ooops, don't forget to actually sanitize the highlights after all that
This commit is contained in:
parent
d055dbe522
commit
92435c0865
1 changed files with 4 additions and 2 deletions
|
@ -144,15 +144,17 @@ module.exports = {
|
||||||
// by an attempt to search for 'foobar'. Then again, the search query probably wouldn't work either
|
// by an attempt to search for 'foobar'. Then again, the search query probably wouldn't work either
|
||||||
if (highlights && highlights.length > 0) {
|
if (highlights && highlights.length > 0) {
|
||||||
var highlighter = new Highlighter(isHtml, "mx_EventTile_searchHighlight", opts.onHighlightClick);
|
var highlighter = new Highlighter(isHtml, "mx_EventTile_searchHighlight", opts.onHighlightClick);
|
||||||
|
var safeHighlights = highlights.map(function(highlight) {
|
||||||
|
return sanitizeHtml(highlight, sanitizeHtmlParams);
|
||||||
|
});
|
||||||
// XXX: hacky bodge to temporarily apply a textFilter to the sanitizeHtmlParams structure.
|
// XXX: hacky bodge to temporarily apply a textFilter to the sanitizeHtmlParams structure.
|
||||||
sanitizeHtmlParams.textFilter = function(safeText) {
|
sanitizeHtmlParams.textFilter = function(safeText) {
|
||||||
var html = highlighter.applyHighlights(safeText, highlights).map(function(span) {
|
return highlighter.applyHighlights(safeText, safeHighlights).map(function(span) {
|
||||||
// XXX: rather clunky conversion from the react nodes returned by applyHighlights
|
// XXX: rather clunky conversion from the react nodes returned by applyHighlights
|
||||||
// (which need to be nodes for the non-html highlighting case), to convert them
|
// (which need to be nodes for the non-html highlighting case), to convert them
|
||||||
// back into raw HTML given that's what sanitize-html works in terms of.
|
// back into raw HTML given that's what sanitize-html works in terms of.
|
||||||
return ReactDOMServer.renderToString(span);
|
return ReactDOMServer.renderToString(span);
|
||||||
}).join('');
|
}).join('');
|
||||||
return html;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
safeBody = sanitizeHtml(content.formatted_body, sanitizeHtmlParams);
|
safeBody = sanitizeHtml(content.formatted_body, sanitizeHtmlParams);
|
||||||
|
|
Loading…
Reference in a new issue