escaping summary and other fields in xml templates
This commit is contained in:
parent
db07b538a5
commit
0c68b9ac13
@ -83,7 +83,7 @@ def activity_content(%{"content" => content}) do
|
|||||||
|
|
||||||
def activity_content(_), do: ""
|
def activity_content(_), do: ""
|
||||||
|
|
||||||
def activity_context(activity), do: activity.data["context"]
|
def activity_context(activity), do: escape(activity.data["context"])
|
||||||
|
|
||||||
def attachment_href(attachment) do
|
def attachment_href(attachment) do
|
||||||
attachment["url"]
|
attachment["url"]
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
<link href="<%= activity_context(@activity) %>" rel="ostatus:conversation"/>
|
<link href="<%= activity_context(@activity) %>" rel="ostatus:conversation"/>
|
||||||
|
|
||||||
<%= if @data["summary"] do %>
|
<%= if @data["summary"] do %>
|
||||||
<summary><%= @data["summary"] %></summary>
|
<summary><%= escape(@data["summary"]) %></summary>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<%= if @activity.local do %>
|
<%= if @activity.local do %>
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
<link rel="ostatus:conversation"><%= activity_context(@activity) %></link>
|
<link rel="ostatus:conversation"><%= activity_context(@activity) %></link>
|
||||||
|
|
||||||
<%= if @data["summary"] do %>
|
<%= if @data["summary"] do %>
|
||||||
<description><%= @data["summary"] %></description>
|
<description><%= escape(@data["summary"]) %></description>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<%= if @activity.local do %>
|
<%= if @activity.local do %>
|
||||||
|
@ -12,16 +12,17 @@ defmodule Pleroma.Web.Feed.UserControllerTest do
|
|||||||
alias Pleroma.Object
|
alias Pleroma.Object
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
alias Pleroma.Web.CommonAPI
|
alias Pleroma.Web.CommonAPI
|
||||||
|
alias Pleroma.Web.Feed.FeedView
|
||||||
|
|
||||||
setup do: clear_config([:static_fe, :enabled], false)
|
setup do: clear_config([:static_fe, :enabled], false)
|
||||||
|
|
||||||
describe "feed" do
|
describe "feed" do
|
||||||
setup do: clear_config([:feed])
|
setup do: clear_config([:feed])
|
||||||
|
|
||||||
test "gets an atom feed", %{conn: conn} do
|
setup do
|
||||||
Config.put(
|
Config.put(
|
||||||
[:feed, :post_title],
|
[:feed, :post_title],
|
||||||
%{max_length: 10, omission: "..."}
|
%{max_length: 15, omission: "..."}
|
||||||
)
|
)
|
||||||
|
|
||||||
activity = insert(:note_activity)
|
activity = insert(:note_activity)
|
||||||
@ -29,7 +30,8 @@ test "gets an atom feed", %{conn: conn} do
|
|||||||
note =
|
note =
|
||||||
insert(:note,
|
insert(:note,
|
||||||
data: %{
|
data: %{
|
||||||
"content" => "This is :moominmamma: note ",
|
"content" => "This & this is :moominmamma: note ",
|
||||||
|
"source" => "This & this is :moominmamma: note ",
|
||||||
"attachment" => [
|
"attachment" => [
|
||||||
%{
|
%{
|
||||||
"url" => [
|
"url" => [
|
||||||
@ -37,7 +39,9 @@ test "gets an atom feed", %{conn: conn} do
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"inReplyTo" => activity.data["id"]
|
"inReplyTo" => activity.data["id"],
|
||||||
|
"context" => "2hu & as",
|
||||||
|
"summary" => "2hu & as"
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -48,7 +52,7 @@ test "gets an atom feed", %{conn: conn} do
|
|||||||
insert(:note,
|
insert(:note,
|
||||||
user: user,
|
user: user,
|
||||||
data: %{
|
data: %{
|
||||||
"content" => "42 This is :moominmamma: note ",
|
"content" => "42 & This is :moominmamma: note ",
|
||||||
"inReplyTo" => activity.data["id"]
|
"inReplyTo" => activity.data["id"]
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
@ -56,6 +60,10 @@ test "gets an atom feed", %{conn: conn} do
|
|||||||
note_activity2 = insert(:note_activity, note: note2)
|
note_activity2 = insert(:note_activity, note: note2)
|
||||||
object = Object.normalize(note_activity)
|
object = Object.normalize(note_activity)
|
||||||
|
|
||||||
|
[user: user, object: object, max_id: note_activity2.id]
|
||||||
|
end
|
||||||
|
|
||||||
|
test "gets an atom feed", %{conn: conn, user: user, object: object, max_id: max_id} do
|
||||||
resp =
|
resp =
|
||||||
conn
|
conn
|
||||||
|> put_req_header("accept", "application/atom+xml")
|
|> put_req_header("accept", "application/atom+xml")
|
||||||
@ -67,13 +75,15 @@ test "gets an atom feed", %{conn: conn} do
|
|||||||
|> SweetXml.parse()
|
|> SweetXml.parse()
|
||||||
|> SweetXml.xpath(~x"//entry/title/text()"l)
|
|> SweetXml.xpath(~x"//entry/title/text()"l)
|
||||||
|
|
||||||
assert activity_titles == ['42 This...', 'This is...']
|
assert activity_titles == ['42 & Thi...', 'This & t...']
|
||||||
assert resp =~ object.data["content"]
|
assert resp =~ FeedView.escape(object.data["content"])
|
||||||
|
assert resp =~ FeedView.escape(object.data["summary"])
|
||||||
|
assert resp =~ FeedView.escape(object.data["context"])
|
||||||
|
|
||||||
resp =
|
resp =
|
||||||
conn
|
conn
|
||||||
|> put_req_header("accept", "application/atom+xml")
|
|> put_req_header("accept", "application/atom+xml")
|
||||||
|> get("/users/#{user.nickname}/feed", %{"max_id" => note_activity2.id})
|
|> get("/users/#{user.nickname}/feed", %{"max_id" => max_id})
|
||||||
|> response(200)
|
|> response(200)
|
||||||
|
|
||||||
activity_titles =
|
activity_titles =
|
||||||
@ -81,47 +91,10 @@ test "gets an atom feed", %{conn: conn} do
|
|||||||
|> SweetXml.parse()
|
|> SweetXml.parse()
|
||||||
|> SweetXml.xpath(~x"//entry/title/text()"l)
|
|> SweetXml.xpath(~x"//entry/title/text()"l)
|
||||||
|
|
||||||
assert activity_titles == ['This is...']
|
assert activity_titles == ['This & t...']
|
||||||
end
|
end
|
||||||
|
|
||||||
test "gets a rss feed", %{conn: conn} do
|
test "gets a rss feed", %{conn: conn, user: user, object: object, max_id: max_id} do
|
||||||
Pleroma.Config.put(
|
|
||||||
[:feed, :post_title],
|
|
||||||
%{max_length: 10, omission: "..."}
|
|
||||||
)
|
|
||||||
|
|
||||||
activity = insert(:note_activity)
|
|
||||||
|
|
||||||
note =
|
|
||||||
insert(:note,
|
|
||||||
data: %{
|
|
||||||
"content" => "This is :moominmamma: note ",
|
|
||||||
"attachment" => [
|
|
||||||
%{
|
|
||||||
"url" => [
|
|
||||||
%{"mediaType" => "image/png", "href" => "https://pleroma.gov/image.png"}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"inReplyTo" => activity.data["id"]
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
note_activity = insert(:note_activity, note: note)
|
|
||||||
user = User.get_cached_by_ap_id(note_activity.data["actor"])
|
|
||||||
|
|
||||||
note2 =
|
|
||||||
insert(:note,
|
|
||||||
user: user,
|
|
||||||
data: %{
|
|
||||||
"content" => "42 This is :moominmamma: note ",
|
|
||||||
"inReplyTo" => activity.data["id"]
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
note_activity2 = insert(:note_activity, note: note2)
|
|
||||||
object = Object.normalize(note_activity)
|
|
||||||
|
|
||||||
resp =
|
resp =
|
||||||
conn
|
conn
|
||||||
|> put_req_header("accept", "application/rss+xml")
|
|> put_req_header("accept", "application/rss+xml")
|
||||||
@ -133,13 +106,15 @@ test "gets a rss feed", %{conn: conn} do
|
|||||||
|> SweetXml.parse()
|
|> SweetXml.parse()
|
||||||
|> SweetXml.xpath(~x"//item/title/text()"l)
|
|> SweetXml.xpath(~x"//item/title/text()"l)
|
||||||
|
|
||||||
assert activity_titles == ['42 This...', 'This is...']
|
assert activity_titles == ['42 & Thi...', 'This & t...']
|
||||||
assert resp =~ object.data["content"]
|
assert resp =~ FeedView.escape(object.data["content"])
|
||||||
|
assert resp =~ FeedView.escape(object.data["summary"])
|
||||||
|
assert resp =~ FeedView.escape(object.data["context"])
|
||||||
|
|
||||||
resp =
|
resp =
|
||||||
conn
|
conn
|
||||||
|> put_req_header("accept", "application/rss+xml")
|
|> put_req_header("accept", "application/rss+xml")
|
||||||
|> get("/users/#{user.nickname}/feed.rss", %{"max_id" => note_activity2.id})
|
|> get("/users/#{user.nickname}/feed.rss", %{"max_id" => max_id})
|
||||||
|> response(200)
|
|> response(200)
|
||||||
|
|
||||||
activity_titles =
|
activity_titles =
|
||||||
@ -147,7 +122,7 @@ test "gets a rss feed", %{conn: conn} do
|
|||||||
|> SweetXml.parse()
|
|> SweetXml.parse()
|
||||||
|> SweetXml.xpath(~x"//item/title/text()"l)
|
|> SweetXml.xpath(~x"//item/title/text()"l)
|
||||||
|
|
||||||
assert activity_titles == ['This is...']
|
assert activity_titles == ['This & t...']
|
||||||
end
|
end
|
||||||
|
|
||||||
test "returns 404 for a missing feed", %{conn: conn} do
|
test "returns 404 for a missing feed", %{conn: conn} do
|
||||||
|
Loading…
Reference in New Issue
Block a user