Merge branch 'fix/escape-html' into 'develop'
Escape HTML from display name and subject fields Closes #724 See merge request pleroma/pleroma-fe!1052
This commit is contained in:
commit
8fcb9c42aa
3 changed files with 7 additions and 3 deletions
|
@ -21,6 +21,7 @@
|
||||||
"chromatism": "^3.0.0",
|
"chromatism": "^3.0.0",
|
||||||
"cropperjs": "^1.4.3",
|
"cropperjs": "^1.4.3",
|
||||||
"diff": "^3.0.1",
|
"diff": "^3.0.1",
|
||||||
|
"escape-html": "^1.0.3",
|
||||||
"karma-mocha-reporter": "^2.2.1",
|
"karma-mocha-reporter": "^2.2.1",
|
||||||
"localforage": "^1.5.0",
|
"localforage": "^1.5.0",
|
||||||
"object-path": "^0.11.3",
|
"object-path": "^0.11.3",
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
import escape from 'escape-html'
|
||||||
|
|
||||||
const qvitterStatusType = (status) => {
|
const qvitterStatusType = (status) => {
|
||||||
if (status.is_post_verb) {
|
if (status.is_post_verb) {
|
||||||
return 'status'
|
return 'status'
|
||||||
|
@ -41,7 +43,7 @@ export const parseUser = (data) => {
|
||||||
}
|
}
|
||||||
|
|
||||||
output.name = data.display_name
|
output.name = data.display_name
|
||||||
output.name_html = addEmojis(data.display_name, data.emojis)
|
output.name_html = addEmojis(escape(data.display_name), data.emojis)
|
||||||
|
|
||||||
output.description = data.note
|
output.description = data.note
|
||||||
output.description_html = addEmojis(data.note, data.emojis)
|
output.description_html = addEmojis(data.note, data.emojis)
|
||||||
|
@ -256,7 +258,7 @@ export const parseStatus = (data) => {
|
||||||
output.retweeted_status = parseStatus(data.reblog)
|
output.retweeted_status = parseStatus(data.reblog)
|
||||||
}
|
}
|
||||||
|
|
||||||
output.summary_html = addEmojis(data.spoiler_text, data.emojis)
|
output.summary_html = addEmojis(escape(data.spoiler_text), data.emojis)
|
||||||
output.external_url = data.url
|
output.external_url = data.url
|
||||||
output.poll = data.poll
|
output.poll = data.poll
|
||||||
output.pinned = data.pinned
|
output.pinned = data.pinned
|
||||||
|
|
|
@ -2757,9 +2757,10 @@ es6-promisify@^5.0.0:
|
||||||
dependencies:
|
dependencies:
|
||||||
es6-promise "^4.0.3"
|
es6-promise "^4.0.3"
|
||||||
|
|
||||||
escape-html@~1.0.3:
|
escape-html@^1.0.3, escape-html@~1.0.3:
|
||||||
version "1.0.3"
|
version "1.0.3"
|
||||||
resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
|
resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
|
||||||
|
integrity sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=
|
||||||
|
|
||||||
escape-string-regexp@1.0.5, escape-string-regexp@^1.0.2, escape-string-regexp@^1.0.5:
|
escape-string-regexp@1.0.5, escape-string-regexp@^1.0.2, escape-string-regexp@^1.0.5:
|
||||||
version "1.0.5"
|
version "1.0.5"
|
||||||
|
|
Loading…
Reference in a new issue