marrub
/
mastodon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

**security** - make sure local roars always get sanitized

staging
multiple creatures 2019-05-22 10:34:03 -05:00
parent 7b6f8e5419
commit 61ac01a6bb
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
app/lib/formatter.rb
View File

@ -205,7 +205,9 @@ class Formatter
html = encode_and_link_urls(html, linkable_accounts, keep_html: %w(text/markdown text/x-bbcode text/x-bbcode+markdown text/html).include?(status.content_type))
html = encode_custom_emojis(html, status.emojis, options[:autoplay]) if options[:custom_emojify]
unless %w(text/markdown text/x-bbcode text/x-bbcode+markdown text/html).include?(status.content_type)
if %w(text/markdown text/x-bbcode text/x-bbcode+markdown text/html).include?(status.content_type)
html = reformat(html)
else
html = simple_format(html, {}, sanitize: false)
html = html.delete("\n")
end
@ -221,26 +223,22 @@ class Formatter
end
def format_markdown(html)
html = reformat(markdown_formatter.render(html))
html.delete("\r").delete("\n")
html = markdown_formatter.render(html)
end
def format_bbcode(html, sanitize = true)
def format_bbcode(html)
html = bbcode_formatter(html)
html = html.gsub(/<hr>.*<\/hr>/im, '<hr />')
return html unless sanitize
html = reformat(html)
html.delete("\r").delete("\n")
end
def format_bbdown(html)
html = format_bbcode(html, false)
html = format_bbcode(html)
html = html.gsub(/<br *\/>|<br>/, '')
format_markdown(html)
end
def reformat(html)
sanitize(html, Sanitize::Config::MASTODON_STRICT)
sanitize(html, Sanitize::Config::MASTODON_STRICT).delete("\r").delete("\n")
end
def plaintext(status)