Sanitize output from Helper.urls2links

This commit is contained in:
Haocen Xu 2020-05-30 06:05:20 -04:00
parent 25a39148a8
commit 5f0011b0f6
No known key found for this signature in database
GPG Key ID: 3F0D955A0F6AD729
1 changed files with 5 additions and 3 deletions

View File

@ -405,10 +405,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
me.urls2links = function(element)
{
element.html(
DOMPurify.sanitize(
element.html().replace(
/(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
'<a href="$1" rel="nofollow">$1</a>'
)
)
);
};