From 9998c57358b31b85bfec5955bcf852e12afe6bfd Mon Sep 17 00:00:00 2001
From: moonrailgun <moonrailgun@gmail.com>
Date: Wed, 2 Oct 2024 21:23:56 +0800
Subject: [PATCH] fix: fix a issue which markdown component can render meta tag
 problem

which can be xss script code by malicious messages
---
 client/shared/i18n/langs/en-US/translation.json | 1 +
 client/shared/i18n/langs/zh-CN/translation.json | 1 +
 client/web/src/components/Markdown/render.tsx   | 1 +
 3 files changed, 3 insertions(+)

diff --git a/client/shared/i18n/langs/en-US/translation.json b/client/shared/i18n/langs/en-US/translation.json
index c961e053ac8..cfb989f82ea 100644
--- a/client/shared/i18n/langs/en-US/translation.json
+++ b/client/shared/i18n/langs/en-US/translation.json
@@ -396,6 +396,7 @@
   "ke3d797fd": "Drop files to send into current converse",
   "ke59ffe49": "Muted, there are {{remain}} left",
   "ke6da074f": "The message was withdrawn successfully",
+  "ke9748e88": "Custom Meta is not supported",
   "keb053701": "Copy message text successfully",
   "kec46a57f": "Add members",
   "kecb51e2c": "Old password",
diff --git a/client/shared/i18n/langs/zh-CN/translation.json b/client/shared/i18n/langs/zh-CN/translation.json
index 279f86eb368..30a9b3ce71e 100644
--- a/client/shared/i18n/langs/zh-CN/translation.json
+++ b/client/shared/i18n/langs/zh-CN/translation.json
@@ -396,6 +396,7 @@
   "ke3d797fd": "拖放文件以发送到当前会话",
   "ke59ffe49": "禁言中, 还剩 {{remain}}",
   "ke6da074f": "消息撤回成功",
+  "ke9748e88": "不支持自定义Meta",
   "keb053701": "复制消息文本成功",
   "kec46a57f": "添加成员",
   "kecb51e2c": "旧密码",
diff --git a/client/web/src/components/Markdown/render.tsx b/client/web/src/components/Markdown/render.tsx
index 0343df7e761..5504642ab72 100644
--- a/client/web/src/components/Markdown/render.tsx
+++ b/client/web/src/components/Markdown/render.tsx
@@ -45,6 +45,7 @@ export const Markdown: React.FC<{
         />
       ),
       style: () => <div>{t('不支持自定义样式')}</div>,
+      meta: () => <div>{t('不支持自定义Meta')}</div>,
     }),
     []
   );