Prepend reblogs' wrapper content with "RT @original_author", (#3013)

so that when a reblog parse fails on another instance, it doesn't
look like a misattributed/stolen text
remotes/1727458204337373841/tmp_refs/heads/signup-info-prompt
Eugen Rochko 2017-05-12 17:46:44 +02:00 committed by GitHub
parent 60f3230a05
commit b5a9c6b3d2
3 changed files with 85 additions and 41 deletions

View File

@ -337,7 +337,7 @@ class AtomSerializer
def serialize_status_attributes(entry, status) def serialize_status_attributes(entry, status)
append_element(entry, 'summary', Formatter.instance.format(status.proper, :spoiler_text, false).to_str, 'xml:lang': status.language, type: 'html') if status.spoiler_text? append_element(entry, 'summary', Formatter.instance.format(status.proper, :spoiler_text, false).to_str, 'xml:lang': status.language, type: 'html') if status.spoiler_text?
append_element(entry, 'content', Formatter.instance.format(status.proper).to_str, type: 'html', 'xml:lang': status.language) append_element(entry, 'content', Formatter.instance.format(status).to_str, type: 'html', 'xml:lang': status.language)
status.mentions.each do |mentioned| status.mentions.each do |mentioned|
append_element(entry, 'link', nil, rel: :mentioned, 'ostatus:object-type': TagManager::TYPES[:person], href: TagManager.instance.uri_for(mentioned.account)) append_element(entry, 'link', nil, rel: :mentioned, 'ostatus:object-type': TagManager::TYPES[:person], href: TagManager.instance.uri_for(mentioned.account))

View File

@ -10,13 +10,24 @@ class Formatter
include ActionView::Helpers::TextHelper include ActionView::Helpers::TextHelper
def format(status, attribute = :text, paragraphize = true) def format(status, attribute = :text, paragraphize = true)
if status.reblog?
prepend_reblog = status.reblog.account.acct
status = status.proper
else
prepend_reblog = false
end
raw_content = status.public_send(attribute) raw_content = status.public_send(attribute)
return '' if raw_content.blank? return '' if raw_content.blank?
return reformat(raw_content) unless status.local? return reformat(raw_content) unless status.local?
linkable_accounts = status.mentions.map(&:account)
linkable_accounts << status.account
html = raw_content html = raw_content
html = encode_and_link_urls(html, status.mentions) html = "RT @#{prepend_reblog} #{html}" if prepend_reblog
html = encode_and_link_urls(html, linkable_accounts)
html = simple_format(html, {}, sanitize: false) if paragraphize html = simple_format(html, {}, sanitize: false) if paragraphize
html = html.delete("\n") html = html.delete("\n")
@ -52,7 +63,7 @@ class Formatter
HTMLEntities.new.encode(html) HTMLEntities.new.encode(html)
end end
def encode_and_link_urls(html, mentions = nil) def encode_and_link_urls(html, accounts = nil)
entities = Extractor.extract_entities_with_indices(html, extract_url_without_protocol: false) entities = Extractor.extract_entities_with_indices(html, extract_url_without_protocol: false)
rewrite(html.dup, entities) do |entity| rewrite(html.dup, entities) do |entity|
@ -61,7 +72,7 @@ class Formatter
elsif entity[:hashtag] elsif entity[:hashtag]
link_to_hashtag(entity) link_to_hashtag(entity)
elsif entity[:screen_name] elsif entity[:screen_name]
link_to_mention(entity, mentions) link_to_mention(entity, accounts)
end end
end end
end end
@ -69,19 +80,21 @@ class Formatter
def rewrite(text, entities) def rewrite(text, entities)
chars = text.to_s.to_char_a chars = text.to_s.to_char_a
# sort by start index # Sort by start index
entities = entities.sort_by do |entity| entities = entities.sort_by do |entity|
indices = entity.respond_to?(:indices) ? entity.indices : entity[:indices] indices = entity.respond_to?(:indices) ? entity.indices : entity[:indices]
indices.first indices.first
end end
result = [] result = []
last_index = entities.reduce(0) do |index, entity| last_index = entities.reduce(0) do |index, entity|
indices = entity.respond_to?(:indices) ? entity.indices : entity[:indices] indices = entity.respond_to?(:indices) ? entity.indices : entity[:indices]
result << encode(chars[index...indices.first].join) result << encode(chars[index...indices.first].join)
result << yield(entity) result << yield(entity)
indices.last indices.last
end end
result << encode(chars[last_index..-1].join) result << encode(chars[last_index..-1].join)
result.flatten.join result.flatten.join
@ -89,26 +102,28 @@ class Formatter
def link_to_url(entity) def link_to_url(entity)
normalized_url = Addressable::URI.parse(entity[:url]).normalize normalized_url = Addressable::URI.parse(entity[:url]).normalize
html_attrs = { html_attrs = { target: '_blank', rel: 'nofollow noopener' }
target: '_blank',
rel: 'nofollow noopener',
}
Twitter::Autolink.send(:link_to_text, entity, link_html(entity[:url]), normalized_url, html_attrs) Twitter::Autolink.send(:link_to_text, entity, link_html(entity[:url]), normalized_url, html_attrs)
rescue Addressable::URI::InvalidURIError rescue Addressable::URI::InvalidURIError
encode(entity[:url]) encode(entity[:url])
end end
def link_to_mention(entity, mentions) def link_to_mention(entity, linkable_accounts)
acct = entity[:screen_name] acct = entity[:screen_name]
return link_to_account(acct) unless mentions
mention = mentions.find { |item| TagManager.instance.same_acct?(item.account.acct, acct) } return link_to_account(acct) unless linkable_accounts
mention ? mention_html(mention.account) : "@#{acct}"
account = linkable_accounts.find { |item| TagManager.instance.same_acct?(item.acct, acct) }
account ? mention_html(account) : "@#{acct}"
end end
def link_to_account(acct) def link_to_account(acct)
username, domain = acct.split('@') username, domain = acct.split('@')
domain = nil if TagManager.instance.local_domain?(domain)
domain = nil if TagManager.instance.local_domain?(domain)
account = Account.find_remote(username, domain) account = Account.find_remote(username, domain)
account ? mention_html(account) : "@#{acct}" account ? mention_html(account) : "@#{acct}"
end end
@ -117,7 +132,7 @@ class Formatter
end end
def link_html(url) def link_html(url)
url = Addressable::URI.parse(url).display_uri.to_s url = Addressable::URI.parse(url).display_uri.to_s
prefix = url.match(/\Ahttps?:\/\/(www\.)?/).to_s prefix = url.match(/\Ahttps?:\/\/(www\.)?/).to_s
text = url[prefix.length, 30] text = url[prefix.length, 30]
suffix = url[prefix.length + 30..-1] suffix = url[prefix.length + 30..-1]
@ -127,7 +142,7 @@ class Formatter
end end
def hashtag_html(tag) def hashtag_html(tag)
"<a href=\"#{tag_url(tag.downcase)}\" class=\"mention hashtag\">#<span>#{tag}</span></a>" "<a href=\"#{tag_url(tag.downcase)}\" class=\"mention hashtag\" rel=\"tag\">#<span>#{tag}</span></a>"
end end
def mention_html(account) def mention_html(account)

