diff options
Diffstat (limited to 'webapp/utils/text_formatting.jsx')
-rw-r--r-- | webapp/utils/text_formatting.jsx | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/webapp/utils/text_formatting.jsx b/webapp/utils/text_formatting.jsx index 4602a31b2..e34b8fdbb 100644 --- a/webapp/utils/text_formatting.jsx +++ b/webapp/utils/text_formatting.jsx @@ -185,7 +185,7 @@ function autolinkChannelMentions(text, tokens, channelNamesMap, team) { } tokens.set(alias, { - value: `<a class='mention-link' href="${href}" data-channel-mention="${channelName}">${displayName}</a>`, + value: `<a class="mention-link" href="${href}" data-channel-mention="${channelName}">~${displayName}</a>`, originalText: mention }); return alias; @@ -196,7 +196,7 @@ function autolinkChannelMentions(text, tokens, channelNamesMap, team) { if (channelMentionExists(channelNameLower)) { // Exact match - const alias = addToken(channelNameLower, mention, '~' + channelNamesMap[channelNameLower].display_name); + const alias = addToken(channelNameLower, mention, escapeHtml(channelNamesMap[channelNameLower].display_name)); return spacer + alias; } @@ -209,7 +209,8 @@ function autolinkChannelMentions(text, tokens, channelNamesMap, team) { if (channelMentionExists(channelNameLower)) { const suffix = originalChannelName.substr(c - 1); - const alias = addToken(channelNameLower, '~' + channelNameLower, '~' + channelNamesMap[channelNameLower].display_name); + const alias = addToken(channelNameLower, '~' + channelNameLower, + escapeHtml(channelNamesMap[channelNameLower].display_name)); return spacer + alias + suffix; } } else { @@ -231,6 +232,18 @@ export function escapeRegex(text) { return text.replace(/[-/\\^$*+?.()|[\]{}]/g, '\\$&'); } +const htmlEntities = { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''' +}; + +export function escapeHtml(text) { + return text.replace(/[&<>"']/g, (match) => htmlEntities[match]); +} + function highlightCurrentMentions(text, tokens, mentionKeys = []) { let output = text; |