Commit 83c657af authored by lain's avatar lain
Browse files

Do some basic escaping.

parent 1af9c777
......@@ -11,7 +11,7 @@ defmodule Pleroma.Web.TwitterAPI.Utils do
def add_attachments(text, attachments) do
attachment_text =, fn
(%{"url" => [%{"href" => href} | _]}) ->
"<a href='#{href}' class='attachment'>#{Path.basename(href)}</a>"
"<a href=\"#{URI.encode(href)}\" class='attachment'>#{Path.basename(href)}</a>"
_ -> ""
Enum.join([text | attachment_text], "<br>\n")
......@@ -34,7 +34,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do
{ :ok, activity = %Activity{} } = TwitterAPI.create_status(user, input)
assert get_in(, ["object", "content"]) == "Hello again, <a href='shp'>@shp</a>.<br>\nThis is on another line. #2hu #epic #phantasmagoric<br>\n<a href='' class='attachment'>image.jpg</a>"
assert get_in(, ["object", "content"]) == "Hello again, <a href='shp'>@shp</a>.<br>\nThis is on another line. #2hu #epic #phantasmagoric<br>\n<a href=\"\" class='attachment'>image.jpg</a>"
assert get_in(, ["object", "type"]) == "Note"
assert get_in(, ["object", "actor"]) == user.ap_id
assert get_in(, ["actor"]) == user.ap_id
defmodule Pleroma.Web.TwitterAPI.UtilsTest do
alias Pleroma.Web.TwitterAPI.Utils
use Pleroma.DataCase
test "it adds attachment links to a given text and attachment set" do
attachment = %{
"url" => [%{"href" => "\"m a boy.png"}]
res = Utils.add_attachments("", [attachment])
assert res == "<br>\n<a href=\"\" class='attachment'>i\"m a boy.png</a>"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment