mirror of
https://github.com/pierre42100/ComunicWeb
synced 2024-11-26 22:09:21 +00:00
Fix security breach.
This commit is contained in:
parent
089739e141
commit
c2eba7b3be
@ -593,3 +593,26 @@ function dataURItoBlob(dataURI){
|
|||||||
return new Blob([ia], {type: mimeString});
|
return new Blob([ia], {type: mimeString});
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Satinize some HTML source code by removing all javascript event detectors
|
||||||
|
* from it
|
||||||
|
*
|
||||||
|
* @param {string} html The source code to update
|
||||||
|
* @return {string} Secured html
|
||||||
|
*/
|
||||||
|
function removeJavascriptEventsFromHTML(html){
|
||||||
|
|
||||||
|
//Check if the string to check is null (we will consider
|
||||||
|
//at safe in this case)
|
||||||
|
if(html == null)
|
||||||
|
return html;
|
||||||
|
|
||||||
|
//Search for unexceptable references
|
||||||
|
while(html.match(/on[a-zA-Z ]+=/i) != null){
|
||||||
|
let match = html.match(/on[a-zA-Z ]+=/i)[0];
|
||||||
|
html = html.replace(match, match.replace("on", "o<block></block>n"))
|
||||||
|
}
|
||||||
|
|
||||||
|
return html;
|
||||||
|
}
|
@ -826,7 +826,7 @@ ComunicWeb.components.posts.ui = {
|
|||||||
appendTo: postRoot,
|
appendTo: postRoot,
|
||||||
type: "div",
|
type: "div",
|
||||||
class: "post_content",
|
class: "post_content",
|
||||||
innerHTML: info.content
|
innerHTML: removeJavascriptEventsFromHTML(info.content)
|
||||||
});
|
});
|
||||||
|
|
||||||
//Parse emojies
|
//Parse emojies
|
||||||
|
Loading…
Reference in New Issue
Block a user