* Replace ammonia lib with manual html escaping (fixes #3774) * prettier * clippy * remove sanitize unit test * fix tests * fix schema
This commit is contained in:
parent
fe3ebea95a
commit
71d61138bc
39 changed files with 157 additions and 168 deletions
20
Cargo.lock
generated
20
Cargo.lock
generated
|
@ -386,19 +386,6 @@ dependencies = [
|
||||||
"alloc-no-stdlib",
|
"alloc-no-stdlib",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "ammonia"
|
|
||||||
version = "3.3.0"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "64e6d1c7838db705c9b756557ee27c384ce695a1c51a6fe528784cb1c6840170"
|
|
||||||
dependencies = [
|
|
||||||
"html5ever",
|
|
||||||
"maplit",
|
|
||||||
"once_cell",
|
|
||||||
"tendril",
|
|
||||||
"url",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "android-tzdata"
|
name = "android-tzdata"
|
||||||
version = "0.1.1"
|
version = "0.1.1"
|
||||||
|
@ -2613,7 +2600,6 @@ version = "0.18.1"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"activitypub_federation",
|
"activitypub_federation",
|
||||||
"actix-web",
|
"actix-web",
|
||||||
"ammonia",
|
|
||||||
"anyhow",
|
"anyhow",
|
||||||
"chrono",
|
"chrono",
|
||||||
"encoding",
|
"encoding",
|
||||||
|
@ -3028,12 +3014,6 @@ dependencies = [
|
||||||
"libc",
|
"libc",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "maplit"
|
|
||||||
version = "1.0.2"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "3e2e65a1a2e43cfcb47a895c4c8b10d1f4a61097f9f254f183aee60cad9c651d"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "markdown-it"
|
name = "markdown-it"
|
||||||
version = "0.5.1"
|
version = "0.5.1"
|
||||||
|
|
|
@ -513,7 +513,7 @@ test("Sanitize HTML", async () => {
|
||||||
}
|
}
|
||||||
|
|
||||||
let name = randomString(5);
|
let name = randomString(5);
|
||||||
let body = "<script>alert('xss');</script> hello";
|
let body = "<script>alert('xss');</script> hello &\"'";
|
||||||
let form: CreatePost = {
|
let form: CreatePost = {
|
||||||
name,
|
name,
|
||||||
body,
|
body,
|
||||||
|
@ -521,5 +521,14 @@ test("Sanitize HTML", async () => {
|
||||||
community_id: betaCommunity.community.id,
|
community_id: betaCommunity.community.id,
|
||||||
};
|
};
|
||||||
let post = await beta.client.createPost(form);
|
let post = await beta.client.createPost(form);
|
||||||
expect(post.post_view.post.body).toBe(" hello");
|
// first escaping for the api
|
||||||
|
expect(post.post_view.post.body).toBe(
|
||||||
|
"<script>alert('xss');</script> hello &"'",
|
||||||
|
);
|
||||||
|
|
||||||
|
let alphaPost = (await resolvePost(alpha, post.post_view.post)).post;
|
||||||
|
// second escaping over federation, avoid double escape of &
|
||||||
|
expect(alphaPost?.post.body).toBe(
|
||||||
|
"<script>alert('xss');</script> hello &"'",
|
||||||
|
);
|
||||||
});
|
});
|
||||||
|
|
|
@ -8,7 +8,7 @@ use lemmy_api_common::{
|
||||||
utils::{
|
utils::{
|
||||||
check_community_ban,
|
check_community_ban,
|
||||||
local_user_view_from_jwt,
|
local_user_view_from_jwt,
|
||||||
sanitize_html,
|
sanitize_html_api,
|
||||||
send_new_report_email_to_admins,
|
send_new_report_email_to_admins,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
@ -31,7 +31,7 @@ pub async fn create_comment_report(
|
||||||
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
|
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
|
||||||
let local_site = LocalSite::read(&mut context.pool()).await?;
|
let local_site = LocalSite::read(&mut context.pool()).await?;
|
||||||
|
|
||||||
let reason = sanitize_html(data.reason.trim());
|
let reason = sanitize_html_api(data.reason.trim());
|
||||||
check_report_reason(&reason, &local_site)?;
|
check_report_reason(&reason, &local_site)?;
|
||||||
|
|
||||||
let person_id = local_user_view.person.id;
|
let person_id = local_user_view.person.id;
|
||||||
|
|
|
@ -8,7 +8,7 @@ use lemmy_api_common::{
|
||||||
is_mod_or_admin,
|
is_mod_or_admin,
|
||||||
local_user_view_from_jwt,
|
local_user_view_from_jwt,
|
||||||
remove_user_data_in_community,
|
remove_user_data_in_community,
|
||||||
sanitize_html_opt,
|
sanitize_html_api_opt,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
|
@ -86,7 +86,7 @@ pub async fn ban_from_community(
|
||||||
mod_person_id: local_user_view.person.id,
|
mod_person_id: local_user_view.person.id,
|
||||||
other_person_id: data.person_id,
|
other_person_id: data.person_id,
|
||||||
community_id: data.community_id,
|
community_id: data.community_id,
|
||||||
reason: sanitize_html_opt(&data.reason),
|
reason: sanitize_html_api_opt(&data.reason),
|
||||||
banned: Some(data.ban),
|
banned: Some(data.ban),
|
||||||
expires,
|
expires,
|
||||||
};
|
};
|
||||||
|
|
|
@ -5,7 +5,7 @@ use lemmy_api_common::{
|
||||||
community::{CommunityResponse, HideCommunity},
|
community::{CommunityResponse, HideCommunity},
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
send_activity::{ActivityChannel, SendActivityData},
|
send_activity::{ActivityChannel, SendActivityData},
|
||||||
utils::{is_admin, local_user_view_from_jwt, sanitize_html_opt},
|
utils::{is_admin, local_user_view_from_jwt, sanitize_html_api_opt},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
|
@ -33,7 +33,7 @@ pub async fn hide_community(
|
||||||
let mod_hide_community_form = ModHideCommunityForm {
|
let mod_hide_community_form = ModHideCommunityForm {
|
||||||
community_id: data.community_id,
|
community_id: data.community_id,
|
||||||
mod_person_id: local_user_view.person.id,
|
mod_person_id: local_user_view.person.id,
|
||||||
reason: sanitize_html_opt(&data.reason),
|
reason: sanitize_html_api_opt(&data.reason),
|
||||||
hidden: Some(data.hidden),
|
hidden: Some(data.hidden),
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@ use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
person::{BanPerson, BanPersonResponse},
|
person::{BanPerson, BanPersonResponse},
|
||||||
send_activity::{ActivityChannel, SendActivityData},
|
send_activity::{ActivityChannel, SendActivityData},
|
||||||
utils::{is_admin, local_user_view_from_jwt, remove_user_data, sanitize_html_opt},
|
utils::{is_admin, local_user_view_from_jwt, remove_user_data, sanitize_html_api_opt},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
|
@ -54,7 +54,7 @@ pub async fn ban_from_site(
|
||||||
let form = ModBanForm {
|
let form = ModBanForm {
|
||||||
mod_person_id: local_user_view.person.id,
|
mod_person_id: local_user_view.person.id,
|
||||||
other_person_id: data.person_id,
|
other_person_id: data.person_id,
|
||||||
reason: sanitize_html_opt(&data.reason),
|
reason: sanitize_html_api_opt(&data.reason),
|
||||||
banned: Some(data.ban),
|
banned: Some(data.ban),
|
||||||
expires,
|
expires,
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,7 +2,7 @@ use actix_web::web::{Data, Json};
