Strip out sanitizeHtml stuff as it's not required

As per https://github.com/matrix-org/matrix-react-sdk/pull/968#issuecomment-304946341
This commit is contained in:
Kegan Dougal 2017-05-31 09:29:43 +01:00
parent 7f4bdd4b38
commit 1ab52652f7

View file

@ -83,14 +83,8 @@ export function _tJsx(jsxText, patterns, subs) {
} }
} }
// tJsxText may be unsafe if malicious translators try to inject HTML. // The translation returns text so there's no XSS vector here (no unsafe HTML, no code execution)
// Run this through sanitize-html and bail if the output isn't identical
const tJsxText = _t(jsxText); const tJsxText = _t(jsxText);
const sanitized = sanitizeHtml(tJsxText, { allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'span' ]) });
if (tJsxText !== sanitized) {
throw new Error(`_tJsx: translator error. untrusted HTML supplied. '${tJsxText}' != '${sanitized}'`);
}
let output = [tJsxText]; let output = [tJsxText];
for (let i = 0; i < patterns.length; i++) { for (let i = 0; i < patterns.length; i++) {
// convert the last element in 'output' into 3 elements (pre-text, sub function, post-text). // convert the last element in 'output' into 3 elements (pre-text, sub function, post-text).