indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Remove dangerous markup from remote hashtag posts

merge-requests/30/head
Bob Mottram 2023-01-07 11:19:57 +00:00
parent cf8505c85a
commit 179f4341ee
2 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
conversation.py
View File

@ -179,12 +179,13 @@ def download_conversation_posts(session, http_prefix: str, base_dir: str,
if dangerous_markup(post_json['object'][field_name], False): if dangerous_markup(post_json['object'][field_name], False):
post_json['object'][field_name] = \ post_json['object'][field_name] = \
remove_html(post_json['object'][field_name]) remove_html(post_json['object'][field_name])
if post_json['object'].get(field_name + 'Map'): map_name = field_name + 'Map'
map_dict = post_json['object'][field_name + 'Map'].items() if post_json['object'].get(map_name):
map_dict = post_json['object'][map_name].items()
for lang, content in map_dict: for lang, content in map_dict:
if dangerous_markup(content, False): if dangerous_markup(content, False):
content = remove_html(content) content = remove_html(content)
post_json['object'][field_name + 'Map'][lang] = content post_json['object'][map_name][lang] = content
conversation_view = [post_json] + conversation_view conversation_view = [post_json] + conversation_view
if not post_json['object'].get('inReplyTo'): if not post_json['object'].get('inReplyTo'):

19
webapp_search.py
View File

@ -11,6 +11,8 @@ import os
from shutil import copyfile from shutil import copyfile
import urllib.parse import urllib.parse
from datetime import datetime from datetime import datetime
from utils import dangerous_markup
from utils import remove_html
from utils import remove_id_ending from utils import remove_id_ending
from utils import has_object_dict from utils import has_object_dict
from utils import acct_handle_dir from utils import acct_handle_dir
@ -1191,6 +1193,23 @@ def html_hashtag_search_remote(nickname: str, domain: str, port: int,
if not is_public_post(post_json_object): if not is_public_post(post_json_object):
print('Hashtag post is not public ' + post_id) print('Hashtag post is not public ' + post_id)
continue continue
# remove any dangerous markup
for field_name in ('content', 'summary'):
if post_json_object['object'].get(field_name):
if dangerous_markup(post_json_object['object'][field_name],
False):
post_json_object['object'][field_name] = \
remove_html(post_json_object['object'][field_name])
map_name = field_name + 'Map'
if post_json_object['object'].get(map_name):
map_dict = post_json_object['object'][map_name].items()
for lang, content in map_dict:
if dangerous_markup(content, False):
content = remove_html(content)
post_json_object['object'][map_name][lang] = \
content
show_individual_post_icons = False show_individual_post_icons = False
allow_deletion = False allow_deletion = False
show_repeats = show_individual_post_icons show_repeats = show_individual_post_icons