Opened markdown links in new tab (#792)
* Opened markdown links in new tab * Used openInNewBrowser only when available Co-authored-by: Hossein <hahmadia@users.noreply.github.com>
This commit is contained in:
Harshil Sharma
GitHub
parent
926c4628c6
commit
186ba524d7
2 changed files with 9 additions and 3 deletions
|
|
@ -25,7 +25,7 @@ describe('utils', () => {
|
|||
|
||||
describe('htmlFromMarkdown', () => {
|
||||
test('should not allow XSS on links href on the webapp', () => {
|
||||
expect(Utils.htmlFromMarkdown('[]("xss-attack="true"other="whatever)')).toBe('<p><a href="%22xss-attack=%22true%22other=%22whatever"></a></p>')
|
||||
expect(Utils.htmlFromMarkdown('[]("xss-attack="true"other="whatever)')).toBe('<p><a target="_blank" rel="noreferrer" href="%22xss-attack=%22true%22other=%22whatever" title="" ></a></p>')
|
||||
})
|
||||
|
||||
test('should not allow XSS on links href on the desktop app', () => {
|
||||
|
|
|
|||
|
|
@ -112,8 +112,14 @@ class Utils {
|
|||
static htmlFromMarkdown(text: string): string {
|
||||
// HACKHACK: Somehow, marked doesn't encode angle brackets
|
||||
const renderer = new marked.Renderer()
|
||||
if ((window as any).openInNewBrowser) {
|
||||
renderer.link = (href, title, contents) => `<a target="_blank" rel="noreferrer" href="${encodeURI(href || '')}" title="${title ? encodeURI(title) : ''}" onclick="event.stopPropagation(); openInNewBrowser && openInNewBrowser(event.target.href);">${contents}</a>`
|
||||
renderer.link = (href, title, contents) => {
|
||||
return '<a ' +
|
||||
'target="_blank" ' +
|
||||
'rel="noreferrer" ' +
|
||||
`href="${encodeURI(href || '')}" ` +
|
||||
`title="${title ? encodeURI(title) : ''}" ` +
|
||||
((window as any).openInNewBrowser ? 'onclick="event.stopPropagation(); openInNewBrowser && openInNewBrowser(event.target.href);"' : '') +
|
||||
'>' + contents + '</a>'
|
||||
}
|
||||
const html = marked(text.replace(/</g, '<'), {renderer, breaks: true})
|
||||
return html.trim()
|
||||
|
|
|
|||
Loading…
Reference in a new issue