View File

@ -7,38 +7,56 @@ RSpec.describe Formatter do
let(:remote_status) { Fabricate(:status, text: '<script>alert("Hello")</script> Beep boop', uri: 'beepboop', account: account) } let(:remote_status) { Fabricate(:status, text: '<script>alert("Hello")</script> Beep boop', uri: 'beepboop', account: account) }
let(:local_text_with_mention) { "@#{account.username} @#{account.username}@example.com #{local_text}?x=@#{account.username} #hashtag" } let(:local_text_with_mention) { "@#{account.username} @#{account.username}@example.com #{local_text}?x=@#{account.username} #hashtag" }
let(:local_status_with_mention) { Fabricate(:status, text: local_text_with_mention,
account: account, mentions: [Fabricate(:mention, account: account)]) } let(:local_status_with_mention) do
Fabricate(
:status,
text: local_text_with_mention,
account: account,
mentions: [Fabricate(:mention, account: account)]
)
end
describe '#format' do describe '#format' do
subject { Formatter.instance.format(local_status) } subject { Formatter.instance.format(local_status) }
it 'returns a string' do context 'with standalone status' do
expect(subject).to be_a String it 'returns a string' do
expect(subject).to be_a String
end
it 'contains plain text' do
expect(subject).to match('Hello world')
end
it 'contains a link' do
expect(subject).to match('<a href="http://google.com/" rel="nofollow noopener" target="_blank"><span class="invisible">http://</span><span class="">google.com/</span><span class="invisible"></span></a>')
end
it 'contains a mention' do
result = Formatter.instance.format(local_status_with_mention)
expect(result).to match "<a href=\"#{TagManager.instance.url_for(account)}\" class=\"u-url mention\">@<span>#{account.username}</span></a></span>"
expect(result).to match %r{href=\"http://google.com/\?x=@#{account.username}}
expect(result).not_to match "href=\"https://example.com/@#{account.username}"
end
it 'contains a hashtag' do
result = Formatter.instance.format(local_status_with_mention)
expect(result).to match('/tags/hashtag" class="mention hashtag" rel="tag">#<span>hashtag</span></a>')
end
end end
it 'contains plain text' do context 'with reblog' do
expect(subject).to match('Hello world') let(:local_status) { Fabricate(:status, account: account, reblog: Fabricate(:status, text: 'Hello world', account: account)) }
end
it 'contains a link' do it 'contains credit to original author' do
expect(subject).to match('<a href="http://google.com/" rel="nofollow noopener" target="_blank"><span class="invisible">http://</span><span class="">google.com/</span><span class="invisible"></span></a>') expect(subject).to include("RT <span class=\"h-card\"><a href=\"#{TagManager.instance.url_for(account)}\" class=\"u-url mention\">@<span>#{account.username}</span></a></span> Hello world")
end end
it 'contains a mention' do
result = Formatter.instance.format(local_status_with_mention)
expect(result).to match "<a href=\"#{TagManager.instance.url_for(account)}\" class=\"u-url mention\">@<span>#{account.username}</span></a></span>"
expect(result).to match %r{href=\"http://google.com/\?x=@#{account.username}}
expect(result).not_to match "href=\"https://example.com/@#{account.username}"
end
it 'contains a hashtag' do
result = Formatter.instance.format(local_status_with_mention)
expect(result).to match("/tags/hashtag\" class=\"mention hashtag\">#<span>hashtag</span></a>")
end end
context 'matches a stand-alone medium URL' do context 'matches a stand-alone medium URL' do
let(:local_text) { 'https://hackernoon.com/the-power-to-build-communities-a-response-to-mark-zuckerberg-3f2cac9148a4' } let(:local_text) { 'https://hackernoon.com/the-power-to-build-communities-a-response-to-mark-zuckerberg-3f2cac9148a4' }
it 'has valid url' do it 'has valid url' do
expect(subject).to include('href="https://hackernoon.com/the-power-to-build-communities-a-response-to-mark-zuckerberg-3f2cac9148a4"') expect(subject).to include('href="https://hackernoon.com/the-power-to-build-communities-a-response-to-mark-zuckerberg-3f2cac9148a4"')
end end
@ -46,6 +64,7 @@ RSpec.describe Formatter do
context 'matches a stand-alone google URL' do context 'matches a stand-alone google URL' do
let(:local_text) { 'http://google.com' } let(:local_text) { 'http://google.com' }
it 'has valid url' do it 'has valid url' do
expect(subject).to include('href="http://google.com/"') expect(subject).to include('href="http://google.com/"')
end end
@ -53,6 +72,7 @@ RSpec.describe Formatter do
context 'matches a stand-alone IDN URL' do context 'matches a stand-alone IDN URL' do
