mirror of https://github.com/vector-im/riot-web
Decode dollar signs in safe widget URLs before rendering/templating
Fixes https://github.com/vector-im/riot-web/issues/13344pull/21833/head
parent
3b362f2845
commit
efaf4fbbda
|
@ -636,7 +636,10 @@ export default class AppTile extends React.Component {
|
||||||
if (ALLOWED_APP_URL_SCHEMES.includes(parsedWidgetUrl.protocol)) {
|
if (ALLOWED_APP_URL_SCHEMES.includes(parsedWidgetUrl.protocol)) {
|
||||||
safeWidgetUrl = url.format(parsedWidgetUrl);
|
safeWidgetUrl = url.format(parsedWidgetUrl);
|
||||||
}
|
}
|
||||||
return safeWidgetUrl;
|
|
||||||
|
// Replace all the dollar signs back to dollar signs as they don't affect HTTP at all.
|
||||||
|
// We also need the dollar signs in-tact for variable substitution.
|
||||||
|
return safeWidgetUrl.replace(/%24/g, '$');
|
||||||
}
|
}
|
||||||
|
|
||||||
_getTileTitle() {
|
_getTileTitle() {
|
||||||
|
|
Loading…
Reference in New Issue