Merge branch 'harden-parser' into 'develop'

fix regex misinterpreting tag name in badly formed HTML

See merge request pleroma/pleroma-fe!1835

(cherry picked from commit 624af7ed00b0edb2792f84cc83f6eeb7568798c4)

00b47e16 fix regex misinterpreting tag name in badly formed HTML, prevent rich
5e656cc0 Merge remote-tracking branch 'origin/develop' into harden-parser
10e28f6c changelog
0109724a case insensititvy

changelog.d/parser.fix

@@ -0,0 +1 @@
+fix regex issue in HTML parser/renderer

src/components/rich_content/rich_content.jsx

@@ -149,7 +149,9 @@ export default {
       // Handle tag nodes
       if (Array.isArray(item)) {
         const [opener, children, closer] = item
-        const Tag = getTagName(opener)
+        let Tag = getTagName(opener)
+        if (Tag.toLowerCase() === 'script') Tag = 'js-exploit'
+        if (Tag.toLowerCase() === 'style') Tag = 'css-exploit'
         const fullAttrs = getAttrs(opener, () => true)
         const attrs = getAttrs(opener)
         const previouslyMentions = currentMentions !== null

src/services/html_converter/utility.service.js

@@ -5,7 +5,7 @@
  * @return {String} - tagname, i.e. "div"
  */
 export const getTagName = (tag) => {
-  const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gi.exec(tag)
+  const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gis.exec(tag)
   return result && (result[1] || result[2])
 }