diff --git a/src/domain/session/room/timeline/deserialize.js b/src/domain/session/room/timeline/deserialize.js index ce690732..3ef22b02 100644 --- a/src/domain/session/room/timeline/deserialize.js +++ b/src/domain/session/room/timeline/deserialize.js @@ -29,7 +29,7 @@ import { linkify } from "./linkify/linkify.js"; */ const basicInline = ["EM", "STRONG", "CODE", "DEL", "SPAN" ]; const basicBlock = ["DIV", "BLOCKQUOTE"]; -const safeSchemas = ["https", "http", "ftp", "mailto", "magnet"].map(name => `${name}://`); +const safeSchemas = ["matrix", "https", "http", "ftp", "mailto", "magnet"].map(name => `${name}:`); const baseUrl = 'https://matrix.to'; const linkPrefix = `${baseUrl}/#/`; diff --git a/src/platform/web/parsehtml.js b/src/platform/web/parsehtml.js index ec30b2c9..b01f4b9c 100644 --- a/src/platform/web/parsehtml.js +++ b/src/platform/web/parsehtml.js @@ -55,7 +55,7 @@ class HTMLParseResult { } const sanitizeConfig = { - ALLOWED_URI_REGEXP: /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp|xxx|mxc):|[^a-z]|[a-z+.-]+(?:[^a-z+.-:]|$))/i, + ALLOWED_URI_REGEXP: /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp|xxx|mxc|matrix):|[^a-z]|[a-z+.-]+(?:[^a-z+.-:]|$))/i, ADD_TAGS: ['mx-reply'] }