From b0c3211984c0aa807ea58897308f04ad42651cf1 Mon Sep 17 00:00:00 2001 From: raeno Date: Fri, 14 Dec 2018 21:07:06 +0100 Subject: [PATCH] Scrub html from activity.content or user.bio for opengraph meta --- lib/pleroma/web/ostatus/metadata.ex | 12 ++++++++++-- mix.exs | 1 + mix.lock | 1 + 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/ostatus/metadata.ex b/lib/pleroma/web/ostatus/metadata.ex index 120a89a8b..9935726fc 100644 --- a/lib/pleroma/web/ostatus/metadata.ex +++ b/lib/pleroma/web/ostatus/metadata.ex @@ -16,7 +16,7 @@ def meta_enabled?(type) do # opengraph for single status defp opengraph_tags(%{activity: activity, user: user}) do - with truncated_content = Formatter.truncate(activity.data["object"]["content"]) do + with truncated_content = scrub_html_and_truncate(activity.data["object"]["content"]) do [ {:meta, [ @@ -35,7 +35,7 @@ defp opengraph_tags(%{activity: activity, user: user}) do # opengraph for user card defp opengraph_tags(%{user: user}) do - with truncated_bio = Formatter.truncate(user.bio) do + with truncated_bio = scrub_html_and_truncate(user.bio) do [ {:meta, [ @@ -64,6 +64,14 @@ def to_tag(data) do end end + defp scrub_html_and_truncate(content) do + content + # html content comes from DB already encoded, decode first and scrub after + |> HtmlEntities.decode() + |> Pleroma.HTML.strip_tags() + |> Formatter.truncate() + end + defp user_avatar_url(user) do User.avatar_url(user) |> MediaProxy.url() end diff --git a/mix.exs b/mix.exs index 0fb40e07b..e5fb654dd 100644 --- a/mix.exs +++ b/mix.exs @@ -58,6 +58,7 @@ defp deps do {:pbkdf2_elixir, "~> 0.12.3"}, {:trailing_format_plug, "~> 0.0.7"}, {:html_sanitize_ex, "~> 1.3.0"}, + {:html_entities, "~> 0.4"}, {:phoenix_html, "~> 2.10"}, {:calendar, "~> 0.17.4"}, {:cachex, "~> 3.0.2"}, diff --git a/mix.lock b/mix.lock index d9ae9a83b..007079652 100644 --- a/mix.lock +++ b/mix.lock @@ -23,6 +23,7 @@ "gen_smtp": {:hex, :gen_smtp, "0.13.0", "11f08504c4bdd831dc520b8f84a1dce5ce624474a797394e7aafd3c29f5dcd25", [:rebar3], [], "hexpm"}, "gettext": {:hex, :gettext, "0.15.0", "40a2b8ce33a80ced7727e36768499fc9286881c43ebafccae6bab731e2b2b8ce", [:mix], [], "hexpm"}, "hackney": {:hex, :hackney, "1.13.0", "24edc8cd2b28e1c652593833862435c80661834f6c9344e84b6a2255e7aeef03", [:rebar3], [{:certifi, "2.3.1", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "5.1.2", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "1.0.1", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "1.0.2", [hex: :mimerl, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "1.1.1", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm"}, + "html_entities": {:hex, :html_entities, "0.4.0", "f2fee876858cf6aaa9db608820a3209e45a087c5177332799592142b50e89a6b", [:mix], [], "hexpm"}, "html_sanitize_ex": {:hex, :html_sanitize_ex, "1.3.0", "f005ad692b717691203f940c686208aa3d8ffd9dd4bb3699240096a51fa9564e", [:mix], [{:mochiweb, "~> 2.15", [hex: :mochiweb, repo: "hexpm", optional: false]}], "hexpm"}, "httpoison": {:hex, :httpoison, "1.2.0", "2702ed3da5fd7a8130fc34b11965c8cfa21ade2f232c00b42d96d4967c39a3a3", [:mix], [{:hackney, "~> 1.8", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm"}, "idna": {:hex, :idna, "5.1.2", "e21cb58a09f0228a9e0b95eaa1217f1bcfc31a1aaa6e1fdf2f53a33f7dbd9494", [:rebar3], [{:unicode_util_compat, "0.3.1", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm"},