Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
P
pleroma
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
1
Issues
1
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Hakaba Hitoyo
pleroma
Commits
58539e13
Commit
58539e13
authored
Aug 31, 2018
by
lain
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Revert "Merge branch 'feature/rich-text' into 'develop'"
This reverts merge request !309
parent
340ab3cb
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
7 additions
and
78 deletions
+7
-78
lib/pleroma/formatter.ex
lib/pleroma/formatter.ex
+1
-5
lib/pleroma/web/common_api/common_api.ex
lib/pleroma/web/common_api/common_api.ex
+1
-8
lib/pleroma/web/common_api/utils.ex
lib/pleroma/web/common_api/utils.ex
+4
-30
lib/pleroma/web/twitter_api/twitter_api_controller.ex
lib/pleroma/web/twitter_api/twitter_api_controller.ex
+1
-1
mix.exs
mix.exs
+0
-1
mix.lock
mix.lock
+0
-1
test/web/common_api/common_api_test.exs
test/web/common_api/common_api_test.exs
+0
-32
No files found.
lib/pleroma/formatter.ex
View file @
58539e13
...
...
@@ -188,11 +188,7 @@ def get_custom_emoji() do
]
# TODO: make it use something other than @link_regex
def
html_escape
(
text
,
"text/html"
)
do
HtmlSanitizeEx
.
basic_html
(
text
)
end
def
html_escape
(
text
,
"text/plain"
)
do
def
html_escape
(
text
)
do
Regex
.
split
(
@link_regex
,
text
,
include_captures:
true
)
|>
Enum
.
map_every
(
2
,
fn
chunk
->
{
:safe
,
part
}
=
Phoenix
.
HTML
.
html_escape
(
chunk
)
...
...
lib/pleroma/web/common_api/common_api.ex
View file @
58539e13
...
...
@@ -85,14 +85,7 @@ def post(user, %{"status" => status} = data) do
{
to
,
cc
}
<-
to_for_user_and_mentions
(
user
,
mentions
,
inReplyTo
,
visibility
),
tags
<-
Formatter
.
parse_tags
(
status
,
data
),
content_html
<-
make_content_html
(
status
,
mentions
,
attachments
,
tags
,
data
[
"content_type"
]
||
"text/plain"
,
data
[
"no_attachment_links"
]
),
make_content_html
(
status
,
mentions
,
attachments
,
tags
,
data
[
"no_attachment_links"
]),
context
<-
make_context
(
inReplyTo
),
cw
<-
data
[
"spoiler_text"
],
object
<-
...
...
lib/pleroma/web/common_api/utils.ex
View file @
58539e13
...
...
@@ -63,16 +63,9 @@ def to_for_user_and_mentions(_user, mentions, inReplyTo, "direct") do
end
end
def
make_content_html
(
status
,
mentions
,
attachments
,
tags
,
content_type
,
no_attachment_links
\\
false
)
do
def
make_content_html
(
status
,
mentions
,
attachments
,
tags
,
no_attachment_links
\\
false
)
do
status
|>
format_input
(
mentions
,
tags
,
content_type
)
|>
format_input
(
mentions
,
tags
)
|>
maybe_add_attachments
(
attachments
,
no_attachment_links
)
end
...
...
@@ -99,9 +92,9 @@ def add_attachments(text, attachments) do
Enum
.
join
([
text
|
attachment_text
],
"<br>"
)
end
def
format_input
(
text
,
mentions
,
tags
,
"text/plain"
)
do
def
format_input
(
text
,
mentions
,
tags
)
do
text
|>
Formatter
.
html_escape
(
"text/plain"
)
|>
Formatter
.
html_escape
()
|>
String
.
replace
(
~r/\r?\n/
,
"<br>"
)
|>
(
&
{[],
&1
})
.
()
|>
Formatter
.
add_links
()
...
...
@@ -110,25 +103,6 @@ def format_input(text, mentions, tags, "text/plain") do
|>
Formatter
.
finalize
()
end
def
format_input
(
text
,
mentions
,
tags
,
"text/html"
)
do
text
|>
Formatter
.
html_escape
(
"text/html"
)
|>
String
.
replace
(
~r/\r?\n/
,
"<br>"
)
|>
(
&
{[],
&1
})
.
()
|>
Formatter
.
add_user_links
(
mentions
)
|>
Formatter
.
finalize
()
end
def
format_input
(
text
,
mentions
,
tags
,
"text/markdown"
)
do
text
|>
Earmark
.
as_html!
()
|>
Formatter
.
html_escape
(
"text/html"
)
|>
String
.
replace
(
~r/\r?\n/
,
""
)
|>
(
&
{[],
&1
})
.
()
|>
Formatter
.
add_user_links
(
mentions
)
|>
Formatter
.
finalize
()
end
def
add_tag_links
(
text
,
tags
)
do
tags
=
tags
...
...
lib/pleroma/web/twitter_api/twitter_api_controller.ex
View file @
58539e13
...
...
@@ -423,7 +423,7 @@ def update_profile(%{assigns: %{user: user}} = conn, params) do
{
String
.
trim
(
name
,
":"
),
url
}
end
)
bio_html
=
CommonUtils
.
format_input
(
bio
,
mentions
,
tags
,
"text/plain"
)
bio_html
=
CommonUtils
.
format_input
(
bio
,
mentions
,
tags
)
Map
.
put
(
params
,
"bio"
,
bio_html
|>
Formatter
.
emojify
(
emoji
))
else
params
...
...
mix.exs
View file @
58539e13
...
...
@@ -48,7 +48,6 @@ defp deps do
{
:mogrify
,
"~> 0.6.1"
},
{
:ex_aws
,
"~> 2.0"
},
{
:ex_aws_s3
,
"~> 2.0"
},
{
:earmark
,
"~> 1.2"
},
{
:ex_machina
,
"~> 2.2"
,
only:
:test
},
{
:credo
,
"~> 0.9.3"
,
only:
[
:dev
,
:test
]},
{
:mock
,
"~> 0.3.1"
,
only:
:test
}
...
...
mix.lock
View file @
58539e13
...
...
@@ -10,7 +10,6 @@
"credo": {:hex, :credo, "0.9.3", "76fa3e9e497ab282e0cf64b98a624aa11da702854c52c82db1bf24e54ab7c97a", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:poison, ">= 0.0.0", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm"},
"db_connection": {:hex, :db_connection, "1.1.3", "89b30ca1ef0a3b469b1c779579590688561d586694a3ce8792985d4d7e575a61", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, repo: "hexpm", optional: false]}, {:poolboy, "~> 1.5", [hex: :poolboy, repo: "hexpm", optional: true]}, {:sbroker, "~> 1.0", [hex: :sbroker, repo: "hexpm", optional: true]}], "hexpm"},
"decimal": {:hex, :decimal, "1.5.0", "b0433a36d0e2430e3d50291b1c65f53c37d56f83665b43d79963684865beab68", [:mix], [], "hexpm"},
"earmark": {:hex, :earmark, "1.2.6", "b6da42b3831458d3ecc57314dff3051b080b9b2be88c2e5aa41cd642a5b044ed", [:mix], [], "hexpm"},
"ecto": {:hex, :ecto, "2.2.10", "e7366dc82f48f8dd78fcbf3ab50985ceeb11cb3dc93435147c6e13f2cda0992e", [:mix], [{:db_connection, "~> 1.1", [hex: :db_connection, repo: "hexpm", optional: true]}, {:decimal, "~> 1.2", [hex: :decimal, repo: "hexpm", optional: false]}, {:mariaex, "~> 0.8.0", [hex: :mariaex, repo: "hexpm", optional: true]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: true]}, {:poolboy, "~> 1.5", [hex: :poolboy, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.13.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:sbroker, "~> 1.0", [hex: :sbroker, repo: "hexpm", optional: true]}], "hexpm"},
"eternal": {:hex, :eternal, "1.2.0", "e2a6b6ce3b8c248f7dc31451aefca57e3bdf0e48d73ae5043229380a67614c41", [:mix], [], "hexpm"},
"ex_aws": {:hex, :ex_aws, "2.1.0", "b92651527d6c09c479f9013caa9c7331f19cba38a650590d82ebf2c6c16a1d8a", [:mix], [{:configparser_ex, "~> 2.0", [hex: :configparser_ex, repo: "hexpm", optional: true]}, {:hackney, "1.6.3 or 1.6.5 or 1.7.1 or 1.8.6 or ~> 1.9", [hex: :hackney, repo: "hexpm", optional: true]}, {:jsx, "~> 2.8", [hex: :jsx, repo: "hexpm", optional: true]}, {:poison, ">= 1.2.0", [hex: :poison, repo: "hexpm", optional: true]}, {:sweet_xml, "~> 0.6", [hex: :sweet_xml, repo: "hexpm", optional: true]}, {:xml_builder, "~> 0.1.0", [hex: :xml_builder, repo: "hexpm", optional: true]}], "hexpm"},
...
...
test/web/common_api/common_api_test.exs
View file @
58539e13
...
...
@@ -21,36 +21,4 @@ test "it adds emoji when updating profiles" do
assert
karjalanpiirakka
[
"name"
]
==
":karjalanpiirakka:"
end
describe
"posting"
do
test
"it filters out obviously bad tags when accepting a post as HTML"
do
user
=
insert
(
:user
)
post
=
"<h1>2hu</h1><script>alert('xss')</script>"
{
:ok
,
activity
}
=
CommonAPI
.
post
(
user
,
%{
"status"
=>
post
,
"content_type"
=>
"text/html"
})
content
=
activity
.
data
[
"object"
][
"content"
]
assert
content
==
"<h1>2hu</h1>alert('xss')"
end
test
"it filters out obviously bad tags when accepting a post as Markdown"
do
user
=
insert
(
:user
)
post
=
"<h1>2hu</h1><script>alert('xss')</script>"
{
:ok
,
activity
}
=
CommonAPI
.
post
(
user
,
%{
"status"
=>
post
,
"content_type"
=>
"text/markdown"
})
content
=
activity
.
data
[
"object"
][
"content"
]
assert
content
==
"<h1>2hu</h1>alert('xss')"
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment