mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-29 16:52:25 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

[bugfix] html escape special characters in text instead of totally removing them (#719)

Browse source 
* remove minify dependency

* tidy up some tests

* remove pre + postformat funcs

* rework sanitization + formatting

* update tests

* add some more markdown tests
This commit is contained in:
tobi 2022-07-19 15:21:17 +02:00 committed by GitHub
commit c84384e660
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
51 changed files with 129 additions and 7419 deletions
Download patch file Download diff file Expand all files Collapse all files

10
internal/text/plain.go
View file

@ -20,6 +20,7 @@ package text
import (
"context"
"html"
"strings"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
@ -32,10 +33,11 @@ var breakReplacer = strings.NewReplacer(
)
func (f *formatter) FromPlain(ctx context.Context, plain string, mentions []*gtsmodel.Mention, tags []*gtsmodel.Tag) string {
content := preformat(plain)
// trim any crap
content := strings.TrimSpace(plain)
// sanitize any html elements
content = removeHTML(content)
// clean 'er up
content = html.EscapeString(content)
// format links nicely
content = f.ReplaceLinks(ctx, content)
@ -52,5 +54,5 @@ func (f *formatter) FromPlain(ctx context.Context, plain string, mentions []*gts
// wrap the whole thing in a pee
content = `<p>` + content + `</p>`
return postformat(content)
return SanitizeHTML(content)
}