dnrops
/
cryptpad
mirror of https://github.com/xwiki-labs/cryptpad
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

guard against markdown images with double-quotes in their href

This commit is contained in:
ansuz 2021-06-23 09:32:58 +05:30
parent 433470cf40
commit 6ddcbb948e
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
www/common/diffMarked.js
View File

@ -267,7 +267,7 @@ define([
};
renderer.image = function (href, title, text) {
if (href.slice(0,6) === '/file/') {
if (href.slice(0,6) === '/file/') { // XXX this has been deprecated for about 3 years... use the same inline image handler as below?
// DEPRECATED
// Mediatag using markdown syntax should not be used anymore so they don't support
// password-protected files
@ -283,12 +283,14 @@ define([
mt += '</media-tag>';
return mt;
}
var out = '<img src="' + href + '" alt="' + text + '"';
if (title) {
out += ' title="' + title + '"';
}
out += this.options.xhtml ? '/>' : '>';
return out;
var img = h('img.cp-inline-img', {
src: href || '',
title: title || '',
alt: text || '',
});
return img.outerHTML;
};
restrictedRenderer.image = renderer.image;