fix: sanitize descriptions from resources
Currently resources descriptions are not used anywhere but they are prefilled from source URL preview. Still, doesn't hurt to sanitize these. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
58e50e3c9f
commit
dc6647f5dc
@ -8,6 +8,7 @@ defmodule Mobilizon.Federation.ActivityPub.Types.Resources do
|
||||
alias Mobilizon.Federation.ActivityStream.Convertible
|
||||
alias Mobilizon.Resources.Resource
|
||||
alias Mobilizon.Service.Activity.Resource, as: ResourceActivity
|
||||
alias Mobilizon.Service.Formatter.HTML
|
||||
alias Mobilizon.Service.RichMedia.Parser
|
||||
require Logger
|
||||
|
||||
@ -20,21 +21,8 @@ defmodule Mobilizon.Federation.ActivityPub.Types.Resources do
|
||||
@spec create(map(), map()) ::
|
||||
{:ok, Resource.t(), ActivityStream.t()}
|
||||
| {:error, Ecto.Changeset.t() | :creator_not_found | :group_not_found}
|
||||
def create(%{type: type} = args, additional) do
|
||||
args =
|
||||
case type do
|
||||
:folder ->
|
||||
args
|
||||
|
||||
_ ->
|
||||
case Parser.parse(Map.get(args, :resource_url)) do
|
||||
{:ok, metadata} ->
|
||||
Map.put(args, :metadata, metadata)
|
||||
|
||||
_ ->
|
||||
args
|
||||
end
|
||||
end
|
||||
def create(args, additional) do
|
||||
args = prepare_args(args)
|
||||
|
||||
with {:ok,
|
||||
%Resource{actor_id: group_id, creator_id: creator_id, parent_id: parent_id} = resource} <-
|
||||
@ -76,7 +64,7 @@ defmodule Mobilizon.Federation.ActivityPub.Types.Resources do
|
||||
additional
|
||||
)
|
||||
when old_parent_id != parent_id do
|
||||
move(old_resource, args, additional)
|
||||
move(old_resource, prepare_args(args), additional)
|
||||
end
|
||||
|
||||
# Simple rename
|
||||
@ -218,4 +206,23 @@ defmodule Mobilizon.Federation.ActivityPub.Types.Resources do
|
||||
defp parents(old_parent_id, new_parent_id) do
|
||||
{:ok, Resources.get_resource(old_parent_id), Resources.get_resource(new_parent_id)}
|
||||
end
|
||||
|
||||
defp prepare_args(%{type: type} = args) do
|
||||
args =
|
||||
case type do
|
||||
:folder ->
|
||||
args
|
||||
|
||||
_ ->
|
||||
case Parser.parse(Map.get(args, :resource_url)) do
|
||||
{:ok, metadata} ->
|
||||
Map.put(args, :metadata, metadata)
|
||||
|
||||
_ ->
|
||||
args
|
||||
end
|
||||
end
|
||||
|
||||
Map.update(args, :description, nil, &HTML.strip_tags/1)
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user