# frozen_string_literal: true
require 'singleton'
require_relative './sanitize_config'
class HTMLRenderer < Redcarpet::Render::HTML
def block_code(code, language)
"
#{encode(code).gsub("\n", "
")}
"
end
def autolink(link, link_type)
return link if link_type == :email
Formatter.instance.link_url(link)
end
private
def html_entities
@html_entities ||= HTMLEntities.new
end
def encode(html)
html_entities.encode(html)
end
end
class Formatter
include Singleton
include RoutingHelper
include ActionView::Helpers::TextHelper
BBCODE_TAGS = {
url: {
html_open: '', html_close: '',
description: '', example: '',
require_between: true,
allow_quick_param: true, allow_between_as_param: true,
quick_param_format: %r{^(\S+://\S+|/\S+)$},
quick_param_format_description: '',
param_tokens: [{token: :url}]
},
list: {
html_open: '',
description: '', example: '',
only_allow: [:li, '*'.to_sym],
block_tag: true,
},
ul: {
html_open: '',
description: '', example: '',
only_allow: [:li, '*'.to_sym],
block_tag: true,
},
ol: {
html_open: '', html_close: '
',
description: '', example: '',
only_allow: [:li, '*'.to_sym],
block_tag: true,
},
li: {
html_open: '', html_close: '',
description: '', example: '',
block_tag: true,
only_in: %i[list ul ol]
},
'*': {
html_open: '', html_close: '',
description: '', example: '',
self_closable: true, block_tag: true,
only_in: %i[list ul ol]
},
sub: {
html_open: '', html_close: '',
description: '', example: '',
},
sup: {
html_open: '', html_close: '',
description: '', example: '',
},
h1: {
html_open: '', html_close: '
',
description: '', example: '',
},
h2: {
html_open: '', html_close: '
',
description: '', example: '',
},
h3: {
html_open: '', html_close: '
',
description: '', example: '',
},
h4: {
html_open: '', html_close: '
',
description: '', example: '',
},
h5: {
html_open: '', html_close: '
',
description: '', example: '',
},
h6: {
html_open: '', html_close: '
',
description: '', example: '',
},
abbr: {
html_open: '', html_close: '',
description: '', example: '',
},
hr: {
html_open: '
', html_close: '',
description: '', example: '',
},
b: {
html_open: '', html_close: '',
description: '', example: '',
},
i: {
html_open: '', html_close: '',
description: '', example: '',
},
flip: {
html_open: '', html_close: '',
description: '', example: '',
allow_quick_param: true, allow_between_as_param: false,
quick_param_format: /(h|v)/,
param_tokens: [{token: :direction}]
},
size: {
html_open: '', html_close: '',
description: '', example: '',
allow_quick_param: true, allow_between_as_param: false,
quick_param_format: /([1-6])/,
param_tokens: [{token: :size}]
},
quote: {
html_open: '', html_close: '
',
description: '', example: '',
block_tag: true,
},
kbd: {
html_open: '', html_close: '
',
description: '', example: '',
},
code: {
html_open: '', html_close: '
',
description: '', example: '',
block_tag: true,
},
u: {
html_open: '', html_close: '',
description: '', example: '',
},
s: {
html_open: '', html_close: '',
description: '', example: '',
},
del: {
html_open: '', html_close: '',
description: '', example: '',
},
left: {
html_open: '', html_close: '',
description: '', example: '',
},
center: {
html_open: '', html_close: '',
description: '', example: '',
},
right: {
html_open: '', html_close: '',
description: '', example: '',
},
lfloat: {
html_open: '', html_close: '',
description: '', example: '',
},
rfloat: {
html_open: '', html_close: '',
description: '', example: '',
},
spoiler: {
html_open: '', html_close: '',
description: '', example: '',
},
}
def format(status, **options)
if status.reblog?
prepend_reblog = status.reblog.account.acct
status = status.proper
else
prepend_reblog = false
end
raw_content = status.text
if options[:inline_poll_options] && status.preloadable_poll
raw_content = raw_content + "\n\n" + status.preloadable_poll.options.map { |title| "[ ] #{title}" }.join("\n")
end
return '' if raw_content.blank?
unless status.local?
html = reformat(raw_content)
html = encode_custom_emojis(html, status.emojis, options[:autoplay]) if options[:custom_emojify]
return html.html_safe # rubocop:disable Rails/OutputSafety
end
linkable_accounts = status.active_mentions.map(&:account)
linkable_accounts << status.account
html = raw_content
html = "RT @#{prepend_reblog} #{html}" if prepend_reblog
case status.content_type
when 'text/markdown'
html = format_markdown(html)
when 'text/x-bbcode'
html = format_bbcode(html)
when 'text/x-bbcode+markdown'
html = format_bbdown(html)
end
html = format_screenreader(html)
html = encode_and_link_urls(html, linkable_accounts, keep_html: %w(text/markdown text/x-bbcode text/x-bbcode+markdown text/html).include?(status.content_type))
if %w(text/markdown text/x-bbcode text/x-bbcode+markdown text/html).include?(status.content_type)
is_html = status.content_type == 'text/html'
html = reformat(html, strip_newlines: !is_html)
html.gsub!("\n", '
') if is_html
else
html = simple_format(html, {}, sanitize: false)
html = html.delete("\n")
html = format_console(html) if status.content_type == 'text/console'
end
unless status.footer.blank?
footer = status.footer
footer = encode_and_link_urls(footer)
html = "#{html.strip}\n— #{footer}
"
end
if status.draft?
html = "Draft
\n#{html}"
end
html = encode_custom_emojis(html, status.emojis, options[:autoplay]) if options[:custom_emojify]
html.html_safe # rubocop:disable Rails/OutputSafety
end
def format_screenreader(html)
html.gsub(/\ufdd3(.*)\ufdd4/m, '\1')
end
def format_console(html)
cursor = ''
"#{html.strip.sub(/<\/p>\Z/, cursor)}
"
end
def format_markdown(html)
html = markdown_formatter.render(html)
end
def format_bbcode(html)
html = bbcode_formatter(html)
html.gsub(/
.*<\/hr>/im, '
')
end
def format_bbdown(html)
html = format_bbcode(html)
html = html.gsub(/
|
/, '')
format_markdown(html)
end
def reformat(html, strip_newlines: true)
html = sanitize(html, Sanitize::Config::MASTODON_STRICT)
return html.delete("\r").delete("\n") if strip_newlines
html.gsub!("\r\n", "\n")
html.gsub!("\n\r", "\n")
html.gsub("\r", "\n")
end
def plaintext(status)
return status.text if status.local?
text = status.text.gsub(/(
|
|<\/p>)+/) { |match| "#{match}\n" }
strip_tags(text)
end
def simplified_format(account, **options)
if account.local?
html = format_bbdown(account.note)
html = encode_and_link_urls(html, keep_html: true)
html = reformat(html)
else
html = reformat(account.note)
end
html = encode_custom_emojis(html, account.emojis, options[:autoplay]) if account.local? && options[:custom_emojify]
html.html_safe # rubocop:disable Rails/OutputSafety
end
def sanitize(html, config)
Sanitize.fragment(html, config)
end
def format_spoiler(status, **options)
html = encode(status.spoiler_text)
html = encode_custom_emojis(html, status.emojis, options[:autoplay])
html.html_safe # rubocop:disable Rails/OutputSafety
end
def format_poll_option(status, option, **options)
html = encode(option.title)
html = encode_custom_emojis(html, status.emojis, options[:autoplay])
html.html_safe # rubocop:disable Rails/OutputSafety
end
def format_display_name(account, **options)
html = encode(account.display_name.presence || account.username)
html = encode_custom_emojis(html, account.emojis, options[:autoplay]) if options[:custom_emojify]
html.html_safe # rubocop:disable Rails/OutputSafety
end
def format_field(account, str, **options)
return reformat(str).html_safe unless account.local? # rubocop:disable Rails/OutputSafety
html = encode_and_link_urls(str, me: true)
html = encode_custom_emojis(html, account.emojis, options[:autoplay]) if options[:custom_emojify]
html.html_safe # rubocop:disable Rails/OutputSafety
end
def linkify(text)
html = encode_and_link_urls(text)
html = simple_format(html, {}, sanitize: false)
html = html.delete("\n")
html.html_safe # rubocop:disable Rails/OutputSafety
end
def link_url(url)
"#{link_html(url)}"
end
private
def bbcode_formatter(html)
begin
html.gsub!(/\[(?=[^\w\/])/, "\ufdd6")
html = html.bbcode_to_html(false, BBCODE_TAGS, :enable, *BBCODE_TAGS.keys)
html.gsub!("\ufdd6", '[')
rescue Exception => e
end
html
end
def markdown_formatter
extensions = {
autolink: true,
no_intra_emphasis: true,
fenced_code_blocks: true,
disable_indented_code_blocks: true,
strikethrough: true,
lax_spacing: true,
space_after_headers: true,
superscript: true,
underline: true,
highlight: true,
footnotes: false,
}
renderer = HTMLRenderer.new({
filter_html: false,
escape_html: false,
no_images: true,
no_styles: true,
safe_links_only: true,
hard_wrap: true,
link_attributes: { target: '_blank', rel: 'nofollow noopener' },
})
Redcarpet::Markdown.new(renderer, extensions)
end
def html_entities
@html_entities ||= HTMLEntities.new
end
def encode(html)
html_entities.encode(html)
end
def encode_and_link_urls(html, accounts = nil, options = {})
if accounts.is_a?(Hash)
options = accounts
accounts = nil
end
entities = options[:keep_html] ? html_friendly_extractor(html) : utf8_friendly_extractor(html, extract_url_without_protocol: false)
rewrite(html.dup, entities, options[:keep_html]) do |entity|
if entity[:url]
link_to_url(entity, options)
elsif entity[:hashtag]
link_to_hashtag(entity)
elsif entity[:screen_name]
link = link_to_pseudo(entity[:screen_name])
link.nil? ? link_to_mention(entity, accounts) : link
end
end
end
def count_tag_nesting(tag)
if tag[1] == '/' then -1
elsif tag[-2] == '/' then 0
else 1
end
end
def encode_custom_emojis(html, emojis, animate = false)
return html if emojis.empty?
