# frozen_string_literal: true require 'singleton' require_relative './sanitize_config' class HTMLRenderer < Redcarpet::Render::HTML def block_code(code, language) "
#{encode(code).gsub("\n", "
")}
" end def autolink(link, link_type) return link if link_type == :email Formatter.instance.link_url(link) end private def html_entities @html_entities ||= HTMLEntities.new end def encode(html) html_entities.encode(html) end end class Formatter include Singleton include RoutingHelper include ActionView::Helpers::TextHelper BBCODE_TAGS = { url: { html_open: '', html_close: '', description: '', example: '', require_between: true, allow_quick_param: true, allow_between_as_param: true, quick_param_format: %r{^(\S+://\S+|/\S+)$}, quick_param_format_description: '', param_tokens: [{token: :url}] }, list: { html_open: '', description: '', example: '', only_allow: [:li, '*'.to_sym], block_tag: true, }, ul: { html_open: '', description: '', example: '', only_allow: [:li, '*'.to_sym], block_tag: true, }, ol: { html_open: '
    ', html_close: '
', description: '', example: '', only_allow: [:li, '*'.to_sym], block_tag: true, }, li: { html_open: '
  • ', html_close: '
  • ', description: '', example: '', block_tag: true, only_in: %i[list ul ol] }, '*': { html_open: '
  • ', html_close: '
  • ', description: '', example: '', self_closable: true, block_tag: true, only_in: %i[list ul ol] }, sub: { html_open: '', html_close: '', description: '', example: '', }, sup: { html_open: '', html_close: '', description: '', example: '', }, h1: { html_open: '

    ', html_close: '

    ', description: '', example: '', }, h2: { html_open: '

    ', html_close: '

    ', description: '', example: '', }, h3: { html_open: '

    ', html_close: '

    ', description: '', example: '', }, h4: { html_open: '

    ', html_close: '

    ', description: '', example: '', }, h5: { html_open: '
    ', html_close: '
    ', description: '', example: '', }, h6: { html_open: '
    ', html_close: '
    ', description: '', example: '', }, abbr: { html_open: '', html_close: '', description: '', example: '', }, hr: { html_open: '
    ', html_close: '', description: '', example: '', }, b: { html_open: '', html_close: '', description: '', example: '', }, i: { html_open: '', html_close: '', description: '', example: '', }, flip: { html_open: '', html_close: '', description: '', example: '', allow_quick_param: true, allow_between_as_param: false, quick_param_format: /(h|v)/, param_tokens: [{token: :direction}] }, size: { html_open: '', html_close: '', description: '', example: '', allow_quick_param: true, allow_between_as_param: false, quick_param_format: /([1-6])/, param_tokens: [{token: :size}] }, quote: { html_open: '
    ', html_close: '
    ', description: '', example: '', block_tag: true, }, kbd: { html_open: '
    ', html_close: '
    ', description: '', example: '', }, code: { html_open: '
    ', html_close: '
    ', description: '', example: '', block_tag: true, }, u: { html_open: '', html_close: '', description: '', example: '', }, s: { html_open: '', html_close: '', description: '', example: '', }, del: { html_open: '', html_close: '', description: '', example: '', }, left: { html_open: '', html_close: '', description: '', example: '', }, center: { html_open: '', html_close: '', description: '', example: '', }, right: { html_open: '', html_close: '', description: '', example: '', }, lfloat: { html_open: '', html_close: '', description: '', example: '', }, rfloat: { html_open: '', html_close: '', description: '', example: '', }, spoiler: { html_open: '', html_close: '', description: '', example: '', }, } def format(status, **options) cached = Rails.cache.fetch("formatted_status:#{status.id}") return cached unless cached.nil? if status.reblog? prepend_reblog = status.reblog.account.acct status = status.proper else prepend_reblog = false end raw_content = status.text if options[:inline_poll_options] && status.preloadable_poll raw_content = raw_content + "\n\n" + status.preloadable_poll.options.map { |title| "[ ] #{title}" }.join("\n") end return '' if raw_content.blank? unless status.local? html = reformat(raw_content) html = encode_custom_emojis(html, status.emojis, options[:autoplay]) if options[:custom_emojify] html = html.html_safe # rubocop:disable Rails/OutputSafety Rails.cache.write("formatted_status:#{status.id}", html, expires_in: 30.minutes) return html end linkable_accounts = status.active_mentions.map(&:account) linkable_accounts << status.account html = raw_content html = "RT @#{prepend_reblog} #{html}" if prepend_reblog case status.content_type when 'text/markdown' html = format_markdown(html) when 'text/x-bbcode' html = format_bbcode(html) when 'text/x-bbcode+markdown' html = format_bbdown(html) end html = format_screenreader(html) html = encode_and_link_urls(html, linkable_accounts, keep_html: %w(text/markdown text/x-bbcode text/x-bbcode+markdown text/html).include?(status.content_type)) html = encode_custom_emojis(html, status.emojis, options[:autoplay]) if options[:custom_emojify] if %w(text/markdown text/x-bbcode text/x-bbcode+markdown text/html).include?(status.content_type) html = reformat(html) else html = simple_format(html, {}, sanitize: false) html = html.delete("\n") html = format_console(html) if status.content_type == 'text/console' end unless status.footer.blank? footer = status.footer footer = encode_and_link_urls(footer) footer = encode_custom_emojis(footer, status.emojis, options[:autoplay]) if options[:custom_emojify] html = "#{html.strip}\n

    — #{footer}

    " end unless status.tags.blank? tags = status.tags.pluck(:name).reject { |t| t.end_with?('.') }.map{ |t| "##{t}" } tags = encode_and_link_urls(tags.join(' ')) html = "#{html.strip}\n

    #{tags} \xf0\x9f\x8f\xb7

    " end html = html.html_safe # rubocop:disable Rails/OutputSafety Rails.cache.write("formatted_status:#{status.id}", html, expires_in: 30.minutes) html end def format_screenreader(html) html.gsub(/\uf333(.*)\uf334/m, '') end def format_console(html) cursor = '' "
    #{html.strip.sub(/<\/p>\Z/, cursor)}

    " end def format_markdown(html) html = markdown_formatter.render(html) end def format_bbcode(html) html = bbcode_formatter(html) html.gsub(/
    .*<\/hr>/im, '
    ') end def format_bbdown(html) html = format_bbcode(html) html = html.gsub(/
    |
    /, '') format_markdown(html) end def reformat(html) sanitize(html, Sanitize::Config::MASTODON_STRICT).delete("\r").delete("\n") end def plaintext(status) return status.text if status.local? text = status.text.gsub(/(
    |
    |<\/p>)+/) { |match| "#{match}\n" } strip_tags(text) end def simplified_format(account, **options) cached = Rails.cache.fetch("formatted_account:#{account.id}") return cached unless cached.nil? if account.local? html = format_bbdown(account.note) html = encode_and_link_urls(html, keep_html: true) html = reformat(html) html = encode_custom_emojis(html, account.emojis, options[:autoplay]) if options[:custom_emojify] html = html.html_safe # rubocop:disable Rails/OutputSafety else html = reformat(account.note) end Rails.cache.write("formatted_account:#{account.id}", html, expires_in: 30.minutes) html end def sanitize(html, config) Sanitize.fragment(html, config) end def format_spoiler(status, **options) cached = Rails.cache.fetch("formatted_spoiler:#{status.id}") return cached unless cached.nil? html = encode(status.spoiler_text) html = encode_custom_emojis(html, status.emojis, options[:autoplay]) html = html.html_safe # rubocop:disable Rails/OutputSafety Rails.cache.write("formatted_spoiler:#{status.id}", html, expires_in: 30.minutes) html end def format_poll_option(status, option, **options) cached = Rails.cache.fetch("formatted_poll:#{status.id}:#{option.id}") return cached unless cached.nil? html = encode(option.title) html = encode_custom_emojis(html, status.emojis, options[:autoplay]) html = html.html_safe # rubocop:disable Rails/OutputSafety Rails.cache.write("formatted_poll:#{status.id}:#{option.id}", html, expires_in: 30.minutes) html end def format_display_name(account, **options) cached = Rails.cache.fetch("formatted_display_name:#{account.id}") return cached unless cached.nil? html = encode(account.display_name.presence || account.username) html = encode_custom_emojis(html, account.emojis, options[:autoplay]) if options[:custom_emojify] html = html.html_safe # rubocop:disable Rails/OutputSafety Rails.cache.write("formatted_display_name:#{account.id}", html, expires_in: 30.minutes) html end def format_field(account, str, **options) return reformat(str).html_safe unless account.local? # rubocop:disable