Prepend reblogs' wrapper content with "RT @original_author", (#3013)

so that when a reblog parse fails on another instance, it doesn't
look like a misattributed/stolen text
remotes/1727458204337373841/tmp_refs/heads/signup-info-prompt
Eugen Rochko 2017-05-12 17:46:44 +02:00 committed by GitHub
parent 60f3230a05
commit b5a9c6b3d2
3 changed files with 85 additions and 41 deletions

View File

@ -337,7 +337,7 @@ class AtomSerializer
def serialize_status_attributes(entry, status)
append_element(entry, 'summary', Formatter.instance.format(status.proper, :spoiler_text, false).to_str, 'xml:lang': status.language, type: 'html') if status.spoiler_text?
append_element(entry, 'content', Formatter.instance.format(status.proper).to_str, type: 'html', 'xml:lang': status.language)
append_element(entry, 'content', Formatter.instance.format(status).to_str, type: 'html', 'xml:lang': status.language)
status.mentions.each do |mentioned|
append_element(entry, 'link', nil, rel: :mentioned, 'ostatus:object-type': TagManager::TYPES[:person], href: TagManager.instance.uri_for(mentioned.account))

View File

@ -10,13 +10,24 @@ class Formatter
include ActionView::Helpers::TextHelper
def format(status, attribute = :text, paragraphize = true)
if status.reblog?
prepend_reblog = status.reblog.account.acct
status = status.proper
else
prepend_reblog = false
end
raw_content = status.public_send(attribute)
return '' if raw_content.blank?
return reformat(raw_content) unless status.local?
linkable_accounts = status.mentions.map(&:account)
linkable_accounts << status.account
html = raw_content
html = encode_and_link_urls(html, status.mentions)
html = "RT @#{prepend_reblog} #{html}" if prepend_reblog
html = encode_and_link_urls(html, linkable_accounts)
html = simple_format(html, {}, sanitize: false) if paragraphize
html = html.delete("\n")
@ -52,7 +63,7 @@ class Formatter
HTMLEntities.new.encode(html)
end
def encode_and_link_urls(html, mentions = nil)
def encode_and_link_urls(html, accounts = nil)
entities = Extractor.extract_entities_with_indices(html, extract_url_without_protocol: false)
rewrite(html.dup, entities) do |entity|
@ -61,7 +72,7 @@ class Formatter
elsif entity[:hashtag]
link_to_hashtag(entity)
elsif entity[:screen_name]
link_to_mention(entity, mentions)
link_to_mention(entity, accounts)
end
end
end
@ -69,19 +80,21 @@ class Formatter
def rewrite(text, entities)
chars = text.to_s.to_char_a
# sort by start index
# Sort by start index
entities = entities.sort_by do |entity|
indices = entity.respond_to?(:indices) ? entity.indices : entity[:indices]
indices.first
end
result = []
last_index = entities.reduce(0) do |index, entity|
indices = entity.respond_to?(:indices) ? entity.indices : entity[:indices]
result << encode(chars[index...indices.first].join)
result << yield(entity)
indices.last
end
result << encode(chars[last_index..-1].join)
result.flatten.join
@ -89,26 +102,28 @@ class Formatter
def link_to_url(entity)
normalized_url = Addressable::URI.parse(entity[:url]).normalize
html_attrs = {
target: '_blank',
rel: 'nofollow noopener',
}
html_attrs = { target: '_blank', rel: 'nofollow noopener' }
Twitter::Autolink.send(:link_to_text, entity, link_html(entity[:url]), normalized_url, html_attrs)
rescue Addressable::URI::InvalidURIError
encode(entity[:url])
end
def link_to_mention(entity, mentions)
def link_to_mention(entity, linkable_accounts)
acct = entity[:screen_name]
return link_to_account(acct) unless mentions
mention = mentions.find { |item| TagManager.instance.same_acct?(item.account.acct, acct) }
mention ? mention_html(mention.account) : "@#{acct}"
return link_to_account(acct) unless linkable_accounts
account = linkable_accounts.find { |item| TagManager.instance.same_acct?(item.acct, acct) }
account ? mention_html(account) : "@#{acct}"
end
def link_to_account(acct)
username, domain = acct.split('@')
domain = nil if TagManager.instance.local_domain?(domain)
domain = nil if TagManager.instance.local_domain?(domain)
account = Account.find_remote(username, domain)
account ? mention_html(account) : "@#{acct}"
end
@ -117,7 +132,7 @@ class Formatter
end
def link_html(url)
url = Addressable::URI.parse(url).display_uri.to_s
url = Addressable::URI.parse(url).display_uri.to_s
prefix = url.match(/\Ahttps?:\/\/(www\.)?/).to_s
text = url[prefix.length, 30]
suffix = url[prefix.length + 30..-1]
@ -127,7 +142,7 @@ class Formatter
end
def hashtag_html(tag)
"<a href=\"#{tag_url(tag.downcase)}\" class=\"mention hashtag\">#<span>#{tag}</span></a>"
"<a href=\"#{tag_url(tag.downcase)}\" class=\"mention hashtag\" rel=\"tag\">#<span>#{tag}</span></a>"
end
def mention_html(account)

