From 3e59a0701203c7d3ae32e153f49f013f29314c75 Mon Sep 17 00:00:00 2001 From: Alexander Zinchuk Date: Fri, 27 Oct 2023 12:50:00 +0200 Subject: [PATCH] WebShare: Prevent external formatting insertion (#3921) --- src/components/common/Composer.tsx | 3 +- .../middle/composer/helpers/cleanHtml.ts | 65 +++++++++++++++++++ .../composer/hooks/useClipboardPaste.ts | 56 +--------------- 3 files changed, 70 insertions(+), 54 deletions(-) create mode 100644 src/components/middle/composer/helpers/cleanHtml.ts diff --git a/src/components/common/Composer.tsx b/src/components/common/Composer.tsx index c90a9ae5d..a7baeeef4 100644 --- a/src/components/common/Composer.tsx +++ b/src/components/common/Composer.tsx @@ -93,6 +93,7 @@ import { IS_IOS, IS_VOICE_RECORDING_SUPPORTED } from '../../util/windowEnvironme import windowSize from '../../util/windowSize'; import applyIosAutoCapitalizationFix from '../middle/composer/helpers/applyIosAutoCapitalizationFix'; import buildAttachment, { prepareAttachmentsToSend } from '../middle/composer/helpers/buildAttachment'; +import { escapeHtml } from '../middle/composer/helpers/cleanHtml'; import { buildCustomEmojiHtml } from '../middle/composer/helpers/customEmoji'; import { isSelectionInsideInput } from '../middle/composer/helpers/selection'; import renderText from './helpers/renderText'; @@ -1038,7 +1039,7 @@ const Composer: FC = ({ useEffect(() => { if (requestedDraftText) { - setHtml(requestedDraftText); + setHtml(escapeHtml(requestedDraftText)); resetOpenChatWithDraft(); requestNextMutation(() => { diff --git a/src/components/middle/composer/helpers/cleanHtml.ts b/src/components/middle/composer/helpers/cleanHtml.ts new file mode 100644 index 000000000..3d4c76002 --- /dev/null +++ b/src/components/middle/composer/helpers/cleanHtml.ts @@ -0,0 +1,65 @@ +import { ApiMessageEntityTypes } from '../../../../api/types'; + +import { DEBUG } from '../../../../config'; +import cleanDocsHtml from '../../../../lib/cleanDocsHtml'; +import { ENTITY_CLASS_BY_NODE_NAME } from '../../../../util/parseMessageInput'; + +const STYLE_TAG_REGEX = /