[Security] StealEmojiPolicy: Sanitize shortcodes #701

Merged

floatingghost merged 2 commits from erincandescent/akkoma:stealemojipolicy-sanitize into develop

2024-02-20 15:08:55 +00:00

Author	SHA1	Message	Date
Erin Shepherd	b387f4a1c1	Don't steal emoji who's shortcodes have dots or colons in their name Some checks failed ci/woodpecker/pr/lint Pipeline failed Details ci/woodpecker/pr/test unknown status Details ci/woodpecker/pr/build-arm64 unknown status Details ci/woodpecker/pr/build-amd64 unknown status Details ci/woodpecker/pr/docs unknown status Details Mastodon at the very least seems to prevent the creation of emoji with dots in their name (and refuses to accept them in federation). It feels like being cautious in what we accept is reasonable here. Colons are the emoji separator and so obviously should be blocked. Perhaps instead of filtering out things like this we should just do a regex match on `[a-zA-Z0-9_-]`? But that's plausibly a decision for another day Perhaps we should also have a centralised "is this a valid emoji shortcode?" function	2024-02-20 11:33:55 +01:00
Haelwenn (lanodan) Monnier	7d94476dd6	StealEmojiPolicy: Sanitize shortcodes Some checks are pending ci/woodpecker/pr/build-amd64 Pipeline is pending Details ci/woodpecker/pr/build-arm64 Pipeline is pending Details ci/woodpecker/pr/docs Pipeline is pending Details ci/woodpecker/pr/lint Pipeline is pending Details ci/woodpecker/pr/test Pipeline is pending Details Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3245	2024-02-20 11:19:00 +01:00