commit: 46a5c06853c21e720b41a4b38a4d88a38a218ad4
parent fc7ce5f93c4031863cbaf62b72dce55b5b6b0390
Author: Tusooa Zhu <tusooa@kazv.moe>
Date: Sat, 23 Jul 2022 22:50:38 -0400
Make NormalizeMarkup history-aware
Diffstat:
2 files changed, 52 insertions(+), 13 deletions(-)
diff --git a/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex b/lib/pleroma/web/activity_pub/mrf/normalize_markup.ex
@@ -9,7 +9,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkup do
@behaviour Pleroma.Web.ActivityPub.MRF.Policy
@impl true
- def filter(%{"type" => "Create", "object" => child_object} = object) do
+ def history_awareness, do: :auto
+
+ @impl true
+ def filter(%{"type" => type, "object" => child_object} = object)
+ when type in ["Create", "Update"] do
scrub_policy = Pleroma.Config.get([:mrf_normalize_markup, :scrub_policy])
content =
diff --git a/test/pleroma/web/activity_pub/mrf/normalize_markup_test.exs b/test/pleroma/web/activity_pub/mrf/normalize_markup_test.exs
@@ -4,6 +4,7 @@
defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do
use Pleroma.DataCase, async: true
+ alias Pleroma.Web.ActivityPub.MRF
alias Pleroma.Web.ActivityPub.MRF.NormalizeMarkup
@html_sample """
@@ -16,24 +17,58 @@ defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do
<script>alert('hacked')</script>
"""
- test "it filter html tags" do
- expected = """
- <b>this is in bold</b>
- <p>this is a paragraph</p>
- this is a linebreak<br/>
- this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a>
- this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a>
- this is an image: <img src="http://example.com/image.jpg"/><br/>
- alert('hacked')
- """
+ @expected """
+ <b>this is in bold</b>
+ <p>this is a paragraph</p>
+ this is a linebreak<br/>
+ this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a>
+ this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a>
+ this is an image: <img src="http://example.com/image.jpg"/><br/>
+ alert('hacked')
+ """
+ test "it filter html tags" do
message = %{"type" => "Create", "object" => %{"content" => @html_sample}}
assert {:ok, res} = NormalizeMarkup.filter(message)
- assert res["object"]["content"] == expected
+ assert res["object"]["content"] == @expected
+ end
+
+ test "history-aware" do
+ message = %{
+ "type" => "Create",
+ "object" => %{
+ "content" => @html_sample,
+ "formerRepresentations" => %{"orderedItems" => [%{"content" => @html_sample}]}
+ }
+ }
+
+ assert {:ok, res} = MRF.filter_one(NormalizeMarkup, message)
+
+ assert %{
+ "content" => @expected,
+ "formerRepresentations" => %{"orderedItems" => [%{"content" => @expected}]}
+ } = res["object"]
+ end
+
+ test "works with Updates" do
+ message = %{
+ "type" => "Update",
+ "object" => %{
+ "content" => @html_sample,
+ "formerRepresentations" => %{"orderedItems" => [%{"content" => @html_sample}]}
+ }
+ }
+
+ assert {:ok, res} = MRF.filter_one(NormalizeMarkup, message)
+
+ assert %{
+ "content" => @expected,
+ "formerRepresentations" => %{"orderedItems" => [%{"content" => @expected}]}
+ } = res["object"]
end
- test "it skips filter if type isn't `Create`" do
+ test "it skips filter if type isn't `Create` or `Update`" do
message = %{"type" => "Note", "object" => %{}}
assert {:ok, res} = NormalizeMarkup.filter(message)