From e30623316670cfe466caaa6b085f6b76ecda6610 Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Sun, 13 Mar 2022 16:37:45 +0100 Subject: [PATCH] [bugfix] Fix html-escaped characters in content warnings (#426) * test status create with odd CWs * use SanitizeCaption for content warning escaping --- internal/processing/status/create.go | 2 +- internal/processing/status/create_test.go | 103 ++++++++++++++++++++++ 2 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 internal/processing/status/create_test.go diff --git a/internal/processing/status/create.go b/internal/processing/status/create.go index d5e4dd1b7..1a832d5c4 100644 --- a/internal/processing/status/create.go +++ b/internal/processing/status/create.go @@ -51,7 +51,7 @@ func (p *processor) Create(ctx context.Context, account *gtsmodel.Account, appli Local: true, AccountID: account.ID, AccountURI: account.URI, - ContentWarning: text.RemoveHTML(form.SpoilerText), + ContentWarning: text.SanitizeCaption(form.SpoilerText), ActivityStreamsType: ap.ObjectNote, Sensitive: form.Sensitive, Language: form.Language, diff --git a/internal/processing/status/create_test.go b/internal/processing/status/create_test.go new file mode 100644 index 000000000..c92148108 --- /dev/null +++ b/internal/processing/status/create_test.go @@ -0,0 +1,103 @@ +/* + GoToSocial + Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package status_test + +import ( + "context" + "testing" + + "github.com/stretchr/testify/suite" + "github.com/superseriousbusiness/gotosocial/internal/api/model" +) + +type StatusCreateTestSuite struct { + StatusStandardTestSuite +} + +func (suite *StatusCreateTestSuite) TestProcessContentWarningWithQuotationMarks() { + ctx := context.Background() + + creatingAccount := suite.testAccounts["local_account_1"] + creatingApplication := suite.testApplications["application_1"] + + statusCreateForm := &model.AdvancedStatusCreateForm{ + StatusCreateRequest: model.StatusCreateRequest{ + Status: "poopoo peepee", + MediaIDs: []string{}, + Poll: nil, + InReplyToID: "", + Sensitive: false, + SpoilerText: "\"test\"", // these should not be html-escaped when the final text is rendered + Visibility: model.VisibilityPublic, + ScheduledAt: "", + Language: "en", + Format: model.StatusFormatPlain, + }, + AdvancedVisibilityFlagsForm: model.AdvancedVisibilityFlagsForm{ + Federated: nil, + Boostable: nil, + Replyable: nil, + Likeable: nil, + }, + } + + apiStatus, err := suite.status.Create(ctx, creatingAccount, creatingApplication, statusCreateForm) + suite.NoError(err) + suite.NotNil(apiStatus) + + suite.Equal("\"test\"", apiStatus.SpoilerText) +} + +func (suite *StatusCreateTestSuite) TestProcessContentWarningWithHTMLEscapedQuotationMarks() { + ctx := context.Background() + + creatingAccount := suite.testAccounts["local_account_1"] + creatingApplication := suite.testApplications["application_1"] + + statusCreateForm := &model.AdvancedStatusCreateForm{ + StatusCreateRequest: model.StatusCreateRequest{ + Status: "poopoo peepee", + MediaIDs: []string{}, + Poll: nil, + InReplyToID: "", + Sensitive: false, + SpoilerText: ""test"", // the html-escaped quotation marks should appear as normal quotation marks in the finished text + Visibility: model.VisibilityPublic, + ScheduledAt: "", + Language: "en", + Format: model.StatusFormatPlain, + }, + AdvancedVisibilityFlagsForm: model.AdvancedVisibilityFlagsForm{ + Federated: nil, + Boostable: nil, + Replyable: nil, + Likeable: nil, + }, + } + + apiStatus, err := suite.status.Create(ctx, creatingAccount, creatingApplication, statusCreateForm) + suite.NoError(err) + suite.NotNil(apiStatus) + + suite.Equal("\"test\"", apiStatus.SpoilerText) +} + +func TestStatusCreateTestSuite(t *testing.T) { + suite.Run(t, new(StatusCreateTestSuite)) +}