From 44892474c8f873a24a9d7f9209d8160201b3b90a Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 13 Jul 2023 09:39:35 +0100 Subject: [PATCH] Safer display of parameters on person options screen --- blog.py | 2 +- briar.py | 3 ++- cwtch.py | 3 ++- daemon.py | 2 +- donate.py | 7 ++++--- enigma.py | 3 ++- matrix.py | 3 ++- pgp.py | 6 +++--- ssb.py | 3 ++- tox.py | 3 ++- xmpp.py | 3 ++- 11 files changed, 23 insertions(+), 15 deletions(-) diff --git a/blog.py b/blog.py index 85358a644..f9a7fdfa7 100644 --- a/blog.py +++ b/blog.py @@ -951,7 +951,7 @@ def get_blog_address(actor_json: {}) -> str: result = get_actor_property_url(actor_json, 'Blog') if not result: result = get_actor_property_url(actor_json, 'My Blog') - return result + return remove_html(result) def account_has_blog(base_dir: str, nickname: str, domain: str) -> bool: diff --git a/briar.py b/briar.py index 86a1499d2..38be947b7 100644 --- a/briar.py +++ b/briar.py @@ -9,6 +9,7 @@ __module_group__ = "Profile Metadata" from utils import get_attachment_property_value +from utils import remove_html def get_briar_address(actor_json: {}) -> str: @@ -50,7 +51,7 @@ def get_briar_address(actor_json: {}) -> str: continue if '.' in property_value[prop_value_name]: continue - return property_value[prop_value_name] + return remove_html(property_value[prop_value_name]) return '' diff --git a/cwtch.py b/cwtch.py index 1ab390f8d..35e5d6f98 100644 --- a/cwtch.py +++ b/cwtch.py @@ -9,6 +9,7 @@ __module_group__ = "Profile Metadata" import re from utils import get_attachment_property_value +from utils import remove_html def get_cwtch_address(actor_json: {}) -> str: @@ -46,7 +47,7 @@ def get_cwtch_address(actor_json: {}) -> str: continue if '.' in property_value[prop_value_name]: continue - return property_value[prop_value_name] + return remove_html(property_value[prop_value_name]) return '' diff --git a/daemon.py b/daemon.py index 9ea3248e1..4d230f386 100644 --- a/daemon.py +++ b/daemon.py @@ -8958,7 +8958,7 @@ class PubServer(BaseHTTPRequestHandler): pgp_pub_key = get_pgp_pub_key(actor_json) pgp_fingerprint = get_pgp_fingerprint(actor_json) if actor_json.get('alsoKnownAs'): - also_known_as = actor_json['alsoKnownAs'] + also_known_as = remove_html(actor_json['alsoKnownAs']) access_keys = self.server.access_keys nickname = 'instance' diff --git a/donate.py b/donate.py index 1a0e307bc..cfec4d9a6 100644 --- a/donate.py +++ b/donate.py @@ -9,6 +9,7 @@ __module_group__ = "Profile Metadata" from utils import get_attachment_property_value +from utils import remove_html def _get_donation_types() -> []: @@ -54,7 +55,7 @@ def get_donation_url(actor_json: {}) -> str: donate_url = property_value[prop_value_name].split(' str: continue if not property_value['type'].endswith('PropertyValue'): continue - return property_value[prop_value_name] + return remove_html(property_value[prop_value_name]) return '' @@ -111,7 +112,7 @@ def get_gemini_link(actor_json: {}, translate: {}) -> str: continue if not property_value['type'].endswith('PropertyValue'): continue - return property_value[prop_value_name] + return remove_html(property_value[prop_value_name]) return '' diff --git a/enigma.py b/enigma.py index ef60f5af7..7ad34db06 100644 --- a/enigma.py +++ b/enigma.py @@ -9,6 +9,7 @@ __module_group__ = "Profile Metadata" from utils import get_attachment_property_value +from utils import remove_html def get_enigma_pub_key(actor_json: {}) -> str: @@ -34,7 +35,7 @@ def get_enigma_pub_key(actor_json: {}) -> str: continue if not property_value['type'].endswith('PropertyValue'): continue - return property_value[prop_value_name] + return remove_html(property_value[prop_value_name]) return '' diff --git a/matrix.py b/matrix.py index f7c90c815..fbde41cda 100644 --- a/matrix.py +++ b/matrix.py @@ -9,6 +9,7 @@ __module_group__ = "Profile Metadata" from utils import get_attachment_property_value +from utils import remove_html def get_matrix_address(actor_json: {}) -> str: @@ -42,7 +43,7 @@ def get_matrix_address(actor_json: {}) -> str: continue if '"' in property_value[prop_value_name]: continue - return property_value[prop_value_name] + return remove_html(property_value[prop_value_name]) return '' diff --git a/pgp.py b/pgp.py index b324a882b..fed5a7956 100644 --- a/pgp.py +++ b/pgp.py @@ -61,7 +61,7 @@ def get_email_address(actor_json: {}) -> str: continue if '.' not in property_value[prop_value_name]: continue - return property_value[prop_value_name] + return remove_html(property_value[prop_value_name]) return '' @@ -90,7 +90,7 @@ def get_pgp_pub_key(actor_json: {}) -> str: continue if not contains_pgp_public_key(property_value[prop_value_name]): continue - return property_value[prop_value_name] + return remove_html(property_value[prop_value_name]) return '' @@ -119,7 +119,7 @@ def get_pgp_fingerprint(actor_json: {}) -> str: continue if len(property_value[prop_value_name]) < 10: continue - return property_value[prop_value_name] + return remove_html(property_value[prop_value_name]) return '' diff --git a/ssb.py b/ssb.py index 924ea0931..928a495c6 100644 --- a/ssb.py +++ b/ssb.py @@ -9,6 +9,7 @@ __module_group__ = "Profile Metadata" from utils import get_attachment_property_value +from utils import remove_html def get_ssb_address(actor_json: {}) -> str: @@ -46,7 +47,7 @@ def get_ssb_address(actor_json: {}) -> str: continue if ',' in property_value[prop_value_name]: continue - return property_value[prop_value_name] + return remove_html(property_value[prop_value_name]) return '' diff --git a/tox.py b/tox.py index dc5bde1af..fff619257 100644 --- a/tox.py +++ b/tox.py @@ -9,6 +9,7 @@ __module_group__ = "Profile Metadata" from utils import get_attachment_property_value +from utils import remove_html def get_tox_address(actor_json: {}) -> str: @@ -49,7 +50,7 @@ def get_tox_address(actor_json: {}) -> str: continue if '.' in property_value[prop_value_name]: continue - return property_value[prop_value_name] + return remove_html(property_value[prop_value_name]) return '' diff --git a/xmpp.py b/xmpp.py index b51390c73..2ed6635e8 100644 --- a/xmpp.py +++ b/xmpp.py @@ -9,6 +9,7 @@ __module_group__ = "Profile Metadata" from utils import get_attachment_property_value +from utils import remove_html def get_xmpp_address(actor_json: {}) -> str: @@ -44,7 +45,7 @@ def get_xmpp_address(actor_json: {}) -> str: if property_value[prop_value_name].startswith('xmpp://'): property_value[prop_value_name] = \ property_value[prop_value_name].split('xmpp://', 1)[1] - return property_value[prop_value_name] + return remove_html(property_value[prop_value_name]) return ''