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
person::{LoginResponse, SaveUserSettings},
|
person::{LoginResponse, SaveUserSettings},
|
||||||
utils::{local_user_view_from_jwt, sanitize_html_opt, send_verification_email},
|
utils::{local_user_view_from_jwt, sanitize_html_api_opt, send_verification_email},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
|
@ -34,8 +34,8 @@ pub async fn save_user_settings(
|
||||||
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
|
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
|
||||||
let site_view = SiteView::read_local(&mut context.pool()).await?;
|
let site_view = SiteView::read_local(&mut context.pool()).await?;
|
||||||
|
|
||||||
let bio = sanitize_html_opt(&data.bio);
|
let bio = sanitize_html_api_opt(&data.bio);
|
||||||
let display_name = sanitize_html_opt(&data.display_name);
|
let display_name = sanitize_html_api_opt(&data.display_name);
|
||||||
|
|
||||||
let avatar = diesel_option_overwrite_to_url(&data.avatar)?;
|
let avatar = diesel_option_overwrite_to_url(&data.avatar)?;
|
||||||
let banner = diesel_option_overwrite_to_url(&data.banner)?;
|
let banner = diesel_option_overwrite_to_url(&data.banner)?;
|
||||||
|
@ -85,7 +85,7 @@ pub async fn save_user_settings(
|
||||||
let person_id = local_user_view.person.id;
|
let person_id = local_user_view.person.id;
|
||||||
let default_listing_type = data.default_listing_type;
|
let default_listing_type = data.default_listing_type;
|
||||||
let default_sort_type = data.default_sort_type;
|
let default_sort_type = data.default_sort_type;
|
||||||
let theme = sanitize_html_opt(&data.theme);
|
let theme = sanitize_html_api_opt(&data.theme);
|
||||||
|
|
||||||
let person_form = PersonUpdateForm {
|
let person_form = PersonUpdateForm {
|
||||||
display_name,
|
display_name,
|
||||||
|
|
|
@ -8,7 +8,7 @@ use lemmy_api_common::{
|
||||||
utils::{
|
utils::{
|
||||||
check_community_ban,
|
check_community_ban,
|
||||||
local_user_view_from_jwt,
|
local_user_view_from_jwt,
|
||||||
sanitize_html,
|
sanitize_html_api,
|
||||||
send_new_report_email_to_admins,
|
send_new_report_email_to_admins,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
@ -31,7 +31,7 @@ pub async fn create_post_report(
|
||||||
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
|
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
|
||||||
let local_site = LocalSite::read(&mut context.pool()).await?;
|
let local_site = LocalSite::read(&mut context.pool()).await?;
|
||||||
|
|
||||||
let reason = sanitize_html(data.reason.trim());
|
let reason = sanitize_html_api(data.reason.trim());
|
||||||
check_report_reason(&reason, &local_site)?;
|
check_report_reason(&reason, &local_site)?;
|
||||||
|
|
||||||
let person_id = local_user_view.person.id;
|
let person_id = local_user_view.person.id;
|
||||||
|
|
|
@ -3,7 +3,7 @@ use actix_web::web::{Data, Json};
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
private_message::{CreatePrivateMessageReport, PrivateMessageReportResponse},
|
private_message::{CreatePrivateMessageReport, PrivateMessageReportResponse},
|
||||||
utils::{local_user_view_from_jwt, sanitize_html, send_new_report_email_to_admins},
|
utils::{local_user_view_from_jwt, sanitize_html_api, send_new_report_email_to_admins},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
|
@ -24,7 +24,7 @@ pub async fn create_pm_report(
|
||||||
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
|
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
|
||||||
let local_site = LocalSite::read(&mut context.pool()).await?;
|
let local_site = LocalSite::read(&mut context.pool()).await?;
|
||||||
|
|
||||||
let reason = sanitize_html(data.reason.trim());
|
let reason = sanitize_html_api(data.reason.trim());
|
||||||
check_report_reason(&reason, &local_site)?;
|
check_report_reason(&reason, &local_site)?;
|
||||||
|
|
||||||
let person_id = local_user_view.person.id;
|
let person_id = local_user_view.person.id;
|
||||||
|
|
|
@ -2,7 +2,7 @@ use actix_web::web::{Data, Json};
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
site::{PurgeComment, PurgeItemResponse},
|
site::{PurgeComment, PurgeItemResponse},
|
||||||
utils::{is_admin, local_user_view_from_jwt, sanitize_html_opt},
|
utils::{is_admin, local_user_view_from_jwt, sanitize_html_api_opt},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
|
@ -35,7 +35,7 @@ pub async fn purge_comment(
|
||||||
Comment::delete(&mut context.pool(), comment_id).await?;
|
Comment::delete(&mut context.pool(), comment_id).await?;
|
||||||
|
|
||||||
// Mod tables
|
// Mod tables
|
||||||
let reason = sanitize_html_opt(&data.reason);
|
let reason = sanitize_html_api_opt(&data.reason);
|
||||||
let form = AdminPurgeCommentForm {
|
let form = AdminPurgeCommentForm {
|
||||||
admin_person_id: local_user_view.person.id,
|
admin_person_id: local_user_view.person.id,
|
||||||
reason,
|
reason,
|
||||||
|
|
|
@ -3,7 +3,12 @@ use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
request::purge_image_from_pictrs,
|
request::purge_image_from_pictrs,
|
||||||
site::{PurgeCommunity, PurgeItemResponse},
|
site::{PurgeCommunity, PurgeItemResponse},
|
||||||
utils::{is_admin, local_user_view_from_jwt, purge_image_posts_for_community, sanitize_html_opt},
|
utils::{
|
||||||
|
is_admin,
|
||||||
|
local_user_view_from_jwt,
|
||||||
|
purge_image_posts_for_community,
|
||||||
|
sanitize_html_api_opt,
|
||||||
|
},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
|
@ -42,7 +47,7 @@ pub async fn purge_community(
|
||||||
Community::delete(&mut context.pool(), community_id).await?;
|
Community::delete(&mut context.pool(), community_id).await?;
|
||||||
|
|
||||||
// Mod tables
|
// Mod tables
|
||||||
let reason = sanitize_html_opt(&data.reason);
|
let reason = sanitize_html_api_opt(&data.reason);
|
||||||
let form = AdminPurgeCommunityForm {
|
let form = AdminPurgeCommunityForm {
|
||||||
admin_person_id: local_user_view.person.id,
|
admin_person_id: local_user_view.person.id,
|
||||||
reason,
|
reason,
|
||||||
|
|
|
@ -3,7 +3,7 @@ use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
request::delete_image_from_pictrs,
|
request::delete_image_from_pictrs,
|
||||||
site::{PurgeItemResponse, PurgePerson},
|
site::{PurgeItemResponse, PurgePerson},
|
||||||
utils::{is_admin, local_user_view_from_jwt, sanitize_html_opt},
|
utils::{is_admin, local_user_view_from_jwt, sanitize_html_api_opt},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
|
@ -42,7 +42,7 @@ pub async fn purge_person(
|
||||||
Person::delete(&mut context.pool(), person_id).await?;
|
Person::delete(&mut context.pool(), person_id).await?;
|
||||||
|
|
||||||
// Mod tables
|
// Mod tables
|
||||||
let reason = sanitize_html_opt(&data.reason);
|
