Validate post content

main2
Bob Mottram 2019-09-30 10:43:46 +01:00
parent 20accfd2f2
commit 4aa56256e8
1 changed files with 27 additions and 6 deletions

View File

@ -1096,6 +1096,25 @@ def populateReplies(baseDir :str,httpPrefix :str,domain :str, \
repliesFile.close() repliesFile.close()
return True return True
def validPostContent(messageJson: {}) -> bool:
"""Is the content of a received post valid?
"""
if not messageJson.get('object'):
return True
if not isinstance(messageJson['object'], dict):
return True
if not messageJson['object'].get('content'):
return True
invalidStrings=['<script>','<style>','</html>','</body>','<br>','<hr>']
for badStr in invalidStrings:
if badStr in messageJson['object']['content']:
if messageJson['object'].get('id'):
print('REJECT: '+messageJson['object']['id'])
print('REJECT: bad string in post - '+badStr)
return False
print('ACCEPT: post content is valid')
return True
def inboxAfterCapabilities(session,keyId: str,handle: str,messageJson: {}, \ def inboxAfterCapabilities(session,keyId: str,handle: str,messageJson: {}, \
baseDir: str,httpPrefix: str,sendThreads: [], \ baseDir: str,httpPrefix: str,sendThreads: [], \
postLog: [],cachedWebfingers: {},personCache: {}, \ postLog: [],cachedWebfingers: {},personCache: {}, \
@ -1184,9 +1203,11 @@ def inboxAfterCapabilities(session,keyId: str,handle: str,messageJson: {}, \
return True return True
if messageJson.get('postNickname'): if messageJson.get('postNickname'):
if validPostContent(messageJson['post']):
with open(destinationFilename, 'w+') as fp: with open(destinationFilename, 'w+') as fp:
commentjson.dump(messageJson['post'], fp, indent=4, sort_keys=False) commentjson.dump(messageJson['post'], fp, indent=4, sort_keys=False)
else: else:
if validPostContent(messageJson):
with open(destinationFilename, 'w+') as fp: with open(destinationFilename, 'w+') as fp:
commentjson.dump(messageJson, fp, indent=4, sort_keys=False) commentjson.dump(messageJson, fp, indent=4, sort_keys=False)