From 988ff47a90a5bf8e80caa0b58e1348b013dc915b Mon Sep 17 00:00:00 2001 From: David Langley Date: Wed, 28 Aug 2024 13:06:50 +0100 Subject: [PATCH 1/3] escape text in links and mentions for wasm bindings --- Cargo.lock | 1 + bindings/wysiwyg-wasm/Cargo.toml | 1 + bindings/wysiwyg-wasm/src/lib.rs | 6 ++--- platforms/web/lib/suggestion.test.tsx | 37 ++++++++++++++++++++++++++- 4 files changed, 41 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ccdbaff29..ae181a31e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1879,6 +1879,7 @@ name = "wysiwyg-wasm" version = "2.37.8" dependencies = [ "console_error_panic_hook", + "html-escape", "js-sys", "wasm-bindgen", "wasm-bindgen-futures", diff --git a/bindings/wysiwyg-wasm/Cargo.toml b/bindings/wysiwyg-wasm/Cargo.toml index 68802cc0d..4a72f0538 100644 --- a/bindings/wysiwyg-wasm/Cargo.toml +++ b/bindings/wysiwyg-wasm/Cargo.toml @@ -26,6 +26,7 @@ crate-type = ["cdylib"] [dependencies] console_error_panic_hook = "0.1.7" +html-escape = "0.2.11" js-sys = "0.3.60" wasm-bindgen = "0.2.83" wasm-bindgen-futures = "0.4.33" diff --git a/bindings/wysiwyg-wasm/src/lib.rs b/bindings/wysiwyg-wasm/src/lib.rs index 1b5b30f74..9791007eb 100644 --- a/bindings/wysiwyg-wasm/src/lib.rs +++ b/bindings/wysiwyg-wasm/src/lib.rs @@ -327,7 +327,7 @@ impl ComposerModel { ) -> ComposerUpdate { ComposerUpdate::from(self.inner.set_link_with_text( Utf16String::from_str(url), - Utf16String::from_str(text), + Utf16String::from_str(&html_escape::encode_safe(&text)), attributes.into_vec(), )) } @@ -360,7 +360,7 @@ impl ComposerModel { ) -> ComposerUpdate { ComposerUpdate::from(self.inner.insert_mention( Utf16String::from_str(url), - Utf16String::from_str(text), + Utf16String::from_str(&html_escape::encode_safe(&text)), attributes.into_vec(), )) } @@ -389,7 +389,7 @@ impl ComposerModel { ) -> ComposerUpdate { ComposerUpdate::from(self.inner.insert_mention_at_suggestion( Utf16String::from_str(url), - Utf16String::from_str(text), + Utf16String::from_str(&html_escape::encode_safe(&text)), wysiwyg::SuggestionPattern::from(suggestion.clone()), attributes.into_vec(), )) diff --git a/platforms/web/lib/suggestion.test.tsx b/platforms/web/lib/suggestion.test.tsx index 0e4a12e78..6c44d11ae 100644 --- a/platforms/web/lib/suggestion.test.tsx +++ b/platforms/web/lib/suggestion.test.tsx @@ -14,7 +14,10 @@ See the License for the specific language governing permissions and limitations under the License. */ -import { SuggestionPattern } from '../generated/wysiwyg'; +import init, { + new_composer_model, + SuggestionPattern, +} from '../generated/wysiwyg'; import { SUGGESTIONS } from './constants'; import { getSuggestionChar, @@ -22,6 +25,10 @@ import { mapSuggestion, } from './suggestion'; +beforeAll(async () => { + await init(); +}); + describe('getSuggestionChar', () => { it('returns the expected character', () => { SUGGESTIONS.forEach((suggestionCharacter, index) => { @@ -92,3 +99,31 @@ describe('mapSuggestion', () => { }); }); }); + +describe('suggestionPattern', () => { + it('Content should be encoded', () => { + // Given + const model = new_composer_model(); + model.replace_text('hello '); + const update = model.replace_text('@alic'); + + let suggestion = update.menu_action().suggestion(); + + // When + if (!suggestion) { + fail('There should be an suggestion!'); + } + + model.insert_mention_at_suggestion( + 'https://matrix.to/#/@alice:matrix.org', + ':D a broken mention!', + suggestion.suggestion_pattern, + new Map(), + ); + + // Then + expect(model.get_content_as_html()).toBe( + 'hello :D</a> a broken mention!\u{a0}', + ); + }); +}); From 926605b94e6343fe2cf5153ad5af7f735dcb482f Mon Sep 17 00:00:00 2001 From: David Langley Date: Wed, 28 Aug 2024 13:18:45 +0100 Subject: [PATCH 2/3] lint --- platforms/web/lib/suggestion.test.tsx | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/platforms/web/lib/suggestion.test.tsx b/platforms/web/lib/suggestion.test.tsx index 6c44d11ae..cfb0d65d2 100644 --- a/platforms/web/lib/suggestion.test.tsx +++ b/platforms/web/lib/suggestion.test.tsx @@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ - +// eslint-disable-next-line camelcase import init, { new_composer_model, SuggestionPattern, @@ -106,8 +106,7 @@ describe('suggestionPattern', () => { const model = new_composer_model(); model.replace_text('hello '); const update = model.replace_text('@alic'); - - let suggestion = update.menu_action().suggestion(); + const suggestion = update.menu_action().suggestion(); // When if (!suggestion) { From 4fa23e8077e6ef7e52a571fa08bd819b038911e4 Mon Sep 17 00:00:00 2001 From: David Langley Date: Wed, 28 Aug 2024 13:24:11 +0100 Subject: [PATCH 3/3] lint --- platforms/web/lib/suggestion.test.tsx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/platforms/web/lib/suggestion.test.tsx b/platforms/web/lib/suggestion.test.tsx index cfb0d65d2..0bb790bb9 100644 --- a/platforms/web/lib/suggestion.test.tsx +++ b/platforms/web/lib/suggestion.test.tsx @@ -13,8 +13,9 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ -// eslint-disable-next-line camelcase + import init, { + // eslint-disable-next-line camelcase new_composer_model, SuggestionPattern, } from '../generated/wysiwyg';