Remove the ability to use emojione for rendering emoji

Creates an XSS opening.
This commit is contained in:
JC Brand 2017-06-17 00:49:25 +02:00
parent ca53a8d8ef
commit 10ae9a5ea4
2 changed files with 9 additions and 34 deletions

View File

@ -93,8 +93,6 @@
this.updateSettings({
chatview_avatar_height: 32,
chatview_avatartrue: 32,
show_emojione: false, // By default, use native emojis.
emojione_path: 'https://cdn.jsdelivr.net/emojione/assets/' + emojione.emojiVersion + '/png/' + emojione.emojiSize + '/',
show_toolbar: true,
time_format: 'HH:mm',
visible_toolbar_buttons: {
@ -104,12 +102,6 @@
},
});
if (_converse.show_emojione) {
// If using Emojione, we also convert ascii smileys into emoji.
emojione.ascii = true;
emojione.imagePathPNG = _converse.emojione_path
}
var onWindowStateChanged = function (data) {
var state = data.state;
_converse.chatboxviews.each(function (chatboxview) {
@ -137,18 +129,11 @@
render: function () {
var emojis_by_category = utils.marshallEmojis(emojione);
var converter;
if (_converse.show_emojione) {
converter = emojione.toImage
} else {
converter = emojione.shortnameToUnicode
}
var emojis_html = tpl_emojis(
_.extend(
this.model.toJSON(), {
'emojis_by_category': emojis_by_category,
'emojione': emojione,
'converter': converter
'emojione': emojione
}
));
this.el.innerHTML = emojis_html;
@ -439,13 +424,10 @@
'extra_classes': this.getExtraMessageClasses(attrs)
})
));
$msg.find('.chat-msg-content').first()
.text(text)
.addHyperlinks()
.addEmoticons(
_converse,
emojione,
_converse.visible_toolbar_buttons.emoticons);
if (_converse.visible_toolbar_buttons.emoticons) {
text = utils.addEmoticons(_converse, emojione, text);
}
$msg.find('.chat-msg-content').first().text(text).addHyperlinks();
return $msg;
},

View File

@ -126,17 +126,6 @@
return this;
};
$.fn.addEmoticons = function (_converse, emojione, allowed) {
if (allowed) {
if (_converse.show_emojione) {
this.html(emojione.toImage(this.text()));
} else {
this.html(emojione.shortnameToUnicode(this.text()));
}
}
return this;
};
var utils = {
// Translation machinery
// ---------------------
@ -514,6 +503,10 @@
frag = tmp = null;
}
utils.addEmoticons = function (_converse, emojione, text) {
return emojione.shortnameToUnicode(text);
}
utils.marshallEmojis = function (emojione) {
/* Return a dict of emojis with the categories as keys and
* lists of emojis in that category as values.