paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-08 07:52:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

rendered_markdown: Fix HTML injection bug in update_elements.

Browse Source 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg
2024-04-02 17:50:42 -07:00
committed by Tim Abbott
parent e1029b59ed
commit 4dc27216f4
2 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
web/src/rendered_markdown.ts
View File

@@ -323,9 +323,13 @@ export const update_elements = ($content: JQuery): void => {
// Display emoji (including realm emoji) as text if // Display emoji (including realm emoji) as text if
// user_settings.emojiset is 'text'. // user_settings.emojiset is 'text'.
if (user_settings.emojiset === "text") { if (user_settings.emojiset === "text") {
$content.find(".emoji").replaceWith(function (): string { $content
.find(".emoji")
.text(function () {
const text = $(this).attr("title"); const text = $(this).attr("title");
return ":" + text + ":"; return ":" + text + ":";
}); })
.contents()
.unwrap();
} }
}; };

3
web/tests/rendered_markdown.test.js
View File

@@ -467,10 +467,11 @@ run_test("emoji", () => {
const $emoji = $.create("emoji-stub"); const $emoji = $.create("emoji-stub");
$emoji.attr("title", "tada"); $emoji.attr("title", "tada");
let called = false; let called = false;
$emoji.replaceWith = (f) => { $emoji.text = (f) => {
const text = f.call($emoji); const text = f.call($emoji);
assert.equal(":tada:", text); assert.equal(":tada:", text);
called = true; called = true;
return {contents: () => ({unwrap() {}})};
}; };
$content.set_find_results(".emoji", $emoji); $content.set_find_results(".emoji", $emoji);
user_settings.emojiset = "text"; user_settings.emojiset = "text";