forked from indymedia/epicyon
Validate post content
parent
20accfd2f2
commit
4aa56256e8
21
inbox.py
21
inbox.py
|
@ -1096,6 +1096,25 @@ def populateReplies(baseDir :str,httpPrefix :str,domain :str, \
|
|||
repliesFile.close()
|
||||
return True
|
||||
|
||||
def validPostContent(messageJson: {}) -> bool:
|
||||
"""Is the content of a received post valid?
|
||||
"""
|
||||
if not messageJson.get('object'):
|
||||
return True
|
||||
if not isinstance(messageJson['object'], dict):
|
||||
return True
|
||||
if not messageJson['object'].get('content'):
|
||||
return True
|
||||
invalidStrings=['<script>','<style>','</html>','</body>','<br>','<hr>']
|
||||
for badStr in invalidStrings:
|
||||
if badStr in messageJson['object']['content']:
|
||||
if messageJson['object'].get('id'):
|
||||
print('REJECT: '+messageJson['object']['id'])
|
||||
print('REJECT: bad string in post - '+badStr)
|
||||
return False
|
||||
print('ACCEPT: post content is valid')
|
||||
return True
|
||||
|
||||
def inboxAfterCapabilities(session,keyId: str,handle: str,messageJson: {}, \
|
||||
baseDir: str,httpPrefix: str,sendThreads: [], \
|
||||
postLog: [],cachedWebfingers: {},personCache: {}, \
|
||||
|
@ -1184,9 +1203,11 @@ def inboxAfterCapabilities(session,keyId: str,handle: str,messageJson: {}, \
|
|||
return True
|
||||
|
||||
if messageJson.get('postNickname'):
|
||||
if validPostContent(messageJson['post']):
|
||||
with open(destinationFilename, 'w+') as fp:
|
||||
commentjson.dump(messageJson['post'], fp, indent=4, sort_keys=False)
|
||||
else:
|
||||
if validPostContent(messageJson):
|
||||
with open(destinationFilename, 'w+') as fp:
|
||||
commentjson.dump(messageJson, fp, indent=4, sort_keys=False)
|
||||
|
||||
|
|
Loading…
Reference in New Issue