mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-05-13 22:54:42 -04:00
Fix security related problems (#1522)
* Remove unnecessary capture group from regex Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> * Rename component to make name more expressive Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> * Remove redundant expression Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> * Filter vbscript links Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> * Remove superfluous parameter Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> * Check if handler is set Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de> * Fix doc Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit is contained in:
Tilman Vatteroth
GitHub
parent
0e512531a0
commit
87d6285da5
8 changed files with 17 additions and 11 deletions
|
|
@ -36,7 +36,7 @@ export class LinkReplacer extends ComponentReplacer {
|
|||
const url = node.attribs.href.trim()
|
||||
|
||||
// eslint-disable-next-line no-script-url
|
||||
if (url.startsWith('data:') || url.startsWith('javascript:')) {
|
||||
if (url.startsWith('data:') || url.startsWith('javascript:') || url.startsWith('vbscript:')) {
|
||||
return <span>{node.attribs.href}</span>
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ export const buildTransformer = (
|
|||
return convertNodeToReactElement(node, index)
|
||||
}
|
||||
const nativeRenderer: NativeRenderer = () => renderNativeNode(node, key, transform)
|
||||
const subNodeTransform: SubNodeTransform = (subNode, subKey) => transform(subNode, subKey, transform)
|
||||
const subNodeTransform: SubNodeTransform = (subNode, subKey) => transform(subNode, subKey)
|
||||
|
||||
const key = calculateKeyFromLineMarker(node, lineKeys) ?? (-index).toString()
|
||||
const tryReplacement = findNodeReplacement(node, allReplacers, subNodeTransform, nativeRenderer)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue