Add escaping to replies

This commit is contained in:
Danila Fedorin 2021-07-26 14:49:06 -07:00
parent 753bb8392b
commit 3d911f2a22

View File

@ -19,6 +19,10 @@ import {REDACTION_TYPE} from "../../common.js";
import {createAnnotation, createReply, ANNOTATION_RELATION_TYPE, getRelationFromContent} from "../relations.js"; import {createAnnotation, createReply, ANNOTATION_RELATION_TYPE, getRelationFromContent} from "../relations.js";
import {PendingAnnotation} from "../PendingAnnotation.js"; import {PendingAnnotation} from "../PendingAnnotation.js";
function htmlEscape(string) {
return string.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
}
/** Deals mainly with local echo for relations and redactions, /** Deals mainly with local echo for relations and redactions,
* so it is shared between PendingEventEntry and EventEntry */ * so it is shared between PendingEventEntry and EventEntry */
export class BaseEventEntry extends BaseEntry { export class BaseEventEntry extends BaseEntry {
@ -168,15 +172,21 @@ export class BaseEventEntry extends BaseEntry {
return this.content.msgtype === "m.emote" ? "* " : ""; return this.content.msgtype === "m.emote" ? "* " : "";
} }
get _formattedBody() {
return this.content.formatted_body || (this.content.body && htmlEscape(this.content.body));
}
get _plainBody() {
return this.content.body;
}
_replyFormattedFallback() { _replyFormattedFallback() {
// TODO check for absense? const body = this._fallbackBlurb() || this._formattedBody || "";
// TODO escape and tranform unformatted body as needed
const body = this._fallbackBlurb() || this.content.formatted_body || this.content.body;
const prefix = this._fallbackPrefix(); const prefix = this._fallbackPrefix();
return `<mx-reply> return `<mx-reply>
<blockquote> <blockquote>
In reply to In reply to
${prefix}<a href="https://matrix.to/#/${this.sender}">${this.displayName}</a> ${prefix}<a href="https://matrix.to/#/${this.sender}">${this.displayName || this.sender}</a>
<br /> <br />
${body} ${body}
</blockquote> </blockquote>
@ -184,16 +194,16 @@ export class BaseEventEntry extends BaseEntry {
} }
_replyBodyFallback() { _replyBodyFallback() {
// TODO check for absense? const body = this._fallbackBlurb() || this._plainBody || "";
const body = this._fallbackBlurb() || this.content.body;
const bodyLines = body.split("\n"); const bodyLines = body.split("\n");
bodyLines[0] = `> <${this.sender}> ${bodyLines[0]}` bodyLines[0] = `> <${this.sender}> ${bodyLines[0]}`
return `${bodyLines.join("\n> ")}`; return bodyLines.join("\n> ");
} }
reply(msgtype, body) { reply(msgtype, body) {
// TODO check for absense of sender / body / msgtype / etc?
const newBody = this._replyBodyFallback() + '\n\n' + body; const newBody = this._replyBodyFallback() + '\n\n' + body;
const newFormattedBody = this._replyFormattedFallback() + body; const newFormattedBody = this._replyFormattedFallback() + htmlEscape(body);
return createReply(this.id, msgtype, newBody, newFormattedBody); return createReply(this.id, msgtype, newBody, newFormattedBody);
} }