let(:local_text) { 'https://nic.みんな/' } let(:local_text) { 'https://nic.みんな/' }
it 'has valid url' do it 'has valid url' do
expect(subject).to include('href="https://nic.xn--q9jyb4c/"') expect(subject).to include('href="https://nic.xn--q9jyb4c/"')
end end
@ -64,6 +84,7 @@ RSpec.describe Formatter do
context 'matches a URL without trailing period' do context 'matches a URL without trailing period' do
let(:local_text) { 'http://www.mcmansionhell.com/post/156408871451/50-states-of-mcmansion-hell-scottsdale-arizona. ' } let(:local_text) { 'http://www.mcmansionhell.com/post/156408871451/50-states-of-mcmansion-hell-scottsdale-arizona. ' }
it 'has valid url' do it 'has valid url' do
expect(subject).to include('href="http://www.mcmansionhell.com/post/156408871451/50-states-of-mcmansion-hell-scottsdale-arizona"') expect(subject).to include('href="http://www.mcmansionhell.com/post/156408871451/50-states-of-mcmansion-hell-scottsdale-arizona"')
end end
@ -75,6 +96,7 @@ RSpec.describe Formatter do
context 'matches a URL without exclamation point' do context 'matches a URL without exclamation point' do
let(:local_text) { 'http://www.google.com!' } let(:local_text) { 'http://www.google.com!' }
it 'has valid url' do it 'has valid url' do
expect(subject).to include('href="http://www.google.com/"') expect(subject).to include('href="http://www.google.com/"')
end end
@ -82,6 +104,7 @@ RSpec.describe Formatter do
context 'matches a URL without single quote' do context 'matches a URL without single quote' do
let(:local_text) { "http://www.google.com'" } let(:local_text) { "http://www.google.com'" }
it 'has valid url' do it 'has valid url' do
expect(subject).to include('href="http://www.google.com/"') expect(subject).to include('href="http://www.google.com/"')
end end
@ -89,6 +112,7 @@ RSpec.describe Formatter do
context 'matches a URL without angle brackets' do context 'matches a URL without angle brackets' do
let(:local_text) { 'http://www.google.com>' } let(:local_text) { 'http://www.google.com>' }
it 'has valid url' do it 'has valid url' do
expect(subject).to include('href="http://www.google.com/"') expect(subject).to include('href="http://www.google.com/"')
end end
@ -96,6 +120,7 @@ RSpec.describe Formatter do
context 'matches a URL with a query string' do context 'matches a URL with a query string' do
let(:local_text) { 'https://www.ruby-toolbox.com/search?utf8=%E2%9C%93&q=autolink' } let(:local_text) { 'https://www.ruby-toolbox.com/search?utf8=%E2%9C%93&q=autolink' }
it 'has valid url' do it 'has valid url' do
expect(subject).to include('href="https://www.ruby-toolbox.com/search?utf8=%E2%9C%93&amp;q=autolink"') expect(subject).to include('href="https://www.ruby-toolbox.com/search?utf8=%E2%9C%93&amp;q=autolink"')
end end
@ -103,20 +128,23 @@ RSpec.describe Formatter do
context 'matches a URL with parenthesis in it' do context 'matches a URL with parenthesis in it' do
let(:local_text) { 'https://en.wikipedia.org/wiki/Diaspora_(software)' } let(:local_text) { 'https://en.wikipedia.org/wiki/Diaspora_(software)' }
it 'has valid url' do it 'has valid url' do
expect(subject).to include('href="https://en.wikipedia.org/wiki/Diaspora_(software)"') expect(subject).to include('href="https://en.wikipedia.org/wiki/Diaspora_(software)"')
end end
end end
context 'contains html (script tag)' do context 'contains html (script tag)' do
let(:local_text) { '<script>alert("Hello")</script>' } let(:local_text) { '<script>alert("Hello")</script>' }
it 'has valid url' do
expect(subject).to match '<p>&lt;script&gt;alert(&quot;Hello&quot;)&lt;/script&gt;</p>' it 'has valid url' do
end expect(subject).to match '<p>&lt;script&gt;alert(&quot;Hello&quot;)&lt;/script&gt;</p>'
end
end end
context 'contains html (xss attack)' do context 'contains html (xss attack)' do
let(:local_text) { %q{<img src="javascript:alert('XSS');">} } let(:local_text) { %q{<img src="javascript:alert('XSS');">} }
it 'has valid url' do it 'has valid url' do
expect(subject).to match '<p>&lt;img src=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;</p>' expect(subject).to match '<p>&lt;img src=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;</p>'
end end
@ -124,6 +152,7 @@ RSpec.describe Formatter do
context 'contains invalid URL' do context 'contains invalid URL' do
let(:local_text) { 'http://www\.google\.com' } let(:local_text) { 'http://www\.google\.com' }
it 'has valid url' do it 'has valid url' do
expect(subject).to eq '<p>http://www\.google\.com</p>' expect(subject).to eq '<p>http://www\.google\.com</p>'
end end