diff options
| author | Chocobozzz <me@florianbigard.com> | 2018-01-04 17:50:30 +0100 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2018-01-04 17:50:30 +0100 |
| commit | 2890b615f31ab7d519d8be66b49ff8712df90c51 (patch) | |
| tree | 4ad6bf366416a1cbc4d39bc8b7747f6d985b4d19 /server | |
| parent | c3badc81fe3d78601fb278a7f28eeed63060d300 (diff) | |
| download | PeerTube-2890b615f31ab7d519d8be66b49ff8712df90c51.tar.gz PeerTube-2890b615f31ab7d519d8be66b49ff8712df90c51.tar.zst PeerTube-2890b615f31ab7d519d8be66b49ff8712df90c51.zip | |
Handle HTML is comments
Diffstat (limited to 'server')
| -rw-r--r-- | server/helpers/custom-validators/activitypub/video-comments.ts | 11 | ||||
| -rw-r--r-- | server/lib/activitypub/process/process-delete.ts | 7 |
2 files changed, 4 insertions, 14 deletions
diff --git a/server/helpers/custom-validators/activitypub/video-comments.ts b/server/helpers/custom-validators/activitypub/video-comments.ts index 6928aced3..ce1209035 100644 --- a/server/helpers/custom-validators/activitypub/video-comments.ts +++ b/server/helpers/custom-validators/activitypub/video-comments.ts | |||
| @@ -1,7 +1,6 @@ | |||
| 1 | import * as validator from 'validator' | 1 | import * as validator from 'validator' |
| 2 | import { exists, isDateValid } from '../misc' | 2 | import { exists, isDateValid } from '../misc' |
| 3 | import { isActivityPubUrlValid, isBaseActivityValid } from './misc' | 3 | import { isActivityPubUrlValid, isBaseActivityValid } from './misc' |
| 4 | import * as sanitizeHtml from 'sanitize-html' | ||
| 5 | 4 | ||
| 6 | function isVideoCommentCreateActivityValid (activity: any) { | 5 | function isVideoCommentCreateActivityValid (activity: any) { |
| 7 | return isBaseActivityValid(activity, 'Create') && | 6 | return isBaseActivityValid(activity, 'Create') && |
| @@ -11,7 +10,6 @@ function isVideoCommentCreateActivityValid (activity: any) { | |||
| 11 | function isVideoCommentObjectValid (comment: any) { | 10 | function isVideoCommentObjectValid (comment: any) { |
| 12 | return comment.type === 'Note' && | 11 | return comment.type === 'Note' && |
| 13 | isActivityPubUrlValid(comment.id) && | 12 | isActivityPubUrlValid(comment.id) && |
| 14 | sanitizeCommentHTML(comment) && | ||
| 15 | isCommentContentValid(comment.content) && | 13 | isCommentContentValid(comment.content) && |
| 16 | isActivityPubUrlValid(comment.inReplyTo) && | 14 | isActivityPubUrlValid(comment.inReplyTo) && |
| 17 | isDateValid(comment.published) && | 15 | isDateValid(comment.published) && |
| @@ -31,15 +29,6 @@ export { | |||
| 31 | 29 | ||
| 32 | // --------------------------------------------------------------------------- | 30 | // --------------------------------------------------------------------------- |
| 33 | 31 | ||
| 34 | function sanitizeCommentHTML (comment: any) { | ||
| 35 | return sanitizeHtml(comment.content, { | ||
| 36 | allowedTags: [ 'b', 'i', 'em', 'span', 'a' ], | ||
| 37 | allowedAttributes: { | ||
| 38 | 'a': [ 'href' ] | ||
| 39 | } | ||
| 40 | }) | ||
| 41 | } | ||
| 42 | |||
| 43 | function isCommentContentValid (content: any) { | 32 | function isCommentContentValid (content: any) { |
| 44 | return exists(content) && validator.isLength('' + content, { min: 1 }) | 33 | return exists(content) && validator.isLength('' + content, { min: 1 }) |
| 45 | } | 34 | } |
diff --git a/server/lib/activitypub/process/process-delete.ts b/server/lib/activitypub/process/process-delete.ts index 01751422d..07e6a0075 100644 --- a/server/lib/activitypub/process/process-delete.ts +++ b/server/lib/activitypub/process/process-delete.ts | |||
| @@ -11,8 +11,9 @@ import { getOrCreateActorAndServerAndModel } from '../actor' | |||
| 11 | 11 | ||
| 12 | async function processDeleteActivity (activity: ActivityDelete) { | 12 | async function processDeleteActivity (activity: ActivityDelete) { |
| 13 | const actor = await getOrCreateActorAndServerAndModel(activity.actor) | 13 | const actor = await getOrCreateActorAndServerAndModel(activity.actor) |
| 14 | const objectUrl = typeof activity.object === 'string' ? activity.object : activity.object.id | ||
| 14 | 15 | ||
| 15 | if (actor.url === activity.object) { | 16 | if (actor.url === objectUrl) { |
| 16 | if (actor.type === 'Person') { | 17 | if (actor.type === 'Person') { |
| 17 | if (!actor.Account) throw new Error('Actor ' + actor.url + ' is a person but we cannot find it in database.') | 18 | if (!actor.Account) throw new Error('Actor ' + actor.url + ' is a person but we cannot find it in database.') |
| 18 | 19 | ||
| @@ -25,14 +26,14 @@ async function processDeleteActivity (activity: ActivityDelete) { | |||
| 25 | } | 26 | } |
| 26 | 27 | ||
| 27 | { | 28 | { |
| 28 | const videoCommentInstance = await VideoCommentModel.loadByUrlAndPopulateAccount(activity.object) | 29 | const videoCommentInstance = await VideoCommentModel.loadByUrlAndPopulateAccount(objectUrl) |
| 29 | if (videoCommentInstance) { | 30 | if (videoCommentInstance) { |
| 30 | return processDeleteVideoComment(actor, videoCommentInstance) | 31 | return processDeleteVideoComment(actor, videoCommentInstance) |
| 31 | } | 32 | } |
| 32 | } | 33 | } |
| 33 | 34 | ||
| 34 | { | 35 | { |
| 35 | const videoInstance = await VideoModel.loadByUrlAndPopulateAccount(activity.object) | 36 | const videoInstance = await VideoModel.loadByUrlAndPopulateAccount(objectUrl) |
| 36 | if (videoInstance) { | 37 | if (videoInstance) { |
| 37 | return processDeleteVideo(actor, videoInstance) | 38 | return processDeleteVideo(actor, videoInstance) |
| 38 | } | 39 | } |