diff --git a/core/chat/events/events.go b/core/chat/events/events.go index 44d84d575..bda8b21d2 100644 --- a/core/chat/events/events.go +++ b/core/chat/events/events.go @@ -73,7 +73,7 @@ func (m *MessageEvent) RenderAndSanitizeMessageBody() { // Empty will return if this message's contents is empty. func (m *MessageEvent) Empty() bool { - return m.Body == "" || m.Body == "

" + return m.Body == "" } // RenderBody will render markdown to html without any sanitization. @@ -136,7 +136,9 @@ func sanitize(raw string) string { p.AddTargetBlankToFullyQualifiedLinks(true) // Allow breaks - p.AllowElements("br", "p") + p.AllowElements("br") + + p.AllowElementsContent("p") // Allow img tags from the the local emoji directory only p.AllowAttrs("src").Matching(regexp.MustCompile(`(?i)^/img/emoji`)).OnElements("img") diff --git a/core/chat/messageRendering_test.go b/core/chat/messageRendering_test.go index b0e0c2e4a..effa9777a 100644 --- a/core/chat/messageRendering_test.go +++ b/core/chat/messageRendering_test.go @@ -19,11 +19,11 @@ func TestRenderAndSanitize(t *testing.T) { ` - expected := `

Test one two three! I go to http://yahoo.com and search for sports and answers. -Here is an iframe

+ expected := `Test one two three! I go to http://yahoo.com and search for sports and answers. +Here is an iframe blah blah blah -

test link -

` +test link +` result := events.RenderAndSanitize(messageContent) if result != expected { @@ -34,7 +34,7 @@ blah blah blah // Test to make sure we block remote images in chat messages. func TestBlockRemoteImages(t *testing.T) { messageContent := ` test ![](https://via.placeholder.com/img/emoji/350x150)` - expected := `

test

` + expected := `test` result := events.RenderAndSanitize(messageContent) if result != expected { @@ -45,7 +45,7 @@ func TestBlockRemoteImages(t *testing.T) { // Test to make sure emoji images are allowed in chat messages. func TestAllowEmojiImages(t *testing.T) { messageContent := `:beerparrot: test ![](/img/emoji/beerparrot.gif)` - expected := `

:beerparrot: test

` + expected := `:beerparrot: test ` result := events.RenderAndSanitize(messageContent) if result != expected { diff --git a/test/automated/chat.test.js b/test/automated/chat.test.js index caf99774f..818e1366e 100644 --- a/test/automated/chat.test.js +++ b/test/automated/chat.test.js @@ -27,7 +27,7 @@ test('can fetch chat messages', async (done) => { .auth('admin', 'abc123') .expect(200); - const expectedBody = `

${testMessage.body}

` + const expectedBody = `${testMessage.body}` const message = res.body.filter(function (msg) { return msg.body === expectedBody })[0]; diff --git a/test/automated/chatmoderation.test.js b/test/automated/chatmoderation.test.js index feae1fbd0..f50fc9727 100644 --- a/test/automated/chatmoderation.test.js +++ b/test/automated/chatmoderation.test.js @@ -34,7 +34,7 @@ test('verify message has become hidden', async (done) => { .auth('admin', 'abc123') const message = res.body.filter(obj => { - return obj.body === `

${testVisibilityMessage.body}

`; + return obj.body === `${testVisibilityMessage.body}`; }); expect(message.length).toBe(1); expect(message[0].hiddenAt).toBeTruthy();