def scrub({_tag, children}), do: children
def scrub(text), do: text
end
+
+defmodule Pleroma.HTML.Scrubber.LinksOnly do
+ @moduledoc """
+ An HTML scrubbing policy which limits to links only.
+ """
+
+ @valid_schemes Pleroma.Config.get([:uri_schemes, :valid_schemes], [])
+
+ require HtmlSanitizeEx.Scrubber.Meta
+ alias HtmlSanitizeEx.Scrubber.Meta
+
+ Meta.remove_cdata_sections_before_scrub()
+ Meta.strip_comments()
+
+ # links
+ Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)
+
+ Meta.allow_tag_with_this_attribute_values("a", "rel", [
+ "tag",
+ "nofollow",
+ "noopener",
+ "noreferrer",
+ "me"
+ ])
+
+ Meta.allow_tag_with_these_attributes("a", ["name", "title"])
+ Meta.strip_everything_not_covered()
+end
field(:emoji, {:array, :map}, default: [])
field(:pleroma_settings_store, :map, default: %{})
field(:fields, {:array, :map}, default: [])
+ field(:raw_fields, {:array, :map}, default: [])
field(:notification_settings, :map,
default: %{
:follower_count,
:following_count,
:hide_follows,
+ :fields,
:hide_followers
])
+ |> validate_fields()
end
def profile_update(info, params) do
:show_role,
:skip_thread_containment,
:fields,
+ :raw_fields,
:pleroma_settings_store
])
|> validate_fields()
# ``fields`` is an array of mastodon profile field, containing ``{"name": "…", "value": "…"}``.
# For example: [{"name": "Pronoun", "value": "she/her"}, …]
- def fields(%{source_data: %{"attachment" => attachment}}) do
+ def fields(%{fields: [], source_data: %{"attachment" => attachment}}) do
attachment
|> Enum.filter(fn %{"type" => t} -> t == "PropertyValue" end)
|> Enum.map(fn fields -> Map.take(fields, ["name", "value"]) end)
banner = new_user_data[:info][:banner]
locked = new_user_data[:info][:locked] || false
- attachment = get_in(new_user_data, [:info, "source_data", "attachment"])
+ attachment = get_in(new_user_data, [:info, :source_data, "attachment"]) || []
+
+ fields =
+ attachment
+ |> Enum.filter(fn %{"type" => t} -> t == "PropertyValue" end)
+ |> Enum.map(fn fields -> Map.take(fields, ["name", "value"]) end)
update_data =
new_user_data
|> Map.take([:name, :bio, :avatar])
- |> Map.put(:info, %{banner: banner, locked: locked})
- |> Map.put(:info, %{"banner" => banner, "locked" => locked, "source_data" => source_data})
+ |> Map.put(:info, %{banner: banner, locked: locked, fields: fields})
actor
|> User.upgrade_changeset(update_data)
fields =
user.info
|> User.Info.fields()
+ |> Enum.map(fn %{"name" => name, "value" => value} ->
+ %{
+ "name" => Pleroma.HTML.strip_tags(name),
+ "value" => Pleroma.HTML.filter_tags(value, Pleroma.HTML.Scrubber.LinksOnly)
+ }
+ end)
|> Enum.map(&Map.put(&1, "type", "PropertyValue"))
- |> Enum.map(fn f -> Map.update!(f, "value", &AutoLinker.link(&1)) end)
%{
"id" => user.ap_id,
emojis_text = (user_params["display_name"] || "") <> (user_params["note"] || "")
user_info_emojis =
- ((user.info.emoji || []) ++ Formatter.get_emoji_map(emojis_text))
+ user.info
+ |> Map.get(:emoji, [])
+ |> Enum.concat(Formatter.get_emoji_map(emojis_text))
|> Enum.dedup()
info_params =
end)
|> add_if_present(params, "default_scope", :default_scope)
|> add_if_present(params, "fields", :fields, fn fields ->
- fields =
- Enum.map(fields, fn field ->
- %{
- "name" => Formatter.html_escape(field["name"], "text/plain"),
- "value" => Formatter.html_escape(field["value"], "text/plain")
- }
- end)
+ fields = Enum.map(fields, fn f -> Map.update!(f, "value", &AutoLinker.link(&1)) end)
{:ok, fields}
end)
+ |> add_if_present(params, "fields", :raw_fields)
|> add_if_present(params, "pleroma_settings_store", :pleroma_settings_store, fn value ->
