matrix/element-web
1
0
Fork 0
mirror of https://github.com/element-hq/element-web.git synced 2025-12-01 09:58:03 +03:00
Code Activity

Wrap decodeURIComponent in try-catch to protect against malformed URIs

Browse Source
This commit is contained in:
Michael Telatynski
2021-05-13 10:20:27 +01:00
parent 52420feab0
commit dd04b479a1
2 changed files with 17 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/linkify-matrix.js
View File

@@ -254,11 +254,15 @@ matrixLinkify.options = {
target: function(href, type) {
if (type === 'url') {
const transformed = tryTransformPermalinkToLocalHref(href);
if (transformed !== href || decodeURIComponent(href).match(matrixLinkify.ELEMENT_URL_PATTERN)) {
return null;
} else {
return '_blank';
try {
const transformed = tryTransformPermalinkToLocalHref(href);
if (transformed !== href || decodeURIComponent(href).match(matrixLinkify.ELEMENT_URL_PATTERN)) {
return null;
} else {
return '_blank';
}
} catch (e) {
// malformed URI
}
}
return null;