From ac486fc59b49d26db7c3b6b61d0affeb34f9b3e0 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 9 Sep 2018 23:40:24 +0000 Subject: [PATCH] everywhere: use Pleroma.HTML module instead of HtmlSanitizeEx directly --- lib/pleroma/formatter.ex | 7 ++++--- lib/pleroma/gopher/server.ex | 3 ++- lib/pleroma/web/mastodon_api/views/account_view.ex | 3 ++- lib/pleroma/web/mastodon_api/views/status_view.ex | 11 ++++++----- .../twitter_api/representers/activity_representer.ex | 5 +++-- lib/pleroma/web/twitter_api/views/activity_view.ex | 5 +++-- lib/pleroma/web/twitter_api/views/user_view.ex | 7 ++++--- 7 files changed, 24 insertions(+), 17 deletions(-) diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 2b4c3c2aa..62f54a3f2 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -1,6 +1,7 @@ defmodule Pleroma.Formatter do alias Pleroma.User alias Pleroma.Web.MediaProxy + alias Pleroma.HTML @tag_regex ~r/\#\w+/u def parse_tags(text, data \\ %{}) do @@ -144,8 +145,8 @@ def emojify(text, nil), do: text def emojify(text, emoji) do Enum.reduce(emoji, text, fn {emoji, file}, text -> - emoji = HtmlSanitizeEx.strip_tags(emoji) - file = HtmlSanitizeEx.strip_tags(file) + emoji = HTML.strip_tags(emoji) + file = HTML.strip_tags(file) String.replace( text, @@ -154,7 +155,7 @@ def emojify(text, emoji) do MediaProxy.url(file) }' />" ) - |> HtmlSanitizeEx.basic_html() + |> HTML.filter_tags() end) end diff --git a/lib/pleroma/gopher/server.ex b/lib/pleroma/gopher/server.ex index 97a1dea77..1ad27ef27 100644 --- a/lib/pleroma/gopher/server.ex +++ b/lib/pleroma/gopher/server.ex @@ -35,6 +35,7 @@ defmodule Pleroma.Gopher.Server.ProtocolHandler do alias Pleroma.User alias Pleroma.Activity alias Pleroma.Repo + alias Pleroma.HTML @instance Application.get_env(:pleroma, :instance) @gopher Application.get_env(:pleroma, :gopher) @@ -79,7 +80,7 @@ def render_activities(activities) do info("#{like_count} likes, #{announcement_count} repeats") <> "i\tfake\t(NULL)\t0\r\n" <> info( - HtmlSanitizeEx.strip_tags( + HTML.strip_tags( String.replace(activity.data["object"]["content"], "
", "\r") ) ) diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 7915933be..7c92c991f 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do alias Pleroma.Web.MastodonAPI.AccountView alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.MediaProxy + alias Pleroma.HTML def render("accounts.json", %{users: users} = opts) do render_many(users, AccountView, "account.json", opts) @@ -42,7 +43,7 @@ def render("account.json", %{user: user}) do followers_count: user_info.follower_count, following_count: user_info.following_count, statuses_count: user_info.note_count, - note: HtmlSanitizeEx.basic_html(user.bio) || "", + note: HTML.filter_tags(user.bio) || "", url: user.ap_id, avatar: image, avatar_static: image, diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 6962aa54f..f1daa2624 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.MediaProxy alias Pleroma.Repo + alias Pleroma.HTML # TODO: Add cached version. defp get_replied_to_activities(activities) do @@ -111,10 +112,10 @@ def render("status.json", %{activity: %{data: %{"object" => object}} = activity} emojis = (activity.data["object"]["emoji"] || []) |> Enum.map(fn {name, url} -> - name = HtmlSanitizeEx.strip_tags(name) + name = HTML.strip_tags(name) url = - HtmlSanitizeEx.strip_tags(url) + HTML.strip_tags(url) |> MediaProxy.url() %{shortcode: name, url: url, static_url: url} @@ -221,7 +222,7 @@ def render_content(%{"type" => "Video"} = object) do object["content"] end - HtmlSanitizeEx.basic_html(content) + HTML.filter_tags(content) end def render_content(%{"type" => "Article"} = object) do @@ -234,10 +235,10 @@ def render_content(%{"type" => "Article"} = object) do object["content"] end - HtmlSanitizeEx.basic_html(content) + HTML.filter_tags(content) end def render_content(object) do - HtmlSanitizeEx.basic_html(object["content"]) + HTML.filter_tags(object["content"]) end end diff --git a/lib/pleroma/web/twitter_api/representers/activity_representer.ex b/lib/pleroma/web/twitter_api/representers/activity_representer.ex index 9abea59a7..5c4eed671 100644 --- a/lib/pleroma/web/twitter_api/representers/activity_representer.ex +++ b/lib/pleroma/web/twitter_api/representers/activity_representer.