mirror of
https://framagit.org/tykayn/mastodon.git
synced 2023-08-25 08:33:12 +02:00
Remove link rewriting option as it is easily bypassable
This commit is contained in:
parent
76b80a1511
commit
ff0ceb28b3
@ -699,7 +699,7 @@ class Status extends ImmutablePureComponent {
|
|||||||
onExpandedToggle={this.handleExpandedToggle}
|
onExpandedToggle={this.handleExpandedToggle}
|
||||||
parseClick={parseClick}
|
parseClick={parseClick}
|
||||||
disabled={!router}
|
disabled={!router}
|
||||||
linkRewriting={settings.get('link_rewriting')}
|
tagLinks={settings.get('tag_misleading_links')}
|
||||||
/>
|
/>
|
||||||
{!isCollapsed || !(muted || !settings.getIn(['collapsed', 'show_action_bar'])) ? (
|
{!isCollapsed || !(muted || !settings.getIn(['collapsed', 'show_action_bar'])) ? (
|
||||||
<StatusActionBar
|
<StatusActionBar
|
||||||
|
@ -8,31 +8,13 @@ import classnames from 'classnames';
|
|||||||
import { autoPlayGif } from 'flavours/glitch/util/initial_state';
|
import { autoPlayGif } from 'flavours/glitch/util/initial_state';
|
||||||
import { decode as decodeIDNA } from 'flavours/glitch/util/idna';
|
import { decode as decodeIDNA } from 'flavours/glitch/util/idna';
|
||||||
|
|
||||||
// Regex matching what "looks like a link", that is, something that starts with
|
|
||||||
// an optional "http://" or "https://" scheme and then what could look like a
|
|
||||||
// domain main, that is, at least two sequences of characters not including spaces
|
|
||||||
// and separated by "." or an homoglyph. The idea is not to match valid URLs or
|
|
||||||
// domain names, but what could be confused for a valid URL or domain name,
|
|
||||||
// especially to the untrained eye.
|
|
||||||
|
|
||||||
const h_confusables = 'h\u13c2\u1d58d\u1d4f1\u1d691\u0068\uff48\u1d525\u210e\u1d489\u1d629\u0570\u1d4bd\u1d65d\u1d421\u1d5c1\u1d5f5\u04bb\u1d559';
|
|
||||||
const t_confusables = 't\u1d42d\u1d5cd\u1d531\u1d565\u1d4c9\u1d669\u1d4fd\u1d69d\u0074\u1d461\u1d601\u1d495\u1d635\u1d599';
|
|
||||||
const p_confusables = 'p\u0440\u03c1\u1d52d\u1d631\u1d665\u1d429\uff50\u1d6e0\u1d45d\u1d561\u1d595\u1d71a\u1d699\u1d78e\u2ca3\u1d754\u1d6d2\u1d491\u1d7c8\u1d746\u1d4c5\u1d70c\u1d5c9\u0070\u1d780\u03f1\u1d5fd\u2374\u1d7ba\u1d4f9';
|
|
||||||
const s_confusables = 's\u1d530\u118c1\u1d494\u1d634\u1d4c8\u1d668\uabaa\u1d42c\u1d5cc\u1d460\u1d600\ua731\u0073\uff53\u1d564\u0455\u1d598\u1d4fc\u1d69c\u10448\u01bd';
|
|
||||||
const column_confusables = ':\u0903\u0a83\u0703\u1803\u05c3\u0704\u0589\u1809\ua789\u16ec\ufe30\u02d0\u2236\u02f8\u003a\uff1a\u205a\ua4fd';
|
|
||||||
const slash_confusables = '/\u2041\u2f03\u2044\u2cc6\u27cb\u30ce\u002f\u2571\u31d3\u3033\u1735\u2215\u29f8\u1d23a\u4e3f';
|
|
||||||
const dot_confusables = '.\u002e\u0660\u06f0\u0701\u0702\u2024\ua4f8\ua60e\u10a50\u1d16d';
|
|
||||||
|
|
||||||
const linkRegex = new RegExp(`^\\s*(([${h_confusables}][${t_confusables}][${t_confusables}][${p_confusables}][${s_confusables}]?[${column_confusables}][${slash_confusables}][${slash_confusables}]))?[^:/\\n ]+([${dot_confusables}][^:/\\n ]+)+`);
|
|
||||||
|
|
||||||
const textMatchesTarget = (text, origin, host) => {
|
const textMatchesTarget = (text, origin, host) => {
|
||||||
return (text === origin || text === host
|
return (text === origin || text === host
|
||||||
|| text.startsWith(origin + '/') || text.startsWith(host + '/')
|
|| text.startsWith(origin + '/') || text.startsWith(host + '/')
|
||||||
|| 'www.' + text === host || ('www.' + text).startsWith(host + '/'));
|
|| 'www.' + text === host || ('www.' + text).startsWith(host + '/'));
|
||||||
}
|
}
|
||||||
|
|
||||||
// If `checkUrlLike` is true, consider only URL-like link texts to be misleading
|
const isLinkMisleading = (link) => {
|
||||||
const isLinkMisleading = (link, checkUrlLike = true) => {
|
|
||||||
let linkTextParts = [];
|
let linkTextParts = [];
|
||||||
|
|
||||||
// Reconstruct visible text, as we do not have much control over how links
|
// Reconstruct visible text, as we do not have much control over how links
|
||||||
@ -69,12 +51,7 @@ const isLinkMisleading = (link, checkUrlLike = true) => {
|
|||||||
const host = targetURL.host.replace(targetURL.hostname, hostname);
|
const host = targetURL.host.replace(targetURL.hostname, hostname);
|
||||||
const origin = targetURL.origin.replace(targetURL.host, host);
|
const origin = targetURL.origin.replace(targetURL.host, host);
|
||||||
const text = linkText.normalize('NFKC');
|
const text = linkText.normalize('NFKC');
|
||||||
if (textMatchesTarget(text, origin, host) || textMatchesTarget(text.toLowerCase(), origin, host)) {
|
return !(textMatchesTarget(text, origin, host) || textMatchesTarget(text.toLowerCase(), origin, host));
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// If the link text looks like an URL or auto-generated link, it is misleading
|
|
||||||
return !checkUrlLike || linkRegex.test(linkText);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
export default class StatusContent extends React.PureComponent {
|
export default class StatusContent extends React.PureComponent {
|
||||||
@ -89,11 +66,11 @@ export default class StatusContent extends React.PureComponent {
|
|||||||
parseClick: PropTypes.func,
|
parseClick: PropTypes.func,
|
||||||
disabled: PropTypes.bool,
|
disabled: PropTypes.bool,
|
||||||
onUpdate: PropTypes.func,
|
onUpdate: PropTypes.func,
|
||||||
linkRewriting: PropTypes.string,
|
tagLinks: PropTypes.bool,
|
||||||
};
|
};
|
||||||
|
|
||||||
static defaultProps = {
|
static defaultProps = {
|
||||||
linkRewriting: 'tag',
|
tagLinks: true,
|
||||||
};
|
};
|
||||||
|
|
||||||
state = {
|
state = {
|
||||||
@ -102,7 +79,7 @@ export default class StatusContent extends React.PureComponent {
|
|||||||
|
|
||||||
_updateStatusLinks () {
|
_updateStatusLinks () {
|
||||||
const node = this.contentsNode;
|
const node = this.contentsNode;
|
||||||
const { linkRewriting } = this.props;
|
const { tagLinks } = this.props;
|
||||||
|
|
||||||
if (!node) {
|
if (!node) {
|
||||||
return;
|
return;
|
||||||
@ -129,35 +106,7 @@ export default class StatusContent extends React.PureComponent {
|
|||||||
link.setAttribute('title', link.href);
|
link.setAttribute('title', link.href);
|
||||||
link.classList.add('unhandled-link');
|
link.classList.add('unhandled-link');
|
||||||
|
|
||||||
if (linkRewriting === 'rewrite' && isLinkMisleading(link)) {
|
if (tagLinks && isLinkMisleading(link)) {
|
||||||
// Rewrite misleading links entirely
|
|
||||||
|
|
||||||
while (link.firstChild) {
|
|
||||||
link.removeChild(link.firstChild);
|
|
||||||
}
|
|
||||||
|
|
||||||
const prefix = (link.href.match(/https?:\/\/(www\.)?/) || [''])[0];
|
|
||||||
const text = link.href.substr(prefix.length, 30);
|
|
||||||
const suffix = link.href.substr(prefix.length + 30);
|
|
||||||
const cutoff = !!suffix;
|
|
||||||
|
|
||||||
const prefixTag = document.createElement('span');
|
|
||||||
prefixTag.classList.add('invisible');
|
|
||||||
