From 98440beffaad239e77dd9bac9313b6cf33d6401e Mon Sep 17 00:00:00 2001 From: Laurent Cozic Date: Thu, 8 Jun 2023 15:18:46 +0100 Subject: [PATCH] All: Fixes #8286: Allow certain HTML anchor tags --- packages/app-cli/tests/md_to_html/sanitize_17.html | 1 + packages/app-cli/tests/md_to_html/sanitize_17.md | 1 + packages/renderer/htmlUtils.ts | 7 ++++++- 3 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 packages/app-cli/tests/md_to_html/sanitize_17.html create mode 100644 packages/app-cli/tests/md_to_html/sanitize_17.md diff --git a/packages/app-cli/tests/md_to_html/sanitize_17.html b/packages/app-cli/tests/md_to_html/sanitize_17.html new file mode 100644 index 0000000000..7f1ae40eb5 --- /dev/null +++ b/packages/app-cli/tests/md_to_html/sanitize_17.html @@ -0,0 +1 @@ +⬆️ \ No newline at end of file diff --git a/packages/app-cli/tests/md_to_html/sanitize_17.md b/packages/app-cli/tests/md_to_html/sanitize_17.md new file mode 100644 index 0000000000..ee1f05a2b8 --- /dev/null +++ b/packages/app-cli/tests/md_to_html/sanitize_17.md @@ -0,0 +1 @@ +⬆️ \ No newline at end of file diff --git a/packages/renderer/htmlUtils.ts b/packages/renderer/htmlUtils.ts index ecffd616bd..866b8676c0 100644 --- a/packages/renderer/htmlUtils.ts +++ b/packages/renderer/htmlUtils.ts @@ -157,7 +157,12 @@ class HtmlUtils { private isAcceptedUrl(url: string): boolean { url = url.toLowerCase(); - return url.startsWith('https://') || url.startsWith('http://') || url.startsWith('mailto://'); + return url.startsWith('https://') || + url.startsWith('http://') || + url.startsWith('mailto://') || + // We also allow anchors but only with a specific set of a characters. + // Fixes https://github.com/laurent22/joplin/issues/8286 + !!url.match(/^#[a-zA-Z0-9-]+$/); } public sanitizeHtml(html: string, options: SanitizeHtmlOptions = null) {