[bugfix] Fix html-escaped characters in content warnings (#426)

* test status create with odd CWs

* use SanitizeCaption for content warning escaping
This commit is contained in:
tobi 2022-03-13 16:37:45 +01:00 committed by GitHub
parent b8879ac68a
commit e306233166
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 104 additions and 1 deletions

View File

@ -51,7 +51,7 @@ func (p *processor) Create(ctx context.Context, account *gtsmodel.Account, appli
Local: true,
AccountID: account.ID,
AccountURI: account.URI,
ContentWarning: text.RemoveHTML(form.SpoilerText),
ContentWarning: text.SanitizeCaption(form.SpoilerText),
ActivityStreamsType: ap.ObjectNote,
Sensitive: form.Sensitive,
Language: form.Language,

View File

@ -0,0 +1,103 @@
/*
GoToSocial
Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package status_test
import (
"context"
"testing"
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/api/model"
)
type StatusCreateTestSuite struct {
StatusStandardTestSuite
}
func (suite *StatusCreateTestSuite) TestProcessContentWarningWithQuotationMarks() {
ctx := context.Background()
creatingAccount := suite.testAccounts["local_account_1"]
creatingApplication := suite.testApplications["application_1"]
statusCreateForm := &model.AdvancedStatusCreateForm{
StatusCreateRequest: model.StatusCreateRequest{
Status: "poopoo peepee",
MediaIDs: []string{},
Poll: nil,
InReplyToID: "",
Sensitive: false,
SpoilerText: "\"test\"", // these should not be html-escaped when the final text is rendered
Visibility: model.VisibilityPublic,
ScheduledAt: "",
Language: "en",
Format: model.StatusFormatPlain,
},
AdvancedVisibilityFlagsForm: model.AdvancedVisibilityFlagsForm{
Federated: nil,
Boostable: nil,
Replyable: nil,
Likeable: nil,
},
}
apiStatus, err := suite.status.Create(ctx, creatingAccount, creatingApplication, statusCreateForm)
suite.NoError(err)
suite.NotNil(apiStatus)
suite.Equal("\"test\"", apiStatus.SpoilerText)
}
func (suite *StatusCreateTestSuite) TestProcessContentWarningWithHTMLEscapedQuotationMarks() {
ctx := context.Background()
creatingAccount := suite.testAccounts["local_account_1"]
creatingApplication := suite.testApplications["application_1"]
statusCreateForm := &model.AdvancedStatusCreateForm{
StatusCreateRequest: model.StatusCreateRequest{
Status: "poopoo peepee",
MediaIDs: []string{},
Poll: nil,
InReplyToID: "",
Sensitive: false,
SpoilerText: "&#34test&#34", // the html-escaped quotation marks should appear as normal quotation marks in the finished text
Visibility: model.VisibilityPublic,
ScheduledAt: "",
Language: "en",
Format: model.StatusFormatPlain,
},
AdvancedVisibilityFlagsForm: model.AdvancedVisibilityFlagsForm{
Federated: nil,
Boostable: nil,
Replyable: nil,
Likeable: nil,
},
}
apiStatus, err := suite.status.Create(ctx, creatingAccount, creatingApplication, statusCreateForm)
suite.NoError(err)
suite.NotNil(apiStatus)
suite.Equal("\"test\"", apiStatus.SpoilerText)
}
func TestStatusCreateTestSuite(t *testing.T) {
suite.Run(t, new(StatusCreateTestSuite))
}