Sanitize HTML displayed as message content

2019-04-17 10:49:54 -04:00
parent 8a3189df15
commit a7bf1fca44
4 changed files with 96 additions and 6 deletions
--- a/harmonyqml/components/chat/MessageContent.qml
+++ b/harmonyqml/components/chat/MessageContent.qml
@@ -38,7 +38,9 @@ Row {
                  //"</font>" +
            //      (isOwn ? "&nbsp;&nbsp;" + content : "")

-            text: (dict.formatted_body || dict.body) +
+            text: (dict.formatted_body ?
+                   Backend.htmlFilter.sanitize(dict.formatted_body) :
+                   dict.body) +
                  "&nbsp;&nbsp;<font size=" + smallSize + "px color=gray>" +
                  Qt.formatDateTime(date_time, "hh:mm:ss") +
                  "</font>"