Commit Graph

95 Commits (c32b42886bcf44bd6ebf44721575534a27ac92fe)

Author SHA1 Message Date
Matthew Hodgson 2db53c2284 whitelist data & mxc URIs on img tags: readds PR #333 now that punkave/sanitize-html#137 has landed 2017-02-19 03:04:42 +02:00
Luke Barnard ae03244e6e Merge branch 'develop' into luke/feature-css-msg-colors 2017-02-09 13:14:15 +00:00
Matthew Hodgson 231997dd63 unbreak /markdown off 2017-02-09 01:18:09 +00:00
David Baker 18d4d3392a Fix a bunch of linting errors
eslint --fix and a few manual ones
2017-01-20 14:22:27 +00:00
Luke Barnard 32185befc0 Only transform <font> 2017-01-11 16:41:05 +00:00
Luke Barnard 8e3f2eb858 Allow [bf]g colors for <font> style attrib
Instead of dropping the style attribute on `<font>` tags entirely, sanitise aggressively and only keep `background-color` and `color` keys, and also sanitise the values to prevent `url(XXXXXX)` and `expression(XXXXXX)` type XSS attacks.
2017-01-11 16:35:37 +00:00
David Baker 8cf273a460 Run highlight.js asynchronously
Move the very minimal logic of highlightDOM into TextualBody
because then we can avoid scheduling a lot of timeouts which
would ultimately do nothing (ie. any messages that don't have code
blocks).
2016-10-26 18:41:28 +01:00
David Baker 5fff3bdf24 Document brokenness 2016-09-21 16:25:18 +01:00
David Baker 8ae210cbe2 Revert #333
Revert https://github.com/matrix-org/matrix-react-sdk/pull/333/files since sanitizer blindly allows urls with no scheme, meaning  // links can be used to fetch images over whatever scheme you serve vector over (ie. normally http/https).
2016-09-21 16:19:41 +01:00
Aviral Dasgupta 6befb09509 Replace <p>s with <br/>s consistently
Also, allow newlines in /commands.
Fixes vector-im/vector-web#2114, vector-im/vector-web#2165.
2016-09-16 21:40:00 +05:30
Aviral Dasgupta 7c6b1703f3 fix emojione sizing 2016-08-28 14:54:07 +05:30
Matthew Hodgson de82ac3bc0 don't change URL bar when clicking on linkified rooms or users.
be aware of /user paths.
2016-08-28 02:05:31 +01:00
Matthew Hodgson ad873c2b60 handle matrix.to links correctly. add partial support for #/user URLs 2016-08-28 01:55:42 +01:00
Matthew Hodgson 5b0d13c1fc switch to namespaced CSS 2016-08-27 23:59:55 +01:00
Matthew Hodgson 2a3b0e85ea add rel='noopener' wherever we do target='_blank' because https://mathiasbynens.github.io/rel-noopener/ 2016-08-15 21:37:26 +01:00
Aviral Dasgupta dbbea63227 Various fixes and improvements to emojification.
- Use locally hosted emoji
- Emojify SenderProfile and m.emote
- Add emoji shortcodes as titles
2016-08-09 22:09:28 +05:30
Matthew Hodgson bcd1c7e099 improve comment 2016-07-18 01:34:26 +01:00
Matthew Hodgson 41bff38713 fix classes used for body spans, and only apply markdown-body to markdown(!) 2016-07-15 15:04:19 +01:00
David Baker 63ad57a8d4 Merge pull request #332 from aviraldg/feature-emojione
feat: render unicode emoji as emojione images
2016-07-05 10:18:33 +01:00
Aviral Dasgupta 545d59769e feat: unblacklist img tags with data URIs
fixes vector-im/vector-web#1692
2016-07-05 11:16:09 +05:30
Aviral Dasgupta a9a3d31b3f feat: improve emoji-body detection 2016-07-05 10:43:09 +05:30
Aviral Dasgupta 020f1f4320 feat: emojify ALL THE THINGS! 2016-07-05 10:16:17 +05:30
Aviral Dasgupta 9c0dc74289 feat: use svg emoji 2016-07-05 09:58:28 +05:30
Aviral Dasgupta 4069886cbd feat: large emoji support 2016-07-05 04:04:57 +05:30
Aviral Dasgupta 48f2c4a696 feat: render unicode emoji as emojione images 2016-07-05 03:13:53 +05:30
Aviral Dasgupta 4ef148eaec whitelist <u> tag (fixes vector-im/vector-web#1339) 2016-04-02 22:15:29 +05:30
Matthew Hodgson fcc82fbd27 unbreak tag sanitizing 2016-03-25 01:25:32 +00:00
Matthew Hodgson 462ccf89d7 inplace-edit on attribs 2016-03-21 15:54:02 +00:00
Matthew Hodgson c3e96f8af1 incorporate review 2016-03-21 15:45:04 +00:00
Matthew Hodgson d54a75c913 actually, only intercept URLs which are explicitly referring to our current app 2016-03-20 12:31:30 +00:00
Matthew Hodgson 1aed9ccbf4 linkify vector.im URLs directly into the app, both from HTML and non-HTML messages 2016-03-20 03:05:07 +00:00
Richard van der Hoff 4158a007db Give <a> elements in search results a key
... to make react shut up about them
2016-02-22 17:44:34 +00:00
Richard van der Hoff e3feae32e1 Fix search clickthrough for HTML events
Switch to using a normal <a href="..."> link for search result
clickthrough. Apart from generally giving a better experience, this means that
it also works on html messages. The problem there was that we were attaching
onClick handlers to <span>s which we were then flattening into HTML with
ReactDOMServer (which meant the onClick handlers were never attached to React's
list of listeners).

To make this work without jumping through React hoops, the highlighter now
returns either a list of strings or a list of nodes, depending on whether we
are dealing with an HTML event or a text one. We therefore have a separate
HtmlHighlighter and TextHighlighter.
2016-02-17 21:06:27 +00:00
Matthew Hodgson 1c30640a92 remove unused 'body' var; use a `finally` to clean up the temporary textfilter 2016-02-11 14:03:54 +00:00
Matthew Hodgson 92435c0865 ooops, don't forget to actually sanitize the highlights after all that 2016-02-10 23:45:07 +00:00
Matthew Hodgson d055dbe522 use sanitize-html's textFilter callback to only apply highlights to textNodes when highlighting HTML. fixes https://github.com/vector-im/vector-web/issues/294 2016-02-10 20:25:49 +00:00
Matthew Hodgson baa6826409 better commenting 2016-02-09 15:08:04 +00:00
Matthew Hodgson 0772f50fab update copyright for 2016 2016-01-07 04:06:52 +00:00
Matthew Hodgson 441a9540ca sync CSS classnames with current react component names 2016-01-03 00:11:11 +00:00
Matthew Hodgson 15f19be408 highlight case insensitively 2015-12-28 03:14:50 +00:00
Richard van der Hoff b4436df5e4 Refactor bodyToHtml, and allow onHighlightClicked
Factor out a Highlighter class to avoid passing round the static state
everywhere.

Add an optional 'opts' argument which can take an 'onHighlightClick' member.
2015-12-23 23:50:35 +00:00
Matthew Hodgson bed7d50ab8 reactor the highlighting code to avoid duplication and make it more coherent 2015-11-29 13:00:58 +00:00
Matthew Hodgson 0b483c4707 rename searchTerms to highlights, and support highlighting multiple search terms 2015-11-29 03:22:01 +00:00
Matthew Hodgson 832da3aa8e support del tags for markdown 2015-11-28 12:44:10 +00:00
Kegan Dougal 1825b0317e Add components which were previously in vector 2015-11-27 15:02:32 +00:00