forked from mirrors/gotosocial
[chore] improve opengraph descripiton tag (#1550)
This changes parseDescription to properly encode things to be safe for usage without removing things like backslashes that may be relevant. * text.SanitizePlaintext already calls html.UnescapeString so we don't have to do that * Replace \n with space early * Remove duplicate white-space by splitting on fields and joining * HTML-escape the string we have * For extra certainty, encode the backslash as \ Fixes #1549
This commit is contained in:
parent
b6fbdc66c1
commit
074f352709
2 changed files with 54 additions and 4 deletions
|
@ -134,11 +134,11 @@ func parseTitle(account *apimodel.Account, accountDomain string) string {
|
|||
// parseDescription returns a string description which is
|
||||
// safe to use as a template.HTMLAttr inside templates.
|
||||
func parseDescription(in string) string {
|
||||
i := html.UnescapeString(in)
|
||||
i = text.SanitizePlaintext(i)
|
||||
i = strings.ReplaceAll(i, "\"", "'")
|
||||
i = strings.ReplaceAll(i, `\`, "")
|
||||
i := text.SanitizePlaintext(in)
|
||||
i = strings.ReplaceAll(i, "\n", " ")
|
||||
i = strings.Join(strings.Fields(i), " ")
|
||||
i = html.EscapeString(i)
|
||||
i = strings.ReplaceAll(i, `\`, "\")
|
||||
i = trim(i, maxOGDescriptionLength)
|
||||
return `content="` + i + `"`
|
||||
}
|
||||
|
|
50
internal/web/opengraph_test.go
Normal file
50
internal/web/opengraph_test.go
Normal file
|
@ -0,0 +1,50 @@
|
|||
/*
|
||||
GoToSocial
|
||||
Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package web
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/suite"
|
||||
)
|
||||
|
||||
type OpenGraphTestSuite struct {
|
||||
suite.Suite
|
||||
}
|
||||
|
||||
func (suite *OpenGraphTestSuite) TestParseDescription() {
|
||||
tests := []struct {
|
||||
name, in, exp string
|
||||
}{
|
||||
{name: "shellcmd", in: `echo '\e]8;;http://example.com\e\This is a link\e]8;;\e'`, exp: `echo '\e]8;;http://example.com\e\This is a link\e]8;;\e'`},
|
||||
{name: "newlines", in: "test\n\ntest\ntest", exp: "test test test"},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
suite.Run(tt.name, func() {
|
||||
suite.Equal(fmt.Sprintf("content=\"%s\"", tt.exp), parseDescription(tt.in))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestOpenGraphTestSuite(t *testing.T) {
|
||||
suite.Run(t, &OpenGraphTestSuite{})
|
||||
}
|
Loading…
Reference in a new issue