fix: escape html in messages
This commit is contained in:
parent
1e020a203c
commit
782e89508c
|
@ -3,6 +3,7 @@ import ../../../status/chat/[chat, message]
|
||||||
import ../../../status/status
|
import ../../../status/status
|
||||||
import ../../../status/ens
|
import ../../../status/ens
|
||||||
import ../../../status/accounts
|
import ../../../status/accounts
|
||||||
|
import strformat, strutils
|
||||||
|
|
||||||
type
|
type
|
||||||
ChannelsRoles {.pure.} = enum
|
ChannelsRoles {.pure.} = enum
|
||||||
|
@ -158,7 +159,7 @@ QtObject:
|
||||||
case elem.textType:
|
case elem.textType:
|
||||||
of "mention": result = self.userNameOrAlias(elem.literal)
|
of "mention": result = self.userNameOrAlias(elem.literal)
|
||||||
of "link": result = elem.destination
|
of "link": result = elem.destination
|
||||||
else: result = elem.literal
|
else: result = escape_html(elem.literal.strip)
|
||||||
|
|
||||||
proc renderBlock(self: ChannelsList, message: Message): string =
|
proc renderBlock(self: ChannelsList, message: Message): string =
|
||||||
for pMsg in message.parsedText:
|
for pMsg in message.parsedText:
|
||||||
|
@ -167,4 +168,5 @@ QtObject:
|
||||||
for children in pMsg.children:
|
for children in pMsg.children:
|
||||||
result = result & self.renderInline(children)
|
result = result & self.renderInline(children)
|
||||||
else:
|
else:
|
||||||
result = pMsg.literal
|
result = escape_html(pMsg.literal.strip)
|
||||||
|
|
||||||
|
|
|
@ -15,14 +15,15 @@ proc mention(self: ChatMessageList, pubKey: string): string =
|
||||||
|
|
||||||
# See render-inline in status-react/src/status_im/ui/screens/chat/message/message.cljs
|
# See render-inline in status-react/src/status_im/ui/screens/chat/message/message.cljs
|
||||||
proc renderInline(self: ChatMessageList, elem: TextItem): string =
|
proc renderInline(self: ChatMessageList, elem: TextItem): string =
|
||||||
|
let value = escape_html(elem.literal.strip)
|
||||||
case elem.textType:
|
case elem.textType:
|
||||||
of "": result = elem.literal
|
of "": result = value
|
||||||
of "code": result = fmt("<code>{elem.literal.strip}</code> ")
|
of "code": result = fmt("<code>{value}</code> ")
|
||||||
of "emph": result = fmt("<em>{elem.literal}</em> ")
|
of "emph": result = fmt("<em>{value}</em> ")
|
||||||
of "strong": result = fmt("<strong>{elem.literal}</strong> ")
|
of "strong": result = fmt("<strong>{value}</strong> ")
|
||||||
of "link": result = elem.destination
|
of "link": result = elem.destination
|
||||||
of "mention": result = fmt("<a href=\"//{elem.literal}\" class=\"mention\">{self.mention(elem.literal)}</a> ")
|
of "mention": result = fmt("<a href=\"//{value}\" class=\"mention\">{self.mention(value)}</a> ")
|
||||||
of "status-tag": result = fmt("<a href=\"#{elem.literal}\" class=\"status-tag\">#{elem.literal}</a> ")
|
of "status-tag": result = fmt("<a href=\"#{value}\" class=\"status-tag\">#{value}</a> ")
|
||||||
|
|
||||||
# See render-block in status-react/src/status_im/ui/screens/chat/message/message.cljs
|
# See render-block in status-react/src/status_im/ui/screens/chat/message/message.cljs
|
||||||
proc renderBlock(self: ChatMessageList, message: Message): string =
|
proc renderBlock(self: ChatMessageList, message: Message): string =
|
||||||
|
@ -36,8 +37,8 @@ proc renderBlock(self: ChatMessageList, message: Message): string =
|
||||||
result = result & self.renderInline(children)
|
result = result & self.renderInline(children)
|
||||||
result = result & "</p>"
|
result = result & "</p>"
|
||||||
of "blockquote":
|
of "blockquote":
|
||||||
result = result & pMsg.literal.strip.split("\n").mapIt("<span>▍ " & it & "</span>").join("<br />")
|
result = result & pMsg.literal.strip.split("\n").mapIt("<span>▍ " & escape_html(it) & "</span>").join("<br />")
|
||||||
of "codeblock":
|
of "codeblock":
|
||||||
result = result & "<code>" & pMsg.literal.strip & "</code>"
|
result = result & "<code>" & escape_html(pMsg.literal.strip) & "</code>"
|
||||||
result = result.strip()
|
result = result.strip()
|
||||||
|
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Subproject commit 7d8edc6db225057af5592e2f20c7470fac83fbaf
|
Subproject commit f08d304398f3ec26e4f58a18f24906a470fa3efc
|
|
@ -1 +1 @@
|
||||||
Subproject commit 57d6e6459daab1d357adafcbf7cb008f5b8969e5
|
Subproject commit 1d1933374c104dba818253ec904e7bb69e92d77c
|
Loading…
Reference in New Issue