let reason = sanitize_html_api_opt(&data.reason);
|
||||||
let form = AdminPurgePersonForm {
|
let form = AdminPurgePersonForm {
|
||||||
admin_person_id: local_user_view.person.id,
|
admin_person_id: local_user_view.person.id,
|
||||||
reason,
|
reason,
|
||||||
|
|
|
@ -3,7 +3,7 @@ use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
request::purge_image_from_pictrs,
|
request::purge_image_from_pictrs,
|
||||||
site::{PurgeItemResponse, PurgePost},
|
site::{PurgeItemResponse, PurgePost},
|
||||||
utils::{is_admin, local_user_view_from_jwt, sanitize_html_opt},
|
utils::{is_admin, local_user_view_from_jwt, sanitize_html_api_opt},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
|
@ -43,7 +43,7 @@ pub async fn purge_post(
|
||||||
Post::delete(&mut context.pool(), post_id).await?;
|
Post::delete(&mut context.pool(), post_id).await?;
|
||||||
|
|
||||||
// Mod tables
|
// Mod tables
|
||||||
let reason = sanitize_html_opt(&data.reason);
|
let reason = sanitize_html_api_opt(&data.reason);
|
||||||
let form = AdminPurgePostForm {
|
let form = AdminPurgePostForm {
|
||||||
admin_person_id: local_user_view.person.id,
|
admin_person_id: local_user_view.person.id,
|
||||||
reason,
|
reason,
|
||||||
|
|
|
@ -34,7 +34,6 @@ full = [
|
||||||
"actix-web",
|
"actix-web",
|
||||||
"futures",
|
"futures",
|
||||||
"once_cell",
|
"once_cell",
|
||||||
"ammonia",
|
|
||||||
]
|
]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
|
@ -67,4 +66,3 @@ once_cell = { workspace = true, optional = true }
|
||||||
actix-web = { workspace = true, optional = true }
|
actix-web = { workspace = true, optional = true }
|
||||||
# necessary for wasmt compilation
|
# necessary for wasmt compilation
|
||||||
getrandom = { version = "0.2.10", features = ["js"] }
|
getrandom = { version = "0.2.10", features = ["js"] }
|
||||||
ammonia = { version = "3.3.0", optional = true }
|
|
||||||
|
|
|
@ -798,21 +798,35 @@ pub fn generate_moderators_url(community_id: &DbUrl) -> Result<DbUrl, LemmyError
|
||||||
Ok(Url::parse(&format!("{community_id}/moderators"))?.into())
|
Ok(Url::parse(&format!("{community_id}/moderators"))?.into())
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Sanitize HTML with default options. Additionally, dont allow bypassing markdown
|
/// Replace special HTML characters in API parameters to prevent XSS attacks.
|
||||||
/// links and images
|
///
|
||||||
pub fn sanitize_html(data: &str) -> String {
|
/// Taken from https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md#output-encoding-for-html-contexts
|
||||||
ammonia::Builder::default()
|
///
|
||||||
.rm_tags(&["a", "img"])
|
/// `>` is left in place because it is interpreted as markdown quote.
|
||||||
.clean(data)
|
pub fn sanitize_html_api(data: &str) -> String {
|
||||||
.to_string()
|
data
|
||||||
// restore markdown quotes
|
.replace('&', "&")
|
||||||
.replace(">", ">")
|
.replace('<', "<")
|
||||||
// restore white space
|
.replace('\"', """)
|
||||||
.replace(" ", " ")
|
.replace('\'', "'")
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn sanitize_html_opt(data: &Option<String>) -> Option<String> {
|
pub fn sanitize_html_api_opt(data: &Option<String>) -> Option<String> {
|
||||||
data.as_ref().map(|d| sanitize_html(d))
|
data.as_ref().map(|d| sanitize_html_api(d))
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Replace special HTML characters in federation parameters to prevent XSS attacks.
|
||||||
|
///
|
||||||
|
/// Unlike [sanitize_html_api()] it leaves `&` in place to avoid double escaping.
|
||||||
|
pub fn sanitize_html_federation(data: &str) -> String {
|
||||||
|
data
|
||||||
|
.replace('<', "<")
|
||||||
|
.replace('\"', """)
|
||||||
|
.replace('\'', "'")
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn sanitize_html_federation_opt(data: &Option<String>) -> Option<String> {
|
||||||
|
data.as_ref().map(|d| sanitize_html_federation(d))
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
|
@ -820,7 +834,7 @@ mod tests {
|
||||||
#![allow(clippy::unwrap_used)]
|
#![allow(clippy::unwrap_used)]
|
||||||
#![allow(clippy::indexing_slicing)]
|
#![allow(clippy::indexing_slicing)]
|
||||||
|
|
||||||
use crate::utils::{honeypot_check, password_length_check, sanitize_html};
|
use crate::utils::{honeypot_check, password_length_check};
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
#[rustfmt::skip]
|
#[rustfmt::skip]
|
||||||
|
@ -838,14 +852,4 @@ mod tests {
|
||||||
assert!(honeypot_check(&Some("1".to_string())).is_err());
|
assert!(honeypot_check(&Some("1".to_string())).is_err());
|
||||||
assert!(honeypot_check(&Some("message".to_string())).is_err());
|
assert!(honeypot_check(&Some("message".to_string())).is_err());
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn test_sanitize_html() {
|
|
||||||
let sanitized = sanitize_html("<script>alert(1);</script> hello");
|
|
||||||
assert_eq!(sanitized, " hello");
|
|
||||||
let sanitized = sanitize_html("<img src='http://example.com'> test");
|
|
||||||
assert_eq!(sanitized, " test");
|
|
||||||
let sanitized = sanitize_html("Hello World");
|
|
||||||
assert_eq!(sanitized, "Hello World");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,7 +13,7 @@ use lemmy_api_common::{
|
||||||
get_post,
|
get_post,
|
||||||
local_site_to_slur_regex,
|
local_site_to_slur_regex,
|
||||||
local_user_view_from_jwt,
|
local_user_view_from_jwt,
|
||||||
sanitize_html,
|
sanitize_html_api,
|
||||||
EndpointType,
|
EndpointType,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
@ -52,7 +52,7 @@ pub async fn create_comment(
|
||||||
&local_site_to_slur_regex(&local_site),
|
&local_site_to_slur_regex(&local_site),
|
||||||
);
|
);
|
||||||
is_valid_body_field(&Some(content.clone()), false)?;
|
is_valid_body_field(&Some(content.clone()), false)?;
|
||||||
let content = sanitize_html(&content);
|
let content = sanitize_html_api(&content);
|
||||||
|
|
||||||
// Check for a community ban
|
// Check for a community ban
|
||||||
let post_id = data.post_id;
|
let post_id = data.post_id;
|
||||||
|
|
|
@ -9,7 +9,7 @@ use lemmy_api_common::{
|
||||||
check_community_ban,
|
check_community_ban,
|
||||||
local_site_to_slur_regex,
|
local_site_to_slur_regex,
|
||||||
local_user_view_from_jwt,
|
local_user_view_from_jwt,
|
||||||
sanitize_html_opt,
|
sanitize_html_api_opt,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
|
@ -68,7 +68,7 @@ pub async fn update_comment(
|
||||||
.as_ref()
|
.as_ref()
|
||||||
.map(|c| remove_slurs(c, &local_site_to_slur_regex(&local_site)));
|
.map(|c| remove_slurs(c, &local_site_to_slur_regex(&local_site)));
|
||||||
is_valid_body_field(&content, false)?;
|
is_valid_body_field(&content, false)?;
|
||||||
let content = sanitize_html_opt(&content);
|
