From: Anon Date: Mon, 10 Jul 2023 11:37:07 +0000 (-0500) Subject: Fix XSS vuln (#1897) X-Git-Url: http://these/git/%22https:/image.com/%7Bthis.imageSrc%7D?a=commitdiff_plain;h=e80bcf53acb8ce25ed5ef6b7eb16b90f0b07e8f1;p=lemmy-ui.git Fix XSS vuln (#1897) --- diff --git a/src/shared/markdown.ts b/src/shared/markdown.ts index 85aa8ee..33afd71 100644 --- a/src/shared/markdown.ts +++ b/src/shared/markdown.ts @@ -188,13 +188,16 @@ export function setupMarkdown() { //Provide custom renderer for our emojis to allow us to add a css class and force size dimensions on them. const item = tokens[idx] as any; const title = item.attrs.length >= 3 ? item.attrs[2][1] : ""; - const src: string = item.attrs[0][1]; - const isCustomEmoji = customEmojisLookup.get(title) != undefined; + const customEmoji = customEmojisLookup.get(title); + const isCustomEmoji = customEmoji != undefined; if (!isCustomEmoji) { return defaultRenderer?.(tokens, idx, options, env, self) ?? ""; } - const alt_text = item.content; - return `${alt_text}`; + return `${
+      customEmoji!.custom_emoji.alt_text
+    }`; }; md.renderer.rules.table_open = function () { return '';