From 00b47e16736f8b472f20dab8def30fb22d54c8be Mon Sep 17 00:00:00 2001
From: Henry Jameson <me@hjkos.com>
Date: Mon, 5 Jun 2023 21:49:47 +0300
Subject: fix regex misinterpreting tag name in badly formed HTML, prevent rich
 content from ever using dangerous tags

---
 src/components/rich_content/rich_content.jsx | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/components/rich_content/rich_content.jsx')

diff --git a/src/components/rich_content/rich_content.jsx b/src/components/rich_content/rich_content.jsx
index 7881e365..47ef517b 100644
--- a/src/components/rich_content/rich_content.jsx
+++ b/src/components/rich_content/rich_content.jsx
@@ -149,7 +149,9 @@ export default {
       // Handle tag nodes
       if (Array.isArray(item)) {
         const [opener, children, closer] = item
-        const Tag = getTagName(opener)
+        let Tag = getTagName(opener)
+        if (Tag === 'script') Tag = 'js-exploit'
+        if (Tag === 'style') Tag = 'css-exploit'
         const fullAttrs = getAttrs(opener, () => true)
         const attrs = getAttrs(opener)
         const previouslyMentions = currentMentions !== null
-- 
cgit v1.2.3-70-g09d2


From 0109724a5f16e58a78ab4c09c955c44982368c6f Mon Sep 17 00:00:00 2001
From: Henry Jameson <me@hjkos.com>
Date: Mon, 5 Jun 2023 21:57:36 +0300
Subject: case insensititvy

---
 src/components/rich_content/rich_content.jsx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/components/rich_content/rich_content.jsx')

diff --git a/src/components/rich_content/rich_content.jsx b/src/components/rich_content/rich_content.jsx
index 47ef517b..b16ab242 100644
--- a/src/components/rich_content/rich_content.jsx
+++ b/src/components/rich_content/rich_content.jsx
@@ -150,8 +150,8 @@ export default {
       if (Array.isArray(item)) {
         const [opener, children, closer] = item
         let Tag = getTagName(opener)
-        if (Tag === 'script') Tag = 'js-exploit'
-        if (Tag === 'style') Tag = 'css-exploit'
+        if (Tag.toLowerCase() === 'script') Tag = 'js-exploit'
+        if (Tag.toLowerCase() === 'style') Tag = 'css-exploit'
         const fullAttrs = getAttrs(opener, () => true)
         const attrs = getAttrs(opener)
         const previouslyMentions = currentMentions !== null
-- 
cgit v1.2.3-70-g09d2


From 56a74aa3926fb8bfd7241936bef0a13902fb886e Mon Sep 17 00:00:00 2001
From: tusooa <tusooa@kazv.moe>
Date: Mon, 24 Jul 2023 18:28:02 -0400
Subject: Make MentionsLine aware of line breaking by non-br elements

---
 changelog.d/mentionsline-shouldbreak.fix     |  1 +
 src/components/rich_content/rich_content.jsx | 54 ++++++++++++++++++----------
 2 files changed, 37 insertions(+), 18 deletions(-)
 create mode 100644 changelog.d/mentionsline-shouldbreak.fix

(limited to 'src/components/rich_content/rich_content.jsx')

diff --git a/changelog.d/mentionsline-shouldbreak.fix b/changelog.d/mentionsline-shouldbreak.fix
new file mode 100644
index 00000000..33ee8d2c
--- /dev/null
+++ b/changelog.d/mentionsline-shouldbreak.fix
@@ -0,0 +1 @@
+Make MentionsLine aware of line breaking by non-br elements
diff --git a/src/components/rich_content/rich_content.jsx b/src/components/rich_content/rich_content.jsx
index b16ab242..ff14a58a 100644
--- a/src/components/rich_content/rich_content.jsx
+++ b/src/components/rich_content/rich_content.jsx
@@ -8,6 +8,27 @@ import HashtagLink from 'src/components/hashtag_link/hashtag_link.vue'
 
 import './rich_content.scss'
 
+const MAYBE_LINE_BREAKING_ELEMENTS = [
+  'blockquote',
+  'br',
+  'hr',
+  'ul',
+  'ol',
+  'li',
+  'p',
+  'table',
+  'tbody',
+  'td',
+  'th',
+  'thead',
+  'tr',
+  'h1',
+  'h2',
+  'h3',
+  'h4',
+  'h5'
+]
+
 /**
  * RichContent, The Über-powered component for rendering Post HTML.
  *
@@ -166,25 +187,22 @@ export default {
               !(children && typeof children[0] === 'string' && children[0].match(/^\s/))
                 ? lastSpacing
                 : ''
-        switch (Tag) {
-          case 'br':
+        if (MAYBE_LINE_BREAKING_ELEMENTS.includes(Tag)) {
+          // all the elements that can cause a line change
+          currentMentions = null
+        } else if (Tag === 'img') { // replace images with StillImage
+          return ['', [mentionsLinePadding, renderImage(opener)], '']
+        } else if (Tag === 'a' && this.handleLinks) { // replace mentions with MentionLink
+          if (fullAttrs.class && fullAttrs.class.includes('mention')) {
+            // Handling mentions here
+            return renderMention(attrs, children)
+          } else {
             currentMentions = null
-            break
-          case 'img': // replace images with StillImage
-            return ['', [mentionsLinePadding, renderImage(opener)], '']
-          case 'a': // replace mentions with MentionLink
-            if (!this.handleLinks) break
-            if (fullAttrs.class && fullAttrs.class.includes('mention')) {
-              // Handling mentions here
-              return renderMention(attrs, children)
-            } else {
-              currentMentions = null
-              break
-            }
-          case 'span':
-            if (this.handleLinks && fullAttrs.class && fullAttrs.class.includes('h-card')) {
-              return ['', children.map(processItem), '']
-            }
+          }
+        } else if (Tag === 'span') {
+          if (this.handleLinks && fullAttrs.class && fullAttrs.class.includes('h-card')) {
+            return ['', children.map(processItem), '']
+          }
         }
 
         if (children !== undefined) {
-- 
cgit v1.2.3-70-g09d2