Unlike concatenating strings, this makes sure everything is escaped. Tests had to be changed because Phoenix.HTML runs attributes through Enum.sort before generation for whatever reason.contrib/munin-healthcheck
@@ -35,9 +35,19 @@ defmodule Pleroma.Formatter do | |||
nickname_text = get_nickname_text(nickname, opts) | |||
link = | |||
~s(<span class="h-card"><a data-user="#{id}" class="u-url mention" href="#{ap_id}" rel="ugc">@<span>#{ | |||
nickname_text | |||
}</span></a></span>) | |||
Phoenix.HTML.Tag.content_tag( | |||
:span, | |||
Phoenix.HTML.Tag.content_tag( | |||
:a, | |||
["@", Phoenix.HTML.Tag.content_tag(:span, nickname_text)], | |||
"data-user": id, | |||
class: "u-url mention", | |||
href: ap_id, | |||
rel: "ugc" | |||
), | |||
class: "h-card" | |||
) | |||
|> Phoenix.HTML.safe_to_string() | |||
{link, %{acc | mentions: MapSet.put(acc.mentions, {"@" <> nickname, user})}} | |||
@@ -49,7 +59,15 @@ defmodule Pleroma.Formatter do | |||
def hashtag_handler("#" <> tag = tag_text, _buffer, _opts, acc) do | |||
tag = String.downcase(tag) | |||
url = "#{Pleroma.Web.base_url()}/tag/#{tag}" | |||
link = ~s(<a class="hashtag" data-tag="#{tag}" href="#{url}" rel="tag ugc">#{tag_text}</a>) | |||
link = | |||
Phoenix.HTML.Tag.content_tag(:a, tag_text, | |||
class: "hashtag", | |||
"data-tag": tag, | |||
href: url, | |||
rel: "tag ugc" | |||
) | |||
|> Phoenix.HTML.safe_to_string() | |||
{link, %{acc | tags: MapSet.put(acc.tags, {tag_text, tag})}} | |||
end | |||
@@ -150,13 +150,13 @@ defmodule Pleroma.FormatterTest do | |||
assert length(mentions) == 3 | |||
expected_text = | |||
~s(<span class="h-card"><a data-user="#{gsimg.id}" class="u-url mention" href="#{ | |||
~s(<span class="h-card"><a class="u-url mention" data-user="#{gsimg.id}" href="#{ | |||
gsimg.ap_id | |||
}" rel="ugc">@<span>gsimg</span></a></span> According to <span class="h-card"><a data-user="#{ | |||
}" rel="ugc">@<span>gsimg</span></a></span> According to <span class="h-card"><a class="u-url mention" data-user="#{ | |||
archaeme.id | |||
}" class="u-url mention" href="#{"https://archeme/@archa_eme_"}" rel="ugc">@<span>archa_eme_</span></a></span>, that is @daggsy. Also hello <span class="h-card"><a data-user="#{ | |||
}" href="#{"https://archeme/@archa_eme_"}" rel="ugc">@<span>archa_eme_</span></a></span>, that is @daggsy. Also hello <span class="h-card"><a class="u-url mention" data-user="#{ | |||
archaeme_remote.id | |||
}" class="u-url mention" href="#{archaeme_remote.ap_id}" rel="ugc">@<span>archaeme</span></a></span>) | |||
}" href="#{archaeme_remote.ap_id}" rel="ugc">@<span>archaeme</span></a></span>) | |||
assert expected_text == text | |||
end | |||
@@ -171,7 +171,7 @@ defmodule Pleroma.FormatterTest do | |||
assert length(mentions) == 1 | |||
expected_text = | |||
~s(<span class="h-card"><a data-user="#{mike.id}" class="u-url mention" href="#{ | |||
~s(<span class="h-card"><a class="u-url mention" data-user="#{mike.id}" href="#{ | |||
mike.ap_id | |||
}" rel="ugc">@<span>mike</span></a></span> test) | |||
@@ -187,7 +187,7 @@ defmodule Pleroma.FormatterTest do | |||
assert length(mentions) == 1 | |||
expected_text = | |||
~s(<span class="h-card"><a data-user="#{o.id}" class="u-url mention" href="#{o.ap_id}" rel="ugc">@<span>o</span></a></span> hi) | |||
~s(<span class="h-card"><a class="u-url mention" data-user="#{o.id}" href="#{o.ap_id}" rel="ugc">@<span>o</span></a></span> hi) | |||
assert expected_text == text | |||
end | |||
@@ -209,17 +209,13 @@ defmodule Pleroma.FormatterTest do | |||
assert mentions == [{"@#{user.nickname}", user}, {"@#{other_user.nickname}", other_user}] | |||
assert expected_text == | |||
~s(<span class="h-card"><a data-user="#{user.id}" class="u-url mention" href="#{ | |||
~s(<span class="h-card"><a class="u-url mention" data-user="#{user.id}" href="#{ | |||
user.ap_id | |||
}" rel="ugc">@<span>#{user.nickname}</span></a></span> <span class="h-card"><a data-user="#{ | |||
}" rel="ugc">@<span>#{user.nickname}</span></a></span> <span class="h-card"><a class="u-url mention" data-user="#{ | |||
other_user.id | |||
}" class="u-url mention" href="#{other_user.ap_id}" rel="ugc">@<span>#{ | |||
other_user.nickname | |||
}</span></a></span> hey dudes i hate <span class="h-card"><a data-user="#{ | |||
}" href="#{other_user.ap_id}" rel="ugc">@<span>#{other_user.nickname}</span></a></span> hey dudes i hate <span class="h-card"><a class="u-url mention" data-user="#{ | |||
third_user.id | |||
}" class="u-url mention" href="#{third_user.ap_id}" rel="ugc">@<span>#{ | |||
third_user.nickname | |||
}</span></a></span>) | |||
}" href="#{third_user.ap_id}" rel="ugc">@<span>#{third_user.nickname}</span></a></span>) | |||
end | |||
test "given the 'safe_mention' option, it will still work without any mention" do | |||
@@ -1404,7 +1404,7 @@ defmodule Pleroma.UserTest do | |||
bio = "A.k.a. @nick@domain.com" | |||
expected_text = | |||
~s(A.k.a. <span class="h-card"><a data-user="#{remote_user.id}" class="u-url mention" href="#{ | |||
~s(A.k.a. <span class="h-card"><a class="u-url mention" data-user="#{remote_user.id}" href="#{ | |||
remote_user.ap_id | |||
}" rel="ugc">@<span>nick@domain.com</span></a></span>) | |||
@@ -159,11 +159,11 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do | |||
{output, _, _} = Utils.format_input(text, "text/markdown") | |||
assert output == | |||
~s(<p><strong>hello world</strong></p><p><em>another <span class="h-card"><a data-user="#{ | |||
~s(<p><strong>hello world</strong></p><p><em>another <span class="h-card"><a class="u-url mention" data-user="#{ | |||
user.id | |||
}" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> and <span class="h-card"><a data-user="#{ | |||
}" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> and <span class="h-card"><a class="u-url mention" data-user="#{ | |||
user.id | |||
}" class="u-url mention" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> <a href="http://google.com" rel="ugc">google.com</a> paragraph</em></p>) | |||
}" href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> <a href="http://google.com" rel="ugc">google.com</a> paragraph</em></p>) | |||
end | |||
end | |||
@@ -82,9 +82,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do | |||
assert user_data = json_response(conn, 200) | |||
assert user_data["note"] == | |||
~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a data-user="#{ | |||
~s(I drink <a class="hashtag" data-tag="cofe" href="http://localhost:4001/tag/cofe">#cofe</a> with <span class="h-card"><a class="u-url mention" data-user="#{ | |||
user2.id | |||
}" class="u-url mention" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..) | |||
}" href="#{user2.ap_id}" rel="ugc">@<span>#{user2.nickname}</span></a></span><br/><br/>suya..) | |||
end | |||
test "updates the user's locking status", %{conn: conn} do | |||
@@ -26,7 +26,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do | |||
|> get("/api/v1/notifications") | |||
expected_response = | |||
"hi <span class=\"h-card\"><a data-user=\"#{user.id}\" class=\"u-url mention\" href=\"#{ | |||
"hi <span class=\"h-card\"><a class=\"u-url mention\" data-user=\"#{user.id}\" href=\"#{ | |||
user.ap_id | |||
}\" rel=\"ugc\">@<span>#{user.nickname}</span></a></span>" | |||
@@ -45,7 +45,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationControllerTest do | |||
conn = get(conn, "/api/v1/notifications/#{notification.id}") | |||
expected_response = | |||
"hi <span class=\"h-card\"><a data-user=\"#{user.id}\" class=\"u-url mention\" href=\"#{ | |||
"hi <span class=\"h-card\"><a class=\"u-url mention\" data-user=\"#{user.id}\" href=\"#{ | |||
user.ap_id | |||
}\" rel=\"ugc\">@<span>#{user.nickname}</span></a></span>" | |||
@@ -109,7 +109,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do | |||
{:ok, user2} = TwitterAPI.register_user(data2) | |||
expected_text = | |||
~s(<span class="h-card"><a data-user="#{user1.id}" class="u-url mention" href="#{ | |||
~s(<span class="h-card"><a class="u-url mention" data-user="#{user1.id}" href="#{ | |||
user1.ap_id | |||
}" rel="ugc">@<span>john</span></a></span> test) | |||