Remove attributes on del tags

There is no use case for those afaik and they do break our replacement
in the frontend. Let's instead strip them out in the sanitization step,
since there are no valid attributes defined for the del tag currenlty.

In theory we could also strip out all attributes here, but that seems
excessive for now.

Fixes https://github.com/Nheko-Reborn/nheko/issues/1693
pull/1709/head
Nicolas Werner 8 months ago
parent 30ac76e942
commit 9656304e24
No known key found for this signature in database
GPG Key ID: C8D75E610773F2D9
  1. 20
      src/Utils.cpp

@ -582,9 +582,10 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
const auto tagNameEnd =
std::find_first_of(tagNameStart, end, tagNameEnds.begin(), tagNameEnds.end());
if (allowedTags.find(
QByteArray(tagNameStart, static_cast<int>(tagNameEnd - tagNameStart)).toLower()) ==
allowedTags.end()) {
const auto tagName =
QByteArray(tagNameStart, static_cast<int>(tagNameEnd - tagNameStart)).toLower();
if (allowedTags.find(tagName) == allowedTags.end()) {
// not allowed -> escape
buffer.append("&lt;");
pos = tagNameStart;
@ -620,8 +621,9 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
auto attrName =
QByteArray(attrStart, static_cast<int>(attrEnd - attrStart)).toLower();
auto sanitizeValue = [&attrName](QByteArray val) {
if (attrName == QByteArrayLiteral("src") && !val.startsWith("mxc://"))
auto sanitizeValue = [&attrName, tagName](QByteArray val) {
if (tagName == QByteArrayLiteral("del") ||
(attrName == QByteArrayLiteral("src") && !val.startsWith("mxc://")))
return QByteArray();
else
return val;
@ -697,8 +699,12 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
}
}
buffer.append(' ');
buffer.append(attrName);
// We don't really want tags on del tags and they make replacement in the
// frontend more expansive
if (tagName != QByteArrayLiteral("del")) {
buffer.append(' ');
buffer.append(attrName);
}
}
}
}

Loading…
Cancel
Save