From 89a2e60706ce22e4afc463d03af2f34c53291800 Mon Sep 17 00:00:00 2001
From: Penar Musaraj <pmusaraj@gmail.com>
Date: Thu, 9 Nov 2023 13:47:26 +1100
Subject: [PATCH] SECURITY: Limit height of pre/svg elements

Ensures posts cannot have SVG or PRE elements that are too tall.
---
 app/assets/stylesheets/common/base/topic-post.scss | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/assets/stylesheets/common/base/topic-post.scss b/app/assets/stylesheets/common/base/topic-post.scss
index 751f93a7fa5..9edaf18df63 100644
--- a/app/assets/stylesheets/common/base/topic-post.scss
+++ b/app/assets/stylesheets/common/base/topic-post.scss
@@ -202,6 +202,10 @@
       height: var(--calculated-height);
     }
   }
+
+  svg {
+    max-height: 2000px;
+  }
 }
 
 // add staff color
@@ -1009,6 +1013,7 @@ aside.quote {
 }
 
 pre {
+  max-height: 2000px;
   code {
     word-wrap: normal;
     display: block;