diff options
| author | Ben Lubar <github@lubar.me> | 2020-05-28 05:47:40 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-28 12:47:40 +0200 |
| commit | ead09f5ddc73034fcd573b459868dd1ca13b647a (patch) | |
| tree | ed2f828f33f44268a05377b6907f7af37d253677 | |
| parent | c8cee24cb34fadf5d3887346f5b9333e0036adf6 (diff) | |
Fix exception when trying to serialize posts with <a> tags in them without hrefs (#1334)
* fix exception when trying to serialize posts with <a> tags in them without hrefs * Add tests Co-authored-by: Thibaut Girka <thib@sitedethib.com>
| -rw-r--r-- | app/lib/sanitize_config.rb | 2 | ||||
| -rw-r--r-- | app/lib/tag_manager.rb | 1 | ||||
| -rw-r--r-- | spec/lib/sanitize_config_spec.rb | 38 |
3 files changed, 30 insertions, 11 deletions
diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb index 34793ed93..dfd8b9f91 100644 --- a/app/lib/sanitize_config.rb +++ b/app/lib/sanitize_config.rb @@ -55,7 +55,7 @@ class Sanitize end LINK_REL_TRANSFORMER = lambda do |env| - return unless env[:node_name] == 'a' + return unless env[:node_name] == 'a' and env[:node]['href'] node = env[:node] diff --git a/app/lib/tag_manager.rb b/app/lib/tag_manager.rb index d06bea059..29dde128c 100644 --- a/app/lib/tag_manager.rb +++ b/app/lib/tag_manager.rb @@ -32,6 +32,7 @@ class TagManager def local_url?(url) uri = Addressable::URI.parse(url).normalize + return false unless uri.host domain = uri.host + (uri.port ? ":#{uri.port}" : '') TagManager.instance.web_domain?(domain) diff --git a/spec/lib/sanitize_config_spec.rb b/spec/lib/sanitize_config_spec.rb index 7370c536b..28a548c49 100644 --- a/spec/lib/sanitize_config_spec.rb +++ b/spec/lib/sanitize_config_spec.rb @@ -4,15 +4,7 @@ require 'rails_helper' require Rails.root.join('app', 'lib', 'sanitize_config.rb') describe Sanitize::Config do - describe '::MASTODON_STRICT' do - subject { Sanitize::Config::MASTODON_STRICT } - - around do |example| - original_web_domain = Rails.configuration.x.web_domain - example.run - Rails.configuration.x.web_domain = original_web_domain - end - + shared_examples 'common HTML sanitization' do it 'keeps h1' do expect(Sanitize.fragment('<h1>Foo</h1>', subject)).to eq '<h1>Foo</h1>' end @@ -37,13 +29,39 @@ describe Sanitize::Config do expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>' end + it 'removes a with unparsable href' do + expect(Sanitize.fragment('<a href=" https://google.fr">Test</a>', subject)).to eq 'Test' + end + + it 'keeps a with supported scheme and no host' do + expect(Sanitize.fragment('<a href="dweb:/a/foo">Test</a>', subject)).to eq '<a href="dweb:/a/foo" rel="nofollow noopener noreferrer" target="_blank">Test</a>' + end + end + + describe '::MASTODON_STRICT' do + subject { Sanitize::Config::MASTODON_STRICT } + + it_behaves_like 'common HTML sanitization' + it 'keeps a with href and rel tag' do expect(Sanitize.fragment('<a href="http://example.com" rel="tag">Test</a>', subject)).to eq '<a href="http://example.com" rel="tag nofollow noopener noreferrer" target="_blank">Test</a>' end + end + + describe '::MASTODON_STRICT with outgoing toots' do + subject { Sanitize::Config::MASTODON_STRICT.merge(outgoing: true) } + + around do |example| + original_web_domain = Rails.configuration.x.web_domain + example.run + Rails.configuration.x.web_domain = original_web_domain + end + + it_behaves_like 'common HTML sanitization' it 'keeps a with href and rel tag, not adding to rel if url is local' do Rails.configuration.x.web_domain = 'domain.test' - expect(Sanitize.fragment('<a href="http://domain.test/tags/foo" rel="tag">Test</a>', subject.merge(outgoing: true))).to eq '<a href="http://domain.test/tags/foo" rel="tag" target="_blank">Test</a>' + expect(Sanitize.fragment('<a href="http://domain.test/tags/foo" rel="tag">Test</a>', subject)).to eq '<a href="http://domain.test/tags/foo" rel="tag" target="_blank">Test</a>' end end end |