Rails/OutputSafety html = encode_and_link_urls(str, me: true) html = encode_custom_emojis(html, account.emojis, options[:autoplay]) if options[:custom_emojify] html.html_safe # rubocop:disable Rails/OutputSafety end def linkify(text) html = encode_and_link_urls(text) html = simple_format(html, {}, sanitize: false) html = html.delete("\n") html.html_safe # rubocop:disable Rails/OutputSafety end def link_url(url) "#{link_html(url)}" end private def bbcode_formatter(html) begin html.gsub!(/\[(?=[^\w\/])/, "\uf666") html = html.bbcode_to_html(false, BBCODE_TAGS, :enable, *BBCODE_TAGS.keys) html.gsub!("\uf666", '[') rescue Exception => e end html end def markdown_formatter return @markdown_formatter if defined?(@markdown_formatter) extensions = { autolink: true, no_intra_emphasis: true, fenced_code_blocks: true, disable_indented_code_blocks: true, strikethrough: true, lax_spacing: true, space_after_headers: true, superscript: true, underline: true, highlight: true, footnotes: false, } renderer = HTMLRenderer.new({ filter_html: false, escape_html: false, no_images: true, no_styles: true, safe_links_only: true, hard_wrap: true, link_attributes: { target: '_blank', rel: 'nofollow noopener' }, }) @markdown_formatter = Redcarpet::Markdown.new(renderer, extensions) end def html_entities @html_entities ||= HTMLEntities.new end def encode(html) html_entities.encode(html) end def encode_and_link_urls(html, accounts = nil, options = {}) if accounts.is_a?(Hash) options = accounts accounts = nil end entities = options[:keep_html] ? html_friendly_extractor(html) : utf8_friendly_extractor(html, extract_url_without_protocol: false) rewrite(html.dup, entities, options[:keep_html]) do |entity| if entity[:url] link_to_url(entity, options) elsif entity[:hashtag] link_to_hashtag(entity) elsif entity[:screen_name] link = link_to_pseudo(entity[:screen_name]) link.nil? ? link_to_mention(entity, accounts) : link end end end def count_tag_nesting(tag) if tag[1] == '/' then -1 elsif tag[-2] == '/' then 0 else 1 end end def encode_custom_emojis(html, emojis, animate = false) return html if emojis.empty? emoji_map = if animate emojis.each_with_object({}) { |e, h| h[e.shortcode] = full_asset_url(e.image.url) } else emojis.each_with_object({}) { |e, h| h[e.shortcode] = full_asset_url(e.image.url(:static)) } end i = -1 tag_open_index = nil inside_shortname = false shortname_start_index = -1 invisible_depth = 0 while i + 1 < html.size i += 1 if invisible_depth.zero? && inside_shortname && html[i] == ':' shortcode = html[shortname_start_index + 1..i - 1] emoji = emoji_map[shortcode] if emoji replacement = "\":#{encode(shortcode)}:\"" before_html = shortname_start_index.positive? ? html[0..shortname_start_index - 1] : '' html = before_html + replacement + html[i + 1..-1] i += replacement.size - (shortcode.size + 2) - 1 else i -= 1 end inside_shortname = false elsif tag_open_index && html[i] == '>' tag = html[tag_open_index..i] tag_open_index = nil if invisible_depth.positive? invisible_depth += count_tag_nesting(tag) elsif tag == '