{:ok, Map.merge(user.info.pleroma_settings_store, value)}
end)
}
end)
- fields = User.Info.fields(user.info)
- fields_html = Enum.map(fields, fn f -> Map.update!(f, "value", &AutoLinker.link(&1)) end)
+ fields =
+ user.info
+ |> User.Info.fields()
+ |> Enum.map(fn %{"name" => name, "value" => value} ->
+ %{
+ "name" => Pleroma.HTML.strip_tags(name),
+ "value" => Pleroma.HTML.filter_tags(value, Pleroma.HTML.Scrubber.LinksOnly)
+ }
+ end)
- bio = HTML.filter_tags(user.bio, User.html_filter_policy(opts[:for]))
+ raw_fields = Map.get(user.info, :raw_fields, [])
+ bio = HTML.filter_tags(user.bio, User.html_filter_policy(opts[:for]))
relationship = render("relationship.json", %{user: opts[:for], target: user})
%{
header: header,
header_static: header,
emojis: emojis,
- fields: fields_html,
+ fields: fields,
bot: bot,
source: %{
note: HTML.strip_tags((user.bio || "") |> String.replace("<br>", "\n")),
sensitive: false,
- fields: fields,
+ fields: raw_fields,
pleroma: %{}
},
|> HTML.filter_tags(User.html_filter_policy(for_user))
|> Formatter.emojify(emoji)
- fields = User.Info.fields(user.info)
+ fields =
+ user.info
+ |> User.Info.fields()
+ |> Enum.map(fn %{"name" => name, "value" => value} ->
+ %{
+ "name" => Pleroma.HTML.strip_tags(name),
+ "value" => Pleroma.HTML.filter_tags(value, Pleroma.HTML.Scrubber.LinksOnly)
+ }
+ end)
data =
%{
user = User.get_cached_by_ap_id(activity.actor)
- assert user.info.source_data["attachment"] == [
- %{"name" => "foo", "type" => "PropertyValue", "value" => "bar"},
- %{"name" => "foo1", "type" => "PropertyValue", "value" => "bar1"}
+ assert User.Info.fields(user.info) == [
+ %{"name" => "foo", "value" => "bar"},
+ %{"name" => "foo1", "value" => "bar1"}
]
update_data = File.read!("test/fixtures/mastodon-update.json") |> Poison.decode!()
user = User.get_cached_by_ap_id(user.ap_id)
- assert user.info.source_data["attachment"] == [
- %{"name" => "foo", "type" => "PropertyValue", "value" => "updated"},
- %{"name" => "foo1", "type" => "PropertyValue", "value" => "updated"}
+ assert User.Info.fields(user.info) == [
+ %{"name" => "foo", "value" => "updated"},
+ %{"name" => "foo1", "value" => "updated"}
]
end
test "Renders profile fields" do
fields = [
- %{"name" => "foo", "value" => "bar"},
- %{"name" => "website", "value" => "cofe.my"}
+ %{"name" => "foo", "value" => "bar"}
]
- user = insert(:user, info: %{fields: fields})
+ {:ok, user} =
+ insert(:user)
+ |> User.upgrade_changeset(%{info: %{fields: fields}})
+ |> User.update_and_set_cache()
assert %{
- "attachment" => [
- %{"name" => "foo", "type" => "PropertyValue", "value" => "bar"},
- %{
- "name" => "website",
- "type" => "PropertyValue",
- "value" => "<a href=\"http://cofe.my\">cofe.my</a>"
- }
- ]
+ "attachment" => [%{"name" => "foo", "type" => "PropertyValue", "value" => "bar"}]
} = UserView.render("user.json", %{user: user})
end
user = insert(:user)
fields = [
- %{"name" => "<b>foo<b>", "value" => "<i>bar</i>"},
+ %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "<script>bar</script>"},
%{"name" => "link", "value" => "cofe.io"}
]
|> json_response(200)
assert account["fields"] == [
- %{"name" => "<b>foo<b>", "value" => "<i>bar</i>"},
+ %{"name" => "foo", "value" => "bar"},
%{"name" => "link", "value" => "<a href=\"http://cofe.io\">cofe.io</a>"}
]
assert account["source"]["fields"] == [
- %{"name" => "<b>foo<b>", "value" => "<i>bar</i>"},
+ %{
+ "name" => "<a href=\"http://google.com\">foo</a>",
+ "value" => "<script>bar</script>"
+ },
%{"name" => "link", "value" => "cofe.io"}
]
projects / akkoma / commitdiff