Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Background Colours for Messages #380

Closed
lukebarnard1 opened this issue Aug 3, 2016 · 2 comments
Closed

Background Colours for Messages #380

lukebarnard1 opened this issue Aug 3, 2016 · 2 comments
Assignees

Comments

@lukebarnard1
Copy link
Contributor

Background colours for messages would be a useful addition to the matrix web interface because some bridged systems support this functionality, namely IRC. This can be problematic when an IRC message is sent across which has white text and a black background. The text could become difficult to read when against the potentially light background of a matrix client.

A suggestion is to modify the HTML sanitation of <font> tags so that

    <font color="white" data-matrix-bg-color="black">Hopefully visible text</font>

is transformed into

    <font color="white" style="background-color:black;">Hopefully visible text</font>

whilst checking for CSS injection of the provided bg-color.

Given that CSS injection needs to be checked for anyway, perhaps a better solution would be to accept the style attribute and only allow color and background-color attributes to be allowed. http-sanitize sadly doesn't support this functionality, but it could be written separately.

Sanitization within matrix-react-sdk:
https://github.com/matrix-org/matrix-react-sdk/blob/24223ae2b69debb33fa22fcda5aeba6fa93c93eb/src/HtmlUtils.js

(See matrix-org/matrix-appservice-irc#62)

@Half-Shot
Copy link
Contributor

Half-Shot commented Aug 10, 2016

Given that CSS injection needs to be checked for anyway, perhaps a better solution would be to accept the style attribute and only allow color and background-color attributes to be allowed. http-sanitize sadly doesn't support this functionality, but it could be written separately.

We were talking about this in #HQ a little while ago and I'd prefer doing this over writing our own attributes. How difficult would it be to write a whitelist of CSS rules similar to how we do it with HTML tags?

My idea would be to get as far as creating the DOM element and then removing rules we don't want from someElement.style?

@richvdh
Copy link
Member

richvdh commented Oct 12, 2016

Moving this to element-hq/element-web#2460.

@richvdh richvdh closed this as completed Oct 12, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants