Commit c6ab0ded01f255585c588b9693b975297127a920
markdown: use html-escape on emoji attributes instead of incorrect encoding
Matt McKegg committed on 6/3/2017, 4:51:27 AMParent: e88968184cc1392c4b3b1ebb85d0a3b0e0523b13
Files changed
message/html/markdown.js | changed |
package.json | changed |
message/html/markdown.js | |||
---|---|---|---|
@@ -1,8 +1,9 @@ | |||
1 | 1 … | const renderer = require('ssb-markdown') | |
2 | 2 … | const h = require('mutant/h') | |
3 | 3 … | const ref = require('ssb-ref') | |
4 | 4 … | const nest = require('depnest') | |
5 … | +var htmlEscape = require('html-escape') | ||
5 | 6 … | ||
6 | 7 … | exports.needs = nest({ | |
7 | 8 … | 'blob.sync.url': 'first', | |
8 | 9 … | 'emoji.sync.url': 'first' | |
@@ -48,11 +49,11 @@ | |||
48 | 49 … | function renderEmoji (emoji, url) { | |
49 | 50 … | if (!url) return ':' + emoji + ':' | |
50 | 51 … | return ` | |
51 | 52 … | <img | |
52 | - src="${encodeURI(url)}" | ||
53 | - alt=":${escape(emoji)}:" | ||
54 | - title=":${escape(emoji)}:" | ||
53 … | + src="${htmlEscape(url)}" | ||
54 … | + alt=":${htmlEscape(emoji)}:" | ||
55 … | + title=":${htmlEscape(emoji)}:" | ||
55 | 56 … | class="emoji" | |
56 | 57 … | > | |
57 | 58 … | ` | |
58 | 59 … | } | |
package.json | ||
---|---|---|
@@ -36,8 +36,9 @@ | ||
36 | 36 … | "color-hash": "^1.0.3", |
37 | 37 … | "depnest": "^1.0.2", |
38 | 38 … | "emoji-named-characters": "^1.0.2", |
39 | 39 … | "es2040": "^1.2.4", |
40 … | + "html-escape": "^2.0.0", | |
40 | 41 … | "human-time": "0.0.1", |
41 | 42 … | "mutant": "^3.17.0", |
42 | 43 … | "mutant-pull-reduce": "^1.1.0", |
43 | 44 … | "pull-abortable": "^4.1.0", |
Built with git-ssb-web