Formatter: Use proper escaping for links.

This commit is contained in:
lain 2018-04-21 18:24:45 +02:00
parent 9e6ae44729
commit 0c221943ef
2 changed files with 19 additions and 9 deletions

View file

@ -144,7 +144,7 @@ defmodule Pleroma.Formatter do
@emoji @emoji
end end
@link_regex ~r/https?:\/\/[\w\.\/?=\-#\+%&@~\(\):]+[\w\/]/u @link_regex ~r/https?:\/\/[\w\.\/?=\-#\+%&@~'\(\):]+[\w\/]/u
def html_escape(text) do def html_escape(text) do
Regex.split(@link_regex, text, include_captures: true) Regex.split(@link_regex, text, include_captures: true)
@ -168,7 +168,10 @@ defmodule Pleroma.Formatter do
subs = subs =
subs ++ subs ++
Enum.map(links, fn {uuid, url} -> Enum.map(links, fn {uuid, url} ->
{uuid, "<a href='#{url}'>#{url}</a>"} {:safe, link} = Phoenix.HTML.Link.link(url, to: url)
link = link
|> IO.iodata_to_binary
{uuid, link}
end) end)
{subs, uuid_text} {subs, uuid_text}

View file

@ -23,21 +23,21 @@ defmodule Pleroma.FormatterTest do
text = "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla." text = "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla."
expected = expected =
"Hey, check out <a href='https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla'>https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla</a>." "Hey, check out <a href=\"https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&amp;y=2#blabla\">https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&amp;y=2#blabla</a>."
assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected
text = "https://mastodon.social/@lambadalambda" text = "https://mastodon.social/@lambadalambda"
expected = expected =
"<a href='https://mastodon.social/@lambadalambda'>https://mastodon.social/@lambadalambda</a>" "<a href=\"https://mastodon.social/@lambadalambda\">https://mastodon.social/@lambadalambda</a>"
assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected
text = "https://mastodon.social:4000/@lambadalambda" text = "https://mastodon.social:4000/@lambadalambda"
expected = expected =
"<a href='https://mastodon.social:4000/@lambadalambda'>https://mastodon.social:4000/@lambadalambda</a>" "<a href=\"https://mastodon.social:4000/@lambadalambda\">https://mastodon.social:4000/@lambadalambda</a>"
assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected
@ -47,28 +47,35 @@ defmodule Pleroma.FormatterTest do
assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected
text = "http://www.cs.vu.nl/~ast/intel/" text = "http://www.cs.vu.nl/~ast/intel/"
expected = "<a href='http://www.cs.vu.nl/~ast/intel/'>http://www.cs.vu.nl/~ast/intel/</a>" expected = "<a href=\"http://www.cs.vu.nl/~ast/intel/\">http://www.cs.vu.nl/~ast/intel/</a>"
assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected
text = "https://forum.zdoom.org/viewtopic.php?f=44&t=57087" text = "https://forum.zdoom.org/viewtopic.php?f=44&t=57087"
expected = expected =
"<a href='https://forum.zdoom.org/viewtopic.php?f=44&t=57087'>https://forum.zdoom.org/viewtopic.php?f=44&t=57087</a>" "<a href=\"https://forum.zdoom.org/viewtopic.php?f=44&amp;t=57087\">https://forum.zdoom.org/viewtopic.php?f=44&amp;t=57087</a>"
assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected
text = "https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul" text = "https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul"
expected = expected =
"<a href='https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul'>https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul</a>" "<a href=\"https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul\">https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul</a>"
assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected
text = "https://www.google.co.jp/search?q=Nasim+Aghdam" text = "https://www.google.co.jp/search?q=Nasim+Aghdam"
expected = expected =
"<a href='https://www.google.co.jp/search?q=Nasim+Aghdam'>https://www.google.co.jp/search?q=Nasim+Aghdam</a>" "<a href=\"https://www.google.co.jp/search?q=Nasim+Aghdam\">https://www.google.co.jp/search?q=Nasim+Aghdam</a>"
assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected
text = "https://en.wikipedia.org/wiki/Duff's_device"
expected =
"<a href=\"https://en.wikipedia.org/wiki/Duff&#39;s_device\">https://en.wikipedia.org/wiki/Duff&#39;s_device</a>"
assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected
end end