Strip out sanitizeHtml stuff as it's not required

As per https://github.com/matrix-org/matrix-react-sdk/pull/968#issuecomment-304946341
This commit is contained in:
Kegan Dougal 2017-05-31 09:29:43 +01:00
parent 7f4bdd4b38
commit 1ab52652f7

View file

@ -83,14 +83,8 @@ export function _tJsx(jsxText, patterns, subs) {
}
}
// tJsxText may be unsafe if malicious translators try to inject HTML.
// Run this through sanitize-html and bail if the output isn't identical
// The translation returns text so there's no XSS vector here (no unsafe HTML, no code execution)
const tJsxText = _t(jsxText);
const sanitized = sanitizeHtml(tJsxText, { allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'span' ]) });
if (tJsxText !== sanitized) {
throw new Error(`_tJsx: translator error. untrusted HTML supplied. '${tJsxText}' != '${sanitized}'`);
}
let output = [tJsxText];
for (let i = 0; i < patterns.length; i++) {
// convert the last element in 'output' into 3 elements (pre-text, sub function, post-text).