escape attachment urls on creation.

This commit is contained in:
Roger Braun 2017-08-09 16:55:18 +02:00
parent a32784fe6d
commit 7d34cec58d
2 changed files with 2 additions and 2 deletions

View File

@ -12,7 +12,7 @@ defmodule Pleroma.Web.TwitterAPI.Utils do
def add_attachments(text, attachments) do def add_attachments(text, attachments) do
attachment_text = Enum.map(attachments, fn attachment_text = Enum.map(attachments, fn
(%{"url" => [%{"href" => href} | _]}) -> (%{"url" => [%{"href" => href} | _]}) ->
"<a href=\"#{URI.encode(href)}\" class='attachment'>#{Path.basename(href)}</a>" "<a href=\"#{href}\" class='attachment'>#{Path.basename(href)}</a>"
_ -> "" _ -> ""
end) end)
Enum.join([text | attachment_text], "<br>\n") Enum.join([text | attachment_text], "<br>\n")

View File

@ -9,6 +9,6 @@ defmodule Pleroma.Web.TwitterAPI.UtilsTest do
res = Utils.add_attachments("", [attachment]) res = Utils.add_attachments("", [attachment])
assert res == "<br>\n<a href=\"http://heise.de/i%22m%20a%20boy.png\" class='attachment'>i\"m a boy.png</a>" assert res == "<br>\n<a href=\"http://heise.de/i\"m a boy.png\" class='attachment'>i\"m a boy.png</a>"
end end
end end