emoji_map = if animate
emojis.each_with_object({}) { |e, h| h[e.shortcode] = full_asset_url(e.image.url) }
else
emojis.each_with_object({}) { |e, h| h[e.shortcode] = full_asset_url(e.image.url(:static)) }
end
i = -1
tag_open_index = nil
inside_shortname = false
shortname_start_index = -1
invisible_depth = 0
while i + 1 < html.size
i += 1
if invisible_depth.zero? && inside_shortname && html[i] == ':'
shortcode = html[shortname_start_index + 1..i - 1]
emoji = emoji_map[shortcode]
if emoji
replacement = ""
before_html = shortname_start_index.positive? ? html[0..shortname_start_index - 1] : ''
html = before_html + replacement + html[i + 1..-1]
i += replacement.size - (shortcode.size + 2) - 1
else
i -= 1
end
inside_shortname = false
elsif tag_open_index && html[i] == '>'
tag = html[tag_open_index..i]
tag_open_index = nil
if invisible_depth.positive?
invisible_depth += count_tag_nesting(tag)
elsif tag == ''
invisible_depth = 1
end
elsif html[i] == '<'
tag_open_index = i
inside_shortname = false
elsif !tag_open_index && html[i] == ':'
inside_shortname = true
shortname_start_index = i
end
end
html
end
def rewrite(text, entities, keep_html = false)
text = text.to_s
# Sort by start index
entities = entities.sort_by do |entity|
indices = entity.respond_to?(:indices) ? entity.indices : entity[:indices]
indices.first
end
result = []
last_index = entities.reduce(0) do |index, entity|
indices = entity.respond_to?(:indices) ? entity.indices : entity[:indices]
result << (keep_html ? text[index...indices.first] : encode(text[index...indices.first]))
result << yield(entity)
indices.last
end
result << (keep_html ? text[last_index..-1] : encode(text[last_index..-1]))
result.flatten.join
end
UNICODE_ESCAPE_BLACKLIST_RE = /\p{Z}|\p{P}/
def utf8_friendly_extractor(text, options = {})
old_to_new_index = [0]
escaped = text.chars.map do |c|
output = begin
if c.ord.to_s(16).length > 2 && UNICODE_ESCAPE_BLACKLIST_RE.match(c).nil?
