better chat message sanitization (#1266)

* strip <p> in chat sanitization, keep the content * update sanitization tests * update tests * rm <p></p> comparison for empty messages
2021-07-28 00:26:27 +02:00
parent 92284f6ca1
commit 109d2669ab
4 changed files with 12 additions and 10 deletions
--- a/core/chat/events/events.go
+++ b/core/chat/events/events.go
@@ -73,7 +73,7 @@ func (m *MessageEvent) RenderAndSanitizeMessageBody() {

 // Empty will return if this message's contents is empty.
 func (m *MessageEvent) Empty() bool {
-	return m.Body == "" || m.Body == "<p></p>"
+	return m.Body == ""
 }

 // RenderBody will render markdown to html without any sanitization.
@@ -136,7 +136,9 @@ func sanitize(raw string) string {
 	p.AddTargetBlankToFullyQualifiedLinks(true)

 	// Allow breaks
-	p.AllowElements("br", "p")
+	p.AllowElements("br")
+
+	p.AllowElementsContent("p")

 	// Allow img tags from the the local emoji directory only
 	p.AllowAttrs("src").Matching(regexp.MustCompile(`(?i)^/img/emoji`)).OnElements("img")