From 2cb9ebc2268257c31dc3dd3daff05161d06cf3ef Mon Sep 17 00:00:00 2001 From: Yash Rajpal <58601732+yash-rajpal@users.noreply.github.com> Date: Tue, 14 Feb 2023 08:02:03 +0530 Subject: [PATCH] [PVUL-93] xss in search messages (#658) --- apps/meteor/app/markdown/lib/markdown.js | 5 +++-- apps/meteor/client/lib/utils/renderMessageBody.ts | 8 +++++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/apps/meteor/app/markdown/lib/markdown.js b/apps/meteor/app/markdown/lib/markdown.js index 7ee511d403e4..4798f8bdd09c 100644 --- a/apps/meteor/app/markdown/lib/markdown.js +++ b/apps/meteor/app/markdown/lib/markdown.js @@ -107,13 +107,14 @@ export const createMarkdownMessageRenderer = ({ parser, ...options }) => { } const parse = typeof parsers[parser] === 'function' ? parsers[parser] : parsers.original; + const markedParser = parsers.marked; - return (message) => { + return (message, useMarkedPaser = false) => { if (!message?.html?.trim()) { return message; } - return parse(message, options); + return useMarkedPaser ? markedParser(message, options) : parse(message, options); }; }; diff --git a/apps/meteor/client/lib/utils/renderMessageBody.ts b/apps/meteor/client/lib/utils/renderMessageBody.ts index be0a29f6a452..70f9c1c7a019 100644 --- a/apps/meteor/client/lib/utils/renderMessageBody.ts +++ b/apps/meteor/client/lib/utils/renderMessageBody.ts @@ -3,12 +3,14 @@ import { escapeHTML } from '@rocket.chat/string-helpers'; import { callbacks } from '../../../lib/callbacks'; -export const renderMessageBody = & { tokens?: { token: string; text: string }[]; html?: string }>( +export const renderMessageBody = < + T extends Partial & { tokens?: { token: string; text: string }[]; html?: string; actionContext?: string }, +>( message: T, ): string => { message.html = message.msg?.trim() ? escapeHTML(message.msg.trim()) : ''; - - const { tokens, html } = callbacks.run('renderMessage', message); + const isSearchMessage = message?.actionContext === 'search'; + const { tokens, html } = callbacks.run('renderMessage', message, isSearchMessage); return (Array.isArray(tokens) ? tokens.reverse() : []).reduce((html, { token, text }) => html.replace(token, () => text), html ?? ''); };