diff --git a/packages/pl-fe/src/components/parsed-content.tsx b/packages/pl-fe/src/components/parsed-content.tsx index 61c2f6131..90aa0f4ac 100644 --- a/packages/pl-fe/src/components/parsed-content.tsx +++ b/packages/pl-fe/src/components/parsed-content.tsx @@ -1,4 +1,5 @@ import parse, { Element, type HTMLReactParserOptions, domToReact, type DOMNode } from 'html-react-parser'; +import DOMPurify from 'isomorphic-dompurify'; import React, { useMemo } from 'react'; import { Link } from 'react-router-dom'; @@ -91,7 +92,7 @@ const ParsedContent: React.FC = (({ html, mentions, hasQuote }) }, }; - return parse(html, options); + return parse(DOMPurify.sanitize(html, { ADD_ATTR: ['target'], USE_PROFILES: { html: true } }), options); }, [html]); }); diff --git a/packages/pl-fe/src/normalizers/status-edit.ts b/packages/pl-fe/src/normalizers/status-edit.ts index 6b5d1ecdc..c2ac254f1 100644 --- a/packages/pl-fe/src/normalizers/status-edit.ts +++ b/packages/pl-fe/src/normalizers/status-edit.ts @@ -2,7 +2,6 @@ * Status edit normalizer */ import escapeTextContentForBrowser from 'escape-html'; -import DOMPurify from 'isomorphic-dompurify'; import emojify from 'pl-fe/features/emoji'; import { makeEmojiMap } from 'pl-fe/utils/normalizers'; @@ -19,8 +18,8 @@ const normalizeStatusEdit = (statusEdit: BaseStatusEdit) => { return { ...statusEdit, poll, - contentHtml: DOMPurify.sanitize(emojify(statusEdit.content, emojiMap), { ADD_ATTR: ['target'] }), - spoilerHtml: DOMPurify.sanitize(emojify(escapeTextContentForBrowser(statusEdit.spoiler_text), emojiMap), { ADD_ATTR: ['target'] }), + contentHtml: emojify(statusEdit.content, emojiMap), + spoilerHtml: emojify(escapeTextContentForBrowser(statusEdit.spoiler_text), emojiMap), }; }; diff --git a/packages/pl-fe/src/normalizers/status.ts b/packages/pl-fe/src/normalizers/status.ts index e3e14f7bc..0548f27c3 100644 --- a/packages/pl-fe/src/normalizers/status.ts +++ b/packages/pl-fe/src/normalizers/status.ts @@ -62,7 +62,7 @@ const buildSearchContent = (status: Pick DOMPurify.sanitize(emojify(text, emojiMap), { USE_PROFILES: { html: true } }); +const calculateContent = (text: string, emojiMap: any) => emojify(text, emojiMap); const calculateSpoiler = (text: string, emojiMap: any) => DOMPurify.sanitize(emojify(escapeTextContentForBrowser(text), emojiMap), { USE_PROFILES: { html: true } }); const calculateStatus = (status: BaseStatus, oldStatus?: OldStatus): CalculatedValues => { @@ -80,10 +80,10 @@ const calculateStatus = (status: BaseStatus, oldStatus?: OldStatus): CalculatedV return { search_index: domParser.parseFromString(searchContent, 'text/html').documentElement.textContent || '', - contentHtml: calculateContent(status.content, emojiMap, !!status.quote), + contentHtml: calculateContent(status.content, emojiMap), spoilerHtml: calculateSpoiler(status.spoiler_text, emojiMap), contentMapHtml: status.content_map - ? Object.fromEntries(Object.entries(status.content_map)?.map(([key, value]) => [key, calculateContent(value, emojiMap, !!status.quote)])) + ? Object.fromEntries(Object.entries(status.content_map)?.map(([key, value]) => [key, calculateContent(value, emojiMap)])) : undefined, spoilerMapHtml: status.spoiler_text_map ? Object.fromEntries(Object.entries(status.spoiler_text_map).map(([key, value]) => [key, calculateSpoiler(value, emojiMap)]))