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.TwitterAPI.Representers.ActivityRepresenter do alias Pleroma.Web.TwitterAPI.{TwitterAPI, UserView, ActivityView} alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Formatter + alias Pleroma.HTML defp user_by_ap_id(user_list, ap_id) do Enum.find(user_list, fn %{ap_id: user_id} -> ap_id == user_id end) @@ -167,7 +168,7 @@ def to_map( {summary, content} = ActivityView.render_content(object) html = - HtmlSanitizeEx.basic_html(content) + HTML.filter_tags(content) |> Formatter.emojify(object["emoji"]) video = @@ -184,7 +185,7 @@ def to_map( "uri" => activity.data["object"]["id"], "user" => UserView.render("show.json", %{user: user, for: opts[:for]}), "statusnet_html" => html, - "text" => HtmlSanitizeEx.strip_tags(content), + "text" => HTML.strip_tags(content), "is_local" => activity.local, "is_post_verb" => true, "created_at" => created_at, diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index 909eefdd8..666a35a24 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -11,6 +11,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do alias Pleroma.User alias Pleroma.Repo alias Pleroma.Formatter + alias Pleroma.HTML import Ecto.Query @@ -232,7 +233,7 @@ def render( {summary, content} = render_content(object) html = - HtmlSanitizeEx.basic_html(content) + HTML.filter_tags(content) |> Formatter.emojify(object["emoji"]) %{ @@ -240,7 +241,7 @@ def render( "uri" => activity.data["object"]["id"], "user" => UserView.render("show.json", %{user: user, for: opts[:for]}), "statusnet_html" => html, - "text" => HtmlSanitizeEx.strip_tags(content), + "text" => HTML.strip_tags(content), "is_local" => activity.local, "is_post_verb" => true, "created_at" => created_at, diff --git a/lib/pleroma/web/twitter_api/views/user_view.ex b/lib/pleroma/web/twitter_api/views/user_view.ex index 32f93153d..d67ef5f74 100644 --- a/lib/pleroma/web/twitter_api/views/user_view.ex +++ b/lib/pleroma/web/twitter_api/views/user_view.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.TwitterAPI.UserView do alias Pleroma.Formatter alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.MediaProxy + alias Pleroma.HTML def render("show.json", %{user: user = %User{}} = assigns) do render_one(user, Pleroma.Web.TwitterAPI.UserView, "user.json", assigns) @@ -39,8 +40,8 @@ def render("user.json", %{user: user = %User{}} = assigns) do data = %{ "created_at" => user.inserted_at |> Utils.format_naive_asctime(), "description" => - HtmlSanitizeEx.strip_tags((user.bio || "") |> String.replace("
", "\n")), - "description_html" => HtmlSanitizeEx.basic_html(user.bio), + HTML.strip_tags((user.bio || "") |> String.replace("
", "\n")), + "description_html" => HTML.filter_tags(user.bio), "favourites_count" => 0, "followers_count" => user_info[:follower_count], "following" => following, @@ -49,7 +50,7 @@ def render("user.json", %{user: user = %User{}} = assigns) do "friends_count" => user_info[:following_count], "id" => user.id, "name" => user.name, - "name_html" => HtmlSanitizeEx.strip_tags(user.name) |> Formatter.emojify(emoji), + "name_html" => HTML.strip_tags(user.name) |> Formatter.emojify(emoji), "profile_image_url" => image, "profile_image_url_https" => image, "profile_image_url_profile_size" => image,