From 103a9f4466986ef57fc4f3f15dea95866bdead3f Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 16 Jun 2019 21:46:36 +0200 Subject: [PATCH] Fix sanitizer making block level elements unreadable (#10836) Fix #10834 --- app/lib/sanitize_config.rb | 15 +++++++++++++++ spec/lib/sanitize_config_spec.rb | 26 ++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 spec/lib/sanitize_config_spec.rb diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb index 1bba4a5a6eb..e82a2a33aa1 100644 --- a/app/lib/sanitize_config.rb +++ b/app/lib/sanitize_config.rb @@ -19,6 +19,20 @@ class Sanitize node['class'] = class_list.join(' ') end + UNSUPPORTED_ELEMENTS_TRANSFORMER = lambda do |env| + return unless %w(h1 h2 h3 h4 h5 h6 blockquote pre ul ol li).include?(env[:node_name]) + + case env[:node_name] + when 'li' + env[:node].traverse do |node| + node.add_next_sibling('
') if node.next_sibling + node.replace(node.children) unless node.text? + end + else + env[:node].name = 'p' + end + end + MASTODON_STRICT ||= freeze_config( elements: %w(p br span a), @@ -40,6 +54,7 @@ class Sanitize transformers: [ CLASS_WHITELIST_TRANSFORMER, + UNSUPPORTED_ELEMENTS_TRANSFORMER, ] ) diff --git a/spec/lib/sanitize_config_spec.rb b/spec/lib/sanitize_config_spec.rb new file mode 100644 index 00000000000..bb3cf6f0b23 --- /dev/null +++ b/spec/lib/sanitize_config_spec.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +require 'rails_helper' +require Rails.root.join('app', 'lib', 'sanitize_config.rb') + +describe Sanitize::Config do + describe '::MASTODON_STRICT' do + subject { Sanitize::Config::MASTODON_STRICT } + + it 'converts h1 to p' do + expect(Sanitize.fragment('

Foo

', subject)).to eq '

Foo

' + end + + it 'converts ul to p' do + expect(Sanitize.fragment('

Check out:

', subject)).to eq '

Check out:

Foo
Bar

' + end + + it 'converts p inside ul' do + expect(Sanitize.fragment('', subject)).to eq '

Foo
Bar
Baz

' + end + + it 'converts ul inside ul' do + expect(Sanitize.fragment('', subject)).to eq '

Foo
Bar
Baz

' + end + end +end