From 4bc7873e037dd4760c32e3dda4a94462696684e6 Mon Sep 17 00:00:00 2001 From: HJ <30-hj@users.noreply.git.pleroma.social> Date: Mon, 5 Jun 2023 19:04:30 +0000 Subject: [PATCH 01/44] Merge branch 'harden-parser' into 'develop' fix regex misinterpreting tag name in badly formed HTML See merge request pleroma/pleroma-fe!1835 (cherry picked from commit 624af7ed00b0edb2792f84cc83f6eeb7568798c4) 00b47e16 fix regex misinterpreting tag name in badly formed HTML, prevent rich 5e656cc0 Merge remote-tracking branch 'origin/develop' into harden-parser 10e28f6c changelog 0109724a case insensititvy --- changelog.d/parser.fix | 1 + src/components/rich_content/rich_content.jsx | 4 +++- src/services/html_converter/utility.service.js | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 changelog.d/parser.fix diff --git a/changelog.d/parser.fix b/changelog.d/parser.fix new file mode 100644 index 00000000..13bac0bf --- /dev/null +++ b/changelog.d/parser.fix @@ -0,0 +1 @@ +fix regex issue in HTML parser/renderer diff --git a/src/components/rich_content/rich_content.jsx b/src/components/rich_content/rich_content.jsx index 7881e365..b16ab242 100644 --- a/src/components/rich_content/rich_content.jsx +++ b/src/components/rich_content/rich_content.jsx @@ -149,7 +149,9 @@ export default { // Handle tag nodes if (Array.isArray(item)) { const [opener, children, closer] = item - const Tag = getTagName(opener) + let Tag = getTagName(opener) + if (Tag.toLowerCase() === 'script') Tag = 'js-exploit' + if (Tag.toLowerCase() === 'style') Tag = 'css-exploit' const fullAttrs = getAttrs(opener, () => true) const attrs = getAttrs(opener) const previouslyMentions = currentMentions !== null diff --git a/src/services/html_converter/utility.service.js b/src/services/html_converter/utility.service.js index f1042971..a1301353 100644 --- a/src/services/html_converter/utility.service.js +++ b/src/services/html_converter/utility.service.js @@ -5,7 +5,7 @@ * @return {String} - tagname, i.e. "div" */ export const getTagName = (tag) => { - const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gi.exec(tag) + const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gis.exec(tag) return result && (result[1] || result[2]) } From 0d6a9e8a647be860b10506aecaafb4ff0f10150f Mon Sep 17 00:00:00 2001 From: tusooa Date: Sun, 13 Aug 2023 23:57:34 -0400 Subject: [PATCH 02/44] Display extra notifications on notifications column --- .../extra_notifications.js | 9 ++++ .../extra_notifications.vue | 42 +++++++++++++++++++ src/components/notifications/notifications.js | 7 +++- .../notifications/notifications.vue | 7 ++++ src/i18n/en.json | 4 +- 5 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 src/components/extra_notifications/extra_notifications.js create mode 100644 src/components/extra_notifications/extra_notifications.vue diff --git a/src/components/extra_notifications/extra_notifications.js b/src/components/extra_notifications/extra_notifications.js new file mode 100644 index 00000000..0bf904ba --- /dev/null +++ b/src/components/extra_notifications/extra_notifications.js @@ -0,0 +1,9 @@ +import { mapGetters } from 'vuex' + +const ExtraNotifications = { + computed: { + ...mapGetters(['unreadChatCount', 'unreadAnnouncementCount']) + } +} + +export default ExtraNotifications diff --git a/src/components/extra_notifications/extra_notifications.vue b/src/components/extra_notifications/extra_notifications.vue new file mode 100644 index 00000000..11eeb937 --- /dev/null +++ b/src/components/extra_notifications/extra_notifications.vue @@ -0,0 +1,42 @@ + + +