[bugfix] html escape special characters in text instead of totally removing them (#719)

* remove minify dependency

* tidy up some tests

* remove pre + postformat funcs

* rework sanitization + formatting

* update tests

* add some more markdown tests
This commit is contained in:
tobi
2022-07-19 15:21:17 +02:00
committed by GitHub
parent 098dbe6ff4
commit c84384e660
51 changed files with 129 additions and 7419 deletions

View File

@@ -20,6 +20,7 @@ package text
import (
"context"
"html"
"strings"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
@@ -32,10 +33,11 @@ var breakReplacer = strings.NewReplacer(
)
func (f *formatter) FromPlain(ctx context.Context, plain string, mentions []*gtsmodel.Mention, tags []*gtsmodel.Tag) string {
content := preformat(plain)
// trim any crap
content := strings.TrimSpace(plain)
// sanitize any html elements
content = removeHTML(content)
// clean 'er up
content = html.EscapeString(content)
// format links nicely
content = f.ReplaceLinks(ctx, content)
@@ -52,5 +54,5 @@ func (f *formatter) FromPlain(ctx context.Context, plain string, mentions []*gts
// wrap the whole thing in a pee
content = `<p>` + content + `</p>`
return postformat(content)
return SanitizeHTML(content)
}