imterah/element-portable
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Sanitize untrusted variables from message previews before translation

Browse source 
Fixes https://github.com/vector-im/element-web/issues/18314
This commit is contained in:
Travis Ralston 2021-07-31 11:43:05 -06:00
parent 1efd226896
commit 0923dd37ab
2 changed files with 14 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/stores/room-list/previews/MessageEventPreview.ts
View file

@ -17,7 +17,7 @@ limitations under the License.
import { IPreview } from "./IPreview";
import { TagID } from "../models";
import { MatrixEvent } from "matrix-js-sdk/src/models/event";
import { _t } from "../../../languageHandler";
import { _t, sanitizeForTranslation } from "../../../languageHandler";
import { getSenderName, isSelf, shouldPrefixMessagesIn } from "./utils";
import ReplyThread from "../../../components/views/elements/ReplyThread";
import { getHtmlText } from "../../../HtmlUtils";
@ -58,6 +58,8 @@ export class MessageEventPreview implements IPreview {
body = getHtmlText(body);
}
body = sanitizeForTranslation(body);
if (msgtype === 'm.emote') {
return _t("* %(senderName)s %(emote)s", { senderName: getSenderName(event), emote: body });
}