let content = sanitize_html_api_opt(&content);
|
||||||
|
|
||||||
let comment_id = data.comment_id;
|
let comment_id = data.comment_id;
|
||||||
let form = CommentUpdateForm {
|
let form = CommentUpdateForm {
|
||||||
|
|
|
@ -12,8 +12,8 @@ use lemmy_api_common::{
|
||||||
is_admin,
|
is_admin,
|
||||||
local_site_to_slur_regex,
|
local_site_to_slur_regex,
|
||||||
local_user_view_from_jwt,
|
local_user_view_from_jwt,
|
||||||
sanitize_html,
|
sanitize_html_api,
|
||||||
sanitize_html_opt,
|
sanitize_html_api_opt,
|
||||||
EndpointType,
|
EndpointType,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
@ -58,9 +58,9 @@ pub async fn create_community(
|
||||||
let icon = diesel_option_overwrite_to_url_create(&data.icon)?;
|
let icon = diesel_option_overwrite_to_url_create(&data.icon)?;
|
||||||
let banner = diesel_option_overwrite_to_url_create(&data.banner)?;
|
let banner = diesel_option_overwrite_to_url_create(&data.banner)?;
|
||||||
|
|
||||||
let name = sanitize_html(&data.name);
|
let name = sanitize_html_api(&data.name);
|
||||||
let title = sanitize_html(&data.title);
|
let title = sanitize_html_api(&data.title);
|
||||||
let description = sanitize_html_opt(&data.description);
|
let description = sanitize_html_api_opt(&data.description);
|
||||||
|
|
||||||
let slur_regex = local_site_to_slur_regex(&local_site);
|
let slur_regex = local_site_to_slur_regex(&local_site);
|
||||||
check_slurs(&name, &slur_regex)?;
|
check_slurs(&name, &slur_regex)?;
|
||||||
|
|
|
@ -5,7 +5,7 @@ use lemmy_api_common::{
|
||||||
community::{CommunityResponse, EditCommunity},
|
community::{CommunityResponse, EditCommunity},
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
send_activity::{ActivityChannel, SendActivityData},
|
send_activity::{ActivityChannel, SendActivityData},
|
||||||
utils::{local_site_to_slur_regex, local_user_view_from_jwt, sanitize_html_opt},
|
utils::{local_site_to_slur_regex, local_user_view_from_jwt, sanitize_html_api_opt},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
newtypes::PersonId,
|
newtypes::PersonId,
|
||||||
|
@ -36,8 +36,8 @@ pub async fn update_community(
|
||||||
check_slurs_opt(&data.description, &slur_regex)?;
|
check_slurs_opt(&data.description, &slur_regex)?;
|
||||||
is_valid_body_field(&data.description, false)?;
|
is_valid_body_field(&data.description, false)?;
|
||||||
|
|
||||||
let title = sanitize_html_opt(&data.title);
|
let title = sanitize_html_api_opt(&data.title);
|
||||||
let description = sanitize_html_opt(&data.description);
|
let description = sanitize_html_api_opt(&data.description);
|
||||||
|
|
||||||
let icon = diesel_option_overwrite_to_url(&data.icon)?;
|
let icon = diesel_option_overwrite_to_url(&data.icon)?;
|
||||||
let banner = diesel_option_overwrite_to_url(&data.banner)?;
|
let banner = diesel_option_overwrite_to_url(&data.banner)?;
|
||||||
|
|
|
@ -3,7 +3,7 @@ use actix_web::web::Json;
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
custom_emoji::{CreateCustomEmoji, CustomEmojiResponse},
|
custom_emoji::{CreateCustomEmoji, CustomEmojiResponse},
|
||||||
utils::{is_admin, local_user_view_from_jwt, sanitize_html},
|
utils::{is_admin, local_user_view_from_jwt, sanitize_html_api},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::source::{
|
use lemmy_db_schema::source::{
|
||||||
custom_emoji::{CustomEmoji, CustomEmojiInsertForm},
|
custom_emoji::{CustomEmoji, CustomEmojiInsertForm},
|
||||||
|
@ -24,9 +24,9 @@ pub async fn create_custom_emoji(
|
||||||
// Make sure user is an admin
|
// Make sure user is an admin
|
||||||
is_admin(&local_user_view)?;
|
is_admin(&local_user_view)?;
|
||||||
|
|
||||||
let shortcode = sanitize_html(data.shortcode.to_lowercase().trim());
|
let shortcode = sanitize_html_api(data.shortcode.to_lowercase().trim());
|
||||||
let alt_text = sanitize_html(&data.alt_text);
|
let alt_text = sanitize_html_api(&data.alt_text);
|
||||||
let category = sanitize_html(&data.category);
|
let category = sanitize_html_api(&data.category);
|
||||||
|
|
||||||
let emoji_form = CustomEmojiInsertForm::builder()
|
let emoji_form = CustomEmojiInsertForm::builder()
|
||||||
.local_site_id(local_site.id)
|
.local_site_id(local_site.id)
|
||||||
|
|
|
@ -3,7 +3,7 @@ use actix_web::web::Json;
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
custom_emoji::{CustomEmojiResponse, EditCustomEmoji},
|
custom_emoji::{CustomEmojiResponse, EditCustomEmoji},
|
||||||
utils::{is_admin, local_user_view_from_jwt, sanitize_html},
|
utils::{is_admin, local_user_view_from_jwt, sanitize_html_api},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::source::{
|
use lemmy_db_schema::source::{
|
||||||
custom_emoji::{CustomEmoji, CustomEmojiUpdateForm},
|
custom_emoji::{CustomEmoji, CustomEmojiUpdateForm},
|
||||||
|
@ -24,8 +24,8 @@ pub async fn update_custom_emoji(
|
||||||
// Make sure user is an admin
|
// Make sure user is an admin
|
||||||
is_admin(&local_user_view)?;
|
is_admin(&local_user_view)?;
|
||||||
|
|
||||||
let alt_text = sanitize_html(&data.alt_text);
|
let alt_text = sanitize_html_api(&data.alt_text);
|
||||||
let category = sanitize_html(&data.category);
|
let category = sanitize_html_api(&data.category);
|
||||||
|
|
||||||
let emoji_form = CustomEmojiUpdateForm::builder()
|
let emoji_form = CustomEmojiUpdateForm::builder()
|
||||||
.local_site_id(local_site.id)
|
.local_site_id(local_site.id)
|
||||||
|
|
|
@ -14,8 +14,8 @@ use lemmy_api_common::{
|
||||||
local_site_to_slur_regex,
|
local_site_to_slur_regex,
|
||||||
local_user_view_from_jwt,
|
local_user_view_from_jwt,
|
||||||
mark_post_as_read,
|
mark_post_as_read,
|
||||||
sanitize_html,
|
sanitize_html_api,
|
||||||
sanitize_html_opt,
|
sanitize_html_api_opt,
|
||||||
EndpointType,
|
EndpointType,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
@ -93,10 +93,10 @@ pub async fn create_post(
|
||||||
.map(|u| (u.title, u.description, u.embed_video_url))
|
.map(|u| (u.title, u.description, u.embed_video_url))
|
||||||
.unwrap_or_default();
|
.unwrap_or_default();
|
||||||
|
|
||||||
let name = sanitize_html(data.name.trim());
|
let name = sanitize_html_api(data.name.trim());
|
||||||
let body = sanitize_html_opt(&data.body);
|
let body = sanitize_html_api_opt(&data.body);
|
||||||
let embed_title = sanitize_html_opt(&embed_title);
|
let embed_title = sanitize_html_api_opt(&embed_title);
|
||||||
let embed_description = sanitize_html_opt(&embed_description);
|
let embed_description = sanitize_html_api_opt(&embed_description);
|
||||||
|
|
||||||
// Only need to check if language is allowed in case user set it explicitly. When using default
|
// Only need to check if language is allowed in case user set it explicitly. When using default
|
||||||
// language, it already only returns allowed languages.
|
// language, it already only returns allowed languages.
|
||||||
|
|
|
@ -10,7 +10,7 @@ use lemmy_api_common::{
|
||||||
check_community_ban,
|
check_community_ban,
|
||||||
local_site_to_slur_regex,
|
local_site_to_slur_regex,
|
||||||
local_user_view_from_jwt,
|
local_user_view_from_jwt,
|
||||||
sanitize_html_opt,
|
sanitize_html_api_opt,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
|
@ -79,11 +79,11 @@ pub async fn update_post(
|
||||||
.map(|u| (Some(u.title), Some(u.description), Some(u.embed_video_url)))
|
.map(|u| (Some(u.title), Some(u.description), Some(u.embed_video_url)))
|
||||||
.unwrap_or_default();
|
.unwrap_or_default();
|
||||||
|
|
||||||
let name = sanitize_html_opt(&data.name);
|
let name = sanitize_html_api_opt(&data.name);
|
||||||
let body = sanitize_html_opt(&data.body);
|
let body = sanitize_html_api_opt(&data.body);
|
||||||
let body = diesel_option_overwrite(body);
|
let body = diesel_option_overwrite(body);
|
||||||
let embed_title = embed_title.map(|e| sanitize_html_opt(&e));
|
let embed_title = embed_title.map(|e| sanitize_html_api_opt(&e));
|
||||||
let embed_description = embed_description.map(|e| sanitize_html_opt(&e));
|
let embed_description = embed_description.map(|e| sanitize_html_api_opt(&e));
|
||||||
|
|
||||||
let language_id = data.language_id;
|
let language_id = data.language_id;
|
||||||
CommunityLanguage::is_allowed_community_language(
|
CommunityLanguage::is_allowed_community_language(
|
||||||
|
|
|
@ -10,7 +10,7 @@ use lemmy_api_common::{
|
||||||
get_interface_language,
|
get_interface_language,
|
||||||
local_site_to_slur_regex,
|
local_site_to_slur_regex,
|
||||||
local_user_view_from_jwt,
|
local_user_view_from_jwt,
|
||||||
sanitize_html,
|
sanitize_html_api,
|
||||||
send_email_to_user,
|
send_email_to_user,
|
||||||
EndpointType,
|
EndpointType,
|
||||||
},
|
},
|
||||||
|
@ -36,7 +36,7 @@ pub async fn create_private_message(
|
||||||
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
|
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
|
||||||
let local_site = LocalSite::read(&mut context.pool()).await?;
|
let local_site = LocalSite::read(&mut context.pool()).await?;
|
||||||
|
|
||||||
let content = sanitize_html(&data.content);
|
let content = sanitize_html_api(&data.content);
|
||||||
let content = remove_slurs(&content, &local_site_to_slur_regex(&local_site));
|
let content = remove_slurs(&content, &local_site_to_slur_regex(&local_site));
|
||||||
is_valid_body_field(&Some(content.clone()), false)?;
|
is_valid_body_field(&Some(content.clone()), false)?;
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@ use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
private_message::{EditPrivateMessage, PrivateMessageResponse},
|
private_message::{EditPrivateMessage, PrivateMessageResponse},
|
||||||
send_activity::{ActivityChannel, SendActivityData},
|
send_activity::{ActivityChannel, SendActivityData},
|
||||||
utils::{local_site_to_slur_regex, local_user_view_from_jwt, sanitize_html},
|
utils::{local_site_to_slur_regex, local_user_view_from_jwt, sanitize_html_api},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
|
@ -36,7 +36,7 @@ pub async fn update_private_message(
|
||||||
}
|
}
|
||||||
|
|
||||||
// Doing the update
|
// Doing the update
|
||||||
let content = sanitize_html(&data.content);
|
let content = sanitize_html_api(&data.content);
|
||||||
let content = remove_slurs(&content, &local_site_to_slur_regex(&local_site));
|
let content = remove_slurs(&content, &local_site_to_slur_regex(&local_site));
|
||||||
is_valid_body_field(&Some(content.clone()), false)?;
|
is_valid_body_field(&Some(content.clone()), false)?;
|
||||||
|
|
||||||
|
|
|
@ -9,8 +9,8 @@ use lemmy_api_common::{
|
||||||
is_admin,
|
is_admin,
|
||||||
local_site_rate_limit_to_rate_limit_config,
|
local_site_rate_limit_to_rate_limit_config,
|
||||||
local_user_view_from_jwt,
|
local_user_view_from_jwt,
|
||||||
sanitize_html,
|
sanitize_html_api,
|
||||||
sanitize_html_opt,
|
sanitize_html_api_opt,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
|
@ -56,9 +56,9 @@ pub async fn create_site(
|
||||||
let actor_id: DbUrl = Url::parse(&context.settings().get_protocol_and_hostname())?.into();
|
let actor_id: DbUrl = Url::parse(&context.settings().get_protocol_and_hostname())?.into();
|
||||||
let inbox_url = Some(generate_site_inbox_url(&actor_id)?);
|
let inbox_url = Some(generate_site_inbox_url(&actor_id)?);
|
||||||
let keypair = generate_actor_keypair()?;
|
let keypair = generate_actor_keypair()?;
|
||||||
let name = sanitize_html(&data.name);
|
let name = sanitize_html_api(&data.name);
|
||||||
let sidebar = sanitize_html_opt(&data.sidebar);
|
let sidebar = sanitize_html_api_opt(&data.sidebar);
|
||||||
let description = sanitize_html_opt(&data.description);
|
let description = sanitize_html_api_opt(&data.description);
|
||||||
|
|
||||||
let site_form = SiteUpdateForm {
|
let site_form = SiteUpdateForm {
|
||||||
name: Some(name),
|
name: Some(name),
|
||||||
|
@ -78,9 +78,9 @@ pub async fn create_site(
|
||||||
|
|
||||||
Site::update(&mut context.pool(), site_id, &site_form).await?;
|
Site::update(&mut context.pool(), site_id, &site_form).await?;
|
||||||
|
|
||||||
let application_question = sanitize_html_opt(&data.application_question);
|
let application_question = sanitize_html_api_opt(&data.application_question);
|
||||||
let default_theme = sanitize_html_opt(&data.default_theme);
|
let default_theme = sanitize_html_api_opt(&data.default_theme);
|
||||||
let legal_information = sanitize_html_opt(&data.legal_information);
|
let legal_information = sanitize_html_api_opt(&data.legal_information);
|
||||||
|
|
||||||
let local_site_form = LocalSiteUpdateForm {
|
let local_site_form = LocalSiteUpdateForm {
|
||||||
// Set the site setup to true
|
// Set the site setup to true
|
||||||
|
|
|
@ -7,7 +7,7 @@ use lemmy_api_common::{
|
||||||
is_admin,
|
is_admin,
|
||||||
local_site_rate_limit_to_rate_limit_config,
|
local_site_rate_limit_to_rate_limit_config,
|
||||||
local_user_view_from_jwt,
|
local_user_view_from_jwt,
|
||||||
sanitize_html_opt,
|
sanitize_html_api_opt,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
|
@ -59,9 +59,9 @@ pub async fn update_site(
|
||||||
SiteLanguage::update(&mut context.pool(), discussion_languages.clone(), &site).await?;
|
SiteLanguage::update(&mut context.pool(), discussion_languages.clone(), &site).await?;
|
||||||
}
|
}
|
||||||
|
|
||||||
let name = sanitize_html_opt(&data.name);
|
let name = sanitize_html_api_opt(&data.name);
|
||||||
let sidebar = sanitize_html_opt(&data.sidebar);
|
let sidebar = sanitize_html_api_opt(&data.sidebar);
|
||||||
let description = sanitize_html_opt(&data.description);
|
let description = sanitize_html_api_opt(&data.description);
|
||||||
|
|
||||||
let site_form = SiteUpdateForm {
|
let site_form = SiteUpdateForm {
|
||||||
name,
|
name,
|
||||||
|
@ -79,9 +79,9 @@ pub async fn update_site(
|
||||||
// Diesel will throw an error for empty update forms
|
// Diesel will throw an error for empty update forms
|
||||||
.ok();
|
.ok();
|
||||||
|
|
||||||
let application_question = sanitize_html_opt(&data.application_question);
|
let application_question = sanitize_html_api_opt(&data.application_question);
|
||||||
let default_theme = sanitize_html_opt(&data.default_theme);
|
let default_theme = sanitize_html_api_opt(&data.default_theme);
|
||||||
let legal_information = sanitize_html_opt(&data.legal_information);
|
let legal_information = sanitize_html_api_opt(&data.legal_information);
|
||||||
|
|
||||||
let local_site_form = LocalSiteUpdateForm {
|
let local_site_form = LocalSiteUpdateForm {
|
||||||
enable_downvotes: data.enable_downvotes,
|
enable_downvotes: data.enable_downvotes,
|
||||||
|
|
|
@ -10,7 +10,7 @@ use lemmy_api_common::{
|
||||||
honeypot_check,
|
honeypot_check,
|
||||||
local_site_to_slur_regex,
|
local_site_to_slur_regex,
|
||||||
password_length_check,
|
password_length_check,
|
||||||
sanitize_html,
|
sanitize_html_api,
|
||||||
send_new_applicant_email_to_admins,
|
send_new_applicant_email_to_admins,
|
||||||
send_verification_email,
|
send_verification_email,
|
||||||
EndpointType,
|
EndpointType,
|
||||||
|
@ -89,7 +89,7 @@ pub async fn register(
|
||||||
let slur_regex = local_site_to_slur_regex(&local_site);
|
let slur_regex = local_site_to_slur_regex(&local_site);
|
||||||
check_slurs(&data.username, &slur_regex)?;
|
check_slurs(&data.username, &slur_regex)?;
|
||||||
check_slurs_opt(&data.answer, &slur_regex)?;
|
check_slurs_opt(&data.answer, &slur_regex)?;
|
||||||
let username = sanitize_html(&data.username);
|
let username = sanitize_html_api(&data.username);
|
||||||
|
|
||||||
let actor_keypair = generate_actor_keypair()?;
|
let actor_keypair = generate_actor_keypair()?;
|
||||||
is_valid_actor_name(&data.username, local_site.actor_name_max_length as usize)?;
|
is_valid_actor_name(&data.username, local_site.actor_name_max_length as usize)?;
|
||||||
|
|
|
@ -23,7 +23,7 @@ use anyhow::anyhow;
|
||||||
use chrono::{DateTime, Utc};
|
use chrono::{DateTime, Utc};
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
utils::{remove_user_data, remove_user_data_in_community, sanitize_html_opt},
|
utils::{remove_user_data, remove_user_data_in_community, sanitize_html_federation_opt},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
|
@ -172,7 +172,7 @@ impl ActivityHandler for BlockUser {
|
||||||
let form = ModBanForm {
|
let form = ModBanForm {
|
||||||
mod_person_id: mod_person.id,
|
mod_person_id: mod_person.id,
|
||||||
other_person_id: blocked_person.id,
|
other_person_id: blocked_person.id,
|
||||||
reason: sanitize_html_opt(&self.summary),
|
reason: sanitize_html_federation_opt(&self.summary),
|
||||||
banned: Some(true),
|
banned: Some(true),
|
||||||
expires,
|
expires,
|
||||||
};
|
};
|
||||||
|
@ -206,7 +206,7 @@ impl ActivityHandler for BlockUser {
|
||||||
mod_person_id: mod_person.id,
|
mod_person_id: mod_person.id,
|
||||||
other_person_id: blocked_person.id,
|
other_person_id: blocked_person.id,
|
||||||
community_id: community.id,
|
community_id: community.id,
|
||||||
reason: sanitize_html_opt(&self.summary),
|
reason: sanitize_html_federation_opt(&self.summary),
|
||||||
banned: Some(true),
|
banned: Some(true),
|
||||||
expires,
|
expires,
|
||||||
};
|
};
|
||||||
|
|
|
@ -17,7 +17,7 @@ use activitypub_federation::{
|
||||||
protocol::verification::verify_domains_match,
|
protocol::verification::verify_domains_match,
|
||||||
traits::{ActivityHandler, Actor},
|
traits::{ActivityHandler, Actor},
|
||||||
};
|
};
|
||||||
use lemmy_api_common::{context::LemmyContext, utils::sanitize_html_opt};
|
use lemmy_api_common::{context::LemmyContext, utils::sanitize_html_federation_opt};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
community::{CommunityPersonBan, CommunityPersonBanForm},
|
community::{CommunityPersonBan, CommunityPersonBanForm},
|
||||||
|
@ -117,7 +117,7 @@ impl ActivityHandler for UndoBlockUser {
|
||||||
let form = ModBanForm {
|
let form = ModBanForm {
|
||||||
mod_person_id: mod_person.id,
|
mod_person_id: mod_person.id,
|
||||||
other_person_id: blocked_person.id,
|
other_person_id: blocked_person.id,
|
||||||
reason: sanitize_html_opt(&self.object.summary),
|
reason: sanitize_html_federation_opt(&self.object.summary),
|
||||||
banned: Some(false),
|
banned: Some(false),
|
||||||
expires,
|
expires,
|
||||||
};
|
};
|
||||||
|
@ -136,7 +136,7 @@ impl ActivityHandler for UndoBlockUser {
|
||||||
mod_person_id: mod_person.id,
|
mod_person_id: mod_person.id,
|
||||||
other_person_id: blocked_person.id,
|
other_person_id: blocked_person.id,
|
||||||
community_id: community.id,
|
community_id: community.id,
|
||||||
reason: sanitize_html_opt(&self.object.summary),
|
reason: sanitize_html_federation_opt(&self.object.summary),
|
||||||
banned: Some(false),
|
banned: Some(false),
|
||||||
expires,
|
expires,
|
||||||
};
|
};
|
||||||
|
|
|
@ -11,7 +11,7 @@ use activitypub_federation::{
|
||||||
kinds::activity::FlagType,
|
kinds::activity::FlagType,
|
||||||
traits::{ActivityHandler, Actor},
|
traits::{ActivityHandler, Actor},
|
||||||
};
|
};
|
||||||
use lemmy_api_common::{context::LemmyContext, utils::sanitize_html};
|
use lemmy_api_common::{context::LemmyContext, utils::sanitize_html_federation};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
comment_report::{CommentReport, CommentReportForm},
|
comment_report::{CommentReport, CommentReportForm},
|
||||||
|
@ -86,7 +86,7 @@ impl ActivityHandler for Report {
|
||||||
post_id: post.id,
|
post_id: post.id,
|
||||||
original_post_name: post.name.clone(),
|
original_post_name: post.name.clone(),
|
||||||
original_post_url: post.url.clone(),
|
original_post_url: post.url.clone(),
|
||||||
reason: sanitize_html(&self.summary),
|
reason: sanitize_html_federation(&self.summary),
|
||||||
original_post_body: post.body.clone(),
|
original_post_body: post.body.clone(),
|
||||||
};
|
};
|
||||||
PostReport::report(&mut context.pool(), &report_form).await?;
|
PostReport::report(&mut context.pool(), &report_form).await?;
|
||||||
|
@ -96,7 +96,7 @@ impl ActivityHandler for Report {
|
||||||
creator_id: actor.id,
|
creator_id: actor.id,
|
||||||
comment_id: comment.id,
|
comment_id: comment.id,
|
||||||
original_comment_text: comment.content.clone(),
|
original_comment_text: comment.content.clone(),
|
||||||
reason: sanitize_html(&self.summary),
|
reason: sanitize_html_federation(&self.summary),
|
||||||
};
|
};
|
||||||
CommentReport::report(&mut context.pool(), &report_form).await?;
|
CommentReport::report(&mut context.pool(), &report_form).await?;
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,7 @@ use crate::{
|
||||||
protocol::{activities::deletion::delete::Delete, IdOrNestedObject},
|
protocol::{activities::deletion::delete::Delete, IdOrNestedObject},
|
||||||
};
|
};
|
||||||
use activitypub_federation::{config::Data, kinds::activity::DeleteType, traits::ActivityHandler};
|
use activitypub_federation::{config::Data, kinds::activity::DeleteType, traits::ActivityHandler};
|
||||||
use lemmy_api_common::{context::LemmyContext, utils::sanitize_html_opt};
|
use lemmy_api_common::{context::LemmyContext, utils::sanitize_html_federation_opt};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
comment::{Comment, CommentUpdateForm},
|
comment::{Comment, CommentUpdateForm},
|
||||||
|
@ -105,7 +105,7 @@ pub(in crate::activities) async fn receive_remove_action(
|
||||||
reason: Option<String>,
|
reason: Option<String>,
|
||||||
context: &Data<LemmyContext>,
|
context: &Data<LemmyContext>,
|
||||||
) -> Result<(), LemmyError> {
|
) -> Result<(), LemmyError> {
|
||||||
let reason = sanitize_html_opt(&reason);
|
let reason = sanitize_html_federation_opt(&reason);
|
||||||
|
|
||||||
match DeletableObjects::read_from_db(object, context).await? {
|
match DeletableObjects::read_from_db(object, context).await? {
|
||||||
DeletableObjects::Community(community) => {
|
DeletableObjects::Community(community) => {
|
||||||
|
|
|
@ -18,7 +18,7 @@ use activitypub_federation::{
|
||||||
use chrono::{DateTime, Utc};
|
use chrono::{DateTime, Utc};
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
utils::{local_site_opt_to_slur_regex, sanitize_html},
|
utils::{local_site_opt_to_slur_regex, sanitize_html_federation},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
|
@ -162,7 +162,7 @@ impl Object for ApubComment {
|
||||||
let local_site = LocalSite::read(&mut context.pool()).await.ok();
|
let local_site = LocalSite::read(&mut context.pool()).await.ok();
|
||||||
let slur_regex = &local_site_opt_to_slur_regex(&local_site);
|
let slur_regex = &local_site_opt_to_slur_regex(&local_site);
|
||||||
let content = remove_slurs(&content, slur_regex);
|
let content = remove_slurs(&content, slur_regex);
|
||||||
let content = sanitize_html(&content);
|
let content = sanitize_html_federation(&content);
|
||||||
let language_id =
|
let language_id =
|
||||||
LanguageTag::to_language_id_single(note.language, &mut context.pool()).await?;
|
LanguageTag::to_language_id_single(note.language, &mut context.pool()).await?;
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@ use activitypub_federation::{
|
||||||
use chrono::{DateTime, Utc};
|
use chrono::{DateTime, Utc};
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
utils::{local_site_opt_to_slur_regex, sanitize_html_opt},
|
utils::{local_site_opt_to_slur_regex, sanitize_html_federation_opt},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
newtypes::InstanceId,
|
newtypes::InstanceId,
|
||||||
|
@ -133,8 +133,8 @@ impl Object for ApubSite {
|
||||||
let instance = DbInstance::read_or_create(&mut data.pool(), domain.to_string()).await?;
|
let instance = DbInstance::read_or_create(&mut data.pool(), domain.to_string()).await?;
|
||||||
|
|
||||||
let sidebar = read_from_string_or_source_opt(&apub.content, &None, &apub.source);
|
let sidebar = read_from_string_or_source_opt(&apub.content, &None, &apub.source);
|
||||||
let sidebar = sanitize_html_opt(&sidebar);
|
let sidebar = sanitize_html_federation_opt(&sidebar);
|
||||||
let description = sanitize_html_opt(&apub.summary);
|
let description = sanitize_html_federation_opt(&apub.summary);
|
||||||
|
|
||||||
let site_form = SiteInsertForm {
|
let site_form = SiteInsertForm {
|
||||||
name: apub.name.clone(),
|
name: apub.name.clone(),
|
||||||
|
|
|
@ -19,7 +19,12 @@ use activitypub_federation::{
|
||||||
use chrono::{DateTime, Utc};
|
use chrono::{DateTime, Utc};
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
utils::{generate_outbox_url, local_site_opt_to_slur_regex, sanitize_html, sanitize_html_opt},
|
utils::{
|
||||||
|
generate_outbox_url,
|
||||||
|
local_site_opt_to_slur_regex,
|
||||||
|
sanitize_html_federation,
|
||||||
|
sanitize_html_federation_opt,
|
||||||
|
},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::person::{Person as DbPerson, PersonInsertForm, PersonUpdateForm},
|
source::person::{Person as DbPerson, PersonInsertForm, PersonUpdateForm},
|
||||||
|
@ -141,10 +146,10 @@ impl Object for ApubPerson {
|
||||||
) -> Result<ApubPerson, LemmyError> {
|
) -> Result<ApubPerson, LemmyError> {
|
||||||
let instance_id = fetch_instance_actor_for_object(&person.id, context).await?;
|
let instance_id = fetch_instance_actor_for_object(&person.id, context).await?;
|
||||||
|
|
||||||
let name = sanitize_html(&person.preferred_username);
|
let name = sanitize_html_federation(&person.preferred_username);
|
||||||
let display_name = sanitize_html_opt(&person.name);
|
let display_name = sanitize_html_federation_opt(&person.name);
|
||||||
let bio = read_from_string_or_source_opt(&person.summary, &None, &person.source);
|
let bio = read_from_string_or_source_opt(&person.summary, &None, &person.source);
|
||||||
let bio = sanitize_html_opt(&bio);
|
let bio = sanitize_html_federation_opt(&bio);
|
||||||
|
|
||||||
// Some Mastodon users have `name: ""` (empty string), need to convert that to `None`
|
// Some Mastodon users have `name: ""` (empty string), need to convert that to `None`
|
||||||
// https://github.com/mastodon/mastodon/issues/25233
|
// https://github.com/mastodon/mastodon/issues/25233
|
||||||
|
@ -260,7 +265,7 @@ pub(crate) mod tests {
|
||||||
assert_eq!(person.name, "lanodan");
|
assert_eq!(person.name, "lanodan");
|
||||||
assert!(!person.local);
|
assert!(!person.local);
|
||||||
assert_eq!(context.request_count(), 0);
|
assert_eq!(context.request_count(), 0);
|
||||||
assert_eq!(person.bio.as_ref().unwrap().len(), 873);
|
assert_eq!(person.bio.as_ref().unwrap().len(), 878);
|
||||||
|
|
||||||
cleanup((person, site), &context).await;
|
cleanup((person, site), &context).await;
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,8 +29,8 @@ use lemmy_api_common::{
|
||||||
is_mod_or_admin,
|
is_mod_or_admin,
|
||||||
local_site_opt_to_sensitive,
|
local_site_opt_to_sensitive,
|
||||||
local_site_opt_to_slur_regex,
|
local_site_opt_to_slur_regex,
|
||||||
sanitize_html,
|
sanitize_html_federation,
|
||||||
sanitize_html_opt,
|
sanitize_html_federation_opt,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
|
@ -237,9 +237,9 @@ impl Object for ApubPost {
|
||||||
let language_id =
|
let language_id =
|
||||||
LanguageTag::to_language_id_single(page.language, &mut context.pool()).await?;
|
LanguageTag::to_language_id_single(page.language, &mut context.pool()).await?;
|
||||||
|
|
||||||
let name = sanitize_html(&name);
|
let name = sanitize_html_federation(&name);
|
||||||
let embed_title = sanitize_html_opt(&embed_title);
|
let embed_title = sanitize_html_federation_opt(&embed_title);
|
||||||
let embed_description = sanitize_html_opt(&embed_description);
|
let embed_description = sanitize_html_federation_opt(&embed_description);
|
||||||
|
|
||||||
PostInsertForm {
|
PostInsertForm {
|
||||||
name,
|
name,
|
||||||
|
|
|
@ -14,7 +14,7 @@ use activitypub_federation::{
|
||||||
use chrono::{DateTime, Utc};
|
use chrono::{DateTime, Utc};
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
utils::{check_person_block, sanitize_html},
|
utils::{check_person_block, sanitize_html_federation},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
source::{
|
source::{
|
||||||
|
@ -125,7 +125,7 @@ impl Object for ApubPrivateMessage {
|
||||||
check_person_block(creator.id, recipient.id, &mut context.pool()).await?;
|
check_person_block(creator.id, recipient.id, &mut context.pool()).await?;
|
||||||
|
|
||||||
let content = read_from_string_or_source(¬e.content, &None, ¬e.source);
|
let content = read_from_string_or_source(¬e.content, &None, ¬e.source);
|
||||||
let content = sanitize_html(&content);
|
let content = sanitize_html_federation(&content);
|
||||||
|
|
||||||
let form = PrivateMessageInsertForm {
|
let form = PrivateMessageInsertForm {
|
||||||
creator_id: creator.id,
|
creator_id: creator.id,
|
||||||
|
|
|
@ -25,7 +25,7 @@ use activitypub_federation::{
|
||||||
use chrono::{DateTime, Utc};
|
use chrono::{DateTime, Utc};
|
||||||
use lemmy_api_common::{
|
use lemmy_api_common::{
|
||||||
context::LemmyContext,
|
context::LemmyContext,
|
||||||
utils::{local_site_opt_to_slur_regex, sanitize_html, sanitize_html_opt},
|
utils::{local_site_opt_to_slur_regex, sanitize_html_federation, sanitize_html_federation_opt},
|
||||||
};
|
};
|
||||||
use lemmy_db_schema::{
|
use lemmy_db_schema::{
|
||||||
newtypes::InstanceId,
|
newtypes::InstanceId,
|
||||||
|
@ -97,10 +97,10 @@ impl Group {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) fn into_insert_form(self, instance_id: InstanceId) -> CommunityInsertForm {
|
pub(crate) fn into_insert_form(self, instance_id: InstanceId) -> CommunityInsertForm {
|
||||||
let name = sanitize_html(&self.preferred_username);
|
let name = sanitize_html_federation(&self.preferred_username);
|
||||||
let title = sanitize_html(&self.name.unwrap_or(self.preferred_username));
|
let title = sanitize_html_federation(&self.name.unwrap_or(self.preferred_username));
|
||||||
let description = read_from_string_or_source_opt(&self.summary, &None, &self.source);
|
let description = read_from_string_or_source_opt(&self.summary, &None, &self.source);
|
||||||
let description = sanitize_html_opt(&description);
|
let description = sanitize_html_federation_opt(&description);
|
||||||
|
|
||||||
CommunityInsertForm {
|
CommunityInsertForm {
|
||||||
name,
|
name,
|
||||||
|
|
|
@ -299,16 +299,6 @@ diesel::table! {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
diesel::table! {
|
|
||||||
image_upload (id) {
|
|
||||||
id -> Int4,
|
|
||||||
local_user_id -> Int4,
|
|
||||||
pictrs_alias -> Text,
|
|
||||||
pictrs_delete_token -> Text,
|
|
||||||
published -> Timestamptz,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
diesel::table! {
|
diesel::table! {
|
||||||
instance (id) {
|
instance (id) {
|
||||||
id -> Int4,
|
id -> Int4,
|
||||||
|
@ -415,9 +405,9 @@ diesel::table! {
|
||||||
totp_2fa_secret -> Nullable<Text>,
|
totp_2fa_secret -> Nullable<Text>,
|
||||||
totp_2fa_url -> Nullable<Text>,
|
totp_2fa_url -> Nullable<Text>,
|
||||||
open_links_in_new_tab -> Bool,
|
open_links_in_new_tab -> Bool,
|
||||||
infinite_scroll_enabled -> Bool,
|
|
||||||
blur_nsfw -> Bool,
|
blur_nsfw -> Bool,
|
||||||
auto_expand -> Bool,
|
auto_expand -> Bool,
|
||||||
|
infinite_scroll_enabled -> Bool,
|
||||||
admin -> Bool,
|
admin -> Bool,
|
||||||
post_listing_mode -> PostListingModeEnum,
|
post_listing_mode -> PostListingModeEnum,
|
||||||
}
|
}
|
||||||
|
@ -903,7 +893,6 @@ diesel::joinable!(custom_emoji_keyword -> custom_emoji (custom_emoji_id));
|
||||||
diesel::joinable!(email_verification -> local_user (local_user_id));
|
diesel::joinable!(email_verification -> local_user (local_user_id));
|
||||||
diesel::joinable!(federation_allowlist -> instance (instance_id));
|
diesel::joinable!(federation_allowlist -> instance (instance_id));
|
||||||
diesel::joinable!(federation_blocklist -> instance (instance_id));
|
diesel::joinable!(federation_blocklist -> instance (instance_id));
|
||||||
diesel::joinable!(image_upload -> local_user (local_user_id));
|
|
||||||
diesel::joinable!(local_site -> site (site_id));
|
diesel::joinable!(local_site -> site (site_id));
|
||||||
diesel::joinable!(local_site_rate_limit -> local_site (local_site_id));
|
diesel::joinable!(local_site_rate_limit -> local_site (local_site_id));
|
||||||
diesel::joinable!(local_user -> person (person_id));
|
diesel::joinable!(local_user -> person (person_id));
|
||||||
|
@ -978,7 +967,6 @@ diesel::allow_tables_to_appear_in_same_query!(
|
||||||
email_verification,
|
email_verification,
|
||||||
federation_allowlist,
|
federation_allowlist,
|
||||||
federation_blocklist,
|
federation_blocklist,
|
||||||
image_upload,
|
|
||||||
instance,
|
instance,
|
||||||
language,
|
language,
|
||||||
local_site,
|
local_site,
|
||||||
|
|
Loading…
Reference in a new issue