luisgulo/focalboard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix double encoding (#4079)

Browse source 
* decode/encode urls in markdown to preven double encoding

* revert manifest change

* update title to htmlEncode, added tests

* remove encoding title

* Update webapp/src/utils.test.ts

Co-authored-by: Paul Esch-Laurent <herppfel@gmail.com>

Co-authored-by: Paul Esch-Laurent <herppfel@gmail.com>
This commit is contained in:
Scott Bishel 2022-10-27 14:04:09 -06:00 committed by GitHub
parent e086941fe9
commit 3df9b42941
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
webapp/src/utils.test.ts
View file

@ -58,6 +58,16 @@ describe('utils', () => {
expect(Utils.htmlFromMarkdown('[]("xss-attack="true"other="whatever)')).toBe(expectedHtml)
window.openInNewBrowser = null
})
test('should encode links', () => {
expect(Utils.htmlFromMarkdown('https://example.com?title=August<1>2022')).toBe('<p><a target="_blank" rel="noreferrer" href="https://example.com?title=August&lt;1&gt;2022" title="" onclick="">https://example.com?title=August&lt;1&gt;2022</a></p>')
expect(Utils.htmlFromMarkdown('[Duck Duck Go](https://duckduckgo.com "The best search engine\'s for <privacy>")')).toBe('<p><a target="_blank" rel="noreferrer" href="https://duckduckgo.com" title="The best search engine&#39;s for &lt;privacy&gt;" onclick="">Duck Duck Go</a></p>')
})
test('should not double encode title and href', () => {
expect(Utils.htmlFromMarkdown('https://example.com?title=August%201%20-%202022')).toBe('<p><a target="_blank" rel="noreferrer" href="https://example.com?title=August%201%20-%202022" title="" onclick="">https://example.com?title=August%201%20-%202022</a></p>')
expect(Utils.htmlFromMarkdown('[Duck Duck Go](https://duckduckgo.com "The best search engine#39;s for &lt;privacy&gt;")')).toBe('<p><a target="_blank" rel="noreferrer" href="https://duckduckgo.com" title="The best search engine#39;s for &lt;privacy&gt;" onclick="">Duck Duck Go</a></p>')
})
})
describe('countCheckboxesInMarkdown', () => {

4
webapp/src/utils.ts
View file

@ -294,8 +294,8 @@ class Utils {
return '<a ' +
'target="_blank" ' +
'rel="noreferrer" ' +
`href="${encodeURI(href || '')}" ` +
`title="${title ? encodeURI(title) : ''}" ` +
`href="${encodeURI(decodeURI(href || ''))}" ` +
`title="${title || ''}" ` +
`onclick="${(window.openInNewBrowser ? ' openInNewBrowser && openInNewBrowser(event.target.href);' : '')}"` +
'>' + contents + '</a>'
}