forked from YokaiRick/akkoma
Merge branch 'hotfix/html-sanitization' into 'develop'
Refactor html caching functions to use a key instead of a module, use more correct terminology and fix summaries in mastoapi See merge request pleroma/pleroma!1022
This commit is contained in:
commit
5499750054
4 changed files with 22 additions and 15 deletions
|
@ -28,21 +28,20 @@ def filter_tags(html, scrubber), do: Scrubber.scrub(html, scrubber)
|
|||
def filter_tags(html), do: filter_tags(html, nil)
|
||||
def strip_tags(html), do: Scrubber.scrub(html, Scrubber.StripTags)
|
||||
|
||||
# TODO: rename object to activity because that's what it is really working with
|
||||
def get_cached_scrubbed_html_for_object(content, scrubbers, object, module) do
|
||||
key = "#{module}#{generate_scrubber_signature(scrubbers)}|#{object.id}"
|
||||
def get_cached_scrubbed_html_for_activity(content, scrubbers, activity, key \\ "") do
|
||||
key = "#{key}#{generate_scrubber_signature(scrubbers)}|#{activity.id}"
|
||||
|
||||
Cachex.fetch!(:scrubber_cache, key, fn _key ->
|
||||
ensure_scrubbed_html(content, scrubbers, object.data["object"]["fake"] || false)
|
||||
ensure_scrubbed_html(content, scrubbers, activity.data["object"]["fake"] || false)
|
||||
end)
|
||||
end
|
||||
|
||||
def get_cached_stripped_html_for_object(content, object, module) do
|
||||
get_cached_scrubbed_html_for_object(
|
||||
def get_cached_stripped_html_for_activity(content, activity, key) do
|
||||
get_cached_scrubbed_html_for_activity(
|
||||
content,
|
||||
HtmlSanitizeEx.Scrubber.StripTags,
|
||||
object,
|
||||
module
|
||||
activity,
|
||||
key
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -147,10 +147,18 @@ def render("status.json", %{activity: %{data: %{"object" => object}} = activity}
|
|||
content =
|
||||
object
|
||||
|> render_content()
|
||||
|> HTML.get_cached_scrubbed_html_for_object(
|
||||
|> HTML.get_cached_scrubbed_html_for_activity(
|
||||
User.html_filter_policy(opts[:for]),
|
||||
activity,
|
||||
__MODULE__
|
||||
"mastoapi:content"
|
||||
)
|
||||
|
||||
summary =
|
||||
(object["summary"] || "")
|
||||
|> HTML.get_cached_scrubbed_html_for_activity(
|
||||
User.html_filter_policy(opts[:for]),
|
||||
activity,
|
||||
"mastoapi:summary"
|
||||
)
|
||||
|
||||
card = render("card.json", Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity))
|
||||
|
@ -182,7 +190,7 @@ def render("status.json", %{activity: %{data: %{"object" => object}} = activity}
|
|||
muted: CommonAPI.thread_muted?(user, activity) || User.mutes?(opts[:for], user),
|
||||
pinned: pinned?(activity, user),
|
||||
sensitive: sensitive,
|
||||
spoiler_text: object["summary"] || "",
|
||||
spoiler_text: summary,
|
||||
visibility: get_visibility(object),
|
||||
media_attachments: attachments,
|
||||
mentions: mentions,
|
||||
|
|
|
@ -12,7 +12,7 @@ def scrub_html_and_truncate(%{data: %{"content" => content}} = object) do
|
|||
# html content comes from DB already encoded, decode first and scrub after
|
||||
|> HtmlEntities.decode()
|
||||
|> String.replace(~r/<br\s?\/?>/, " ")
|
||||
|> HTML.get_cached_stripped_html_for_object(object, __MODULE__)
|
||||
|> HTML.get_cached_stripped_html_for_activity(object, "metadata")
|
||||
|> Formatter.demojify()
|
||||
|> Formatter.truncate()
|
||||
end
|
||||
|
|
|
@ -254,10 +254,10 @@ def render(
|
|||
|
||||
html =
|
||||
content
|
||||
|> HTML.get_cached_scrubbed_html_for_object(
|
||||
|> HTML.get_cached_scrubbed_html_for_activity(
|
||||
User.html_filter_policy(opts[:for]),
|
||||
activity,
|
||||
__MODULE__
|
||||
"twitterapi:content"
|
||||
)
|
||||
|> Formatter.emojify(object["emoji"])
|
||||
|
||||
|
@ -265,7 +265,7 @@ def render(
|
|||
if content do
|
||||
content
|
||||
|> String.replace(~r/<br\s?\/?>/, "\n")
|
||||
|> HTML.get_cached_stripped_html_for_object(activity, __MODULE__)
|
||||
|> HTML.get_cached_stripped_html_for_activity(activity, "twitterapi:content")
|
||||
else
|
||||
""
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue