From ad4c91830f0e1bba42a46914363c221e5d7d5b7f Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 21 Apr 2018 18:24:45 +0200 Subject: [PATCH] Formatter: Use proper escaping for links. --- lib/pleroma/formatter.ex | 7 +++++-- test/formatter_test.exs | 21 ++++++++++++++------- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index 515909af1..a708a275e 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -144,7 +144,7 @@ defmodule Pleroma.Formatter do @emoji end - @link_regex ~r/https?:\/\/[\w\.\/?=\-#\+%&@~\(\):]+[\w\/]/u + @link_regex ~r/https?:\/\/[\w\.\/?=\-#\+%&@~'\(\):]+[\w\/]/u def html_escape(text) do Regex.split(@link_regex, text, include_captures: true) @@ -168,7 +168,10 @@ defmodule Pleroma.Formatter do subs = subs ++ Enum.map(links, fn {uuid, url} -> - {uuid, "#{url}"} + {:safe, link} = Phoenix.HTML.Link.link(url, to: url) + link = link + |> IO.iodata_to_binary + {uuid, link} end) {subs, uuid_text} diff --git a/test/formatter_test.exs b/test/formatter_test.exs index 4c65b26f2..2cf1f3f8e 100644 --- a/test/formatter_test.exs +++ b/test/formatter_test.exs @@ -23,21 +23,21 @@ defmodule Pleroma.FormatterTest do text = "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla." expected = - "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla." + "Hey, check out https://www.youtube.com/watch?v=8Zg1-TufF%20zY?x=1&y=2#blabla." assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected text = "https://mastodon.social/@lambadalambda" expected = - "https://mastodon.social/@lambadalambda" + "https://mastodon.social/@lambadalambda" assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected text = "https://mastodon.social:4000/@lambadalambda" expected = - "https://mastodon.social:4000/@lambadalambda" + "https://mastodon.social:4000/@lambadalambda" assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected @@ -47,28 +47,35 @@ defmodule Pleroma.FormatterTest do assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected text = "http://www.cs.vu.nl/~ast/intel/" - expected = "http://www.cs.vu.nl/~ast/intel/" + expected = "http://www.cs.vu.nl/~ast/intel/" assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected text = "https://forum.zdoom.org/viewtopic.php?f=44&t=57087" expected = - "https://forum.zdoom.org/viewtopic.php?f=44&t=57087" + "https://forum.zdoom.org/viewtopic.php?f=44&t=57087" assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected text = "https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul" expected = - "https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul" + "https://en.wikipedia.org/wiki/Sophia_(Gnosticism)#Mythos_of_the_soul" assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected text = "https://www.google.co.jp/search?q=Nasim+Aghdam" expected = - "https://www.google.co.jp/search?q=Nasim+Aghdam" + "https://www.google.co.jp/search?q=Nasim+Aghdam" + + assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected + + text = "https://en.wikipedia.org/wiki/Duff's_device" + + expected = + "https://en.wikipedia.org/wiki/Duff's_device" assert Formatter.add_links({[], text}) |> Formatter.finalize() == expected end