From f108005cc25566dd9adbc31dd5ee12397e0ef041 Mon Sep 17 00:00:00 2001 From: Alexander Zinchuk Date: Thu, 5 Aug 2021 16:56:50 +0300 Subject: [PATCH] Composer: Fix XSS when editing a message with code (#1360) --- src/components/common/helpers/renderMessageText.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/components/common/helpers/renderMessageText.tsx b/src/components/common/helpers/renderMessageText.tsx index c6806248d..882ab2287 100644 --- a/src/components/common/helpers/renderMessageText.tsx +++ b/src/components/common/helpers/renderMessageText.tsx @@ -380,7 +380,7 @@ function processEntityAsHtml( const renderedContent = nestedEntityContent.length ? nestedEntityContent.join('') - : renderText(entityContent, ['emoji_html', 'br_html']).join(''); + : renderText(entityContent, ['escape_html', 'emoji_html', 'br_html']).join(''); if (!rawEntityText) { return renderedContent;