OfficialDakari
/
matrix-dart-sdk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: escape attributes in markdown less aggressively

This commit is contained in:
Nicolas Werner 2021-02-17 22:56:31 +01:00
parent bc864fda4a
commit ac1ad1b897
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/src/utils/markdown.dart
View File

@ -19,6 +19,8 @@
import 'package:markdown/markdown.dart'; import 'package:markdown/markdown.dart';
import 'dart:convert'; import 'dart:convert';
const htmlAttrEscape = HtmlEscape(HtmlEscapeMode.attribute);
class LinebreakSyntax extends InlineSyntax { class LinebreakSyntax extends InlineSyntax {
LinebreakSyntax() : super(r'\n'); LinebreakSyntax() : super(r'\n');
@ -51,7 +53,7 @@ class SpoilerSyntax extends TagSyntax {
bool onMatchEnd(InlineParser parser, Match match, TagState state) { bool onMatchEnd(InlineParser parser, Match match, TagState state) {
final element = Element('span', state.children); final element = Element('span', state.children);
element.attributes['data-mx-spoiler'] = element.attributes['data-mx-spoiler'] =
htmlEscape.convert(reasonMap[match.input] ?? ''); htmlAttrEscape.convert(reasonMap[match.input] ?? '');
parser.addNode(element); parser.addNode(element);
return true; return true;
} }
@ -84,9 +86,9 @@ class EmoteSyntax extends InlineSyntax {
} }
final element = Element.empty('img'); final element = Element.empty('img');
element.attributes['data-mx-emoticon'] = ''; element.attributes['data-mx-emoticon'] = '';
element.attributes['src'] = htmlEscape.convert(mxc); element.attributes['src'] = htmlAttrEscape.convert(mxc);
element.attributes['alt'] = htmlEscape.convert(emote); element.attributes['alt'] = htmlAttrEscape.convert(emote);
element.attributes['title'] = htmlEscape.convert(emote); element.attributes['title'] = htmlAttrEscape.convert(emote);
element.attributes['height'] = '32'; element.attributes['height'] = '32';
element.attributes['vertical-align'] = 'middle'; element.attributes['vertical-align'] = 'middle';
parser.addNode(element); parser.addNode(element);

6
test/markdown_test.dart
View File

@ -54,11 +54,11 @@ void main() {
}); });
test('emotes', () { test('emotes', () {
expect(markdown(':fox:', emotePacks), expect(markdown(':fox:', emotePacks),
'<img data-mx-emoticon="" src="mxc:&#47;&#47;roomfox" alt=":fox:" title=":fox:" height="32" vertical-align="middle" />'); '<img data-mx-emoticon="" src="mxc://roomfox" alt=":fox:" title=":fox:" height="32" vertical-align="middle" />');
expect(markdown(':user~fox:', emotePacks), expect(markdown(':user~fox:', emotePacks),
'<img data-mx-emoticon="" src="mxc:&#47;&#47;userfox" alt=":fox:" title=":fox:" height="32" vertical-align="middle" />'); '<img data-mx-emoticon="" src="mxc://userfox" alt=":fox:" title=":fox:" height="32" vertical-align="middle" />');
expect(markdown(':raccoon:', emotePacks), expect(markdown(':raccoon:', emotePacks),
'<img data-mx-emoticon="" src="mxc:&#47;&#47;raccoon" alt=":raccoon:" title=":raccoon:" height="32" vertical-align="middle" />'); '<img data-mx-emoticon="" src="mxc://raccoon" alt=":raccoon:" title=":raccoon:" height="32" vertical-align="middle" />');
expect(markdown(':invalid:', emotePacks), ':invalid:'); expect(markdown(':invalid:', emotePacks), ':invalid:');
expect(markdown(':room~invalid:', emotePacks), ':room~invalid:'); expect(markdown(':room~invalid:', emotePacks), ':room~invalid:');
}); });