Merge branch 'bugfix/json-ld-object-sanitization' into 'develop'
JSON-LD: object sanitization See merge request pleroma/pleroma!438
This commit is contained in:
commit
f745e823f0
@ -589,6 +589,8 @@ def prepare_object(object) do
|
||||
|> prepare_attachments
|
||||
|> set_conversation
|
||||
|> set_reply_to_uri
|
||||
|> strip_internal_fields
|
||||
|> strip_internal_tags
|
||||
end
|
||||
|
||||
# @doc
|
||||
@ -755,6 +757,29 @@ def prepare_attachments(object) do
|
||||
|> Map.put("attachment", attachments)
|
||||
end
|
||||
|
||||
defp strip_internal_fields(object) do
|
||||
object
|
||||
|> Map.drop([
|
||||
"likes",
|
||||
"like_count",
|
||||
"announcements",
|
||||
"announcement_count",
|
||||
"emoji",
|
||||
"context_id"
|
||||
])
|
||||
end
|
||||
|
||||
defp strip_internal_tags(%{"tag" => tags} = object) do
|
||||
tags =
|
||||
tags
|
||||
|> Enum.filter(fn x -> is_map(x) end)
|
||||
|
||||
object
|
||||
|> Map.put("tag", tags)
|
||||
end
|
||||
|
||||
defp strip_internal_tags(object), do: object
|
||||
|
||||
defp user_upgrade_task(user) do
|
||||
old_follower_address = User.ap_followers(user)
|
||||
|
||||
|
@ -1,11 +1,23 @@
|
||||
defmodule Pleroma.Web.ActivityPub.ObjectView do
|
||||
use Pleroma.Web, :view
|
||||
alias Pleroma.{Object, Activity}
|
||||
alias Pleroma.Web.ActivityPub.Transmogrifier
|
||||
|
||||
def render("object.json", %{object: object}) do
|
||||
def render("object.json", %{object: %Object{} = object}) do
|
||||
base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header()
|
||||
|
||||
additional = Transmogrifier.prepare_object(object.data)
|
||||
Map.merge(base, additional)
|
||||
end
|
||||
|
||||
def render("object.json", %{object: %Activity{} = activity}) do
|
||||
base = Pleroma.Web.ActivityPub.Utils.make_json_ld_header()
|
||||
object = Object.normalize(activity.data["object"])
|
||||
|
||||
additional =
|
||||
Transmogrifier.prepare_object(activity.data)
|
||||
|> Map.put("object", Transmogrifier.prepare_object(object.data))
|
||||
|
||||
Map.merge(base, additional)
|
||||
end
|
||||
end
|
||||
|
@ -743,6 +743,39 @@ test "it translates ostatus reply_to IDs to external URLs" do
|
||||
|
||||
assert modified["object"]["inReplyTo"] == "http://gs.example.org:4040/index.php/notice/29"
|
||||
end
|
||||
|
||||
test "it strips internal hashtag data" do
|
||||
user = insert(:user)
|
||||
|
||||
{:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu"})
|
||||
|
||||
expected_tag = %{
|
||||
"href" => Pleroma.Web.Endpoint.url() <> "/tags/2hu",
|
||||
"type" => "Hashtag",
|
||||
"name" => "#2hu"
|
||||
}
|
||||
|
||||
{:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
|
||||
|
||||
assert modified["object"]["tag"] == [expected_tag]
|
||||
end
|
||||
|
||||
test "it strips internal fields" do
|
||||
user = insert(:user)
|
||||
|
||||
{:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu :moominmamma:"})
|
||||
|
||||
{:ok, modified} = Transmogrifier.prepare_outgoing(activity.data)
|
||||
|
||||
assert length(modified["object"]["tag"]) == 2
|
||||
|
||||
assert is_nil(modified["object"]["emoji"])
|
||||
assert is_nil(modified["object"]["likes"])
|
||||
assert is_nil(modified["object"]["like_count"])
|
||||
assert is_nil(modified["object"]["announcements"])
|
||||
assert is_nil(modified["object"]["announcement_count"])
|
||||
assert is_nil(modified["object"]["context_id"])
|
||||
end
|
||||
end
|
||||
|
||||
describe "user upgrade" do
|
||||
|
Loading…
Reference in New Issue
Block a user