Commit 7bfe63ac authored by Daniel García Moreno's avatar Daniel García Moreno

Don't send markdown in the body when parsed

If we parse the markdown syntax and sent that as formatted_body we
shouldn't sent the markdown text in the body, the correct way is to send
a simple text message in the body as a fallback.
parent 0c8ffc76
Pipeline #9906 passed with stage
in 19 minutes and 18 seconds
......@@ -386,6 +386,7 @@ dependencies = [
name = "fractal-gtk"
version = "0.1.26"
dependencies = [
"ammonia 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
"cairo-rs 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
"chrono 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
"comrak 0.2.9 (registry+https://github.com/rust-lang/crates.io-index)",
......
......@@ -27,6 +27,7 @@ comrak = "0.2"
html5ever = "=0.22.0"
string_cache = "=0.7.1"
string_cache_codegen = "=0.4.0"
ammonia = "1.1.0"
[dependencies.cairo-rs]
features = ["png"]
......
......@@ -5,6 +5,7 @@ extern crate gdk;
extern crate notify_rust;
extern crate rand;
extern crate comrak;
extern crate ammonia;
use std::env;
......@@ -17,7 +18,7 @@ use self::chrono::prelude::*;
use self::rand::{thread_rng, Rng};
use self::comrak::{markdown_to_html,ComrakOptions};
use self::comrak::{markdown_to_html, ComrakOptions};
use std::sync::{Arc, Mutex};
use std::sync::mpsc::channel;
......@@ -1382,6 +1383,14 @@ impl AppOp {
let md_parsed_msg = markdown_to_html(&msg, &ComrakOptions::default());
if md_parsed_msg != String::from("<p>") + &msg + &String::from("</p>\n") {
// removing all markdown from the text body
let sanitized_html = ammonia::Builder::new()
.tags([].iter().cloned().collect())
.tag_attributes([].iter().cloned().collect())
.link_rel(None)
.clean(&md_parsed_msg)
.to_string();
m.body = sanitized_html;
m.formatted_body = Some(md_parsed_msg);
m.format = Some(String::from("org.matrix.custom.html"));
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment