diff options
| -rw-r--r-- | lib/pleroma/formatter.ex | 4 | ||||
| -rw-r--r-- | lib/pleroma/web/activity_pub/object_validators/audio_video_validator.ex | 2 | ||||
| -rw-r--r-- | lib/pleroma/web/common_api/utils.ex | 2 | ||||
| -rw-r--r-- | priv/scrubbers/default.ex | 2 | ||||
| -rw-r--r-- | test/pleroma/web/common_api/utils_test.exs | 10 | ||||
| -rw-r--r-- | test/pleroma/web/common_api_test.exs | 2 |
6 files changed, 14 insertions, 8 deletions
diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 61906dda6..1be12055f 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -121,6 +121,10 @@ defmodule Pleroma.Formatter do end end + def markdown_to_html(text) do + Earmark.as_html!(text) + end + def html_escape({text, mentions, hashtags}, type) do {html_escape(text, type), mentions, hashtags} end diff --git a/lib/pleroma/web/activity_pub/object_validators/audio_video_validator.ex b/lib/pleroma/web/activity_pub/object_validators/audio_video_validator.ex index eaf94797a..9b38aa4c2 100644 --- a/lib/pleroma/web/activity_pub/object_validators/audio_video_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/audio_video_validator.ex @@ -95,7 +95,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AudioVideoValidator do when is_binary(content) do content = content - |> Earmark.as_html!() + |> Pleroma.Formatter.markdown_to_html() |> Pleroma.HTML.filter_tags() Map.put(data, "content", content) diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index b434a069e..be86009af 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -294,7 +294,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do def format_input(text, "text/markdown", options) do text |> Formatter.mentions_escape(options) - |> Earmark.as_html!() + |> Formatter.markdown_to_html() |> Formatter.linkify(options) |> Formatter.minify("text/html") |> Formatter.html_escape("text/html") diff --git a/priv/scrubbers/default.ex b/priv/scrubbers/default.ex index 0893b17e5..4694a92a5 100644 --- a/priv/scrubbers/default.ex +++ b/priv/scrubbers/default.ex @@ -59,6 +59,8 @@ defmodule Pleroma.HTML.Scrubber.Default do Meta.allow_tag_with_this_attribute_values(:span, "class", ["h-card"]) Meta.allow_tag_with_these_attributes(:span, []) + Meta.allow_tag_with_this_attribute_values(:code, "class", ["inline"]) + @allow_inline_images Pleroma.Config.get([:markup, :allow_inline_images]) if @allow_inline_images do diff --git a/test/pleroma/web/common_api/utils_test.exs b/test/pleroma/web/common_api/utils_test.exs index c6abbbe84..ab6392b1f 100644 --- a/test/pleroma/web/common_api/utils_test.exs +++ b/test/pleroma/web/common_api/utils_test.exs @@ -178,13 +178,13 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do test "raw HTML" do code = ~s[<a href="http://example.org/">OwO</a><!-- what's this?-->] {result, [], []} = Utils.format_input(code, "text/markdown") - assert result == "<p>#{code}</p>" + assert result == ~s[<a href="http://example.org/">OwO</a>] end test "rulers" do code = ~s[before\n\n-----\n\nafter] {result, [], []} = Utils.format_input(code, "text/markdown") - assert result == "<p>before</p><hr /><p>after</p>" + assert result == "<p>before</p><hr/><p>after</p>" end test "blockquote" do @@ -204,7 +204,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do code = ~s[```\nputs "Hello World"\n```] {result, [], []} = Utils.format_input(code, "text/markdown") - assert result == ~s[<pre><code class="">puts "Hello World"</code></pre>] + assert result == ~s[<pre><code>puts "Hello World"</code></pre>] end test "lists" do @@ -227,9 +227,9 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do assert result == ~s[<p><strong>aaaa~</strong></p>] # strikethrough - code = ~s[<del>aaaa~</del>] + code = ~s[~~aaaa~~~] {result, [], []} = Utils.format_input(code, "text/markdown") - assert result == ~s[<p><del>aaaa~</del></p>] + assert result == ~s[<p><del>aaaa</del>~</p>] end end diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs index 585b2c174..c1b1af073 100644 --- a/test/pleroma/web/common_api_test.exs +++ b/test/pleroma/web/common_api_test.exs @@ -558,7 +558,7 @@ defmodule Pleroma.Web.CommonAPITest do object = Object.normalize(activity) - assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')" + assert object.data["content"] == "<p><b>2hu</b></p>" assert object.data["source"] == post end |