glenux-contrib/metamaps--metamaps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

disallow images in topic card markdown

Browse source
This commit is contained in:
Devin Howard 2017-01-25 16:29:53 -05:00
parent a81c5a71e3
commit 5af79e405d
1 changed files with 21 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
frontend/src/Metamaps/Util.js
View file

@ -1,6 +1,6 @@
/* global $ */ /* global $ */
import { Parser, HtmlRenderer } from 'commonmark' import { Parser, HtmlRenderer, Node } from 'commonmark'
import { emojiIndex } from 'emoji-mart' import { emojiIndex } from 'emoji-mart'
import { escapeRegExp } from 'lodash' import { escapeRegExp } from 'lodash'
@ -135,9 +135,27 @@ const Util = {
}, },
mdToHTML: text => { mdToHTML: text => {
const safeText = text || '' const safeText = text || ''
const parsed = new Parser().parse(safeText)
// remove images to avoid http content in https context
const walker = parsed.walker()
let event
while (event = walker.next()) {
const node = event.node
if (node.type === 'image') {
const imageAlt = node.firstChild.literal
const imageSrc = node.destination
const textNode = new Node('text', node.sourcepos)
textNode.literal = `![${imageAlt}](${imageSrc})`
node.insertBefore(textNode)
node.unlink() // remove the image, replacing it with markdown
walker.resumeAt(textNode, false)
}
}
// use safe: true to filter xss // use safe: true to filter xss
return new HtmlRenderer({ safe: true }) return new HtmlRenderer({ safe: true }).render(parsed)
.render(new Parser().parse(safeText))
}, },
logCanvasAttributes: function(canvas) { logCanvasAttributes: function(canvas) {
const fakeMgraph = { canvas } const fakeMgraph = { canvas }