prefixTag.textContent = prefix;
|
|
||||||
link.appendChild(prefixTag);
|
|
||||||
|
|
||||||
const textTag = document.createElement('span');
|
|
||||||
if (cutoff) {
|
|
||||||
textTag.classList.add('ellipsis');
|
|
||||||
}
|
|
||||||
textTag.textContent = text;
|
|
||||||
link.appendChild(textTag);
|
|
||||||
|
|
||||||
const suffixTag = document.createElement('span');
|
|
||||||
suffixTag.classList.add('invisible');
|
|
||||||
suffixTag.textContent = suffix;
|
|
||||||
link.appendChild(suffixTag);
|
|
||||||
} else if (linkRewriting === 'tag' && isLinkMisleading(link, false)) {
|
|
||||||
// Add a tag besides the link to display its origin
|
// Add a tag besides the link to display its origin
|
||||||
|
|
||||||
const tag = document.createElement('span');
|
const tag = document.createElement('span');
|
||||||
@ -287,7 +236,7 @@ export default class StatusContent extends React.PureComponent {
|
|||||||
mediaIcon,
|
mediaIcon,
|
||||||
parseClick,
|
parseClick,
|
||||||
disabled,
|
disabled,
|
||||||
linkRewriting,
|
tagLinks,
|
||||||
} = this.props;
|
} = this.props;
|
||||||
|
|
||||||
const hidden = this.props.onExpandedToggle ? !this.props.expanded : this.state.hidden;
|
const hidden = this.props.onExpandedToggle ? !this.props.expanded : this.state.hidden;
|
||||||
@ -362,7 +311,7 @@ export default class StatusContent extends React.PureComponent {
|
|||||||
<div className={`status__content__spoiler ${!hidden ? 'status__content__spoiler--visible' : ''}`}>
|
<div className={`status__content__spoiler ${!hidden ? 'status__content__spoiler--visible' : ''}`}>
|
||||||
<div
|
<div
|
||||||
ref={this.setContentsRef}
|
ref={this.setContentsRef}
|
||||||
key={`contents-${linkRewriting}`}
|
key={`contents-${tagLinks}`}
|
||||||
style={directionStyle}
|
style={directionStyle}
|
||||||
tabIndex={!hidden ? 0 : null}
|
tabIndex={!hidden ? 0 : null}
|
||||||
dangerouslySetInnerHTML={content}
|
dangerouslySetInnerHTML={content}
|
||||||
@ -386,7 +335,7 @@ export default class StatusContent extends React.PureComponent {
|
|||||||
>
|
>
|
||||||
<div
|
<div
|
||||||
ref={this.setContentsRef}
|
ref={this.setContentsRef}
|
||||||
key={`contents-${linkRewriting}`}
|
key={`contents-${tagLinks}`}
|
||||||
dangerouslySetInnerHTML={content}
|
dangerouslySetInnerHTML={content}
|
||||||
lang={status.get('language')}
|
lang={status.get('language')}
|
||||||
className='status__content__text'
|
className='status__content__text'
|
||||||
@ -403,7 +352,7 @@ export default class StatusContent extends React.PureComponent {
|
|||||||
tabIndex='0'
|
tabIndex='0'
|
||||||
ref={this.setRef}
|
ref={this.setRef}
|
||||||
>
|
>
|
||||||
<div ref={this.setContentsRef} key={`contents-${linkRewriting}`} className='status__content__text' dangerouslySetInnerHTML={content} lang={status.get('language')} tabIndex='0' />
|
<div ref={this.setContentsRef} key={`contents-${tagLinks}`} className='status__content__text' dangerouslySetInnerHTML={content} lang={status.get('language')} tabIndex='0' />
|
||||||
{media}
|
{media}
|
||||||
</div>
|
</div>
|
||||||
);
|
);
|
||||||
|
@ -25,9 +25,6 @@ const messages = defineMessages({
|
|||||||
filters_upstream: { id: 'settings.filtering_behavior.upstream', defaultMessage: 'Show "filtered" like vanilla Mastodon' },
|
filters_upstream: { id: 'settings.filtering_behavior.upstream', defaultMessage: 'Show "filtered" like vanilla Mastodon' },
|
||||||
filters_hide: { id: 'settings.filtering_behavior.hide', defaultMessage: 'Show "filtered" and add a button to display why' },
