Escape html tags in content

fixes #6
cesardeazevedo · Jan 5, 2025 · 2885daa · 2885daa
1 parent ccb7344
commit 2885daa
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 7 deletions.
diff --git a/src/__tests__/parser.test.ts b/src/__tests__/parser.test.ts
@@ -1,7 +1,7 @@
 // @vitest-environment happy-dom
 import { nip19 } from 'nostr-tools'
-import { fakeEvent } from './testUtils'
 import { test } from './fixtures'
+import { fakeEvent } from './testUtils'
 
 describe('parseNote()', () => {
   test('Should assert simple text', ({ editor }) => {
@@ -805,4 +805,34 @@ https://host.com/2.jpeg
       }
     `)
   })
+
+  test('assert html tags in text', ({ editor }) => {
+    const event = fakeEvent({
+      content: 'MAKE HTML GREAT AGAIN \n\n bring back <mark> <blink> <marquee>',
+    })
+    editor.commands.setEventContent(event)
+    expect(editor.getJSON()).toMatchInlineSnapshot(`
+      {
+        "content": [
+          {
+            "content": [
+              {
+                "text": "MAKE HTML GREAT AGAIN ",
+                "type": "text",
+              },
+              {
+                "type": "hardBreak",
+              },
+              {
+                "text": "bring back <mark> <blink> <marquee>",
+                "type": "text",
+              },
+            ],
+            "type": "paragraph",
+          },
+        ],
+        "type": "doc",
+      }
+    `)
+  })
 })
diff --git a/src/extensions/NostrExtension.ts b/src/extensions/NostrExtension.ts
@@ -23,6 +23,7 @@ import type { TagAttributes } from './TagExtension'
 import { TagExtension } from './TagExtension'
 import { TweetExtension } from './TweetExtension'
 import { VideoExtension } from './VideoExtension'
+import { replaceTextContent } from '../helpers/utils'
 
 declare module '@tiptap/core' {
   interface Commands<ReturnType> {
@@ -263,7 +264,7 @@ export const NostrExtension = Extension.create<NostrOptions, NostrStorage>({
           // These metadata will trigger pasting rules on all other extensions
           .setMeta('parse', true)
           .setMeta('uiEvent', 'paste')
-          .setContent(event.kind === 1 ? event.content.replace(/(\n|\r)+/g, '<br />') : event.content)
+          .setContent(event.kind === 1 ? replaceTextContent(event.content) : event.content)
         return true
       },
       setEventContentKind0: (event: UnsignedEvent) => (props) => {
@@ -276,11 +277,7 @@ export const NostrExtension = Extension.create<NostrOptions, NostrStorage>({
         } catch (error) {
           return false
         }
-        props
-          .chain()
-          .setMeta('parse', true)
-          .setMeta('uiEvent', 'paste')
-          .setContent(content.about?.replace(/(\n|\r)+/g, '<br />'), true)
+        props.chain().setMeta('parse', true).setMeta('uiEvent', 'paste').setContent(replaceTextContent(content.about))
         return true
       },
     }

diff --git a/src/helpers/utils.ts b/src/helpers/utils.ts
@@ -39,3 +39,10 @@ export function getLinkKind(url: string, imeta?: IMetaTags): LinkKinds {
     }
   }
 }
+
+export function replaceTextContent(content: string): string {
+  return content
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/(\n|\r)+/g, '<br />')
+}