Luke Barnard
36795fa192
Use data-mx[-bg]-color instead of stripping style
...
This has the benefit of not needing a spec for custom CSS. Instead we rigourously sanitise the values for custom data attributes that are transformed to CSS equivalents. `data-mx-color` translates to CSS `color` for example.
2017-03-02 11:36:56 +00:00
Luke Barnard
5fc828f24c
Allow span, and only allow style attrib
2017-02-27 11:32:57 +00:00
Luke Barnard
886b0a3f13
Sanitise for *, fix style issues
2017-02-27 11:23:37 +00:00
Luke Barnard
ae03244e6e
Merge branch 'develop' into luke/feature-css-msg-colors
2017-02-09 13:14:15 +00:00
Matthew Hodgson
231997dd63
unbreak /markdown off
2017-02-09 01:18:09 +00:00
David Baker
18d4d3392a
Fix a bunch of linting errors
...
eslint --fix and a few manual ones
2017-01-20 14:22:27 +00:00
Luke Barnard
32185befc0
Only transform <font>
2017-01-11 16:41:05 +00:00
Luke Barnard
8e3f2eb858
Allow [bf]g colors for <font> style attrib
...
Instead of dropping the style attribute on `<font>` tags entirely, sanitise aggressively and only keep `background-color` and `color` keys, and also sanitise the values to prevent `url(XXXXXX)` and `expression(XXXXXX)` type XSS attacks.
2017-01-11 16:35:37 +00:00
David Baker
8cf273a460
Run highlight.js asynchronously
...
Move the very minimal logic of highlightDOM into TextualBody
because then we can avoid scheduling a lot of timeouts which
would ultimately do nothing (ie. any messages that don't have code
blocks).
2016-10-26 18:41:28 +01:00
David Baker
5fff3bdf24
Document brokenness
2016-09-21 16:25:18 +01:00
David Baker
8ae210cbe2
Revert #333
...
Revert https://github.com/matrix-org/matrix-react-sdk/pull/333/files since sanitizer blindly allows urls with no scheme, meaning // links can be used to fetch images over whatever scheme you serve vector over (ie. normally http/https).
2016-09-21 16:19:41 +01:00
Aviral Dasgupta
6befb09509
Replace <p>s with <br/>s consistently
...
Also, allow newlines in /commands.
Fixes vector-im/vector-web#2114 , vector-im/vector-web#2165 .
2016-09-16 21:40:00 +05:30
Aviral Dasgupta
7c6b1703f3
fix emojione sizing
2016-08-28 14:54:07 +05:30
Matthew Hodgson
de82ac3bc0
don't change URL bar when clicking on linkified rooms or users.
...
be aware of /user paths.
2016-08-28 02:05:31 +01:00
Matthew Hodgson
ad873c2b60
handle matrix.to links correctly. add partial support for #/user URLs
2016-08-28 01:55:42 +01:00
Matthew Hodgson
5b0d13c1fc
switch to namespaced CSS
2016-08-27 23:59:55 +01:00
Matthew Hodgson
2a3b0e85ea
add rel='noopener' wherever we do target='_blank' because https://mathiasbynens.github.io/rel-noopener/
2016-08-15 21:37:26 +01:00
Aviral Dasgupta
dbbea63227
Various fixes and improvements to emojification.
...
- Use locally hosted emoji
- Emojify SenderProfile and m.emote
- Add emoji shortcodes as titles
2016-08-09 22:09:28 +05:30
Matthew Hodgson
bcd1c7e099
improve comment
2016-07-18 01:34:26 +01:00
Matthew Hodgson
41bff38713
fix classes used for body spans, and only apply markdown-body to markdown(!)
2016-07-15 15:04:19 +01:00
David Baker
63ad57a8d4
Merge pull request #332 from aviraldg/feature-emojione
...
feat: render unicode emoji as emojione images
2016-07-05 10:18:33 +01:00
Aviral Dasgupta
545d59769e
feat: unblacklist img tags with data URIs
...
fixes vector-im/vector-web#1692
2016-07-05 11:16:09 +05:30
Aviral Dasgupta
a9a3d31b3f
feat: improve emoji-body detection
2016-07-05 10:43:09 +05:30
Aviral Dasgupta
020f1f4320
feat: emojify ALL THE THINGS!
2016-07-05 10:16:17 +05:30
Aviral Dasgupta
9c0dc74289
feat: use svg emoji
2016-07-05 09:58:28 +05:30
Aviral Dasgupta
4069886cbd
feat: large emoji support
2016-07-05 04:04:57 +05:30
Aviral Dasgupta
48f2c4a696
feat: render unicode emoji as emojione images
2016-07-05 03:13:53 +05:30
Aviral Dasgupta
4ef148eaec
whitelist <u> tag ( fixes vector-im/vector-web#1339 )
2016-04-02 22:15:29 +05:30
Matthew Hodgson
fcc82fbd27
unbreak tag sanitizing
2016-03-25 01:25:32 +00:00
Matthew Hodgson
462ccf89d7
inplace-edit on attribs
2016-03-21 15:54:02 +00:00
Matthew Hodgson
c3e96f8af1
incorporate review
2016-03-21 15:45:04 +00:00
Matthew Hodgson
d54a75c913
actually, only intercept URLs which are explicitly referring to our current app
2016-03-20 12:31:30 +00:00
Matthew Hodgson
1aed9ccbf4
linkify vector.im URLs directly into the app, both from HTML and non-HTML messages
2016-03-20 03:05:07 +00:00
Richard van der Hoff
4158a007db
Give <a> elements in search results a key
...
... to make react shut up about them
2016-02-22 17:44:34 +00:00
Richard van der Hoff
e3feae32e1
Fix search clickthrough for HTML events
...
Switch to using a normal <a href="..."> link for search result
clickthrough. Apart from generally giving a better experience, this means that
it also works on html messages. The problem there was that we were attaching
onClick handlers to <span>s which we were then flattening into HTML with
ReactDOMServer (which meant the onClick handlers were never attached to React's
list of listeners).
To make this work without jumping through React hoops, the highlighter now
returns either a list of strings or a list of nodes, depending on whether we
are dealing with an HTML event or a text one. We therefore have a separate
HtmlHighlighter and TextHighlighter.
2016-02-17 21:06:27 +00:00
Matthew Hodgson
1c30640a92
remove unused 'body' var; use a finally
to clean up the temporary textfilter
2016-02-11 14:03:54 +00:00
Matthew Hodgson
92435c0865
ooops, don't forget to actually sanitize the highlights after all that
2016-02-10 23:45:07 +00:00
Matthew Hodgson
d055dbe522
use sanitize-html's textFilter callback to only apply highlights to textNodes when highlighting HTML. fixes https://github.com/vector-im/vector-web/issues/294
2016-02-10 20:25:49 +00:00
Matthew Hodgson
baa6826409
better commenting
2016-02-09 15:08:04 +00:00
Matthew Hodgson
0772f50fab
update copyright for 2016
2016-01-07 04:06:52 +00:00
Matthew Hodgson
441a9540ca
sync CSS classnames with current react component names
2016-01-03 00:11:11 +00:00
Matthew Hodgson
15f19be408
highlight case insensitively
2015-12-28 03:14:50 +00:00
Richard van der Hoff
b4436df5e4
Refactor bodyToHtml, and allow onHighlightClicked
...
Factor out a Highlighter class to avoid passing round the static state
everywhere.
Add an optional 'opts' argument which can take an 'onHighlightClick' member.
2015-12-23 23:50:35 +00:00
Matthew Hodgson
bed7d50ab8
reactor the highlighting code to avoid duplication and make it more coherent
2015-11-29 13:00:58 +00:00
Matthew Hodgson
0b483c4707
rename searchTerms to highlights, and support highlighting multiple search terms
2015-11-29 03:22:01 +00:00
Matthew Hodgson
832da3aa8e
support del tags for markdown
2015-11-28 12:44:10 +00:00
Kegan Dougal
1825b0317e
Add components which were previously in vector
2015-11-27 15:02:32 +00:00