[PVUL-93] xss in search messages (#658)

RocketChat · Feb 14, 2023 · 8774260 · 8774260
1 parent 745faa4
commit 8774260
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/apps/meteor/app/markdown/lib/markdown.js b/apps/meteor/app/markdown/lib/markdown.js
@@ -107,13 +107,14 @@ export const createMarkdownMessageRenderer = ({ parser, ...options }) => {
 	}
 
 	const parse = typeof parsers[parser] === 'function' ? parsers[parser] : parsers.original;
+	const markedParser = parsers.marked;
 
-	return (message) => {
+	return (message, useMarkedPaser = false) => {
 		if (!message?.html?.trim()) {
 			return message;
 		}
 
-		return parse(message, options);
+		return useMarkedPaser ? markedParser(message, options) : parse(message, options);
 	};
 };
 

diff --git a/apps/meteor/client/lib/utils/renderMessageBody.ts b/apps/meteor/client/lib/utils/renderMessageBody.ts
@@ -3,12 +3,14 @@ import { escapeHTML } from '@rocket.chat/string-helpers';
 
 import { callbacks } from '../../../lib/callbacks';
 
-export const renderMessageBody = <T extends Partial<IMessage> & { tokens?: { token: string; text: string }[]; html?: string }>(
+export const renderMessageBody = <
+	T extends Partial<IMessage> & { tokens?: { token: string; text: string }[]; html?: string; actionContext?: string },
+>(
 	message: T,
 ): string => {
 	message.html = message.msg?.trim() ? escapeHTML(message.msg.trim()) : '';
-
-	const { tokens, html } = callbacks.run('renderMessage', message);
+	const isSearchMessage = message?.actionContext === 'search';
+	const { tokens, html } = callbacks.run('renderMessage', message, isSearchMessage);
 
 	return (Array.isArray(tokens) ? tokens.reverse() : []).reduce((html, { token, text }) => html.replace(token, () => text), html ?? '');
 };