From 00b47e16736f8b472f20dab8def30fb22d54c8be Mon Sep 17 00:00:00 2001
From: Henry Jameson <me@hjkos.com>
Date: Mon, 5 Jun 2023 21:49:47 +0300
Subject: [PATCH 1/3] fix regex misinterpreting tag name in badly formed HTML,
 prevent rich content from ever using dangerous tags

---
 src/components/rich_content/rich_content.jsx   | 4 +++-
 src/services/html_converter/utility.service.js | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/components/rich_content/rich_content.jsx b/src/components/rich_content/rich_content.jsx
index 7881e365..47ef517b 100644
--- a/src/components/rich_content/rich_content.jsx
+++ b/src/components/rich_content/rich_content.jsx
@@ -149,7 +149,9 @@ export default {
       // Handle tag nodes
       if (Array.isArray(item)) {
         const [opener, children, closer] = item
-        const Tag = getTagName(opener)
+        let Tag = getTagName(opener)
+        if (Tag === 'script') Tag = 'js-exploit'
+        if (Tag === 'style') Tag = 'css-exploit'
         const fullAttrs = getAttrs(opener, () => true)
         const attrs = getAttrs(opener)
         const previouslyMentions = currentMentions !== null
diff --git a/src/services/html_converter/utility.service.js b/src/services/html_converter/utility.service.js
index f1042971..a1301353 100644
--- a/src/services/html_converter/utility.service.js
+++ b/src/services/html_converter/utility.service.js
@@ -5,7 +5,7 @@
  * @return {String} - tagname, i.e. "div"
  */
 export const getTagName = (tag) => {
-  const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gi.exec(tag)
+  const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gis.exec(tag)
   return result && (result[1] || result[2])
 }
 

From 10e28f6c1df4432947fa5686c6cecde9ffe8582d Mon Sep 17 00:00:00 2001
From: Henry Jameson <me@hjkos.com>
Date: Mon, 5 Jun 2023 21:54:17 +0300
Subject: [PATCH 2/3] changelog

---
 changelog.d/parser.fix | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/parser.fix

diff --git a/changelog.d/parser.fix b/changelog.d/parser.fix
new file mode 100644
index 00000000..13bac0bf
--- /dev/null
+++ b/changelog.d/parser.fix
@@ -0,0 +1 @@
+fix regex issue in HTML parser/renderer

From 0109724a5f16e58a78ab4c09c955c44982368c6f Mon Sep 17 00:00:00 2001
From: Henry Jameson <me@hjkos.com>
Date: Mon, 5 Jun 2023 21:57:36 +0300
Subject: [PATCH 3/3] case insensititvy

---
 src/components/rich_content/rich_content.jsx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/components/rich_content/rich_content.jsx b/src/components/rich_content/rich_content.jsx
index 47ef517b..b16ab242 100644
--- a/src/components/rich_content/rich_content.jsx
+++ b/src/components/rich_content/rich_content.jsx
@@ -150,8 +150,8 @@ export default {
       if (Array.isArray(item)) {
         const [opener, children, closer] = item
         let Tag = getTagName(opener)
-        if (Tag === 'script') Tag = 'js-exploit'
-        if (Tag === 'style') Tag = 'css-exploit'
+        if (Tag.toLowerCase() === 'script') Tag = 'js-exploit'
+        if (Tag.toLowerCase() === 'style') Tag = 'css-exploit'
         const fullAttrs = getAttrs(opener, () => true)
         const attrs = getAttrs(opener)
         const previouslyMentions = currentMentions !== null