View File

@ -7,38 +7,56 @@ RSpec.describe Formatter do
let(:remote_status) { Fabricate(:status, text: '<script>alert("Hello")</script> Beep boop', uri: 'beepboop', account: account) }
let(:local_text_with_mention) { "@#{account.username} @#{account.username}@example.com #{local_text}?x=@#{account.username} #hashtag" }
let(:local_status_with_mention) { Fabricate(:status, text: local_text_with_mention,
account: account, mentions: [Fabricate(:mention, account: account)]) }
let(:local_status_with_mention) do
Fabricate(
:status,
text: local_text_with_mention,
account: account,
mentions: [Fabricate(:mention, account: account)]
)
end
describe '#format' do
subject { Formatter.instance.format(local_status) }
it 'returns a string' do
expect(subject).to be_a String
context 'with standalone status' do
it 'returns a string' do
expect(subject).to be_a String
end
it 'contains plain text' do
expect(subject).to match('Hello world')
end
it 'contains a link' do
expect(subject).to match('<a href="http://google.com/" rel="nofollow noopener" target="_blank"><span class="invisible">http://</span><span class="">google.com/</span><span class="invisible"></span></a>')
end
it 'contains a mention' do
result = Formatter.instance.format(local_status_with_mention)
expect(result).to match "<a href=\"#{TagManager.instance.url_for(account)}\" class=\"u-url mention\">@<span>#{account.username}</span></a></span>"
expect(result).to match %r{href=\"http://google.com/\?x=@#{account.username}}
expect(result).not_to match "href=\"https://example.com/@#{account.username}"
end
it 'contains a hashtag' do
result = Formatter.instance.format(local_status_with_mention)
expect(result).to match('/tags/hashtag" class="mention hashtag" rel="tag">#<span>hashtag</span></a>')
end
end
it 'contains plain text' do
expect(subject).to match('Hello world')
end
context 'with reblog' do
let(:local_status) { Fabricate(:status, account: account, reblog: Fabricate(:status, text: 'Hello world', account: account)) }
it 'contains a link' do
expect(subject).to match('<a href="http://google.com/" rel="nofollow noopener" target="_blank"><span class="invisible">http://</span><span class="">google.com/</span><span class="invisible"></span></a>')
end
it 'contains a mention' do
result = Formatter.instance.format(local_status_with_mention)
expect(result).to match "<a href=\"#{TagManager.instance.url_for(account)}\" class=\"u-url mention\">@<span>#{account.username}</span></a></span>"
expect(result).to match %r{href=\"http://google.com/\?x=@#{account.username}}
expect(result).not_to match "href=\"https://example.com/@#{account.username}"
end
it 'contains a hashtag' do
result = Formatter.instance.format(local_status_with_mention)
expect(result).to match("/tags/hashtag\" class=\"mention hashtag\">#<span>hashtag</span></a>")
it 'contains credit to original author' do
expect(subject).to include("RT <span class=\"h-card\"><a href=\"#{TagManager.instance.url_for(account)}\" class=\"u-url mention\">@<span>#{account.username}</span></a></span> Hello world")
end
end
context 'matches a stand-alone medium URL' do
