add scrubber for html special char

This commit is contained in:
Sachin Joshi 2019-05-01 01:37:17 +05:45
parent cd6da3606b
commit 85fa2fbce4
2 changed files with 23 additions and 6 deletions

View file

@ -28,12 +28,18 @@ defmodule Pleroma.HTML do
def filter_tags(html), do: filter_tags(html, nil) def filter_tags(html), do: filter_tags(html, nil)
def strip_tags(html), do: Scrubber.scrub(html, Scrubber.StripTags) def strip_tags(html), do: Scrubber.scrub(html, Scrubber.StripTags)
def get_cached_scrubbed_html_for_activity(content, scrubbers, activity, key \\ "") do def get_cached_scrubbed_html_for_activity(
content,
scrubbers,
activity,
key \\ "",
callback \\ fn x -> x end
) do
key = "#{key}#{generate_scrubber_signature(scrubbers)}|#{activity.id}" key = "#{key}#{generate_scrubber_signature(scrubbers)}|#{activity.id}"
Cachex.fetch!(:scrubber_cache, key, fn _key -> Cachex.fetch!(:scrubber_cache, key, fn _key ->
object = Pleroma.Object.normalize(activity) object = Pleroma.Object.normalize(activity)
ensure_scrubbed_html(content, scrubbers, object.data["fake"] || false) ensure_scrubbed_html(content, scrubbers, object.data["fake"] || false, callback)
end) end)
end end
@ -42,16 +48,27 @@ defmodule Pleroma.HTML do
content, content,
HtmlSanitizeEx.Scrubber.StripTags, HtmlSanitizeEx.Scrubber.StripTags,
activity, activity,
key key,
&HtmlEntities.decode/1
) )
end end
def ensure_scrubbed_html( def ensure_scrubbed_html(
content, content,
scrubbers, scrubbers,
false = _fake fake,
callback
) do ) do
{:commit, filter_tags(content, scrubbers)} content =
content
|> filter_tags(scrubbers)
|> callback.()
if fake do
{:ignore, content}
else
{:commit, content}
end
end end
def ensure_scrubbed_html( def ensure_scrubbed_html(

View file

@ -289,7 +289,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do
"uri" => object.data["id"], "uri" => object.data["id"],
"user" => UserView.render("show.json", %{user: user, for: opts[:for]}), "user" => UserView.render("show.json", %{user: user, for: opts[:for]}),
"statusnet_html" => html, "statusnet_html" => html,
"text" => HtmlEntities.decode(text), "text" => text,
"is_local" => activity.local, "is_local" => activity.local,
"is_post_verb" => true, "is_post_verb" => true,
"created_at" => created_at, "created_at" => created_at,