keejef
/
session-desktop
mirror of https://github.com/oxen-io/session-desktop
2
0
Fork 0
Code Issues 8 Projects Releases Wiki Activity

integrate dangerouslySetInnerHTML into custom components and sanityze it before rendering

Browse Source
pull/691/head
Audric Ackermann 6 years ago
parent f84e286ddc
commit d5b8436f4d
5 changed files with 45 additions and 25 deletions
Show Stats Download Patch File Download Diff File

11
_locales/en/messages.json
Unescape Escape View File

@ -2348,5 +2348,16 @@
}, },
"or": { "or": {
"message": "or" "message": "or"
},
"ByUsingThiService...": {
"message":
"By using this service, you agree to our <a>Terms and Conditions</a> and <a>Privacy Statement</a>"
},
"beginYourSession": {
"message": "Begin<br />your<br />Session."
},
"ensuringPeaceOfMind...": {
"message":
" Ensuring <span class=\"redacted\">peace of</span> mind, one <span class=\"redacted\">session</span> at a time."
} }
} }

13
ts/components/conversation/Linkify.tsx
Unescape Escape View File

@ -4,6 +4,7 @@ import LinkifyIt from 'linkify-it';
import { RenderTextCallbackType } from '../../types/Util'; import { RenderTextCallbackType } from '../../types/Util';
import { isLinkSneaky } from '../../../js/modules/link_previews'; import { isLinkSneaky } from '../../../js/modules/link_previews';
import { SessionHtmlRenderer } from '../session/SessionHTMLRenderer';
const linkify = LinkifyIt(); const linkify = LinkifyIt();
@ -29,17 +30,7 @@ export class Linkify extends React.Component<Props> {
if (isRss && text.indexOf('</') !== -1) { if (isRss && text.indexOf('</') !== -1) {
results.push( results.push(
<div <SessionHtmlRenderer key={count++} html={text} tag="div" />
key={count++}
dangerouslySetInnerHTML={{
__html: text
.replace(
/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,
''
)
.replace(/<style\b[^<]*(?:(?!<\/style>)<[^<]*)*<\/style>/gi, ''),
}}
/>
); );
// should already have links // should already have links

14
ts/components/session/AccentText.tsx
Unescape Escape View File

@ -1,6 +1,7 @@
import React from 'react'; import React from 'react';
import { LocalizerType } from '../../types/Util'; import { LocalizerType } from '../../types/Util';
import { SessionHtmlRenderer } from './SessionHTMLRenderer';
interface Props { interface Props {
i18n: LocalizerType; i18n: LocalizerType;
@ -12,22 +13,17 @@ export class AccentText extends React.PureComponent<Props> {
} }
public render() { public render() {
const { showSubtitle } = this.props; const { showSubtitle, i18n } = this.props;
// FIXME find a better way than dangerouslySetInnerHTML to set those two strings in a localized way
return ( return (
<div className="session-content-accent-text"> <div className="session-content-accent-text">
<div className="session-content-accent-text title"> <div className="session-content-accent-text title">
Begin <SessionHtmlRenderer html={i18n('beginYourSession')} />
<br />
your
<br />
Session.
</div> </div>
{showSubtitle ? ( {showSubtitle ? (
<div className="session-content-accent-text subtitle"> <div className="session-content-accent-text subtitle">
Ensuring <span className="redacted">peace of</span> mind, one{' '} <SessionHtmlRenderer html={i18n('ensuringPeaceOfMind...')} />
<span className="redacted">session</span> at a time.
</div> </div>
) : ( ) : (
'' ''

6
ts/components/session/RegistrationTabs.tsx
Unescape Escape View File

@ -5,6 +5,7 @@ import { LocalizerType } from '../../types/Util';
import { SessionInput } from './SessionInput'; import { SessionInput } from './SessionInput';
import { SessionButton, SessionButtonType } from './SessionButton'; import { SessionButton, SessionButtonType } from './SessionButton';
import { trigger } from '../../shims/events'; import { trigger } from '../../shims/events';
import { SessionHtmlRenderer } from './SessionHTMLRenderer';
interface Props { interface Props {
i18n: LocalizerType; i18n: LocalizerType;
@ -402,13 +403,12 @@ export class RegistrationTabs extends React.Component<Props, State> {
} }
private renderTermsConditionAgreement() { private renderTermsConditionAgreement() {
const { i18n } = this.props;
// FIXME link to our Terms and Conditions and privacy statement // FIXME link to our Terms and Conditions and privacy statement
// FIXME find a better way than dangerouslySetInnerHTML to set this in a localized way
return ( return (
<div className="session-terms-conditions-agreement"> <div className="session-terms-conditions-agreement">
By using this service, you agree to our <a>Terms and Conditions</a> and{' '} <SessionHtmlRenderer html={i18n('ByUsingThiService...')} />
<a>Privacy Statement</a>
</div> </div>
); );
} }

22
ts/components/session/SessionHTMLRenderer.tsx
Unescape Escape View File

@ -0,0 +1,22 @@
import React from 'react';
import DOMPurify from 'dompurify';
interface ReceivedProps {
html: string;
tag?: string;
key?: any;
}
type Props = ReceivedProps;
export const SessionHtmlRenderer: React.SFC<Props> = ({ tag = 'div', key, html }) => {
const clean = DOMPurify.sanitize(html, {
USE_PROFILES: { html: true },
FORBID_ATTR: ['style', 'script'],
});
return React.createElement(tag, {
key,
dangerouslySetInnerHTML: { __html: clean },
});
};
Write Preview
Loading…
Cancel
Save