[bugfix] html escape special characters in text instead of totally removing them (#719)

* remove minify dependency * tidy up some tests * remove pre + postformat funcs * rework sanitization + formatting * update tests * add some more markdown tests
2025-06-05 21:59:39 +02:00 · 2022-07-19 15:21:17 +02:00
parent 098dbe6ff4
commit c84384e660
51 changed files with 129 additions and 7419 deletions
--- a/internal/text/plain.go
+++ b/internal/text/plain.go
@@ -20,6 +20,7 @@ package text

 import (
 	"context"
+	"html"
 	"strings"

 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
@@ -32,10 +33,11 @@ var breakReplacer = strings.NewReplacer(
 )

 func (f *formatter) FromPlain(ctx context.Context, plain string, mentions []*gtsmodel.Mention, tags []*gtsmodel.Tag) string {
-	content := preformat(plain)
+	// trim any crap
+	content := strings.TrimSpace(plain)

-	// sanitize any html elements
-	content = removeHTML(content)
+	// clean 'er up
+	content = html.EscapeString(content)

 	// format links nicely
 	content = f.ReplaceLinks(ctx, content)
@@ -52,5 +54,5 @@ func (f *formatter) FromPlain(ctx context.Context, plain string, mentions []*gts
 	// wrap the whole thing in a pee
 	content = `<p>` + content + `</p>`

-	return postformat(content)
+	return SanitizeHTML(content)
 }