3d655394aacee5b
Author: Henry Jameson <me@hjkos.com>
Date: Mon, 5 Jun 2023 21:49:47 +0300
fix regex misinterpreting tag name in badly formed HTML, prevent rich
content from ever using dangerous tags
Diffstat:
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/components/rich_content/rich_content.jsx b/src/components/rich_content/rich_content.jsx
@@ -149,7 +149,9 @@ export default {
// Handle tag nodes
if (Array.isArray(item)) {
const [opener, children, closer] = item
- const Tag = getTagName(opener)
+ let Tag = getTagName(opener)
+ if (Tag === 'script') Tag = 'js-exploit'
+ if (Tag === 'style') Tag = 'css-exploit'
const fullAttrs = getAttrs(opener, () => true)
const attrs = getAttrs(opener)
const previouslyMentions = currentMentions !== null
diff --git a/src/services/html_converter/utility.service.js b/src/services/html_converter/utility.service.js
@@ -5,7 +5,7 @@
* @return {String} - tagname, i.e. "div"
*/
export const getTagName = (tag) => {
- const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gi.exec(tag)
+ const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gis.exec(tag)
return result && (result[1] || result[2])
}
