flewkey/tooty
1
0
Fork 0
Code Releases Activity

Add bare minimum input sanitization

Browse Source 
This is not secure at all, and I'm not sure where I broke Mastodon's
built-in sanitization, but whatever.
This commit is contained in:
Ryan Fox 2023-08-06 00:06:10 -07:00
parent 7fb8981cbc
commit b2209363eb
Signed by: flewkey
GPG Key ID: 94F56ADFD848851E
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/View/Formatter.elm
View File

@ -123,7 +123,14 @@ toVirtualDomEach mentions emoji node =
-- VERY janky. -- VERY janky.
handleEmoji : String -> List Emoji -> Html Msg handleEmoji : String -> List Emoji -> Html Msg
handleEmoji s emojis = handleEmoji s emojis =
span [ property "innerHTML" <| Json.Encode.string <| Regex.replace Regex.All shortcodeRegex (\{match} -> displayEmoji match emojis) <| s ] [] span [ property "innerHTML" <| Json.Encode.string <| Regex.replace Regex.All shortcodeRegex (\{match} -> displayEmoji match emojis) <| simpleSanitize <| s ] []
simpleSanitize : String -> String
simpleSanitize content =
content
|> replace "<" "&lt;"
|> replace ">" "&gt;"
displayEmoji : String -> List Emoji -> String displayEmoji : String -> List Emoji -> String