fix regex misinterpreting tag name in badly formed HTML, prevent rich

content from ever using dangerous tags
author: Henry Jameson <me@hjkos.com> 2023-06-05 21:49:47 +0300
committer: Henry Jameson <me@hjkos.com> 2023-06-05 21:49:47 +0300
commit: 00b47e16736f8b472f20dab8def30fb22d54c8be (patch)
tree: 03b544b63bca3fc03798afca4f2824461ec6fb39 /src/components/rich_content
parent: 22c3012e1cb66b8a93b79b2bf3d655394aacee5b (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/components/rich_content/rich_content.jsx b/src/components/rich_content/rich_content.jsx
index 7881e365..47ef517b 100644
--- a/src/components/rich_content/rich_content.jsx
+++ b/src/components/rich_content/rich_content.jsx
@@ -149,7 +149,9 @@ export default {
       // Handle tag nodes
       if (Array.isArray(item)) {
         const [opener, children, closer] = item
-        const Tag = getTagName(opener)
+        let Tag = getTagName(opener)
+        if (Tag === 'script') Tag = 'js-exploit'
+        if (Tag === 'style') Tag = 'css-exploit'
         const fullAttrs = getAttrs(opener, () => true)
         const attrs = getAttrs(opener)
         const previouslyMentions = currentMentions !== null
author	Henry Jameson <me@hjkos.com>	2023-06-05 21:49:47 +0300
committer	Henry Jameson <me@hjkos.com>	2023-06-05 21:49:47 +0300
commit	00b47e16736f8b472f20dab8def30fb22d54c8be (patch)
tree	03b544b63bca3fc03798afca4f2824461ec6fb39 /src/components/rich_content
parent	22c3012e1cb66b8a93b79b2bf3d655394aacee5b (diff)