[bugfix] Fix HTML escaping in instance title (#607)

* move caption sanitization -> sanitize.go * use sanitizeplaintext rather than removehtml * rename sanitizecaption to sanitizeplaintext * avoid removing html twice from statuses * unexport remoteHTML it's no longer used outside the text package so this makes it less confusing * test instance PATCH
2025-06-05 21:59:39 +02:00 · 2022-05-26 11:37:13 +02:00
parent f848aaa81f
commit 5668ce1ec7
15 changed files with 381 additions and 151 deletions
--- a/internal/processing/account/create.go
+++ b/internal/processing/account/create.go
@@ -64,7 +64,7 @@ func (p *processor) Create(ctx context.Context, applicationToken oauth2.TokenInf
 	}

 	l.Trace("creating new username and account")
-	user, err := p.db.NewSignup(ctx, form.Username, text.RemoveHTML(reason), approvalRequired, form.Email, form.Password, form.IP, form.Locale, application.ID, false, false)
+	user, err := p.db.NewSignup(ctx, form.Username, text.SanitizePlaintext(reason), approvalRequired, form.Email, form.Password, form.IP, form.Locale, application.ID, false, false)
 	if err != nil {
 		return nil, fmt.Errorf("error creating new signup in the database: %s", err)
 	}
--- a/internal/processing/account/update.go
+++ b/internal/processing/account/update.go
@@ -53,7 +53,7 @@ func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, form
 		if err := validate.DisplayName(*form.DisplayName); err != nil {
 			return nil, err
 		}
-		account.DisplayName = text.RemoveHTML(*form.DisplayName)
+		account.DisplayName = text.SanitizePlaintext(*form.DisplayName)
 	}

 	if form.Note != nil {
--- a/internal/processing/admin/createdomainblock.go
+++ b/internal/processing/admin/createdomainblock.go
@@ -59,8 +59,8 @@ func (p *processor) DomainBlockCreate(ctx context.Context, account *gtsmodel.Acc
 			ID:                 blockID,
 			Domain:             domain,
 			CreatedByAccountID: account.ID,
-			PrivateComment:     text.RemoveHTML(privateComment),
-			PublicComment:      text.RemoveHTML(publicComment),
+			PrivateComment:     text.SanitizePlaintext(privateComment),
+			PublicComment:      text.SanitizePlaintext(publicComment),
 			Obfuscate:          obfuscate,
 			SubscriptionID:     subscriptionID,
 		}
--- a/internal/processing/instance.go
+++ b/internal/processing/instance.go
@@ -65,7 +65,7 @@ func (p *processor) InstancePatch(ctx context.Context, form *apimodel.InstanceSe
 		if err := validate.SiteTitle(*form.Title); err != nil {
 			return nil, gtserror.NewErrorBadRequest(err, fmt.Sprintf("site title invalid: %s", err))
 		}
-		i.Title = text.RemoveHTML(*form.Title) // don't allow html in site title
+		i.Title = text.SanitizePlaintext(*form.Title) // don't allow html in site title
 	}

 	// validate & update site contact account if it's set on the form
--- a/internal/processing/media/update.go
+++ b/internal/processing/media/update.go
@@ -45,7 +45,7 @@ func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, media
 	}

 	if form.Description != nil {
-		attachment.Description = text.SanitizeCaption(*form.Description)
+		attachment.Description = text.SanitizePlaintext(*form.Description)
 		if err := p.db.UpdateByPrimaryKey(ctx, attachment); err != nil {
 			return nil, gtserror.NewErrorInternalError(fmt.Errorf("database error updating description: %s", err))
 		}
--- a/internal/processing/status/create.go
+++ b/internal/processing/status/create.go
@@ -49,7 +49,7 @@ func (p *processor) Create(ctx context.Context, account *gtsmodel.Account, appli
 		Local:                    true,
 		AccountID:                account.ID,
 		AccountURI:               account.URI,
-		ContentWarning:           text.SanitizeCaption(form.SpoilerText),
+		ContentWarning:           text.SanitizePlaintext(form.SpoilerText),
 		ActivityStreamsType:      ap.ObjectNote,
 		Sensitive:                form.Sensitive,
 		Language:                 form.Language,
--- a/internal/processing/status/util.go
+++ b/internal/processing/status/util.go
@@ -27,7 +27,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/text"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )

@@ -269,16 +268,13 @@ func (p *processor) ProcessContent(ctx context.Context, form *apimodel.AdvancedS
 		form.Format = apimodel.StatusFormatDefault
 	}

-	// remove any existing html from the status
-	content := text.RemoveHTML(form.Status)
-
 	// parse content out of the status depending on what format has been submitted
 	var formatted string
 	switch form.Format {
 	case apimodel.StatusFormatPlain:
-		formatted = p.formatter.FromPlain(ctx, content, status.Mentions, status.Tags)
+		formatted = p.formatter.FromPlain(ctx, form.Status, status.Mentions, status.Tags)
 	case apimodel.StatusFormatMarkdown:
-		formatted = p.formatter.FromMarkdown(ctx, content, status.Mentions, status.Tags)
+		formatted = p.formatter.FromMarkdown(ctx, form.Status, status.Mentions, status.Tags)
 	default:
 		return fmt.Errorf("format %s not recognised as a valid status format", form.Format)
 	}