From 00b47e16736f8b472f20dab8def30fb22d54c8be Mon Sep 17 00:00:00 2001
From: Henry Jameson <me@hjkos.com>
Date: Mon, 5 Jun 2023 21:49:47 +0300
Subject: fix regex misinterpreting tag name in badly formed HTML, prevent rich
 content from ever using dangerous tags

---
 src/services/html_converter/utility.service.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/services/html_converter/utility.service.js')

diff --git a/src/services/html_converter/utility.service.js b/src/services/html_converter/utility.service.js
index f1042971..a1301353 100644
--- a/src/services/html_converter/utility.service.js
+++ b/src/services/html_converter/utility.service.js
@@ -5,7 +5,7 @@
  * @return {String} - tagname, i.e. "div"
  */
 export const getTagName = (tag) => {
-  const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gi.exec(tag)
+  const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gis.exec(tag)
   return result && (result[1] || result[2])
 }
 
-- 
cgit v1.2.3-70-g09d2


From 9baffbfbdeaaf52be95112c519e31ef5f2408180 Mon Sep 17 00:00:00 2001
From: Alexander Tumin <iamtakingiteasy@eientei.org>
Date: Wed, 31 May 2023 00:25:10 +0300
Subject: Fix HTML attribute parsing, discard attributes not strating with a
 letter

---
 changelog.d/html-attribute-parsing.fix         | 1 +
 src/services/html_converter/utility.service.js | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/html-attribute-parsing.fix

(limited to 'src/services/html_converter/utility.service.js')

diff --git a/changelog.d/html-attribute-parsing.fix b/changelog.d/html-attribute-parsing.fix
new file mode 100644
index 00000000..0952f773
--- /dev/null
+++ b/changelog.d/html-attribute-parsing.fix
@@ -0,0 +1 @@
+Fix HTML attribute parsing, discard attributes not strating with a letter
diff --git a/src/services/html_converter/utility.service.js b/src/services/html_converter/utility.service.js
index a1301353..f8e62dfe 100644
--- a/src/services/html_converter/utility.service.js
+++ b/src/services/html_converter/utility.service.js
@@ -22,7 +22,7 @@ export const getAttrs = (tag, filter) => {
     .replace(new RegExp('^' + getTagName(tag)), '')
     .replace(/\/?$/, '')
     .trim()
-  const attrs = Array.from(innertag.matchAll(/([a-z0-9-]+)(?:=("[^"]+?"|'[^']+?'))?/gi))
+  const attrs = Array.from(innertag.matchAll(/([a-z]+[a-z0-9-]*)(?:=("[^"]+?"|'[^']+?'))?/gi))
     .map(([trash, key, value]) => [key, value])
     .map(([k, v]) => {
       if (!v) return [k, true]
-- 
cgit v1.2.3-70-g09d2