diff --git a/conversation.py b/conversation.py index 58b79ac94..c42ef2293 100644 --- a/conversation.py +++ b/conversation.py @@ -14,8 +14,7 @@ from utils import remove_id_ending from utils import text_in_file from utils import locate_post from utils import load_json -from utils import dangerous_markup -from utils import remove_html +from utils import harmless_markup from keys import get_instance_actor_key from session import get_json @@ -173,19 +172,8 @@ def download_conversation_posts(session, http_prefix: str, base_dir: str, if not post_json['object'].get('published'): break - # remove any dangerous markup - for field_name in ('content', 'summary'): - if post_json['object'].get(field_name): - if dangerous_markup(post_json['object'][field_name], False): - post_json['object'][field_name] = \ - remove_html(post_json['object'][field_name]) - map_name = field_name + 'Map' - if post_json['object'].get(map_name): - map_dict = post_json['object'][map_name].items() - for lang, content in map_dict: - if dangerous_markup(content, False): - content = remove_html(content) - post_json['object'][map_name][lang] = content + # render harmless any dangerous markup + harmless_markup(post_json) conversation_view = [post_json] + conversation_view if not post_json['object'].get('inReplyTo'): diff --git a/utils.py b/utils.py index 3b8751a05..7b29e6970 100644 --- a/utils.py +++ b/utils.py @@ -4257,3 +4257,22 @@ def unescaped_text(txt: str) -> str: for orig, replacement in _get_escaped_chars().items(): txt = txt.replace(replacement, orig) return txt + + +def harmless_markup(post_json_object: {}) -> None: + """render harmless any dangerous markup + """ + for field_name in ('content', 'summary'): + if post_json_object['object'].get(field_name): + if dangerous_markup(post_json_object['object'][field_name], + False): + post_json_object['object'][field_name] = \ + remove_html(post_json_object['object'][field_name]) + map_name = field_name + 'Map' + if post_json_object['object'].get(map_name): + map_dict = post_json_object['object'][map_name].items() + for lang, content in map_dict: + if dangerous_markup(content, False): + content = remove_html(content) + post_json_object['object'][map_name][lang] = \ + content diff --git a/webapp_search.py b/webapp_search.py index 35d721e9a..b75cca5ff 100644 --- a/webapp_search.py +++ b/webapp_search.py @@ -11,8 +11,7 @@ import os from shutil import copyfile import urllib.parse from datetime import datetime -from utils import dangerous_markup -from utils import remove_html +from utils import harmless_markup from utils import remove_id_ending from utils import has_object_dict from utils import acct_handle_dir @@ -1194,21 +1193,8 @@ def html_hashtag_search_remote(nickname: str, domain: str, port: int, print('Hashtag post is not public ' + post_id) continue - # remove any dangerous markup - for field_name in ('content', 'summary'): - if post_json_object['object'].get(field_name): - if dangerous_markup(post_json_object['object'][field_name], - False): - post_json_object['object'][field_name] = \ - remove_html(post_json_object['object'][field_name]) - map_name = field_name + 'Map' - if post_json_object['object'].get(map_name): - map_dict = post_json_object['object'][map_name].items() - for lang, content in map_dict: - if dangerous_markup(content, False): - content = remove_html(content) - post_json_object['object'][map_name][lang] = \ - content + # render harmless any dangerous markup + harmless_markup(post_json_object) show_individual_post_icons = False allow_deletion = False