Make NormalizeMarkup history-aware

This commit is contained in:
Tusooa Zhu 2022-07-23 22:50:38 -04:00 committed by FloatingGhost
parent 037cb50051
commit 4c9b16c654
2 changed files with 52 additions and 13 deletions

View file

@ -9,7 +9,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkup do
@behaviour Pleroma.Web.ActivityPub.MRF.Policy @behaviour Pleroma.Web.ActivityPub.MRF.Policy
@impl true @impl true
def filter(%{"type" => "Create", "object" => child_object} = object) do def history_awareness, do: :auto
@impl true
def filter(%{"type" => type, "object" => child_object} = object)
when type in ["Create", "Update"] do
scrub_policy = Pleroma.Config.get([:mrf_normalize_markup, :scrub_policy]) scrub_policy = Pleroma.Config.get([:mrf_normalize_markup, :scrub_policy])
content = content =

View file

@ -4,6 +4,7 @@
defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do
use Pleroma.DataCase, async: true use Pleroma.DataCase, async: true
alias Pleroma.Web.ActivityPub.MRF
alias Pleroma.Web.ActivityPub.MRF.NormalizeMarkup alias Pleroma.Web.ActivityPub.MRF.NormalizeMarkup
@html_sample """ @html_sample """
@ -16,24 +17,58 @@ defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do
<script>alert('hacked')</script> <script>alert('hacked')</script>
""" """
test "it filter html tags" do @expected """
expected = """ <b>this is in bold</b>
<b>this is in bold</b> <p>this is a paragraph</p>
<p>this is a paragraph</p> this is a linebreak<br/>
this is a linebreak<br/> this is a link with allowed &quot;rel&quot; attribute: <a href="http://example.com/" rel="tag">example.com</a>
this is a link with allowed &quot;rel&quot; attribute: <a href="http://example.com/" rel="tag">example.com</a> this is a link with not allowed &quot;rel&quot; attribute: <a href="http://example.com/">example.com</a>
this is a link with not allowed &quot;rel&quot; attribute: <a href="http://example.com/">example.com</a> this is an image: <img src="http://example.com/image.jpg"/><br/>
this is an image: <img src="http://example.com/image.jpg"/><br/> alert(&#39;hacked&#39;)
alert(&#39;hacked&#39;) """
"""
test "it filter html tags" do
message = %{"type" => "Create", "object" => %{"content" => @html_sample}} message = %{"type" => "Create", "object" => %{"content" => @html_sample}}
assert {:ok, res} = NormalizeMarkup.filter(message) assert {:ok, res} = NormalizeMarkup.filter(message)
assert res["object"]["content"] == expected assert res["object"]["content"] == @expected
end end
test "it skips filter if type isn't `Create`" do test "history-aware" do
message = %{
"type" => "Create",
"object" => %{
"content" => @html_sample,
"formerRepresentations" => %{"orderedItems" => [%{"content" => @html_sample}]}
}
}
assert {:ok, res} = MRF.filter_one(NormalizeMarkup, message)
assert %{
"content" => @expected,
"formerRepresentations" => %{"orderedItems" => [%{"content" => @expected}]}
} = res["object"]
end
test "works with Updates" do
message = %{
"type" => "Update",
"object" => %{
"content" => @html_sample,
"formerRepresentations" => %{"orderedItems" => [%{"content" => @html_sample}]}
}
}
assert {:ok, res} = MRF.filter_one(NormalizeMarkup, message)
assert %{
"content" => @expected,
"formerRepresentations" => %{"orderedItems" => [%{"content" => @expected}]}
} = res["object"]
end
test "it skips filter if type isn't `Create` or `Update`" do
message = %{"type" => "Note", "object" => %{}} message = %{"type" => "Note", "object" => %{}}
assert {:ok, res} = NormalizeMarkup.filter(message) assert {:ok, res} = NormalizeMarkup.filter(message)