浏览代码

Remove the ability to use emojione for rendering emoji

Creates an XSS opening.
JC Brand 8 年之前
父节点
当前提交
10ae9a5ea4
共有 2 个文件被更改,包括 9 次插入34 次删除
  1. 5 23
      src/converse-chatview.js
  2. 4 11
      src/utils.js

+ 5 - 23
src/converse-chatview.js

@@ -93,8 +93,6 @@
             this.updateSettings({
             this.updateSettings({
                 chatview_avatar_height: 32,
                 chatview_avatar_height: 32,
                 chatview_avatartrue: 32,
                 chatview_avatartrue: 32,
-                show_emojione: false, // By default, use native emojis.
-                emojione_path: 'https://cdn.jsdelivr.net/emojione/assets/' + emojione.emojiVersion + '/png/' + emojione.emojiSize + '/',
                 show_toolbar: true,
                 show_toolbar: true,
                 time_format: 'HH:mm',
                 time_format: 'HH:mm',
                 visible_toolbar_buttons: {
                 visible_toolbar_buttons: {
@@ -104,12 +102,6 @@
                 },
                 },
             });
             });
 
 
-            if (_converse.show_emojione) {
-                // If using Emojione, we also convert ascii smileys into emoji.
-                emojione.ascii = true;
-                emojione.imagePathPNG = _converse.emojione_path
-            }
-
             var onWindowStateChanged = function (data) {
             var onWindowStateChanged = function (data) {
                 var state = data.state;
                 var state = data.state;
                 _converse.chatboxviews.each(function (chatboxview) {
                 _converse.chatboxviews.each(function (chatboxview) {
@@ -137,18 +129,11 @@
 
 
                 render: function () {
                 render: function () {
                     var emojis_by_category = utils.marshallEmojis(emojione);
                     var emojis_by_category = utils.marshallEmojis(emojione);
-                    var converter;
-                    if (_converse.show_emojione) {
-                        converter = emojione.toImage
-                    } else {
-                        converter = emojione.shortnameToUnicode
-                    }
                     var emojis_html = tpl_emojis(
                     var emojis_html = tpl_emojis(
                         _.extend(
                         _.extend(
                             this.model.toJSON(), {
                             this.model.toJSON(), {
                                 'emojis_by_category': emojis_by_category,
                                 'emojis_by_category': emojis_by_category,
-                                'emojione': emojione,
-                                'converter': converter
+                                'emojione': emojione
                             }
                             }
                         ));
                         ));
                     this.el.innerHTML = emojis_html;
                     this.el.innerHTML = emojis_html;
@@ -439,13 +424,10 @@
                             'extra_classes': this.getExtraMessageClasses(attrs)
                             'extra_classes': this.getExtraMessageClasses(attrs)
                         })
                         })
                     ));
                     ));
-                    $msg.find('.chat-msg-content').first()
-                        .text(text)
-                        .addHyperlinks()
-                        .addEmoticons(
-                            _converse,
-                            emojione,
-                            _converse.visible_toolbar_buttons.emoticons);
+                    if (_converse.visible_toolbar_buttons.emoticons) {
+                        text = utils.addEmoticons(_converse, emojione, text);
+                    }
+                    $msg.find('.chat-msg-content').first().text(text).addHyperlinks();
                     return $msg;
                     return $msg;
                 },
                 },
 
 

+ 4 - 11
src/utils.js

@@ -126,17 +126,6 @@
         return this;
         return this;
     };
     };
 
 
-    $.fn.addEmoticons = function (_converse, emojione, allowed) {
-        if (allowed) {
-            if (_converse.show_emojione) {
-                this.html(emojione.toImage(this.text()));
-            } else {
-                this.html(emojione.shortnameToUnicode(this.text()));
-            }
-        }
-        return this;
-    };
-
     var utils = {
     var utils = {
         // Translation machinery
         // Translation machinery
         // ---------------------
         // ---------------------
@@ -514,6 +503,10 @@
         frag = tmp = null;
         frag = tmp = null;
     }
     }
 
 
+    utils.addEmoticons = function (_converse, emojione, text) {
+        return emojione.shortnameToUnicode(text);
+    }
+
     utils.marshallEmojis = function (emojione) {
     utils.marshallEmojis = function (emojione) {
         /* Return a dict of emojis with the categories as keys and
         /* Return a dict of emojis with the categories as keys and
          * lists of emojis in that category as values.
          * lists of emojis in that category as values.