diff --git a/package.json b/package.json index 8667e9feba..83f025e106 100644 --- a/package.json +++ b/package.json @@ -83,7 +83,7 @@ "gfm.css": "^1.1.2", "glob-to-regexp": "^0.4.1", "highlight.js": "^11.3.1", - "html-entities": "^1.4.0", + "html-entities": "^2.0.0", "is-ip": "^3.1.0", "jszip": "^3.7.0", "katex": "^0.12.0", diff --git a/src/HtmlUtils.tsx b/src/HtmlUtils.tsx index c94718ba46..fa91ba7321 100644 --- a/src/HtmlUtils.tsx +++ b/src/HtmlUtils.tsx @@ -24,7 +24,7 @@ import classNames from 'classnames'; import EMOJIBASE_REGEX from 'emojibase-regex'; import { split } from 'lodash'; import katex from 'katex'; -import { AllHtmlEntities } from 'html-entities'; +import { decode } from 'html-entities'; import { IContent } from 'matrix-js-sdk/src/models/event'; import { Optional } from 'matrix-events-sdk'; @@ -518,7 +518,7 @@ export function bodyToHtml(content: IContent, highlights: Optional, op // Cheerio instance to be returned. phtml('div, span[data-mx-maths!=""]').replaceWith(function(i, e) { return katex.renderToString( - AllHtmlEntities.decode(phtml(e).attr('data-mx-maths')), + decode(phtml(e).attr('data-mx-maths')), { throwOnError: false, // @ts-ignore - `e` can be an Element, not just a Node diff --git a/src/components/views/rooms/LinkPreviewWidget.tsx b/src/components/views/rooms/LinkPreviewWidget.tsx index cf7c009e52..ce74b716c8 100644 --- a/src/components/views/rooms/LinkPreviewWidget.tsx +++ b/src/components/views/rooms/LinkPreviewWidget.tsx @@ -15,7 +15,7 @@ limitations under the License. */ import React, { ComponentProps, createRef } from 'react'; -import { AllHtmlEntities } from 'html-entities'; +import { decode } from 'html-entities'; import { MatrixEvent } from 'matrix-js-sdk/src/models/event'; import { IPreviewUrlResponse } from 'matrix-js-sdk/src/client'; @@ -124,7 +124,7 @@ export default class LinkPreviewWidget extends React.Component { // The description includes &-encoded HTML entities, we decode those as React treats the thing as an // opaque string. This does not allow any HTML to be injected into the DOM. - const description = AllHtmlEntities.decode(p["og:description"] || ""); + const description = decode(p["og:description"] || ""); const title = p["og:title"]?.trim() ?? ""; const anchor = { title }; diff --git a/src/editor/serialize.ts b/src/editor/serialize.ts index 61e24a64ff..af4b1f8351 100644 --- a/src/editor/serialize.ts +++ b/src/editor/serialize.ts @@ -15,7 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -import { AllHtmlEntities } from 'html-entities'; +import { encode } from 'html-entities'; import cheerio from 'cheerio'; import escapeHtml from "escape-html"; @@ -117,7 +117,7 @@ export function htmlSerializeFromMdIfNeeded(md: string, { forceHTML = false } = patternDefaults[patternName][patternType]; md = md.replace(RegExp(pattern, "gms"), function(m, p1, p2) { - const p2e = AllHtmlEntities.encode(p2); + const p2e = encode(p2); switch (patternType) { case "display": return `${p1}
\n\n
\n\n`; diff --git a/yarn.lock b/yarn.lock index 76d06fdad7..1698382c06 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4997,10 +4997,10 @@ html-encoding-sniffer@^3.0.0: dependencies: whatwg-encoding "^2.0.0" -html-entities@^1.4.0: - version "1.4.0" - resolved "https://registry.yarnpkg.com/html-entities/-/html-entities-1.4.0.tgz#cfbd1b01d2afaf9adca1b10ae7dffab98c71d2dc" - integrity sha512-8nxjcBcd8wovbeKx7h3wTji4e6+rhaVuPNpMqwWgnHh+N9ToqsCs6XztWRBPQ+UtzsoMAdKZtUENoVzU/EMtZA== +html-entities@^2.0.0: + version "2.3.3" + resolved "https://registry.yarnpkg.com/html-entities/-/html-entities-2.3.3.tgz#117d7626bece327fc8baace8868fa6f5ef856e46" + integrity sha512-DV5Ln36z34NNTDgnz0EWGBLZENelNAtkiFA4kyNOG2tDI6Mz1uSWiq1wAKdyjnJwyDiDO7Fa2SO1CTxPXL8VxA== html-escaper@^2.0.0: version "2.0.2"