Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pasting text with '<' and '>' doesn't work correctly #86

Closed
simmac opened this issue Feb 23, 2017 · 1 comment
Closed

Pasting text with '<' and '>' doesn't work correctly #86

simmac opened this issue Feb 23, 2017 · 1 comment
Assignees
@dbrgn
Labels
bug It's a bug!

Comments

@simmac
Copy link

simmac commented Feb 23, 2017

Expected Behavior

When pasting text like
lorem ipsum x<y blah blah or lorem ipsum x<y blah blah y>z foo bar into the message text field, exactly this text should appear in the text field.

Current Behavior

The first text gets cut off at the '<' character, only lorem ipsum x appears in the text field.
In the second sample, everything between the two brackets disappears, resulting in lorem ipsum xz foo bar.

Possible Solution

There is probably something up with the regexes in filter.ts, I couldn't find anything obvious, though.

Steps to Reproduce (for bugs)

  1. Copy lorem ipsum x<y blah blah y>z foo bar into your clipboard
  2. Paste into the message text field
  3. Compare the text in the text field with the text in your clipboard

Your Environment

  • Threema Web version: 1.0.2
  • Threema for Android version: 3.01
  • Threema for Android source: Play Store
  • Browser name and version: Chrome 56
  • Operating system and version: macOS 10.12
@dbrgn
Copy link
Contributor

dbrgn commented Feb 23, 2017
edited
Loading

Thanks for the report! The source of the problem is probably here:

https://github.com/threema-ch/threema-web/blob/master/src/directives/compose_area.ts#L355-L356

AngularJS sanitizes HTML tags using a whitelist.

Before sanitizing the input, we should probably escape "dangerous" symbols like < (with the exception of images, since pasting emoji should work) so that the code gets shown and not stripped out. Tricky to get right in all cases :)

@dbrgn dbrgn added the bug It's a bug! label Feb 23, 2017
@dbrgn dbrgn self-assigned this Feb 27, 2017
dbrgn pushed a commit that referenced this issue Feb 27, 2017
@threema-danilo
Escape pasted text in compose area
3ef1e7e 
Sanitizing text would cause some non-HTML text to disappear (see #86).
Instead, we escape HTML, so that it looks exactly like pasted.

The applyFilters helper function has been removed, it's unclear what it
does. Being explicit is better in this case.

Pasting emoji tags still works, because <img> tags are converted to
their alt-text, which is in turn converted back to an <img> tag by the
emojify filter.
dbrgn pushed a commit that referenced this issue Feb 27, 2017
@threema-danilo
Escape pasted text in compose area
51f2a10 
Sanitizing text would cause some non-HTML text to disappear (see #86).
Instead, we escape HTML, so that it looks exactly like pasted.

The applyFilters helper function has been removed, it's unclear what it
does. Being explicit is better in this case.
@dbrgn dbrgn mentioned this issue Feb 27, 2017
Merged
dbrgn pushed a commit that referenced this issue Feb 27, 2017
@threema-danilo
Escape pasted text in compose area
85d271f 
Sanitizing text would cause some non-HTML text to disappear (see #86).
Instead, we escape HTML, so that it looks exactly like pasted.

The applyFilters helper function has been removed, it's unclear what it
does. Being explicit is better in this case.
@dbrgn dbrgn closed this as completed in #103 Mar 1, 2017
dbrgn added a commit that referenced this issue Mar 1, 2017
@dbrgn
Merge pull request #103 from threema-ch/issue-86
bcaa4b2 
Sanitizing text would cause some non-HTML text to disappear (see #86). Instead, we escape HTML, so that it looks exactly like pasted.

Fixes #86.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dbrgn dbrgn

Labels
bug It's a bug!
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dbrgn @simmac