fix: sanitize descriptions from resources
Currently resources descriptions are not used anywhere but they are prefilled from source URL preview. Still, doesn't hurt to sanitize these. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
58e50e3c9f
commit
dc6647f5dc
|
@ -8,6 +8,7 @@ defmodule Mobilizon.Federation.ActivityPub.Types.Resources do
|
||||||
alias Mobilizon.Federation.ActivityStream.Convertible
|
alias Mobilizon.Federation.ActivityStream.Convertible
|
||||||
alias Mobilizon.Resources.Resource
|
alias Mobilizon.Resources.Resource
|
||||||
alias Mobilizon.Service.Activity.Resource, as: ResourceActivity
|
alias Mobilizon.Service.Activity.Resource, as: ResourceActivity
|
||||||
|
alias Mobilizon.Service.Formatter.HTML
|
||||||
alias Mobilizon.Service.RichMedia.Parser
|
alias Mobilizon.Service.RichMedia.Parser
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
|
@ -20,21 +21,8 @@ defmodule Mobilizon.Federation.ActivityPub.Types.Resources do
|
||||||
@spec create(map(), map()) ::
|
@spec create(map(), map()) ::
|
||||||
{:ok, Resource.t(), ActivityStream.t()}
|
{:ok, Resource.t(), ActivityStream.t()}
|
||||||
| {:error, Ecto.Changeset.t() | :creator_not_found | :group_not_found}
|
| {:error, Ecto.Changeset.t() | :creator_not_found | :group_not_found}
|
||||||
def create(%{type: type} = args, additional) do
|
def create(args, additional) do
|
||||||
args =
|
args = prepare_args(args)
|
||||||
case type do
|
|
||||||
:folder ->
|
|
||||||
args
|
|
||||||
|
|
||||||
_ ->
|
|
||||||
case Parser.parse(Map.get(args, :resource_url)) do
|
|
||||||
{:ok, metadata} ->
|
|
||||||
Map.put(args, :metadata, metadata)
|
|
||||||
|
|
||||||
_ ->
|
|
||||||
args
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
with {:ok,
|
with {:ok,
|
||||||
%Resource{actor_id: group_id, creator_id: creator_id, parent_id: parent_id} = resource} <-
|
%Resource{actor_id: group_id, creator_id: creator_id, parent_id: parent_id} = resource} <-
|
||||||
|
@ -76,7 +64,7 @@ defmodule Mobilizon.Federation.ActivityPub.Types.Resources do
|
||||||
additional
|
additional
|
||||||
)
|
)
|
||||||
when old_parent_id != parent_id do
|
when old_parent_id != parent_id do
|
||||||
move(old_resource, args, additional)
|
move(old_resource, prepare_args(args), additional)
|
||||||
end
|
end
|
||||||
|
|
||||||
# Simple rename
|
# Simple rename
|
||||||
|
@ -218,4 +206,23 @@ defmodule Mobilizon.Federation.ActivityPub.Types.Resources do
|
||||||
defp parents(old_parent_id, new_parent_id) do
|
defp parents(old_parent_id, new_parent_id) do
|
||||||
{:ok, Resources.get_resource(old_parent_id), Resources.get_resource(new_parent_id)}
|
{:ok, Resources.get_resource(old_parent_id), Resources.get_resource(new_parent_id)}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp prepare_args(%{type: type} = args) do
|
||||||
|
args =
|
||||||
|
case type do
|
||||||
|
:folder ->
|
||||||
|
args
|
||||||
|
|
||||||
|
_ ->
|
||||||
|
case Parser.parse(Map.get(args, :resource_url)) do
|
||||||
|
{:ok, metadata} ->
|
||||||
|
Map.put(args, :metadata, metadata)
|
||||||
|
|
||||||
|
_ ->
|
||||||
|
args
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
Map.update(args, :description, nil, &HTML.strip_tags/1)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue