AkkomaGang/akkoma
AkkomaGang
/
akkoma
12
63
Fork 83
Code Issues 171 Pull Requests 13 Packages Projects 2 Releases 13 Wiki Activity

[Security] StealEmojiPolicy: Sanitize shortcodes #701

Merged
floatingghost merged 2 commits from erincandescent/akkoma:stealemojipolicy-sanitize into develop 2024-02-20 15:08:55 +00:00
Conversation 3 Commits 2 Files Changed 2 +28

2 Commits

Author SHA1 Message Date
Erin Shepherd b387f4a1c1 Don't steal emoji who's shortcodes have dots or colons in their name
ci/woodpecker/pr/lint Pipeline failed Details
ci/woodpecker/pr/test unknown status Details
ci/woodpecker/pr/build-arm64 unknown status Details
ci/woodpecker/pr/build-amd64 unknown status Details
ci/woodpecker/pr/docs unknown status Details 
Mastodon at the very least seems to prevent the creation of emoji with
dots in their name (and refuses to accept them in federation). It feels
like being cautious in what we accept is reasonable here.

Colons are the emoji separator and so obviously should be blocked.

Perhaps instead of filtering out things like this we should just
do a regex match on `[a-zA-Z0-9_-]`? But that's plausibly a decision
for another day

    Perhaps we should also have a centralised "is this a valid emoji shortcode?"
    function
 2024-02-20 11:33:55 +01:00
Haelwenn (lanodan) Monnier 7d94476dd6 StealEmojiPolicy: Sanitize shortcodes
ci/woodpecker/pr/build-amd64 Pipeline is pending Details
ci/woodpecker/pr/build-arm64 Pipeline is pending Details
ci/woodpecker/pr/docs Pipeline is pending Details
ci/woodpecker/pr/lint Pipeline is pending Details
ci/woodpecker/pr/test Pipeline is pending Details 
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3245
 2024-02-20 11:19:00 +01:00