Chat messages have HTML sanitization to prevent js injection attacks.
However, we want to be able to display some HTML tags such as links and twilio audio.
There is some link detection in
|
parsedBody: Ember.computed("body", function() { |
|
let body = this.get("body"); |
|
body = body.replace(/(<br>)/gm, "\n"); |
|
body = body.replace(/(<)/g, "<"); |
|
|
|
let hrefExpressionMatch = body.match( |
|
/\<a href=(.*?)\>(.*?)\<\/a\s*?\>/ |
|
); |
|
if (hrefExpressionMatch) { |
|
body = this.sanitizingAnchorLinks(body, hrefExpressionMatch); |
|
} |
|
return body; |
|
}), |
|
|
|
sanitizingAnchorLinks(body, hrefExpressionMatch) { |
|
let originalLink = hrefExpressionMatch[0]; |
|
let anchorLink = hrefExpressionMatch[1]; |
|
let text = hrefExpressionMatch[2]; |
|
if ( |
|
anchorLink.includes("/plan_delivery") || |
|
anchorLink.includes( |
|
"crossroads-foundation.formstack.com/forms/goods_donor_survey?field" |
|
) |
|
) { |
|
body = body.replace(originalLink, `<a href=${anchorLink}>${text}</a>`); |
|
} |
|
return body; |
|
}, |
but this is rudimentary and doesn't handle cases where a user has left a voicemail.
Example:
