diff options
author | Harrison Healey <harrisonmhealey@gmail.com> | 2016-07-19 08:28:29 -0400 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2016-07-19 08:28:29 -0400 |
commit | 40c47dcf0b85658198e369b7daf33302d26a3384 (patch) | |
tree | 9126ce8d8930b82de4824d646fa2a4159118fd16 /webapp/utils | |
parent | 5937473c5fd54332319b1b9111cf778ac47aee76 (diff) | |
download | chat-40c47dcf0b85658198e369b7daf33302d26a3384.tar.gz chat-40c47dcf0b85658198e369b7daf33302d26a3384.tar.bz2 chat-40c47dcf0b85658198e369b7daf33302d26a3384.zip |
Rendered invalid URLs as plain text when parsing markdown (#3616)
Diffstat (limited to 'webapp/utils')
-rw-r--r-- | webapp/utils/markdown.jsx | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/webapp/utils/markdown.jsx b/webapp/utils/markdown.jsx index bd1e998b4..e291ce546 100644 --- a/webapp/utils/markdown.jsx +++ b/webapp/utils/markdown.jsx @@ -139,10 +139,10 @@ class MattermostMarkdownRenderer extends marked.Renderer { const unescaped = decodeURIComponent(unescape(href)).replace(/[^\w:]/g, '').toLowerCase(); if (unescaped.indexOf('javascript:') === 0 || unescaped.indexOf('vbscript:') === 0 || unescaped.indexOf('data:') === 0) { // eslint-disable-line no-script-url - return ''; + return text; } } catch (e) { - return ''; + return text; } if (!(/[a-z+.-]+:/i).test(outHref)) { |