LogalDeveloper/owncast
LogalDeveloper/owncast
0
Fork 0
Code

[fix] improve custom emoji validation (#1772)

Browse Source
This commit is contained in:
David 2022-03-08 22:03:37 +01:00 committed by GitHub
parent 165771ea8e
commit 9983ef2794
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/chat/events/events.go
View File

@ -125,8 +125,9 @@ func RenderMarkdown(raw string) string {
} }
var ( var (
_sanitizeReSrcMatch = regexp.MustCompile(`(?i)^/img/emoji`) _sanitizeReSrcMatch = regexp.MustCompile(`(?i)^/img/emoji/[^\.%]*.[A-Z]*$`)
_sanitizeReAltTitleMatch = regexp.MustCompile(`:\S+:`) _sanitizeReAltTitleMatch = regexp.MustCompile(`:\S+:`)
_sanitizeReClassMatch = regexp.MustCompile(`(?i)^(emoji)[A-Z_]*?$`)
) )
func sanitize(raw string) string { func sanitize(raw string) string {
@ -153,7 +154,7 @@ func sanitize(raw string) string {
// Allow img tags from the the local emoji directory only // Allow img tags from the the local emoji directory only
p.AllowAttrs("src").Matching(_sanitizeReSrcMatch).OnElements("img") p.AllowAttrs("src").Matching(_sanitizeReSrcMatch).OnElements("img")
p.AllowAttrs("alt", "title").Matching(_sanitizeReAltTitleMatch).OnElements("img") p.AllowAttrs("alt", "title").Matching(_sanitizeReAltTitleMatch).OnElements("img")
p.AllowAttrs("class").OnElements("img") p.AllowAttrs("class").Matching(_sanitizeReClassMatch).OnElements("img")
// Allow bold // Allow bold
p.AllowElements("strong") p.AllowElements("strong")