CGI.escape(c)
else
c
end
end
old_to_new_index << old_to_new_index.last + output.length
output
end.join
# Note: I couldn't obtain list_slug with @user/list-name format
# for mention so this requires additional check
special = Extractor.extract_urls_with_indices(escaped, options).map do |extract|
new_indices = [
old_to_new_index.find_index(extract[:indices].first),
old_to_new_index.find_index(extract[:indices].last),
]
next extract.merge(
indices: new_indices,
url: text[new_indices.first..new_indices.last - 1]
)
end
standard = Extractor.extract_entities_with_indices(text, options)
Extractor.remove_overlapping_entities(special + standard)
end
def html_friendly_extractor(html, options = {})
gaps = []
total_offset = 0
escaped = html.gsub(/<[^>]*>/) do |match|
total_offset += match.length - 1
end_offset = Regexp.last_match.end(0)
gaps << [end_offset - total_offset, total_offset]
"\u200b"
end
entities = Extractor.extract_hashtags_with_indices(escaped, :check_url_overlap => false) +
Extractor.extract_mentions_or_lists_with_indices(escaped)
Extractor.remove_overlapping_entities(entities).map do |extract|
pos = extract[:indices].first
offset_idx = gaps.rindex { |gap| gap.first <= pos }
offset = offset_idx.nil? ? 0 : gaps[offset_idx].last
next extract.merge(
:indices => [extract[:indices].first + offset, extract[:indices].last + offset]
)
end
end
def link_to_url(entity, options = {})
url = Addressable::URI.parse(entity[:url])
html_attrs = { target: '_blank', rel: 'nofollow noopener' }
html_attrs[:rel] = "me #{html_attrs[:rel]}" if options[:me]
Twitter::Autolink.send(:link_to_text, entity, link_html(entity[:url]), url, html_attrs)
rescue Addressable::URI::InvalidURIError, IDN::Idna::IdnaError
encode(entity[:url])
end
def link_to_mention(entity, linkable_accounts)
acct = entity[:screen_name]
return link_to_account(acct) unless linkable_accounts
account = linkable_accounts.find { |item| TagManager.instance.same_acct?(item.acct, acct) }
username, domain = acct.split('@', 2)
domain = (Rails.configuration.x.web_domain || Rails.configuration.x.local_domain) if domain.nil?
account ? mention_html(account) : anchor_html("@#{acct}", "https://#{domain}/@#{username}")
end
def link_to_account(acct)
username, domain = acct.split('@', 2)
domain = nil if TagManager.instance.local_domain?(domain)
account = EntityCache.instance.mention(username, domain)
domain = (Rails.configuration.x.web_domain || Rails.configuration.x.local_domain) if domain.nil?
account ? mention_html(account) : anchor_html("@#{acct}", "https://#{domain}/@#{username}")
end
def link_to_hashtag(entity)
hashtag_html(entity[:hashtag])
end
def link_html(url)
url = Addressable::URI.parse(url).to_s
prefix = url.match(/\Ahttps?:\/\/(www\.)?/).to_s
text = url[prefix.length, 30]
suffix = url[prefix.length + 30..-1]
cutoff = url[prefix.length..-1].length > 30
"#{encode(prefix)}#{encode(text)}#{encode(suffix)}"
end
def hashtag_html(tag)
"##{encode(tag)}"
end
def mention_html(account)
"@#{encode(account.username)}"
end
def anchor_html(text, url)
"#{encode(text)}"
end
def link_to_pseudo(acct)
username, domain = acct.split('@', 2)
case domain
when 'twitter', 'twitter.com'
anchor_html("@#{username}@twitter.com", "https://twitter.com/#{username}")
when 'tumblr', 'tumblr.com'
anchor_html("#{username}@tumblr.com", "https://#{username}.tumblr.com")
when 'weasyl', 'weasyl.com'
anchor_html("#{username}@weasyl.com", "https://weasyl.com/~#{username}")
when 'furaffinity', 'fa', 'furaffinity.net'
anchor_html("#{username}@furaffinity.net", "https://furaffinity.net/user/#{username}")
when 'furrynetwork', 'fn', 'furrynetwork.com', 'beta.furrynetwork.com'
anchor_html("#{username}@furrynetwork.com", "https://furrynetwork.com/#{username}")
when 'sofurry', 'sf', 'sofurry.com'
anchor_html("#{username}@sofurry.com", "https://#{username}.sofurry.com")
when 'inkbunny', 'ib', 'inkbunny.net'
anchor_html("#{username}@inkbunny.net", "https://inkbunny.net/#{username}")
when 'e621', 'e6', 'e621.net'
anchor_html("#{username}@e621.net", "https://e621.net/user/show/#{username}")
when 'e926', 'e9', 'e926.net'
anchor_html("#{username}@e926.net", "https://e926.net/user/show/#{username}")
when 'f-list', 'flist', 'fl', 'f-list.net'
anchor_html("#{username}@f-list.net", "https://f-list.net/c/#{username}")
when 'deviantart', 'da', 'deviantart.com'
anchor_html("#{username}@deviantart.com", "https://#{username}.deviantart.com")
when 'artstation', 'as', 'artstation.com'
anchor_html("#{username}@artstation.com", "https://www.artstation.com/#{username}")
when 'github', 'gh', 'github.com'
anchor_html("#{username}@github.com", "https://github.com/#{username}")
when 'gitlab', 'gl', 'gitlab.com'
anchor_html("#{username}@gitlab.com", "https://gitlab.com/#{username}")
else
nil
end
end
end