Strip `<img src="https?://..">`s when transforming `img`s instead of using `allowedSchemesByTag`

2017-07-10 17:44:49 +01:00 · 2017-07-10 17:44:49 +01:00 · 6877b99435
parent bb9080425a
commit 6877b99435
1 changed files with 7 additions and 9 deletions
--- a/src/HtmlUtils.js
+++ b/src/HtmlUtils.js
@ -151,9 +151,6 @@ const sanitizeHtmlParams = {
    // URL schemes we permit
    allowedSchemes: ['http', 'https', 'ftp', 'mailto'],

-    allowedSchemesByTag: {
-        img: ['http', 'https'],
-    },
    allowProtocolRelative: false,

    transformTags: { // custom to matrix
@ -187,13 +184,14 @@ const sanitizeHtmlParams = {
            return { tagName: tagName, attribs : attribs };
        },
        'img': function(tagName, attribs) {
-            if (attribs.src.startsWith('mxc://')) {
-                attribs.src = MatrixClientPeg.get().mxcUrlToHttp(
-                    attribs.src,
-                    attribs.width || 800,
-                    attribs.height || 600,
-                );
+            if (!attribs.src.startsWith('mxc://')) {
+                return { tagName, attribs: {}};
            }
+            attribs.src = MatrixClientPeg.get().mxcUrlToHttp(
+                attribs.src,
+                attribs.width || 800,
+                attribs.height || 600,
+            );
            return { tagName: tagName, attribs: attribs };
        },
        'code': function(tagName, attribs) {