forked from mystiq/hydrogen-web
Add escaping to replies
This commit is contained in:
parent
753bb8392b
commit
3d911f2a22
1 changed files with 18 additions and 8 deletions
|
@ -19,6 +19,10 @@ import {REDACTION_TYPE} from "../../common.js";
|
||||||
import {createAnnotation, createReply, ANNOTATION_RELATION_TYPE, getRelationFromContent} from "../relations.js";
|
import {createAnnotation, createReply, ANNOTATION_RELATION_TYPE, getRelationFromContent} from "../relations.js";
|
||||||
import {PendingAnnotation} from "../PendingAnnotation.js";
|
import {PendingAnnotation} from "../PendingAnnotation.js";
|
||||||
|
|
||||||
|
function htmlEscape(string) {
|
||||||
|
return string.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">");
|
||||||
|
}
|
||||||
|
|
||||||
/** Deals mainly with local echo for relations and redactions,
|
/** Deals mainly with local echo for relations and redactions,
|
||||||
* so it is shared between PendingEventEntry and EventEntry */
|
* so it is shared between PendingEventEntry and EventEntry */
|
||||||
export class BaseEventEntry extends BaseEntry {
|
export class BaseEventEntry extends BaseEntry {
|
||||||
|
@ -168,15 +172,21 @@ export class BaseEventEntry extends BaseEntry {
|
||||||
return this.content.msgtype === "m.emote" ? "* " : "";
|
return this.content.msgtype === "m.emote" ? "* " : "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
get _formattedBody() {
|
||||||
|
return this.content.formatted_body || (this.content.body && htmlEscape(this.content.body));
|
||||||
|
}
|
||||||
|
|
||||||
|
get _plainBody() {
|
||||||
|
return this.content.body;
|
||||||
|
}
|
||||||
|
|
||||||
_replyFormattedFallback() {
|
_replyFormattedFallback() {
|
||||||
// TODO check for absense?
|
const body = this._fallbackBlurb() || this._formattedBody || "";
|
||||||
// TODO escape and tranform unformatted body as needed
|
|
||||||
const body = this._fallbackBlurb() || this.content.formatted_body || this.content.body;
|
|
||||||
const prefix = this._fallbackPrefix();
|
const prefix = this._fallbackPrefix();
|
||||||
return `<mx-reply>
|
return `<mx-reply>
|
||||||
<blockquote>
|
<blockquote>
|
||||||
In reply to
|
In reply to
|
||||||
${prefix}<a href="https://matrix.to/#/${this.sender}">${this.displayName}</a>
|
${prefix}<a href="https://matrix.to/#/${this.sender}">${this.displayName || this.sender}</a>
|
||||||
<br />
|
<br />
|
||||||
${body}
|
${body}
|
||||||
</blockquote>
|
</blockquote>
|
||||||
|
@ -184,16 +194,16 @@ export class BaseEventEntry extends BaseEntry {
|
||||||
}
|
}
|
||||||
|
|
||||||
_replyBodyFallback() {
|
_replyBodyFallback() {
|
||||||
// TODO check for absense?
|
const body = this._fallbackBlurb() || this._plainBody || "";
|
||||||
const body = this._fallbackBlurb() || this.content.body;
|
|
||||||
const bodyLines = body.split("\n");
|
const bodyLines = body.split("\n");
|
||||||
bodyLines[0] = `> <${this.sender}> ${bodyLines[0]}`
|
bodyLines[0] = `> <${this.sender}> ${bodyLines[0]}`
|
||||||
return `${bodyLines.join("\n> ")}`;
|
return bodyLines.join("\n> ");
|
||||||
}
|
}
|
||||||
|
|
||||||
reply(msgtype, body) {
|
reply(msgtype, body) {
|
||||||
|
// TODO check for absense of sender / body / msgtype / etc?
|
||||||
const newBody = this._replyBodyFallback() + '\n\n' + body;
|
const newBody = this._replyBodyFallback() + '\n\n' + body;
|
||||||
const newFormattedBody = this._replyFormattedFallback() + body;
|
const newFormattedBody = this._replyFormattedFallback() + htmlEscape(body);
|
||||||
return createReply(this.id, msgtype, newBody, newFormattedBody);
|
return createReply(this.id, msgtype, newBody, newFormattedBody);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue