Merge branch 'MDL-68423-39' of git://github.com/ferranrecio/moodle into MOODLE_39_STABLE
authorAdrian Greeve <abgreeve@gmail.com>
Thu, 13 Aug 2020 03:05:37 +0000 (11:05 +0800)
committerAdrian Greeve <abgreeve@gmail.com>
Thu, 13 Aug 2020 03:05:37 +0000 (11:05 +0800)
message/amd/build/message_drawer_view_conversation.min.js
message/amd/build/message_drawer_view_conversation.min.js.map
message/amd/src/message_drawer_view_conversation.js

index 53c1f62..daba441 100644 (file)
Binary files a/message/amd/build/message_drawer_view_conversation.min.js and b/message/amd/build/message_drawer_view_conversation.min.js differ
index dac3fc9..ceb2204 100644 (file)
Binary files a/message/amd/build/message_drawer_view_conversation.min.js.map and b/message/amd/build/message_drawer_view_conversation.min.js.map differ
index 03854ff..34d00fb 100644 (file)
@@ -1282,6 +1282,32 @@ function(
             });
     };
 
+    /**
+     * Create a plain version of an HTML text.
+     *
+     * This texts is used as a message preview while is sent to the server. This way
+     * it is possible to prevent self-xss.
+     *
+     * @param {String} text Text to send.
+     * @return {String} The plain text version of the text.
+     */
+    const previewText = function(text) {
+        // Remove all script and styles from text (we don't want it there).
+        let plaintext = text.replace(/<style([\s\S]*?)<\/style>/gi, '');
+        plaintext = plaintext.replace(/<script([\s\S]*?)<\/script>/gi, '');
+        // Beautify a bit the output adding some line breaks.
+        plaintext = plaintext.replace(/<\/div>/ig, '\n');
+        plaintext = plaintext.replace(/<\/li>/ig, '\n');
+        plaintext = plaintext.replace(/<li>/ig, '  *  ');
+        plaintext = plaintext.replace(/<\/ul>/ig, '\n');
+        plaintext = plaintext.replace(/<\/p>/ig, '\n');
+        plaintext = plaintext.replace(/<br[^>]*>/gi, '\n');
+        // Remove all remaining tags and convert line breaks into html.
+        plaintext = plaintext.replace(/<[^>]+>/ig, '');
+        plaintext = plaintext.replace(/\n+/ig, '\n');
+        return plaintext.replace(/\n/ig, '<br>');
+    };
+
     /**
      * Buffers messages to be sent to the server. We use a buffer here to allow the
      * user to freely input messages without blocking the interface for them.
@@ -1292,14 +1318,22 @@ function(
      */
     var sendMessage = function(text) {
         var id = 'temp' + Date.now();
+        // Render a preview version of the message while sending.
+        let loadingmessage = {
+            id: id,
+            useridfrom: viewState.loggedInUserId,
+            text:  previewText(text),
+            timecreated: null
+        };
+        var newState = StateManager.addMessages(viewState, [loadingmessage]);
+        render(newState);
+        // Send the real message.
         var message = {
             id: id,
             useridfrom: viewState.loggedInUserId,
             text: text,
             timecreated: null
         };
-        var newState = StateManager.addMessages(viewState, [message]);
-        render(newState);
         sendMessageBuffer.push(message);
         processSendMessageBuffer();
     };