Open elimisteve opened 6 years ago
Is user input sufficiently sanitized here? I've tried making it implausible to satisfy this regex while being malicious, but... is it possible? I couldn't find a way to avoid the dangerouslySetInnerHTML and still have the images show up: https://github.com/cryptag/leapchat/blob/develop/src/components/chat/Message.js#L15
dangerouslySetInnerHTML
Is user input sufficiently sanitized here? I've tried making it implausible to satisfy this regex while being malicious, but... is it possible? I couldn't find a way to avoid the
dangerouslySetInnerHTMLand still have the images show up: https://github.com/cryptag/leapchat/blob/develop/src/components/chat/Message.js#L15