Scrub html from activity.content or user.bio for opengraph meta

b0c32119 · raeno · 90b00701 · b0c32119 · b0c32119 · b0c32119
Commit b0c32119 authored 6 years ago by raeno
--- a/lib/pleroma/web/ostatus/metadata.ex
+++ b/lib/pleroma/web/ostatus/metadata.ex
@@ -16,7 +16,7 @@ defmodule Pleroma.Web.Metadata do

  # opengraph for single status
  defp opengraph_tags(%{activity: activity, user: user}) do
-    with truncated_content = Formatter.truncate(activity.data["object"]["content"]) do
+    with truncated_content = scrub_html_and_truncate(activity.data["object"]["content"]) do
      [
        {:meta,
         [
@@ -35,7 +35,7 @@ defmodule Pleroma.Web.Metadata do

  # opengraph for user card
  defp opengraph_tags(%{user: user}) do
-    with truncated_bio = Formatter.truncate(user.bio) do
+    with truncated_bio = scrub_html_and_truncate(user.bio) do
      [
        {:meta,
         [
@@ -64,6 +64,14 @@ defmodule Pleroma.Web.Metadata do
    end
  end

+  defp scrub_html_and_truncate(content) do
+    content
+    # html content comes from DB already encoded, decode first and scrub after
+    |> HtmlEntities.decode()
+    |> Pleroma.HTML.strip_tags()
+    |> Formatter.truncate()
+  end
+
  defp user_avatar_url(user) do
    User.avatar_url(user) |> MediaProxy.url()
  end

--- a/mix.exs
+++ b/mix.exs
@@ -58,6 +58,7 @@ defmodule Pleroma.Mixfile do
      {:pbkdf2_elixir, "~> 0.12.3"},
      {:trailing_format_plug, "~> 0.0.7"},
      {:html_sanitize_ex, "~> 1.3.0"},
+      {:html_entities, "~> 0.4"},
      {:phoenix_html, "~> 2.10"},
      {:calendar, "~> 0.17.4"},
      {:cachex, "~> 3.0.2"},

--- a/mix.lock
+++ b/mix.lock
@@ -23,6 +23,7 @@
  "gen_smtp": {:hex, :gen_smtp, "0.13.0", "11f08504c4bdd831dc520b8f84a1dce5ce624474a797394e7aafd3c29f5dcd25", [:rebar3], [], "hexpm"},
  "gettext": {:hex, :gettext, "0.15.0", "40a2b8ce33a80ced7727e36768499fc9286881c43ebafccae6bab731e2b2b8ce", [:mix], [], "hexpm"},
  "hackney": {:hex, :hackney, "1.13.0", "24edc8cd2b28e1c652593833862435c80661834f6c9344e84b6a2255e7aeef03", [:rebar3], [{:certifi, "2.3.1", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "5.1.2", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "1.0.1", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "1.0.2", [hex: :mimerl, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "1.1.1", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm"},
+  "html_entities": {:hex, :html_entities, "0.4.0", "f2fee876858cf6aaa9db608820a3209e45a087c5177332799592142b50e89a6b", [:mix], [], "hexpm"},
  "html_sanitize_ex": {:hex, :html_sanitize_ex, "1.3.0", "f005ad692b717691203f940c686208aa3d8ffd9dd4bb3699240096a51fa9564e", [:mix], [{:mochiweb, "~> 2.15", [hex: :mochiweb, repo: "hexpm", optional: false]}], "hexpm"},
  "httpoison": {:hex, :httpoison, "1.2.0", "2702ed3da5fd7a8130fc34b11965c8cfa21ade2f232c00b42d96d4967c39a3a3", [:mix], [{:hackney, "~> 1.8", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm"},
  "idna": {:hex, :idna, "5.1.2", "e21cb58a09f0228a9e0b95eaa1217f1bcfc31a1aaa6e1fdf2f53a33f7dbd9494", [:rebar3], [{:unicode_util_compat, "0.3.1", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm"},