forked from indymedia/epicyon
Validate post content
parent
20accfd2f2
commit
4aa56256e8
21
inbox.py
21
inbox.py
|
@ -1096,6 +1096,25 @@ def populateReplies(baseDir :str,httpPrefix :str,domain :str, \
|
||||||
repliesFile.close()
|
repliesFile.close()
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
def validPostContent(messageJson: {}) -> bool:
|
||||||
|
"""Is the content of a received post valid?
|
||||||
|
"""
|
||||||
|
if not messageJson.get('object'):
|
||||||
|
return True
|
||||||
|
if not isinstance(messageJson['object'], dict):
|
||||||
|
return True
|
||||||
|
if not messageJson['object'].get('content'):
|
||||||
|
return True
|
||||||
|
invalidStrings=['<script>','<style>','</html>','</body>','<br>','<hr>']
|
||||||
|
for badStr in invalidStrings:
|
||||||
|
if badStr in messageJson['object']['content']:
|
||||||
|
if messageJson['object'].get('id'):
|
||||||
|
print('REJECT: '+messageJson['object']['id'])
|
||||||
|
print('REJECT: bad string in post - '+badStr)
|
||||||
|
return False
|
||||||
|
print('ACCEPT: post content is valid')
|
||||||
|
return True
|
||||||
|
|
||||||
def inboxAfterCapabilities(session,keyId: str,handle: str,messageJson: {}, \
|
def inboxAfterCapabilities(session,keyId: str,handle: str,messageJson: {}, \
|
||||||
baseDir: str,httpPrefix: str,sendThreads: [], \
|
baseDir: str,httpPrefix: str,sendThreads: [], \
|
||||||
postLog: [],cachedWebfingers: {},personCache: {}, \
|
postLog: [],cachedWebfingers: {},personCache: {}, \
|
||||||
|
@ -1184,9 +1203,11 @@ def inboxAfterCapabilities(session,keyId: str,handle: str,messageJson: {}, \
|
||||||
return True
|
return True
|
||||||
|
|
||||||
if messageJson.get('postNickname'):
|
if messageJson.get('postNickname'):
|
||||||
|
if validPostContent(messageJson['post']):
|
||||||
with open(destinationFilename, 'w+') as fp:
|
with open(destinationFilename, 'w+') as fp:
|
||||||
commentjson.dump(messageJson['post'], fp, indent=4, sort_keys=False)
|
commentjson.dump(messageJson['post'], fp, indent=4, sort_keys=False)
|
||||||
else:
|
else:
|
||||||
|
if validPostContent(messageJson):
|
||||||
with open(destinationFilename, 'w+') as fp:
|
with open(destinationFilename, 'w+') as fp:
|
||||||
commentjson.dump(messageJson, fp, indent=4, sort_keys=False)
|
commentjson.dump(messageJson, fp, indent=4, sort_keys=False)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue