Remove attributes on del tags

There is no use case for those afaik and they do break our replacement in the frontend. Let's instead strip them out in the sanitization step, since there are no valid attributes defined for the del tag currenlty. In theory we could also strip out all attributes here, but that seems excessive for now. Fixes https://github.com/Nheko-Reborn/nheko/issues/1693
author: Nicolas Werner <nicolas.werner@hotmail.de> 2024-03-20 21:53:20 +0100
committer: Nicolas Werner <nicolas.werner@hotmail.de> 2024-03-20 21:53:20 +0100
commit: 9656304e24a9fe0a3df13211c87e9cd91713d8ca (patch)
tree: 3912be5c2494fff563ffb582da083b81033a337d
parent: 30ac76e94269a9db9cdc6ef2d6599e5265d1772e (diff)
1 files changed, 13 insertions, 7 deletions
diff --git a/src/Utils.cpp b/src/Utils.cpp
index ff5dabac..498bad9a 100644
--- a/src/Utils.cpp
+++ b/src/Utils.cpp
@@ -582,9 +582,10 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
         const auto tagNameEnd =
           std::find_first_of(tagNameStart, end, tagNameEnds.begin(), tagNameEnds.end());
 
-        if (allowedTags.find(
-              QByteArray(tagNameStart, static_cast<int>(tagNameEnd - tagNameStart)).toLower()) ==
-            allowedTags.end()) {
+        const auto tagName =
+          QByteArray(tagNameStart, static_cast<int>(tagNameEnd - tagNameStart)).toLower();
+
+        if (allowedTags.find(tagName) == allowedTags.end()) {
             // not allowed -> escape
             buffer.append("&lt;");
             pos = tagNameStart;
@@ -620,8 +621,9 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
                     auto attrName =
                       QByteArray(attrStart, static_cast<int>(attrEnd - attrStart)).toLower();
 
-                    auto sanitizeValue = [&attrName](QByteArray val) {
-                        if (attrName == QByteArrayLiteral("src") && !val.startsWith("mxc://"))
+                    auto sanitizeValue = [&attrName, tagName](QByteArray val) {
+                        if (tagName == QByteArrayLiteral("del") ||
+                            (attrName == QByteArrayLiteral("src") && !val.startsWith("mxc://")))
                             return QByteArray();
                         else
                             return val;
@@ -697,8 +699,12 @@ utils::escapeBlacklistedHtml(const QString &rawStr)
                         }
                     }
 
-                    buffer.append(' ');
-                    buffer.append(attrName);
+                    // We don't really want tags on del tags and they make replacement in the
+                    // frontend more expansive
+                    if (tagName != QByteArrayLiteral("del")) {
+                        buffer.append(' ');
+                        buffer.append(attrName);
+                    }
                 }
             }
         }
author	Nicolas Werner <nicolas.werner@hotmail.de>	2024-03-20 21:53:20 +0100
committer	Nicolas Werner <nicolas.werner@hotmail.de>	2024-03-20 21:53:20 +0100
commit	9656304e24a9fe0a3df13211c87e9cd91713d8ca (patch)
tree	3912be5c2494fff563ffb582da083b81033a337d
parent	30ac76e94269a9db9cdc6ef2d6599e5265d1772e (diff)