Merge branch 'harden-parser' into 'develop'

fix regex misinterpreting tag name in badly formed HTML See merge request pleroma/pleroma-fe!1835 (cherry picked from commit 624af7ed00b0edb2792f84cc83f6eeb7568798c4) 00b47e16 fix regex misinterpreting tag name in badly formed HTML, prevent rich 5e656cc0 Merge remote-tracking branch 'origin/develop' into harden-parser 10e28f6c changelog 0109724a case insensititvy
author: HJ <30-hj@users.noreply.git.pleroma.social> 2023-06-05 19:04:30 +0000
committer: HJ <30-hj@users.noreply.git.pleroma.social> 2023-06-06 16:28:13 +0000
commit: 4bc7873e037dd4760c32e3dda4a94462696684e6 (patch)
tree: ee75fb0601e22767b18e49102da30609837e03aa /src/components
parent: 3a507ba9b2fde594950a09c9d7934d54561a187c (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/components/rich_content/rich_content.jsx b/src/components/rich_content/rich_content.jsx
index 7881e365..b16ab242 100644
--- a/src/components/rich_content/rich_content.jsx
+++ b/src/components/rich_content/rich_content.jsx
@@ -149,7 +149,9 @@ export default {
       // Handle tag nodes
       if (Array.isArray(item)) {
         const [opener, children, closer] = item
-        const Tag = getTagName(opener)
+        let Tag = getTagName(opener)
+        if (Tag.toLowerCase() === 'script') Tag = 'js-exploit'
+        if (Tag.toLowerCase() === 'style') Tag = 'css-exploit'
         const fullAttrs = getAttrs(opener, () => true)
         const attrs = getAttrs(opener)
         const previouslyMentions = currentMentions !== null
author	HJ <30-hj@users.noreply.git.pleroma.social>	2023-06-05 19:04:30 +0000
committer	HJ <30-hj@users.noreply.git.pleroma.social>	2023-06-06 16:28:13 +0000
commit	4bc7873e037dd4760c32e3dda4a94462696684e6 (patch)
tree	ee75fb0601e22767b18e49102da30609837e03aa /src/components
parent	3a507ba9b2fde594950a09c9d7934d54561a187c (diff)