Mastodon
/
Sengi-Windows-MacOS-Linux
mirror of https://github.com/NicolasConstant/sengi
1
0
Fork 0
Code Issues Releases Wiki Activity

sanitizen status's links, fix #290

This commit is contained in:
Nicolas Constant 2020-05-28 18:34:51 -04:00
parent 164bf22484
commit 8000f51aaa
No known key found for this signature in database
GPG Key ID: 1E9F677FB01A5688
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/app/components/stream/status/databinded-text/databinded-text.component.spec.ts
View File

@ -169,4 +169,11 @@ describe('DatabindedTextComponent', () => {
component.text = sample;
expect(component.processedText).toContain('Bla<br /><br /><a href class="link-httpslink" title="open link">https://link/</a>');
});
it('should sanitize link', () => {
const sample = `https://domain.fr/public.php?op=rss&amp;id=-2&amp;key=60c63a21c2928546b4485017876fe850c6ebcebd#tag:domain.fr,2020-05-26:/49902061`;
let result = (<any>component).sanitizeLink(sample);
expect(result).toBe('https://domain.fr/public.php?op=rss&id=-2&key=60c63a21c2928546b4485017876fe850c6ebcebd#tag:domain.fr,2020-05-26:/49902061');
});
});

11
src/app/components/stream/status/databinded-text/databinded-text.component.ts
View File

@ -210,12 +210,14 @@ export class DatabindedTextComponent implements OnInit {
let classname = this.getClassNameForLink(link);
let els = this.contentElement.nativeElement.querySelectorAll(`.${classname}`);
let sanitizedLink = this.sanitizeLink(link);
for (const el of els) {
this.renderer.listen(el, 'click', (event) => {
event.preventDefault();
event.stopImmediatePropagation();
window.open(link, '_blank');
window.open(sanitizedLink, '_blank');
return false;
});
@ -224,7 +226,7 @@ export class DatabindedTextComponent implements OnInit {
event.preventDefault();
event.stopImmediatePropagation();
window.open(link, '_blank');
window.open(sanitizedLink, '_blank');
return false;
}
});
@ -232,6 +234,11 @@ export class DatabindedTextComponent implements OnInit {
}
}
private sanitizeLink(link: string): string {
let res = link.replace(/&amp;/g, '&');
return res;
}
private getClassNameForHastag(value: string): string {
let res = value.replace(/[.,\/#?!@$%+\^&\*;:{}=\-_`~()]/g, "");
return `hashtag-${res}`;