|
filters_hide: { id: 'settings.filtering_behavior.hide', defaultMessage: 'Show "filtered" and add a button to display why' },
|
||||||
filters_cw: { id: 'settings.filtering_behavior.cw', defaultMessage: 'Still display the post, and add filtered words to content warning' },
|
filters_cw: { id: 'settings.filtering_behavior.cw', defaultMessage: 'Still display the post, and add filtered words to content warning' },
|
||||||
link_rewriting_none: { id: 'settings.link_rewriting.none', defaultMessage: 'Do not rewrite links' },
|
|
||||||
link_rewriting_rewrite: { id: 'settings.link_rewriting.rewrite', defaultMessage: 'Rewrite links that may be misleading' },
|
|
||||||
link_rewriting_tag: { id: 'settings.link_rewriting.tag', defaultMessage: 'Tag links with their target host unless it is already explicit' },
|
|
||||||
});
|
});
|
||||||
|
|
||||||
@injectIntl
|
@injectIntl
|
||||||
@ -71,16 +68,12 @@ export default class LocalSettingsPage extends React.PureComponent {
|
|||||||
</LocalSettingsPageItem>
|
</LocalSettingsPageItem>
|
||||||
<LocalSettingsPageItem
|
<LocalSettingsPageItem
|
||||||
settings={settings}
|
settings={settings}
|
||||||
item={['link_rewriting']}
|
item={['tag_misleading_links']}
|
||||||
id='mastodon-settings--link_rewriting'
|
id='mastodon-settings--tag_misleading_links'
|
||||||
options={[
|
|
||||||
{ value: 'none', message: intl.formatMessage(messages.link_rewriting_none) },
|
|
||||||
{ value: 'rewrite', message: intl.formatMessage(messages.link_rewriting_rewrite) },
|
|
||||||
{ value: 'tag', message: intl.formatMessage(messages.link_rewriting_tag) },
|
|
||||||
]}
|
|
||||||
onChange={onChange}
|
onChange={onChange}
|
||||||
>
|
>
|
||||||
<FormattedMessage id='settings.link_rewriting' defaultMessage='Link rewriting' />
|
<FormattedMessage id='settings.tag_misleading_links' defaultMessage='Tag misleading links' />
|
||||||
|
<span className='hint'><FormattedMessage id='settings.tag_misleading_links.hint' defaultMessage="Add a visual indication with the link target host to every link not mentioning it explicitly" /></span>
|
||||||
</LocalSettingsPageItem>
|
</LocalSettingsPageItem>
|
||||||
<section>
|
<section>
|
||||||
<h2><FormattedMessage id='settings.notifications_opts' defaultMessage='Notifications options' /></h2>
|
<h2><FormattedMessage id='settings.notifications_opts' defaultMessage='Notifications options' /></h2>
|
||||||
|
@ -241,7 +241,7 @@ export default class DetailedStatus extends ImmutablePureComponent {
|
|||||||
onExpandedToggle={onToggleHidden}
|
onExpandedToggle={onToggleHidden}
|
||||||
parseClick={this.parseClick}
|
parseClick={this.parseClick}
|
||||||
onUpdate={this.handleChildUpdate}
|
onUpdate={this.handleChildUpdate}
|
||||||
linkRewriting={settings.get('link_rewriting')}
|
tagLinks={settings.get('tag_misleading_links')}
|
||||||
disabled
|
disabled
|
||||||
/>
|
/>
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@ const initialState = ImmutableMap({
|
|||||||
hicolor_privacy_icons: false,
|
hicolor_privacy_icons: false,
|
||||||
show_content_type_choice: false,
|
show_content_type_choice: false,
|
||||||
filtering_behavior: 'hide',
|
filtering_behavior: 'hide',
|
||||||
link_rewriting: 'tag',
|
tag_misleading_links: true,
|
||||||
content_warnings : ImmutableMap({
|
content_warnings : ImmutableMap({
|
||||||
auto_unfold : false,
|
auto_unfold : false,
|
||||||
filter : null,
|
filter : null,
|
||||||
|
Loading…
Reference in New Issue
Block a user