paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-23 04:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

email_notifications: Fix HTML injection bug.

Browse Source 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit c0ad595855)
This commit is contained in:
Anders Kaseorg
2021-01-26 11:35:27 -08:00
committed by Tim Abbott
parent 3b6406c971
commit deec501da4
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
zerver/lib/email_notifications.py
View File

@@ -75,11 +75,15 @@ def relative_to_full_url(base_url: str, content: str) -> str:
# entire message body will be that image element; here, we need a
# more drastic edit to the content.
if fragment.get('class') == 'message_inline_image':
content_template = '<p><a href="%s" target="_blank" title="%s">%s</a></p>'
image_link = fragment.find('a').get('href')
image_title = fragment.find('a').get('title')
new_content = (content_template % (image_link, image_title, image_link))
fragment = lxml.html.fromstring(new_content)
fragment = lxml.html.Element('p')
a = lxml.html.Element('a')
a.set('href', image_link)
a.set('target', '_blank')
a.set('title', image_title)
a.text = image_link
fragment.append(a)
fragment.make_links_absolute(base_url)
content = lxml.html.tostring(fragment).decode("utf-8")