Hacky workaround to replace $amp in urls from chat messages
Related to #1531
What does this MR do?
To prevent XSS attacks, the chat messages were filtered with purifyHtml.
Bug: Urls contain &
and do not work correctly anymore
We discussed in Slack and in the dev call for a longer time and only found the current workaround on the fly.
The best solution to replace this workaround is to prevent XSS directly in the chat component. See https://github.com/antoine92190/vue-advanced-chat/issues/374
How confident are you it won't break things if deployed?
Links to related issues
https://yunity.slack.com/archives/C1T1ZM9A4/p1671552745332389
How to test
Screenshots (if applicable)
Checklist
-
added a test, or explain why one is not needed/possible... -
no unrelated changes -
asked someone for a code review -
set a "for:" label to indicate who will be affected by this change -
added to the next milestone (see https://gitlab.com/foodsharing-dev/foodsharing/-/milestones, unless it has a "for:Dev" label) -
added an entry to CHANGELOG.md
-
added a short text that can be used in the release notes -
Once your MR has been merged, you are responsible to create a testing issue in the Beta Testing forum: https://foodsharing.de/?page=bezirk&bid=734&sub=forum. Please change the MRs label to "state:Beta testing". - Consider writing a detailed description in German.
- Describe in a few sentences, what should be tested from a user perspective.
- Also mention different settings (e.g. different browsers, roles, ...) how this change can be tested.
- Be aware, that also non technical people should understand.
Release notes text in German
Edited by Christian Walgenbach