fix(chat) prevent homograph attacks
Decode URLs using punycode when rendering, so when http://ebаy.com is sent we render http://xn--eby-7cd.com/ instead. Ref: https://github.com/tasti/react-linkify/issues/84
This commit is contained in:
Saúl Ibarra Corretgé
Saúl Ibarra Corretgé
parent
0f9e01a7cf
commit
11ae187ece
|
|
@ -13141,6 +13141,11 @@
|
|||
}
|
||||
}
|
||||
},
|
||||
"punycode": {
|
||||
"version": "2.1.1",
|
||||
"resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz",
|
||||
"integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="
|
||||
},
|
||||
"q": {
|
||||
"version": "1.5.1",
|
||||
"resolved": "https://registry.npmjs.org/q/-/q-1.5.1.tgz",
|
||||
|
|
|
|||
|
|
@ -63,6 +63,7 @@
|
|||
"moment-duration-format": "2.2.2",
|
||||
"olm": "https://packages.matrix.org/npm/olm/olm-3.1.4.tgz",
|
||||
"pixelmatch": "5.1.0",
|
||||
"punycode": "2.1.1",
|
||||
"react": "16.9",
|
||||
"react-dom": "16.9",
|
||||
"react-emoji-render": "1.2.4",
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
// @flow
|
||||
|
||||
import punycode from 'punycode';
|
||||
import React, { Component } from 'react';
|
||||
import ReactLinkify from 'react-linkify';
|
||||
import { Text } from 'react-native';
|
||||
|
|
@ -68,7 +69,7 @@ export default class Linkify extends Component<Props> {
|
|||
key = { key }
|
||||
style = { this.props.linkStyle }
|
||||
url = { decoratedHref }>
|
||||
{decoratedText}
|
||||
{ punycode.toASCII(decoratedText) }
|
||||
</Link>
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
// @flow
|
||||
|
||||
import punycode from 'punycode';
|
||||
import React, { Component } from 'react';
|
||||
import ReactLinkify from 'react-linkify';
|
||||
|
||||
|
|
@ -44,7 +45,7 @@ export default class Linkify extends Component<Props> {
|
|||
key = { key }
|
||||
rel = 'noopener noreferrer'
|
||||
target = '_blank'>
|
||||
{decoratedText}
|
||||
{ punycode.toASCII(decoratedText) }
|
||||
</a>
|
||||
);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue