Merge branch 'hotfix/html-sanitization' into 'develop'

Refactor html caching functions to use a key instead of a module, use more correct terminology and fix summaries in mastoapi

See merge request pleroma/pleroma!1022
This commit is contained in:
lambda 2019-04-05 12:43:57 +00:00
commit 5499750054
4 changed files with 22 additions and 15 deletions

View file

@ -28,21 +28,20 @@ defmodule Pleroma.HTML do
def filter_tags(html), do: filter_tags(html, nil) def filter_tags(html), do: filter_tags(html, nil)
def strip_tags(html), do: Scrubber.scrub(html, Scrubber.StripTags) def strip_tags(html), do: Scrubber.scrub(html, Scrubber.StripTags)
# TODO: rename object to activity because that's what it is really working with def get_cached_scrubbed_html_for_activity(content, scrubbers, activity, key \\ "") do
def get_cached_scrubbed_html_for_object(content, scrubbers, object, module) do key = "#{key}#{generate_scrubber_signature(scrubbers)}|#{activity.id}"
key = "#{module}#{generate_scrubber_signature(scrubbers)}|#{object.id}"
Cachex.fetch!(:scrubber_cache, key, fn _key -> Cachex.fetch!(:scrubber_cache, key, fn _key ->
ensure_scrubbed_html(content, scrubbers, object.data["object"]["fake"] || false) ensure_scrubbed_html(content, scrubbers, activity.data["object"]["fake"] || false)
end) end)
end end
def get_cached_stripped_html_for_object(content, object, module) do def get_cached_stripped_html_for_activity(content, activity, key) do
get_cached_scrubbed_html_for_object( get_cached_scrubbed_html_for_activity(
content, content,
HtmlSanitizeEx.Scrubber.StripTags, HtmlSanitizeEx.Scrubber.StripTags,
object, activity,
module key
) )
end end

View file

@ -147,10 +147,18 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
content = content =
object object
|> render_content() |> render_content()
|> HTML.get_cached_scrubbed_html_for_object( |> HTML.get_cached_scrubbed_html_for_activity(
User.html_filter_policy(opts[:for]), User.html_filter_policy(opts[:for]),
activity, activity,
__MODULE__ "mastoapi:content"
)
summary =
(object["summary"] || "")
|> HTML.get_cached_scrubbed_html_for_activity(
User.html_filter_policy(opts[:for]),
activity,
"mastoapi:summary"
) )
card = render("card.json", Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)) card = render("card.json", Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity))
@ -182,7 +190,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
muted: CommonAPI.thread_muted?(user, activity) || User.mutes?(opts[:for], user), muted: CommonAPI.thread_muted?(user, activity) || User.mutes?(opts[:for], user),
pinned: pinned?(activity, user), pinned: pinned?(activity, user),
sensitive: sensitive, sensitive: sensitive,
spoiler_text: object["summary"] || "", spoiler_text: summary,
visibility: get_visibility(object), visibility: get_visibility(object),
media_attachments: attachments, media_attachments: attachments,
mentions: mentions, mentions: mentions,

View file

@ -12,7 +12,7 @@ defmodule Pleroma.Web.Metadata.Utils do
# html content comes from DB already encoded, decode first and scrub after # html content comes from DB already encoded, decode first and scrub after
|> HtmlEntities.decode() |> HtmlEntities.decode()
|> String.replace(~r/<br\s?\/?>/, " ") |> String.replace(~r/<br\s?\/?>/, " ")
|> HTML.get_cached_stripped_html_for_object(object, __MODULE__) |> HTML.get_cached_stripped_html_for_activity(object, "metadata")
|> Formatter.demojify() |> Formatter.demojify()
|> Formatter.truncate() |> Formatter.truncate()
end end

View file

@ -254,10 +254,10 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do
html = html =
content content
|> HTML.get_cached_scrubbed_html_for_object( |> HTML.get_cached_scrubbed_html_for_activity(
User.html_filter_policy(opts[:for]), User.html_filter_policy(opts[:for]),
activity, activity,
__MODULE__ "twitterapi:content"
) )
|> Formatter.emojify(object["emoji"]) |> Formatter.emojify(object["emoji"])
@ -265,7 +265,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do
if content do if content do
content content
|> String.replace(~r/<br\s?\/?>/, "\n") |> String.replace(~r/<br\s?\/?>/, "\n")
|> HTML.get_cached_stripped_html_for_object(activity, __MODULE__) |> HTML.get_cached_stripped_html_for_activity(activity, "twitterapi:content")
else else
"" ""
end end