let(:local_text) { 'https://hackernoon.com/the-power-to-build-communities-a-response-to-mark-zuckerberg-3f2cac9148a4' }
it 'has valid url' do
expect(subject).to include('href="https://hackernoon.com/the-power-to-build-communities-a-response-to-mark-zuckerberg-3f2cac9148a4"')
end
@ -46,6 +64,7 @@ RSpec.describe Formatter do
context 'matches a stand-alone google URL' do
let(:local_text) { 'http://google.com' }
it 'has valid url' do
expect(subject).to include('href="http://google.com/"')
end
@ -53,6 +72,7 @@ RSpec.describe Formatter do
context 'matches a stand-alone IDN URL' do
let(:local_text) { 'https://nic.みんな/' }
it 'has valid url' do
expect(subject).to include('href="https://nic.xn--q9jyb4c/"')
end
@ -64,6 +84,7 @@ RSpec.describe Formatter do
context 'matches a URL without trailing period' do
let(:local_text) { 'http://www.mcmansionhell.com/post/156408871451/50-states-of-mcmansion-hell-scottsdale-arizona. ' }
it 'has valid url' do
expect(subject).to include('href="http://www.mcmansionhell.com/post/156408871451/50-states-of-mcmansion-hell-scottsdale-arizona"')
end
@ -75,6 +96,7 @@ RSpec.describe Formatter do
context 'matches a URL without exclamation point' do
let(:local_text) { 'http://www.google.com!' }
it 'has valid url' do
expect(subject).to include('href="http://www.google.com/"')
end
@ -82,6 +104,7 @@ RSpec.describe Formatter do
context 'matches a URL without single quote' do
let(:local_text) { "http://www.google.com'" }
it 'has valid url' do
expect(subject).to include('href="http://www.google.com/"')
end
@ -89,6 +112,7 @@ RSpec.describe Formatter do
context 'matches a URL without angle brackets' do
let(:local_text) { 'http://www.google.com>' }
it 'has valid url' do
expect(subject).to include('href="http://www.google.com/"')
end
@ -96,6 +120,7 @@ RSpec.describe Formatter do
context 'matches a URL with a query string' do
let(:local_text) { 'https://www.ruby-toolbox.com/search?utf8=%E2%9C%93&q=autolink' }
it 'has valid url' do
expect(subject).to include('href="https://www.ruby-toolbox.com/search?utf8=%E2%9C%93&amp;q=autolink"')
end
@ -103,20 +128,23 @@ RSpec.describe Formatter do
context 'matches a URL with parenthesis in it' do
let(:local_text) { 'https://en.wikipedia.org/wiki/Diaspora_(software)' }
it 'has valid url' do
expect(subject).to include('href="https://en.wikipedia.org/wiki/Diaspora_(software)"')
end
end
context 'contains html (script tag)' do
let(:local_text) { '<script>alert("Hello")</script>' }
it 'has valid url' do
expect(subject).to match '<p>&lt;script&gt;alert(&quot;Hello&quot;)&lt;/script&gt;</p>'
end
let(:local_text) { '<script>alert("Hello")</script>' }
it 'has valid url' do
expect(subject).to match '<p>&lt;script&gt;alert(&quot;Hello&quot;)&lt;/script&gt;</p>'
end
end
context 'contains html (xss attack)' do
let(:local_text) { %q{<img src="javascript:alert('XSS');">} }
it 'has valid url' do
expect(subject).to match '<p>&lt;img src=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;</p>'
end
@ -124,6 +152,7 @@ RSpec.describe Formatter do
context 'contains invalid URL' do
let(:local_text) { 'http://www\.google\.com' }
it 'has valid url' do
expect(subject).to eq '<p>http://www\.google\.com</p>'
end