LogalDeveloper/owncast
0
Fork 0
Code Activity

fix(chat): fix missing alt tags on custom emoji. Closes #3106

Browse Source
This commit is contained in:
Gabe Kangas
2023-06-26 11:37:34 -07:00
parent b696efb0eb
commit d33f117a82
5 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
core/chat/events/events.go
View File

@@ -125,9 +125,9 @@ func RenderMarkdown(raw string) string {
}
var (
_sanitizeReSrcMatch = regexp.MustCompile(`(?i)^/img/emoji/[^\.%]*.[A-Z]*$`)
_sanitizeReAltTitleMatch = regexp.MustCompile(`:\S+:`)
_sanitizeReClassMatch = regexp.MustCompile(`(?i)^(emoji)[A-Z_]*?$`)
_sanitizeReSrcMatch = regexp.MustCompile(`(?i)^/img/emoji/[^\.%]*.[A-Z]*$`)
_sanitizeReClassMatch = regexp.MustCompile(`(?i)^(emoji)[A-Z_]*?$`)
_sanitizeNonEmptyMatch = regexp.MustCompile(`^.+$`)
)
func sanitize(raw string) string {
@@ -153,7 +153,7 @@ func sanitize(raw string) string {
// Allow img tags from the the local emoji directory only
p.AllowAttrs("src").Matching(_sanitizeReSrcMatch).OnElements("img")
p.AllowAttrs("alt", "title").Matching(_sanitizeReAltTitleMatch).OnElements("img")
p.AllowAttrs("alt", "title").Matching(_sanitizeNonEmptyMatch).OnElements("img")
p.AllowAttrs("class").Matching(_sanitizeReClassMatch).OnElements("img")
// Allow bold

15
core/chat/messageRendering_test.go
View File

@@ -10,17 +10,14 @@ import (
// and fully rendered HTML out of it.
func TestRenderAndSanitize(t *testing.T) {
messageContent := `
Test one two three! I go to http://yahoo.com and search for _sports_ and **answers**.
Here is an iframe <iframe src="http://yahoo.com"></iframe>
## blah blah blah
[test link](http://owncast.online)
<img class="emoji" alt="bananadance.gif" width="600px" src="/img/emoji/bananadance.gif">
<script src="http://hackers.org/hack.js"></script>
`
Test one two three! I go to http://yahoo.com and search for _sports_ and **answers**.
Here is an iframe<iframe src="http://yahoo.com"></iframe>
## blah blah blah
[test link](http://owncast.online)
<img class="emoji" src="/img/emoji/bananadance.gif">`
expected := `Test one two three! I go to <a href="http://yahoo.com" rel="nofollow noreferrer noopener" target="_blank">http://yahoo.com</a> and search for <em>sports</em> and <strong>answers</strong>.
Here is an iframe
Here is an iframe
blah blah blah
<a href="http://owncast.online" rel="nofollow noreferrer noopener" target="_blank">test link</a>
<img class="emoji" src="/img/emoji/bananadance.gif">`