Salastil/DankMaterialShell
1
0
Fork 0
mirror of https://github.com/AvengeMedia/DankMaterialShell.git synced 2026-04-03 20:32:07 -04:00
Code Packages Releases Activity

fix: Update HTML rendering injections

Browse Source
This commit is contained in:
purian23
2026-02-24 19:34:46 -05:00
parent bc0b4825f1
commit 8bb3ee5f18
1 changed files with 31 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
quickshell/Services/NotificationService.qml
View File

@@ -158,7 +158,10 @@ Singleton {
continue; continue;
const urg = typeof item.urgency === "number" ? item.urgency : 1; const urg = typeof item.urgency === "number" ? item.urgency : 1;
const body = item.body || ""; const body = item.body || "";
const htmlBody = item.htmlBody || _resolveHtmlBody(body); let htmlBody = item.htmlBody || _resolveHtmlBody(body);
if (htmlBody) {
htmlBody = htmlBody.replace(/<img\b[^>]*>/gi, "");
}
loaded.push({ loaded.push({
id: item.id || "", id: item.id || "",
summary: item.summary || "", summary: item.summary || "",
@@ -720,8 +723,8 @@ Singleton {
} }
required property Notification notification required property Notification notification
readonly property string summary: notification?.summary ?? "" readonly property string summary: (notification?.summary ?? "").replace(/<img\b[^>]*>/gi, "")
readonly property string body: notification?.body ?? "" readonly property string body: (notification?.body ?? "").replace(/<img\b[^>]*>/gi, "")
readonly property string htmlBody: root._resolveHtmlBody(body) readonly property string htmlBody: root._resolveHtmlBody(body)
readonly property string appIcon: notification?.appIcon ?? "" readonly property string appIcon: notification?.appIcon ?? ""
readonly property string appName: { readonly property string appName: {
@@ -978,22 +981,34 @@ Singleton {
function _resolveHtmlBody(body) { function _resolveHtmlBody(body) {
if (!body) if (!body)
return ""; return "";
if (/<\/?[a-z][\s\S]*>/i.test(body))
return body;
// Decode percent-encoded URLs (e.g. https%3A%2F%2F → https://) let result = body;
body = body.replace(/\bhttps?%3A%2F%2F[^\s]+/gi, match => {
try { return decodeURIComponent(match); }
catch (e) { return match; }
});
if (/&(#\d+|#x[0-9a-fA-F]+|[a-zA-Z][a-zA-Z0-9]+);/.test(body)) { if (/<\/?[a-z][\s\S]*>/i.test(body)) {
const decoded = _decodeEntities(body); result = body;
if (/<\/?[a-z][\s\S]*>/i.test(decoded)) } else {
return decoded; // Decode percent-encoded URLs (e.g. https%3A%2F%2F → https://)
return Markdown2Html.markdownToHtml(decoded); let processed = body.replace(/\bhttps?%3A%2F%2F[^\s]+/gi, match => {
try {
return decodeURIComponent(match);
} catch (e) {
return match;
}
});
if (/&(#\d+|#x[0-9a-fA-F]+|[a-zA-Z][a-zA-Z0-9]+);/.test(processed)) {
const decoded = _decodeEntities(processed);
if (/<\/?[a-z][\s\S]*>/i.test(decoded))
result = decoded;
else
result = Markdown2Html.markdownToHtml(decoded);
} else {
result = Markdown2Html.markdownToHtml(processed);
}
} }
return Markdown2Html.markdownToHtml(body);
// Strip out image tags to prevent IP tracking
return result.replace(/<img\b[^>]*>/gi, "");
} }
function getGroupKey(wrapper) { function getGroupKey(wrapper) {